A Beginner's Approach To Windows
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View A Beginner's Approach To Windows as PDF for free.
More details
- Words: 147,036
- Pages: 325
A Beginner’s Approach To
Windows® Riyaz Ahemed Walikar
Page | II
To my loving parents
Page | III
Preface Computers have helped us from the day they were invented. Either in the form of a simple abacus or the Japanese Earth Simulator, they have always played an undeniable role in the development and betterment of mankind. Computers can be considered to be a body and a soul interacting with each other to give our everyday results. The Soul is the computer Operating System and the Body is the hardware. Every computer technically requires an Operating System to function. Windows is the most widely used Operating System on this planet with over 92% of the world‘s computer familiar people having used Windows. Windows has been explained in layman‘s terms in this book, which makes it special. Readers are not required to have a technical background to understand the text. It is advisable for the readers to use the book practically. If possible keep a computer on your side when reading, so that you can actually test an implement what you have read. Chapter 1 deals with common hardware for common home desktops and a brief classification of Operating Systems. The important question of Why Windows has been answered in this chapter along with a brief overview of System BIOS. Chapter 2 deals with File Systems and installing of Windows. Chapter 3 starts of Windows with the Booting and Logon procedures. The Desktop, Start Button and the Taskbar have also been explained here. Chapter 4 explains the Windows shell, Explorer, along with Windows Product Activation. Chapter 5 explores the uses of Control Panel with most of the common applets covered. Chapter 6 & Chapter 7 basically deal with the DOS prompt and batch file programming. Chapter 8 explains the Windows Safe Mode, the best startup option for debugging Windows. Chapter 9 deals with the Windows Registry, the most interesting chapter of all, this chapter gives an in depth analysis of the Windows Registry and how it can be used to customize the looks and performance of Windows. Chapter 10 deals with Windows security, explaining what makes the Administrator‘s account the most dangerous account on your system, working of common viruses and worms, NTFS Security and Windows Network security touching upon the Windows Firewall and Share Security. Chapter 11 is another chapter to tweak your system with several tricks to keep your system running at its best. Chapter 12 is a small chapter on the Windows common Keyboard shortcuts. Chapter 13 teaches you how to deal with common system errors and OS malfunctions so that instead of running to the repair shop you can get your hands wet. Chapter 14 has the Windows journey highlighted through a short description of its predecessors from MSDOS 6.22 to the current surviving edition Windows Vista. The last technical chapter as such is the Jargon Buster, a chapter dedicated to common computer lingua and terms. For the common reader there are challenges at the end of some chapters that are interesting and addictive to sort out. You will be able to complete the challenges only after you read the chapter. For lesser mortals, answers are provided at the end of the book. There are 2 appendices; first giving the standard ASCII table, and the second has a list of Recovery Console. Many useful hints are provided throughout the text as additional tips and aid to the reader. The terms CMOS setup and BIOS setup have been used in the wider context. CMOS stands for Complementary Metal Oxide Semiconductor and BIOS means Basic Input Output System. The CMOS Setup Utility (also the BIOS Setup) can be used to configure the computer‘s boot sequence and processor voltages amongst other things. The BIOS can be reset in cases of errors by removing the battery or by resetting the clear CMOS jumper. Please do not try this at home if you are not well versed with computer hardware.
Page | IV
This book is meant for Home and Office Users. Although designed and written particularly for them, a wider circle of people can gain a sound amount of information. The book is aimed at being friendly with the reader so that the boring task of reading and employing becomes realistic. As mentioned earlier, use the book along with a computer so that you can immediately put into practical use whatever you have just read. As a note of caution the chapters are with reference to Windows XP Home Edition SP 1 (Uniprocessor) when mentioning about Toolbars and Explorer and the like unless explicitly mentioned otherwise. Read ahead and understand the best Operating System on this planet and try to make it better by understanding.
Page | V
Contents Foreword Preface 1. Before beginning……. Hardware that goes in Operating Systems: Classification and Overview Why Windows? Software that goes in System BIOS – A brief overview
2 4 7 7 8
2. Starting from Scratch File Systems Running Windows Setup Installing Windows
12 16 19
3. The Basics POST, Boot Keys and the Boot.ini Windows Logon & Startup The Desktop The Start Button The Taskbar
27 30 35 35 37
4. Explorer & The Windows Interface Windows Product Activation (WPA) The GUI Environment The Right Click Context Menu My Computer %Homepath% & My Documents Recycle Bin Searching for Files File Extensions & Open With Windows Services System Restore and Windows Update The Task Manager
40 42 45 49 52 55 56 58 62 66 71
5. The Control Panel Control Panel & Extensions (*.cpl) Accessibility Options (access.cpl) Add Hardware (hdwwiz.cpl) Add/Remove Programs (appwiz.cpl) Administrative Tools Date & Time (timedate.cpl) Display (desk.cpl) Folder Options Fonts (%systemroot%\fonts\) Internet Options (inetcpl.cpl) Network Connections (ncpa.cpl) Regional and Language Options (intl.cpl) Scheduled Tasks
77 79 81 83 86 88 90 92 94 95 98 100 101
Page | VI
1
11
26
39
76
System (sysdm.cpl) Taskbar & Start Menu Sounds and Audio Devices (mmsys.cpl) User Accounts (nusrmgr.cpl)
103 108 109 111
6. DOS Prompt – The Powerful Cmd.exe The DOS Prompt Console Commands
116 118
7. Batch Files & Scripts Batch Files Passing Arguments FOR Loops & IF Branching Examples
129 135 136 139
8. Windows Safe Mode What is the Safe Mode? Safe Mode & Other Startup Options
143 144
9. The Windows Registry Registration Databases The Registry Editors - Regedit & Regedt32 Hives, Keys and Data Types The .Reg File Registry Tricks & Tweaks The Reg command
150 151 152 154 155 174
10. Securing Windows Security – An overview The Administrator’s Dilemma NTFS Security - The ACL Story Password Policies and the Password Reset Disk Malicious Code and Infections Windows Network Security
182 183 187 193 196 208
11. Windows Tips & Tricks Startup Logon Desktop & Wallpaper Explorer File & Folder Protecting Techniques Eggs & Bugs
216 221 227 230 237 244
12. Keyboard & Program Shortcuts Windows Shortcuts
248
13. Troubleshooting Common Problems The Recovery Console A List of Common problems Windows Errors
253 258 263
14. 'Flavors' of Windows MS-DOS to Windows XP SP2
266
Page | VII
115
128
142
149
181
215
247 252
265
15. Jargon Buster Definitions & Useful Terminology
280
279
16. Answers to Challenges
303
17. Appendix A – The Standard ASCII Table
315
18. Appendix B – List of Recovery Console Commands
317
Page | VIII
A Beginners Approach to Windows
CHAPTER I
Before Beginning…… This chapter will basically give its readers a real idea of the vast advantages that one can avail of by using Operating Systems like Windows. A brief classification of Operating Systems is also included along with Hardware and Software accessories needed to say you have a computer. This chapter is a must for a newbie. Advanced Windows users and system administrators can however skip this chapter. After this chapter the reader should be able to: Understand the common hardware that goes in the making of a home computer Differentiate between operating systems and classify them on the basis of usage and tasks. Understand why Windows is better than most other operating systems Summarize the basic software that constitutes a normal home desktop computer Understand the concept of the system BIOS and Hyper threading.
Note: All information provided in this chapter deals with the BIOS at the very basic level. Any incorrect attempts to change values in the system BIOS manually may lead to inconsequential damage to the system. For complete reference to the values and details of each and every single page of the BIOS, please refer to the motherboard manual provided along with the computer or visit the manufacturer‘s website.
Page | 1
Riyaz Ahemed Walikar
A Beginners Approach to Windows A computer is lifeless without an operating system. A typical computer system has the usual hardware installed that enables it to run. An Operating system communicates between the hardware and the system user. Software is installed to make machine usage more realistic.
I.1: Hardware that goes in A computer consists not just of the monitor, mouse and the keyboard, but several other ‗hidden‘ things that lie entirely concealed inside the big box that stands next to your monitor. This ‗box‘ is called the cabinet (not the CPU). Hardware basically means any physical component of a computer system, including any peripheral device such as Input/Output devices (I/O devices) like keyboard, mouse, modems and printers. The internal connections of all the components are completed by the motherboard which houses many capacitors, resistors and Integrated Circuits including the CPU. Many other devices are connected to the motherboard inside the cabinet. A standard computer has several devices connected but the most simple and important ones are listed below along with a brief description. Audio input device: Any device capable of recording audio or music to your computer. Examples
include Microphones and digital voice recording devices. CD ROM Drive: A device capable of reading Compact Discs (CDs). This device is usually found on
most systems. If it can write data onto CDs than it is called a CD RW Drive. CDs are also of various types; CD – R, CD – RW, DVD – R and DVD – RWs to name a few. All differ from their construction and their ability to store data. Data written onto a CD – R cannot be erased but the same CD can be used for multiple data writing sessions if it is has been originally written as a multisession disc. Whereas CD – RWs act as huge ―floppies‖. Data written onto these discs can be erased a number of times and new data can be written on it. A digital versatile disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. You need a special DVD drive to read data from a DVD. Display Adapter: A display adapter / video card / graphics card is a device that gives a computer its
display abilities. The monitor works even if there is no graphics card but the screen resolution is not clear and images are distorted. Different video cards support different screen resolutions which are measured in pixels. 640 X 480, 768 X 1024, 800 X 600 and 1024 X 768 are common ones. Some graphic cards come with in built memory for storing screen details and resolution. Some adapters have the ability of doing graphic calculations and are sometimes referred to as Graphics Accelerators. Floppy Drive: A device capable of reading and writing data to a floppy disk. A floppy disk is a
reusable magnetic storage medium. A standard floppy disk holds 1.44 MB and is 3.5 inches in size. A floppy drive is usually allotted the drive letter A by the operating system. Hence inserting a floppy disk into the floppy drive and opening A:\ through My Computer will show the contents of the floppy disk. Hard Disk: This device, also called hard disk drive, contains many flat plate-like structures coated
with a magnetic material capable of storing data. Storing and accessing of data is much faster than on a floppy disk or a CD. All the other hardware is usually connected to the hard disk since it contains the operating system. The data on a hard disk includes the entire operating system and all the other files present in the C, D and other drives you see in My Computer. Keyboard: A keyboard, as everybody knows, is the device that allows you to send typed characters
on to the screen. A standard keyboard usually consists of 102 essential keys. Some keyboards
Page | 2
Riyaz Ahemed Walikar
A Beginners Approach to Windows have keys that have functions like shutting down the computer, opening web pages and volume control. Modem (modulator/demodulator): A device that allows a computer to send and receive data through
a telephone line. A modem converts the digital data from the computer into analog signals for transmission through a telephone cable and converts incoming data into digital form for the computer to understand. Modems can be internal or external. An Internal modem looks like a card and has a slot for the telephone line. An External modem on the other hand is usually in the shape of a box with blinking lights on it. Different modems have various data transfer speeds. Mouse: Mouse is basically a pointing device with 2 or more click buttons. The Left click is equivalent
to an Enter of the keyboard and the right click opens up a shortcut menu which changes depending on where you click and is equivalent to the key combination of ‗Shift + F10‘. A standard mouse may have more than 2 keys that do various odd jobs like going back one page or moving forward to another level of a folder etc. Network Adapter: A Network Adapter is a device that connects your computer to a network. A
Network Adapter has a slot for the network cable through which data is transferred between computers in a LAN (Local Area Network). This device is sometimes called a network interface card (NIC). Printers: These devices print text or images on paper or other printing material when invoked with a
print command from an application. When a print command is issued, the Print Spooler accepts the document sent to the printer to be printed and stores it into the memory till the printer is ready to print. Examples: Laser Printers, Ink – jet Printers, Dot Matrix printers. All of the above mentioned examples of printers differ in their ink and methods of printing resulting in different resolution and texture details. Processor: A Processor controls the operation of a computer and performs its processing. A
computer can have more than one processor. When there is only one processor, it is often referred to as the central processing unit (CPU). The processor is often integrated on to the motherboard and is rated according to its speed. A processor with a speed of 1.70 is enough to run a computer sans any errors, whereas high end gaming machines ask for more. RAM Card (Memory): This device has RAM (Random Access Memory) Integrated Circuits (ICs)
which the computer continually uses to read or write data when in an operation. Many other devices also use the RAM to temporarily keep data during a transfer operation. RAM Cards come in various memory sizes like 64 MB, 128 MB, 256 MB, 512 MB etc. A Computer used heavily for gaming and other high speed operations requires a higher amount of RAM. Information stored in RAM is lost when the power supply is disconnected. RAM Cards are sometimes also referred to as RAM Sticks or RAM Modules. Sound Card: Sound cards allow the user to playback sound files (Mp3s and Microsoft Wav files etc.)
through speakers or headphones. A sound card also enables voice recording through a microphone. Sound cards are usually integrated into motherboards. Any hardware to be duly recognized by Windows needs to have its driver installed onto the system. Device drivers are basically files that allow a specific device to communicate with the Operating System. Although a device might be connected to your system, Windows does not recognize its functions and usage until and unless its drivers are loaded. Drivers of some common and essential devices like keyboard, mouse, CD drive and Floppy drive are provided by Windows which get installed during the installation of the Operating System. Drivers are unique for different types of hardware.
Page | 3
Riyaz Ahemed Walikar
A Beginners Approach to Windows Driver files usually have a *.sys extension and are usually %systemroot%\Windows\System32\Drivers\ folder in case of Windows XP.
found
in
the
Warning: Any incorrect manual changes done to this folder or its contents can render your computer
useless.
I.2: Operating Systems: Classification & Overview A layman‘s definition of an Operating System (OS) is that it is a broad collection of programs and assorted applications that allow a computer user to interact with the installed hardware. Functions of Operating Systems: An operating system basically controls the execution of application program and acts as an interface between the computers hardware and its user. Operating systems have evolved drastically over the years to reach its current pinnacle. Primitive operating systems just consisted of a set of instructions for printing jobs and other odd works. Today‘s operating systems allow users to play music while playing a game. Evolution has taken operating systems along with user developed applications into a realm that virtually has no limit to the advances incurred. The hardware and software that goes into making a computer can be viewed in the form of a tree as shown below:
End User Application Programs Operating System Computer Hardware The user of the operating system and overlying applications is called the End User. The Application Programs could be anything from Microsoft Word to Macromedia‘s Flash MX. Many a times utilities or helper programs are bundled along with the operating system for example; Windows Paint, Calculator etc. Application Programs are usually third party programs that allow users to manipulate and use their computer resources to create useful work out of inputs given to the computer, for example; Macromedia‘s Flash MX allows users to create content rich documents for web designing, Adobe‘s Photoshop gives its users an easy to understand interface for editing and creating and editing images and pictures. The operating system is the underlying agent that acts as a mediator between the users/applications and the installed hardware. An operating system should have the following functional capabilities to be called a useful operating system; >> File and data creation: An operating system provides various tools that allow a user to create files that are specific to certain applications or may be a part of the OS itself. These tools may include various editors to assist the user in handling various files.
Page | 4
Riyaz Ahemed Walikar
A Beginners Approach to Windows >> Archiving: Archiving refers to the cataloging and storing of information about files that aid in the process of file search and retrieval. This function is not a necessity and can be overlooked. >> File Execution and Workspace Management: To run a given file, several procedures are carried out like loading instructions and data into memory, initializing I/O devices etc. The OS takes care of all the background tasks and gives hassle free results. The operating system allocates the available memory to various applications and converts user input into application specific instructions. >> Controlled Access to Files: In case of access to files an understanding of not only the instructions parsed to I/O devices is important but also the file format on the storage medium is also to be taken into consideration. The OS manages all the details. Furthermore, in case of multi-user Operating Systems, the OS can provide built in data security and protection mechanisms to control unauthorized user access to restricted files. >> Error Detection and Response: Errors can always creep up during program execution or when a system is running. These errors could be anything from hardware failure errors to buffer overflows. In all cases the OS has to give some response to the error in such a way that the integrity of the system is maintained. The response may range from ending the program that caused the error, to retrying the operation or simply informing the user that an error has occurred.
Classification of Operating Systems: Operating systems were classified according to the hardware features that they demanded and basic computer architecture. (The following classifications are not the only category of classification that can be applied to OSs, the most basic and common architectures have been taken into account. You may not see these systems around since most of these architectures are used as research equipment.)
Mainframe Batch Systems: Mainframes were the first type of computer systems that arrived in the scenario. Early computers were gigantic physically and input had to be given through cards and tape drives. The output was taken via line printers. The user seldom interacted with the computer instead he prepared a job consisting of the program, the data and some control information (if required) about the nature of the job and submitted it to the computer operator. The output consisted of the result of the program and register contents for debugging. These systems ran just one job or application at a time and system resources were not utilized to the maximum limits. To speed up processing, operators batched together jobs with similar needs and ran them through the computer as a group. The operator would sort programs into batches with similar requirements and, as the computer became available, would run each batch.
Mainframe Multiprogrammed Systems: With the introduction of disks to store data, Operating Systems could now store all jobs on the disk instead of keeping them on cards. With direct access to several jobs, the OS could now perform job scheduling, to use resources efficiently. Since a single job cannot keep the CPU busy at all times, multiprogramming is effective. Multiprogramming increases CPU utilization by organizing jobs so that the CPU always has one to execute. The Operating System keeps several jobs in memory. The OS picks one job from memory and executes it; eventually the job may have to wait for some task, such as an I/O operation, to complete. The OS then switches over to another job. When that job needs wait, it switches
Page | 5
Riyaz Ahemed Walikar
A Beginners Approach to Windows over to another job. Finally the first job finishes waiting and the CPU is returned to it. Hence as long as there is a job to execute, the CPU is never idle. Multiprogramming is the first instance where the OS has to take decisions for the users. If several jobs residing in the job pool (disks for eg.) are ready to be brought into memory, and if there is not enough memory to complete the request then the OS has to choose among the jobs available. In addition if several jobs in the memory once loaded are ready to execute then the system must again choose one at a time. Hence multiprogrammed systems are fairly sophisticated.
Mainframe Multitasking Systems: Multiprogrammed systems allowed efficient utilization of system resources including CPU, memory and peripheral devices, but it did not provide for user interaction with the ongoing execution of programs and computer system. Multitasking (or Time Sharing) is an extension to multiprogramming where the CPU executes multiple jobs by switching among them, but the switches occur so frequently that the users can interact with each program while it is running. A time shared computer system allows many users to share the computer simultaneously. Since each action or command in a time shared system tends to be short, only a little CPU time is needed for each user. As the system rapidly switches from one user to another, each user is given the impression that the entire computer system is dedicated to his use, even though it is being shared among many users. Multitasking systems are even more complex than multiprogrammed operating systems.
Desktops: These are relatively new and include the ones that you and I use at homes, schools and offices. Desktop machines are meant for performing simple calculations and for other practically viable activities. Gaming, accounting, Word Processing, animation, web designing, DTP, multimedia and internet browsing are some of the most common applications of desktops. These machines have operating systems that allow the user to customize his preferences while working on the terminal including screensavers and wallpapers. These are methods adopted by Graphical User Interface (GUI) Operating System makers to make computing a pleasant experience. Desktops or Personal Computers (PCs) running any OS should have file management, file protection and security for maximum of these types are connected online by average end users. Windows provides the best in all fields of Desktop enhancement right from Gaming to your Internet Browsing. Added with the tips given in Chapter 15, your computer could well be one of the most secure computers online.
Real Time Systems: Another special type of Operating Systems is the real time system. A real time system is used when rigid time restrictions have been placed on the operation of a processor or the flow of data. Applications include systems that control scientific experiments, weather monitoring, medical imaging systems and some industrial control systems. A real time system has well defined fixed time constraints. Processing of data must be done within that stipulated time else the system is useless. For example; it would be useless to have a robotic system which process data at a rate which tells it to stop, after it has smashed itself into a wall.
Page | 6
Riyaz Ahemed Walikar
A Beginners Approach to Windows Real time systems come in two flavors, hard and soft. A hard real time OS guarantees task completion in the fixed time interval. This goal requires that all the delays in the system be bounded, from the retrieval of stored data to the time the OS take to complete the processing request. Usually find applications in robotics or industrial control units. A less restrictive type of real system is a soft real time system, where a critical real time task gets priority over other tasks, and retains that priority until complete. Most Operating systems of today have incorporated the soft real time OS capabilities. These systems find applications where time is not a standard constraint like in animation and multimedia, virtual reality, advanced scientific projects like satellites and extraplanetary explorers.
I.3: Why Windows? A very interesting question indeed and aptly asked. With the availability of several Operating Systems that provide hoards of features ranging from internet security and hardware compatibility to gaming architecture support and online help why go for Windows. The answer: Windows has all the properties that are found in majority of the available Operating Systems; Combined!!. Right from the start Microsoft has been the leader in providing quality OSs with the changing faces of market available computer hardware. The entire Windows series right from Windows 1.0 to Windows XP Service Pack 2 (SP2) has something or the other changed to meet various system requirements and to make computing a pleasant task. Windows being a GUI type of OS promises and delivers the best in home and office computing. File management, file systems, password enforcement, OpenGL support, Direct X support, safe browsing, and accessories for disabled users, system tools, server and client applications inbuilt firewall (SP2), Administration and multiple user support, multitasking, Games, easy update, system file protection, Internet connectivity, multimedia and integrated CD burning (XP) are ‗some‘ of the several features offered by the Windows series of Operating Systems. Ease of Installation and concise instructions for configuration make the Windows series one of the most widely used group of Operating Systems available. Windows has many features for different types of users including office professionals, artists, students, animators, movie editors and IT experts. There is something for everybody when using Windows. With the release of Windows XP, Microsoft congregated the differences between its previous versions and users in such a way that enabled Windows XP to rule desktops worldwide. The online help given by Microsoft is worth a mention here. Ranging from installation issues to stack & buffer overflow error correction, Microsoft has collected everything possible under the sun about its products that give the user a sense of confidence when using them. Hence you can definitely say that online help is just a click away…..
I.4: Software That Goes In… So you have bought a new computer and the dealer said something about Windows XP, Office 2003 and Microsoft Visual Studio. Well, if it has not made any sense to you let me explain; Windows XP is the Operating System that is installed on your computer; Microsoft Office 2003 is a rich suite of applications including MS Word, MS Excel, MS PowerPoint and Outlook Express which allow users to create Text and Web Documents, Accounting Sheets, presentations and to check E Mails respectively. Microsoft Visual Studio is also another suite of applications consisting of Visual Basic, Visual C++, Visual FoxPro and Visual Interdev which are applications and compilers to create applications and debug them.
Page | 7
Riyaz Ahemed Walikar
A Beginners Approach to Windows In this section we shall see some of the basic and important software required by a computer to run and to do some of the most common jobs that computers are meant to do. As you all by now should know is that ‗software‘ is any application or group of programs that enable the user of a machine to utilize the hardware resources to create useful work out of inputs given to the computer. The Operating System in a way can be called as a software but the definition is not mandatory and neither optional. Operating System: Windows 98/NT XP, Internet Browser: Internet Explorer 6.0 (XP), Office: Office XP/2003, Software Development & Debugging: Microsoft Visual Studio 6.0, Multimedia: Windows Media Player & Windows Movie Maker, Library and Programming Aid: MSDN, CD Burning: Windows Media Player & Integrated CD Burning of Windows XP, Games: Solitaire, Pinball, Minesweeper, Hearts, FreeCell, Microsoft‘s Flight Simulator, Halo, Age of Empires, Crimson Skies, Rise of Nations, Paint & Image Editing: Microsoft Paint (integrated) and Microsoft Photo Editor, Online Messaging & Chatting: MSN Messenger, Email: Microsoft Outlook Express, Web Designing & Publishing: Microsoft FrontPage, Microsoft Web Publishing Wizard. There are loads of third party software (Non – Microsoft) that can be used as an alternative to the ones mentioned above. Other than these you may require software, called drivers, to make your hardware run. Device drivers are also a class of software that makes your Operating System recognize the hardware that is installed and make use of it. For e.g.: if you are playing a song in Windows Media Player you require speakers or headphones to listen to the output, now for the OS to recognize that there is a sound card which will allow us to hear the music it needs drivers that have to be loaded into memory which will allow the OS to do the necessary conversion and send the output through the speakers. These are not the only ones out there, just go to the ‗downloads‘ http://www.microsoft.com and check it out to believe what more is available.
section
of
I.5: System BIOS – A brief overview The computers BIOS is a ‗hardware based software kind of thing‘ that records settings and information of your computer such as date and time, the type of hardware installed and various configuration settings. Your computer applies that information to initialize all the components when booting up and basic functions of coordination between system components. If the BIOS has incorrect values or if the BIOS is damaged it may cause your system to malfunction or it may not allow your computer to boot at all. If that happens, you can enter the BIOS Setup and manually give values (that‘s hell painstaking and confusing) or use the BIOS‘ inbuilt feature of ‗Load Optimal Values‘ or ‗Load Best Performance Values‘ to start your computer properly. If all else fails then open your system and on the motherboard, somewhere close to the battery is the clear CMOS jumper (set of pins on the motherboard, it is usually specified). Use it to clear the CMOS memory which has stored the configuration information. Every time your computer starts, a message appears on the screen before the Operating System loads that prompts you to ―Hit if you want to run SETUP‖ . The message may differ on computers with different motherboards, but most of the time you can access the BIOS setup by using either F2 or Delete. Sometimes F4, F5, F6, F8 and F10 also work; it all depends on the make and manufacturer of your computers motherboard.
Page | 8
Riyaz Ahemed Walikar
A Beginners Approach to Windows Inside the Standard CMOS Setup, you can set up the computers date and time and the available IDE devices connected to both the IDE Channels inside, on the motherboard. Usually it is the Hard Disk Drive and the CD ROM drives. Floppy Drives have another separate channel. A computer has two channels called Primary and Secondary IDE channels. Each of these has a Master and a Slave. So you have a Primary Master, Primary Slave, Secondary Master and a Secondary Slave. That means that you can connect maximum 4 devices on to the computers IDE Channels (two primary and two secondary). The difference between a Master drive and a Slave device is the jumper setting on the respective device. Well that is of no importance to us as of now. The BIOS setup allows you to configure your computers booting sequence. For all those guys who didn‘t get the ring, let me explain. The Operating System has to be loaded to start your computer. Now the OS may be present on the Hard Disk (as is the usual case) or it may be present on a floppy disk (OS repair or DOS based OSs) or you may have to start the computer with the CD ROM st nd (for OS installation purposes). Whatever the case, the BIOS checks the 1 Boot Device, 2 Boot rd st Device and the 3 Boot Device and loads appropriately. You can configure the BIOS so that the 1 Boot Device is the Hard Disk (usually HDD-0 if you have only one hard disk) so that your computer boots faster. Also enable the Quick Boot option available in the BIOS under the Advanced Setup Page. If you enable this the system starts up more quickly by eliminating some of the Power on Test routines. You can enable or disable Hyper Threading. Windows XP supports Hyper Threading. More on HT further ahead… BIOS also manages Power and Plug and Play Device configuration. Alongwith these the BIOS also takes care of the settings of peripheral devices like the modem, audio card etc. (depends on the motherboard and peripheral make, usually relates only to onboard components). Hyper Threading is basically the division of processor load by the processor in such a way that it appears that there are two processors. The Intel Pentium 4 Processor (with HT Technology) has the Hyper Threading capability. Windows XP supports HT and the effect is even felt at the user level. You can enable or disable the HT function in the BIOS Setup under the Advanced Setup Page. This option is available only if the BIOS detects that your processor is HT capable. Under any other OS version other than Windows XP please disable HT. You can actually open Device Manager and view under the processors level to see two processors. Windows Task Manager also displays dual processor graphs under the performance tab (under CPU Usage History). Hyper threading is effective and it creates an illusion that the computer has actually become faster and under certain circumstances it actually does.
Page | 9
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenge: 1. Change the boot sequence of your computer. You can do it in two ways either temporarily or permanently. Hint: In one method you will be changing the boot option for one boot only and in the other (using the BIOS) you will be changing it for present as well as future boots as well.
Page | 10
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER II
Starting from Scratch So let‘s get to the real thing. This chapter is both for beginners as well as experienced users who are interested in knowing what file systems are, installing and running Windows, System folders and the like. Knowing some basic concepts about Windows right from installation will be an advantage while troubleshooting common problems. Installation and setup description have been described for Windows XP Home Edition and Windows 98, other Windows versions may differ slightly. After this chapter the reader should be able to: Explain what are file systems are and differences between FAT16, FAT32 & NTFS. Run setup and Install Windows 98 and Windows XP on any given machine with requisite hardware.
Note: The reader can skip the sub topic on File Systems and get started with Running Windows
Setup and can return back after installation of Windows is complete. The descriptions penned down in the following pages are brief in its context and the reader is informed that any further accounts are beyond the scope of the book.
Page | 11
Riyaz Ahemed Walikar
A Beginners Approach to Windows The case always remains that to get deeper into anything you need to resolve the surface. Understanding and troubleshooting Windows is not a difficult thing if the ground basics are clear. Installation issues have always haunted common users, which often lead novice Windows users to format the system and reinstall the entire OS losing precious data and time. A brief introduction to file systems and the boot process will benefit us in the long run. Installing Windows is also a simple process if done carefully. Let‘s begin with File Systems.
II.1: File Systems The overall structure, in which files are organized, named and stored is basically what the concept of file systems is all about. Operating Systems, in general, need a defined disk structure and metadata to identify the location of files and data on your hard disk. The operating system itself requires that the disk structure should be readable and efficient (in its own terms) so that it can install itself and later perform read and write tasks on files stored onto the hard disk. You always format a computer‘s hard disk with a File System. File systems can be of different types; they could be either disk based or network based. Every OS supports only certain kinds of File Systems. The following table will give some of the most common File Systems around and the ones that are important in context with this book. File System
Company / Creator
Original OS
FS FAT12 FAT16 HFS FAT32 HPFS UFS2 ext2 ext3 Reiser4 NTFS NSS ODS5
Bell Labs Seattle Computer Products Microsoft Apple Microsoft IBM & Microsoft. Kirk McKusick Rémy Card Stephen Tweedie, Namesys Microsoft, Gary Kimura, Tom Miller Novell Digital Equipment Corporation
Unix DOS DOS Mac OS Windows 9x OS/2 FreeBSD Linux Linux Linux Windows NT Netware VMS
Table 2.1File Systems Windows recognizes only the ones developed by Microsoft (too obvious?). MSDOS ran on FAT12 and FAT16. FAT32 supports almost all Windows versions and NTFS supports only Windows NT systems (includes XP, 2000 and 2003). For those readers who have not understood the expansion of the above mentioned File System names this should help clear the cobwebs in your heads: Abbreviations: FS FAT12 FAT16 HFS FAT32 HPFS UFS2 ext2 ext3
Page | 12
> > > > > > > > >
File System File Allocation Table 12 File Allocation Table 16 Hierarchical File System File Allocation Table 32 High Performance File System UNIX File System 2 Extension 2 Extension 3
Riyaz Ahemed Walikar
A Beginners Approach to Windows NTFS NSS ODS5
> > >
New Technology File System Novell Storage Services On-Disk Structure (Files – 11)
There are several other File Systems but you should not be concerned about them being a novice Windows user. The field of interest for the readers of this book should primarily be the FAT and NTFS file systems which support Windows. Let us begin with FAT in general: File Allocation Table: A partition is divided up into identically sized clusters which are small blocks of contnuous space on the hard disk. Cluster sizes vary depending on the type of FAT file system being used and the size of the partition. Typically cluster sizes lie somewhere between 2KB and 32KB. Each file may occupy one or more of these clusters depending on its size. However these cluster chains are not necessarily stored adjacently on the disk's surface but are often instead fragmented throughout the partition. Reading or writing of other files to the disk then slows down the computer. Each version of the FAT file system uses a different size for FAT entries. The size is indicated by the name, for example the FAT16 file system uses 16 bits for each entry while the FAT32 file system uses 32 bits. This difference means that the File Allocation Table of a FAT32 system can map a greater number of clusters than FAT16, allowing for larger partition sizes with FAT32. This also allows for more efficient use of space than FAT16, because on the same hard drive a FAT32 table can address smaller clusters which means less wasted space. The FAT file systems (FAT16 & FAT32) is the primary file system for consumer versions of Microsoft Windows upto and including Windows Me. The FAT file system is comparatively less complicated then the other optional file systems a PC can be formatted to. It is still a popular format for floppy disks and is supported by virtually all existing operating systems for Personal Computers. The FAT kind of file system comes in two main flavours (the others have lost their taste…), FAT16 and FAT32 (FAT12 is a dead topic and pursuing it any further is a futile attempt). There are many differences between the two in terms of maximum file size and maximum volume (partition) size among others. FAT16: Introduced in July 1988 for MS DOS 4.0 systems, FAT16 formatted partitions‘ sizes were limited by the 8-bit signed count of sectors per cluster, which could reach a maximum ‗power-oftwo‘ value of 64, giving 32 KB clusters with the usual 512 bytes per sector, hence fixing the ‗definitive‘ limit for FAT16 partition size at 2 gigabytes. Maximum number of files that could be stored on FAT16 partition was approximately 65520. FAT16 supported long filenames and the maximum filename size was 255 characters. Names of files could be any Unicode character except 'NUL‘. The maximum size that a file could take on was 4 GiB. One of the few feautres not found in later FAT versions (FAT32 to be specific) was that data could be compressed using utilities shipped with Windows like DoubleSpace and DriveSpace. FAT16 also supported some kind of primary encryption. FAT16 was not at all worth it when it came to data retrieval from the hard disk and was extremely slow in performance standards. Severe internal fragmentation of files and the absurd volume size limit caused Microsoft to think of an alternative. FAT32 was released as an option sometime in August 1996. FAT32: FAT32 finally overcame the volume size limit of FAT16 by introducing 32 bit cluster numbers, of which 28 bits are currently used. Theoretically this should support a total of 28 approximately 268435438 (<2 ) clusters, allowing for drive sizes to reach 2 terabytes. However due to limitations in Microsoft Windows‘ Scandisk utility, the file system is not allowed to grow 24 beyond 4177920 (<2 ) clusters, placing the maximum volume limit at approximately 124.55 Gigabytes (GB). Windows 2000 and Windows XP can both create FAT32 partitions with maximum size at 32 GB, whereas both operating Systems can read much larger volumes created by third party software. FAT32 was introduced with Windows 95. FAT32 supported file attributes such as Read-only, hidden, system, archive and volume name. FAT32 also recorded dates that were needed for file info like that modified, accessed and created. Unlike FAT16, FAT32 did not have
Page | 13
Riyaz Ahemed Walikar
A Beginners Approach to Windows any transparent encryption or compression abilities. The maximum file size that a file can attain is 4 32 GB minus 1 byte (2 – 1 bytes). For most power administrators and professionals this has become the biggest limitation of FAT32, since games, video capturing and editing applications and the system swap file (virtual memory paging file) can easily exceed this limit. It has a serious drawback in that when files are deleted and new files written to the media, the files can become scattered over the entire media making reading and writing a slow process. Defragmentation is one solution to this, but is often a lengthy process in itself and has to be repeated regularly to keep the FAT file system clean. As FAT is an ideal file system for small drives like floppy disks, FAT is likely to stay for a long time. It is also used on other removable storage of sizes smaller than the practical limits of NTFS, such as flash memory cards for digital cameras and USB pen drives. The FAT32 formatting support in Windows 2000 and XP is limited to drives of about 30 gigabytes, this effectively forces users of modern hard drives to either use NTFS or to format the drive using other tools outside Windows. For most purposes, the NTFS file system that was developed for the Windows NT line is superior to FAT from the points of view of efficiency, performance and reliability; its main drawback is the very limited support by non-Microsoft OSs. NTFS: NTFS or New Technology File System is the standard file system of Windows NT and its descendants Windows 2000, Windows XP and Windows Server 2003. NTFS was released in July 1993 with Windows NT 3.1. NTFS has five versions: v1.0, v1.1 and v1.2 found in NT 3.51 and NT 4, v3.0 found in Windows 2000 and v3.1 found in Windows XP and Windows Server 2003. These versions are sometimes referred to as v4.0, v5.0 and v5.1, after the version of Windows they ship with. Previous versions of Windows (Windows 95, 98 and ME) cannot read data from a NTFS drive. With a dual boot scenario with XP (NTFS) and 98 (FAT32), Windows 98 will not be able to read or write data to the NTFS formatted drive. Although there are third party utilities available to do the same. NTFS replaced Microsoft's previous FAT file system, used in MS-DOS and early versions of Windows. NTFS has several improvements over FAT such as improved support for metadata and the use of advanced data structures to improve performance, reliability and disk space utilization plus additional extensions such as security through the use of Access Control Lists (ACLs). NTFS disk is theoretically divided into two parts. The first 12% of the NTFS disk is assigned to socalled MFT area - the space which MFT metafile grows into. Any data recording into this area is impossible. The MFT-area is always kept empty so that the most important service file (MFT) should not be fragmented at growth. The rest 88% of the disks represent usual space for files storage. MFT which stands for Master File Table is the most important file on NTFS. It is the common table of files and is situated in the MFT area and is the centralized directory of all remaining disk files and itself. All disk files are mentioned in MFT. All information about a file except data itself is stored in this place: a file name, its size, separate fragments position on the disk, etc. If one MFT record is not enough for information, then several records are used. Let us see some properties of the NTFS file system that allow it to stand out. NTFS 5.0 was the third version of NTFS to be introduced to the Windows world by Microsoft. It included several new features: alternate data streams, quotas, sparse file support, reparse points, distributed link tracking and the Encrypting File System (EFS). Quotas File system quotas were introduced in NTFS 5.0. They allow the administrator of a computer that runs a version of Windows that supports NTFS to set a threshold of disk space that users may utilise. It also allows administrators to keep a track of how much disk space each user is using. An administrator may specify a certain level of disk space that a user may use before
Page | 14
Riyaz Ahemed Walikar
A Beginners Approach to Windows
they receive a warning, and then deny access to the user once they hit their upper limit of space. Volume mount points This allows additional file systems to be mounted without requiring a separate drive letter (like C: or D:) for each. Using this you can mount (put a shortcut kind of thing) into another drive. File compression NTFS can compress files using a variant of the LZ77 algorithm (also used in the popular ZIP file format). Encrypting File System (EFS) Provides strong and user-transparent encryption of any file or folder on an NTFS volume. EFS works in conjunction with the EFS service, Microsoft's CryptoAPI and the EFS File System Run-Time Library (FSRTL). EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt and decrypt large amounts of data than if an asymmetric key cipher is used. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file, and this encrypted data is stored in an alternate data stream of the encrypted file. To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key that is stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user. Also, in case of a user losing access to their key, support for recovery agents that can unencrypt files has been built in to the EFS system. Volume Shadow Copy (VSC) Efficiently keeps historical versions of files and folders on NTFS volumes by copying old, newly-overwritten data to shadow copy (copy-on-write). The old file data is overlaid on the new when the user requests a revert to an earlier version. On heavily loaded systems, Microsoft recommends setting up a shadow copy volume on separate disk to reduce the I/O load on the main volume. Alternate Data Streams (ADS) ADS allows files to be associated with more than one data stream. For example, a file such as oops.txt can have a ADS with the name of oops.txt:data.txt (format filename:ads) that can only be accessed by knowing the ADS name or by specialized directory browsing programs. ADS streams are not detectable in the original file's size but are deleted if the original file (i.e. text.txt) is deleted. While ADS is a useful feature for file retrieval and dispatch, it can also easily eat up hard disk space if not detected or forgotten. Later on we shall see how ADS can be utilized to hide data (any damn data) without anybody seeing it.. It‘s a pretty neat trick...
The NTFS file system has very few limitations and these are restricted to stuff like File names and ADS. The following file names can not be created on a NTFS drive due to the system's use of various components. A hard drive conversion to NTFS requires that the following names not be in use since the normal delete commands do not work as expected on these file names: con (single word, regardless of file extension) used by Windows like a file but really a data stream. So you can‘t have a con.txt or something like that on your disk. com0 - com9 (including all single digits, regardless of file extension) virtual communication ports. lpt0 - lpt9 (including all single digits, regardless of file extension) since they are used for printer ports nulI (regardless of file extension) prn (regardless of file extension) aux (regardless of file extension) Also when a multi-stream file is copied to non-NTFS volumes, only the main stream is copied and the lost data is not re-gained by re-copying the file to a NTFS drive.
Page | 15
Riyaz Ahemed Walikar
A Beginners Approach to Windows II.2: Running Windows Setup Installing Windows is a job easier done then said if done correctly. Windows setup gives a detailed step by step guide to installation. This section of the chapter will take you on a comprehensive installation simulation and thus help you in setting up a Windows desktop in no time. I have included the installation of Windows 98 and Windows XP only, since these are the two most asked for Operating Systems when it comes to either a fresh install or an upgrade. Installation of Windows 98 (in this book) will be through a bootable disk (clean install) and it will be done through the command prompt (command line based setup). Windows XP can be installed in two ways, either an upgrade from another Windows version or a fresh install. There are many things that have to be taken care of when installing Windows. We shall approach one by one of these as they become relevant. Let us start with Windows 98.
Windows 98:
Installation of Windows 98 requires very few constraints to be met. System preparation for a fresh install of Windows 98 is what we are going to see in this section. This section assumes that your computer is completely blank with no data at all on it and you are going to start the Windows 98 install on a blank hard disk. If this is not the case, i.e if there is some other OS on your computer like Windows XP or something, you may have to format your system. Check which of the following 2 principles is the one which you are directly concerned with. The following 2 principles also need a view for a Windows XP install. 1. If you have some other OS on your computer (either Non-Microsoft or Microsoft): Scan your computer with a good antivirus to clean and delete any possible virus threats residing in your other drives. Viruses like the ‗Service manager‘ (of the Passma family) infect *.exe files that means that even after you have formatted your root drive(C:\ ) the infection may reside as an infected .exe in the other drives and may soon spread it over to your new installation of Windows 98 in C:\ drive. Prevention is seriously better than cure. 2. If no other OS is present or there is absolutely no data on your computer or if you intend formatting all drives and create new partitions and file systems: Then it shouldn‘t be a big deal. Just continue with the instructions in this chapter and you will have a Windows 98 system up and running in no time. Windows 98 has to be installed in the first drive (C:\) on your computer. As a precautionary measure Microsoft advises users not to install 2 OSs on the same drive. If you want to install Windows XP or any other OS higher than Windows 98 along with Windows 98, install Windows 98 first and then go ahead with the installation of the other OS as documented in some other drive. You may have to make changes to the boot.ini file if you can‘t boot to one or the other OS after having two OSs on one computer. Having two (or more) Operating systems on one computer and having the ability to boot into either one (or any) at the users discretion at startup is called a dual (or multi) boot scenario. Windows 98 does not support the NTFS file system. So if your computer has NTFS drives you will not be able to access the data on these drives when working in Windows 98. To be on the safer side just convert these drives to FAT32 by using any of the numerous tools available online. Windows setup allows you to format these drives to FAT32 drives but you will lose the data on them.
Read the setup.txt file located in the Win98 folder on the Windows 98 Second Edition CD for issues that may affect particular computer configurations.
Hardware Requirements:
Page | 16
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows 98 has few hardware requirements that have to be met for the OS to run without any errors. The mentioned hardware and accessories are just the line, anything higher than the below mentioned hardware will help the system run faster and with lesser hassles for the system installer. Processor: RAM: Hard Disk Space: Monitor: Keyboard: Mouse: CD ROM Drive:
66 megahertz (MHz) or higher microprocessor 128 megabytes (MB) recommended (24 MB minimum) Minimum 400 MB free VGA monitor Standard keyboard Standard PS/2 Mouse or compatible pointing device CD-ROM or DVD Drive
Get the latest Windows 98 drivers for any scanners, modems, or peripheral devices attached to your computer. You can consult the hardware‘s documentation or visit the manufacturer's Web site for this information. Most of the time the drivers will be available on the same floppy disk or CD ROM that originally came bundled with the device; except that, if the manufacturer was intelligent enough (pun intended), they will be available in different folders named by the OS name.
Windows XP:
Windows XP can be installed as an upgrade or a fresh install can be performed if you have a clean hard disk or if you wish to erase all memories of your previous Operating System. We shall see both the cases as common procedures of Windows XP installation. Hardware Requirements: Windows XP has some certain hardware requirements that have to be met for a complete and working install of the OS. Before actually beginning the installation, make sure your computer‘s hardware components meet the minimum requirements. Microsoft has determined a minimum requirement catalog for Windows XP (given below) but anything higher than the below mentioned accessories is an aid to smooth functioning. Processor: RAM: Hard Disk Space: Monitor: Keyboard: Mouse: CD ROM Drive:
233 megahertz (MHz) Pentium or higher microprocessor (or equivalent) 128 megabytes (MB) recommended (64 MB minimum; 4(GB) maximum) 1.5 GB of free space on your hard disk VGA monitor Standard keyboard Standard PS/2 Mouse or compatible pointing device CD-ROM or DVD Drive
The Windows XP Setup Wizard automatically checks your hardware and software and reports any potential conflicts. To ensure a safe and proper installation check if your hardware is compatible with Windows XP. Microsoft has released a Hardware Compatibility List (HCL) for Windows XP systems which is a list of all hardware and drivers that are ‗XP compatible‘. You can view the Hardware Compatibility List (HCL) at the Microsoft Web site: http://www.microsoft.com/hcl/ If your hardware is not listed then get an updated driver for your hardware through the manufacturer‘s website. Usually the case is that Windows plays safe with your hardware and issues harmless and seemingly important hardware installation notifications saying that the driver that you are trying to install has not been digitally signed by Microsoft or some similar crap. ‗Stop Installation‘ is the recommended option according to Microsoft, but being a Windows user now, you should learn to play with fire and give it a go. I would prefer the ‗Continue Anyway‘ option that comes in the dialog
Page | 17
Riyaz Ahemed Walikar
A Beginners Approach to Windows box, if your hardware has been obtained from trustworthy manufacturers. All this is the later part of the soup that is still cooking. Backing Up: If you're upgrading from an earlier version of Windows, you should back up your current files. If you wish to do a clean install too you can back up your data following the same procedure as for an upgrade. You can back up files to a disk, a tape drive, or another computer on your network. If the C: contains any important data (especially My Documents) etc. just copy the files and folders etc to a non OS drive (other than C: or the drive you plan to install the OS). The C: drive may have to be formatted for installation or some files may be overwritten during installation. If you do not have more than one partition, that is if your computer just has C: drive than it is advisable to create another partition to store data. Extra drives always come in handy. PowerQuest‘s Partition Magic is a very good third party software that allows users to create and resize partitions or if you are comfortable with the Microsoft‘s fdisk then its good. Upgrade or Fresh Install? An upgrade to Windows XP is definitely advised if you're already using an earlier version of Windows that supports upgrading and if you want to keep your current files and preferences. During an upgrade, the Windows XP Setup Wizard replaces existing Windows files but preserves your existing settings and applications. Some applications might not be compatible with Windows XP and therefore might not function properly after an upgrade. You can upgrade to Windows XP from the following operating systems: * Windows 98 (all versions) * Windows Millennium Edition * Windows NT 4.0 Workstation (Service Pack 6 and later) * Windows 2000 Professional (including service packs) If your computer is currently running an unsupported operating system, you must install a new copy. The wizard installs Windows XP in a new folder. After the installation is complete, you will have to reinstall applications and reset your preferences. If you want to modify the way the wizard installs Windows XP, click Advanced Options, and then perform any of the following tasks: * Change the default location of the setup files. * Store system files in a folder other than the default folder (\Windows). * Copy the installation files from the CD to the hard disk. * Select the partition on which to install Windows XP Professional. Unless you're an advanced user (or if you know one), you should use the default settings. A clean install is a must if your hard disk is blank (it‘s obvious… what are you going to upgrade from otherwise?) or if your current OS does not support an upgrade. A clean or fresh install can be done by selecting the fresh Install option in the Windows XP Setup wizard but the most common and safest method is to do it through a ‗bootable disk‘ i.e. the Windows XP CD should be inserted at system startup and the computers CMOS should be configured in such a way that the system boots from the CD first. There are three other methods of Installing Windows XP, the Unattended Installation, the Sysprep and by the Remote Installation Services.
Page | 18
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows Unattended Installation - Unattended installations use setup scripts to answer installation questions like the Computername, Organisation, Serial Key, Regional Settings etc. and to automate the Setup process. This simplifies the installation of the operating system. Sysprep Install (System Preparation Tool) - This is a timesaving way to install Windows XP on multiple computers that use identical or similar hardware configurations. Sysprep uses an image of the i386 folder that contains all the Windows files to install on multiple computers. Remote Installation Services (RIS) - Enables you to perform a clean installation of Windows XP on multiple computers throughout a network. This requires a computer running the Remote Installation Service. RIS relies on the Pre-Boot Execution Technology (PXE). In this systems that do not have an Operating System are made to boot with their Network Adapter as their first boot device and which then connects to a RIS Server and the installation proceeds through the network.
II.3: Installing Windows Installation of Windows 98 has been explained through a bootable disk (i.e. clean install of Windows 98), and that of Windows XP has been explained in both the possible ways, i.e. as a clean install as well as an upgrade to Windows 98. Let us start with Windows 98 first.
Windows 98: The chances of any Windows user using an OS as old as Windows 95 is very slim and hence the question of upgrading to Windows 98 from previous versions is left out of this book. We shall only see the clean install of Windows 98 in this section. One thing to be kept in mind is that Windows 98 always installs in the C:\ (the first drive on the hard disk). This part of the chapter assumes that you have NOTHING on your computer and all the hard disk is completely blank. If there is data on the computer take a back up to floppy disks or CD RWs or to an external drive. When you select to remove all files in setup (read on to understand) your entire hard disk is erased and all partitions deleted, formatted and converted to one single FAT partition The C: drive. Hence if you have any important files on your computer please take a back up on to some external device. Start your computer and just press the Delete button of your keyboard to open your computers CMOS setup. (The key may vary on your computer but the most common keys include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Here you have to configure your BIOS to boot from the CD ROM drive first. This option is usually available under the ‗Advanced Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s manual if you don‘t want to take a risk. Then insert the Windows 98 CD and exit the CMOS setup. When asked to save changes say Y for yes and exit the setup. Your computer should restart and if the CD is a bootable Windows 98 CD you should get a screen saying ‗Press any key to boot from CD….‘ or something similar, press Enter to start the Setup. You will see the first screen that has 2 options Boot from Hard Disk and Boot from CD ROM. Select the second option and press Enter. The next screen has three options, Start Windows 98 setup from CD ROM, Start computer with CD ROM support and Start computer without CD ROM support. Select the first option. There is a timer anyways; it will default to the first option. After you press Enter, Windows Setup will load all drivers and files needed to detect hard disk drives, floppy drives and additional hardware. Now starts the actual setup. This screen will be a blue screen on which you will have three options; press Enter to setup Windows, for help press F1 and to quit press F3. Press Enter to continue installation.
Page | 19
Riyaz Ahemed Walikar
A Beginners Approach to Windows
The next screen in most of the cases will contain 2 options. One option will ask you to remove files and the other will tell you to keep the files. These options are usually prompted if your computer contains a NON-MS DOS OS, something like Windows XP or OS/2. Since you will be installing everything new. Select Remove Files. Your computer will then restart. After your computer restarts if you are prompted again to boot from the CD, press Enter. Follow the same steps as mentioned above till a stage where setup will format the hard disk. After the format a screen saying Setup is preparing to install Windows will come up after which Setup will perform a routine check on your system. To continue press Enter. To quit setup press Escape which I assume nobody would want to do at this stage. Anyways, when you press Enter, setup runs scandisk, a small yet powerful utility that checks your hard disk for bad sectors and damaged sections. Press Continue on the box that pops up. After setup collects some information needed for setup to run completely, setup will ask you for the location to install the Windows 98 system files. By default it is the C:\Windows folder. Select it and click on next. In the next page select the install type to be Typical which will install the most common Windows components. Click on next. Now the setup will ask for some information like your Name and Company. Enter the relevant info and continue. Now select your current location from the drop down list. If your country does not appear in the list, select the one closest to you. After this Windows will start copying files and you can sit back and read the informative text that is continuously being displayed on the right hand side of the screen. After the file copying phase, Windows will restart. Boot from the hard disk now. You will be greeted with a boot screen saying Windows 98 Getting ready to start Windows for the first time. Windows will now prompt you to create a user, just enter your username and press Enter Windows will now ask you to agree to a License Agreement. Read it and select I Agree and continue. Now comes an important part. Enter your 25 character product key which you will find on the Certificate of Authenticity (CoA) label. Click next after you have entered your valid serial key. Click Finish on the dialog box. Windows will then initialize its driver database. After that Windows will detect Non Plug & Play hardware. Usually after this Windows restarts. After your computer restarts completely, Windows will ask you to set the current time and date through the Date & Time Properties. Windows will then compile components of the Control Panel and Start Menu, followed by Windows Help. MS-DOS program settings for 16 bit applications will be configured alongwith the entire system. After the system settings are updated, the computer restarts. That‘s it. Windows now starts normally, except that you may have to install drivers for your sound, video and printer hardware for them to work. To install drivers for your hardware just insert the driver medium (like a CD-ROM or floppy diskette) when asked for them and click on Next. The Add Hardware Wizard will do the rest. Windows is now installed completely. Click on the Start Button to start exploring or you can take a visual tour by taking the windows tour.
Windows XP: As mentioned before Windows XP can be installed in two ways; as an upgrade to Windows 98 (or ME, NT 4.0 and 2000) and as a fresh install. The installation of Windows XP Home Edition has
Page | 20
Riyaz Ahemed Walikar
A Beginners Approach to Windows been taken up in the Clean Install part and the Installation of Windows XP Professional Edition has been taken up when upgrading from Windows 98. As you will see there isn‘t much difference in both the installation procedures. Clean Install of Windows XP is perhaps the best method to install if you have a clean hard disk or an Operating system with another file system (like Linux on an ext2 partition). Windows XP setup can be started by booting the computer from the Windows XP CD-ROM. The BIOS has to be configured so that the computer can be started with the help of the CD instead of the hard disk.
Press the Delete button of your keyboard to open your computers CMOS setup just after you power on your computer. (The key may vary on your computer but the most common keys include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Configure your BIOS to boot from the CD ROM drive first. This option is usually available under the ‗Advanced Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s manual if you don‘t want to take a risk. Then insert the CD and exit the CMOS setup. When asked to save changes say Y for yes and exit the setup. Your computer should restart and if the CD is a bootable Windows XP CD you should get a screen saying ‗Press any key to boot from CD….‘ Do as the screen tells you press Enter or any key for that matter. Windows XP setup starts by loading all important files needed for installation including the drivers needed to recognize the NTFS and FAT32 file system. The first screen displays 3 options one that says Press ENTER to setup Windows, to repair system using recovery console press R and Quit Setup press F3. If you see this screen carefully, right down you will see all the operations that can be run on this page in short texts. Now press Enter.
Recovery Console is covered in the chapter on Troubleshooting Common Problems. Do not worry about it now.
Page | 21
You will get to see one of the most concisely and cleverly written Licenses on this planet on this page. If you have the patience read all of it, by pressing the Page Down and Page Up keys (I personally advise you read it, it clearly draws the line between multiple installations on different computers using the same disk. It can save you from a lot of legal hassles.) This type of license is called a EULA (End User License Agreement). You can read it anytime later by clicking on Help >> About Windows from any explorer window and then by clicking on the highlighted End User License Agreement link. Anyways press F8, after reading, as directed at the bottom of the screen to Agree to the license. Setup information is loaded from a file called setupp.ini. Then you get to see a page showing all the drives on your computer. This page will determine where your Windows XP will be installed. Select the drive that you want to use for Windows XP installation and press Enter. Since this is a clean install, it is indeed effective to select C: drive. Then will follow a format warning page that will ask you to make sure that the drive selected by you is really the drive or not. Press C to continue. Then comes the format page. On this page you get to select what type of format you would like to perform on the drive selected. These options include formatting using the NTFS type of file system and formatting using the FAT32 type of file system. The quick format option for these file systems are also available but using the complete format (without the quick) option is more effective. There is an option to leave file system intact but that‘s up to the users to make a decision. Formatting drives using the NTFS file system has its own advantages. Select an option and press Enter. After you select the necessary format option, Setup formats the selected drive appropriately and then the actual installation starts.
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Page | 22
Setup then creates a list of files to be copied. It then starts copying these files to the installation folder. Setup will then ask you to restart the computer. This is done automatically in 15 seconds or can be done manually by pressing Enter at the screen. You may get the message to boot from your CD again (‗Press any key to boot from CD….‘). Do not boot from your CD now. Continue with the start of Windows. Setup will now continue in its Graphical mode. You will see a message on screen saying ‗Setup will complete in approximately 39 minutes‘). Sit back and read the informative text that is continuously being displayed on the right hand side of the screen. After another 3 minutes or so Windows will start installing devices. Your screen may flicker and the installation may seem to have frozen, but it is natural and there is nothing to panic about. Now comes your role. Setup will now prompt a Regional & Language Options Dialog Box. Here you can install files for East Asian Languages & files for Complex Script and Right to Left Languages. After you done the necessary customization click OK and then click on Next. In the next page that comes, Enter your name (anything except Administrator and Guest) and Organization. Click on Next. Setup will now ask for your unique 25 character product key. This key is provided on the Certificate of Authenticity (CoA label) that comes with the original Windows XP CD. Enter the key with care and click Next when done. The next page asks you to give your computer a name. This name can be 15 characters long and should consist of standard characters (A-Z, numbers 0-9, and hyphen). The name should not have a full stop and should not have all its characters as numbers. Click Next. Adjust your computers Date & Time Settings on the screen that comes up. The date and time rarely need to be changed, but the Time Zone almost always requires a change to match your zone. Now you can again sit back and read some more of the informative stuff that comes on the screen. Setup installs Network Components. Setup will then install Start Menu items. In the final phases of installation Windows XP setup will ‗register components‘. This is just the updating of the Windows registry with the new files that have been copied, especially the .dll, .ocx, and .tlb files. These are important Library and System files that keep the system running properly, any changes to the location of any of the .dll or other library files on your system can render it useless. In the last stage of Windows Setup, any temporary files are removed and Settings are saved. The computer should now restart. Once the computer starts, Windows will attempt to adjust screen resolution. (Size of icons and the size of screen etc). You will then be greeted by the Welcome screen. Since there are no users created during install, Windows XP Home Edition creates a password less administrator account called Owner. You can take a quick tour of Windows XP when prompted, or later by clicking Start >> Programs >> Accessories >> Tour Windows XP. You may have to install drivers for your video and sound card among other devices that you may have. To see which devices on your computer require devices, click on Start >> Control Panel. Once Control Panel opens, double click Administrative Tools. Under Administrative Tools open Computer Management. In Computer Management (in the left hand side column) select Device Manager. The right hand side of the window will then show you the devices connected to your computer. The devices having a yellow icon are the ones that need drivers. Install them accordingly. You are now ready to use on of the best Operating Systems ever on this Planet!!!!
Riyaz Ahemed Walikar
A Beginners Approach to Windows Let us see the Upgrade method of Installing Windows XP Professional through a Windows 98 machine.
Page | 23
Start your computer. After Windows 98 starts completely, scan your computer with an antivirus with the latest updates to detect and remove any virus threats that may hamper installation. This procedure is very important since your drives may contain a virus or any other malicious program which may corrupt Windows XP later when it is installed. After scanning and after you are sure that there are no viruses on your computer, insert the Windows XP CD in to your CD ROM Drive. The Windows XP CD has autorun capability hence setup will run automatically. If it does not due to some reason, then open My Computer, open your CD-Rom Drive and doubleclick Setup.exe to start setup. In the first page that comes up select the type of installation as Upgrade. Click Next Setup will then display the End User License Agreement (EULA). Select I accept this agreement and press Next. You will be now asked for your product key. Enter your 25 character product key on this page. You will find the product key on the Certificate of Authenticity (CoA). Press Next. Windows setup will now offer to compile an upgrade report. Setup collects information about installed programs and check known compatibility issues with your computers hardware with its database. Select any one of the three or select the last option No Report if you are confident that your computer‘s hardware or installed software will not affect Windows XP in any malicious way. The Next Page shows the Update Options dialog. If you are connected to the internet then I recommended you go online and download the latest updates. If not click on No, Skip this & Continue If you had selected to show the Upgrade Report then here you will get to see the report. Click on Continue or save the file by clicking on Save As. Windows will now copy files needed for installation. After this phase the computer will generally restart. Now if you get the message To boot from the CD ROM drive at system startup, ignore it, since this is the upgrade to Windows XP is entirely a graphical (not involving the command prompt) procedure. You will now be shown the boot.ini file, a Windows file explained in the chapters to come, edited so that you can either continue installation or cancel Windows XP Setup. By default after some time Windows XP installation will continue. You can even press Enter to the option saying Microsoft Windows XP Setup. Your computer will now continue with the installation of Windows XP in a minimal graphics mode. The screen may look sick here, but don‘t worry, it will return to normal after some time. Setup will then start Installing Windows. You can sit back and relax, reading the informative text that scrolls by on the screen on the right hand side. Windows will install devices and the network components. After that Windows will start copying files to the system directories. Windows will then install Start Menu Items and perform registration of system components with the registry. In the Finalizing Installation Phase of Windows XP, setup will upgrade program and system settings from Windows 98 to that of Windows XP. It will then save settings and delete any temporary files created during installation. You will now be prompted to create users and enter an Administrator password. Don‘t try to create a user with a name that is also the Computer name. Keep the Administrator password blank if you are not on a network so that you can easily login with the Administrator account and you will not have to fumble around searching for the password.
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Your computer may require sound, video and modem drivers along with other additional hardware drivers. See the documentation provided by the manufacturer on how to install device drivers for the specific hardware and for specific Operating Systems. To see which devices on your computer require devices, click on Start >> Control Panel. Once Control Panel opens, double click Administrative Tools. Under Administrative Tools open Computer Management. In Computer Management (in the left hand side column) select Device Manager. The right hand side of the window will then show you the devices connected to your computer. The devices having a yellow icon are the ones that need drivers. Install them accordingly. You can install drivers from here by right clicking on each device that has a yellow icon and then selecting Upgrade Driver. The Hardware Upgrade Wizard starts, put in the motherboard CD which usually contains the drivers for sound and video, click on Next with the Install the Software Automatically Option.
Windows XP can be easily customized according to user preferences. For easier memory management and for a substantial increase in computing create more drievs by partitioning and distributing space, so that paging files be created onto these drives. There is another advantage of having more than one drive; you can save your data on the other drives if you are reinstalling Windows XP.
Page | 24
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenges: 1. Create a Windows 98 Startup disk through My Computer. 2. Change the name of your computer, AFTER installing Windows XP completely.
Page | 25
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER III
The Basics This chapter will give the reader an insight into the normal startup of a normal Windows XP system. Alongwith that some the Start button, its functional abilities and the Taskbar, which form the Windows Desktop, is also covered. This chapter points to Windows XP Home Edition unless otherwise mentioned specifically. After this chapter the reader should be able to: Explain the importance of the boot.ini file and list all the boot keys. Understand the Windows Logon and customize it. Explain the various components of the Windows Desktop. Customize the Windows Desktop. Note 1: The reader can skip the topic on POST, Boot Keys and Boot.ini and move on straight to The Desktop section and then come back if the interest arises to the Boot.ini. Note 2: If you have bought a new computer then it may so happen that your desktop and Start Menu may look different from the descriptions and illustrations in this book because your computer manufacturer may already have customized Windows XP.
Page | 26
Riyaz Ahemed Walikar
A Beginners Approach to Windows After going through the Windows Install it is theoretically necessary to know the events that occur during the Windows Boot including the Windows Logon Screen and Post Logon Events. Starting from the BIOS POST to the desktop, this chapter takes you on a journey through the normal and complete startup of a common PC. A description of the Windows Desktop and its components is also given. In depth explanation is in the next chapter.
III.1: POST, Boot Keys and the Boot.ini The first thing that the BIOS does when it starts the computer is the Power On Self Test, or POST for short. The POST has nothing to do with Windows or any other Operating System cause no Operating System is loaded at this early stage. It is a BIOS built-in diagnostic program that checks all the important hardware to ensure that everything is present and functioning properly, before the BIOS begins the actual boot. These important hardware basically contain the Processor, the system buses (small connecting wires that carry information), the video card and all the devices needed by the target OS for its computing environment. It later continues with additional tests like memory testing and RAM enumeration including other conventional tests that you may see on screen before the Operating System starts. POST runs quickly and you may not even notice it has occurred except for the time when your computer develops a serious internal hardware problem (like damaged RAM Modules etc.). At this stage you may get to hear a series of beeps emanating from the computer. These beeps are meant to give you a fair idea of what the internal problem is. Most motherboards have a set of POST Error Beep codes. Like for example, my computer has a Mercury Intel 845GLM-L motherboard and a set of two beeps denotes that the system has started without any problems. Different BIOSs have different error codes. Some computers start without giving any beep. Whatever the case may be, POST error codes help system servicemen to analyze the problem and rectify it accordingly. Normal beeps can be disabled completely by changing the computer sound jumper (pin) on the motherboard. Boot Keys are the keys that allow you to interrupt a normal boot process and give control to the user to select some hitherto unknown system options. You may have observed at system startup that if you press the F8 key a list of new options is displayed on the screen. As explained in the previous chapter, you can press the Del key to enter the system BIOS and you can interrupt the booting sequence by pressing Esc and selecting a new boot device (Of course if the Try Other Boot Devices option in the BIOS is enabled your computer will definitely boot even if no proper bootable image is found on the device you selected by interrupting the normal sequence). There are no well defined boot keys as such, but the most common ones that are usually found on any system are Esc,F1, F2, F3, F4, F5, F6, F7, F8, F10, F12 and Del. The function of the keys may differ on your computer but commonly these keys are used to boot from a floppy disk, go to the BIOS, interrupt the boot sequence to select boot device, display advanced options for Windows like the boot into Safe Mode, use Last Known Good Configuration etc., bypass CD ROM boot check etc. The Boot.ini is perhaps the most important file that allows you to start Windows (.ini files are initialization files). The Boot.ini file always resides in the first drive (i.e C:\) no matter what and where the Operating System is (except for non Microsoft OSs like Linux etc. these OSs carry their own Boot loaders and are normally executed before the Boot.ini file). Normally you will not be able to see the contents of the Boot.ini file at Windows startup if you have just one Operating System installed. A typical Boot.ini file looks like this: [boot loader] timeout=30
Page | 27
Riyaz Ahemed Walikar
A Beginners Approach to Windows default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect Like all other .ini file the boot.ini file can be opened in notepad and viewed or edited for reference. To open the boot.ini file on your computer go to Start >> Run and type “\boot.ini” without the quotes. The file usually has Read-Only and Superhidden attributes. You may not be able to change the contents and Save the file. There is another safer method of looking at the boot.ini file. Go to Start >> Run and type “msconfig” without the quotes to open the System Configuration Utility (Not found on 2000). The fourth tab is the boot.ini file. Here you can change the boot parameters, add switches, change timeout, check boot paths etc. Windows will request a restart after you say OK. Restart the computer to see the changes.
If your computer has its Operating system on some other drive other than the C: drive you may not be able to open the boot.ini file with “\boot.ini” instead replace the “\” with “C:\” without the quotes. Hence boot.ini has the necessary information to tell the computer the location of the Operating System. If you have multiple Operating Systems, then your file may look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect Let us dissect the file and view each line in contemporary fashion. [boot loader] >> This line tells the computer that the boot.ini file is a Boot Loader for the Operating System. After this verification is done the computer jumps to the timeout section timeout=30 >> This line tells the computer to wait for 30 seconds (time is as specified) while displaying the Operating System menu. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> This line tells the computer to start the computer with \Windows folder located at the first partition (partition(1)) in the first hard disk (disk(0)) which is a IDE device (multi(0)) on the primary IDE Channel (rdisk(0)). This is the default option and will be used if no Operating System is selected by the user. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect >> This line tells the computer to boot into the first partition (C:\) when selected. The name of the Operating System is Microsoft Windows XP Home Edition. The /fastdetect part is called a switch which causes the computer to start the said Operating System in several different ways for different switches. multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /bootlog >> For computers having more than one OS, you come across another line which looks something like the above. This line indicates that the OS is located in the second partition (typically D:\) Common Switches: Switches are like arguments given to the boot.ini file to start the selected OS with certain selected features. The list of switches is huge and needs an in depth understanding of memory, video, graphics, drivers and what not. The following is a selected list.
Page | 28
Riyaz Ahemed Walikar
A Beginners Approach to Windows /BASEVIDEO Causes Windows to use the standard VGA display driver over custom display drivers. /BOOTLOG Causes Windows to write a detailed log of the boot to the file %SystemRoot%\Ntbtlog.txt /BOOTLOGO Causes Windows XP to display a custom Boot Screen created by a user. Detailed procedure of creating a custom Boot Screen is given in the Windows Tips & Tricks Chapter. /FASTDETECT The default boot option for Windows. Windows Plug and Play device drivers perform detection of parallel and serial devices like keyboards and mice at startup but this is not required when booting Windows. Thus, specifying /FASTDETECT causes NTDETECT to skip parallel and serial device enumeration. /LASTKNOWNGOOD Causes the system to boot as if the Last Known Good Configuration Option was chosen. This option has its advantages that the user can automatically boot to a previously saved good configuration in case of a system crash and if the system hangs on a normal start. /MAXMEM= Limits Windows to ignore (not use) physical memory beyond the amount indicated. The number is interpreted in megabytes. Example: /MAXMEM=64 would limit the system to use the first 64 MB of physical memory even if more were present. Useful in investigations of memory related system crashes. /NOGUIBOOT Causes Windows to hide the boot screen. The VGA video driver responsible for displaying the bitmap (picture of Windows starting) is not initialized. Use in conjunction with /BOOTLOGO or /SOS. /NUMPROC= Specifies the number of processors that can be used on a multiprocessor system. Example: /NUMPROC=2 on a system with 3 processors will cause Windows to use two out of the three processors. /ONECPU Causes Windows to use only one CPU on a multiprocessor system. Same as /NUMPROC=1. /SAFEBOOT: Causes Windows to boot into safe mode. An unnecessary switch in fact since Ntldr (Windows NT Loader) specifies it when booting into Safe Mode using the F8 key just after the second beep on a normal computer or during the time when the boot.ini file is being displayed. Following the colon users must specify either one of the three additional switches; MINIMAL, NETWORK or DSREPAIR. The MINIMAL and NETWORK flags correspond to safe boot with no network and safe boot with network support, respectively. The DSREPAIR (Directory Services Repair) switch causes Windows to boot into a mode in which it restores the Active Directory service from a backup medium you present. /SOS Causes Windows to display the device drivers that are loaded at system startup. The system version number (including the build number), amount of physical memory, and number of processors is also displayed. This switch should be used with the /NOGUIBOOT switch. This switch
Page | 29
Riyaz Ahemed Walikar
A Beginners Approach to Windows is very helpful if your system stops responding during startup. Especially if the loading bar on the Windows Boot Screen freezes you can at least boot into safe mode change the boot.ini file by adding a /SOS switch and boot normally to see where it freezes. Incorrect changes to the boot.ini may prevent you from booting into your computer. In that case boot from a floppy (Windows 98) or start the computer with the Windows CD (Windows XP) and copy the backup file into the C: drive. For Windows XP you cannot copy the file to C: drive (If your OS is in C: drive). But you can create another boot.ini file through the recovery console. Detailed explanation is provided in the Troubleshooting Common Problems chapter under The Recovery Console section.
III.2: Windows Logon & Startup The boot process of Windows 98 is outlined below followed by the booting of Windows XP system. The study of the boot process (also called bootstrapping) is very essential as far as Windows Troubleshooting is concerned. The Boot process of Windows 98 goes through the following important stages: o The hardware mode o Real mode o Protected Mode o OS & desktop Initialization After the POST an Interrupt to run the boot sequence is issued. An interrupt is like the branching out of the flow of a program to complete another task and then returning execution to the main program from where the interrupt was issued. The interrupt in this case is called INT 19h. Here the first boot device is checked and if there is no OS present then you will see a ―DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER‖. The information to search for the first boot device is taken from the BIOS settings. Then the control is moved over to the MBR from which the Partition Information is read. The Initial Program Loader (IPL) searches the boot.ini and loads the OS into memory. Here the hardware mode ends. The Real mode is when real mode or 16 bit Windows components are loaded into memory. The physical memory gets divided into the Base Memory (640 KB) for real mode components, the Expanded Memory (If base isn‟t enough) and the Extended Memory for 32 bit applications. Files that are put into the Base memory are IO.SYS, MSDOS.SYS, CONFIG.SYS, COMMAND.COM and AUTOEXEC.BAT. This is typically the starting scenario for a DOS machine.
Base Memory
Expanded Memory
Extended Memory
Windows 98 can read 32 bit applications using a file called HIMEM.SYS which is used to read programs from the extended memory. If the base memory gets overcrowded with applications then the Base Memory is expanded and a file called EMM386.EXE is used to access applications in it. After memory segregation is done, IO.SYS is loaded which is responsible for probing the hardware, it also displays the C:\logo.sys file which contains the bitmap image of the startup. Next the MSDOS.SYS, which is also called the kernel of DOS, is loaded into memory. It is responsible for the loading of the drivers and managing applications interactivity with the hardware. Then CONFIG.SYS is put into memory which loads hardware configuration. COMMAND.COM, the
Page | 30
Riyaz Ahemed Walikar
A Beginners Approach to Windows command line interface of Windows 98 is loaded and then Autoexec.bat is parsed. This ends the Real Mode. The Protected Mode loads the Windows files, by using WIN.COM and by using the system.ini and registry settings. The OS and Desktop Initialization phase of bootstrapping loads several important files needed for the Graphical User Environment to function properly. These include the KERNEL386.EXE (The kernel for Windows 98), KRNL32.DLL (Its API), GDI.EXE (Graphics Device Interface), GDI32.dll (Its API), USER.EXE (User Configuration) and the USER32.DLL (Its API). Finally Explorer.exe is executed and the desktop is shown. Windows XP boot differs in several aspects. The Windows XP booting scenario consists of the following stages: Pre-Boot Sequence Boot Sequence Kernel Loading Logon Sequence The Pre-Boot Sequence is the POST and the INT 19h boot loading. The Boot Sequence is very important and some important decisions are taken here. NTLDR is the most important file required to boot. This file transfers execution to other files when it finishes loading all the files under its environment. The NTLDR first accesses the file system on the boot drive (typically C:\), then if hyberfil.sys is found, and if it contains a previous hibernation image then the contents of hyberfil.sys are loaded into memory and the system resumes off where it left off. If no image is found then the boot.ini is read and the boot menu displayed. Once Windows XP is selected, NTLDR runs ntdetect.com, which gathers information about the computer's hardware. Then all the information collected by ntdetect.com is passed to ntoskrnl.exe by NTLDR, which is then loaded into memory. Ntoskrnl.exe is the kernel of Windows XP and is responsible for various system services such as hardware virtualization, process and memory management, etc. There is actually another file that exists. This file called ntkrnlpa.exe is for processors that support Physical Address Extension (PAE). PAE is a feature of processors that allows for upto 64 GB of physical memory to be used in 32-bit systems!! The kernel pair names differ on systems with different number of processors. If you are one a computer with a single processor then these files are Ntoskrnl.exe and Ntkrnlpa.exe. For a multiprocessor system they are Ntkrnlmp.exe and Ntkrpamp.exe. Both these files are located in the system32 folder in the Windows directory. In the Kernel loading phase, ntoskrnl.exe calls Hal.dll. This file provides and handles the interaction of software and hardware via the Hardware Abstraction Layer (HAL). HAL is an abstraction layer, implemented in the Windows OS, between the physical hardware and Windows XP. The kernel forms the link between users and the computer, over which the entire OS runs and the HAL allows Windows to recognize all hardware, including the buses, processors and memory modules, hence if the HAL is damaged or is missing, Windows will not start. Then the Session Manager Subsystem (SMSS.exe) is loaded into memory. SMSS.exe performs several critical operations, such as the creation of environment variables, starting Client/Server Runtime Subsystem (CSRSS.exe). It stays in memory even after the system has started up completely to handle the creation of logon sessions via Winlogon. The CSRSS.exe provides functionality for applications to interact with the Windows API functions in the various system DLLs.
DLLs or Dynamic Link Library files that are used by Executable files for additional processing. These files store additional definitions, functions called API for Application Programming Interface and information that is required by the main executable to run properly.
Page | 31
Riyaz Ahemed Walikar
A Beginners Approach to Windows The Logon Sequence occurs with the help of several Windows Components. A file called the LSASS.exe (Local Security Authority Subsystem) is loaded into memory which is responsible for enforcing the security policy on the system. It also verifies users logging on to the computer and creates security tokens or user information relating to access permission and rights. The Graphical Identification and Authentication is implemented in Windows XP via a file aptly called msgina.dll. It is also responsible for displaying the "Security Options" dialog when the user is logged on, which provides options to shut down, log off, change the password, start the Task Manager, and lock the workstation, when the user presses Ctrl+Alt+Delete. Along with msgina.dll and winlogon.exe the Windows Login Screen, which is actually a file called logonui.exe, is displayed. After the loading of drivers is completed, Windows searches for user profiles and loads them into memory. This is done by winlogon.exe which stays in the memory even after Windows starts entirely. User enumeration is slightly tricky, read carefully to understand the method. Windows XP Home Edition creates a password-less Administrator account during installation and another default password-less account called the Owner. The story is somewhat different with Windows XP Professional Edition, which creates an Administrator account but asks you to give a password during installation. Along with it, it also allows you to create accounts before logging in. After creating users, you can easily login using these accounts. There exists another default created account called the Guest account on both types of XP which is explained later.
Welcome Screen - Print Screen 3.1
The Welcome screen is perhaps one of the most innovative ways of logging into a Windows XP box. This interactive method allows you to login using just a single click of your mouse (of course if there is no password). By default, Windows XP Home Edition logs into the Owner‘s account. The login screen is displayed only if there are 2 or more active users on a computer or if your account
Page | 32
Riyaz Ahemed Walikar
A Beginners Approach to Windows has a password or if Auto Login is disabled. The Administrator account is hidden by default. Whatever the case may be, to wait at the login screen create another user, or give your account a password, or turn on the Guest account or logoff once you login or unhide the Administrator account… Read the chapter on the Windows registry for the hack.
To change the way users log on and off and to change user attributes and to create new users, go to Start >> Control Panel >> User Accounts, and follow the onscreen instructions. This screen is displayed by a system file called logonui.exe that is generally found in the system32 folder in the Windows directory. This screen too can be changed by changing the address of the logonui.exe file to a custom logonui.exe file in the registry. More of this in the Windows Tips & Tricks chapter under the Logon section. If your computer has been configured to shutdown without logon, then you will see a Shutdown button in the lower left side of the screen. Just click on your user name (enter a password if you have one) and you will be logged in into your account. During the welcome display you will hear an audio file being played. This audio file is a Microsoft WAV file that is played from the C:\Windows\Media\ folder. The file is named as Windows XP Startup.wav. Similarly during shutdown a file called Windows XP Shutdown.wav is played. There is a method by which each individual user can play his or her custom audio file during system startup and shutdown, the normal conditions being that the files should be in the Microsoft WAV format. During the play of this audio file and the Welcome message, Windows loads the user‘s folder settings and start menu items, the customized user desktop and startup programs. The folder and icon settings along with the specific users registry settings are stored in the C:\Windows\Documents and Settings\$Username$\ where $Username$ implies the logged on user name. Startup programs are those applications which run at Windows startup without the user‘s intervention. These programs write their address into the registry in such a place that Windows starts these programs as soon as you logon. An example of this type of program could be an Antivirus or the MSN Messenger. These programs do not usually harm your computer‘s normal working unless they belong to the category of viruses. But to conserve memory and to prevent any program related system crash, it is better to have minimum number of startup programs. There are basically four places where a startup program could possibly write its address. These places are common for both Windows 98 and Windows XP. The first 2 places are in the system registry and the other 2 are on the hard disk. The first registry location is: \HKCU\Software\Microsoft\Windows\CurrentVersion\Run The second registry location is: \HKLM\Software\Microsoft\Windows\CurrentVersion\Run There usually exist three more locations under the CurrentVersion key for both HKLM and HKCU called RunOnce, RunOnceEx and RunServices. Entries under these keys are usually one time executing programs and system services. There are some very smart viruses out there that write their address as an argument to the system shell (explorer.exe), which is obviously dangerous since the virus is executed even in safe mode. Always make sure the value of Shell at the following location is Explorer.exe \HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon
Page | 33
Riyaz Ahemed Walikar
A Beginners Approach to Windows
HKCU stands for HKEY_CURRENT_USER and HKLM stands for HKEY_LOCAL_MACHINE. The address under HKCU‟s Run will cause the program pointed by the address to run at startup of the user for which the program was installed. The address under HKLM‟s Run will cause the program pointed by the address to run at startup of ALL Users irrespective of who installed it.
The other 2 places you will find startup programs addresses are in the WIN.INI file and in a folder called Startup in the Start Menu. First let us see the WIN.INI file. The WIN.INI file resides in the Windows directory and is a very important Windows system file when it comes to 16 bit applications. 16 bit applications are those which run on processors which are of 16 bit or higher. Windows XP and Windows NT are full fledged 32 bit systems whereas Windows 95 is a 16 bit Operating System. The WIN.INI and SYSTEM.INI files used to keep user related and system wide settings in older Operating Systems that are now primarily taken over by the registry. The popular game Prince (the DOS Version) is a 16 bit application whereas most applications on today‘s computers are 32 bit like Macromedia Dreamweaver MX which is a web designing and editing tool. Windows XP requires WIN.INI to store the settings of 16 bit applications. To open the WIN.INI file go to C:\Windows\ and double click on the WIN.INI file. The WIN.INI file may have several sections like MAIL, FONTS, EXTENSIONS, MCI EXTENSIONS, DESKTOP, LOAD etc. Programs can be run at startup by writing their location in the WIN.INI file under the section called LOAD. If you are extra cautious like me, then there is another method of editing the WIN.INI file without messing anything up. Go to Start >> Run and type msconfig. After the System Configuration Utility opens up, click on the third tab which is the WIN.INI file assorted into sections. Just remove the tick against load (if it is there) to remove the given program from startup. Click on OK and restart if you wish to. Finally, a folder called Startup is responsible for startup programs. Since this is just like any other folder (except for its special location), programs themselves can be put in this folder or their address can be copied into it in the form of a shortcut. Every User has his own Startup folder located in C:\Documents and Settings\$Username$\Start Menu\Programs\ where $Username$ has to be replaced by the name of the user. There is a common Startup folder whose contents will always run no matter who the user at startup. This common All Users folder is located at C:\Documents and Settings\All Users\Start Menu\Programs\. Frequently visit these locations to see and delete entries that you find out of the order.
Many viruses and other harmful programs usually run at startup. These locations will provide you with the culprits. Caution has to be taken though; you may end up removing a „good‟ program from startup. Many a times you may find your system to be running more slowly then expected. Often it is due to unwanted programs running at startup like the Windows Messenger and Windows Update even when you are not connected to the net. You can change or delete these programs from startup at your will. After your system starts completely, the boot configuration and system startup configuration is stored in the registry to be used as the Last Known Good Configuration. This same setup will be
Page | 34
Riyaz Ahemed Walikar
A Beginners Approach to Windows loaded if your system does not start and you select the Last Known Good Configuration option at System startup by pressing F8.
III.3: The Desktop The screen that you see once Windows starts completely is called the Desktop. The desktop consists of the background picture called the wallpaper, the desktop icons and the taskbar along with the start button. The Windows Desktop can be customized and changed according to the mood and style of the user. The Windows desktop acts as the starting point for your Windows Exploration. The Start button and the taskbar have been taken up separately to give a better understanding of individual components. To change the wallpaper, do the following; Right click on a blank area on your desktop. Select Properties to open the Display Properties dialog box. Click on the Desktop tab. Select the wallpaper you want from the list or to search for your own wallpaper click on Browse. Click on OK to apply and exit.
To change the screen resolution, do the following; Right click on a blank area on your desktop. Select Properties to open the Display Properties dialog box. Click on the Settings tab. Select the Screen Resolution and the Color Quality. For best clarity and optimal picture, select screen resolution as 1024 by 768 pixels and color quality as 32 bit. Click on apply. If you can see the new screen click OK else if your screen goes blank with an Out of Frequency message then WAIT FOR 15 SECONDS, to restore the screen. Each user on a Windows XP system have their own desktop and icon settings. Initially when the user first logs on or when a new user is created, the desktop looks very much the same with the same green meadows wallpaper, but these and the other settings can be changed by the respective user. The Windows XP desktop usually has only the Recycle Bin when you first start your computer after Windows XP installation. The Recycle Bin as the name suggests is a place where the deleted files are kept. You can later retrieve files from it and restore the files to the original place from where it was deleted or empty the Recycle Bin to delete contents permanently. Periodically you should empty contents of the Recycle Bin.
III.4: The Start Button Click here to begin!! This button gives you access to almost everything on your computer. Right from the Control Panel to the Windows Media Player you can do almost everything and go almost anywhere. If you still don‘t know what I am talking about (Duh...) the Start Button is the small green button on the left down corner of your computer‘s desktop. This button (labeled start) is your beginning point for any activity. If you move your mouse over the start button you will see a yellow box appearing next to the mouse pointer saying Click here to begin. This box is called a tool tip. Tool tips are concise information about Windows files and components which pop up here and there to give relevant information about the component over which the mouse was moved or is currently standing.
Page | 35
Riyaz Ahemed Walikar
A Beginners Approach to Windows Click the start button to see an assorted collection of items. Coming from the top to the bottom and from left to right you will see the following components. Username: Your name and the picture of your choice always appear at the top of the start menu. Internet & E-Mail: These are applications that are permanently found on the start menu allow you to access the internet and check your e mails. By default the web browser and the e mail client on a Windows XP computer are Internet Explorer and Outlook Express respectively. Recent programs: Here you will find six of the most recently used applications. This part of the start menu changes as you use your computer. All Programs: You can click here to see all the programs installed on your computer. Periodic reminders are also shown here if any new program has been installed. Common Folders: This part of the start menu (the right hand side) consists of locations on the computer where you can save documents, picture and music files in their own folders. Generally you will find My Documents, My Pictures, My Music and My Computer here. An expected folder not listed here is the My Videos. All these folders (My Pictures, My Music and My Videos) are found in My Documents. Control Panel: When you click on this, you will be taken to the Control Panel, a place where you can change and modify several system settings. The Control Panel is such an important place that an entire chapter has been dedicated to it. Help & Support: The Windows XP Help Center is one of the best collections of support and troubleshooting issues ever written. You will find everything here, literally everything, including advanced issues like Server Configurations. Just open help & Support and type ‗Walkthroughs‘ to see a plethora of collected virtual animated stuff that will help you sort through common issues. Search: Search, as the name suggests, is used to locate files on your hard disk. You can use both advanced as well as simple search. Run: A helpful component of Windows that allows us to run any program or open any folder or file by just typing the path and pressing Enter or OK. Some programs run without giving the full path if their folder is in the system path. Log Off: Click logoff to complete your Windows session and return to the Welcome screen. You can even use the Switch user button to let someone else use the computer. By doing this you will be brought back to the Welcome screen but your programs will not be closed. You don‘t have to close your applications to switch users. Running too many applications can slow down your computer. To quickly Switch User, press the Start button and L. Turn off Computer: Click here to turn off the computer, restart or put the computer in stand-by mode to conserve power. If your computer supports Hibernation, then you can hibernate your PC by pressing Shift at the shutdown menu. The Stand-By button should turn into a Hibernate button.
On Hibernating, Windows XP dumps the entire contents of the memory on to the hard disk and switches of the computer. When you start again this hard disk data is loaded back into memory and you can resume your work as you had left it. This data is kept in a file called Hiberfil.sys in your root drive. The start menu can also be accessed from the keyboard by pressing Ctrl + Esc. This key combination will pop up the start menu; you can then navigate using the arrow keys on your keyboard. Most keyboards nowadays also have a Windows key on the keyboard between the Alt and Ctrl keys. To change the components and to customize the start menu, Right Click on the Start button and select Properties.
Page | 36
Riyaz Ahemed Walikar
A Beginners Approach to Windows III.5: The Taskbar Another major component is the Taskbar, which forms the lower blue portion of the desktop. The Taskbar‘s job is to show open programs and directories and to collect minimized applications. The taskbar has 4 major parts. The first one is the start button; the second is the Toolbar section the most common of which is the Quick Launch; the third one is the tasks section which shows open windows and minimized applications and the last is called the system tray. The start button has been taken up in the previous section, coming to the Toolbars; there are a number of them. These may be added by external programs like the Google Desktop or are Windows customized like the Windows Media Player and the Address bar. To see the entire list, Right Click on the taskbar, select Toolbars. Quick Launch is the most common among them all. You can have more than two Toolbars on the Taskbar. You can even create your own customized Toolbar. The Quick Launch Toolbar consists of frequently used applications like the Windows Media Player and can be opened with a single click. You can add your own programs and folder shortcuts to the Quick Launch for easy one click access. The third section is the tasks section. Here you will see minimized windows and open applications with their titles. The Windows XP Taskbar has a special feature that it makes each open program to collect and group open windows if several windows accumulate on the taskbar. You have to then just click on the taskbar then to switch between files within the program. The last section of the taskbar is the system tray, which displays the system time and other important notifications. The System Tray is called the Notification Area in Windows XP. Here important information like Windows Product Activation, CD Burning info and Windows Product updates etc. is often displayed. Sometimes background running applications also have their system tray icon over here and you can access many of the application‘s commands by using the right click of your mouse on that particular programs icon. To adjust the system date and to customize the system tray, right click anywhere in the system tray and select an option. The Taskbar can be dragged and moved around to any of the four sides of the Explorer Window. First make sure though that It‘s not locked. Right click the taskbar and uncheck Lock the Taskbar option. Assume that several windows are open at once and the taskbar is filled with windows and then you want to access a file on the desktop, how do you go about minimizing all open windows? The answer lies in the right-click menu of the taskbar (except over the start button). If you see carefully there is an option called Show the Desktop. This command causes all open windows to be minimized to the taskbar irrespective of whether they have a minimize button or not. Cool ain‘t it?
Try pressing the Windows Logo Key + D. This key combination also minimizes all open windows so does the key combination of the Windows Logo Key + M.
You can also Cascade windows behind one another and Tile windows vertically and horizontally from this right click menu of the taskbar. To customize the taskbar, right click on the taskbar and select properties. We shall take up the Windows Interface, Explorer in detail in the next chapter.
Page | 37
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenges: 1. This is for users with a single OS; Enable the visibility of the boot.ini file at system startup. 2. Make the Windows Calculator run at system startup for all users without using the registry. 3. Convert the normal start menu to the Classic Start Menu and remove „Run‟ from it. 4. Drag and put the entire Taskbar right on top of the desktop.
Page | 38
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER IV
Explorer & the Windows Interface This chapter explains all the important concepts related to the Windows interface, including disk drives, services, file extensions, system restore and task management. The concept Windows Product Activation is also taken at a basic level. Searching for files and understanding the importance and disadvantages of using the default My Documents folder is also explained. After this chapter the reader should be able to: Explain activation and activate his/her copy of Windows through the internet. Explain the various components of the Windows Explorer. Identify various applications by looking at file extensions. Explain basic Windows services. Use system restore to correct problems Use the task manager to end unwanted tasks and processes. Note: Readers can skip the Windows Product Activation section and move ahead. This section had to be included here expecting that after the installation of Windows, Windows users may need some amount of aid since Windows prompts users to ―Activate Windows‖ by giving periodic reminders in the system tray.
Page | 39
Riyaz Ahemed Walikar
A Beginners Approach to Windows The desktop, the start button, the taskbar, the icons, the folders and everything else on the computer that users can interactively work around with is run through Explorer. Every operating system has something called as a shell. Older Operating Systems had Command Prompt as the shell. Windows 3.1 had the File Manager. Now we have the Explorer. The shell of Windows is called as Explorer which is an executable file in the C:\Windows\ folder called explorer.exe. Every instruction that is given to the computer is first interpreted by Explorer and gives the resultant output after getting the job done by several other exes and dlls. Like suppose you would want to see the contents of a CD, then you would normally go to My Computer and click on the CD Drive icon. All this is through explorer. In the pages to come we shall some of the most important concepts of this important system file called explorer.exe.
IV.1: Windows Product Activation (WPA) Microsoft has introduced a revolutionary technology in Windows XP to combat the growing menace of piracy. Windows XP asks for something called as Activation after installation. Activation requires the user to activate with Microsoft within a certain amount of time (30 days after the first run of the OS) in order to continue using the operating system. The informaton transmitted to Microsoft during activation includes a cryptographic hash of the following ten values: Display adapter name CD-ROM/ CD-RW/ DVD-ROM identification RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.) IDE adapter name Processor type SCSI adapter name Processor serial number (if applicable) Hard drive device type Hard drive volume serial number Network adapter MAC address (if present) This information is used to generate a number which, along with the CD Key and country of installation, is transmitted to Microsoft. Activating and registering with Microsoft enables you to get faster help and resources to manage your computer more efficiently from time to time. Activation is extremely easy and useful. Activation is compulsory wheras Registeration is optional. Due to activation you cannot install the same copy of Windows XP on two different computers. After you complete installing Windows XP, and start the computer for the first time, you will see a reminder in the system tray that tells you to Activate Windows. You can use Windows for a period of 30 days after which your computer will be locked at logon. After the 30 day period if you click on your username then explorer is not started, instead the WPA wizard opens up and asks you to Activate or Remind later. If you select Remind later then you are logged off. The only 2 ways in which you can reach to your desktop is by either Activating or through safe mode. But through safe mode Windows starts with the lowest configuration so you can‘t use your audio or video devices and several other devices. So activation is the best option. Going through the advantages of using Windows XP over other Operating Systems, activation and using the original source shouldn‘t be a big drawback. To activate Windows start the Windows activation wizard either by clicking on the reminder or by going to Start >> Programs >> Accessories >> System Tools >> Activate Windows. The wizard
Page | 40
Riyaz Ahemed Walikar
A Beginners Approach to Windows is an executable found in the C:\Windows\System32\oobe\ directory called msoobe.exe run with an argument of /a.
„msoobe‟ in „C:\Windows\system32\oobe\msoobe.exe‟ stands for Microsoft Out of box Experience. The „/a‟ argument is given to the exe to start the Activation wizard.
Hence another method of starting the wizard would be to go to Start >> Run and type C:\Windows\system32\oobe\msoobe.exe /a as shown. There are 2 methods of activating Windows, in the first method you can activate through the internet; it‘s hardly a 20 second job. In the second method you are prompted to call a Windows representative to whom you are supposed to dictate out a Windows XP generated number to which in return the Windows representative will give a number in return which you are supposed to enter in the Wizard. We shall see both the methods in detail now. Activation through Internet: The fastest and the best method. First connect to the Internet. To connect to the internet see the section on Network Connections in the Control Panel chapter. Start the WPA wizard and select the first option which says ‗Yes, let‟s activate Windows over the internet now.‘ Click on Next. In the next page that opens you will be asked if you would like to register with Microsoft along with Activating Windows. As mentioned earlier registration is optional and is not required to activate Windows.
Registering your copy of Windows is actually advantageous if you frequently go online. Microsoft notifies it‟s registered users of product updates, new products, events and special offers.
If you select the first option to register and activate Windows, Windows will ask you to fill out a form where you have to mention your name and address along with your country. You can skip this page if you are not interested by clicking on skip or press Next to continue. Windows will now check for internet connectivity and you will have activated Windows in no time. Activation through phone: This is a slower method and can be used by users who do not have an internet connection. Anyways start the WPA wizard and select the second option which says ‗Yes I want to telephone a customer service representative to activate Windows.‘ This method involves 4 steps. Windows will generate a new installation ID as mentioned earlier form specific hardware components which will be used during activation. Step 1: You have to select your current location. This is so that the computer can search and display a telephone number for you to call. Step 2: A telephone number is provided depending on the location you just selected. Call on this number to talk to a customer service representative. Step 3: The customer service personnel will ask you for the Installation ID which can be seen down here that consists of 54 numbers arranged in 9 blocks of 6 digits each. If the customer service representative asks you to change your product key only then click on the Change Product Key else leave it as it is. Step 4: After you tell the customer service representative the installation ID, he will dictate out a 42 digit number which has to be entered in the 7 blocks numbered A, B, C, D, E, F and G with 6 numbers in each. After entering the number into the blocks click on Next to complete activation. You have to activate Windows during the 30 day period, else you will be logged off if you wish to activate later. You cannot use Windows after this period except through safe mode.
Page | 41
Riyaz Ahemed Walikar
A Beginners Approach to Windows IV.2: The GUI Environment The Windows Graphical User Interface (GUI) environment is a result of its shell that is due to Explorer. The Windows Explorer has many useful features but to understand each one of them we need to understand some of the basic concepts of this powerful yet simple program. In this section we shall see some of the basic components of a standard explorer window (for e.g. My Computer). Whenever you open any folder, there are some very common ‗parts‘ of the window that are present in most other explorer windows. Except for a few shell folders (system folders) most other windows and folders have the same basic structure. Let us take the example of My Computer. It is a shell folder. Normally My Computer will have the following toolbars, menus and components: The Title Bar: This is the topmost bar, usually blue in color. This bar shows the name of the open
window preceded by the icon of the folder (Print Screen 4.1a). This bar also contains the Minimize, Restore or Maximize and the close button. The Minimize button is the first from the left and is denoted by a minus (-) sign. The restore button is visible when the current window is maximized else the maximize button is visible in the same place. The restore button is a small ‗dual window placed behind one another‘ kind of thing. The maximize button is a square window. The close button is an X which is the button to the extreme right (Print Screen 4.1b). Minimizing is to reduce the current open window to
Title Bar - Print Screen 4.1a
Title Bar - Print Screen 4.1b
the taskbar. Maximize is to fill the screen with the open window and Restore is to put the window to the original size the way it was opened (or resized or positioned). If a window is restored you can resize the window to suit your need. Move your mouse over the edge of the window till the normally single sided arrow key turns into a double sided arrow. You can then click and drag to resize. You can also double-click on this bar to toggle between maximize and restore modes (if supported). You may have noticed the small icon on the extreme left on the title bar, well this icon allows you to maximize, minimize, close, restore or move the current window. Just click on it and you will be presented with a menu. The Menu bar: This is the second bar from top to bottom. This bar contains common menu options
like File, Edit, View, Favorites, Tools and Help. File contains options like Open, Delete, Search, Explore, Rename, Send to, New and Properties. If you have installed third party softwares like WinZip and Winamp then their options are also found in the File menu. (Print Screen 4.2) If no item is selected then the File menu contains just Close and New. The file menu changes for different types of files. In My Computer you will not get options of Delete and New because there is nothing in My Computer that you can delete. Edit contains options like Undo, Cut, Copy, Paste, Paste Shortcut, Copy to Folder, Move to Folder, Select All and Invert Selection. Most of these options have their keyboard shortcuts mentioned and these shortcuts are universal, that is they work in most applications including Microsoft Word and MS Visual Studio. Undo (Undo your last action) – Ctrl + Z, Cut – Ctrl + X, Copy – Ctrl + C, Paste –
Page | 42
Riyaz Ahemed Walikar
A Beginners Approach to Windows Ctrl + V, Select All (selects all objects in the folder or file) – Ctrl + A. The Invert Selection is used to invert the current selection.
File Menu - Print Screen 4.2
View contains options to enable or disable the viewing of other toolbars in the page. It also contains options to change the current viewing of file and folder icons. You can change the current view to thumbnails, icons, list tiles and details. The most informative of these being the details view. You also get to arrange icons according to their name, size, type etc. Under View itself you have the option of choosing details for the current folder. You can select several attributes to be shown in Arrange Icons by option by going to Choose Details. You also have the Go To option which takes you to recently visited places or up one level. Finally there is the Refresh option to refresh the contents of the current folder. Favorites menu allows you to customize the current folder to be easily accessible by adding it to the Favorites list. You can also navigate to common web pages over the internet like MSN and hotmail. Tools menu usually has just four options, Map Network Drive, Disconnect Network Drive, Synchronize and Folder Options. Map Network Drive allows you to assign a drive letter to a shared network folder from some other computer on the network so that you can access it through My Computer. Disconnect Network Drive disconnects the connected network drive and Synchronize allows you to update your offline web pages from a network resource. Folder Options is a very important and integral part of explorer. Using this tiny component you can change folder settings and file extension properties. You can change the applications with which a file opens currently. For example we know that .txt files open with notepad, using folder options we can change it to another application. It is explained in detail in the Control Panel Chapter. The Folder Options dialog is available under View in Windows 98. You can use the Help menu to open Help & Support Center for any help about Windows and its components. There is also an internet shortcut to find out if your current copy of Windows is legal or not. Then there is the About Windows dialog box that gives you information about the current
Page | 43
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows installation including available memory to the OS. You can also read the EULA by clicking on the EULA link. The Standard Toolbar: This bar is the one below the menu bar. If this bar is not visible then go to
View >> Toolbars >> Standard Buttons to enable this toolbar. The most common buttons you will see on this bar are the Back, Forward, Up, Search, Folders and Views. To add more buttons right click on the bar and select Customize. This bar is like a shortcut to View, Edit and File menu but with graphical images. Instead of going all the way to Edit >> Copy you can just click on the copy button on the standard toolbar. The Copy button does not exist on the bar by default. Go to View >> Toolbars >> Customize and add it.
The Standard Toolbar - Print Screen 4.3
Another thing that is important on this bar is the Folders option. When you click on this button what you see is the typical explorer window that was seen in Windows 98. The left hand side of the window separates out in a tree like format and the right hand side displays the contents of the folder selected on the left hand side. You can use this Window to drag items from one folder to another in the left hand side. To move objects from one folder to another, press the Alt + Shift keys and drag the file or folder from the right hand side to another folder on the left hand side folder. To copy objects, press the Ctrl key or simply drag the file or folder from the right hand side to another folder on the left hand side tree. To create a shortcut of the item in another folder, press the Ctrl + Shift keys while dragging the item. The Status bar: The status bar is the down most bar in an explorer window. If this bar is not visible
then go to View and select the Status bar option (second in line) to enable this toolbar. This bar shows information about the current folder and its contents.
The Status Bar - Print Screen 4.4
The Address Bar: This bar shows the current location and can be used to open any file or folder in
the computer by typing the path of the folder or file over here and pressing the Go button. If you cannot see the address bar, right click on the standard toolbar and select the address bar option; OR go to View >> Toolbars >> Address Bar. You can even select a location to go from the drop down menu of the address bar.
Address Bar - Print Screen 4.5
Explorer windows just like Internet Explorer windows can be viewed in Fullscreen. To toggle between Fullscreen press F11 on the keyboard.
Now leaving the topic of toolbars, let us see something more elaborate and interesting that comes with the Explorer of Windows XP. Also called as Common Tasks, this is a novel concept employed by Windows. Explorer recognizes contents of folders and displays common tasks in the left hand pane of the Window. For e.g.: If a folder contains video files, then common tasks will contain ‗Play all‘ which enables direct playing of all (compatible) video files in Windows Media Player. Common Tasks also contain links to ‗useful‘ places which includes ‗My Computer‘, a details box which
Page | 44
Riyaz Ahemed Walikar
A Beginners Approach to Windows displays File Properties of any selected file. Using the Common Tasks you can copy or move files & folders; rename and delete files etc. If the common tasks pane is not visible then go to Tools >> Folder Options, under the General Tab select the Show common tasks in folders option. Click on Apply and OK. This setting is universal, that is, it will be applied to all folders on the computer.
The Enter key on the keyboard is also called as a Carriage Return.
IV.3: The Right Click Context Menu One of the several things that simplify computing in Windows is perhaps the Right Click menu which can be used on almost anything in Windows. The right click menu contains many options that otherwise you would have to search under File and Edit or in the common tasks pane. You can even add your own options in the right-click menu either through the Windows registry or through Folder Options under Tools. The right click has many options depending on where and on what it is clicked. Some options like Open and Delete may remain constant no matter where the right click is used; any other special option is taken up below as and when they come into picture. Doing a right click over any object or place is the same as selecting the object and pressing Shift+ F10. Let us see some of the most common places the right click is most likely to be used: My Computer: The right click menu of My Computer has Open, Explore, Search, Manage, Map Network Drive, Disconnect Network Drive, Create Shortcut, Delete, Rename and Properties. Search opens up Windows Search for File and Folders also accessible through the Start Menu. Manage opens Computer Management, one of the most important utilities in the Windows XP package that allows you to configure everything from disk drives to connected devices to running services. Create Shortcut creates a shortcut of My Computer on the desktop. Delete allows you to delete the My Computer Icon from the desktop. You cannot delete My Computer practically but you can hide it as just that this option does. To restore the icon back you have to go to Display Properties in Control Panel, under the Display Tab click on Customize. Renaming the My Computer to anything you like (standard names – no \ / : * ? ― < > | etc) is made easy by using the rename option. The Properties option of My Computer opens the System Properties dialog box which shows system information like OS version and available memory. Here you can also change the name of your computer and adjust memory settings.
When ever you right click over any item, the option that you see in bold black is the action that is performed when you double – click on that item and often it is the Open command.
Desktop: The right click menu of the desktop is quite unique compared to others. Here you will get
the option to Arrange Icons according to Name, Size, Type and Date Modified. If you see carefully there is an Option to Show Desktop Items. You can hide desktop icons by deselecting this option. Cool isn‘t it? You can also auto arrange icons on the desktop if they are strewn around a lot. You can run the Desktop Clean Wizard from here. The Desktop Clean Wizard is a small utility that allows you to delete unused icons from the desktop to make the desktop clutter free. Along with the Arrange Icons options there is a screen Refresh option which is the same as pressing F5 on the keyboard. If your Graphics Card driver supports right click contextual menus then you may also see graphic related options typical to the installed graphic adapter. Another important option that you usually get to see is the New option. This option allows users to create a new file, folder or shortcut just by clicking on New and selecting the appropriate type. The Properties option of desktop opens the Display Properties dialog box, which other wise can also be opened from the Control Panel.
Page | 45
Riyaz Ahemed Walikar
A Beginners Approach to Windows Start Button: The right click menu of the Windows Start Button has options like Open, Explore,
Properties, Open All Users and Explore All Users. When you click on Open, C:\Documents and Settings\$Username$\Start Menu\ is opened, where $Username$ is your username. Start Button Properties opens up the Taskbar & Start Menu Properties where you can customize the look of the start menu. Open All Users opens C:\Documents and Settings\All Users\Start Menu\ folder and you can create or edit shortcuts here. System Tray: The system tray‘s right click menu has the Toolbars option, Adjust Date/Time,
Customize Notifications, Cascade Windows, Tile Windows Horizontally, Tile Windows vertically, Show the Desktop, Task Manager, Lock the Taskbar and Properties. You can disable or enable the Quick Launch through the Toolbars option. You can also open the Task Manager from here. Customize Notifications will help you to change the display option for information or icons displayed in the system tray. It is the same as selecting Properties and then clicking on Customize from the Taskbar & Start Menu Properties dialog. Show the Desktop option minimizes all open windows irrespective of whether they have a minimize button or not. You can also Cascade windows behind one another and Tile windows vertically and horizontally from this right click menu of the taskbar. To customize the taskbar, right click on the taskbar and select properties. Quick Launch: Most of the options are the same as that of the system tray or taskbar in general
except one. If you carefully right click on the Quick Launch without moving over any other icon then you get an option to Open Folder which takes you to a folder whose path is C:\Documents and Settings\$Username$\Application Data\Microsoft\Internet Explorer\Quick Launch which proves that Internet Explorer and the Windows Explorer are closely related to such an extent that IE configures many Explorer settings. Recycle Bin: This is an interesting system folder. The right click menu of the Windows Recycle Bin
has usually just 4 options: Open, Explore, Empty Recycle Bin and Properties. Practically there is no method to get rid of the recycle bin except through a modification in the system registry. The Open and Explore options open the recycle bin to display contents. Empty Recycle Bin erases all deleted files from the bin. A confirmation is asked before deleting since these files will be irrecoverable after being erased from the Bin. The Properties option will open the Recycle Bin Properties. Here you can specify the size of the Recycle Bin. By default it is 10 % the drive size but this amount can be varied. You can conserve disk space by reducing the size of the recycle bin but if a file you are deleting has a file size larger than the allotted space of the recycle bin, then the file is deleted directly without being put into the Recycle Bin. Here you can select a Global option to have the Recycle Bin to manage its size by taking the indicated size of each drive or you can configure each drive independently. You can also direct the Recycle Bin to delete the item directly without sending to recycle bin and you can also enable or disable the showing of a confirmation message before going ahead with the deletion. Folders: When you right click over any folder, the most common options are already available but
an extra option that you will find is the Sharing and Security option. By clicking on this option and by setting options in the resultant dialog box that opens you can share a folder over the network for easy access. The Send To option allows you to copy the folder onto a floppy drive, a CD Drive (if it is a writer), Desktop as a shortcut and to My Documents. The Properties option of a folder has a Customize tab along with the General and Sharing tabs. Under the General tab you get to see the Type, Location, Size, Size on Disk, Contains, Created and the Attributes like Read Only or Hidden etc. Setting the attribute to Hidden will cause the Folder to get hidden and you will be able to see it only if the Show Hidden Files & Folders option is enabled under the View tab in Folder Options. The Customize tab helps you to customize the look and feel of the selected folder. You can describe the folder as a Music, Video or Picture folder by selecting the appropriate option under the Use this folder type as a template drop down box. If you wish to be reminded about the contents of the current folder then you can Choose Picture to be seen when the folder is seen with the Thumbnail
Page | 46
Riyaz Ahemed Walikar
A Beginners Approach to Windows view. You can even change the icon of the folder to any icon of your choice. You can select an icon from the %SystemRoot%\system32\Shell32.dll file or from any .exe, .dll or .ico file by clicking on Browse. Files: The right click menu of most recognized files is the same except for the Open and Edit (if it
exists) options. When you click on Open the file opens with its default application. Like suppose you have .txt file then it will open with notepad by default. But if you wish to open that file with WordPad or Microsoft Word then you have to press Shift and then give a right click on the file. Then select the Open With… option that enables you to select another application for the current file extension. If a file with an unrecognized file extension exists then double clicking or selecting open from the right click context menu will cause Windows to pop up a box saying that it cannot open the file but you can go online and check out what application supports that file extension; or if you know what program the file will run with select the second option and you will be presented with a dialog from which you can select the program. If in the future you want file with that extension to always open in the program that you just selected then select the Always use the selected program to open this kind of file checkbox and press OK. In the Properties box of files you usually get to see the Type of File, Name of the Program that it opens with, location, size, dates on which the file was created, modified and accessed. You can change the default program with which the file opens by clicking on Change. The number of informative tabs in the file properties box may differ with different files. File and Folder renaming both follow the same law. You cannot use \ / : * ? “ < > | or . because these characters are meant to be reserved for the OS. In Folder: This section of the chapter basically points to the menu that is generated when you right
click in a blank area in the folder. The right click menu changes with the type of the folder. For example, if the folder has been specified as a picture folder then the view and Arrange Icons by options have extra folder specific options like view as Filmstrip and Arrange icons by the date on which the pictures were taken. You can even customize the folder by selecting the Customize this folder option from the menu. You can even see the properties of the folder by selecting properties from the context menu. On Drives: When you use the right click on a hard disk drive you get an option never seen before
called Format which erases the data on that particular disk and prepares it for new usage. You can format using any of the 3 available file systems (NTFS, FAT32, FAT).
Page | 47
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CD Rom Right Click Context Menu - Print Screen 4.6
You cannot format an active drive like the one that has your operating system or the other drives until and unless there is absolutely no file from that drive that is being used by the OS. Another option available is the copy command which copies the entire contents of the present drive to the location you say paste on (of course the destination drive should have that amount of memory to hold the contents of an entire drive). The Properties option of disk drives opens the drive properties dialog which gives information on the disk usage and free space remaining on disk in the form of a pie chart. The file system is also mentioned. You can run the disk cleanup which cleans the drive of unwanted temporary files and recycle bin files alongwith catalogs. If supported, you can also compress the drive to save disk space. Under the Tools tab you can check the current drive for errors and defragment if you wish to. CD ROM & Removable Drives get an additional option called eject which pops the CD Tray out or ejects the hardware which will no longer be detected by Windows till the next boot or when the device is removed and reattached. You cannot format CD Roms, but you can erase Rewritable discs. Internet Explorer icon on Desktop: This had to be included here because of its unique properties.
The Internet Explorer (IE) icon of the desktop usually has just 5 options in its right click menu. The first one being Open Home Page which opens the browser and takes you to the home page to which the browser was set the default being http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome. You can change this to any site you want to by going to the Properties options. The next option in the menu is the Create Shortcut which creates a shortcut to Internet Explorer on the desktop. Delete causes the IE icon from the desktop to be hidden and like the My Computer icon you can enable it back again by going to Display Properties. The next is Rename which as the name suggests allows you to rename the IE icon. The last being properties opens the Internet Properties, also accessible through the Tools menu in IE as Internet Options. The Internet Properties allows you to change several options including management of history folder, adjust privacy settings and enable or disable Java logging.
Page | 48
Riyaz Ahemed Walikar
A Beginners Approach to Windows
To see the properties of any item just press the Alt key and double click over it or press Alt + Enter after selecting that item.
Most options in the right click of any item can be accessed by their shortcut key. You can make out the shortcut key by looking at the underlined letter in the option name. If you right click using your mouse you may not be able to see the underlined line, but you can always use the combination of Shift + F10 to see the key. For example click on any folder using you mouse; give a single click to just select the folder. Then press Shift + F10 to pop up the right click menu. If you see carefully the letter r is underlined in the option of Properties. Now press r on the keyboard to open the properties of that folder, its as easy as that. One thing that is quite interesting on the classic desktop of Windows XP is that no matter what and how many icons are there on the desktop, no matter what filenames they have; whenever you right click on the desktop and say Arrange Icons by Name, Size, Type or date Modified some icons refuse to follow the command. These include the My Documents, My Computer, My Network Places, Recycle Bin and Internet Explorer in that order. Try dragging these icons elsewhere on the desktop and then rearrange icons on the desktop through the right click and see for yourself.
IV.4: My Computer All the drives and folders on your computer can be accessed from one place with ease. The My Computer system folder can be reached through the Start Menu if your Windows XP has the default Start Menu; otherwise you will typically find it on your desktop.
A funny way of opening My Computer is by going to Start >> Run and by typing three or more than three DOTS (…). The maximum is 227 dots. Works on Windows XP.
First to make My Computer more understandable through this text do the following: o Open My Computer in any way you like and maximize the screen. o Right click in any blank area of My Computer and select View >> Tiles o Next, right click again and select Arrange Icons By >> Type o Then finally right click again and select Arrange Icons By >> Show in Groups My Computer shows all the disk and floppy drives connected to the computer. Alongwith these items you will most probably see the My Documents folder of the other users too. This is true if you are an administrator on your computer. The Control Panel is also visible in My Computer. If it‘s not visible you can still access the Control Panel from My Computer by clicking on Change a Setting in the System Tasks in the Common Tasks pane. If you are still not satisfied and would like to see the Control Panel over here then go to Tools >> Folder Options. In the Folder Options dialog that opens go to the second tab (View Tab) and scroll down in the Advanced Settings section and check the option that says Show Control Panel in My Computer. If you have opened My Computer through the desktop or through run then the Forward and Back buttons are grayed out. But you can always use the Up button to go to the Desktop. The Common Tasks pane of My Computer has three sections, the topmost section is the System Tasks, the second sections is the Other Places and the last one is the Details. By default the System Tasks has 3 options and 4 options when a CD-ROM drive is selected. The first one is View System Information, which is the same as a Right Click >> Properties of My Computer, which shows the System Properties dialog. The second option is the Add or Remove Programs, which opens up the Add or Remove Programs window from which you can install and
Page | 49
Riyaz Ahemed Walikar
A Beginners Approach to Windows uninstall programs. The third option is the Change a Setting, which opens up the Control Panel. There is a fourth option too, but only visible when you select a CD-ROM or any other ejectable drive. This option called Eject this disk causes the CD ROM Drive tray to come out so that you can insert a CD or replace the existing one. You can also eject a CD or DVD Drive by giving a right click over it and selecting eject from the context menu. The Other Places section contains links to places like My Network Places, My Documents, Shared Documents and Control Panel. You can navigate to these locations simply by clicking on these links. The Details section shows information about items that are selected like if a disk drive (C:\ Drive for example) is selected then this section will contain details like name of drive (disk label), File System, Free Space and Total Space of the selected disk drive. You can rename only the disk drives in My Computer. You cannot rename the Documents folder of other users. These folders are shortcuts to the My Documents folder of the other users on your computer. One feature of Explorer is that when you insert a CD into the CD-ROM drive, then Windows automatically reads the data and opens up the appropriate program or asks you for some action. For example if you have inserted an mp3 music CD then Windows will automatically ask you to pick an action or if the default is set to open Windows Media Player then the player will open up and start playing. You can change these and other Auto Play settings by going to properties of the CDROM drive in My Computer. The My Computer icon from the desktop can be hidden by a Right–Click delete. As mentioned earlier, this does not delete My Computer but actually hides it. To restore My Computer, go to display Properties and under the Desktop tab click on Customize Desktop. Put a check mark against My Computer and say OK. You can format a standard floppy disk in two ways, either through the Command Prompt or through Explorer, that is, through My Computer. To format a floppy disk or to create a Startup Disk, Right– Click on the floppy icon and select Format. From the Format dialog box select whether to enable quick format or not and then click start. To create Startup Disk put a check against the Create an MS-DOS Startup disk option and click on Start. Startup disks can be used to start your computer in MS-DOS if your computer is giving problems and then you will be able to at least copy important data to your other drives then format and reinstall the OS in the same drive. The Windows XP startup disk is not of much help since XP has the Windows Recovery Console., but for Windows 98 it‘s a different story.
Page | 50
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Floppy Format - Print Screen 4.7
Assume you have opened C:\> and minimized it and then later you have opened D:\> drive; now to copy a file from one place to another you can press Ctrl and click and drag the file to the minimized window and wait till the window maximizes and then drop the item in that open window. Same is true for the desktop, if you have many windows open, you can drag the file over to a blank spot on the taskbar and wait for all open windows to minimize automatically upon which you can then drop the item on the desktop. If you try dragging an entire drive or any other item onto some other item then you will notice that no copy of the item is made instead a shortcut is created pointing to the item in My Computer. If Windows cannot create a shortcut at some place due to some reason then it will ask you if you wish to place the shortcut on the desktop or not. Like in My Computer itself, if you try dragging a hard disk drive to the Floppy Drive Icon then (if there is no floppy in the drive) Windows will inform you that the shortcut cannot be created and whether you would like to place the shortcut on the desktop. Windows XP has integrated CD Burning into explorer, a technology until now never seen in any Microsoft OS. If you have a CD-RW Drive, that is, a drive that can burn CDs, then you can copy data to the CD Drive by merely giving a Right-Click on the file or folder and selecting Send To >> CD-RW Drive. Once you have sent all data to the drive, go to My Computer and double click on the CD-RW Drive icon to open it and select Write these files to CD from the common tasks pane on the left hand side. You will be presented with a Wizard that guides you through the writing process. By default the drive writes at the maximum speed that the CD can take. If you want to adjust the speed of the drive while writing a CD then open My Computer, Right-Click on the CD-RW Drive icon and select Properties. Under the Recording tab select the recording speed that the drive should employ to write CDs. Until the CD is written Windows stores the temporary files on the hard disk whose
Page | 51
Riyaz Ahemed Walikar
A Beginners Approach to Windows location is given by C:\Documents and Settings\$Username$\Local Settings\Application Data\Microsoft\CD Burning\.The $Username$ is replaced by the current logged on user‘s username.
CD Burning refers to the procedure of writing data on to CDs using specialized software and a drive that can essentially write data from the computer on to the CD ROM.
The CD Writing Wizard- Print Screen 4.8
IV.5: %Homepath% & My Documents A standard home computer may have many Users and therefore it becomes essential that each user may have his or her separate folder with customized looks. The term %Homepath% is actually the name given to the current user‘s special system folder. Every user has his own special folder that is created when the user was created on the computer. This folder is the C:\Documents and Settings\$Username$\ folder that is found in the %Homedrive% (C:\ drive in this case). You can use these terms as shortcuts to open their respective folders. Just go to Start >> Run and type %Homepath% and press Enter to see your folder.
The %homepath% folder can also be opened by going to Start >> Run and typing a single dot (.) OR a double inverted comma (“). Works for Windows XP.
Page | 52
Riyaz Ahemed Walikar
A Beginners Approach to Windows Let us take a standard example of Administrator. His %homepath% will be C:\Documents and Settings\Administrator. This folder has all the settings of the current logged on user (the Administrator in this case). When newly created a standard %homepath% has the following items: Application Data H Local Settings H Templates H PrintHood H SendTo H NetHood H Ntuser.dat.LOG H F Ntuser.dat H F My Recent Documents H Ntuser.ini H S F Desktop Start Menu Favorites Cookies Windows Administrator‘s Documents The H and S signify Hidden and System attributes of the files and folders. The F is shown here to signify that it is a file. You may not be able to see all of the above mentioned files and folders. To see all the above mentioned files and folders, go to Tools >> Folder Options and under the View tab select the option that says Show hidden files and folders, further scroll down and remove the check mark that says Hide protected system files (Recommended). Windows will warn you that it ain‘t good but you continue and click on Yes. Although not necessary for the beginner, we shall now see the basic importance of some of these files and folders. What should be more relevant to the beginner is the last folder in the list i.e. the My Documents folder (current user is Administrator). Application Data: This folder contains standard file settings for different applications. For example if you have Adobe‘s Photoshop 6.0 installed and you have used it at least once then this folder may contain user specific brushes and color settings etc. This folder may also contain a folder called Microsoft under which you will get the user specific settings for various Microsoft Applications like Word, Excel and Internet Explorer. The Quick Launch that you find on the taskbar is actually a folder whose location is C:\Documents and Settings \Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch. Programs may not work correctly if these sub folders are moved or altered. Local Settings: Local Settings has 4 important folders 2 of which can neither be shared nor customized. One is the History folder that contains Internet Explorer (IE) History and Temporary Internet Files which stores files that are downloaded temporarily on to the system, like for example if you visit http://www.microsoft.com then all images and flash animation files are downloaded and kept in this folder and then displayed in IE so that if you come back to a certain page back again then the page reloads faster. The other 2 folders are Application Data and Temp. Application Data here also does almost the same thing except a few changes here and there. One important thing to notice is the CD Burning folder that Windows uses while burning CDs. The Temp folder is a (as the name suggests) temporary folder that is used by setup files and running applications to create temporary copies of opened files. The contents of these files are periodically deleted by the applications themselves. This folder also holds the Error Report that the Error Reporter talks about. If that did not make sense then let me explain; Windows XP has an inbuilt error reporting tool that takes a snapshot of the system when an error occurs and prompts you to send the error report to Microsoft so that they can help you rectify the problem. This error report is kept in folders having weird names like dir.000.tmp and the like. The Temp folder can also be accessed from the desktop by going to Start >> Run and typing %Temp% in the text box. You can safely delete the contents of
Page | 53
Riyaz Ahemed Walikar
A Beginners Approach to Windows the Temp and Temporary Internet Files periodically to conserve hard disk space. It is actually good practice to delete the contents of the Temp folder since they may contain harmful files downloaded accidentally from the web. Templates: This folder contains the templates that are used when creating new files by applications. Like for example if you select File >> New in Microsoft Word then the file that is created is a copy of the file winword.doc until it is saved. A Template is basically a master copy of a file which applications use to create child documents out of. SendTo: This contains some of the items that are seen in the right-click menu of most files and folders. You can add your own shortcuts here and see the result in the right-click menu. Ntuser.dat.log: This file alongwith Ntuser.dat is used by Windows and it contains user specific information like User settings of the Desktop and application permissions. More on this in the Registry Chapter. My Recent Documents: This folder contains the shortcuts to the documents opened in the current session. You can see these files in the Classic Start Menu under the Documents option. Along with files opened, this folder also contains the shortcuts to folders opened but you cannot see the folders in the start menu. Desktop: This folder contains the desktop icons, files and folders of the current user. Along with the icons from the Desktop folder of All Users, your current desktop is displayed. Start Menu: This folder contains all the icons and folders from the Start Menu of the current user. This along with the Start Menu of All Users, your current Start Menu is displayed. Favorites: This folder contains the links and the Links folder that are displayed in the Favorites Menu in the Menu Bar of any Explorer Window. Cookies: This folder contains cookies downloaded from the internet. Cookies are small helper files that enable a website to recognize the current visitor and display certain logged on user specific information on their webpage. For example assume that you are surfing a shopping website and you want to buy a camera and you even book it and the next time you go online after may be 3 days and you log in to the website. The website then shows that you have booked a camera. This information is stored in small files called cookies which are stored by the website on to your computer. Cookies are practically harmless but if you are still concerned about security you can disable them completely through the Internet Options dialog. Administrator’s Documents: This folder contains files and folders personal to the user. This same folder is also seen on the Desktop and in the Start Menu. Each user has his/her own personal folder with sub folders already customized by Windows to store Music & Video files. A standard My Documents folder contains pre-customized folders like My Music, My Pictures and My Videos. The My Documents folder is usually found on the desktop if you are using the Classic Start Menu else it will be there in the Start Menu. You can have it in both the places in fact. Just right click the My Documents icon in the Start Menu and select the Show on Desktop option. If you wish to make your My Documents folder inaccessible to the other users of your computer then you can do it by making your folders private. This is not applicable everywhere but limited to only C:\Documents and Settings\$Username$ and sub folders, where $Username$ is your username on the computer and C: drive is the root drive on which Windows is installed. To make a folder private, Right-Click on the folder and select Properties; after which under the Sharing tab, put
Page | 54
Riyaz Ahemed Walikar
A Beginners Approach to Windows a check mark against the Make this folder private option. Another thing to notice about the My Documents folder is that it does not have the Customize tab in its Properties. One thing that makes no sense is the fact that Microsoft advises their OS users to store all their files in their My Documents folder. You may have seen during Windows Installation that setup splashes information on the screen telling you to store files and other data in My Documents. Even when you want to save a file in Notepad, MS Word, MS Excel or any of the several other applications that allow you to create and edit files, you may have noticed that the default folder that is opened to save is the My Documents folder. Also when you want to open a file from the File >> Open menu of the application, often it is the My Documents folder that opens up for you to select a file. The reason that it does not make any sense is because of the simple reason that the My Documents folder lies in the %systemroot% drive. Now you may wonder what is wrong with it. Well your %systemroot%, usually the C:\ drive, contains the Operating System and it may so happen that your computer may get infected with a virus or any malicious program and it is a fact that most viruses infect system files and that means that the possibility of you reinstalling Windows cannot be ruled out. There are viruses out there that can literally wipe out boot sectors. So if someday your computer refuses to start, giving an error that Ntdll.dll could not be found or Error Loading Operating System and there is no other way other than formatting your drive, creating a new boot sector or a Master Boot Record and reinstalling Windows what will you do to save your files? The best workaround to the above problem is that you can create two or more than two partitions and name one as Data and the other as Multimedia and so on and save crucial data on to these drives. In that way, even if something happens to your computer and you have to reinstall Windows you can still pray that your data is almost safe. You can make something foolproof, but you can‟t make something damn foolproof. If your data matters to you more than your life, then please take a backup on to an external device and regularly scan your computer using an updated Antivirus.
IV.6: Recycle Bin The Recycle Bin is like a dustbin in which you throw away unwanted stuff from folders. Whenever you right-click and select delete, the file or folder is stored in the Recycle Bin until it is ready to be thrown out permanently. Files and folders can also be deleted by pressing the Delete key on the keyboard. Normally when you delete a file or folder, Windows asks you to confirm the deletion by popping a confirmation message. This message can be bypassed by changing the properties of the Recycle Bin. You will under normal circumstances you will always find the Recycle Bin on the Windows Desktop. When you first run Windows, Recycle Bin is the lone component that you will see sitting on the desktop in the right hand corner down. Recycle bin is an effective solution for unwanted files that keep piling up. You can periodically delete files that you do not need and if the need arises restore them from the Recycle Bin. You can even configure Windows to delete files permanently out without storing them in the Recycle Bin. Although this is not advised, you can still do it.
To delete items permanently without sending them to the Recycle Bin you can press Shift + Delete.
You can adjust the Recycle Bin to store files upto a certain size and delete the remaining. To adjust these and other settings, right-click on the Recycle Bin icon and select Properties to open the Recycle Bin Properties dialog box. Here you will see „n‟ tabs where n-1 is the number of drives on your computer. One tab which is extra under the Recycle Bin Properties is the Global tab. If the Use one setting for all drives option is selected under this tab then all other options are disabled
Page | 55
Riyaz Ahemed Walikar
A Beginners Approach to Windows under the other tabs. Keeping this option selected you can then adjust the maximum size of the Recycle Bin in terms of percentage. This is a common setting for all drives. Let us take an example to understand this option more clearly. Assume that you have a computer with a 40 GB hard disk. Your computer has 4 drives of 10 GB each. Now your computer‘s current Recycle Bin setting allows you to store files which will not take more than 10 percent of the drives. That means that you cannot store more than around 100 MB of deleted files in the Recycle Bin. All data on a computer is stored in the form of binary numbers so that the processor and other devices can understand it. Binary format is a form of storing data using just two numbers: 1 and 0. The word „Hello‟ may be stored as 110010101000100110. These digits are converted to high (1) and low (0) forms of voltage by semiconductor devices and transistors seen on the motherboard and inside the processor. A high voltage (around 6 volts) is interpreted as a 1 and a low voltage (around 2 volts) is interpreted as a 0 by the processor and other hardware. A group of 4 digits is called a nibble. 2 nibbles make a bit. 8 bits make a byte. 1024 bytes make 1 Kilobyte (KB). 1024 kilobytes make 1 Megabyte (MB). 1024 megabytes make 1 Gigabyte (GB) and most computers today have 40 to 80 GB hard disks. When saying 40 & 80 GB disks, the size is literally not so. 40 GB comes out to 38162 MB (37.26 GB) practically. If you attempt to delete a file whose size is larger than the limited size then the file is deleted directly. Windows asks you before deleting though. If you notice carefully there is an option to delete files directly without sending them to the Recycle Bin. You can even prevent Windows from displaying a confirmation box when you delete an item by de-selecting the Display delete confirmation dialog. Click on OK to save changes. If you open the Recycle Bin, you will see that the common tasks pane has a section called Recycle Bin Tasks which contains just 2 options. One is to Empty the Recycle Bin. This will delete all files from the Recycle Bin forever. You can restore all items from the Recycle Bin to their original locations by selecting the Restore all items option from the Recycle Bin Tasks section of the common tasks pane. You cannot open a file or folder when in Recycle Bin. If you right click over any item you will see that the default action that is performed is to show the properties dialog of the item. If you want to see the contents of a file or folder you have to either restore the item to its original location or you can cut the item and paste it in any folder and then open it. The properties dialog of the items in the Recycle Bin may not show you the exact location instead you may be shown only the folder. Like for example if you have a file in D:\Games\Section 13\data\system\ called soldier.tfp and if you delete it and then you see the properties of the soldier.tfp file in Recycle Bin, you may be shown that the Origin of the file is ‗system and now you will have to wonder where the file will go if you restore it because there could be several folders with the name system, Windows itself has a folder called system which stores all system files in Windows 98 and mouse and keyboard drivers in Windows XP. A way of knowing the location of a file is to see the tooltip that Windows displays when you move your mouse over the file in Recycle Bin. You can change the icon of the Recycle Bin (full and empty) by opening Display Properties and selecting Customize Desktop under the Desktop tab.
IV.7: Searching for Files Most computers have on an average 25000 files; these include your Windows system files and your personal data. Some people have large collections of music and video files on their computer whereas some people like me like to collect desktop wallpapers and other pictures. I have a whooping 11,674 pictures on my hard disk. In these cases you may want to get a certain file and
Page | 56
Riyaz Ahemed Walikar
A Beginners Approach to Windows you just can‘t remember the locations or you may know the location but you don‘t know the file. I have met people who have forgotten where they had kept their entire mp3 collection, overnight!! Windows Search comes to the rescue on these accounts. Older versions of Windows also had a Search option but it wasn‘t all that user friendly. Windows XP has a search that you would love to use. Windows XP‘s integrated explorer search allows you to search for any kind of file from any folder on your PC. Open any folder, My Computer for instance, and just click on Search on the standard toolbar (there is a magnifying glass next to it, you can‘t miss it) to open the search pane on the left hand side of the screen. Windows XP search is pretty much self explanatory. In the search pane click on the Pictures, Music, or Video option to search for any or all of them. You can even use advanced search options and search with a filename. If you don‘t know the name of the file but you know that it began with nat then you can use wildcard characters like the asterisk (*). Just type nat* and click on search. Windows will search all files that begin with nat and which are pictures or music files or videos depending on the option selected. You can even search for Documents which include MS Word, MS Excel, MS PowerPoint and other Office applications. You can specify the time when it was modified to search faster. These are not the only file types you can search. Use the All files and folders option to search for files of any extension by just putting the extension of the files preceded by an asterisk. For example, if I want to search for a video file whose name contains the letters ‗per‗and whose extension was something like .av, (assume I can‘t get the remaining letters), I can still search and get positive results. I have to just open search and click on the All files and folders option. In the first text box, All or part of the filename, I have to type *per*.av* and click on search. This will cause Windows to search all files which have the letters per and whose extension begins with av. I may get a search result with my file Superman.avi somewhere in the D:\ drive. You can use this Windows search tool to search for computers on your network or you can use it to search for people in your address book which you may have configured for Outlook Express (it‘s a mail client). Help and Support centre is also accessible from here. You can then use Help and Support for your other searches. You can even search the Internet through the Windows search!! You can customize many things in Search. Just click on Change preferences. You can turn off the animated character that is visible and active below or you can switch him for another character. More characters are available when you install MS Ofiice. Indexing service is an interesting concept; when you select the Yes, enable Indexing Service option, Windows automatically categorizes and indexes files and folders throughout your computer and keeps the records of each and every folder on your computer so that searching takes place more faster and effectively. If you are well versed with file extensions and file names you can try using the Advanced Search Mode as default. Click on Change files and folders search behavior and select Advanced. Click OK to save changes. You can also disable Search from showing informative balloon tips. Suppose you have searched for a file called mother.jpg, which by its extension we know that it is a picture file, now turning AutoComplete off will prevent Windows from showing the last few entries that were made during the search and you will have to type the name all over again. With Auto Complete on, you have to just type in the first one or two characters and the previously searched words beginning with the same characters are displayed. After a search when the searched files are being displayed you can right click on any of the files and select Open Containing folder to see the other files in that directory. After finishing a search you can even save your search as a *.fnd file. To save your search, just right-click anywhere in a blank space in the search window and select Save Search. Type a name for the file and click on Save.
Page | 57
Riyaz Ahemed Walikar
A Beginners Approach to Windows One of the things that most people don‘t know is that you can make the animated character do several tricks that it is programmed to do. Just give a single click on it and select Do a trick from the menu that comes up. I personally like Merlin and his cooking of green magic potion trick. Search can be run from any folder by clicking on search from the standard toolbar, but remember to change the Look In section of the search to the folder of your choice because Windows will search for files only in that folder through which search was opened. The other way of opening the Search window is through the Start button. Click on Start >> Search >> For files or folders.
IV.8: File Extensions & Open With Windows and similarly all applications recognize files by something called as file extensions. File extensions are nothing but the part that comes after the dot (.) in a filename. Windows recognizes almost all file extensions except those for which no programs are installed. Windows explorer itself being a .exe file is an executable file because of its .exe extension. Windows will not recognize that .doc is a MS Word document unless and until Office is installed and MS Word is present. Windows by default hides file extension of known file types. This can be quite disastrous since there are viruses that have icons of picture files and have long and attractive filenames so that the innocent computer user may fall prey to the program. Since extensions are hidden by default an unsuspecting user might open the virus (since it‘s an exe, it will run) thinking that it is a picture file. To show file extensions open any folder and go to Tools >> Folder Options to open the Folder Options dialog box. If there is no Option for Folder Options then it will be disabled through the registry, jump to the chapter on Windows Registry, enable Folder Options and come back here. Under the View tab of the Folder Options dialog, scroll down and deselect the option that says Hide extensions for known file types. One file that does not show its file extension even after removing this check and that is the shortcut file. Windows shortcut files have an extension of *.lnk (link when extended) All the program shortcuts in the start menu and the desktop have an extension of .lnk. Windows programmers were aware of the fact that there could be deceiving viruses out there so to prevent infections out of stupid actions this option was built. But if even shortcuts would show their extensions then the entire desktop, start menu, search and all the other places where shortcuts are used would look all crappy. Also any accidental changes to these shortcuts would prevent some programs form running properly. Below is a list of some common file extensions that you would probably see on a normal computer along with a brief description and the name of the application(s) that can be commonly used to open and handles such file extensions.
Extension
Description
Application
*.ADP
Microsoft Access Project File
MS Access
*.AIF
AIFF Audio file
QuickTime Media Player
*.ANI
Cursor Files. The Windows mouse cursor etc..
Windows
*.ASF
Audio/Video file
Windows Media Player
*.AVI
Audio Video Interleaved file. An AVI clip is a series of bitmap frames like a movie.
Windows Media Player
Page | 58
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.BAT
Batch Files. DOS commands script file. Very helpful in running common tasks.
Windows (run as an executable)
*.BMP
Bitmap Image
MS Paint/Adobe Photoshop
*.CAB
Cabinet files. Mostly used by setup files during installation of a program. Data is stored in these files and copied to the system from here.
Windows
*.CAT
Catalog files. Security & Program descriptions.
Crypto Shell Extensions ‗rundll32.exe cryptext.dll‘
*.CER
Security Certificate files. Validates program and system interaction.
Crypto Shell Extensions ‗rundll32.exe cryptext.dll‘
*.CHM
Compiled HTML help file. Files containing help and information about a program.
hh.exe
*.COM
Command prompt or MS – DOS applications. Found in abundance on older systems.
MS-DOS / Windows
*.CPL
Control Panel Extension files. Components of the Control Panel which are run with control.exe.
Windows / Control Panel
*.DAT
Data files. VCD movies and program information formats.
Windows Media Player (VCD)/Associated program
*.DB
Database files. Common eg is the Thumbs.db file found in Windows XP.
Windows
*.DBF
Database files. Tables of version I, II, III & IV
Microsoft Access
*.DIB
Image files.
Paint
*.DLL
Dynamic Link Library files. One of the most important extensions in Windows. Used by almost all applications to call Windows functions and procedures or run self developed procedures. E.g All Windows Icons and tool tips are stored in shell32.dll file.
Windows / Application for which developed
*.DOC
Word Document
MS Word
*.DOCHTML
Word HTML Document
MS Word
*.DOT
Document Template file
MS Word
*.DRV
Device Driver. Allows the hardware to interact with the OS.
Windows
*.EXE
Executable file
Windows
Page | 59
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.FLA
Flash Document. Flash animation and effects are done through this file.
Macromedia Flash
*.FON
Font File. Contains fonts to be used by system.
fontview.exe
*.GIF
Image file. Two or more frames can be added to make a single gif image which will then give an animated look. Used in buttons on websites and on banners.
MS Paint / Adobe Photoshop
*.GZ
Compressed file. Used as an archive.
Winzip
*.HLP
Help files. Contain help and information about program they come along with.
winhlp32.exe
*.HTML
HyperText Markup Language files. Webpages basically.
Internet Explorer / MS Frontpage / MS Word
*.ICO
Icon files.
MS Paint
*. INF
Setup information files.
Any Text Editor (e.g. Notepad)
*. INI
Program Initialization files. Contain program configuration settings.
Any Text Editor (e.g. Notepad)
*. JPEG/JPG
Image file. Clear images and a reduced file size. Much smaller than *.bmp files.
MS Paint / Adobe Photoshop
*.KEY
Registration entries. Contains information specific to the system registry. Information can be added to the registry by right-click Merge or double click.
Windows / Edit - Any Text Editor (e.g. Notepad)
*.LOG
System or program log files. Contain information about what happened in the past when the program was running.
Any Text Editor (e.g. Notepad)
*.M3U
Media list. Used by media applications to store path and filenames of media files which are to be being played.
Winamp / Any Text Editor (e.g. Notepad)
*.MID/MIDI
MIDI audio file. Not music exactly but a series of tones that appear in a tune. Mobile ringtones and Old Video game music are examples.
Winamp/Windows Media Player.
*.MMM
Multimedia Movie Clip
Windows Media Player
*.MOV
QuickTime Movie
QuickTime Player
*.MP2
Audio file. Stands for MPEG Layer 2
Windows Media Player / Winamp / Any other Audio
Page | 60
Riyaz Ahemed Walikar
A Beginners Approach to Windows Player *.MP3
Audio file MPEG Layer 3
Windows Media Player / Winamp / Any other Audio Player
*.MPE/MPEG
Multimedia file. Movie file in most cases. Motion Pictures Experts Group.
Windows Media Player / Winamp / Any other Multimedia Player
*.MPG
Movie File
Windows Media Player / Winamp / Any other Multimedia Player
*.MSC
Microsoft Management Console file. Child files for Main console running.
MMC.exe
*. MSI
Windows Installer. Setup.exe kind of file except that it uses the Windows Installer that comes with Windows, all information still being in the MSI file.
msiexec.exe
*.NFO
MSInfo file. System Information and other general and detailed info showing file.
Opens with msinfo32.exe
*.OCX
Activex Controls. Used by applications to create objects that are used in normal system working.
Windows / Other Applications
*.PCX
Image File
MS Paint / Adobe Photoshop
*.PNG
Image File
MS Paint / Adobe Photoshop
*.POT
PowerPoint Template
MS PowerPoint
*. PPS
PowerPoint Slideshow
MS PowerPoint
*.PPT
PowerPoint Presentation file
MS PowerPoint
*.RAM
Real Media Player‘s multimedia file
Real Player
*.REG
Registration entries. Contains information specific to the system registry. Information can be added to the registry by right-click Merge or double click.
Windows / Edit - Any Text Editor (e.g. Notepad)
*.RM
Real Media Player‘s multimedia file
Real Player
*.RTF
Rich Text format. An old popular format for storing text documents.
MS Word / Wordpad
*.SCR
ScreenSaver
Windows (run as an executable)
Page | 61
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.SWF
Shockwave Flash Movie. Animated movie created using Flash or any flash supported application.
Flash Player.
*.TLB
Type Library files.
Windows / Applications referring to them.
*.TXT
Text files.
Any Text Editor (e.g. Notepad)
*.WAV
Windows Audio Video file. Common format for playing music on Windows. Huge size though if codecs are not used.
Winamp / Windows Media Player / Windows
*.WMA
Windows Media File
Windows Media Player
*.WMV
Windows Media Video. Video File; very difficult to edit and add effects. Very few players offer support. Clear but huge file size.
Windows Media Player 9
*.XLS
Excel Worksheet
MS Excel
*.ZIP
Zipped Compressed archive file. Used to store several files and folders in a single file as compressed archive.
WinZip / Windows Compressed Zip Folders.
We can change file associations through folder options to cause files to be opened by other applications. For example if mp3 files on your computer open with Windows Media Player, then you can change that to Winamp by changing the file association to Winamp. Open Folder Options go to File Types, search for the mp3 extension and click on Change to select a program and click OK.
IV.9: Windows Services Windows has several programs running called Services in the background that are continuously using the processing power of the computer to complete Windows requests and user generated actions. Along with inbuilt and essential Windows services you may also find many other third party applications. Basically every action that is performed by Windows depends or is used by a service. To see a complete list of services on your computer go to Control Panel >> Administrative Tools >> Services or go to Start >> Run and type services.msc. The list is a Microsoft Management Console snap-in (*.msc). Services can be configured with one of three settings, disabled, manual and automatic. Automatic services will be started every time Windows is loaded, while manual services must be started by the user through the Management Console snap-in or through an executable file or command. Disabled services are those that cannot be run. Generally speaking, manipulating most of these system services can in fact cause your system to stop responding the way you want it to. Many of these services are critical to the functioning of the Windows Operating system. There are certain exceptions though and you can always disable or stop these services from the services console window. Even some third party services may run as a service and hamper with the normal functioning of your system. It is also common for most services to have dependencies, that is, they depend or are depended upon by other services and their termination or start may cause other services to behave unexpectedly.
Page | 62
Riyaz Ahemed Walikar
A Beginners Approach to Windows Below is a list of common and important Windows services that you may find on a Windows XP system. You can change the status of any of these services by selecting properties from the right click menu. These services and settings are taken from a Windows XP Home Edition computer, the service and startup type may differ on your computer. The most important services are usually ‗Automatic‘ like the Remote Procedure Call Service and the Application Layer Gateway Service.
Service Name
Description
Startup Type
Alerter
Notifies users of administrative alerts
Manual
Application Layer Gateway
Provides support for Internet Connection Sharing and the Internet Connection Firewall
Automatic
Application Management
Provides software installation services such as Assign, Publish, and Remove. (Add/Remove Programs)
Manual
Automatic Updates
Enables the download and Installation of Windows updates
Automatic
Background Intelligent Transfer Service
Uses idle network bandwidth to transfer data.
Automatic
ClipBook
Provides support to the ClipBook Viewer that allows remote computers to access the copied or cut items on the local computer.
Manual
Computer Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers.
Automatic
Cryptographic Services
Management of Certificates and the File Signature database.
Automatic
DHCP Client
Manage network configuration by registering and updating IP addresses and DNS names.
Automatic
Distributed Link Tracking Client
Maintains a link of NTFS files moving in a computer or between two computers in a network.
Automatic
DNS Client
Resolves and caches Domain Name System (DNS) names.
Automatic
Error Reporting Service
Allows error reporting for services and applications.
Automatic / Manual / Disabled
Event Log
Record System, Security, and Application Events. Viewed with the MMC Event Viewer (eventvwr.exe in NT).
Automatic
Fast User Switching Compatibility
Enable multiple users to login to the same PC simultaneously. One user can switch user and the other user can login.
Automatic
Page | 63
Riyaz Ahemed Walikar
A Beginners Approach to Windows Help and Support
Provides the interface for XP‘s Help and Support
Automatic
Human Interface Device Access
Provides support for extra keyboard buttons and some other multimedia devices.
Manual / Disabled
IMAPI CD-Burning COM Service
Enables Windows XP CD Writing property.
Automatic
Indexing Service
Indexes contents and properties of files on local and remote computers
Manual / Disabled
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Automatic
Logical Disk Manager
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration.
Automatic
Logical Disk Manager Administrative Service
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Manual
Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger
Manual
Net Logon
Network Authentication: Supports pass-through authentication of account logon events for computers in a domain.
Automatic
NetMeeting Remote Desktop Sharing
Allows authorized people to remotely access your Windows desktop using NetMeeting.
Manual
Network Connections
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Manual
Network DDE
Support the network transport of DDE (Dynamic Data Exchange) connections.
Manual / Disabled
Network DDE DSDM
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable.
Manual / Disabled
Network Location Awareness (NLA)
Collects and stores network configuration and location information, and notifies applications when this information changes.
Automatic / Manual
Plug and Play
Enables a computer to recognize and adapt to hardware changes with little or no user input.
Automatic
Page | 64
Riyaz Ahemed Walikar
A Beginners Approach to Windows Stopping or disabling this service will result in system instability. Print Spooler
Loads files to memory for later printing.
Automatic / Manual
Protected Storage
Provides secure storage for sensitive data like Outlook Express passwords etc.
Automatic
Remote Access Auto Connection Manager
Creates a connection to a remote network whenever a program references a remote address.
Manual
Remote Access Connection Manager
Creates a network connection. Used to create Dial-ups and other RAS connections.
Manual
Remote Desktop Help Session Manager
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable.
Manual
Remote Procedure Call (RPC)
The most important service. Provides the endpoint mapper to all RPC activities including user logon and server manager. If RPC terminates, the system usually restarts.
Automatic (You cannot change the status on some machines)
Remote Procedure Call (RPC) Locator
Manages the RPC name service database.
Manual
Removable Storage
Manages removable media, drives etc.
Manual
Secondary Logon
Enables starting processes under alternate credentials.
Automatic / Manual
Security Accounts Manager
Stores security information for local user accounts.
Automatic (You cannot change the status on some machines)
Server
Support for file sharing, print sharing
Automatic
System Event Notification
Track system events such as Windows logon, network, and power events.
Automatic
System Restore Service
Performs system restore functions.
Automatic
Task Scheduler
Enables a user to configure and schedule automated tasks on this computer.
Automatic
TCP/IP NetBIOS Helper
Support for name resolution via a lookup of the LMHosts file.
Automatic / Manual
Themes
XP Active Desktop Themes, and quick launch toolbars
Manual / Disabled
Windows Audio
Manages audio devices for Windows-based
Automatic
Page | 65
Riyaz Ahemed Walikar
A Beginners Approach to Windows programs. If this service is stopped, audio devices and effects will not function properly. Windows Installer
Installs, repairs and removes software according to instructions contained in .MSI files.
Automatic
Windows Management Instrumentation
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly.
Automatic
Windows Time
Maintains date and time synchronization on all clients and servers in the network.
Automatic
WMI Performance Adapter
Collect performance library information.
Manual
Workstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable.
Automatic
When you install any antivirus software, the program may run as a service. To see all the running services (Microsoft or Non Microsoft), go to Start >> Run and type msconfig to open the System Configuration Utility. Select the fifth tab to see the services page. Check the Hide all Microsoft Services check box to see all Non Microsoft Services. You can even enable all or disable all services here. Please do not enable all services because this will slow down your computers performance considerably. You will have to restart your computer to see the changes. The best option is to open the Services.msc snap in and convert all services startup type to manual. Then restart your system normally. You will notice that the computer starts miserably slowly at this time. Once your computer starts completely, do some normal computing that you would do in everyday life, listen to music, play a game, open MSWord, Excel, Install & run programs, open My Documents, connect to the net, browse a few sites, download some files etc. This is to enable Windows to select which service is important for your daily computing. After you have finished with your routine, open Services.msc again and now see which services have started, turn them to Automatic and you can now be sure that Memory & Resource Management has been taken care of.
IV.10: System Restore & Windows Update System Restore, an integral component of Windows saves us a lot of trouble by allowing us to jump back to a previous working state of Windows. By the name itself you should get an idea of what this does. System Restore is a component of Windows XP that you can use to restore your computer to a previous state, if a problem occurs, without losing your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or e-mail). System Restore monitors changes to the system and some application files, and it automatically creates easily identified restore points. These restore points allow you to revert the system to a previous time. They are created daily and at the time of significant system events (such as when an application or driver is installed). You can also create and name your own restore points at any time. System Restore is completely reversible. That is you can change back to your current computer‘s
Page | 66
Riyaz Ahemed Walikar
A Beginners Approach to Windows configuration even after you have restored. System Restore is automatically installed and configured on Windows XP if your computer has at least 200MB of free disk space after Windows XP is installed. This complicated looking property of Windows XP is fairly simple to understand. Windows XP creates folders called System Volume Information which is present in every drive that is being monitored. Like suppose you have your D:\ drive, there will be a System Volume Information folder, if your drive is being monitored by System Restore, and usually it will be inaccessible. Firstly because you may not be able to see it and secondly even if you manage to see it, you may not be able to open it because this folder is usually protected by a Control Access List (detailed later). To see the System Volume Information folder go to Tools >> Folder Options. In the Folder Options dialog that opens up click on the View Tab and scroll down and remove the check against the option that says Hide Protected Operating System files (Recommended). You will be prompted with a warning, click on OK and proceed to any drive and check out for yourself. The System Volume Information folder contains sub-folders whose names begin with RPX$$ where the $$ stand for a number that is generated when the restore point is created. These folders contain all the information required to restore the computer back to a previous working condition. System Restore when invoked as an application to create or restore ‗Restore Points‘ then a file called rstrui.exe, which is found in %Systemroot%\system32\Restore\ is run. Let us take an example; assume that you've obtained a new and powerful game called Section 13 from a friend and you wish to try it out but are feeling out of mind since the game is not exactly compatible with Windows XP (assume, there‘s absolutely no way that can happen though) and your hardware. You do not want to reinstall your OS if something goes wrong and you also want to try out the game. Then run System Restore and create a restore point. You can start System Restore by going to Start >> All Programs >> Accessories >> System Tools >> System Restore. The System Restore welcome screen displays 2 options, which you can select to perform the desired function. First we shall see how to create a restore point. Select the second option that says ‗Create a restore point‘ and press Next. Type a name for your restore point, Anything that will help you remember what you created this restore point for. Something like ‗Before Installing Section 13‘ will do. Remember that once created, a restore point cannot be changed. Click on Create and Windows will create a custom restore point for you. The current system time and date are automatically added to your restore point. After the restore point is created you will be presented with a page that will give you the details of time and date when it was created. For now click on Close.
Page | 67
Riyaz Ahemed Walikar
A Beginners Approach to Windows
System Restore (Creating a Restore Point) - Print Screen 4.9
In case the game works its well and fine, but if it doesn‘t and your Windows XP does not start properly then you can start the computer in Safe Mode and restore your computer to the working state by selecting the restore point named ‗Before Installing Section 13‘. The best method to do this is through the Safe Mode. To start your computer in safe mode, press the F8 key when your computer starts. If you enable the visibility of the boot.ini file (see the previous chapter‘s challenges) then it shouldn‘t be a big deal. Once started go to Start >> Run and type \windows\system32\restore\rstrui.exe. To restore you computer to a previous state, select the first option that says ‗Restore my computer to an earlier time‘ and press Next. In the Select a Restore Point page, select a date from which you want to restore. The dates that are only in bold contain restore points. Select the date on which you installed the game and select the name that you had given to the point from the right hand pane. Click Next. The next page is the last page for you to change your mind, else click on Next to start restoration. Close all open applications and files and folders. During restoration Windows shuts down and after all the settings and files are restored Windows restarts with the new restored mode. If in case you are not happy with your restoration you can either reverse it back or select another restoration point from the System Restore window.
Page | 68
Riyaz Ahemed Walikar
A Beginners Approach to Windows
System Restore (Changing Drive Space Settings) - Print Screen 4.10
OK now that you have understood the basics of System Restore, lets see how you can change the allotted space of System Restore files. As explained Windows stores these files in RPX folders in a folder called System Volume Information which is present on the drive on which System Restore is enabled. By default Windows enables it on all drives with a space usage of 12% of the total drive space. To change System Restore settings, right click on My Computer >> Properties and then click on the System Restore tab. You can turn off System Restore on all drives directly by clicking on the lone check box on this page or change individual drive settings by selecting a drive and the pressing the Settings button. You can adjust the amount of space to be used by System Restore to save files which are to be restored if the need arises. Lowering the amount of space means less number of restore points can be saved.
Please turn off System Restore on all drives when running a virus scan, since the System Restore folders „System Volume Information’ may contain a copy of the virus and it is a known fact that Windows does not allow any software to see what‟s inside these folders even if they are antivirus softwares. After the virus scan enable System Restore.
Windows Update is another time saving and customer friendly component of Windows. Windows is a web based software update service for Microsoft Windows Operating Systems. It offers a location for downloading critical system component updates, service packs, security fixes, patches and free upgrades to selected Windows components. Additionally, it automatically detects the user's hardware and provides driver updates when available, and can offer beta versions of some
Page | 69
Riyaz Ahemed Walikar
A Beginners Approach to Windows Microsoft programs. You require Internet Explorer to use Windows update if you are checking and downloading manually. Windows XP‘s Service Pack 2 was a part of Windows Update 5 which was released some time in late 2004. Windows provides an inbuilt component that manages updates when you are connected. You can configure Windows Update to download and install updates as and when they are obatined or to ask you after downloading them or to ask you before downloading any updates. Windows connects to http://windowsupdate.microsoft.com/ which is the centre for all patches and updates. The Windows component that manages all downloads is %SystemRoot%\system32\wupdmgr.exe which checks for connectivity and displays periodic information about update status. Windows update can run in the background without interfering with your work and inform you when the downloads are complete. To change these or other update settings, right click on My Computer >> Properties and then click on the Automatic Updates tab. The Automatic selection is the default one but you can change that to any of the other options available. You can even disable Automatic Updates but that is not recommended. If all the options are grayed out (disabled) then the Windows Update Service is probably not running. Open Services and start the Automatic Updates service. Keep your edition of Windows updated in all cases to prevent any flaws or bugs to be exploited by malicious programmers. Prevention is seriously better than cure.
Windows Updates - Print Screen 4.11
Page | 70
Riyaz Ahemed Walikar
A Beginners Approach to Windows IV.11: The Task Manager Perhaps the most diagnostic and important tool not seen in Windows 98 but found in Windows 2000 and Windows XP is the Task Manager. This small yet powerful utility allows you to check where all your computer‘s memory is being used, debug processes, end unwanted programs, check for unknown applications, check virtual memory accesses, see kernel times, see network usage and traffic, disconnect and check users logged on and a hell lot of things more. You may be able to see application windows and open files lined up on the taskbar, but they are not all that are running. If you notice that your computer is not giving the performance that it used to give and your computer‘s hard disk light keeps flashing even if you are not doing anything, you can use the Task Manager to catch hold of the culprit. On older systems, like Windows 98 & 95, when you press the (universal) combination of [Ctrl] + [Alt] + [Del] a list of programs is displayed that are running on the computer and that‘s it. There is no other information shown. You can end programs from here, but when you try to end explorer, Windows pops up the shut down computer dialog box. Even then you can click on Cancel on the shutdown dialog box to restart explorer with the desktop refreshed but what is the use of this dumb box if it does not show anything more than running applications.
The Windows Task Manager- Print Screen 4.12
Page | 71
Riyaz Ahemed Walikar
A Beginners Approach to Windows The Task Manager of Windows XP can be opened by pressing the [Ctrl] + [Alt] + [Del] key combination or you can right click on an empty area on the taskbar and select Task Manager or you can also press the Ctrl + Shift + Esc keys. The Windows XP task manager is found in two forms, one as an executable file called taskmgr.exe and the other as a MS-DOS application (*.com) called taskmgr.com, both are found in the system32 folder in %systemroot% (usually C:\Windows). Anyways just open task manager and see the various functionalities for yourself. If you double click the task manager interface when it is open under the Performance tab then the task manager switches to expanded mode. In this mode you cannot see the tabs or the menu. Double click again to return to normal. The task manager usually has 5 tabs (on Windows 2000 the Users tab is missing because multiple logins is not supported) which are Applications, Processes, Performance, Networking and Users. Since each tab is of special importance therefore we shall see each of the tabs individually: Applications: This is the first tab that task manager has and is the default one that is selected (Task manager remembers what tab was being viewed the last time it was run and displays the same tab on its next run). In this tab you can see all the Programs that are running on your computer. This tab just shows programs that are visible on the taskbar or which have been minimized to the system tray. You can End a particular task by right clicking over it and selecting End Task. If you wish to see which *.exe the program actually is then right click on the icon of the program in task manager and select Go to Process. You will be immediately taken to the second tab, the Processes tab, which will have your selected process as the real executable that was running. For example open your computers C:\ drive through My Computer and then open Task Manager and then under the Applications tab right click on the C:\ drive icon and select Go to Process and you will be taken to the next tab and explorer.exe will be highlighted. As we already know C:\ drive runs through explorer.exe (the Windows shell) and this tiny little experiment is big proof. The best view that can be availed in this tab to see applications is the Details view. To change the current view, click on View in the Menu bar and select Details. Using this view you can see if an application is actually running or is Not Responding. You can then easily end programs that are not responding by just a right click. Processes: This tab shows all the processes running on your computer. If your computer is being used by more than one person that is if you have used Switch User functionality of Windows XP then you can see what process the other user was using in his session by checking the box that says Show processes from all users. You can scrutinize a particular process by using almost 25 parameters that can be selected from the View menu. Go to View and click on Select Columns. In the dialog that opens up select the column that you would like to see in task manager. For now select PID, CPU Usage, Memory Usage, Peak Memory Usage, Username and Virtual Memory Size. Click on OK and see the columns that have come up in task manager. You can click on any column name to arrange the respective column‘s data in ascending or descending order. Every process has an Image Name which makes the first column. The PID is an integer value assigned to every process that runs on your computer and it uniquely identifies every process with the processor. User Name is well the name of the user that started the process. You may notice that even if your User Name is Neo or something like that there will be processes running with user names like System, Local Service, Network Service etc. These services are started by Windows and are required by Windows to run properly. Most of these processes are Windows Services like for example, alg.exe is the Application Layer Gateway service. CPU Usage is the one of the two things that can be used to work out memory and resource hogging processes. This column shows the percentage of CPU power that a particular process uses. You may notice that most processes may show a 00 percent CPU usage; these processes use the CPU infrequently or may uses and complete the task so quickly that the percent increase and decrease is visible as zero. If you arrange the CPU Usage column, the process called System Idle Process should have the majority (almost 99% when system is idle) CPU Usage. This is not exactly a process but a sign of system idleness and the higher the CPU Usage for this so called process, the more of the processor‘s power is available for use. The next column is the Memory Usage column. This is the other factor
Page | 72
Riyaz Ahemed Walikar
A Beginners Approach to Windows that allows us to find resource hoggers. Arranging processes according to their memory usage will cause us to see which process is using the major chunk of it. This memory is your computer‘s RAM (I have 128 MB on my machine) and it is shown here in Kilobytes or $$$$$ K. If you do not recognize the process you can right click and select End Process or you can select End Process Tree to end child processes too. Child processes are processes that are started by a certain process or use some part of a main process frequently. Like suppose MSN messenger is running and if you end process tree explorer.exe then even MSN messenger gets killed since it was started using the explorer interface. If you want to restart a process then you can go to File >> New Task and type the name of the process or browse for it. For example if you have killed explorer and the desktop icons and the task bar have vanished then you can type explorer and press Enter to start the Windows shell again. Peak Memory Usage shows the maximum memory that a process used after it was started. VM Size is the column showing Virtual Memory usage by a process. Virtual Memory is free space on your computer‘s hard drive that is allotted into a file called the Paging File or Page File and is used like physical memory (See the Tips & Tricks Chapter for more) by the Operating System. There are several other parameters you can use to judge a process like Thread Count, Base Priority, Handle Count etc. See the Help Menu for in depth explanation. Performance: This tab shows the CPU usage and Page file usage in terms of graphs. Besides being informative, this tab also shows the amount of memory used by the Windows kernel and how much is used by running applications. The Windows kernel is the main Windows engine that runs and allows hardware and software to interact. This kernel loads during system startup and stays in main memory. To see kernel usage of memory, go to View >> Show Kernel Times; the memory usage of the Windows Kernel will be shown in red. If your computer has two processors than you will see two graphs here (excluding the Page File graph) or if your computer has the Intel P4 processor with HT technology and if Hyper threading has been enabled in the BIOS then too you can see two graphs here. The other graph that is also found here is the Page File Usage History Graph. This graph shows the usage of Virtual memory and amount of paging file used. Networking: This tab shows network information like the usage of network from which you can obtain an idea of the amount of data that is being sent over the network. You can examine a connection using almost 25 various parameters. Select View >> Select Columns to adjust the columns that appear on this page. You can also see the Network Adapter History by going to View >> Network Adapter History and you can select the Bytes sent (Red), Bytes received (Yellow) and the total number of Bytes (Green) to be shown on this page. If you are copying files over the network or are playing games on the network then you can easily diagnose the data that is being sent in and out. Users: The last tab in the Task Manager, not found in Windows 2000, also has some very important functions. This tab shows all the users that are connected to the current computer. Suppose your friend wants to use your computer for some time and you do not wish to close your documents then you can easily Switch User and let your friend login in some other account (assume that he has a account on your compute), then if your friend opens Task Manager and goes to the Users tab, he or she will be able to see that you are connected. He or she can then Log you off or connect you back. Logging you off will cause your open account to be closed, you may or may not be prompted to save your work depending on the application it was. Connecting you will cause your friend to enter the Switch User phase and you can again use your computer as you had left it (your friend has not logged off, that means he is still connected). You can even send the other user a console message that he or she will see when he or she logs on. The Windows XP task manager also allows you to put your computer to Stand By mode, or Hibernate, or Turn off, or Restart, or Log Off, or Switch Users all at the command of a single click. To do any of the above go to Shutdown on the Menu bar.
Page | 73
Riyaz Ahemed Walikar
A Beginners Approach to Windows Another interesting thing that you can do with task manager is that you can select Options >> Hide when Minimized. This causes the task manger to get minimized to the system tray when ever you minimize it. This feature allows you to open the task manager quickly in situations where heavy processing will be done and you fear the application that you may want to open may hang causing Windows to give a hard restart. In such cases Task Manager will open up more quickly since it just has to come to the foreground and then you can use it to close unresponsive programs. Whenever you open task manager a small graph kind of icon comes in the system tray which shows the CPU usage by applications. You can move your mouse pointer over it to see the amount of CPU usage through a tool tip that pops up. This was the general Windows Interface, now its tuning time. Lets see the Control Panel in the next Chapter.
Page | 74
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Challenges: 1. Change the Icons for My Computer and My Documents. 2. Create a Folder called Test in your C: drive and add this folder to the Send To menu of the right click context menu of files and folders. 3. Search the executable that is actually running as the Security Accounts Manager service. 4. Open Task Manager and locate the Security Accounts Manager service executable and try killing it and note the error. 5. The default for opening *.txt files is Notepad, change that to WordPad. 6. Add a separate option to the right click menu of *.jpg files. The option should be Open with MSPaint and the selection of the option should open the *.jpg file in MSPaint. 7. Create a System Restore Point with the name System Restore Test.
Page | 75
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER V
The Control Panel This chapter offers an understanding of the Windows Control Panel and its components. The most important and default components of the Control Panel have been explained. Most of the matter contained in this chapter will also be found strewn around in the entire book but they have to be reported here as a base since the Control Panel is the centre for all user configurable procedures. After this chapter the reader should be able to: List all the Control Panel extensions found on a Windows XP system. Uninstall unnecessary programs Install fonts. Clear Internet History and Temporary files. Create an Internet connection. Make a home network. Change display settings and virtual memory settings for better performance of games and applications. Apply Logon and Logoff sounds amongst other Windows sounds. Create Users and customize them. Use the Control Panel to tweak and configure XP for better and customized performance. Note: This chapter has been written with Windows XP as the base. The descriptions may appear to be different for your version of Windows.
Page | 76
A Beginners Approach to Windows The Windows Control Panel is the centre for all system configurations, though not all but almost everything in Windows can be configured here. This includes the sound, video, services, virtual memory, date and time, installed hardware, disk drives, installed applications, users, network connections, fonts and a hell lot more. The control panel itself is a .exe called control.exe located in %systemroot%\system32\ on Windows XP systems. To open the Control Panel go to Start >> Settings >> Control Panel or My Computer >> Control Panel either from the main window or from the Common tasks pane. Control Panel can also be opened by going to Start >> Run and by typing control.exe.
V.1: Control Panel & Extensions (*.cpl) The Windows Control Panel like any other exe has its own files, just like WinWord (Microsoft Word) has support for .doc files or for that matter Microsoft Visual basic (vb6.exe) has support for .vbp and .frm files. All the components that you see in the Control Panel, called applets, are actually files with a .cpl extension found in the system32 folder. Other then the usual .cpl files, the Control Panel also supports some extended components like the Windows Fonts Folder, Folder Options, Scheduled Tasks and Administrative Tools amongst others. After you install Windows the standard Control Panel components that you usually see are the following:
Accessibility Options (access.cpl) Add Hardware (hdwwiz.cpl) Add/Remove Programs (appwiz.cpl) Administrative Tools Date & Time (timedate.cpl) Display (desk.cpl) Folder Options Fonts (%systemroot%\fonts\) Internet Options (inetcpl.cpl) Network Connections (ncpa.cpl) Regional and Language Options (intl.cpl) Scheduled Tasks System (sysdm.cpl) Taskbar & Start Menu Sounds and Audio Devices (mmsys.cpl) User Accounts (nusrmgr.cpl)
Although you may see more this is the standard list. After installation of modem devices and graphic cards or other devices you may see more items. These individual items may differ on different computer depending on the hardware and software installed; hence these are excluded in the current chapter. The Control Panel on your computer may look completely or slightly different from the descriptions penned down but that is because of the Windows XP styling and nothing else. The Control Panel can be displayed in two ways: Classic View & Category View. The components and procedures (including all dialog boxes and actions) remain the same but the methodology involved in opening the actual component itself differs. Just to make it clear let us take an example; open Control Panel; now if its in Category View (it will be written in bold: Pick a category) click on Appearance and Themes. In the new page that opens click on Display under the „or pick Control Panel icon‟ section. This will open up the Display Properties dialog box. Else if it is in Classic View, double click on Display to open Display Properties. What finally opened was the same thing, only the way of opening it was different. The reason that the Classic View has been taken up here instead of the Category View, which is much more efficient, is that the Windows 98 Control Panel has a design similar to the Windows XP Control Panel in Classic View. You can easily switch over to the Category View in Windows XP by selecting Switch to Category View in the common tasks pane.
Page | 77
A Beginners Approach to Windows
If the Common Tasks pane is not visible then go to Control Panel >> Folder Options. In the Folder Options dialog that opens up, under the General tab select „Show common tasks in folders‟ option. Click on OK to save changes. This setting is universal; it will affect all folders in explorer and its good.
There are several advantages of using the Category View of the Control Panel. First of all it allows you to open certain specific locations extremely easily. For example if a newbie is told to change the wallpaper, the person will wonder where to go. Even if he manages to open Display Properties, he will have to again click on the desktop tab. This has been simplified in the Category View. You know that the wallpaper has something to do with the Appearance of your computer so you have to click on Appearance and Themes and then select Change the desktop background from the Pick a task… section. See the Common tasks for more interesting and useful places. The second and perhaps a bigger advantage is that the Category View allows you to start Troubleshooters for certain specific topics like Display or Sound etc. You can run a troubleshooter just by the click of a button. Troubleshooters are specially designed step by step problem solvers that Microsoft has designed for its Windows Users. You may face a problem with your computer hardware or software; then you can easily run a troubleshooter for the specific problem and correct it. To see all the available troubleshooting items go to Start >> Help & Support and type List of Troubleshooters in the search field and press Enter to search. Click on the searched result under the Suggested Topics section The Classic View has its advantage that you can see each individual component and if you have the exploring nature then you can easily explore and do a lot of changes to your system. This chapter describes, as already mentioned, the Control Panel in its raw form, the Classic View. Let us see each component individually now.
Page | 78
A Beginners Approach to Windows
V.2: Accessibility Options (access.cpl) Windows was designed to be used by almost everybody. Using the Accessibility Options you can adjust your computer settings for vision, hearing and mobility. The Accessibility Options dialog has 5 tabs namely Keyboard, Sound, Display, Mouse and General. The Accessibility Options is meant to improve computing for all users by changing various available features of Windows like the keyboard and mouse. We shall see each of these tabs with due consideration.
Accessibility Options- Print Screen 5.1
Keyboard: Here you can change keyboard settings for specific kinds of users. This page allows you to modify key settings to be used by people who have difficulty pressing two keys simultaneously and for those people who type the same character several time continuously. There are three different types of methods or ‗key types‘ involved, StickyKeys, FilterKeys and ToggleKeys. StickyKeys are meant for people who have difficulty pressing two keys simultaneously. Selecting this option causes the modifier keys (Ctrl, Alt and Shift) and the Windows logo key to remain pressed until another of those keys is pressed. For example if you are playing a game which requires you to walk through a jungle (assume) and the keys to make the character walk are Ctrl + W. Now you may find it difficult to walk and jump or shoot at the same time. Then you can use sticky keys to keep Ctrl key stuck to the keyboard and just press the W key to walk. The shortcut to enable StickyKeys is by pressing the Shift key 5 times. You can also have Windows produce a sound when StickyKeys are activated. You can change these and other settings by clicking on Settings. Turning on FilterKeys will cause the keyboard to ignore repeated or brief keystrokes. Select the checkbox and press Apply to enable FilterKeys. The default is 1 second. For example to type the word astalavista it will take 11 seconds because each character will come on screen after keeping Page | 79
A Beginners Approach to Windows the respective key pressed for 1 second. You can also adjust the keyboard repeat rate, which is the rate at which a key is repeated when you hold it down. These and other settings can be adjusted by pressing Settings. The shortcut to enable FilterKeys is to hold down the right Shift for 8 seconds. Turning on ToggleKeys will cause a high-pitched sound to emanate from the computer whenever the CAPS LOCK, NUM LOCK or SCROLL LOCK keys are pressed and a low pitched beep to be sounded whenever any of these keys are put off. The concept of ToggleKeys comes in handy if you are not sure of your typing, like me, and keep on pressing the CAPS LOCK key again and again instead of pressing ‗a‘. With the beep you can immediately be made aware that these keys are pressed. For those who are not interested in the sounds can always have a look at the keyboard ‗lights‘ to get ready info. The shortcut to enable ToggleKeys is to hold down the NUM LOCK key for 5 seconds. You can enable or disable this shortcut under Settings of the ToggleKeys frame. Some programs have additional help for keyboard usage. This help is usually not visible but can be enabled by selecting the Show extra keyboard help in programs option. Sound: This tab has an interesting component called the SoundSentry. Turning on the SoundSentry causes Windows to flash part of the screen whenever the computer produces a beep. You can specify which part of the screen to be flashed when a beep is made. The available options are the current active window‘s title bar, the entire active window or the entire desktop or screen. To see the effect, enable ToggleKeys and then enable SoundSentry and select to flash the desktop. Click on Apply to save settings and then press the CAPS LOCK key to see the effect. You can also use ShowSounds to instruct programs that usually convey information only through sounds to also provide all information visually, such as display of informative text and icons. Display: The options in this tab can change the current display into one with very high contrast for users with disability in reading. The contrast scheme can be changed by pressing Settings and selecting another scheme from the drop down combo box. The shortcut to switch to high contrast mode is left Alt + left Shift + Print Screen. You can also change the cursor blink rate and the cursor width. Move the sliders to see the effect. Click on Apply to save settings. The best place to see the effect is the Run command box. Go to Start >> Run for this purpose. Mouse: Under the Mouse tab you get to enable something called as MouseKeys which enables you to use the NumPad keys to move the mouse pointer, click, drag and double click items just like you would be using the mouse. The shortcut to enable MouseKeys is left Alt + left Shift + NUM LOCK combination. You can change the pointer speed and specify its Top speed and acceleration. Keep the arrow keys pressed to accelerate and Insert key (on the NumPad) to click and Delete key to click activate. Press Settings to change these and other options. General: This tab has options for general application of the entire Accessibility Options dialog. You can turn of the accessibility features if they are idle for about 5 minutes or so. You can change the time according to your settings from 5 minutes to 30 minutes. You can also configure your computer to produce a sound when turning a feature on or off. You can also ask a warning message to be given when turning a feature on. There is something called as SerialKeys which allows you to attach special input devices to the computer‘s serial port. These devices, also called augmentative communication devices, are for people who are unable to use the standard keyboard and mouse. There is also a frame called Administrative options which allow you to apply all accessibility options of the current user to the logon desktop which means that all users who will be logging in will be able to use these features. You can also make the current accessibility options the default template for new users. This means that whenever a new user will be created these accessibility options will be pre-selected for that user too. These settings can only applied by an Administrator or a person of the Administrator‘s group. Always press OK to save and exit.
Page | 80
A Beginners Approach to Windows You can also open the Accessibility Options directly without going to Control Panel. Just go to Start >> Run and type control access.cpl. Though just typing access.cpl at the Run prompt will open the Accessibility Options on Windows XP it may not work on other Windows versions.
V.3: Add Hardware (hdwwiz.cpl) Whenever you reinstall your operating system or attach a new device to your computer you may (almost always) require to install drivers or support software for the device to work properly. Many devices are of Plug and Play type like Removable USB drives (commonly known as pen drives) which usually do not require drivers, Windows provides built in support to these devices. Device drivers are usually supplied along with the device by the manufacturer. Like for example your computer may have an internal modem whose drivers are usually shipped in a disk (usually a CD or a floppy disk), you can then use this disk along with the Add Hardware wizard to install the device safely. The first screen will give you a warning kind of thing saying that if the hardware came with an installation disk then use it instead of using this wizard. This is actually a confusing statement since Windows checks the CD also (later in the Wizard) to see if it contains the drivers for the hardware which is actually safe because these CDs usually contain drivers for other hardware or may contain drivers for several OS versions which will confuse you more than ever.
Add Hardware Wizard- Print Screen 5.2
Click Next to continue, Windows will now search for all the hardware connected to your computer (installed as well as those lacking drivers). If you have connected the device to your computer and switched it on (like an external modem etc.) then the Add Hardware wizard will prompt you with another new wizard whose sole purpose will be to install drivers for this new device. This new dedicated Wizard called the Found New Hardware Wizard will search for your hardware‘s drivers automatically or through a specific location. If an installation disk (like the CD ROM or floppy disk) came along with the hardware then insert it into the computer now. The best option is to use the recommended setting i.e. to install the software automatically. Just select it, press ‗Next‘ and relax. If the installation disk has the necessary files then you will see a file copy progress dialog. An important thing to be mentioned here is that Windows checks the files that are being copied and Page | 81
A Beginners Approach to Windows you may be warned that the product has not undergone testing to verify its compatibility with Windows XP. If the manufacturer has provided you the installation disk assuring you that it contains drivers for the hardware on an XP system then you can take a risk and continue installing or if you do not wish to take a chance then you can Stop Installation. The Warning is displayed because Microsoft has not tested the hardware you are installing, since there are so many different varieties of hardware available and in locations spread across the globe that it becomes difficult for even Microsoft to test and certify all of them. Microsoft has a Hardware Compatibility List that shows all the hardware that can be used on a Windows XP system without any problems. The list is displayed at their website. If you have managed to get the drivers from the net or have copied the files to your system or you know the exact location on the disk (which folder and all that) then you can always use the ‗Advanced‘ option to install from a list or specific location. Click ‗Next‘ to proceed. The next page gives you 2 options, either you can ask Windows to search for the best drivers in the locations specified or prevent Windows from searching the driver assuring it that you will choose the driver to install. We shall see both these options. The first one and by default selected is Search for the best driver in these locations. If you know the location of the driver files then you can check the Include this location in the search: option and Browse for the location. A funny thing is that you can‘t select a location which does not have an *.inf file that is, if you search your computer through the Browse for folder dialog for a folder, you cannot press OK until a folder with an *.inf file is not found. That‘s advantageous in one way, you will at least land in the correct folder since *.inf files as you know contain setup information without which the drivers cannot be installed.
The entire computer‟s hardware and other software‟s *.inf files are kept in %systemroot%\inf\ folder. Hence incase you uninstall any of your computer‟s device in the future you can always search for the inf in this folder. The folder is usually not available through the Browse for folder dialog because its attributes are Superhidden, but you can type the whole path in the space provided.
If you select the second option of Don‟t search. I will choose the driver to install, you will be shown a list of all hardware connected to your computer. Select the type of device that you are installing and click Next. Windows does not guarantee you will find your driver here or the driver you find in this list will be the best for your hardware but it maintains a list of all drivers that have been used on the system and displays them accordingly. If your device manufacturer is not listed then click on Have Disk, select the drive of the installation disk and click on OK. If you don‘t have the installation disk, then select a driver from the menu and click on Next. You may have to restart the computer to for the hardware to be made available to Windows. See the reminder balloons that pop up in the system tray for handy information. If for some reason the device had a problem like if the device could not start etc. then you will be prompted to start a troubleshooter but in most cases the troubleshooter is started automatically if a problem is detected. This was the description of the Found New Hardware Wizard, the sub part of the main Add Hardware Wizard. If your device is not Plug and Play compliant then you can still add the hardware by using this wizard. Just click next on the first page and when the wizard asks you whether you have connected the device to the computer or not select that you have connected it and continue. You will see a list of all hardware on your computer. Here you can troubleshoot any devices that are giving problems (marked with a yellow exclamation) or add a new device by going to the bottom of the list and selecting Add a new hardware device. You can then search and install the hardware automatically or select it from a list. If all has gone according to the description then your device should be functioning normally. In case you do not have the drivers for your hardware then you can always search the net.
Page | 82
A Beginners Approach to Windows You can also start the Add Hardware wizard without going to Control Panel. Just go to Start >> Run and type control hdwwiz.cpl.
V.4: Add/Remove Programs (appwiz.cpl)) When any program is installed, Windows keeps a record of the program in the registry and displays the list of all the programs in the Add/Remove Programs Control Panel applet. This component of the Control Panel has taken a complete turnover from its Windows 98 counterpart. The Add/Remove Programs has four sections Change or Remove Programs, Add New Programs, Add/Remove Windows Components and Set Program Access and Defaults. We shall see each of these components individually.
Add/Remove Programs - Print Screen 5.3
The most frequent and important use of the Add/Remove Programs is, as the name suggests, is to Add or Remove installed programs. Adding of programs through this applet is not recommended since setup files don‘t always have the name setup.exe and some other exe may be executed in the procedure. Anyways that‘s for later, coming back to the removing or uninstallation of programs, as it is technically known, is an important procedure since some programs may occupy large amounts of space on your hard disk and you may be hardly using them. For example you may install a game that takes almost 800 MBs of your precious hard disk. Its useless keeping the game on your computer after you have finished the game. You could always use the 800 MBs for something more useful. It is always better to uninstall an item if you have the original installation files on a CD or your hard disk. And just like installation of the game or any item is done through an interface (usually the setup.exe file), its uninsatallation too deserves a proper ceremony. That was for the lighter part but the actual reason why we have to uninstall stuff and not just delete them is as follows. Any game or program uses menus and dialog boxes and/or the graphics hardware Page | 83
A Beginners Approach to Windows options in Windows. Now, Windows provides menus and dialogs through its files like comctl32.ocx etc and program specific configuration and data is found in its associated dll and ocx files. These files may be copied to the system32 folder during the installation of the program and registered into the Windows registry that they are there and so and so program uses them. If you delete the program folder, you will leave the extra dll and ocx files in the system32 folder and their (now) redundant information in the registry. This may cause crossover linkages between files and may also slow down Windows registry access speed in the long run. To avoid this programs have to be properly uninstalled and not deleted. When you open Add/Remove Programs, the default page that is shown is the Change or Remove Programs. This is your main page and you will be able to see a list of all the installed programs on your computer.
You can actually uninstall a program in two ways. One is through the Add/Remove Programs menu and the other is through the programs uninstaller itself. To access the programs‟ uninstaller, click on Start >> Programs and navigate to the program you wish to uninstall. If you are lucky (because some programs don‟t have uninstallers and rely on Windows to do it for them) then you will see an uninstaller in the menu. Click on it to start the uninstaller or if it is not there then use Add/Remove Programs.
You can sort this list according to the Name, Size, Frequency of Use and Date last used. Sort using Size and check the largest program which you have installed on your computer. To uninstall a program click on Remove to start the corresponding uninstaller. Sometimes some programs allow you to do a fresh install by replacing the original program. If there is a Change button next to the Remove button you can use it to change the original program. Windows also allows you to go to the Software programmers‘ company website and search for additional information and product updates. You can do this by clicking on the Click here for support information (if it is there) to go to product support websites. On thing to note while uninstalling any program is that Windows might encounter files that are shared between multiple programs (.dll or .ocx files) and will prompt if more than program is using it. Majority of the times keep the files, else other programs may stop responding normally. The next page that Add/Remove Programs can show you is the Add New Programs which allows you to install programs. This is not a recommended procedure as already mentioned because not all install (setup) programs have their names as setup.exe and can be misleading since other exe files are also displayed and can be executed. Anyways to open the Add New Programs page click on the menu in the left hand side of the page. Here you get two options; one is to add a program from an installation disk like floppy or CD and the other is to add new Windows features, device drivers and system updates from the internet. This is the same as using Windows Update from the Start Menu. When you click on the CD or Floppy button on this page, a program installation wizard opens up which searches for executables with the name setup.exe, install.exe, uninstall.exe or names which are derivatives of the above. If it does not find any setup files it will inform you of the same and then gives you an option of searching for the executable manually by clicking on Browse.
Page | 84
A Beginners Approach to Windows
Windows Component Wizard - Print Screen 5.4
The next in line is the Add/Remove Windows Components (Print Screen 5.4) which allows you to add or remove some of the components in Windows XP. When you click on this button you will see that the Windows setup starts up and displays you the current list of all installed Windows components. You can then add or remove components by checking on the respective check boxes. Some of the Windows components that can be installed or uninstalled in this manner are Accessories like calculator, paint and character map alongwith Windows games, Internet Explorer, MSN Messenger, Internet Management services and lots more. To see sub sections or further information and instructions click on Details where available. You can also start the ‗Add/Remove Windows Components‘ wizard by going to Start >> Run and by typing sysocmgr.exe /i:sysoc.inf. Where sysocmgr.exe stands for System Optional Component Manager and is an executable found in the System32 folder and sysoc.inf is the setup information file found in %systemroot%\inf and contains windows installation information for its several components. The last option accessible through the Add/Remove Programs interface is the Set Program Access and Defaults. This is an interesting settings page and many a people are unaware that it actually exists. This page allows you to configure most commonly used applications to suit your needs. You basically have three choices; Microsoft Windows, Non Microsoft and Custom. Each of these choices allow you to select your defaults for common and everyday usage programs. Like if you select Microsoft Windows, your default Web Browser will be set to Internet Explorer, Email Program will be Outlook Express, Media Player will be the Windows Media Player, Messaging Program will be MSN Messenger and Java Virtual Machine will be set to the Microsoft Virtual Machine. Likewise if you select Non-Microsoft your computer‘s settings will be changed that using Non-Microsoft components. The best option is to select custom and select individual components yourself. Click on the small double arrow on the extreme right of the choice name to expand individual items. Click on OK to save settings. You can also start the Add/Remove Programs applet without going to Control Panel. Just go to Start >> Run and type control appwiz.cpl.
Page | 85
A Beginners Approach to Windows V.5: Administrative Tools Administrative Tools as the name suggests is available only to administrators and novice users are cautioned against changing any settings as these may reflect on the overall performance of your system. The Administrative Tools differ slightly when spoken in context with Windows 2000 and Windows XP. Administrative Tools is a collection of around 7 items, the number varies with different computers and different configurations. 4 of them, the most important and equally interesting to the beginner, are explained in this section. They include Computer Management, Performance, Event Viewer and Services. Out of these Event Viewer and Services can be accessed through the Computer Management console and hence will be covered under it. Computer Management can also be accessed by giving a right click on My Computer and selecting Manage. The Computer Management console window has two parts; the left hand side has an
explorer kind of view and you can select items on the left to display their contents on the right. The first item that you see on top is System Tools which has 4 subsections. Under the Event Viewer section you can read informative logs for Applications, System and Security. For example if you have an application that crashes frequently then you can check out the Event Viewer >> Applications log for details. The System logs contain general as well as error details for all Windows based services and general applications. The Application logs contain information pertaining to applications and error causing programs. Like for example we know that all programs require dll files to run (the dll files may be Microsoft or Non-Microsoft in origin) and if a program crashes frequently then you will be able to see what dll or module caused the error and you can take necessary measures like reinstalling of the application or reinstalling just the dll. The Security logs have no much information for beginners but advanced users can grasp hordes of information from them. These logs show something called as Security Audits. Whenever you start your computer, each and every program or service that starts gives an OK signal to the OS asserting that it has successfully started under a specific username alongwith other information about its logon. This is called an Audit. Security Logs contain both Success Audits as well as Service Failure Audits. Shared folders show you the shares, sessions and open files that are being used by network resources or by users logged on to the network. These folders are visible even though your computer may not be on the network. Next in line usually is the Performance Logs and Alerts section which gives you advanced system performance information. In the Counter Logs page you will see logs of System Performance which can also be read manually by going to %systemdrive%\perflogs\System_Overview.log. You can also read Trace Logs and System Alerts in this section. The Device Manager snap in comes next. One of the most important components of the Microsoft Management Console, the Device Manager shows all the hardware that is attached to your computer. The Device Manager contents are structured in a tree like format. Right on top you will see your computer name with all the other hardware connected to it below. You can click on the individual plus signs to expand each component. If a device does not have drivers installed, you will see a question mark as the device icon. If a device has problems starting then you will see an exclamation mark next to the device icon. Usually devices do not start or function improperly if there are no free resources for it to function. Disabled devices are usually marked with a small red cross. You can right click on any device or your computer name and select Scan for hardware changes so that Windows searches for additional devices and refreshes the current list. By default devices are shown by type. You can change this View to devices by connection or resources by type and resources by connection. Click on View on the Menu bar to change options. Just double click on a device or right click and select properties to view the properties page of a device. You can start a troubleshooter for a device if it is having problems or update drivers from its Properties page or from the right click menu.
Page | 86
A Beginners Approach to Windows
If a device is having problems starting then first try uninstalling the device from the system. This can be done through the Right Click menu of the devices or through the Properties page and then scan for any hardware changes. If the problem still persists then try uninstalling devices that have their resources close to that of the current device. This has to be done with utmost care since you may uninstall some other important device. This could lead to your system to malfunction.
The next section in the Computer Management hierarchy is the Storage section which has disk and storage related components. The first in line is the Removable Storage which displays Media libraries and ejectable drives so that Media files can be loaded to be played on your system.
Windows Disk Defragmenter- Print Screen 5.5
The next and another very important part of Computer Management in general is the Disk Defragmenter (Print Screen 5.5). As explained earlier whenever you copy files to your hard disk from external devices or when you execute an instruction, data is continuously being written to and from the hard disk. This is done in a very haphazard manner on the small scale. Windows tends to store the file in the largest continuous space available which may be different sectors for the entire file. This causes the computer to perform slowly since every time the file is opened Windows has to search and assemble the entire file again and again. Defragmenting is the process by which parts of files are written to contiguous (or alternate) sectors so that access and retrieval time of the computer is reduced. When you click on the Disk Defragmenter icon, Windows will display all the volumes (partitions) on your hard disk. They will have the same label names as that shown in My Computer. You can select to Analyze your drive or Defragment it. Actually Analyzing is recommended since Windows will carry out analysis of all files on the selected drive and show you a report of which files are the most strewn around and whether you should actually defrag your volume or not. Do not run or open any applications when Disk Defragmenter is running because any Input Output request to the hard disk is treated as a new start by the Disk Defragmenter and you will find it resetting itself after every few minutes. Disk Defragmentation can take some time since lots of data has to be moved and rearranged (it all
Page | 87
A Beginners Approach to Windows depends on the amount of data on your hard disk) but what you get is a faster and more reliable computer after waiting it out patiently. Next we have the Disk Management section. This part of Computer Management allows easy configuration of disk drives connected to the computer. You can even mount entire partitions into a folder on some other drive. The Logical Disk Manager Service provides information about all online as well as offline disks. Online disks are those in which data can be written or which is physically present like your hard disks. You can even change drive letters and mount partitions as NTFS folders into other drives or folders. For example suppose your computer has 3 NTFS drives (C:\, D:\ and E:\). You can mount the D: and E: drives into your C: Drive so that they are accessible from C: itself. You don‘t have to go to My Computer to open these individual drives. Just right click on the drive that you want to mount and select Change Drive Letter and Paths and then click on Add. To change a drive letter click on Change. Windows cannot change or remove the drive letter of the system drive. You can also change the view of the Disk Management Snap in to suit your needs. Click on View on the menu bar and select the Top and Bottom sections. To change the color and pattern of display select Settings from the View menu. The next and last section is the Services and Applications section which shows all the services installed and configured on the computer and which also allows you to control Indexed directory settings. We have already seen in the previous chapter how indexing service helps us to search faster, but is slightly memory consuming. Here you can easily add or delete existing drives and folders that are indexed. Many people are unaware of the powerful ―infile‖ searcher of Windows. This is not a separate program but a query that is parsed to the Indexing Service. Click on Query the Catalog >> and in the Search text box enter the character you wish to locate through the indexed records. Make sure the Indexing Service has started for the query to work. Let us take an example to make this clear. Suppose you have a file in your D:\ drive and which has the word social in it. By in it I mean in it, like a text file with the words Man is a social animal. The file may be of any Office Application or a normal text, *.ini, *.inf. or webpage. Querying usually returns results which are sorted by Rank in ascending or descending order whatever the Results may be. Administrative Tools provide solutions to customize internal Windows settings and adjust devices etc. Please use the Administrative Tools carefully. Since Administrative Tools is a folder dragged as a snap in by the Management Console. Hence it is not possible to use something like control Admintools.cpl since AdminTools is not a control panel extension. But you can use the same line to open Administrative Tools. Go to Start >> Run and type control AdminTools without any extension. The Control Panel calls Explorer to show the Administrative Tools folder through Control Panel when this command is executed.
V.6: Date & Time (timedate.cpl) Windows allows you to change the system time and your current time zone through this small applet. Open the Date and Time Properties box from the Control Panel to change the current month and year. It allows you to change the date, month and year along with the time. Any changes here will also be reflected in the system BIOS. Click on a date on the date chart that is displayed. Click on the month combo box to select a month and enter the current year manually or click on the updown arrow keys to change year. Click on Apply to save settings. Windows can set the year from 1980 to 2099.
Page | 88
A Beginners Approach to Windows
Date & Time Properties - Print Screen 5.6
Every individual machine on this planet comes under a certain Time Zone just like everything else. To set your current time zone according to GMT standards click on the second tab i.e. the Time Zone tab. Select your location from the drop down list. If your location is not listed then select a location which is closest to yours‘. Click on Apply to save changes. The third tab called Internet Time is of practically no use for home users. Windows allows users to synchronize your computer‘s time with that of an internet time server through this tab. Select a time server and press Update Now. Of course, synchronization will only occur if you are connected to the internet and hence this serves little or practically no function for the common home user. It shouldn‘t bother you anyways; you can always look at the clock hanging on your room wall for reference. But when it comes to offices and industries, synchronizing time with servers becomes important for businesses to work properly with clients all around the globe. If you have installed Windows yourself then you may recollect that you had done date and time settings when installing Windows along with Time Zone configuration. All these settings can be changed here. Sometimes it may so happen that some programs may crash unexplainably or may say that the program cannot be run since it has expired. In such cases open the Date and Time Properties dialog and check for the year for usually this is the culprit. In many cases the system's BIOS changes the year to something Windows cannot recognize. Like once when I had my computer‘s BIOS reset, the year that Windows was following was 385210, which is quite absurd!! These problems may arise if you have replaced your computer‘s CMOS battery or if you have reset your BIOS. You can also open Date and Time by double-clicking the clock on the taskbar or by giving a right click in the system tray and selecting Adjust Date/Time. Also you could go to Start >> Run and type timedate.cpl.
Page | 89
A Beginners Approach to Windows V.7: Display (desk.cpl) Windows allows you to change and customize desktop related settings specific to each user. This means that each user on a Windows XP or Windows 2000 can have their personal theme, wallpaper, screensaver and their own appearance for buttons and toolbars. Open the Display Properties applet through the Control Panel or right click in an empty space on the desktop and select Properties. The Display Properties dialog usually has 5 tabs named Theme, Desktop, Screen Saver, Appearance and Settings. ―Usually‖ because sometimes it happens that some unwanted registry changes by programs may cause one or more tabs to be invisible (Read more in the chapter on The Windows Registry). Whatever the case the full fledged Display Properties displays 5 tabs, each one of which has been covered in depth below.
Display Properties - Print Screen 5.6
To change the way Windows looks, click on the Themes tab. Although it is by opened by default when you start Display Properties, if it is not then you can always click on the tab. A Theme is defined as a collection of background wallpaper, desktop settings, icons, sounds and start menu customization. You can create individual themes by changing various settings on your computer through the Display Properties dialog and then save it as a theme through the Themes tab. By default when you install Windows, it gives you just two themes. One is the Luna theme (Windows XP desktop) and the second one is the Windows Classic theme (Windows 2000 desktop). You can save your current desktop and visual settings by clicking on Save As and by typing a name for the theme. After saving the theme, it will be visible in the theme drop down list. You can even go online and search for themes by clicking on ‗More themes online‘. The features that are saved as part of your custom theme are your Desktop background wallpaper, its position (Tiled, Stretched etc.), color, icons, screensaver, Windows & buttons, color scheme, font size, pointer schemes or individual pointers, sound schemes and individual program events. Most of the above settings can be done through the Display Properties dialog. For the Sound and Mouse Pointer settings read on. You can even delete themes that you don‘t require. You cannot delete the themes that came installed with Windows.
Page | 90
A Beginners Approach to Windows The next tab is the Desktop tab which allows you to change the current wallpaper and desktop icons. To select wallpaper just select one from the several shown in the Background wallpaper select box. This space shows you wallpaper from the current users My Pictures folder and from the %systemroot%\Web\Wallpaper folder. It is not necessary that you apply wallpapers that are found in these two directories only. You can use the Browse button to search for a wallpaper and then click on Apply to apply the wallpaper. In the preview pane if the selected picture does not appear appealing to you then you can change the Position of the picture to stretch, centre or tiled. Stretching will cause the wallpaper to fill the screen and tiling will cause the picture to get repeated over and over again and again over the entire desktop. You can change the icons of My Computer, Recycle Bin, My Documents and My Network Places. You can also enable or disable desktop icons from being visible by clicking on Customize Desktop. You can even run the desktop clean wizard which helps you in removing desktop icons which have not been used for a long time. You can even display a web page on your desktop through the Web tab under the Desktop Items dialog. The Screen Saver tab allows you to select a screen saver and have it activated after a certain time of user inactivity. A Screen Saver is basically a program with a .scr extension that should be run if you are not going to use your computer for sometime and will not be shutting down. Screen Savers are usually pleasant designs or moving images that are shown on your screen by covering it fully. Screen Savers are to prevent ―Screen Burning‖. We all know that the computer‘s monitor is made of a picture tube just like a Television. If left inactive for some time with the same image displayed on the screen, the image kind of gets electrically ―stuck‖ to the screen. If you shutdown your PC after such prolonged gap of inactivity, you may be able to see a ghost image on the screen even after you shutdown which will slowly disappear. Frequent occurrences of such cases can damage your computer‘s monitor. Anyways, coming back to the Screen Saver tab, you can select a screen saver from the drop down menu. Select a screen saver to display a miniature preview in the small monitor in the tab. To see a fullscreen preview of the Screen Saver click on the preview button and don‘t move the mouse. You can specify how much time you want the screen saver to wait before it pops up when system is inactive. On Windows XP systems you can have the screen saver to display the Welcome Screen by checking the option available. Another option could be to put your computer in a low power state when idle. You can have Windows turn off your monitor or your hard disks or you can cause your system to standby or hibernate (if available) after a specified period of time. Select a time unit from the drop down menu for any of the available options or select pre-customized Power Schemes. You can even save your customized Power Scheme for future use. It is advised not to turn off your hard disks if you are using a Desktop Computer (PC) and when using AC Power Supply. The Appearance tab allows you to change literally every visible option in the Windows Interface. You can change windows, buttons, message boxes, text, title bar captions, font size of captions, scrollbars, tooltips and icons. To change the color scheme that Windows is currently using click on Color Scheme and select one from the drop down menu. Check out the Maple color scheme, it‘s cool. Click on Advanced to change individual settings. Click on Apply to see the effects. You can even save the then new look of Windows as a Theme by going back to the Themes tab and selecting Save As. If you want to change back to the previous look of your Windows system you can go to the Themes tab and select Windows Classic or Windows XP depending on your taste or change back each and every setting manually back from the ―Advanced Appearance‖ dialog of the Appearance tab. You can even select effects like Tool Tip fading and hiding of Keyboard Navigation buttons until Alt is pressed. Try them out to see the changes. The last tab is the Settings tab. This tab may vary on different computer due to difference of video cards. This section of Display Properties allows you to change the screen resolution and, if allowed by the graphics adapter, to change the gamma (brightness) of the screen. Your graphics adapter name along with the Monitor support will be displayed here. You can change the screen resolution by varying the slider towards more or less. You will see a small preview in the Preview Monitor. My Video Adapter supports just 2 modes, 800 X 600 and 1024 X 768 pixels. The modes will vary on different machines. Click on Apply to change the resolution. Your screen will go blank and a Windows message box will pop up which will ask you if you would like to keep the configured Page | 91
A Beginners Approach to Windows Monitor and Desktop settings. If you like the new desktop look, then click on Yes, else to revert back click on No. By default Windows will revert back to its original settings if no button is clicked within 15 seconds. Keep the Color Quality at Highest 32 bit mode for better visuals. Click on Advanced (if available) to change the Monitor and Graphic Card settings. In case of any problems click on Troubleshoot to start the Windows Troubleshooter which will help you in resolving you any issues with the graphics adapter or the monitor.
It may so happen that after you click on “APPPLY” to change the screen resolution, the screen will go blank and the monitor switches off or displays an out of frequency error. Do not panic in such a case and do not press anything on the keyboard because Windows reverts back to the original settings if no button is pressed after 15 seconds. Even after 15 seconds if the monitor does not turn on try pressing the monitor power on button on the monitor. If still the problem persists than start the computer in VGA mode. Read the chapter on Troubleshooting Common Problems to know more.
Display Properties can also be opened by going to Start >> Run and typing desk.cpl followed by Enter.
V.8: Folder Options Folder Options allows us to configure the look of folders and files in general. When you open Folder Options you will see that it has 4 tabs. The first called General allows you to change options specific to folders and view in general. The General tab has three frames. The Tasks frame allows you to enable or disable Common Tasks in folders. Common Tasks is the panel in explorer that is displayed in the left hand section of every folder opened. You can show common tasks or use Windows Classic folders. The second frame of Browse folders allows you to change the way folders open. You can have folders open in the same explorer window or cause folders to open in individual windows. The first setting is recommended since the second option consumes more memory. To understand the third frame you have to know what hyperlinks are. When you have to go to another location in a browser window you may get the option of clicking on text or a custom image or something that links the current page and the one that you are trying to view. In this frame you get to make all folder and desktop items act as hyperlinks. That means that a single click will cause the item to get activated. Like suppose you have a folder on the desktop which will open with a single click. This is advantageous for people who find double clicking tiresome. On the whole single clicking shouldn‘t be used for one common security reason. Viruses or some other malware may get executed by mistake. The Default option is to double click on a item to open it. The second tab is the View tab. This tab has options that allow you to display files and folders on your computer or network. The Folder Views frame has two buttons. One is a grayed out button that says “Apply to All Folders”. It is grayed out because ―Folder Options‖ has been opened through Control Panel; if opened through any other explorer window, this button is normal. This button causes the current folders settings to be applied to each and every folder on your computer. Like suppose you are in D:\ drive and your current folder settings are that the icons should be arranged in a list and Auto arrange is selected, then if you say Apply to All Folders then these settings will be applied to all the folders on your computer. “Reset All Folders” will cause all settings of all folders to default to the normal Windows Installation. These settings do not include the toolbar configuration.
To open Folder Options through any normal Explorer window (My Documents for example) go to Tools >> Folder Options, on the Menu Bar.
The Advanced settings options allow you to change a whole lot of things in the normal display and working of files and folders. Let us see all of them one by one. Under File and Folders, the first option causes Windows to search the network (if available) periodically to see if there are any Page | 92
A Beginners Approach to Windows printers or shared folders. If your computer is not a part of a network then you can disable this option. The second option allows you to see file size information of folders when you move your mouse over a folder. You may have noticed that a tooltip emerges which shows you the folder contents and approximate size of the folder when you move your mouse over it. Removing the check mark disables this option. The next option is to Display simple folder view in Explorer‘s Folders list. This option causes Windows Explorer (WinKey + E) to automatically display a folders contents as well as it subfolders when it is selected. The next option in line allows you to see contents of system folders like your %systemroot%, %homepath% and Program Files. These folders contain files required by Windows to run and work properly hence these folders and files are hidden by default. The next option allows you to display the full path in the address bar and the option after that causes Windows to display the full path in the title bar. The Do not cache thumbnails options disables the automatic storage of file thumbnails into a cache file called Thumbs.db. Windows can reuse the cache file to display folder contents if a certain folders View settings are kept to Thumbnails. If disabled, folders having thumbnail view will take slightly more time to open.
Under Hidden files and folders, there are just 2 options, show hidden files and folders and do not show hidden files and folders. These options allow you to hide or unhide files and folders having the hidden attribute. To see attributes of a file or folder, right click on the item and select Properties. As far as possible select the show hidden files and folders options, it is safer that way. This along with the next option disabled will allow you to identify and delete malicious programs and viruses. As we have already seen that there are several file extensions on a given computer. Windows to improve character and screen visuals hides known file extensions b default. This can be a serious security threat, since there are viruses out there that have the icon of a MS Word file and are .exe in extension. Now if the .exe part is hidden, how will you know that it is virus? Although when you select the file, common tasks and the status bar display sufficient information to tell you that the file you have selected is of type application, but majority of people hardly see here and may be tempted to open the file and read its contents, barely knowing that they will be executing a virus. Next option hides protected Operating System files. This is a recommended option and should be adhered to in most of the cases. A hidden system file has the attributes of hidden, system and read-only (usually). The ―Launch folder windows in a separate process‖ option causes Windows to open separate folders in separate memory space. Although this causes system stability to increase, this option is heavy on system performance. Under the Managing pairs of Web pages and folders section, you have options to select the behavior of web pages. Whenever you have a web page, you have an associated folder with it that contains all the extra code, images and button files etc. In this section you can allow Windows to manage the pair as a single file, or view and manage them as 2 complete individual entities. Finally there are options to make Windows remember each folder‘s view settings, make Windows restore previous folders that were open when you shut down or logged off, show Control Panel in My Computer, to show encrypted or compressed NTFS files in color (usually dark blue) and the option to show a pop up description of folder and desktop items. The next tab is the File Types which show all the file extension supported and their respective programs with which they open. This has been covered in the previous chapter, please take note. The last in line is Offline Files which allows you to work with files and folders stored on your network even when you are disconnected. This is made possible by creating a synchronized cache on to your local computer from all the network computers shared resources. You can update your Offline Files when logging on and while logging off. You can even configure Windows to show a reminder balloon (in the system tray) when computers on the network go offline. The interval between such reminders can also be changed. Encryption of offline data is also supported.
Page | 93
A Beginners Approach to Windows
Folder Options (Offline Files) - Print Screen 5.8
You can also select the amount of Hard Disk space to use (your system drive space) to store the Offline files. Click View Files to see the offline content. Under the Advanced options, you get to configure Windows to notify you when a system on the network goes offline. Offline files will be enabled only when Fast User Switching is disabled. More on this ahead.
V.9: Fonts (%systemroot%\fonts) A Font is basically a handwriting style that is user created and used by Windows and many other applications to change the style and formatting of a document. Fonts is a special folder that contains font files that the system continuously uses to read fonts and display them in various application like the Welcome screen and so on. The font‘s folder is found in the C:\Windows\ directory. Fonts can have various extensions and icons depending on the type of file. The general types of font usually found are True Type and Open Type. True Type fonts have a double ―T‖ written on the icon and those of open type have a O written on them. TrueType fonts are device-independent fonts that are stored as outlines. They can be sized to any height, and they can be printed exactly as they appear on the screen. On the other hand Open Type Fonts are clear and readable in all sizes and on all output devices supported by Windows. Open Type is an extension of TrueType font technology. Raster fonts are designed with a specific size and resolution for a specific printer and cannot be scaled or rotated. If a printer does not support raster fonts, it will not print them. The five raster fonts are Courier, MS Sans Serif, MS Serif, Small, and Symbol. Raster fonts are also called bit-mapped fonts. You can always double click and open a font file to see the writing style. You cannot copy any font out of this folder, to copy fonts out, copy the entire Fonts folder into some other location and then try copying. To install a new font on to your computer, just copy the font into the Fonts folder, the font will be installed. If a conflicting name or font is found then the font will not install saying that the font is already present and to uninstall the previous font if you want to install the new one. Another method Page | 94
A Beginners Approach to Windows of installing a font is to click on File >> Install New Font from the menu bar. Browse for the font through the search dialog and click on OK to install font. To uninstall a font, right click and delete the font. Another thing that you may notice is that the Folder Options when selected through the font‘s folder does not show the file type tab. Instead a True Type Fonts tab is displayed which allows you to select only True Type Fonts to display in programs. The font‘s folder can also be opened by going to Start >> Run and typing Fonts, without .cpl or anything since the fonts folder is an integrated explorer folder.
V.10: Internet Options (inetcpl.cpl) A whole lot of Internet settings can be tweaked and changed through the Internet Options. You can open the Internet Options dialog from Internet Explorer too. Open Internet Explorer and click on Tools >> Internet Options on the menu bar. Internet Options is also the dialog of Internet Explorer, which means that it can also be opened by the Right Click >> Properties option on the Internet Explorer icon on the desktop. There is a slight difference when you open Internet Options from the Control Panel and from the Internet Explorer‘s Tools menu. The difference is so small that you will hardly notice it: when you open Internet Options from the Control Panel, it is named as Internet Properties and when opened from Internet Explorer or from the right-click >> Properties of Internet Explorer desktop icon, then it is named as Internet Options. Both are the same, just the difference in the caption of the dialog. It is unexpected though….
Internet Properties - Print Screen 5.9
Internet Options has seven tabs normally. Each of these tabs can customize your Internet surfing and to a certain extent even your normal Windows working since Internet Explorer and the Windows Explorer are integrated at some levels. Let us now see the tabs of Internet Options in detail.
Page | 95
A Beginners Approach to Windows The first tab is the General tab that allows you to configure some common Internet Options like the start page and the time for which Windows should keep pages in History. You can also customize the way a web page looks, from this tab. From top to bottom; you have three frames. The home page is the address of a website or location that the browser (Internet Explorer) searches and displays when it is opened. Whenever you open the browser through the desktop shortcut or otherwise it will by default go to the page mentioned in the Address field of this tab. You have the option of selecting the default webpage by clicking on Use Default which makes ‗http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome‘ the default webpage. You can even keep the page to a blank by clicking on Use Blank, which sets the address field to ‗about:blank‘. Custom addresses are also allowed. For example if you want Google to be the home page whenever you open Internet Explorer then you can type in www.google.co.in in the Address field. Every time you view a webpage it so happens that the website copies files like images and sounds or animations into a Temporary Internet folder on your hard disk. This is done for faster loading of pages, since opening a file from you local machine is faster than opening it from a machine which is distanced in terms of network traffic. These temporary internet files contain an interesting and controversial group of files called cookies. Cookies are files created and maintained specifically for certain users to study their browsing habits. Lie suppose you login to a shopping website to buy a digital camera, this website will save a file on to the hard disk of your computer with information of your interest in digital electronics. Now suppose you login after a few days into the same website, the website searches and locates its cookie and then displays items that match your interest. If you are afraid that your privacy is at risk then you can delete cookies in the temporary internet folder by pressing the Delete Cookies button. Over a large period of time, the size of temporary files can become alarming. It is hence a healthy practice to delete the contents of temporary folders once in a while. Click on Delete Files to empty the contents of the temporary folder. Select the Delete all offline content option to delete locally stored web pages. To customize settings for temporary files click on Settings. Here you can specify how frequently you want Internet Explorer to check for newer file versions. You can even specify the maximum folder size that the temporary folder can have. Keep it as low as possible (1 MB). Here you will also be able to see the location of your temporary Internet folder which usually is %systemdrive%\Documents and Settings\%Username%\Local Settings\Temporary Internet Files\. You can change this location to another folder by clicking on Move Folder…. To view the contents of the temporary folder click on View Files…. To view Downloaded objects like executables and .msi scripts click on View Objects....which will open %systemroot%\Downloaded Program Files\ which is the default folder to store downloaded program folders. These folders will contain files even though you may not have downloaded them yourself. Many applications get updated once you connect to the Internet, these files are essential for the proper running of the applications that had downloaded them. Next in line is the History folder setting. The history folder contains links to pages or locations you have visited, for quick access. You can view the contents of your history folder by opening any Windows Explorer window or Internet Explorer window and pressing the key combination of ―Ctrl + H‖ which will open up a toolbar to the left of the screen through which you can view the contents of your history. You will be surprised to see the amount of data that can be retrieved from the history folders. You can even read your mails and online surfed data from the history folder. You can clear History manually by clicking on Clear History or by setting a count in the Days to keep pages in history: option. Keep this setting at 1 day. You can even keep it at zero but it can create problems with searching of history files. To change the color of the background or text (links – visited and unvisited) click on Colors… Here you can change the color of links that have been visited and even give hover color. Text fonts can also be changed irrespective of the font in which the webpage was originally written by clicking on Fonts… Some websites offer documents in multiple languages. You can specify these under the Language Preference dialog which can be opened by clicking on Languages… You can even override a webpage‘s setting of font styles, font size and color by selecting the respective options through the Accessibility… button. Click on Apply to save changes. Page | 96
A Beginners Approach to Windows
The next tab in line is the Security tab. This tab allows you to distinguish between websites on the basis of content. Web sites are divided into 4 zones. The first is the Internet zone, the second is the Local Intranet, the third is the Trusted sites and the last is the Restricted sites. You can add websites of your choice to any of the zones by clicking on Sites when a zone of your choice is selected. You can set the security level for these zones by moving the slider or by selecting custom options through the Custom Level button. The custom level options are usually meant for Administrators and individual descriptions are beyond the scope of this text. Individual configuration of each and every website you visit can be quite time consuming and tiring. The third tab is the Privacy tab. This allows you to set your online privacy settings, by customizing cookie configuration. Keep the setting on Medium by moving the slider up or down. You can even override automatic cookie handling by selecting the options available under the Advanced button. Keep the settings on Prompt for secure reasons. Internet Explorer will ask you for an appropriate option if a cookie is encountered. Individual cookie configuration for websites can also be done through the Edit button which will allow you to add websites of your choice whose cookies you want to enable or disable. The next tab, called Content, is provided for advanced Internet users. This tab allows you to configure the Content Advisor. Click on Enable to open the Content Advisor configuration page. Here you can select rating levels that can be viewed on your computer. Categories include Language, Nudity, Sex and Violence. These categories have rating levels on the internet. You can prevent these sites from opening by specifying the level that has to be shown. There is also a tab here that allows you to set a website as an Approved Site thus overriding any settings of the Content Advisor. Under the general tab of the Content Advisor you can allow users to see sites that have no ratings or/and allow a supervisor or the Content Advisor configuration personnel to enter a password to be able to see these websites. You can create a Content Advisor password by clicking on Create Password… You can even add Rating Systems by clicking on Rating Systems, the default installed is the RSACi. Under the Advanced tab of the Content Advisor, you can select a ratings bureau if some rating systems require to check or update their current rating levels. The Certificates frame allows users to change Certificate properties and details. Certificates are documents that contain information of how data should be encrypted while being transferred from one computer to another and they allow the Operating System to decode contents and give authorization users. You can Import your own certificates and customize options. It would be advisable that being a newbie, please do not change any options under the Certificates and Publishers buttons. Some websites require you to complete forms etc. Like for example suppose you want to create a new e-mail ID on the net, then you are required to fill in some details like your Name, Address, age, date of birth etc. which can be quite tiresome if you have many forms to be filled. You can use the Auto Complete option of Internet Explorer that automatically fills the details for you. You can create a Profile through the My Profile… button. The Connections tab shows you the Virtual Private Network (VPN) connections and the Internet Connections (including Dial-Up and Broadband). To setup an Internet Connection click on Setup to start the New Connection wizard (covered in detail later). You can also add other network connections like VPN, ISDN or/and Direct Computer Serial connections. Click on Settings… if you wish to add a proxy server to the connections. You can even change your Local Area Network Settings (although not most of it) through the LAN Settings… button. The Programs tab allows you to specify which program Windows automatically uses for each Internet service. If you have MS Office with MS FrontPage installed then you can set the HTML Editor to Microsoft FrontPage, E-Mail to Outlook Express, Newsgroup to Outlook Express, Internet call to NetMeeting, Calendar to Microsoft Outlook and Contact list to Address Book. You can reset all your changes including the start page to the Internet Explorer defaults by clicking on the Reset Page | 97
A Beginners Approach to Windows Web Settings…. If you have more than one web browser installed on your computer then you can make Internet Explorer check to see whether it is the default browser or not. Click on Apply to save settings. The last tab, rightfully called Advanced, allows you to change the entire settings of Internet Explorer. It is advised not to mess around with these settings unless you know what you are doing. Click on Restore Defaults to load default values and options. Explaining every option under this tab is beyond the scope of this text. Click on Apply and OK to save and Exit the Internet Options dialog box. Internet Options can also be opened by going to Start >> Run and by typing inetcpl.cpl followed by a carriage return.
V.11: Network Connections (ncpa.cpl) The Network Connections control panel applet is a full fledged explorer window in itself. Whenever you open the Network Connection icon in Control Panel, the file ncpa.cpl is run which opens the Network Connections interface in an Explorer window. Enable the common tasks if not visible by going to Folder Options and selecting Show common tasks in folders in the Tasks frame of the General tab. Click on OK to save and exit settings. The Network Connections window allows you to configure your computer connections, be they dialup or your home network. All connections are listed here. We shall see how a dial – up connection is to be created followed by the setting up of home network. To create a dial up connection to connect to the internet through your phone: click on Create a new connection or go to File >> New Connection In the wizard that opens, click on Next Select the Connect to the Internet option (topmost) and click on Next. Select the Set up my connection manually option and click on Next. In this page select the type of connection that you want to have. We will assume a dial up connection using a dial up modem, for which you will have to select the first option saying Connect using a dial up modem and click on Next. In this page type the ISP name, if you want, and click on Next. The name you type here will be the name of the connection you are creating. Here can enter the phone number of the server. Please take care to enter the number correctly. You may have to type in the area code or ―1‖ to make it work correctly. A simple technique to see if the number is a valid ISP number is to dial the number manually through your landline phone and if you hear garbage or weird modem noises on the other end, you can bet on it that it is valid. In the next page, type in your Username and Password. Confirm your ISP password by typing it again. You can select options to make this the default Internet Connection, to use this same Username & Password for anybody who wants to connect and to turn on the Internet Connection Firewall for this connection. The last page allows you to create a desktop shortcut to this connection. Select the check box and click on Finish. To connect to the Internet just double click on the desktop icon of Dial up Connection and type in the Username, Password and the Phone Number if you had not typed it in during setup and click on Dial. You will be connected to the net in no time. Before we begin the procedure to make a home network we have to understand what the components of a simple network are. A network is basically the connection of two or more computers in such a way that they can share printers, files and an internet connection. Networks Page | 98
A Beginners Approach to Windows are usually used to share files and printers but they can also be used to play LAN games and control usage. A LAN or Local Area Network refers to the network made by computers in the same physical geographic location. To make a network of two or more computers you require computers with network cards, a hub or switch and network cables with connectors. A modem is required only if you wish to share your Internet Connection on the network.
A hub connects multiple computers at a central location. A hub is typically used when connecting two or more computers to an Ethernet network. Hub is a broadcast device, means it broadcasts data to all computers on the network and it is the duty of the destination computer to accept data and all others to drop data that they are not intended to receive. Switches on the other hand are unicast devices that send data directly to the destination computer.
After obtaining all of the above hardware, start the Network Setup by clicking on File >> Network Setup Wizard or by selecting Setup a home or a small office network from the common tasks pane. Once the wizard starts follow the following steps: In the wizard that opens, click on Next Check if you have installed the network cards and attached the hubs/switches and the cables appropriately. Connect to the Internet from the machine which has a modem, to make it the Internet Connection Sharing (ICS) host. During setup, the wizard will determine the ICS host if it is connected to the net. Click on Next. Select the statement that best describes your computer. If your computer connects directly to the Internet and the other computers also connect directly to the internet then select the first option. If your computer is a standalone machine which connects directly to the Internet and there is no Network present then select the second option or if your computer belongs to a network that does not have a network connection yet, select the third option. You can view examples of each description by clicking on View an example. Click on Next to continue. The next page asks you to give a Computer name. Your computer will have a name but it may not appeal to you. You can change the name of your computer and if you wish give a description of it. Some ISPs require that you have a specific computer name, and if that is the case, leave the computer name as it is. Click on Next. Here you have to give a name to your network. The default is MSHOME. You can have a more familiar name like HOME or OFFICE or MILITARY etc. One thing to bear in mind is that all the computers on the network should have the same workgroup name. Click on Next to continue. The next page will show you all the settings that will be applied if you click on Next, after confirming all of them, click on Next. The wizard will then apply all settings and create a network. You have to then run the wizard on the other computers which you want to include in the network. If you intend connecting a Windows 98 machine then run the wizard through the Windows XP CD ROM from its startup screen. Network Connections also allows you to change the settings of a connection. You can do this by selecting Change settings of this connection from the common tasks menu. You can also right click on an item and select properties to change settings of an object. Network can also be repaired by selecting the repair option from the File menu or the right click context menu. Two terminal Networks will work like this, but if your network has more terminals then you will have to assign IP Addresses. Open Properties of your Local Area Connection and select Internet Protocol(TCP/IP) and click Properties. Select Use the following IP Address type the IP Adress in decimal form for the current machine (eg: 192.168.100.254). The Computer which connects to the net directly will be your Gateway. Keep the DNS fields blank for now. Click on OK. Repeat the procedure for the other computers, use consecutive IP addresses for ease of recollection. Page | 99
A Beginners Approach to Windows
Use ping 192.168.100.254 to check if the other computer whose IP is 192.168.100.254 is on the network. If you get a 32 byte reply packet then your good. Replace 192.168.100.254 with the other computer‘s IP Address that you would want to test. Network Connections can also be opened by going to Start >> Run and by typing ncpa.cpl and OK.
V.12: Regional and Language Options (intl.cpl) The Regional and Language Options dialog allows users to change the Language and select a location for providing services like weather report and news. Most of these settings are configured during the installation of Windows. The Regional and Language Options also allows you to set number, currency and time formats. The Regional and Language Options has three tabs each of which has been covered below.
Regional & Language Options - Print Screen 5.10
The first tab is the Regional Options tab. Here you can modify the way numbers, currency, time and date are displayed on your computer. You can select a standard of display from the drop down list or click on Customize to change these items manually. The Customize Regional Options available through the Customize button has four tabs each of which allow you to set numbers, currency, time and date formats. The Numbers tab allows you to change the decimal symbol (.), digit grouping symbol (,), negative sign symbol (-), list separator, measurement system and lots more. You can change any of the options to anything valid. Click on Apply to save settings. The Currency tab allows you to format currency related options. In this tab you can change the currency symbol from $ to Rs., set the format for positive and negative currency, change the decimal symbol for currency and change the way digits are grouped amongst other options available. The Time tab allows you to customize the way you see your system clock in the notification area (system tray). The standard format is ―hh:mm:ss tt‖ where hh = hours, mm = minutes, ss = seconds and tt = AM or PM. You can Page | 100
A Beginners Approach to Windows change the time format to anything that is available and allowed by the dialog. You can change the time separator from ―:‖ to anything you like. The AM and PM symbols can also be changed in a similar way. The time format notation is explained in the same tab for easier understanding. The Date tab allows you to configure the date formats (both long and short) and the year setting. A short date is something like ―2/11/2006‖ and a long date is something like ―Saturday, February 11, 2006‖. You can make Windows interpret a two digit year to be a year between 1930 and 2029 or any 100 year span of your choice. The second tab, called Languages, allows you to install support for East Asian languages and complex scripts that include right to left languages (including Thai). You can select the boxes and click on OK or Apply for the installation to start. The complex scripts (the first option) take upto 10 MB of space on your disk and consist of language support for Arabic, Armenian, Georgian, Hebrew, Indic, Thai and Vietnamese. The East Asian Languages consist of Chinese, Japanese and Korean and require upto 230 MB of additional space on your hard disk. You will be prompted to insert the Windows Installation CD when you click on OK or Apply. To change or view the languages and methods you can use to enter text, click Details, which will open up the Text Services and Input Languages dialog box. Here you can add Non standard keyboard layout by clicking on Add. For example you can add a Hindi Keyboard or Tamil for that matter and use the language bar (it pops up on the desktop right on top or on the taskbar next to the system tray) to switch between the English keyboard and others that you have installed. Click on Language Bar to select the Show the Language bar on the desktop option. You can even give shortcuts to the switching between keyboards through the Key Settings button. Under the Advanced tab you can turn on advanced text services in programs like notepad and others which do not normally support speech and handwriting recognition or other advanced input services. You can even turn off advanced text services, it is not recommended though for East Asian language users since it closes the Language Bar and keyboard layout switching becomes a mess. The last tab is the Advanced tab. It is advised that you leave this page as it is. This page allows you to change the system setting to allow non-Unicode programs (programs that can read and use ANSI characters. These are very old programs, compiled using native compilers). Select a language to match the language version of the Non-Unicode programs you want to use. This enables the program to display menu and other options correctly and in a readable format. You can even add or remove code page conversion tables by selecting or deselecting the appropriate check box. By adding the correct code page conversion tables, Windows is able to interpret the letters and other characters used in that program and convert them to and from Unicode characters.
Examples of Unicode characters are ╬, ╥, ☻, ♥, ♣, ♣ which can be written in notepad by using an ASCII equivalent. Open notepad by going to Start >> Run >> notepad. Hold down the Alt key and type 1230 on the NUMPAD and then release the Alt key to give ╬. Try other combinations for other characters.
In this tab you also have the option of applying all the settings to the current user account and apply it even to the default user profile that will be used if a new user is being created. Any new users created after you apply this setting will automatically have the settings selected by you through this page. You may have to restart your computer. Click on OK to save all settings and Exit. The Regional and Languages Options dialog can also be opened by going to Start >> Run and by typing intl.cpl followed by an Enter.
V.13: Scheduled Tasks The Scheduled Tasks of Windows allows you to schedule a task for Windows to run at a convenient time as required by the user. You can schedule antivirus scans, disk defragmentation task, drive checking tasks etc. at a time you feel suitable. Page | 101
A Beginners Approach to Windows
To create a new job, double click the Add Scheduled Task icon to start the Scheduled Task Wizard. The Wizard will search all the available programs on your computer and display them in the programs box. If your required program is not listed then click on Browse to manually locate it. After you have located the program or when you select an application from the list, click on Next. Type a name for the task, this name can be the same as that of the program. You now have to select the time when you would want the job to be performed. You have options to perform the task Daily, Weekly, Monthly, One time only, When your computer starts or When you log on. Each of these options has a different setting once you click on next. These settings can be easily configured and therefore I‘ll leave these settings to you. Click on Next once you have done the necessary time and date or account and password settings. You can now finish the wizard by clicking on Finish and you can simultaneously call for the properties of the task by selecting the option to open advanced properties for that task when you click on Finish. The properties dialog of a scheduled task has three tabs. The first tab called Task allows you to change the location of the executable (you can change the executable itself by clicking on Browse). You can even specify the Username in the Run as text field and Password (click on Set password) for the task if not done so previously. You can enable or disable this task by removing the check mark against the Enabled option. The second tab is the Schedule tab which allows you to change what you had specified in the wizard. Here you can modify the schedule task to occur at a different time. You can even have multiple schedules for a single task. Click on the Show multiple schedules option to enable multiple schedule setting. The third tab is the Settings tab which allows you to configure the aftermath of task completion, like you can delete the task once it is completed and if it is not scheduled to run again. You can even stop the task if it runs continuously for a certain period of time which you can specify. You can also make the computer start the task if the computer has been idle for some time which again you can specify. You can also make Windows stop the task if the computer ceases to be idle. It is advised not to start any scheduled task if the computer is running on batteries. Hence select the options that point to this (namely the first and the second). The third option here is to make the computer come out of Stand-By mode to run this task. Another important item to mention here is the Advanced option on the menu bar. It has got options that allow you to configure Scheduled Tasks in general. You can stop using task scheduler or pause its running. You can even make it notify you of missed tasks due to system power down or anything else for that matter. You also have something known as the AT Service Account configuration which deals with the AT command of Command Prompt. Setting the option to System Account causes the AT command to be used as a system wide component, else you can restrict its usage by giving an account who is capable of using it. The AT command schedules commands and programs to run on a computer at a specified time and date through the Command Prompt. The Schedule service must be running to use the AT command. You can also read the log file that is continuously being updated to see where and what the errors were if any and to study the normal functioning of the program. You can open the log file by going to Advanced >> View Log on the menu bar. The log file is found in %systemroot% by the name of SchedLgU.txt. The right click in the Scheduled Tasks folder gives only one New option, a New scheduled task whose selection will cause the Wizard to run. The Scheduled Tasks option accessible through the Control Panel is actually a folder in %systemroot% called Tasks and hence you can also open Scheduled Tasks without going to the Control Panel by going to Start >> Run and by typing Tasks followed by an Enter.
Page | 102
A Beginners Approach to Windows V.14: System (sysdm.cpl) A very Important component of the Control Panel, System Properties allows you to change Windows settings that are related to memory and the system in general. It also displays important information about your system, like processor type and speed and total physical memory available on your system. You can also find information about hardware and device properties, as well as configure hardware profiles and report system and program errors to Microsoft when they occur.
Another way of opening System Properties is to press the “Start + Pause Break” key combination.
System Properties - Print Screen 5.11
System Properties has 7 tabs arranged in a 4 and 3 tab fashion. Each of these tabs have their own distinct functionality. Whenever you open System Properties, the first tab that is by default selected is the General tab. Here you will be shown system related information like the name of the Operating System, alongwith its version and name of the Service Pack (if any). This is followed by the information of the registered owner of the computer. This is the same information that you had entered during installation of Windows. Here you will see your name, company and a 20 character serial key that may look something like XXXXX-OEM-XXXXXXX-XXXXX. The OEM part of it tells you that your copy of Windows installed is an OEM product. OEM stands for Original Equipment Manufacturers and includes companies that manufacture computers. The next part of the information displayed on this page is the system information. Here you will see the type and speed of your processor. An example is; Intel(R) Pentium(R) 4 CPU 2.00GHz where Intel(R) Pentium(R) 4 CPU is the name of your processor and 2.00 GHz is the speed of the processor. The speed shown here may actually be slightly less then what your computer‘s manufacturer told you or the speed that is written in the computers manual. This can be due to the voltage changes in the processor Page | 103
A Beginners Approach to Windows configuration or due to incorrect reading by the OS. This is also the case with the RAM count. Here you will also see the amount of RAM installed on your computer. Although the standard RAM cards available are 128, 256, 512 or 1GB, it may so happen that Windows may not display the exact size here. This is because some computers use a portion of the Physical RAM as VRAM (Video RAM), and this amount is subtracted from the actual size. Sometimes it may so happen that there will be bitmap image on display next to the System information section and your computer manufacturer‘s name is also visible in the Computer section of this tab. This is a simple trick that is used by OEM companies to make publicity about their presence. Read the chapter on Tips & Tricks to add your own image and information here. The second tab is the Computer Name tab which allows you to modify your computer‘s name. Here you will be able to see the current name of your computer and also the name of the Workgroup. The information saved or modified through this page is used by Windows to identify that particular machine on a network. To change the name of your computer, click on Change and under Computer name, type a new name for the computer, and then click OK. You can even change the name of your workgroup for that matter. To see the NetBIOS name and to specify a Primary DNS (Domain Name System) suffix, click on More… If you are not on a network leave this field and the Workgroup field as it is. Click on Apply to save changes. You may have to restart your computer for the changes to take effect. The next tab, called Hardware, deals with the attached system hardware and peripheral devices on your computer. You can start the Add Hardware Wizard by clicking on the Add Hardware Wizard button. The Device Manager frame allows you to start the Device Manager snap-in and change Driver signing settings. Windows device drivers and operating system files have been digitally signed by Microsoft to ensure their quality. A Microsoft digital signature is your assurance that a particular file has met a certain level of testing, and that the file has not been altered or overwritten by another program's installation process. Many devices that require driver files for them to work properly have their drivers tested and digitally signed by Microsoft. Software for hardware products with the Designed for Microsoft Windows XP logo has a digital signature from Microsoft, indicating that the product was tested for compatibility with Windows and has not been altered since testing. During hardware installation, Windows might detect software that has not passed Windows Logo testing to verify its compatibility with Windows XP. In such cases you can have Windows take a predefined action. To change these actions click on the Driver Signing button, to open the Driver Signing Options dialog. Under File signature verification, click on Ignore to allow all device drivers to be installed on this computer, regardless of whether they have a digital signature, Warn to display a warning message whenever an installation program attempts to install a device driver without a digital signature. This is the default behavior for Windows or click on Block to prevent an installation program from installing device drivers without a digital signature. If you are the Administrator then you can have the current action as the system default. Just check the Administrator option and click on OK to save changes. Before we see what the Hardware Profiles button does, let us first try to understand what a Hardware Profile actually is. A hardware profile is a set of instructions that tells Windows which devices to start when you start your computer or which settings to use for each device. When you first install Windows, a hardware profile called Profile 1 (for laptops, the profiles are Docked Profile or Undocked Profile) is created. By default, every device that is installed on your computer at the time you install Windows is enabled in the Profile 1 hardware profile. The profile named Profile 1 (Current) provides a model for you to create new hardware profiles. It will not appear in the list of available hardware profiles shown during startup. If there is more than one hardware profile on your computer, you can designate a default profile that will be used every time you start your computer. You can also have Windows ask you which profile to use every time you start your computer. Once you create a hardware profile, you can use Device Manager to disable and enable devices that are in the profile. When you disable a device in a hardware profile, the device drivers for the device are not loaded when you start your computer.
Page | 104
A Beginners Approach to Windows Click on the Hardware Profiles button to open the Hardware Profiles dialog. To create a customized profile, click on Copy and then type name for the profile. You can customize your new profile by enabling or disabling devices for that profile in Device Manager. You can also make the computer to wait until a profile is selected or make the computer select the first profile in the list in 30 seconds (can be changed). The next tab is the Advanced tab which allows you to configure virtual memory, user profiles and startup and recovery options. You to be an Administrator to make changes in this tab. To change performance related settings click on Settings in the Performance frame. In the Performance Options dialog under the Visual Effects tab, select the settings you want to use for the appearance and performance of Windows. By default Windows XP has the ―Let Windows choose what‘s best for my computer‖ option selected. You can change that and adjust your Windows XP settings for better performance or better appearance. You can even have a custom option and select individual options from those listed. Click on Apply to see the changes. Under the Advanced tab you can specify whether your processor priority should be towards the performance of Programs or Background services. Similar is the case with memory usage on your computer; you can specify whether Programs should have the edge or the system cache. If your computer is a Server (normal PCs are called Workstations) then you can have Processor Scheduling and Memory usage to Background services and System cache respectively. Right down you will see the total paging file size on your computer for all drives. Click on Change to modify Virtual Memory settings. To create a page file on a drive, just select the drive, select the option saying System managed size and click Set. Click on OK to save changes. You may have to restart your computer for the changes to take effect.
When your computer is running low on RAM and more is needed immediately, Windows uses hard drive space to simulate system RAM. This is known as virtual memory, and is the space is called the paging file. The default size of the virtual memory pagefile (named pagefile.sys) created during installation is 1.5 times the amount of RAM on your computer. The more the paging files and sizes the faster your computer becomes. The paging file is normally a superhidden system file in the root of the drive.
To change or modify User Profiles click on Settings under the User Profiles frame. A user profile defines customized desktop environments, such as individual display, and network and printer connections settings. You can delete or copy profiles through the User Profiles dialog that opens up through the Settings button. Here you can see all the profiles that are present on your computer along with their size, type, status and last modified date. The size shown is inclusive of the My Documents folder and hence may be alarmingly large for your account. There are basically three types of profiles: a local user profile, which is created the first time you log on to a computer and is stored on the computer's local hard disk. Any changes made to your local user profile are specific to the computer on which the changes are made. Then there is the roaming user profile, which is created by your system administrator and is stored on a server. This profile is available every time you log on to any computer on the network. Any changes made to your roaming user profile will be updated on the server. Finally, there is the mandatory user profile, which is a roaming profile that can be used to specify particular settings for individuals or an entire group of users. Only system administrators can make changes to mandatory user profiles. To change startup and recovery options click on Settings in the Startup and Recovery frame. The Startup and Recovery dialog allows you to change the Default Operating system; incase of computers with multiple OSs. You can also change the time for which you want the boot.ini to be displayed with all the Operating Systems. In case of auto restarts or a hard reboot a recovery options page is shown at startup just after the display of the boot.ini file. You can specify the time for which this page should be shown by changing the time in the field provided. To manually edit
Page | 105
A Beginners Approach to Windows the startup options through the boot.ini file, click on Edit to open the boot.ini file in notepad. This method of manually editing is not advised though.
An easier and safer method to edit the boot.ini file is through msconfig. Go to Start >> Run and type msconfig followed by a carriage return. The fourth tab is the BOOT.INI tab through which you can safely modify startup options.
You can even specify what Windows should do in case of system failure. Windows can be configured to do the following when a severe error (called a Stop error or fatal system error or the Blue Screen Error) occurs: Write an event to the system log Alert administrators Dump system memory to a file that advanced users can use for debugging. Automatically restart the computer. The dump of system memory to a log file can be valuable for debugging the cause of the Stop error. If you contact your technical support representatives about the error, they might ask for the log file. Note that Windows writes the log file to the same file name (Memory.dmp, by default) each time a Stop error occurs. To preserve log files, you should rename the log file with a unique name after the computer restarts. You can select the type of information you want Windows to record when the system stops unexpectedly under Write debugging information. There are three possible options: Small Memory Dump records the smallest amount of information that will help identify the problem. This option requires a paging file of at least 2 MB on the boot volume of your computer and specifies that Windows will create a new file each time the system stops unexpectedly. A history of these files is stored in the directory listed under Small Dump Directory. Kernel Memory Dump records only kernel memory, which speeds up the process of recording information in a log when the system stops unexpectedly. Depending on the amount of RAM in your computer, you must have 50 MB to 800 MB available for the paging file on the boot volume. The file is stored in the directory listed under Dump File. Complete Memory Dump records the entire contents of system memory (RAM) when the system stops unexpectedly. If you choose this option you must have a paging file on the boot volume large enough to hold all of the physical RAM plus one megabyte (MB). The file is stored in the directory listed under Dump File. To change Environment Variables for users and system, click on the Environment Variables button. Environment variables are strings that contain information such as drive, path, or file name. They control the behavior of various programs. For example, the TEMP environment variable specifies the location in which programs place temporary files. Any user can add, modify, or remove a user environment variable. However, only an administrator can add, modify, or remove a system environment variable.
You can go to Start >> Run and type any of the environment variable to see funny error messages or to open the folder or file if it exists. The format is “%variable%” with the quotes if the value is of more than one word. For example "%PROCESSOR_IDENTIFIER%".
You can create a unique shortcut to any folder or program on your computer through a variable. Like for example assume you have a folder that you want to open in your D: drive. Assume the name and location of the folder to be D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\. Now instead of going to My Computer and all the way in, you can create an environment variable with the name d or anything you like and the value to be ―D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\‖ with the inverted commas Page | 106
A Beginners Approach to Windows so that you don‘t have to type them in the run box. Now say OK to create and test it by going to Start >> Run and by typing %d% followed by Enter. If everything went correctly, it should work.
Program Error Report - Print Screen 5.11
When a system error occurs, the computer displays a blue screen containing error codes, and all computer operations stop. When an illegal operation or other error occurs in a program (such as Microsoft Word), that causes a program error, the program stops working. You can report system and program errors to Microsoft. This reporting system allows Microsoft to track and address operating system, Windows component, and program errors. You can configure error reporting to send only specified information. For example, if you only want to report system errors, you can specify that reports be generated only for the operating system. The same is true for Windows components, such as Windows Explorer, Paint, or Internet Explorer; and for programs, such as Microsoft Word, installed on your computer. When an error occurs, a dialog box will be displayed, prompting you to indicate whether or not you want to report the problem (Print Screen 5.11). When you choose to report the problem, technical information about the problem is collected and then sent to Microsoft over the Internet. If a similar problem has been reported by other people, and more information is available, a link to that information will be provided. The next tab in line is the System Restore tab, which allows you to configure System Restore settings on all the drives present on your computer. To change the amount of space that should be used to keep System Restore files, click on Settings after selecting a drive from the scroll menu. Move the slider to set space that has to be used. Decreasing the space may reduce the number of System Restore points that can be created. You can even turn off System Restore on all drives or on selected drives only. To turn off System Restore on all drives, select the Turn off System Restore on all drives option whereas to turn off System Restore for individual drives, select the drive and click on Settings. In the drive settings dialog, select the Turn off System Restore on this drive option and click on OK. You cannot turn off System Restore on your system drive without turning it off on all drives. If you turn off System Restore, all existing restore points will be deleted and you will not be able to track or undo changes to your computer. The next tab is the Automatic Updates. Here you can specify whether you want to use the Windows updater or not. With Automatic Updates, Windows routinely checks for updates that can help protect your computer against the latest viruses and other security threats. These high-priority updates are available through the Windows Update Web site and include security updates, critical updates, or service packs. When you turn on Automatic Updates, you don't have to search for updates online or worry that critical fixes might be missing. Windows automatically downloads and installs them for you, using a Page | 107
A Beginners Approach to Windows schedule that you determine. If you prefer to download and install updates yourself, you can also set up Automatic Updates to notify you whenever any high-priority updates become available. Here you can also turn off Automatic Updates which is not advisable though since your computer will remain vulnerable to malicious programs and hackers. You can manually check for updates on the Windows update website by clicking on the Windows Update Website link. Windows updates are taken from http://windowsupdate.microsoft.com/ The last tab of System Properties is called Remote, which allows you to configure options for Remote Assistance. To allow Remote Assistance connections select the Allow Remote Assistance invitations to …… option. Click on the Remote Assistance link to open Help and Support Center with information on Remote Assistance. You can set the maximum amount of time invitations to be open from your computer by clicking on Advanced. Remote Assistance enables a person in another location to connect to your computer from another computer running a compatible operating system, such as Microsoft Windows XP, and walk you through your solution. After the person is connected, he or she will be able to view your computer screen and chat online with you in real time about what you both see. With your permission, he or she can even use his or her mouse and keyboard to work with you on your computer. If you are working on a corporate or local area network, firewalls might stop you from using Remote Assistance. In this case, check with your network administrator before using Remote Assistance. You can also open System Properties by going to Start >> Run and by typing sysdm.cpl followed by a carriage return or by giving an right click on My Computer and selecting Properties.
V.15: Taskbar & Start Menu The Taskbar and Start Menu properties dialog is used to change settings of the Windows start menu and the taskbar. It can also be opened by selecting properties from the right click menu of the Taskbar or Start button. You can change the display of the start menu, hide the clock, customize the notification area and a lot more things. The Taskbar and Start Menu properties dialog has two tabs. The first one called the Taskbar has options to configure the taskbar in general. You can change the Taskbar appearance by selecting or deselecting the options available here. You can Lock the taskbar at its current position on the desktop so that it cannot be moved and automatically also lock any toolbar present on the taskbar like the Quick Launch etc so that it cannot be changed. You can also Auto-hide the taskbar. To redisplay the taskbar, point to the area of the screen where the taskbar is located. You can also Keep the taskbar on top of other windows so that it is always visible when you maximize program windows. If the Auto-hide taskbar option is selected and you want to be sure that your taskbar will be visible whenever you point to it, select the Keep the taskbar on top of other windows checkbox. Similar program documents can be grouped by selecting the Group similar taskbar buttons. This will cause taskbar buttons opened by the same program to be displayed in the same location of the taskbar. The Windows XP taskbar has the additional property that if many windows are opened by the same program and if space is unavailable on the taskbar then it collects all common program windows into a group button. Clicking on this group button allows you to access any document you want. You can even close all documents by just giving a right-click Close Group on the taskbar button. You can hide the Quick Launch by removing the check against the Show Quick Launch option. The clock in the Notification Area (system tray) can be removed by de-selecting the Show the clock option in the Notification area frame. You can even hide unused icons in the notification area. To customize each icon in the notification are click on Customize. In the Customize Notifications dialog that opens you can select Behavior of individual items and set them to Hide when inactive, Always hide or Always show. Click on Apply to save changes.
Page | 108
A Beginners Approach to Windows
Taskbar and Start Menu Properties - Print Screen 5.12
The second tab is the Start Menu tab which allows you to change the way the Start menu appears or behaves. You can select the type of Start menu you want to have, you have the option of selecting the Windows XP Start menu or the Classic Start menu. Select a start menu type and click on customize to modify it. The Windows XP Start menu can be customized by having large icons or small ones for programs. You can even change the number of recently used programs that are displayed in the Start menu (the default is 6). You can even clear the list to start afresh. Clearing items does not delete the original program. Under the Advanced tab of the Customize dialog you can enable or disable start menu items and clear recent documents. You can make Windows highlight newly installed programs by selecting the Highlight newly installed programs option. The Classic Start Menu can be customized by selecting it and clicking on Customize. You can Add shortcuts to programs or files on your machine. You can even remove currently installed Start Menu program folders. Just click on remove, select a start menu folder from the list and click on Remove. Clicking on Advanced will open up the Start Menu folder in explorer view. The Start menu folder is actually the %Homepath%\Start Menu folder which is specific for every user that logs on. Using the Advanced button you can add individual folders, shortcuts or files to the Start menu. You can sort the contents of the Start menu by clicking on Sort. This rearranges the items on the Programs list in the Start menu so that they are displayed in the default order. You can even clear the recent Documents cache by clicking on Clear. Clearing does not delete the documents that have been cleared. You can have Administrative Tools, Run and Favorites to be displayed in the Start menu by selecting the appropriate option from the Advanced Start menu options box. Click on Apply to save changes. Click on OK to save changes & exit.
V.16: Sounds and Audio Devices (mmsys.cpl) The Sounds and Audio Devices properties dialog allows you to change system sound and audio properties of your audio hardware. Many settings under this dialog are specific to the hardware installed on your computer. The common ones are covered below. Using the Sounds and Audio Page | 109
A Beginners Approach to Windows Devices properties dialog of Control Panel, you can configure the system volume, adjust vocals, specify Startup and Shutdown music, change audio recording hardware and configure other audio options. The Sounds and Audio Devices Properties dialog has 5 tabs. The first tab called Volume has options to configure the systems volume in general. Here you will see a slider that controls the Device volume. You can even Mute the volume on your computer here. Select the Place volume icon in the taskbar option to place the volume control icon in the system tray. You can use it to control volume for different devices on the system including the microphone, CD player, the Line In and the SW Synthesizer. Click on Advanced in the Device volume frame to see the volume control that will be accessible through the system tray. Next you have Speaker settings; click on Speaker Volume to adjust the volume levels for the speakers attached to your computer. Click on Advanced to select speakers, adjust audio playback features and apply sound effects to your audio playback. Under the Advanced Audio Properties available through the Advanced button, select a speaker setup that best matches your PCs speaker configuration. Under the Performance tab of the Advanced Audio Properties, keep the Hardware acceleration and Sample rate conversion quality to Full and Best respectively. If you are having problems with your computer‘s audio hardware (hissing noise or pinging of the speakers) then lower these two parameters. This has to be done only for error correction purposes. Click on Apply to save changes.
An audio file on the basic level can be of two types; one called stereo and the other called mono. Stereo files have audio in both the channels (left and right) with or without different volumes whereas mono files just have a single channel.
Sounds and Audio Properties - Print Screen 5.13
The next tab is the Sounds tab which allows you to apply sound schemes to Windows events. A sound scheme is a set of sounds applied to events in Windows and programs. Here you can select an existing scheme and save or delete modified schemes. To change sounds for a certain Windows event, select it from the event list and then select a sound from the Sounds drop down menu. You can even Browse for a *.wav file of your choice. You can use the small play button located between the Browse button and the drop down menu to play and listen to the audio file selected. All the Page | 110
A Beginners Approach to Windows audio files mentioned in the drop down list are found in the %systemroot%\Media folder. If you want to select a *.wav file of your choice see that you don‘t select a file whose size is larger than around 2.7 MB and whose duration is not more than 60 seconds. The third tab, called the Audio tab, allows you to select the Default devices for audio playback, audio recording and MIDI music playback. You can select each of these hardware from the drop down list which displays all available hardware of the selected type. Click on Advanced to display advanced audio properties for devices listed. Clicking on Volume will open up volume controls which can be adjusted to obtain optimal audio output from your hardware. MIDI stands for Musical Instrument Digital Interface and is audio in frame format. MIDI files do not have channels or synthesizable audio information but consists of sounds that are produced by computer hardware like beeps of various frequencies. Video games (like Mario) used MIDI files as audio. The fourth tab is the Voice tab that allows you to configure your audio device for Voice playback and Voice recording. These two options are very much the same as those that were configured in the previous page for Sound playback and Sound recording respectively. Additional here is the option to Test hardware your audio devices. Click on it to start the Sound Hardware Test Wizard. The last tab, called Hardware, shows all the audio hardware and compression and decompression (codecs) software connected to the computer and functioning. If you are having problems with your computer‘s sound hardware, click on the Troubleshoot button to start a Windows troubleshooter. Click on Properties to see the properties of the item selected in the list. Click on Apply to save settings and click on OK to save & exit.
V.17: User Accounts (nusrmgr.cpl) The Control Panel User Accounts is used to change, add or modify users on a given Windows XP system. User Accounts provides an easy to use interface to create and modify users. When you start User Accounts, you are greeted with the General Tasks page (although not specified anywhere) where you can pick listed tasks like Change an account, Create a new account or you can Change the way users log on or off. When you click on Change an account, you will be displayed all the accounts that exist on your computer; you can then click on the corresponding username to change details. Click on Create a new account to create a new account. Type a name for the account. Take care that the name cannot be the name of your computer and it cannot be "Guest‖ or ―Administrator‖ or that of a user already present. This name will appear on the Welcome Screen and on the Start menu. Click on Next after you type the name. You will be then asked if you would want this account to be an Administrator account or a Limited account. Administrators have full and complete control over a computer. On the other hand, Limited users have several restrictions. You can change the way users log on or off by clicking on the link with precisely the same name. Using the Welcome Screen is the best and most interactive way of logging in to a Windows XP system. You can also enable Fast User Switching which allows you to use the Switch User button on the logoff menu (Start >> Log off %Username% >> Switch User). This option allows you to login into some other account without logging off from your own.
You can optionally press the Start button + L (Win Key + L) to switch User.
Unselect the Use the Welcome screen option to use the Windows 2000 style of logging in. This can be considered an option in cases where security is a factor, since using this option does not show all the users of the machine and logging in becomes difficult unless and until you know the username which has to be typed in the Username field. Click on Apply options to save changes.
Page | 111
A Beginners Approach to Windows
User Accounts - Print Screen 5.14
To change individual properties for users or to assign passwords or memberships, click on the Username whose properties you want to change. You can then change your name, create a password, change the display picture, change your account type or setup your account to use a .NET Passport. You cannot rename your account to that of another existing user or Guest or Administrator, nor can you rename your account to your computer name. You can create a password as well as a password hint so that you don‘t forget the password and simultaneously nobody else knows about it. Good passwords should contain both letters as well as numbers and should be at least 10 characters in length. Remember that if you are using a password hint, it is visible to everyone who uses the computer. So keep a hint which nobody else other than you should link it with the password. After you have created a password you will be asked whether you would want to make your files and folders private. Selecting Yes, Make Private will cause the entire %Homepath% folders and subfolders to be locked to users with limited accounts. This means that they will not be able to gain access to your Desktop, My Documents or any other %Homepath% folder. You can change the display picture to a variety of images available by default or you can even select your own by clicking on Browse for more pictures. Click on Change Picture to save settings. You can even open the Themes tab of Display Properties from here by clicking on Change the computer theme from the Related Tasks pane on the left. If there exist more than 2 administrators on a computer (the main Administrator account is hidden by default and is visible only when you start your computer through Safe Mode) then you can change any other account to a Limited from an Administrator or vice versa. Click on Change Account Type to commit any changes. The last option allows you to add a .NET Passport to your Windows XP user account. Follow the on screen instructions in the Wizard to have your .NET Passport up and functional in no time. You should be connected to the internet to complete this task. User Accounts also shows you the passwords that are stored on for Network Resources and websites. Click on Manage my network passwords to change or modify entries. Just select an entry and click on Properties.
Page | 112
A Beginners Approach to Windows You can turn on the Guest account by selecting the Guest account under Change an account and then select Turn on the Guest Account. You cannot give a password to the Guest account nor can you rename it. Sometimes it may so happen that you may forget your password and there is no hint. To prevent such occurrences, you can create a Password reset disk using the Forgotten Password Wizard. You can then change your password at the login screen itself using the Password reset floppy. Deleting your own account is a small trick employing the fact that there should be at least one user who is an Administrator. Just login through the other account and delete your account. The same is the case with deleting your any account. Windows will ask you whether you would want to keep his or her files.
The Control Panel, as mentioned earlier, is an executable in the system32 folder of Windows. Whenever you open a Control Panel item its respective .cpl is run as an argument to the control.exe and from here some other Windows process like rundll32.exe or explorer take over and completes the request. For example, when you open Internet Options through Control Panel, what Windows receives is ―control.exe inetcpl.cpl‖ after which rundll32.exe is called by Control.exe and the Internet Properties is displayed. Rundll32.exe is an executable in the system32 folder that runs dll files as if they were executables. We know that many of the processes and applications that are found running or can be run are either in the .exe, .scr, .bat, .com, .cmd or .vbs format. Dlls were known to us as Dynamic Link Libraries containing functions and additional data that is required by the executable. Some dll can be run like an executable which is done by the rundll32.exe program. There are some inbuilt arguments in control.exe which when passed to the main program will open the respective item. Below is a list of some of them. You can type the entire thing in the run box and check for yourself:
Control scannercamera --- opens the scanners and cameras explorer window. Control folders --- opens folder options. Control netconnections --- opens the Network Connections explorer window. Control schedtasks --- opens scheduled tasks window. Control admintools --- opens Administrative Tools. Control fonts --- opens fonts explorer window. Control printers --- opens printers window. Control userpasswords2 --- this opens the hidden User accounts of Windows XP. This is the Windows 2000 User Accounts dialog. Control userpasswords --- opens up the Windows XP User Accounts. Control telephony --- opens the Phone & Modem options (if available) Control keyboard --- opens up keyboard properties. Control mouse --- opens up mouse properties. Control international --- opens Regional and Language options. Control ports --- opens up System Properties with the Computer name tab selected. Control date/time --- opens the Date/Time properties. Control color --- opens up Display Properties with the Screensaver tab selected. Control desktop --- opens up the display properties with the Themes (default) tab selected.
For example go to Start >> Run and type ―control admintools‖ without the quotes to open the Administrative Tools. Try out the various Control Panel Applets to obtain a fully customized Windows XP machine.
Page | 113
A Beginners Approach to Windows Challenges: 1. Make all the drives accessible from C:\ drive through folders like D Drive, E Drive etc. 2. Convert the AM and PM to MA and MP respectively. 3. Create an environment variable (user) to open the Windows Product Activation wizard by using the variable ACT. 4. Record your voice and save it as Audio1.wav. Now make it as your Windows XP startup sound.
Page | 114
A Beginners Approach to Windows
CHAPTER VI
DOS Prompt – The Powerful Cmd.exe In this chapter you will learn about some of the most common commands of the Windows DOS prompt. We shall concentrate more on the more efficient cmd of Windows NT systems. After this chapter the reader should be able to: Explain the Windows command prompt and its usage. Differentiate between command.com and cmd.exe. Use the various commands of cmd to perform various everyday tasks.
Page | 115
A Beginners Approach to Windows Windows on its own can handle most of its input output requests and other normal functions, but some processes like disk checking during startup and some older programs require the command prompt to run. Especially programs written in C or C++ were made specific to older Operating systems. In older versions of Windows, the DOS (Disk Operating System) was loaded first and then explorer (the Windows shell) was called over it. In Windows XP and Windows 2000 systems, the command prompt processor can be launched over on top of NT for a console session. The terms cmd.exe and DOS will be used interchangeably unless exclusively specified.
VI.1: The DOS Prompt The term DOS prompt is broadly referred to both cmd.exe as well as command.com. Cmd.exe is a file found in %systemroot%\system32 folder same is the case for command.com. In Windows 98 systems, command.com is found in C:\Windows\system folder.Windows 98 does not have cmd.exe. While older Windows versions started the DOS environment first and then started the Windows explorer shell, the same is not the case for Windows XP and 2000 systems. Windows XP has been built with an independent mode of access for the command.com and other 16 bit files. Cmd.exe is a full blown 32 bit command interpreter of Windows. To start cmd.exe, go to Start >> Run and type cmd and press enter. This variant of the command interpreter has many advantages over its ancestor command.com. We shall see some of them in the pages to come. Windows XP and 2000 run 32 bit programs with ease. Cmd.exe runs most programs if executed through it. Some older programs may have to be run in compatibility mode and thus would require command.com. Command.com is called by cmd.exe as and when required. Another useful feature of cmd.exe is the ability to complete paths or program locations using the Tab button. If for example you press the Tab button at the cmd prompt when your current working directory is C:\Windows then you will be presented with the folder names or file names present in that folder. This feature saves your typing energy…. Not just that path completion enables you to correctly use folder or file names if they are more than 8 characters in length or if they have a space in them. Longer file or folder names can be used by including a double inverted comma (―) before and after the path. For example if you are currently in C: drive and you wish to access you‘re My Documents folder through Documents and Settings then you can type: C:\>cd "Documents and Settings\Neo\My Documents" You don‘t even have to type the whole thing, just type the first one or two letters of Documents and Settings (Doc for example) and press TAB, the path will be completed. Then add a slash (\) and press TAB again, repeat till you reach your destination. The same would not work for command.com. Another big advantage of using cmd.exe over command.com is that you can copy text from the prompt to any text editor by right clicking on the prompt screen and selecting mark which enables the copier of the window, then select the text that you want to copy as you would in a normal text file and press Enter to copy or select it from the right click menu of the Title bar through Edit. Command.com also provides the copy and paste option but it is restricted under Windows XP and 2000 and it is available only through the Title bar and not through the screen. In command.com filenames are terminated after the sixth character and are replaced by a ~1. Long filenames are not supported by command.com For example if you were to change in to the Documents and Settings directory in C: drive the command would be: C:\>cd Docume~1 Instead of: C:\>cd ―Documents and Settings‖
Page | 116
A Beginners Approach to Windows This can cause a lot of problems in programs that rely on path and address locations for installations. Another advantage of cmd.exe is that it hardly relies on ntvdm.exe unlike command.com which calls ntvdm.exe to generate the DOS environment. The problem with this is that if a program unexpectedly goes into an infinite loop or hangs due to some error then ntvdm.exe uses almost 99 percent of your CPU strength thus almost freezing entire Windows. Ending this mess is a mess in itself since it brings up the End Task dialog instead of closing like cmd.exe which can be closed by using the close button on the Title bar. Some keyboard shortcuts specified by Doskey that enable faster usage of the cmd.exe are: UP and DOWN ARROWS recall commands ESC clears command line F7 displays command history ALT+F7 clears command history F8 searches command history F9 selects a command by number Cmd.exe and command.com parse a command in almost a similar fashion. Whenever a command is entered at the prompt by us followed by a carriage return, cmd.exe and command.com check to see if it is internal or an external command and then the execution takes place. Internal commands are inbuilt into DOS. Commands like copy, dir, del and cls are inbuilt into DOS. There are some commands which are actually programs that are kept in the Windows directory and which can be run from the prompt as a command. Commands like format, scandisk, telnet and net are external commands. So whenever we give a DOS command, either internal or external cmd.exe executes it by first checking if it is internal. If no internal command matches then it checks to see if it is an external command and then it executes it. If none is the case then an error is displayed. If an external program matches the name of an internal command, DOS does not even bother to check if it exists or not and always executes the internal command.
Cmd.exe - Print Screen 6.1
The DOS environment has several commands; in fact any program can be regarded as a command to cmd.exe. We shall see some of the internal commands of cmd.exe and some commonly used external commands like format etc. in the following pages.
Page | 117
A Beginners Approach to Windows VI.2: Console Commands As mentioned earlier, commands are divided into internal and external. But we shall make no differentiation here since only those commands have been explained which will be helpful in the next chapter and which are easy for the novice user to grasp. To get a full list and to see the overview of cmd.exe go to Start >> Run and type the following: hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm You will get a list of many common commands supported by DOS if you type Help at the prompt. More information can be obtained for a single command by typing the command name followed by a /?. The following list has been edited and expanded to give it a more meaningful read. Some commands may be missing here but you may find them in the cmd help list. To start cmd.exe or command.com, go to Start >> Run and type cmd or command and press enter. ASSOC Displays or modifies file extension associations. You can use this command to change or add new file extensions and the default program to associate with it. Standard usage is of the form assoc [.xxx = [fileType]], where xxx is a new or existing file extension. When used without any parameters, the command displays all the extensions registered on the current computer. You can also use the assoc command to view individual file associations like assoc .jpg. For example, to register a new file extension .mp8 which let us assume is a music file and we would want Winamp to open it then assoc .mp8=Winamp.File will do. To check it type assoc .mp8. ATTRIB Displays or changes file attributes. Attributes of a file or folder include hidden, read-only, system and archive. For example if you have a folder named Test in your C:\ drive and you wish to hide and set it to read only plus you wish to remove the archive attribute and disable system attribute then attrib +R +H –S –A C:\Test will do. Here +R, +H specify that read only and hidden attributes should be set and the –S and –A arguments specify that the folder should not be archived nor should it be a system folder. Remember a hidden & system attributed file becomes a superhidden file. BREAK Sets or clears extended CTRL+C checking. The break command is used extensively in batch files to give user control wherein the user will see a message prompting him to Press any key to continue…The user can stop the batch file execution by pressing Ctrl + C. This is a standard key combination to halt a command execution. Like for example if you type dir at the prompt when you are in the system32 folder the list that scrolls by is huge and if you wish to break out of it then you can press Ctrl + C. CACLS Displays or modifies Access Control Lists (ACLs) of files. This is an external command, a program that you will find in the system32 directory called cacls.exe. Works only on NTFS drives. Access lists is a special feature of NTFS drives that prevents users from accessing folders or files even when they are visible right on the desktop. Users will get an Access is denied error. Usage is simple, assume you have a folder in your D: drive called Test in which all your important documents are present. Then to deny access to this folder you can type at the prompt cacls D:\Test /d everyone. This command modifies the ACL of the folder to deny access to the user group everyone. To grant access to everyone use cacls D:\Test /g everyone:F. The F parameter specifies that the group everyone should be given full access. The other parameters available are N for None, R for Read only, W for Write permissions and C for change permissions (same as W). The group everyone can be also replaced by a specific user or a localgroup. To see the users or groups on your computer, type net users or net localgroup at the command prompt. Page | 118
A Beginners Approach to Windows
Remember that access lists differ for different OSs hence a folder locked in Windows XP Home Edition may not open in Windows XP Professional Edition. Even sometimes the reverse cacls does not work and you will get an Access is denied message when attempting to Unlock a folder locked by cacls. You can create another folder inside D:\Test and then use cacls on D:\Test. This will allow you to access your data inside the newly created folder inside D:\Test by typing the full path in the address bar of any explorer window or in the Run box and since only you will be knowing the full path, your data is still safe. CALL Calls one batch program from another. Particularly useful in batch file programming. General syntax is call [full batch file path] [arguments if any]. After execution of the other batch file control is passed back to the original file from which the call command was given. Call can also be used to run a program since all programs are treated as external commands. So you could also have something like call C:\Windows\explorer.exe which will open My Documents in explorer view. CD / CHDIR Displays the name of or changes the current directory. Most common of all commands, this command is used to change the current working directory to the one specified after the cd command. Usage is cd [directory name] if the directory is a sub folder of the current directory. You have to use the full path including the drive letter if the directory is somewhere else. Assume your current working directory is C:\Windows and you want to change to D:\Projects\Books\Chapters then you will have to type the full path along with cd; cd D:\Projects\Books\Chapters will change your directory to D:\Projects\Books\Chapters. The asterisk wildcard is supported to some extent. Like if you have two directories in D: drive called Best and Test then you can change your current working directory from D:\ drive to Test by typing cd Te*. DOS will change the directory to the first available directory satisfying Te* (Test in this case). If you want to change back to the parent directory then you can use cd .. to change back. To change back to the drive root use cd \. Long file names with spaces have to be enclosed in quotes (if extensions are disabled). For example if you are working in C:\ drive and you wish to change to the Start menu folder of All users then type: cd “Documents and Settings\All Users\Start Menu\‖ If you are working in D:\drive and if you wish to change to the above folder then this command may not work, you will have to specify cd to change even the drive by passing a /D parameter along with the full path including the drive letter in inverted commas. cd /D “C:\Documents and Settings\All Users\Start Menu\”. To enable command prompt extensions type cmd.exe /E:ON in the run box. CHCP Displays or sets the active code page number. chcp [xxx] where xxx specifies a code page number. Type chcp without a parameter to display the active code page number. CHKDSK Checks a disk and displays a status report. Chkdsk is an external command found as a program in system32 folder as chkdsk.exe. Syntax of usage is chkdsk [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/L:size]] where volume specifies the drive letter (followed by a colon e.g. C:), filename: specifies the files to check for fragmentation (FAT/FAT32 drives only), /F fixes errors on the disk, /V displays the full path and name of every file on the disk (FAT/FAT32 drives only) whereas on NTFS drives displays cleanup messages if any, /R locates bad sectors and recovers readable information (implies /F), /L:size changes the log file size to the specified number of kilobytes, if size is not specified, chkdsk displays current size (NTFS only), /X forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F).
Page | 119
A Beginners Approach to Windows CHKNTFS Displays or modifies the checking of disk at boot time. Using this command you can specify the drive to be checked at the next boot. Use chkntfs /C [drive name with colon] to make Windows check if the drive is dirty. If the drive is found to be dirty then chkdsk is called and it checks the drive. To restore default no check values type chkntfs /D at the prompt. To see current status of a drive type chkntfs [drive name with colon]. CLS Clears the screen. Type cls and press enter. CMD Starts a new instance of the Windows command interpreter. You can start cmd.exe with several parameters. Syntax is cmd [/A | /U] [/Q] [/T:bf] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [[/C | /K] string] where /C carries out the command specified by string and then terminates, /K carries out the command specified by string but remains active, /Q turns echo off, /A causes the output of internal commands to a pipe or file to be ANSI, /U causes the output of internal commands to a pipe or file to be Unicode, /T:bf sets the background/foreground colors (see the color command below), /E:ON enable command extensions, /E:OFF disable command extensions, /F:ON enable file and directory name completion characters using the Tab key, /F:OFF disable file and directory name completion characters COLOR Sets the default console foreground and background colors. color [BF]. BF specifies the color code. B for background and F for the foreground text. These codes are hex digits that can be any of the following values: 0 = Black 8 = Gray 1 = Blue 9 = Light Blue 2 = Green A = Light Green 3 = Aqua B = Light Aqua 4 = Red C = Light Red 5 = Purple D = Light Purple 6 = Yellow E = Light Yellow 7 = White F = Bright White If no argument is given, this command restores the color to what it was when cmd.exe started. This value either comes from the current console window, the /T command line switch or from the DefaultColor registry value. You cannot give the foreground and background to have the same color. For example: color 4F produces red on bright white. COMP Compares the contents of two files or sets of files. The general syntax is comp [file1] [file2] [/D] [/A] [/L] [/N=number] [/C] where file1 specifies location and name of first file to compare, file2 specifies location and name of second file to compare, /D displays differences in decimal format, /A displays differences in ASCII characters, /L displays line numbers for differences, /N=number compares only the first specified number of lines in each file, /C disregards case of ASCII letters when comparing files. Wildcards are supported for filenames. COMPACT Displays or alters the compression of files on NTFS partitions. The general syntax is: compact [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename [...]] where /C compresses the specified files. Directories will be marked so that files added afterward will be compressed. /U uncompresses the specified files. Directories will be marked so that files added afterward will not be compressed. /S performs the specified operation on files in the given directory and all subdirectories. Default "dir" is the current directory. /A displays files with the Page | 120
A Beginners Approach to Windows hidden or system attributes. These files are omitted by default. /I continues performing the specified operation even after errors have occurred. By default, compact stops when an error is encountered. /F forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default. /Q reports only the most essential information. Filename specifies a file or directory. When executed without parameters, compact displays the compression state of the current directory and any files it contains. CONVERT Converts FAT volumes to NTFS. You cannot convert the current drive. If you wish to convert your D: drive from FAT32 to NTFS then convert D:\ /FS:NTFS /X will do. Here D:\ is the name of the drive you wish to convert, FS:NTFS tells DOS to convert the file system on D: drive to NTFS. The /X parameter forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid. COPY Copies one or more files to another location. The common syntax is copy [source file] [destination] /Y. Copy will prompt if a file exists with the same name as that being copied in the destination directory. By using the /Y parameter, Windows will overwrite without asking the user. DATE Displays or sets the date. When used without any parameters, date shows the current day and date in the format Sun 03/12/2006 which is day MM/DD/YYYY. It will also prompt you to enter a new date, which you can ignore by pressing an enter. If command extensions are enabled then you can use date /T to just display date. DEL/ERASE Deletes one or more files. The common syntax is del [/P] [/F] [/S] [/Q] names erase [/P] [/F] [/S] [/Q] names where names specifies a list of one or more files or directories. Wildcards may be used to delete multiple files. If a directory is specified, all files within the directory will be deleted. /P prompts for confirmation before deleting each file. /F force deleting of read-only files. /S delete specified files from all subdirectories. /Q quiet mode, do not ask if ok to delete on global wildcard. For example if you wish to delete the contents of multiple folders like D:\Test, D:\Test2, D:\Test3 and so on containing read only files without asking you then del /F /Q D:\Tes* will do the job. DIR Displays a list of files and subdirectories in a directory. Common syntax is: dir [drive:][path][filename] [/B] [/C] [/D] [/L] [/P] [/Q] [/S] [/W] [/X] [/4] where [drive:][path][filename] specifies drive, directory, and/or files to list. /B uses bare format (no heading information or summary). /C display the thousand separator in file sizes. This is the default. Use /-C to disable display of separator. /D same as wide but files are list sorted by column. /L uses lowercase file and folder names to be displayed. /P pauses after each screenful of information, practically useful if you are in a system32 like directory and you have given a dir command. /Q display the owner of the file, shows all the users who have access to the file or folder. /S displays files in specified directory and all subdirectories. /W uses wide list format to display directory contents. /X this displays the short names generated for non-8.3 file names. The format is that of /N with the short name inserted before the long name. If no short name is present, blanks are displayed in its place. Used for compatibility between command.com and cmd.exe. /4 displays four-digit years. Wildcards are also supported. That is if you want to see the listing of only those files that have the characters est in them then you can use *est* in the filename. For example if you want to see the directory listing of C:\Windows system32\ of files or folders having de in their names, in wide format with short names (DOS ~1 style) along with full directory listing without any extra information and pause after every screen pass then dir C:\Windows\system32\*de* /p /w /x /b will do. Page | 121
A Beginners Approach to Windows DISKCOMP Compares the contents of two floppy disks. This command is used to compre the contents of two floppy drives only. You should have two floppy drives installed on your computer and the syntax is: diskcomp [drive1: [drive2:]]. DISKCOPY Copies the contents of one floppy disk to another. The general syntax of this command is diskcopy [drive1: [drive2:]] [/V]. Here /V verifies that the information is copied correctly. The two floppy disks must be the same type. That is if drive1 is 1.44 MB 3 ½ inch drive then drive 2 should also meet the same specification. ECHO Displays messages, or turns command echoing on or off. Echo is extensively used in batch files to display messages on the command prompt screen. Using echo without any parameters displays the current status of the echo command whether it is off or on. You can even set the state of the echo command by using echo ON or echo OFF at the prompt. To display Hello on the screen type echo Hello. If the message constitutes spaces then enclose the entire message in quotes. EXIT Quits cmd.exe program (command interpreter). Closes the program an returns control to Windows. FIND Searches for a text string in a file or files. Useful when searching for text in binary text files. The syntax of the find command is: find [/V] [/C] [/N] [/I] "string" [[drive:][path]filename[ ...]] where /V displays all lines NOT containing the specified string. /C displays only the count of lines containing the string. /N displays line numbers with the displayed lines. /I ignores the case of characters when searching for the string. "string" specifies the text string to find. [drive:][path]filename specifies a file or files to search. FORMAT Formats a disk for use with Windows. The most commonly used parameter and syntax of the format command is: format volume [/FS:file-system] [/V:label] [/Q] [/C] [/X] where volume specifies the drive letter followed by a colon. /FS:filesystem specifies the type of the file system (FAT, FAT32, or NTFS). /V:label specifies the volume label. /Q performs a quick format. /C files created on the new volume will be compressed by default (NTFS only). /X forces the volume to dismount first if necessary. All opened handles to the volume would no longer be valid. To quick format a floppy with a New label type format a: /q /v:New. HELP Provides Help information for Windows commands. To see more information about any other command type help [command name] or command name followed by a /?. For example to see the help for the echo command type echo /?. LABEL Creates, changes, or deletes the volume label of a disk. Use the label command to change the label of the current drive by typing label [label name]. For some other drive type label [drive:] [label name]. Using label without parameters causes cmd to display current drive label and prompts you if you would like to enter a new volume label. MD/MKDIR Creates a directory. The general syntax is mkdir [drive:]path and md [drive:]path. If the intermediate path does not exist and if command extensions are enabled, then mkdir creates the Page | 122
A Beginners Approach to Windows intermediate folders required. For example if you wish to create a folder in D:\Project\Books\Chapters\Complete called Final and if the none of the folders exist (Project, Books, Chapters and Complete) then these are automatically created by mkdir. MORE Displays output one screen at a time. This command can be used to read files. The most commonly used arguments are more /S /C /Tx [drive:][path]filemname where, /S causes multiple blank lines to be squeezed into a single line. /C clears the screen before showing the output. /Tx causes tabs to be expanded to x spaces. The default is 8 spaces. The [drive:][path]filemname is the full path of the file that has to be read. You can even open executables although the garbage will be incomprehensible. MOVE Moves one or more files from one directory to another directory. The general syntax is move /Y [full path of file1][full path of file2][….] [destination path]. The /Y argument disables prompting of confirmation if there is a destination file that will be overwritten. If you are moving just one file then you can even rename it after moving it to the destination folder by giving a filename after the destination argument. PATH Displays or sets a search path for executable files. Whenever you type an executable program name at the prompt, cmd.exe searches some default locations for the file. Common locations include %systemroot%, %systemroot\system32\ etc. You can add more locations to this list by using the path command. The common syntax is path [[drive:]path; [[drive:]path2; [[drive:]path3; %path% Type path ; to clear all search-path settings and direct cmd.exe to search only in the current directory. Including %path% in the new path setting causes the old path to be updated to the new setting. Type path without parameters to display the current path. PAUSE Suspends processing of a batch program and displays the message Press any key to continue ... PRINT Prints a text file. The general syntax is print [/D:device] [[drive:][path]filename[...]] where /D:device specifies a print device. PROMPT Changes the Windows command prompt. The syntax is prompt [text]. The text could be anything of normal characters and/or of the following special codes. $A & (Ampersand) $B | (pipe) $C ( (Left parenthesis) $D Current date $E Escape code (ASCII code 27) $F ) (Right parenthesis) $G > (greater-than sign) $H Backspace (erases previous character) $L < (less-than sign) $N Current drive $P Current drive and path $Q = (equal sign) $S (space) $T Current time $V Windows XP version number $_ Carriage return and linefeed Page | 123
A Beginners Approach to Windows $$ $ (dollar sign) For example if you wish to convert the normal D:\> prompt of cmd to something unique then try prompt $D [%username%]$G. Since my username is Cipher this command gave me a prompt that showed Sun 03/12/2006 Cipher>. Play around with it to find more. RD/RMDIR Removes or deletes a directory. The syntax is simple: rmdir [/S] [/Q] [drive:]path rd [/S] [/Q] [drive:]path where /S removes all directories and files in the specified directory in addition to the directory itself. Used to remove a directory tree. /Q quiet mode, do not ask if ok to remove a directory tree with /S. RECOVER Recovers readable information from a bad or defective disk. This command is mostly used to recover information from bad floppy disks. General syntax is recover [drive:][path]filename. Data cannot be recovered if your partitions are active or are being used by Windows. REM Records comments (remarks) in batch files. General syntax is rem [comment]. The comment is not displayed when preceded by the rem command. Analogous to // or /*comment*/ of C and C++. REN/RENAME Renames a file or files. The syntax is same for both the commands: rename [drive:][path]filename1 filename2 ren [drive:][path]filename1 filename2 where filename1 is the file you wish to rename and filename2 is the new name that you wish to give. The new filename should be complete with extensions (if any). Note that you cannot specify a new drive or path for your destination file. START Starts a separate window to run a specified program or command. Start without any argument starts another instance of cmd.exe. start ["title"] [path] [/MIN] [/MAX] [/SEPARATE | /SHARED] [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL] [/WAIT] [command/program] [parameters] where, path is starting directory, MIN start window minimized, MAX start window maximized, SEPARATE start 16-bit Windows program in separate memory space, SHARED start 16-bit Windows program in shared memory space, LOW start application in the IDLE priority class, NORMAL start application in the NORMAL priority class, HIGH start application in the HIGH priority class, REALTIME start application in the REALTIME priority class, ABOVENORMAL start application in the ABOVENORMAL priority class, BELOWNORMAL start application in the BELOWNORMAL priority class, WAIT start application and wait for it to terminate, command/program specifies application or batch file to run. If it is an internal cmd command or a batch file then the command processor is run with the /K switch to cmd.exe. This means that the window will remain after the command has been run. If it is not an internal cmd command or batch file then it is a program and will run as either a windowed application or a console application. Parameters these are the parameters passed to the command/program. SUBST Associates a path with a drive letter. This command creates a drive in My Computer for the folder specified. The syntax is subst [virtual drive letter:] [[drive:]\path] where, virtual drive letter is an unassigned drive letter in My Computer and drive:\path is the folder whose image you want to make in the virtual drive letter. Practically useful if you have a folder deep nested inside like D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\. You can Page | 124
A Beginners Approach to Windows then create a drive pointing to this folder by typing subst K: D:\Project Works\Books\A Beginner's Approach to Windows\ Chapters\Completed\. To delete an existing virtual drive type subst [virtual drive letter:] /D. To see all existing virtual drives type subst without any parameters. TIME Displays or sets the time. When used without any parameters, time shows the current time in the format 18:39:29.39 which is HH:MM:SS:milliseconds. It will also prompt you to enter a new time, which you can ignore by pressing an enter. If command extensions are enabled then you can use time /T to just display the time in the format 06:41 PM. TITLE Sets the window title for the command prompt window. General syntax is title [string] where, string specifies the title for the command prompt window. TREE Graphically displays the directory structure of a drive or path in the form of a tree. This command can be used with two arguments. The general syntax is tree [drive:][path] [/F] [/A] where, /F display the names of the files in each folder. /A use ASCII text instead of extended characters. To see the tree structure of the current directory and sub directories just type tree without any path or drive. TYPE Displays the contents of a text file. General usage is type [drive:][path]filename. VER Displays the Windows version. Type ver without any parameters to view your Windows version. VERIFY Tells Windows whether to verify that your files are written correctly to a disk. Type verify without a parameter to display the current VERIFY setting. Verify can be turned on or off by giving verify ON | OFF at the prompt. VOL Displays the disk volume label and serial number, if they exist. The syntax is vol [drive:] XCOPY Copies files and directory trees. Xcopy stands for extended copy mode of cmd.exe. The general syntax of usage is: xcopy source [destination] [/A | /M] [/D[:mm-dd-yy]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] where, source specifies the file(s) to copy, destination specifies the location and/or name of new files, /A copies only files with the archive attribute set, doesn't change the attribute. /M copies only files with the archive attribute set, turns off the archive attribute. /D:mm-dd-yy copies files changed on or after the specified date. If no date is given, copies only those files whose source time is newer than the destination time. /P prompts you before creating each destination file. /S copies directories and subdirectories except empty ones. /E copies directories and subdirectories, including empty ones. /V verifies each new file. /W prompts you to press a key before copying. /C continues copying even if errors occur. /I if destination does not exist and copying more than one file, assumes that destination must be a directory. /Q does not display file names while copying. /F displays full source and destination file names while copying. /L displays files that would be copied. /G allows the copying of encrypted files to destination that does not support encryption. /H copies hidden and system files also. /R overwrites read-only files. /T creates directory structure, but does not copy files. Does not include empty directories or subdirectories. /T /E includes empty directories and subdirectories. /U copies only files that already exist in destination. /K copies Page | 125
A Beginners Approach to Windows attributes. Normal Xcopy will reset read-only attributes. /N copies using the generated short names. /O copies file ownership and ACL information. /X copies file audit settings (implies /O). /Y suppresses prompting to confirm you want to overwrite an existing destination file. /-Y causes prompting to confirm you want to overwrite an existing destination file. /Z copies networked files in restartable mode. If for example you wish to copy hidden read only database files to another directory which has similar files with the same name then you can use xcopy D:\Databases\*.dbf “D:\New Databases\Databases\Extras\” /C /O /Y /R /H One thing known to very few Windows users is the ability of a cmd.exe command output to be redirected to another command or to a file on the hard disk. This is practically useful if you want the directory listing of some folder that has got several sub folders inside and you wish to take a print of this. The operator used is called the output redirection operator given by >. For example if you wish to take a print of the output of dir C:\Windows\system32\ then you can redirect the directory listing from the screen to a text file like this: dir > D:\dirlist.txt. Then you can open the file and read for yourself. If the file dirlist.txt exist then the contents are overwritten, if it does not exist then it is created. There is also a double output redirection operator ( >> ) that enables output of a command to be appended to an existing file instead of overwriting it as is the case with the single output redirection operator. Thus you can have dir D:\Projects\ >> dirlist.txt which will append the output of the directory listing of D:\Projects to dirlist.txt. Just like we have output redirection operators for redirecting output, we also have a input redirection operator ( < ) to redirect input. For example the format command requires users to press ENTER to start the format, ENTER again for no label and N to say No to format another floppy. All this can be combined in a text file. Let us call it abc.txt. The contents of this file should be two Enters and an N. The file should look like this:
Input Redirection - Print Screen 6.2
Don‘t press enter after N, just save the file in a convenient location. Then you can start cmd.exe and type format a:/q < abc.txt. Remember, your current working directory should be the same as the folder where your abc.txt file is saved. So it would be more convenient to store the file at the root of your drive. Any drive would do. You‘ll love it this way….. Piping is an interesting concept. Piping combines both the input and output redirection operators and is used to redirect the output of a command to another command. An excellent example would be echo y | del *.tmp This command will cause y to be echoed to the screen but will be piped to the del command which prompts for a yes (Y) or no (N) when using without the /Q argument. Thus this command will delete all temporary files in the current working directory without asking the user.
Page | 126
A Beginners Approach to Windows Challenges: 1. Make Windows check your D: drive for errors at startup. 2. Start cmd.exe at system startup with the background color as blue and the foreground color as white. 3. Create a drive in My Computer for C:\Windows. 4. Redirect the Output of tree to a text file in your D: drive by name tree.txt and open it in notepad. Then open the file in cmd.exe and view the contents in both.
Page | 127
A Beginners Approach to Windows
CHAPTER VII
Batch Files & Scripts In this chapter we shall see the importance and usage of batch file scripting. Although not directly related to the Windows GUI environment, batch files can be used to perform several day to day things in a quick and untiring manner. You should read the previous chapter on DOS commands to take full advantage of this chapter. After this chapter the reader should be able to: Understand the importance of batch files. Write simple batch programs using common DOS commands. Write complicated loops using FOR and IF and other conditional statements. Redirect program output to files on the disk or to other batch programs. Write several programs that will ease your Windows usage.
Page | 128
A Beginners Approach to Windows Programming has become a hobby for many computer users. Industries worldwide are searching for programmers who can cut through the worst logical problems and provide simple solutions. Let us take a step into this reality. For those who are still in the Neolithic Age, let me explain what programming actually is. Many a times problems crop up that require an automated solution since providing manual interference every time becomes mundane and time consuming. For example nd suppose, a company pays its employees on the 2 of every month. Now salaries are derived on the basis of employee work hours, post and other company policies. If the company is huge then calculating each of the 5000 odd employee salaries could well require another department in the company. To automate the entire process, a computer program could be written that could take the employee number (for ease of input), post and other policies depending on the company as input and print out the pay check out on paper for each and every employee. Many users will wonder as to how Windows by itself can be used for programming. Well as we saw in the last chapter, cmd.exe provides several commands that can be used to create a powerful environment to write and execute simple scripts and batch programs. This chapter will cover the art of programming with batch files. It‘s fun more than serious study. After this chapter you should be able to write your own innovative and time saving programs. Take note that the term scripts and programs are used exchangingly in the context limited to batch files and batch programming. This chapter should mark your starting step into the programming world.
VII.1: Batch Files Like every programming language has support for their environment specific files, same is the case with batch files. Files with a .c and .cpp are source code files of C and C++ respectively and same is the case with .pl files which are extensions of Perl script source code files. Programming with batch files is not hardcore programming as seen with other languages. Other languages allow you to create variables, create and destroy memory references, allocate memory dynamically and manipulate the system. But same is not the case with batch files. Batch files just contain cmd.exe commands that are executed line by line through cmd.exe. Batch files generally are of two types. One type has the normal .bat extension and the other has the .cmd extension. Batch files can be run just as any other executable file that is by double clicking on them. Whenever a batch file is run, Windows checks for the extension of the file and then calls cmd.exe to execute the commands contained within the file. Cmd.exe opens the file, reads the first line and then closes the file and if the line is a valid command, cmd.exe then executes the command and, updates the cmd.exe address pointer to the second line, opens the file, reads and closes the file, executes the command, and this procedure is repeated till end of file is reached or a exit statement is met on the way. All valid cmd.exe commands can be used in batch files. This includes all external, internal and program commands. You can run other batch files from within one batch file by using call or start commands. Note that batch files are considered to be internal DOS commands.
While creating a batch file, keep in mind that the batch file name is not the same as another cmd command. For example if you have a batch file with the name of dir.bat and if you try to execute it at the prompt, then cmd.exe will give the directory listing of the directory instead of running the batch file. To run the batch file in such a case you will have to type the entire file name at the prompt i.e. C:\> dir.bat which of course is unwanted.
So how do I create a batch file in the first place? Since batch files are just text files containing cmd.exe commands with a .bat extension, you can create them using any text editor. The best option however is notepad. So open notepad by going to Start >> Run >> notepad. No matter what Page | 129
A Beginners Approach to Windows you type, just remember to give the file a .bat extension. This can be done in notepad in the Save dialog box. In notepad go to File >> Save. In the file name box, type a name for the batch file with a .bat extension and in the Save as type, select All files from the drop down list and then click on Save to save the file. It is worth noting that batch files can be run from the command prompt or from the Run dialog box through Start. Let us create our first simple batch file which will open your D: drive. Open notepad and type the following and save it with a .bat extension. Name it as something like d.bat. chdir D: explorer d: cls exit Let us study this file line by line. The first line tells DOS to change the current working directory from whatever it was to D: drive. This is unnecessary since explorer can be run from anywhere. Anyways, the second line tells cmd.exe to launch explorer with D: drive as an argument. Explorer can be run without its .exe extension; this is automatically added by cmd. The next line tells cmd to clear the DOS screen and the final line exits the prompt. The basic motive of the batch file was to open D: drive in explorer. All other lines can be dropped and your batch file could as well look something like this: explorer D: It would still work. One thing you may have become aware of is that, you should be in the same directory as the batch file to execute it. The task of changing to the directory containing the batch files can become very boring. An alternative (and the best practice) would be to save all batch files in a single folder, something like C:\Batch would do. Then you can direct cmd and Windows to look for the batch file in the directory by default. This can be done by adding the folder C:\Batch to the system variable Path. Open System Properties and under the Advanced tab click on Environment Variables. In the Environment Variables dialog, search for the System Variable called Path. Select it and click on Edit. Add the name of the folder whose contents you want Windows and cmd to run without entering the whole path or changing current directories, preceded by a ―;‖. So finally the path variable should contain the following %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Batch This will run the batch file from anywhere. You just have to type the name of the batch file at the prompt or at run. The best place for executing a batch file is through the command prompt because the prompt will show the output of the batch file and stay on the screen, otherwise the case with the Run style of batch file execution is that the command prompt will be visible till execution and then close irrespective of whether an exit command was included in the batch file. Open command prompt and just type d and press Enter. Explorer should open the D: drive. Another useful batch file would be the one having the exit command. Open notepad and type exit and save the file as a batch file with the name q.bat. Save it in the directory whose address is mentioned in the Path variable. Now whenever you wish to exit the command prompt just type q instead of exit. Let us see some of the most widely and commonly used commands in batch files. Most of the DOS commands that we saw in the previous chapter have not been included to avoid redundancy.
The REM command The Remark command is used to enter comments in your batch file. If you have created a big batch file with lots of complicated loops and commands then by using the REM command you can make any user understand what the code does, if the user is reading the code. Whatever is typed after the REM command is not even displayed on screen. Hence you can have as many lines of Page | 130
A Beginners Approach to Windows explanation in the batch file without them being displayed on screen. The only thing that you have to bear in mind is not to add many remarks, since this will cause the program execution to slow down. Another thing is that REM commands are usually used for batch files that are large. You should, as a programmer‘s practice, not add REM for small programs. The REM command is analogous to the /* comment */ of C, // of C++ and „ of Visual Basic. Example: REM cls REM D: REM Exit REM
This is an example to change the current drive to D: drive that cleared the screen that changes the drive Closes cmd.exe and returns control to shell.
If the REM command still displays the comments on screen then you can precede the REM command by an @ symbol which will prevent the command from displaying on the screen, yet get executed. So the program may have to look like the following snippet for it to work properly. @REM This is an example to change the current drive to D: drive cls @REM that clears the screen D: @REM that changes the drive Exit @REM Closes cmd.exe and returns control to shell.
The Echo command The Echo command is used to display comments on the screen or to give user an idea what the batch file is doing. You may argue that you can remove the REM command and just keep the comments, but cmd.exe will interpret them as commands and give an error saying that the comment, whatever it may be, is not an internal or external command in DOS. The echo command is what printf is to C and cout is to C++. Any thing written after the echo command will cause it to be displayed on the screen. It is true that batch programs display all commands they are executing but sometimes they are not enough and it is better to also insert ECHO commands, which give a better description of what is presently being done. Example: @REM Program to copy mp3 files from D: drive to C: drive. Echo Program to copy mp3 files from D:\Music to C:\Music Echo Copyright © 2005-06 xcopy D:\Music\*.mp3 C:\Music /Y /I Echo All files have been successfully copied Echo Thank you for using this program. Execute this file and see the output. The file is saved in the root of D: drive and has been named mp3copier: D:\>mp3copier D:\>Echo Program to copy mp3 files from D:\Music to C:\Music Program to copy mp3 files from D:\Music to C:\Music D:\>Echo Copyright © 2005-06 Copyright © 2005-06
Page | 131
A Beginners Approach to Windows D:\>xcopy D:\Music\*.mp3 C:\Music /Y /I D:\Music\Track1.mp3 D:\Music\FishTrax.mp3 D:\Music\Vaporizer.mp3 3 File(s) copied D:\>Echo All files have been successfully copied All files have been successfully copied D:\>Echo No file was overwritten. D:\>Echo Thank you for using this program. Thank you for using this program. D:\> Here Echo has to be set off before beginning with the program so that the Echo command itself is not displayed but instead whatever it has to display should be shown on screen. So just type Echo off at the beginning of the batch file to prevent echo from being displayed. Furthermore to prevent Echo Off itself from being displayed, use the @ symbol to suppress output but still continue execution. So your final program should look something like this. @Echo off @REM Program to copy mp3 files from D: drive to C: drive Echo Program to copy mp3 files from D:\Music to C:\Music Echo Copyright © 2005-06 xcopy D:\Music\*.mp3 C:\Music /Y /I Echo All files have been successfully copied Echo Thank you for using this program. The output for this program will be: D:\>mp3copier Program to copy mp3 files from D:\Music to C:\Music Copyright © 2005-06 D:\Music\Track1.mp3 D:\Music\FishTrax.mp3 D:\Music\Vaporizer.mp3 3 File(s) copied All files have been successfully copied Thank you for using this program. D:\> Now that looks neat. For those who are wondering what arguments were passed to xcopy; the /Y was to suppress the confirmation whether to overwrite and the /I was to force xcopy to believe that C:\Music is a directory and not an extensionless file. To display a blank line in the output you can use a blank line in the batch file which is equivalent to an Enter or you can use the Echo command with a dot (Echo.)
The Pause command The Pause command is used to halt program execution for an indefinite period until and unless an user intervenes and presses a key on the keyboard. The program can be terminated at pause command by pressing Ctrl + C or Ctrl + Break. The Pause command in short gives the user time
Page | 132
A Beginners Approach to Windows to react and cancel the batch program if he wishes to. You can also use the Break command to do the same thing. Example: @Echo Off @REM Example of Pause command. Echo Alert!! Echo. Echo This will delete all temporary files from your temp folder. Echo Press Ctrl + C to stop execution Pause Del %temp%\*.* Echo Files have been deleted. Thank you for using our service. When you execute this file at the prompt and press Ctrl + C, you will get the following output. The file is saved in the root of D: drive and has been named tempdel: D:\>tempdel Alert!! This will delete all temporary files from your temp folder. Press Ctrl + C to stop execution Press any key to continue . . . Terminate batch job (Y/N)? y D:\> In the other case if you press Enter or any other key then the output changes accordingly: D:\>tempdel Alert!! This will delete all temporary files from your temp folder. Press Ctrl + C to stop execution Press any key to continue . . . Files have been deleted. Thank you for using our service. D:\>
The Call and Start command The Call and Start command basically do the same thing, calling of external programs or other batch files from within one batch file. The syntax is call %name_of_file%. The file could be another executable or a batch file in the same directory or in a directory recognized in the path variable. The start syntax is somewhat confusing; start “” “%name_of_file” arg. A blank ―‖ is necessary otherwise you cannot pass arguments if any to the program. See this example for further understanding. Example: @echo off @rem example of Call and start Echo This program will call explorer to open D: drive. Call explorer D: Echo. Echo This program will also start another session of cmd.exe with colors Start "" "cmd.exe" /T:AF
Page | 133
A Beginners Approach to Windows In this code the blank quotes (―‖) after the start command allow cmd.exe to accept the /T:0E argument that colors the new cmd with yellow and black. As already mentioned we can call another batch file also from within a batch file. Let us try calling mp3copier from the previous section through this file. The code will change accordingly. @echo off @rem example of Call and start Echo This program will call the batch file mp3copier.bat. Call mp3copier Echo. Echo This program will also start another session of cmd.exe with colors Start "" "cmd.exe" /T:AF There is absolutely no need of giving the .bat extension for mp3copier, since cmd.exe checks to see if there is an internal command, external command or any program from a directory defined in the path variable. Mp3copier.bat executes and returns control to the original batch file.
The GoTo command The GoTo command is used for branching purposes. Using the GoTo command we can jump to another section of the batch file and then continue execution in that part and then if we want to return back use another goto statement and jump back to the location from where you had jumped. The Goto command is always used with a label. This label is the location where the control is transferred as soon as the Goto command with that specific label is encountered. Labels are always written beginning with a colon : and then the label. Hence the general syntax is GoTo Label where label is defined somewhere later in the program. Example: @echo off @rem example of Goto Echo This program will call explorer and then use GoTo to jump to another location then return back using another Goto and finally exit. Call explorer D: Goto local :back Call sol Call spider Exit :local Echo. Echo control has reached here after jumping. Del %temp%\*.* /Q Echo Press Ctrl + C to end batch file completely. Pause Goto back This code is pretty much self explanatory, but anyways let me make it simpler. Explorer is called without any arguments causing My Documents to open. And then the GoTo statement is encountered which causes the program execution to transfer to the label local which has been declared just after the exit command. This causes all files from the temporary folder to be deleted upon pressing of any key. If you press Ctrl + C here then the program is terminated completely without going to the Goto back statement. When you continue, the program execution gets transferred to the back label declared below the GoTo local statement which continues program execution and opens Solitaire and Spider Solitaire and finally exits the cmd.exe prompt.
Page | 134
A Beginners Approach to Windows There is no uppercase or lowercase specifications in cmd.exe as far as commands are considered. This means that GoTo is the same as goto, GOTO, goto or Goto.
VII.2: Passing Arguments An Argument, as we have seen for several programs, is additional information that allows us to manipulate the program itself. The best example that I can come up with is Explorer.exe. When run without any arguments, explorer opens up My Documents, but you can always pass one of your drive letters with a colon to open the respective drive or any folder for that matter on your hard disk. We can also create batch files that can take in external parameters and use them in their execution. In many scripts and programming languages we find that the % character is used to obtain external parameters. Even in the Windows registry, as you will see later, the % character has been used to pass the name of a file or location as an argument. The same applies to cmd.exe. It can read up to 9 external arguments passed from a batch file to the executing command. To make it more clear let us see an example. @Echo off Echo %1 %2 Save this file as d.bat or something simple like that and then at the prompt type the two arguments that the batch file is supposed to take. D:\>d Hello World This will print Hello World on the screen. %1 is replaced by Hello and %2 by World. If the number of arguments passed to the batch files exceeds then what is needed by the batch file then the remaining arguments are just dropped. If a file takes arguments and if none is passed then the command at which the argument was due to be used will give an error or will complete in a way not anticipated. The following batch file will make it clear. @Echo off Format %1: /q This batch file when run with an argument of A will ask you to insert a new disk in drive A (floppy drive) to quick format it. Now if no argument is specified then the program will give an Invalid Drive Specification error. D:\>d A Insert new disk for drive A: and press ENTER when ready... Now if no argument is passed, the output changes to: D:\>d Invalid drive specification. There is a command called Shift that is shown in the help of cmd.exe but was not explained in the previous chapter for a very honest reason. To know the working of shift you have to understand what arguments are and how they are used to give batch files information; which is what you have achieved in this chapter. Shift is used to shift the position of replaceable parameters in batch files. Now suppose you wish to pass more than 9 arguments to a batch file (I wouldn‘t understand why though) then you can use the same argument character (%1) as many number of times as you want by shifting the value. An example should make it clear. Let us modify the previous Hello world program to make it clear. Note the argument characters in the program. Page | 135
A Beginners Approach to Windows
@Echo off Echo %1 Shift Echo %1 At the prompt type the two arguments that the batch file is supposed to take. D:\>d Hello World This will print Hello World on two lines by using the same argument character that is %1. The thing that cmd.exe does here is that Hello is printed out and then it is shifted to %2, since %2 is not present, Hello is dropped completely and World is moved into %1. D:\>d Hello World Hello World D:\> Thus using the shift command in a batch file you can pass as any number of arguments as you want and still run the program. The only thing to bear in mind is the execution time of the batch program may reduce due to generic calculation of arguments passed and mutual transfer amongst variable characters, so as far as possible try using not more than 9 arguments.
VII.3: FOR Loops & IF Branching If you want to perform a certain set of instructions over and over again without having to write them every time you want to perform them, you can use the FOR loop. The syntax of the FOR loop is slightly confusing and I will try to make it as clear as possible. The syntax is: FOR %%Variable IN (set) DO command The Variable is a single character except 0-9 and set are the values that are assigned to the variable and command is the command that cmd.exe has to execute whenever a value from set is assigned to the variable. An example will make this clear. @Echo off FOR %%P IN (C:\, D:\, D:\Music\) DO DIR %%P This command will cause the values in the set to be copied to %P, one by one and execute the Dir Command with the value in %P. The two %% are to be used since cmd.exe deletes one instance of the %. If you are using the ‗for loop‘ in the prompt (not through a batch file) then you can use a single %. Anyways, coming back to this program, this FOR loop will cause dir to display the directory listing of C: drive, then the directory listing of D: drive and then of the D:\Music folder. Another example of the FOR loop is given below: @Echo off FOR %%A IN (*.mp3, *.xls, *.txt, *.jpg) DO XCOPY D:\Data\%%A C:\Test\ /I /Y This FOR loop will first copy all the mp3 files from the D:\Data\ folder to C:\Test overwriting any previously present files of the same name. Then when all mp3 files have been copied, the for loop
Page | 136
A Beginners Approach to Windows copies *.xls into %A and then xcopy copies all the Excel files present in the folder to C:\Test, then the for loop gets updated and then copies text files and finally all picture files into the C:\Test folder. The FOR loop can be made more intelligent by allowing the user to pass external arguments and using these arguments in the set of the FOR loop. An example is shown below: @Echo off Echo This program takes three arguments from the user and the uses the FOR loop to copy the files specified by the argument. Echo The user has specified the following three extensions to copy: %1 %2 %3 FOR %%S IN (%%1, %%2, %%3) DO XCOPY D:\Data\%%S C:\Test\ /I /Y Save the file with a simple name, something like ext.bat will do. At the prompt type the following D:\>ext *.bmp *.mp3 *.doc The arguments when used within a FOR loop should also have two % for compatibility. The above command at the prompt will cause all *.bmp files from the D:\Data\ directory to the C:\Test\ directory then the FOR loop will copy all mp3 files and then finally all word documents are copied. The /I switch for xcopy causes xcopy to assume C:\Test is a directory and the /Y as you‘ll know suppresses confirmation whether to overwrite existing files.
Sometimes it may so happen that you want to check some condition is true or false or some value and then proceed with the next line of execution. In this situation, the IF branching method comes as a life saver. Using an IF statement you can cause the execution to be transferred to anywhere in the program or continue as it is. The general working of an IF statement is: If (condition = TRUE) { do this command exit loop (or do anything else) } else { do this exit loop (or do anything else) } The IF condition can be used for checking the values of a variable and then proceed accordingly. Along with the normal comparing of variable (strings), the IF command can also be used to check for the existence of files. An important use of the IF statement is in the checking of file existence or availability. The IF statement can be written in a way that will allow the program to check if a particular file exists and then perform the next execution accordingly. The general syntax of this command is IF [NOT] EXIST filename command We can check for the availability of a file and then perform a command. An example will make it clear: IF EXIST C:\Windows\Explorer.exe Echo The Windows shell exists.
Page | 137
A Beginners Approach to Windows When executed, this IF statement will check if the file Explorer.exe exists and then echo ―The Windows shell exists‖ on to the screen. If on some weird unnatural Windows computer this file did not exist then this command would not display anything. You can then combine an Else with the IF statement to complete the logic in the code. Remember that the IF and Else have to be on the same line and the command part has to be enclosed in brackets. Let us modify the above example itself and check the result. Better still let us write a batch file with the complete source code. @echo off IF EXIST C:\Windows\Explorer.exe (Echo The Windows shell exists) ELSE (Echo No shell) Now when you run this batch file at the prompt, the program will output ―The Windows Shell exists‖. Modify the code and change the explorer.exe to something like xplorer.exe and then run the batch file, you will get ―No shell‖ as the program output. The syntax also has a NOT EXIST extension that is just the opposite of EXIST and can be used to run a command if the condition becomes false. We saw methods of checking for files, but what about folders? The IF command can also be used to check if folders exist or not. Windows considers that every folder has a default file that gives the address of the folder. This file is named as a . (dot). Thus if you modify the IF EXIST command to include the path of the folder with its dot file then the IF statement can be used to check for existence of the folder. An example will make it more clear. @echo off IF EXIST C:\Windows\. (Echo Folder Exists) ELSE (Echo No Such folder) The IF statement can also be combined with the GOTO command or for that matter any command. GOTO allows you to transfer control of instructions in a way defined by the user. The IF statement could check for the existence of files or folders and then jump to a sub routine kind of thing that will consist of instructions that have to be executed if the conditions are met. Another example here: @echo off IF EXIST C:\Music\Cher-Believe.mp3 (GOTO FOUND) ELSE (Echo No Such file) xcopy G:\Cher\Cher-Believe.mp3 C:\Music\ /I del %temp%\*.tmp exit :FOUND Echo The Song exists Echo. Echo Now the program will exit Pause Exit The above program is very much self explanatory but anyways I‘ll do my work. The program checks if the file C:\Music\Cher-Believe.mp3 exists or not, if it does not exist then the program echoes that there is no such file and then copies the same file from the CD ROM drive (assuming G: drive) to your C:\Music folder. Then the batch program deletes all temporary files from the temporary folder and then exits. On the other hand if the file exists then the execution is transferred to the label :FOUND and then execution continues from the label onwards. Prompt then echoes that the song exists and then exits after giving you a chance to see the output. The other use of the IF statement is to compare two strings, either passed as an argument or internal commands. The syntax is
Page | 138
A Beginners Approach to Windows IF [NOT] string1 == string2 command Most of the time this statement is used to compare arguments passed to the batch file and then execute a set of commands by using straight commands or the GOTO label method. An example will make it clearer. Create a batch file with the following and which takes one argument. Call the file disk.bat or something like that. @echo off IF %1 == chk GOTO :DISKCHECK IF %1 == dfg (GOTO DEFRAG) ELSE (Echo Invalid Argument) exit :DISKCHECK chkdsk Pause Exit :DEFRAG defrag C: -a Pause Exit Run the batch file with either of the two parameters i.e. chk or dfg. D:\>disk dfg This will cause the program to compare the argument with chk (which is false) and then with dfg (which is true) which causes the program execution to jump to the :DEFRAG label. Here the program calls defrag.exe to analyse the C: drive (-a argument to defrag.exe) and then waits for you to see the output and the exits upon any keystroke. The same is the case if the chk argument is passed which causes the program execution to jump to :DISKCHECK label and then execute chkdsk for the current drive and then wait and exit. If no argument or anything other than chk and dfg are passed then the program gives an Invalid Argument error and then exits.
VII.4: Examples We have seen many commands that can be employed to write several simple programs to ease everyday Windows tasks. Let us see some examples in the following section. Program to start an application depending on the argument passed:
The following batch file takes in one argument which is a number which corresponds to an application in the program. @echo off cls Echo. Echo Game Selection Program Echo. Echo 1. Solitaire Echo 2. Spider Solitaire IF %1 == 1 GOTO SOLITAIRE IF %1 == 2 GOTO SPIDER GOTO END :SOLITAIRE sol Page | 139
A Beginners Approach to Windows GOTO END :SPIDER spider :END This program may sometimes give an ―GOTO was unexpected here‖ error. But that depends on the OS that you have. Pass 1 as an argument to start Solitaire and 2 to start Spider solitaire. Program to check what OS you have installed:
This is a very generic example. In that sense this program will check for some files found only on typical OSs. For example regedt32.exe is not found on Windows 98 and so. This program will check and work for three Operating Systems, Windows XP, Windows 2000 and Windows 98. @echo off cls Echo. IF EXIST %systemroot%\system32\regedt32.exe (GOTO NT) ELSE GOTO NONNT GOTO END :NT IF EXIST %systemdrive%\Winnt\. (Echo Windows 2000) ELSE Echo Windows XP GOTO END :NONNT IF NOT EXIST %systemrooot%\system32\. Echo Windows 98 GOTO END :END This program first checks to see if regedt32 is there in the system32 folder, if it is there (which is the case with all NT systems) then control is transferred to the instruction after the :NT label. Then the program checks if the %systemroot% directory is Windows or Winnt, upon which an output is given that it is Windows XP or Windows 2000 respectively. If in the first case regedt32 was not found then we can be sure that it is not Windows XP or Windows 2000, but to perform one more check the program checks to see if the system32 folder is present (which is absent in Windows 98) and then echoes a message saying the system is Windows 98 if it is not found.
Program to copy files specified by user:
This is a modification of a program already included somewhere above. This program will copy files of extension type passed as arguments to the following batch file. @echo off cls REM to copy 2 types of files. Mkdir D:\Backup xcopy C:\Data\%1 D:\Backup\ /I /Y shift xcopy C:\Data\%1 D:\Backup\ /I /Y echo File Copying Complete This program is pretty much self explanatory. Pass two file extensions as arguments. This program creates a directory called Backup in D: drive. And then copies the files or all files that have been passed with wildcards (*.mp3) into this newly created directory.
Page | 140
A Beginners Approach to Windows Program to check if a file exists and then run applications:
This program uses the IF exist statement to check for file existence and then runs a program associated with it. The programs may or may not have a relation with the file that exists. @echo off cls IF EXIST D:\Test.mp3 (GOTO FOUND) ELSE regedit GOTO END :FOUND shutdown –s –t 60 pause :END This program will shutdown the computer if Test.mp3 exists, if it does not then the Registry Editor is started. You can include other programs instead of the ones that I have specified.
Program to erase all traces of your computer usage:
The following batch file will erase all your computer usage history at the next login. To work at every login you have to place this file at system startup either through startup Program Files or through the registry. @echo off cls del %temp%\*.* /Q del Recent /Q Echo All Files deleted Echo. Echo Nobody knows what you did. Two locations have been utilized the Recent documents and the temporary folder. You can modify the code accordingly to erase Internet History too.
Use Batch File Programming judiciously or you may end up deleting unexpected files through wildcards or something. Batch File Programming will hopefully form your base for other extended programming languages like C, C++, Java & Visual Basic. Understanding the logic is more important than the construct. If you figure out the logic, you can well write a program in any number of ways you want. Logic and Programming Language Syntax should someday enable you to write your own OS …
Page | 141
A Beginners Approach to Windows
CHAPTER VIII
Windows Safe Mode In this chapter we shall see the importance of the Windows Safe Mode. The Administrator account which is usually available only through Safe Mode will be used for most of the corrections that have to be done. Different Safe Modes have also been covered, which include Safe Mode with command prompt and Safe Mode with Networking. After this chapter the reader should be able to: Start the computer in Safe Mode. Use System Restore through Safe Mode to correct problems.
Page | 142
A Beginners Approach to Windows The Windows Safe Mode has been in Windows right through Windows 95 and provides a secure and safe environment to correct Windows problems. Using Safe Mode you can remove viruses, correct hardware problems, resolve conflicting software issues, use system restore to rollback your system to another time and do a lot more. The Safe Mode of Windows 98 and Windows XP differ on several levels. Both the variants are explained in the text to follow. In general the Windows Safe Mode is used to diagnose and correct several common hardware as well as software issues. Before formatting your system out of frustration try the Safe Mode while following this chapter.
VIII.1: What is the Safe Mode? A very good question by a newbie. The existence of a Safe Environment in Windows is just a vague idea by many users and the question of why would they want to use the Safe Mode is another story altogether. If you are unable to start your computer, or if your computer crashes frequently or if your computer has suddenly become very slow or if your display, sound or any other hardware is giving problems then you can rely on Safe Mode and use it to get your PC on the tracks once again. The basic idea of Safe Mode is to start Windows with the least device drivers needed to start the computer without any hang-ups. Windows disables startup programs and nonessential services to create an environment useful for troubleshooting and diagnosing problems. Windows starts a minimal set of drivers that the operating system needs to function. Explaining it technically, Windows XP can start the Safe Mode in three configurations, one is the normal Safe Mode, the second one is the Safe Mode with command prompt (cmd.exe) as the shell and the last one is the Safe Mode with Networking. There is no much difference in the startup of these three types though. Windows starts the computer with minimal hardware drivers and software that is necessary to make the computer start. Hence you will not be able to hear any audio or see any videos properly. Your printer will not work nor will your several other devices that work when Windows starts normally. To start Windows in Safe Mode, do one of the following: Press F8 on the Operating System select menu. If this menu can‘t be seen (single OS systems) then press F8 just after the BIOS post. This is the time when your computer gives a beep and the lights on your keyboard glow on and off for a fraction of a second. If your computer failed to start successfully in an attempt previously made then you will get the recovery options screen which has an option to start Windows in Safe Mode. You can still start Windows normally by selecting the option from this menu. Windows always keeps a record of the most recent successful restore point. This record can be used to boot your PC by selecting the Last Known Good Configuration option. The essential drivers and system services enabled in safe mode include the following: Drivers for serial or PS/2 mouse devices, standard keyboards, hard disks, CD-ROM drives, and standard VGA devices. Your system BIOS must support universal serial bus (USB) mouse and USB keyboard devices in order for you to use these input devices in safe mode. You can enable or disable USB devices through the BIOS as and when the need arises though. System services for the Event Log, Plug and Play, remote procedure calls (RPCs), and Logical Disk Manager. Windows 98 starts Safe Mode in its own way, since there are no well defined users on a Windows 98 system it starts in the default user‘s configuration. The autoexec.bat and config.sys files are not run. Also the system.ini file is not parsed, instead a file called system.cb is created and used which loads the drivers needed for Windows 98 to communicate with the various parts of the computer. The Windows desktop loads up in 16 colors and at a resolution of 640 x 480 with the words "Safe Mode" in each corner. Windows 98 Safe Mode starts up automatically if a successful boot could not Page | 143
A Beginners Approach to Windows be completed unlike Windows XP where you have to select Safe Mode from the options listed at startup. If Windows XP boots properly through the Safe Mode then you can be sure that the problem was caused by one of the drivers or programs that were being loaded during normal system startup. If you had installed any new hardware or software after which your Windows started giving problems, then you can use the Safe Mode to uninstall or disable hardware through the Device Manager. As we have already seen, Windows XP creates an Administrator account during installation which is usually not available if you have any other account enabled. The Administrator account can be accessed through the Safe Mode as it becomes visible and you can select it from the Logon screen. Although this account will have the same functionality as a normal administrator account on your computer, you can still use it as an alternative if your account itself is having a problem or your %userprofile% folder and files within have gone haywire. You can then login using this account and delete your account and create a fresh account for yourself. Remember to copy all your important files and folders from the My Documents folder and paste them somewhere else.
VIII.2: Safe Mode & Other Startup Options When you press F8 at system startup you will be greeted by the Windows Advanced Options menu which allows you to start your computer in Safe Mode, Enable Boot Logging, Enable VGA mode, Debugging mode and the Last Known Good Configuration. The general description of each of these modes is included here: Safe Mode: Loads the minimum set of device drivers and system services required to start Windows. User specific startup programs do not run. Safe Mode with Networking: Starts Windows XP with minimal drivers and services required for network connectivity. Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings. Nonessential services and startup programs not related to networking do not run. Safe Mode with Command Prompt: Exactly same as the normal Safe Mode except that the Windows shell, explorer.exe, is not started, instead the application listed under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot in the registry as an AlternateShell, is started. Usually it is cmd.exe. You can change it to anything you require, though I wouldn‘t understand why such a need would ever arise. In case you wanted to start the GUI environment of Windows, you can simply type explorer.exe at the command prompt and start Explorer. Enable Boot Logging: An interesting and option which allows you to start Windows normally while simultaneously recording startup information like loaded drivers etc. This option creates a log file (Ntbtlog.txt) in the %systemroot% folder, which contains the file names and status of all drivers loaded into memory during startup. This option is the same as starting your computer with the /BOOTLOG switch in the boot.ini file. Enable VGA Mode: A very important option if your graphics card or monitor is giving problems. This option starts the computer in standard VGA mode by using the current video driver. This option helps you recover from distorted video displays caused by using incorrect settings for the display adapter or monitor. This option can be used to correct problems like the common Out of frequency error of monitors. Last Known Good Configuration: Starts the computer with the registry and driver configuration in use that had allowed the computer to start successfully the last time it was up and running.
Page | 144
A Beginners Approach to Windows Debugging Mode: Starts Windows in Kernel Debugger Mode, which allows you to use a kernel debugger or an external kernel dump reader for troubleshooting and system analysis. Start Windows normally: Starts Windows in normal mode. Reboot: Restarts the computer. Whenever you start the computer in safe mode (whichever combination), Windows will ask you whether you want to use the System Restore functionality to restore your system to a more stable time. System Restore in safe mode usually solves most of the problems that a Windows user can normally face. You cannot create System Restore points under safe mode. Often the only way to correctly remove certain persistent virus and spyware programs is to run your system in safe mode. Many forms of malicious software will protect or reinstall themselves constantly if they are allowed to start in the first place. These programs will situate themselves in one of the many autorun locations in the Windows XP registry and file structure, so when Windows is started normally, so is the offending software, running as a process in the background. When you start the PC in safe mode, these autorun locations are not used, and no software is started automatically. This can allow virus and spyware removal programs the opportunity they need to correctly and completely remove the malicious software. If you are having virus or spyware problems on your PC, you should always run antivirus and anti-spyware programs in safe mode to ensure that they have maximum effect.
Device Driver RollBack & Uninstall - Print Screen 8.1
If you have installed any new device like a modem or a printer etc and now you cannot boot or your system restarts frequently or shows you the blue stop screen, then you can start your PC in safe mode and disable these devices. To do this first start your PC in safe mode then right click on ‗My Computer‘ select ‗Manage‘. In the Computer Management console select ‗Device Manager‘. In the right hand pane right click on the device that you have just installed and select Disable from the context menu. Now restart your PC through the Start menu. The next time you start your PC, Windows will skip the particular device during startup. Do not disable devices that are essential for the system to work properly. The same is true if you have updated the hardware drivers and now Page | 145
A Beginners Approach to Windows the system refuses to start normally. Then you can start your computer in Safe Mode and then attempt a roll-back of the driver. Roll-back means that Windows will uninstall the current driver and then reinstall the older driver automatically. To do this start your computer in safe mode, right click on My Computer and select manage. Open Device Manager through the Computer Management console. In the right hand pane, right click on the device for which you have installed new drivers and select Properties. Under the driver tab of the Properties dialog of the device click on Roll Back Driver. If there are no drivers backed up by Windows then it will ask you whether you want to start the Windows troubleshooter. You can select Yes and follow the onscreen instructions to correct any possible device conflict (Print Screen 8.1). If your PC boots normally into Safe Mode but does not boot normal Windows, then most likely than not, you are having a software issue. The cause could either be hardware driver or a program that you have installed (or which has got installed without your knowledge). To determine what is causing the failure, examine carefully the way the crash or hang occurs. If the system crashes before the Windows Interface appears (before the Logon Screen) then it is most likely a hardware driver related issue. If the system becomes extremely slow or crashes after you logon, then most likely that you have a startup program that is the nuisance. If you are not sure which driver is causing the hang or crash, you can use the Windows XP built-in File Signature Checker to check for files that don‘t have a digital signature. If you do have a driver issue, it's likely to be because that particular driver has not been properly tested with Windows XP. Start your computer in safe mode and then go to Start >> Run and type sigverif to start the File Signature Verifier (Print Screen 8.2). Under Advanced select the Look for other files that are not digitally signed option and the file type as *.sys from the drop down menu. Once you have located the unsigned drivers, create a folder in C: drive called Backup or something similar and then locate the drivers from the addresses provided by the File Signature Verifier. Once you have located a driver, cut and paste it into the back up folder and then restart your computer in normal mode. You will get error messages saying that at least one driver or service failed to start or something similar to it; ignore them and check whether the problem you were experiencing has gone or it still persists. You can try all the drivers in this way and when the problem goes away you can be sure that it was due to the file that you last moved. Don‟t try this method with video drivers. For video drivers start your computer by selecting the Enable VGA mode option at startup.
File Signature Verification - Print Screen 8.2
Page | 146
A Beginners Approach to Windows If the problem is due to a software or program that you had recently installed, then you can start your PC in safe mode and then use the System Configuration Utility to check and remove any malicious applications at system startup. These programs could include, corrupt firewalls, viruses, spywares and/or other adware. Go to Start >> Run and type msconfig to start the System Configuration Utility (Print Screen 8.3). Go to the Startup tab which shows all the applications that run at system startup. Deselect all and then select one of them and press OK to save changes and exit. Restart the system to start in normal Windows (not safe mode) and see if the problem persists. If it does then it was the program that you had selected to run at startup that was the culprit. You can then uninstall it through safe mode or delete it if it was standalone (like a virus or something). If the problem disappears then deselect the one that was selected and then select some other application and try starting in normal mode. Do this till the problem reappears and then take necessary action. Better still, run an updated antivirus to check if there are any viruses running at startup.
System Configuration Utility- Print Screen 8.3
Use these techniques only if all else fails because these methods take a hell lot of time. Use System Restore otherwise to revert you system to a stable phase. Windows XP‘s system restore creates restore points even when you are not aware of it. Like when you install a big program or install a new hardware device or driver. You can use any of those restore points to start your system successfully.
Page | 147
A Beginners Approach to Windows Challenges: 1. Add an option in the boot.ini file to start Windows in Safe Mode with Networking.
2. Change the time for which the Windows Advanced Recovery Menu should be visible.
Page | 148
A Beginners Approach to Windows
CHAPTER IX
The Windows Registry Understanding the Windows Registry for a proper understanding of the Operating System is necessary. This chapter will explain the structure of the Windows Registry and also highlight some of the common tricks that an administrator can employ to tweak his system. After this chapter the reader should be able to: Understand the importance of the Windows Registry Explain usage of regedit & regedt32 for registry editing Explain what are hives, keys and different types of values that the registry can take. Employ common registry tweaks for optimal system performance. Use the reg.exe command to access the registry Warning: Incorrect editing of the registry may severely damage your system. Backup any important
data to a Non OS drive (usually other than C:\ drive) before making any changes to the registry.
Page | 149
A Beginners Approach to Windows
The Windows Registry is a comprehensive database containing information about a computers configuration. It contains information that is continually accessed by Windows during operation and during running of applications. The registry basically contains information about the installed programs, settings for folders and desktop features, user profiles, hardware connections and driver details.
IX.1: Registration Databases The method of storing the Windows registry differs in case of Windows 95/98/Me and Windows XP/NT by the various files that they use.
The Windows 95/98/Me registration database: In case of Windows 95/98/Me, the registry is found in the following five files with Hidden & Read Only attributes for general protection. System.Dat: stores common hardware and software settings of the system. User.Dat: stores settings for specific users including software settings. If there is more than one user, then multiple user profiles enable each user to have a separate USER.DAT file, located in %Systemroot%\Profiles\%UserName%\ System.Da0 And User.Da0: Backups of System.dat & User.dat created by Windows after a successful boot. Found only on Windows 95 systems. Classes.Dat: stores data contained in the HKEY_CLASSES_ROOT Hive key, found only on Windows ME systems. Policy.Pol: Provides additional information specific to the network. This is a optional file that comes into existence when network policies are defined in the HKEY_LOCAL_MACHINE and or HKEY_CURRENT_USER policies key. Windows
98/ME‘s
automatic
Registry
backup
is
enabled
by
the
command
C:\Windows\Scanregw.exe /autorun found as a String Value called "ScanRegistry" under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run
Windows 98 and Me back up the registry into compressed CAB files in the %WinDir%\Sysbckup. A maximum of 99 different backup copies can be stored; a new one is created with every successful boot every new day. They are named from rb000.cab, rb001.cab … up to rb099.cab. Check the date stamp to determine the newest backup set. The Windows XP registration database:
When it comes to Windows XP, the registry is slightly different. Windows XP stores its registry in these six files located in the %SystemRoot%\System32\Config folder (default is C:\Winnt\ System32\Config or C:\Windows\System32\Config depending on whether your system is Windows NT or XP respectively): Default: stores the HKEY_USERS\.Default key. Sam: stores the HKEY_LOCAL_MACHINE\Sam key. Security: stores the HKEY_LOCAL_MACHINE\Security key. Software: stores the HKEY_LOCAL_MACHINE\Software key. System: stores the HKEY_LOCAL_MACHINE\System key and the HKEY_CURRENT_CONFIG Hive key. Ntuser.Dat, located in the %SystemRoot%\Profiles\ %UserName% folder, stores the HKEY_CURRENT_USER Hive key.
Windows XP/NT keeps the original copy of the above files in C:\Windows\repair. These files are the first copy of their type that were created when the OS was installed.
Page | 150
A Beginners Approach to Windows IX.2: The Registry Editors – Regedit & Regedt32 Most data from the MS-DOS configuration files—autoexec.bat and config.sys, and from the Windows system initialization files—control.ini, system.ini, win.ini, etc, is now contained in the registry, together with most of the other system settings. Most Win32 (32-bit) specific applications store their initialization and configuration data into the registry instead of into INI files. The Registry is stored in a binary data executable format. The Registry editor is an advanced tool for viewing and editing the Windows registry. The registry is arranged in the form of an explorer like tree with keys and sub keys when seen through a registry editor. The registry editor enables you to modify keys and values. There are two types of registry editors in Windows XP. The Regedit & Regedt32 do the same thing except for a few changes here and there. Regedt32 allows users to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ. On Windows 2000 systems, regedt32 allowed you to set permissions to individual keys and sub keys and also it couldn‘t import or export registration files (*.reg). In Windows XP and Windows Server 2003 regedt32.exe is just an application that launches regedit.exe.
Regedt32 on Windows 2000 - Print Screen 9.1
Windows 98 does not have the Regedt32 version of the registry editor. The downside of using the inbuilt Windows registry editors i.e. Regedit & regedt32 do not warn you if the key that you are modifying causes any harm or not. Using third party registry editors may overcome this limitation but on the whole you should be familiar with all the keys to do any system wide changes. To open the registry editor, click Start, click Run, type regedit, or regedt32 and then click OK. The registry looks like the Windows Explorer in design. The left pane consists of keys which can be expanded into sub keys. The right pane shows different data types. Regedit is found as an executable file in %Systemroot% (usually C:\Windows\) named as regedit.exe and regedt32.exe is found in the system32 folder in %Systemroot%\ The entire Windows Registry can also be backed up as a .reg file by running Regedit > File > Export.
Page | 151
A Beginners Approach to Windows
The Registry Editor - Print Screen 9.2
Microsoft Windows 98 automatically creates a backup copy of the registry every time Windows starts, in addition to this you can manually create a backup using the Registry Checker utility by running SCANREGW.EXE from Start >> Run. Scanregw,exe is not found in Windows XP. On Windows XP selecting the Last Known Good Configuration during startup causes Windows to start with the last copy that allowed it to boot properly the last time.
IX.3: Hives, Keys & Data Types The Registry consists of two basic components: 1. Key & Sub Keys: Folder or a directory that you can see in the left hand pane of the registry editor. They organize the registry data in a hierarchical format. Keys can contain sub keys and values. Each key or subkeys name is predefined by the system or created by users or Win32 (32bit) programs, and can contain spaces and most alphanumeric characters. The Windows 95/98/Me registry contains six root keys under ‗My Computer‘ (see further below) and several sub keys below each root (parent) key. 2. Value: Value or data is stored as individual settings for different Win32 programs or for the system. These are the entities you see on the right hand pane of the registry editor. Some of these may not be available in regedit or may differ with Operating Systems. The following are the most common data types stored in the registry: REG_DWORD [DWORD Value]: Double WORD data of 4 bytes (32 bits) in length, in 3 numeric formats: decimal (base of 10), hexadecimal (base of 16) or binary (base of 2). REG_BINARY [Binary Value]: data of any length, in two numeric formats: binary (base of 2) or hexadecimal (base of 16).
Page | 152
A Beginners Approach to Windows
REG_SZ [String Value]: data of any length, in three Unicode or ANSI formats: simple
text/ASCII (string), expanded (%string%) or extended (multi-string). REG_EXPAND_SZ [Expanded String Value]: in system variable (%string%) format, stores environment variables within strings, accessed by substituting variables with actual system path names. REG_MULTI_SZ [Multiple String Value]: in extended multi-string format, stores multiple strings into a single Registry entry.
Other data types not available through the standard registry editors include: REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format. REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format. REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type. REG_NONE - No defined value type. REG_QWORD - A 64-bit number. REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format. REG_RESOURCE_LIST - A device-driver resource list. When you run the Registry Editor, you‘ll see the following expandable Registry subtrees, each marked with a plus (+) sign, under the "My Computer" heading (main node). To further expand each subtree and view all underlying branches (subkeys), click on the plus (+) signs of the five main Hive keys below. Typical layout of the Windows 95/98/Me/NT/XP registry [+] My Computer -[+] HKEY_CLASSES_ROOT (HKCR): Software settings, CLSID folder data, program template data, drag-n-drop, shortcut settings and sub keys for every defined file association, also found at HKEY_LOCAL_MACHINE\ SOFTWARE\Classes. -[+] HKEY_CURRENT_USER (HKCU): Settings related to current user. Configuration settings include desktop related stuff and software configurations alongwith policies. Subkeys:
-[+] AppEvents: Assigned system and applications sound events settings. -[+] Control Panel: Control Panel settings -[+] Identitites: Created and used by MS Outlook Express 4/5 and its Address Book. -[+] Keyboard: Current keyboard layout. -[+] Printers: Information about printer related settings. -[+] Network: Network connection settings. -[+] RemoteAccess: Current logon location settings, if using Dial-Up Networking. SessionInformation: Program Count, keeps track of the number of open applications visible on the Taskbar. -[+] Software: Software configuration settings for the currently logged on user, sorted by vendor or developer. -[+] HKEY_LOCAL_MACHINE (HKLM): User independent hardware and software machine specific information. The most important key in the registry: bus type, startup programs, device drivers, CLSID folder data, keyboard layout etc. Subkeys:
-[+] Drivers: Used by the Device Manager to keep track of active loaded drivers for hardware peripherals like plug-n-play devices, PC cards, PCMCIA etc. -[+] Hardware: Detailed information about all the devices connected to your computer in a format only the OS understands. -[+] Network: Information and settings about network(s) the user is currently logged on to. Page | 153
A Beginners Approach to Windows -[+] Security: Network security information and settings. -[+] SOFTWARE: Software-specific information and settings sorted by developer. Has the Microsoft\Windows\ key which has most of the machine specific settings like installed programs etc. -[+] System: Contains details about the Operating System and related settings, CurrentControlSet\Enum\ for hardware profiles and individual description. -[+] HKEY_USERS (HKU): Information about desktop and user specific settings for each user who logs on to the same Windows 9x/Me system. Each user has a separate subkey here. If there is only one user, the only subkey is ".Default". -[+] HKEY_CURRENT_CONFIG (HKCC): Information about the current hardware profile used by the local computer at startup, pointing to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current. -[+] HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.
IX.4: The .Reg File It sometimes can be timesaving to enter values into the registry without having to navigate to some deep key. Here‘s where Windows gives you the option of adding keys and data to the registry using text files having the .reg extension. You can even delete keys by just double clicking and accepting the confirmation dialog that comes up. You can export the entire registry to text files or import data from them. To export a key goto File >> Export and save the key with a filename. For example lets take the HKEY_CURRENT_USR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer key. Exporting this key on my computer gave me the following: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "ClearRecentDocsonExit"=dword:00000001 This format is for Windows XP computers because the Registry Editor version is 5.00. On Windows 98 systems however the same .reg file would look like the following: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "ClearRecentDocsonExit"=dword:00000001 The format is quite simple, REGEDIT4 indicates the file type and version, [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] indicates the key the values are from, "NoDriveTypeAutoRun"=dword:00000091" and "ClearRecentDocsonExit"=dword:00000001 are the values themselves, the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.
Page | 154
A Beginners Approach to Windows So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry. Deleting keys or values using a REG file: As mentioned earlier, it is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete inside the square bracket. For example to delete the [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] key the reg file would look like this (under Windows 98): REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] To delete individual values instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete a value "YPager" the file would look like: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "YPager"=-
This feature can be used constructively if used with intelligence. It may so happen that data may be entered into the registry that could possibly corrupt it, or values may be deleted unknowingly, in any case Windows would be at risk. It is always essential to make a backup of the Windows Registry in case of any untoward incident. Editing the registry requires excellent skill and workmanship, one mistake and your Windows is gone, but no mistakes and your Windows lives much longer. It happens that after prolonged usage of Windows, adding & removing programs, adding and configuring hardware, desktop settings and other Windows Configuration, that the registry tends to be filled with unreferenced garbage data that has no relevance to any program currently on your system. To clean the registry, Microsoft gives a small program called Regclean, you can download it from the several locations on the internet. Regclean checks the registry for unwanted, unreferenced values and creates a .reg file with all garbage values. If you can‘t you can add back the values to the registry by double-clicking on the reg file, else just delete it. RegClean is really efficient and since it‘s a Microsoft product, u shouldn't have second thoughts.
IX.5: Registry Tricks & Tweaks Editing the registry can make or break a system. The following is a list of some of the most famous Windows registry tricks and values that ought to give your computer a general boost and show you how to play around with your system. Some keys and values may not be present on your registry but can easily be created by right clicking and selecting from the context menu. It may so happen that the tricks mentioned here may not work immediately, in such cases a logoff or restart is recommended. Always refresh the registry by pressing F5 before exiting. The tricks are provided as is and the guarantee that they may work solely lies on the OS version. Incorrect registry editing can hamper system working and in some cases can cause you to reinstall Windows. Remember, you can assign specific key permissions for different users. If you have created policies for users, you can lock out specific keys of the registry using Permissions from the Edit menu, or you can even lock out the entire registry by disabling access. Read on. Page | 155
A Beginners Approach to Windows
As mentioned previously, the registry editor can be run by going to Start >> Run >> Regedit
GENERAL WINDOWS TWEAKS >> Disable Tool Tips Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Edit: Modify or create a new DWORD value in the right hand pane of the window, "ShowInfoTip" and set the Value to 0. To restore set the Value to 1. This edit excludes the Start Button. Comments: Use this to disable the tool tips that pop up when you move your mouse over folders and files or buttons. This edit does not prevent the ‗Click here to begin‘ tool tip on the start button from popping up.
>> Disable Status Messages during Boot, Logon, Logoff, Shutdown Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Edit: Create a new Dword value. Name the new value ―DisableStatusMessages‖. Double click the new value and set it to 1. Comments: This prevents status messages from showing up like the Windows is shutting down and the like. Includes all status messages of startup, logon and shutdown.
>> Disable Balloon Tips Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWORD value, "EnableBalloonTips" and set the Value to 0. To restore set the Value to 1. Comments: Use this to get rid of the (for me) annoying ‗balloon tips‘ that pop up in the system tray reminding you that of something or the other.
>> Disable/Enable Boot Defrag Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction Edit: Select ―Enable‖ from the list on the right. Right click on it and select Modify. Change the value to Y to enable and N to disable. Comments: This causes Windows boot files to be defragged and places them in contiguous sectors, thus makes them available for quicker launch at the next boot.
>> Disable Error Reporting Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting. Edit: Modify or Create a new Dword Value, ―DoReport‖, 1 = Send Reports, 0 = Don't Send. Comments: This disables Windows from asking you whether you want to send error reports whenever an error occurs.
>> Disable Crash Control Auto Reboot Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl Edit: Create or modify Dword value, "AutoReboot" set the Value to 1. To disable set the value back to 0. Comments: Changing this option to 1 causes the computer to automatically restart when a stop error occurs which would otherwise stop at the Blue Screen. This will not allow you to see what caused the exception since the blue screen lists the error code.
Page | 156
A Beginners Approach to Windows >> Disable Low Disk Space Message Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Edit: Modify Dword value, ―NoLowDiskSpaceChecks‖ and set the value to 1. Logoff or Reboot your machine. Comments: Windows will not bother you with annoying low disk space messages.
>> Disable Search Assistant. Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState. Edit: In the right pane, look for or create a string value called: ―UseSearchAsst‖ and set its value to: No Comments: Will disable the search assistant for Windows. Forget the dog and the merlin.
>> Disable the Thumbnail Cache Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced Edit: Create a new DWORD value, or modify the existing value, called 'DisableThumbnailCache' and edit the value to 0 to enable or 1 to disable. Comments: This edit disables Windows ability to create Thumbnails for images or video files. On systems with large number of multimedia files this setting can save a lot of memory space.
>> Disable/Turn Off System Beeps Key: HKEY_CURRENT_USER\Control Panel\Sound Edit: In the right pane, right click "Beeps", modify, set the value to no. Comments: Use this to disable the irritating system beep that you get when you pull the volume slider out of focus.
>> Disable Desktop Cleanup Wizard Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\ CleanupWiz. Edit: Create a new DWORD value, or modify the existing value, called 'NoRun' and edit the value to 0 to enable or 1 to disable. Comments: This disables the Desktop Cleanup Wizard that displays which icons weren‘t used for a long time and tells you it can take care of them. >> Change the Text in Internet Explorer‟s Title Bar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: In the right pane, change the value of the string, "WindowTitle", to any string of your choice. Comments: This edit enables you to add your own Title to Internet Explorer‘s Title bar. You must have seen IE with ‗Hacked by Godzilla‘ or something similar at cyber cafes or at home, this is where the change is done.
>> Change Name and Company Information after Installing Win XP Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Edit: In the right pane, modify ―RegisteredOrganization‖ and ―RegisteredOwner‖ to your liking. Comments: You can use this to change the name and company information that you provided while installing. Page | 157
A Beginners Approach to Windows
>> Get Rid of the "Links" Folder in Favorites Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar. Edit: Set the String value of "LinksFolderName" to equal a blank string. Open IE and delete the Links folder from the Favorites menu. The next time you start Internet Explorer the Links folder will not be recreated. Comments: Have you tried deleting the Links folder in Internet Explorer and noticed how shamelessly it reappears? You can now finally win.
>> Run Explorer Full Screen Keys: HKEY_CURRENT_USER\Console. HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main Edit: In the right pane find or create the DWord value ―FullScreen‖ and modify the value to 1. For the second key, in the right pane find or create a string called ―FullScreen‖ and modify the value to yes. Comments: This edit causes Explorer, all Windows folder, views to be displayed in full screen by default since you can press F11 anytime in explorer to go full screen. Very handy when viewing folders having loads of images.
>> Add Open Notepad to Every Folders right click menu Key: HKEY_CLASSES_ROOT\Directory\shell\ Edit: Create a new ―key‖ and it as Notepad. In the right hand pane, modify the default value to something like ―Launch &Notepad‖ where the ―&‖ sign will cause N to get underlined and will thus act as the shortcut. Then create another ―key‖ below ―Notepad‖ key and name it as ―command‖. In the right hand pane, modify the default value and enter ―notepad.exe‖ Comments: You can in fact use this option to add any program to the right click of folders.
>> Customize the Windows Logon and Security Dialog Title Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon. Edit: Create or modify the string value named ―Welcome‖ to anything you wish. You will have to logoff or restart to see the changes. Comments: This setting allows you to add additional text to the title of the standard Windows Logon and Windows Security dialog boxes.
>> Legal Notice Dialog Box before Logon Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon Edit: Modify the value named ―LegalNoticeCaption‖ to the caption on the dialog box (e.g. Warning!!). If this value doesn't already exist create it. Then modify the value named ―LegalNoticeText‖ to represent the body of the dialog box (e.g. Your activities on this computer are being monitored blah blah blah…). Restart to see the dialog box pop up before logon. Comments: This is cool... This allows you to create a warning box that is displayed before the user actually logs in.
Page | 158
A Beginners Approach to Windows >> Change the Message Shown on the Logon Box Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ Winlogon. Edit: Create a new string value named ―LogonPrompt‖ and enter the text you want to display. Comments: The default message is: ―Enter a user name and password that is valid for this system.‖ You can change this text to a custom message. Show your authority.
>> Change the Title of Windows Media Player Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\ WindowsMediaPlayer Edit: Create a new string value called "TitleBar" and set it to the text you would like to be displayed in the title bar of Windows Media Player. Comments: This edit shows a custom string on the Title Bar of Windows Media Player. Shows how customizable Windows is.
>> Display the Attributes Column in Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWord value called ―ShowAttribCol‖ and set the value to '1' to enable the attributes column. Comments: This causes an additional column displaying file attributes to be listed when the contents of a folder are seen in Details View. Paying tributes to Windows 95.
>> Force the Use of the Windows XP Style Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer. Edit: Create a new DWORD value, or modify the existing value, called ―NoSimpleStartMenu" and edit the value to 1 to force the newer start menu. Comments: This prevents the users from changing the Start Menu to classic through the Taskbar properties. When set to 1, this disables the Start Menu check box in Taskbar Properties.
>> Remove Common Groups from the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD called ―NoCommonGroups‖ and set the value to 1 to hide them, 0 to display them. Comments: This edit will remove all the entries located in C:\Documents and Settings\All Users\Start Menu and its sub-folders from the Start Menu when All Programs is accessed.
>> Add Control Panel to right click menu of My Computer Key: HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}. Edit: Create a new key called ―shell‖ (if it is not present), then create another key below it and name it as ―Control Panel‖. In the right hand pane modify the value of default to ―Open &Control Panel‖. Then create another key called ―command‖ and modify the right hand side default value and make it ―control.exe‖. Results are usually immediate. Comments: Control Panel will be added to the right click menu of My Computer. You can use the name of any executable under the shell key to create a right click menu. You could for example add regedit to the right click.
Page | 159
A Beginners Approach to Windows >> Add Your Own Tips Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Tips. Edit: You can create a new string value named by incrementing the existing value names and set it to the required tip text. You can just modify the existing tips for fun. Comments: The Tips in Windows can be altered to suit your needs. Its fun.
>> Enable Start Menu Scrolling Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new String value, or modify the existing value, called '‖StartMenuScrollPrograms‖ and edit the value to YES or NO. Comments: This edit causes the Program Files in the Start Menu to be of fixed size and the list can be scrolled by keeping the mouse pointer at the small arrows at the end and top of the menu.
>> Change the Login Window Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon Edit: Create a new DWORD value, or modify the existing value, called ―LogonType‖ and edit the value to (0 = Classic Mode, 1 = Welcome Screen) Comments: This changes the Login Window from the Welcome screen to the Logon Box and vice versa.
>> Activate Clear Type on the Welcome Screen Key: HKEY_USERS\.DEFAULT\Control Panel\Desktop Edit: In the right pane, right click "FontSmoothingType", modify and change the value to 2. Comments: Using this option allows the text and images to be drawn sharply on the screen. Very helpful if you are using an LCD panel or a notebook.
>> Clear Cached Command Lines from the Run Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU. Edit: Delete the value corresponding to the command you want to remove, or remove all the entries to clear the list completely. Comments: This clears of the list that accumulates when you use the run menu. For people who use the run menu for most of Windows tasks, this list could be pretty huge...
>> Disable Show Last User Name Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurentVersion\Policies\system Edit: Create a new DWORD value, or modify the existing value, called ―dontdisplaylastusername‖ and edit the value to 1 for hiding last logon. Comments: This is an additional security concern that you can implement. Using this edit will cause the last logged on user‘s username to be erased from the logon box at Windows Logon. Will be visible if you have the Welcome screen turned off.
>> Remove Username from the Start Menu Keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Page | 160
A Beginners Approach to Windows Edit: Create a new DWORD value, or modify the existing value, called ―NoUserNameInStartMenu‖ and change its value to 1 to hide username from the start menu. Comments: This removes the username from the Windows XP Start Menu. The Start menu may appear a bit odd for a few days for people who are used to seeing their names there…
>> Disable Windows XP Tour Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\ Tour Edit: Modify or create a new DWORD value in the right hand pane of the window, "RunCount" and set the Value to 0. To restore set the Value to 1. Comments: Disable the Windows XP Tour that pops up when you login after a Windows installation. The Windows XP Tour could be irritating at times, in any case a must go through if you are a new user.
>> Make Notepad as the default application for files without an association. Key: HKEY_CLASSES_ROOT\*\shell Edit: If shell does not exist create it. Under shell create a new key called open, and edit the string "(Default)" to read "Open with Notepad". Under open create a new key called command, and edit the string "(Default)" to read "notepad.exe %1" (including the quotes). Comments: A very helpful registry hack that allows you open extension-less files or files without a default application by a double click.
>> Change the Command Prompt format (C:\>) Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment Edit: Create a new Expandable String Value (REG_EXPAND_SZ) and name it as Prompt. Modify its value to any of the following combinations: Special Codes: $A - & (Ampersand) $B - | (pipe) $C - ( (Left parenthesis) $D - Current date $E - Escape code (ASCII code 27) $F - ) (Right parenthesis) $G - > (greater-than sign) $H - Backspace (erases previous character) $L - < (less-than sign) $N - Current drive $P - Current drive and path $Q - = (equal sign) $S - (space) $T - Current time $V - Windows XP version number $_ - Carriage return and linefeed $$ - $ (dollar sign) Variables: %USERNAME% - Current Username %COMPUTERNAME% - Local computer name %USERDOMAIN% - Local domain name Page | 161
A Beginners Approach to Windows
The default prompt is "$P$G" (i.e. "C:\>"), some alternatives include: [%computername%]$S$P$G to show the computer, drive and path [%username%]$S$P$G to show the current user, drive and path. Comments: Makes your command prompt look whacky. If you use the prompt often then this is definitely your take. My favorite is: [%username%]$S$V$S$P$G
>> Disable the Windows Installer Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer Edit: Create or modify the DWORD value named ―DisableMSI‖ and set the value to 2 to disable, 1 for admin use only and 0 to enable. Comments: Very useful if you have multiple accounts and if you don‘t want the other account users to install applications that use msiexec.exe. Also you can check for this value in the registry if you have received this error “The System Administrator has set policies to prevent this installation.”
>> Change the Color of Encrypted Files Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer Edit: Create a new Binary value, or modify the existing value called 'AltEncryptionColor' to any value in the format RR GG BB 00 (default = 00 80 40 00) Comments: When you encrypt a file in Windows (See Securing Windows), the file name changes to a bright green color. To change this color you can use this edit and modify it to suit your needs. Try red (FF 00 00 00) or yellow (FF FF 00 00). The values are in hex hence they range as 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0A, 0B, 0C, 0D, 0E, 0F, 10, 11, 12 and so on…
>> Customize the Open and Save Dialog Box Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 Edit: Create new DWORD values or modify existing ones for the following changes: ―NoBackButton‖ - Hides the back button ―NoFileMRU‖ - Hides the most-recently-used (MRU) list ―NoPlacesBar‖ - Hides the places bar Modify the value to 0 to display or 1 to remove. Comments: This allows you to play around with the look and settings of the Common Dialog Control Open and Save box. Use the Browse button in the Run box to test your settings. >> Remove the Minimize, Maximize and Close Tooltips Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: Create a new String value, or modify the existing value called ―MinMaxClose‖ to 0 to disable or 1 to enable tooltips. Comments: This disables the tooltips from popping out when you move your mouse over the Minimize, Maximize or Close buttons in an explorer window.
>> Show Windows Version on Desktop Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: Create a new DWORD (or String on Windows 98 and Me) value, or modify the existing value called 'PaintDesktopVersion' set the value to equal '1' to display the version. Page | 162
A Beginners Approach to Windows Comments: A nifty little hack that displays the version of Windows including the full name and the build of the OS. Here‘s a screen shot.
Windows Version on Desktop - Print Screen 9.3
>> Rename My Computer to “Username on Computername” Key: HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} Edit: Rename the value named "LocalizedString" to "LocalizedString.old". Create a new REG_EXPAND_SZ value named "LocalizedString", and set the value to "%USERNAME% on %COMPUTERNAME%" Comments: Use this to change the My Computer to anything of your choice. To use Environment variables like %username%, %homepath% and %systemroot% in place of My Computer this method should be used, for everything else there‘s always the standard rename option.
>> Prevent Windows from shutting down through the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoClose‖. Modify its value to 1. Comments: This prevents Windows from shutting down, usually used on machines on a domain, can be implemented on your local system. When you try to shutdown your computer through the Start >> Shutdown option, a Restrictions message is displayed. There are other ways to shutdown your machine though…
>> Remove Run from the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoRun‖. Modify its value to 1. Comments: This option removes the Run command box from the Start menu. Not a wise thing to do, knowing the importance of the Run box. If you use the Win key + R, you get a Restrictions message preventing you from opening it.
>> Remove Tray Items from Taskbar Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoTrayItemsDisplay‖. Modify its value to 1.
Page | 163
A Beginners Approach to Windows Comments: Removes the items in the tray. The applications themselves are running in the background but their icons are not displayed. This edit makes your taskbar look neater and clutter free.
>> Remove My Computer from the Desktop and Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum Edit: Create a new DWORD value, or modify the existing value called ―{20D04FE0-3AEA-1069A2D8-08002B30309D}‖ to 0 to show, 1 to remove. Comments: My Computer is not displayed on the Desktop as well as the Windows XP Start Menu. >> Prevent Files from being added to Recent File List of Media Player Key: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences Edit: Create a new Binary value, or modify the existing value called ―AddToMRU‖ to 00 to disable file adding and 01 to enable. Comments: This is very helpful for guys who wouldn‘t want the recent file list in Windows Media Player to be populated with recent files. The recent file list will remain empty no matter what you watch.
>> Directly delete a file instead of sending it to Recycle Bin. Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket Edit: Create a new DWORD value, or modify the existing value called ―NukeOnDelete‖ to 1 to directly delete. Comments: Same as doing a Shift + Delete on a file. The file or folder is deleted directly without going to the recycle bin. This value can also be set by going to the properties of recycle bin and selecting the Do not move files to the Recycle Bin option. Here‘s the option.
Setting NukeOnDelete through Properties - Print Screen 9.4
Page | 164
A Beginners Approach to Windows >> Restore Folder Windows at Startup Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Edit: Create a new DWORD value, or modify the existing value called '‖PersistBrowsers‖ to 0 to prevent explorer from re-opening windows or 1 to re-open windows. Comments: When you shutdown your computer with folders still open, this setting causes explorer to reopen the folders that were not closed when Windows was last shutdown or the user was logged off.
>> Disable the "Log on using dial-up connection" Check Box Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Edit: Create a new String value, or modify the existing value, called 'RasDisable' and edit the value to 1 for Restriction Enabled and 0 for Restriction Disabled. Comments: This edit disables the option to Log on using dial-up connection during Logon. Windows allows users to optionally connect to a Windows domain using dial-up networking through this option.
INTERNET EXPLORER & OUTLOOK EXPRESS TRICKS >> Auto Disconnect for Internet Explorer Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters Edit: In the right pane, find ―Autodisconnect‖ and change the time accordingly. Comments: The Auto Disconnect feature is designed to terminate the connection to your Internet Service Provider (ISP) after a designated period of inactivity. This is what you specify in the time settings. The value is in minutes. This feature also prompts you to disconnect from your ISP after you close all instances of Internet Explorer. Thus reminding you and in a way saving you the trouble to manually disconnect from the tray icon.
>> Set the Start Page in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: Modify the existing value, called ―Start Page‖ to any URL you want (eg: http://www.microsoft.com) Comments: This one is simple to understand. This edit sets the Start Page in Internet Explorer; the link that you specify here will be opened whenever you start IE. This is the same as setting the start page from Internet Options under the general tab, but at least you get to know where the change is being done. >> Change the Text in Internet Explorer‟s Title Bar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: In the right pane, change the value of the string, "WindowTitle" to something like ―I know what you did last summer…..‖ Comments: This is pretty cool. You can change the text in the Title bar of Internet Explorer to something more appropriate to your taste. You may have also seen the title bar of Internet Explorer display something like Hacked by Godzilla, or something else. Now you know what to delete…
Page | 165
A Beginners Approach to Windows >> Change default Internet Explorer Download Directory Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer Edit: In the right pane, double click on the ―Download Directory‖ value. Enter the path to the folder you want as your download location. Comments: When you click on a link that IE does not understand how to handle (.exe, .zip or .rar etc), it will ask you for a download and then you can choose the directory to save it. Instead of searching for the directory, how about IE showing up a directory of your choice everytime you download. Use this edit to control which becomes your default directory.
>> Get rid of the Unread Mail message at the Welcome Screen Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UnreadMail Edit: Create a new DWORD value called "MessageExpiryDays" and set it to "0". Comments: When you receive mail through Outlook Express, a message will be displayed on the Welcome screen under your username informing you that there are some x number of unread mail messages. This edit removes the nagging message. I like my Welcome Screen clean.
>> Modify the Internet Auto-Dial Settings Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings Edit: Create a binary value named "EnableAutodial", and set its value to equal "01 00 00 00" to enable autodial or "00 00 00 00" to disable it. Comments: A very important tweak that prevents Windows from Auto dialing your ISP when a service or application requests information from the web. Use it to secure your system so that applications do not cause a connection to the ISP to progress when you aren‘t at your desk.
>> Customize the Auto Complete Mode Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ AutoComplete Edit: Create a new string value, or modify the existing value, named "Append Completion" and set it to "yes" to append the suggested text as you are typing or "no" to show a drop-down list. Comments: This comes really handy when you are typing text into a field. The Auto complete feature allows you to select previously entered text or suggestions that match your current incomplete text thus saving a lot of typing work. Here‘s the difference…
Append Completion = “no” - Print Screen 9.5
Page | 166
A Beginners Approach to Windows
Append Completion = “yes” - Print Screen 9.6
>> Remove MSN Messenger from Outlook Express Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express Edit: Create a new DWORD value, or modify the existing value, called ―Hide Messenger‖ and set the value to 2 to remove messenger from Outlook Express. Comments: MSN Messenger has a very annoying habit of popping up whenever you start Outlook Express. This tweak lets you prevent messenger from starting up whenever you start Outlook Express.
>> Control Internet Explorer Error Reporting Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main. Edit: Create a new DWORD value called "IEWatsonEnabled" and set it to "0". Create another DWORD value called "IEWatsonDisabled" and set it to "1". Restart your browser for the changes to take effect. Comments: This edit suppresses the Microsoft‘s Error reporting tool to be inactive for Internet Explorer.
>> Open Internet Explorer Shortcuts in a New Window Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new DWORD value, or modify the existing value called ―AllowWindowReuse‖ to 0 to open in new window or 1 to open in the same window. Comments: This tweak causes Internet Explorer to open new windows for links click on pages. Excellent tweak that allows you to open new windows without using the right click option.
>> Hide the Internet Explorer Icon Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value, or modify the existing value called ―NoInternetIcon‖ to 1 to hide and 0 to display. Comments: This edit removes the Internet Explorer Icon when set to 1 from the desktop and the Quick Launch folder. Can also be done through Display Properties >> Desktop >> Customize Desktop and by removing the check against Internet Explorer.
>> Disable Internet Explorer Download Notification Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―NotifyDownloadComplete‖ to yes or no depending on your preference. Page | 167
A Beginners Approach to Windows Comments: IE informs you whether the current download has completed or not. You can change this setting according to your preference.
>> Lock the Internet Explorer Toolbars Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar Edit: Create a new DWORD value, or modify the existing value called ―Locked‖ to 0 to unlock or 1 to lock. Comments: Locks the toolbars of Internet Explorer when Locked is set to 1. you can also lock toolbars by from the right click context menu of a toolbar in IE, this edit lets you know where you did the changes in the registry.
>> Add a Background Bitmap to the Internet Explorer Toolbar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar Edit: Add a new string value, or modify the existing value, named "BackBitmap" for IE4 or "BackBitmapIE5" for IE5 and IE6, then set the value to the path and name of bitmap file you wish to use (e.g. "C:\WINDOWS\CLOUDS.BMP") Comments: This allows you to have a colorful background to your toolbars. IE looks pretty cool with images of your choice. To restore your IE to ‗normal‘ without the background image, window title and other customizations run Rundll32 Iedkcs32.dll,Clear. The command is case sensitive.
>> Block Executable Attachments in Outlook Express Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express Edit: Create a new DWORD value, or modify the existing value called ―BlockExeAttachments‖ to 0 to disable restriction or 1 to enable restriction. Comments: This is a very important edit that revolves around securing your computer against malicious code sent to you as an executable attachment. Outlook will filter out the attachment thus preventing the exe from being downloaded on the system either accidentally or deliberately. Might cause some problems if the attachment is a valid, clean executable.
>> Remove the Go Button in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―ShowGoButton‖ to yes or no to show or hide respectively. Comments: Causes IE to hide or show the ‗Go‘ button. You can still browse by pressing Enter on the keyboard.
>> Automatically Resize Images in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―Enable AutoImageResize‖ to yes or no to resize or disable resizing respectively. Comments: This is an essential edit if you use the Internet Explorer often when browsing the Internet. Images come in different sizes and may not be properly rendered n your browser. This edit automatically resizes the images fit the page context and the screen; hence causing web pages to appear more ordered.
Page | 168
A Beginners Approach to Windows >> Internet Explorer FTP Mode (Folder View or Traditional View) Key: HKEY_CURRENT_USER\Software\Microsoft\Ftp Edit: Create a String or modify the existing one called "Use Web Based FTP" to "no" for the folder view or "yes" for the traditional view. Comments: This is a very helpful edit if you frequently visit ftp sites and upload data. When on a Local Area Network, ftp sites may have read write permissions, and if you wish to upload data to an ftp site that gets displayed in its traditional view in IE then it gets cumbersome. With the Folder view, ftp sites are displayed like Windows Explorer folders, so you can just copy the data from your source folder, use a right click and paste it in the destination ftp site when in Folder view.
>> Disable the Outlook Express Splash Screen Key: HKEY_CURRENT_USER\Identities\{Unique-Identity}\Software\Microsoft\Outlook Express\5.0 Edit: Create a new DWORD value or modify the existing one called "NoSplash" to 1 to disable splash. Comments: Disables the Splash screen that pops up every time you start Outlook Express when NoSplash is set to 1.
>> Disable Password Caching in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings Edit: Create a new DWORD value, or modify the existing value called ‖DisablePasswordCaching‖ to 1 to disable password cache, 0 is for default. Comments: When you use a Username and Password to login into web services like email and social networking sites (like orkut and myspace), if the password cache option is enabled your password is stored on the system for ‗ease of refilling‘ the form the next time you login. This is a security risk and hence this edit should be immediately employed to make your system a bit safer.
>> Empty Temporary Internet Files on Exit Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache Edit: Create a new DWORD value, or modify the existing value called ‖Persistent‖ to 0 to empty temporary files or 0 to default. Comments: Another important security edit. This tweak will erase all your temporary files when you close IE instead of you manually navigating to the Temporary Internet Folder and deleting them.
SYSTEM & SYSTEM PERFORMANCE >> Show Super hidden Operating System Files Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWORD value, or modify the existing value, called ―ShowSuperHidden‖ and change the value to 0 to hide and 1 to show. Comments: This edit causes explorer to show system files which are recommended by Microsoft to be kept hidden, but since many viruses and unwanted applications use this security feature of Windows to hide themselves, using this edit will at least display them if you have something funny somewhere. You can also show super-hidden files by going to Folder Options and unchecking the ‗Hide Protected OS Files‘ under the View tab. Page | 169
A Beginners Approach to Windows
>> Unload DLL's Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer. Edit: Create a new sub-key named ―AlwaysUnloadDLL‖ and set the Default value to equal '1' to disable Windows caching the DLL in memory. Comments: After an application closes, Windows caches the DLLs that were loaded by it in memory for some time. This can cause performance issues on low memory systems. Use this edit to unload DLLs no longer required.
>> End Task Time Out Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Edit: Modify or create a new string value called, "WaitToKillServiceTimeout" and change the Value to 2000. Close the registry editor and restart your machine. Comments: This value (in milliseconds) changes the time given to a service or an application to shutdown after it has been notified that the system has been issued the shutdown command. Lowering this value decreases shutdown time but there could be a trade-off for applications that require more time to cleanup memory space of data. 2000 milliseconds is ideal.
>> Change Default Search Options Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer Edit: Modify the following values, setting them to "1" to select the parameter as a default or "0" as unselected. ―CaseSensitive‖, ―IncludeSubFolders‖, ―SearchHidden‖, ―SearchSlowFiles‖, ―SearchSystemDirs‖. Comments: When you use search, there is an option to provide more advanced options like to search in system folders, in hidden files and folders, in tape backup and filename is case sensitive. You can set these options in the registry and use them as default in any future searches instead of setting them manually each time you use Search.
>> Automatically Close Non-Responding Applications on Shutdown Key: HKEY_USERS\.DEFAULT\Control Panel\Desktop Edit: Modify or create a new string value called ―AutoEndTasks" and change its value to ―1‖ to kill unresponsive applications at shutdown automatically. Comments: When you shut down your computer, enabling this option will cause unresponsive applications to be killed immediately. Faster shutdown but again the trade off…
>> Speed Up Menu Display Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: In the right pane select, "MenuShowDelay". Right click, modify and set the value to 100. Comments: This determines the interval from the time the cursor is pointed at a menu until the menu items are displayed. Best noticeable effect is on the Start Menu items.
>> Run a Program at Windows Startup just once Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce Edit: Create a string value, name it to anything and modify it to the executable path. Page | 170
A Beginners Approach to Windows Comments: This edit causes an application to be run at Windows Startup and then the entry is erased.
>> Run a program whenever Windows starts. Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run Edit: Create a string value, name it to anything and modify it to the path of the executable. The first entry will cause the program to run only for the current logged in user whereas the second entry is global mode. Comments: Very important locations for viruses and other unwanted applications to run without user intervention. Especially the HKEY_CURRENT_USER entries, since they are easily writable. Keep a frequent check on these locations for unwanted applications.
>> Speed up Network Share viewing by preventing Remote Schedule Task Check Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComput er\NameSpace Edit: Delete the key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and reboot. Comments: If your computer is on a LAN and if you use the Start >> Run >> \\ method or if you search for Computers to access them and if you have experienced a delay in accessing them then deleting this sub key helps quicken things up for you. Windows will normally check for Scheduled Tasks on the remote machine which is apparently the reason for the delayed search results or login access. Deleting this key disables the lookup for Scheduled Tasks.
>> Remove Properties from My Computer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer Edit: Create a new DWORD value, or modify the existing value, called ―NoPropertiesMyComputer‖ and change the value to 1 to restrict the viewing of System Properties or 0 to keep default status. Comments: This prevents access to the System Properties box. Can be enforced if you do not want users to change virtual memory settings or alter environment variables.
>> Enable DVD Player in Media Player Key: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings. Edit: Create a new string value called "EnableDVDUI" and set it to "yes" to enable DVD functionality. Comments: Enables the DVD playback feature in Windows Media Player. You will be presented with DVD specific options whenever Media Player starts.
>> View Which Hot Fix Patches Have Been Installed Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Hotfix Comments: Periodically Microsoft releases Hot Fix's to patch bugs in Windows and other products, this key contains information about which Hotfixes have been installed.
Page | 171
A Beginners Approach to Windows >> Change or Add System Environment Variables Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager \Environment Edit: Modify any value by double clicking on the name of the variable. To create new variable, create new Expandable String and rename it to the variable name that you want. Modify its value to the variable value that you want. Comments: You can create or edit existing environment variables. Effective when your access to System Properties is disabled. Note: Variables are required by the OS and programs to run properly, any incoherent changes to existing variables can cause Windows to function incorrectly.
>> Remove Computer Management Option from the right click of My Computer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "NoManageMyComputerVerb" to 1 to remove the Manage option from the right click context menu of My Computer. Comments: With this edit set to 1, you will not be able to access Computer Management from the right click menu of My Computer. In simple words, the Manage option from the menu will be absent.
>> Disable the Windows Key Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layout Edit: Create a new Binary value, or modify the existing value called ―Scancode Map‖ to (―00 00 00 00 00 00 00 00 03 00 00 00 00 00 5B E0 00 00 5C E0 00 00 00 00‖) (without the “ and brackets.) Comments: This edit will disable the Windows Key that is found on most keyboards.
>> Show Run in Separate Memory Space Option in the Run Command box Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value, or modify the existing value called ―MemCheckBoxInRunDlg‖ to 1 to show checkbox. Comments: This edit adds the Run in Separate Memory Space check box to Run dialog box. When selected, this option lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process. The additional check box is enabled only when a user types the name of a 16-bit program in the Run dialog box.
>> Control the CD-ROM Autorun Function Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom. Edit: Change the value of ―Autorun‖, or create a new DWORD value if it doesn't already exist, and set the data to equal 0 for Autorun disabled. Comments: Always disable this option as a security measure. Autorun programs could be infected and could infect your system too. If the CD contents have been found to be safe by a scan then you can always use the right-click >> Autorun option on the CD ROM drive. >> Disable CD Burning in Windows XP Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Page | 172
A Beginners Approach to Windows Edit: Create a new DWORD value, or modify the existing value called ―NoCDBurning‖ to 0 to allow Recording or 1 to disable CD burning through Windows. Comments: Windows XP has inbuilt support for CD-burning which can be disabled by using this edit if you are using a third party tool to burn CDs.
>> Hide the Taskbar Clock Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "HideClock" to 1 to remove the clock from the System Tray. Comments: This edit will remove the clock from the System Tray or the Notification Area in Windows XP.
>> Prevent Access to the Contents of Selected Drives Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called ―NoViewOnDrive" to the following decimal values for the corresponding drives: A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863 To hide 2 or more drives just add their equivalent numbers and change the value of NoViewOnDrive to the sum. For example to hide floppy drive (A:), D: drive and E: drive, add 1 + 8 + 16 = 25. Change the value of NoViewOnDrive to 25 in Decimal. Comments: This is a nifty little edit that can be used to prevent access to an entire drive. You can have a drive full of sensitive data and then use this edit to lock it out.
>> Disable the Ability to Right Click on the Desktop Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called ―NoViewContextMenu‖ to 1 to disable right click on the desktop. Change the value to 0 or delete the DWORD to restore right click. Comments: This edit will prevent users from right-clicking on the Desktop. You can still right click on the Taskbar and the Start button though.
>> Clear Page File at Shutdown Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Memory Management Edit: Create a DWORD or modify the existing one called "ClearPageFileAtShutdown" to 1 to clear the Page File at shutdown. Comments: The page file is a portion of the hard drive that Windows uses to store parts of applications and functions that don‘t fit into memory. When a user shuts down Windows, the page file is not cleared which could be a security issue if access to the drive is possible. The page file could be read through another Operating System and possibly passwords can be retrieved, hence the need to clear the page file at shutdown; but again the trade off. Since the page file is large, flushing requires some time which could affect the overall shutdown time.
Page | 173
A Beginners Approach to Windows >> Disable Folder Options Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "NoFolderOptions" to 1 to remove the Folder Options option from the Tools menu of any Explorer window. Comments: This is one of the most common changes done to the registry by viruses that hide themselves by changing their attribute to hidden. This edit removes access to Folder Options from the Tools menu in Explorer. Set the value of NoFolderOptions to 1 to enable or just delete the DWORD.
>> Restrict Users from Running Specific Applications Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Edit: Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run. Then create a new sub-key called ―DisallowRun‖ and define the applications that are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restricted (e.g. "calc.exe"). Note: Never restrict the use of the registry editors. In addition to these there are several tricks that you can employ without any reference, just navigate through the various keys and values and experiment and see the changes in your system for different values. If in case you do not know the exact name or value of key or something, you can always use the Find feature available through the Edit menu on the Menu bar. The challenges provided at the end of this chapter will prove to be a starting point for your exploration.
IX.6: The Reg command In some cases it may so happen that the registry editor may not be accessible, it could be a virus that has written into the registry to prevent its editing, or it could be a policy imposed by the system administrator. The registry can be locked out by adding it to DisallowRun (see Tips & Tricks) or by creating a System Policy. If a program has read/write permissions to the registry, it can very well modify, add or delete keys. There are viruses that write either the DisallowRun to the registry with regedit.exe & regedt32.exe as the programs that are disabled or in most cases to achieve everything in a single value a ―DisableRegistryTools‖ DWORD value set to 1 is written to either HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Or; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
This prevents the running of any standard Microsoft Registry Editing Tools. This policy is so strong that even some third party non – Microsoft registry Editing Tools are also prevented access. Viruses may do this so that whatever changes they have done, like removing the Folder Options menu so that you don‘t see the virus that it is a hidden file, etc cannot be re-edited. The only thing that even most administrators do is to reinstall Windows. Microsoft must have come across this problem, hence the reg.exe file was put, atleast I think that must have been the one of the reasons. Reg.exe is a small command line based utility found in the System32 folder in Windows XP & Windows 2000 that allows console mode editing of the registry, Page | 174
A Beginners Approach to Windows you can view keys of the registry, add keys, delete, export, import and almost everything that the Regedit program can do. It can also be used through scripts to access the registry. For example you could use this program to edit the registry add keys read the registry. For people using scripting tools like AutoIt, this is the only method to delete keys and values from the registry. The reg program also allows you to access the registry of a remote computer. To run the reg.exe file open command prompt by going to Start >> Run >> cmd.exe, at the prompt type reg.exe. The standard output without any parameters is as below: Console Registry Tool for Windows - version 3.0 Copyright (C) Microsoft Corp. 1981-2001. All rights reserved REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT ] Return Code: (Except of REG COMPARE) 0 - Succussful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG REG REG REG REG REG REG REG REG REG REG
QUERY /? ADD /? DELETE /? COPY /? SAVE /? RESTORE /? LOAD /? UNLOAD /? COMPARE /? EXPORT /? IMPORT /?
This program is very important if you are locked out of the registry, hence descriptive analysis has been taken up. I have simplified each parameter help, since what they display could be confusing to some people. Try, the examples first, them out by simultaneously keeping the registry editor (regedit.exe) opened. If reg.exe says that the key or value name was not found, use regedit to create keys and values then experiment on them using reg.exe. The commands are not case sensitive, reg add is the same as REG ADD or rEg aDD. Note that:HKLM – HKey_Local_Machine HKCU – HKey_Current_User HKCR – HKey_Classes_Root HKU – HKey_Users HKCC – HKey_Current_Config Page | 175
A Beginners Approach to Windows
REG QUERY: Used to view keys and values in the registry. REG QUERY KeyName [/v ValueName OR /ve] [/s] KeyName [\Machine\]FullKey Machine - Name of remote machine. If excluded means local machine. (Only HKLM and HKU are available on remote machines.) FullKey - in the form of ROOTKEY\SubKey name ROOTKEY [HKLM | HKCU | HKCR | HKU | HKCC] SubKey - The full name of a registry key under the selected ROOTKEY /v query for a specific registry key, ValueName - The value name, under the current selected Key, to query. If omitted, all values under the Key are queried. /ve query for the default value or empty value name <no name> /s queries all subkeys and values, if queried right at root, will expand the entire registry. Examples: REG QUERY HKLM\Software\Microsoft\Active Setup /v DisableRepair Displays the value of the DisableRepair under the Active Setup key. REG QUERY HKLM\Software\Microsoft\Active Setup /s Displays all subkeys and values under the registry key Active Setup.
REG ADD: Used to add keys and values in the registry. REG ADD KeyName [/v ValueName] [/t Type] [/s Separator] [/d Data] [/f] /v The value name, under the selected Key, to add /t RegKey data types [REG_SZ, REG_MULTI_SZ, REG_DWORD_BIG_ENDIAN REG_DWORD, REG_BINARY, REG_DWORD_LITTLE_ENDIAN REG_NONE, REG_EXPAND_SZ]. If omitted, REG_SZ is assumed. /s Specify one character that you use as the separator in your data string for REG_MULTI_SZ. If omitted, use "\0" as the separator. /d The data to assign to the registry ValueName being added /f Force overwriting the existing registry entry without prompt Examples: REG ADD \\Matrix\HKLM\Software\Test Adds a key HKLM\Software\Test on remote machine Matrix. REG ADD HKLM\Software\DeltaSquad /v Team /t REG_SZ /d Omega Adds a value (Name: Team, Type: String (REG_SZ), Data: Omega) REG ADD HKLM\Software\DeltaSquad /v Weapons /t REG_MULTI_SZ /d AK47\0MS-242\0Krieg-22 Adds a value (name: Weapons, type: Multiple String Value (REG_MUTLI_SZ), data: AK47\0MS-242\0Krieg-22\0\0) REG ADD HKLM\Software\DeltaSquad /v Path /t REG_EXPAND_SZ %%systemroot%% Adds value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%) Notice: Use the double percentage (%%) inside the expand string .
Page | 176
/d
A Beginners Approach to Windows
REG DELETE: Used to delete keys and values in the registry. Use with caution. REG DELETE KeyName [/v ValueName OR /ve OR /va] [/f] /v Specify the ValueName, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted /ve delete the value of empty value name <no name> /va delete all values under this key, NOT the subkeys. /f Forces the deletion without prompt. Use only in scripts as caution. Examples: REG DELETE HKLM\Software\DeltaSquad Deletes the registry key DeltaSquad and its all subkeys and values REG DELETE \\MATRIX\HKLM\Software\Test /v SingleEdition Deletes the registry value SingleEdition under Test on MATRIX.
REG COPY: Used to copy keys and values from one subkey to another. REG COPY KeyName1 KeyName2 [/s] [/f] /s Copies all subkeys and values from KeyName1 to KeyName2 /f Forces the copy without propmt Examples: REG COPY HKLM\Software\Crap HKCU\Software\BigBoss\Crap /s Copies all subkeys and values under the key Crap in HKLM to the key Crap under HKCU. REG COPY \\MATRIX\HKLM\Software\Omega HKLM\Software\Sigma Copies all values under the key Omega on MATRIX to the key Sigma on the current local machine.
REG SAVE: Used to save keys and values from the registry to a file on your computer. REG SAVE KeyName FileName FileName -- The name of the file to save. Filename has to be supplied. If only filename is given without the full path, then file is created in the current working directory. Examples: REG SAVE HKLM\Software\ControlRoom Data.hiv Saves the hive ControlRoom to the file Data.hiv in the current folder.
REG RESTORE: Used to restore keys and values from a file to the registry. REG RESTORE KeyName FileName SubKey -- The full name of a registry key to restore the hive file into, overwriting the existing key's values and subkeys FileName -- The name of the file to restore. This file should have been created using REG SAVE. Examples: REG RESTORE HKLM\Software\Microsoft\ControlRoom Data.hiv Restores the file Data.hiv overwriting the key ControlRoom.
Page | 177
A Beginners Approach to Windows
REG LOAD: Loads keys and values from a file to the live registry (Only HKLM & HKU). REG LOAD KeyName FileName FileName -- The name of the hive file to load. You must use REG SAVE to create this file. Examples: REG LOAD HKLM\TempHive Data.hiv Loads the file Data.hiv to the Key HKLM\TempHive. You cannot load inside any other keys, only at root. Reg.exe will give an Access is Denied Error if the Hive Key you are attempting to create and load the hiv file, already exists.
REG UNLOAD: Unloads the specified key from the live registry (HKLM & HKU Only) REG UNLOAD KeyName KeyName -- ROOTKEY\SubKey Examples: REG UNLOAD HKLM\TempHive Unloads the hive TempHive in HKLM
REG COMPARE: Used to comapre keys and values of one subkey with another. REG COMPARE KeyName1 KeyName2 [/v ValueName OR /ve] [Output] [/s] If FullKey2 is not specified, FullKey2 is the same as FullKey1 ValueName -- The value name, under the selected KeyName1, to compare. When omitted, all values under the Key are compared. /ve compare the value of empty value name <no name> /s Compare all subkeys and values Output [/oa | /od | /os | /on] When omitted, output only differences. /oa Output all of differences and matches /od Output only differences /os Output only matches /on No output Return Code: 0 - Succussful, the result compared is identical 1 - Failed 2 - Successful, the result compared is different Examples: REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2 Compares all values under the key Delta with Delta2 REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2 /v Team Compares the value Team under the key Delta and Delta2 REG COMPARE \\MATRIX\HKLM\Software\Test \\. /s Compares all subkeys and values under HKLM\Software\Test on MATRIX with the same key on the current local machine.
Page | 178
A Beginners Approach to Windows
REG EXPORT: Used to export a key and/or subkeys to an importable .reg file. REG EXPORT KeyName FileName FileName -- The name of the file to export the KeyName as a .reg file. Examples: REG EXPORT HKLM\Software\DeltaSquad D:\DeltaConfig.reg Exports all subkeys and values of the key DeltaSquad to the file DeltaConfig.reg in the D Drive. You can then double click the file to add it back or open in notepad and read contents.
REG IMPORT: Used to import keys and values from a file of Regedit format. REG IMPORT FileName FileName -- The name of the disk file to import (local machine only). The file should be in the standard REGEDIT format, can be created from REG EXPORT. Examples: REG IMPORT D:\DeltaConfig.reg Imports registry entries from the file DeltaConfig.reg from the D Drive.
The entire reg program was explained here because it can be a life saver if your registry editor is disabled and you know there is a virus on your computer, but its hidden, and you can‘t access folder options to reenable show hidden files and folders. The only way (other than gpedit.msc on WinXP Professional) to get to folder options is by removing NoFolderOptions DWORD value from the Explorer Policy key in HKCU. You also need the registry editor for several other useful and creative tweaks. So here‘s how you go about it. If you get an error saying Restrictions: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator, when trying to run regedit.exe or regedt32 or Registry Editing has been disabled by your administrator, then try the following step by step procedure to get your rights and your registry editor back. Goto Start >> Run >> cmd At the prompt type Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Check to see if there is a DisableRegistryTools DWORD value set to 1. If Yes then delete it by Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools You should be able to run regedit now. If there is no DisableRegistryTools when you query, then change the reg query to Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Check if there is a subkey called DisallowRun, if yes then Delete it by Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer \DisallowRun Regedit should now be able to run, navigate to the Explorer key and delete the DisallowRun DWORD value also. Use the reg file for good, programming viruses to delete keys and values is by virtue of computing bad and distasteful.
Page | 179
A Beginners Approach to Windows
Challenges: 1. Add an option called “Open Paint” on the right click of the Start Button and all folders which will open MSPaint. 2. Change the shell to Command Prompt. When Windows starts cmd.exe should run instead of Explorer.exe as the Windows shell. 3. Clear the recent file history of Windows Media Player. 4. Change the My Computer Tooltip to anything of your choice. 5. Hide all the Items on the Desktop. 6. Change the Warning text that is displayed when you remove the check against the Hide protected operating system files option in Folder Options under the View tab. 7. Change the text in the Time Zone tab of Date & Time Properties in Control Panel. Change (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi to (GMT+05:30) Vasco, Panjim, Ponda, Margao.
Page | 180
A Beginners Approach to Windows
CHAPTER X
Securing Windows This chapter on Windows Security reveals how Windows Security is jeopardized and what steps you can take to secure your system from unwanted threats. We shall also see how security begins at your system level and how it will manifest at the network level. Users and file permissions are also explained. After this chapter the reader should be able to: Explain how the Administrator account can be dangerous. Understand how common Windows API can be used maliciously. Explain NTFS Security and its benefits over other file systems. Use NTFS Encryption and Access Control Lists to protect data. Explain how common viruses work and how to prevent an infection. List the advantages of using the Windows Firewall. Secure Windows Networks by using share permissions.
Page | 181
A Beginners Approach to Windows Secure systems aren‘t a far-fetched dream. A comprehensive knowledge of the realm of security and managing resources should hold strong enough to keep intruders at bay. Below is a layman‘s guide to secure computing with Windows. A brief inspection of key features of Windows XP like the support for NTFS, user access control lists and patch work has been taken up.
X.1: Security – An Overview No Operating System is entirely secure. The bad guys out there are continuously finding holes in systems that allow them to gain control of computers remotely. The good guys also do the same but also create patches or explain how to patch the hole or what necessary preventive measures have to be taken to keep your system safe. Security can be divided into 3 distinct subjects: System Security, Network Security and Web Security. These distinctions are custom made by me since they best describe the security scenario on the whole. System security pertains to the desktop level and file system level security. This includes data isolation from unauthorized prying eyes and user access rights and management. Network Security deals with perimeter based defense mechanisms and access to shared network resources and protocols. Web Security deals with the understanding of the Internet and browsing securely out there. The realm of Web Security also contains Web Application Security and End server security. Most insecure systems today are not due to smart hackers but due to users with restricted knowledge of the security scenario. The combination of System, Network and Web security truly covers all the aspects of Secure Computing. Operating Systems and Network resources if securely taken care of, can be utilized without any hindrance and to its full potential. Internet, the biggest library of digital information on this planet is also the weakest network of computers. The Internet has brought people from different nations and social strata closer via its services like e-mail, voice chats, messengers, blogs and forums. Tons of information on literally anything ranging from a grasshopper‘s digestive system to NASA‘s Hubble Space Telescope photographs is available online. Everybody uses the net, but hardly anybody thinks of its undocumented side, Internet Security. The Internet is, at its core, a global connection of many millions of computers that belong to companies, universities, banks, research facilities, defense wings, governments and individuals. Any possible network attack at a 2-computer network level is also theoretically applicable to the Internet. People wake up to this fact after they have been hard hit. Why bother? Some ask. I have nothing of importance on my hard disk, many home users say. But won‘t you be surprised if your photograph (kept safely in the My Documents folder of your PC at home) turns up on a porn website, digitally edited to look authentic. It can happen. Companies and banks have crashed. Several people have got their self-respect disgraced. Firms have gone bankrupt overnight; millions have been lost in revenues all because of sheer negligence. How do all these seemingly impossible situations arise? To understand and proceed further let us get one image clear. Networking gurus are basically divided into 2 tribes by a thin line; hackers and crackers. Any computer criminal these days is branded as a hacker, which is explicitly incorrect. Hacking is a term in the online world that reminds you of a guy with a cap on his head, sitting in front of a computer screen in the dark, busy typing crap on a terminal window with CDs and pizzas strewn around. This is certainly not the correct picture. Hackers are usually good system programmers and network administrators who actually search and patch security holes in local or remote systems. Then there are crackers. Crackers are sadistic hackers who have turned bad just to grab immediate publicity, but what they don‘t realize is the amount of chaos and damage they are causing to the hacked systems and their users. They essentially use the same tools that a hacker uses but to gain notoriety. Computer Crackers commit various nefarious activities that include password stealing, phishing, accessing and manipulating sensitive data that could range from credit card numbers to classified military projects. A lot of companies and millions of users worldwide have woken up to the threat of cyber crimes. Netizens are now on the watch for cyber criminals. There have been several cases of website Page | 182
A Beginners Approach to Windows defacing and in some cases entire business websites have been brought down. Distributed Denial of Services (DDOS) attacks were considered theoretically possible before Yahoo!, EBay and CNN.com crashed in 2000. Crackers, in DDOS, compromise several small weak networks and exponentially break into still weaker networks and then using these final end systems flood web servers with bogus data packets essentially causing these remote machines to hang and thus causing denial of valid services to its valid end users. You may not even know your computer was a part of a DDOS attack. In the beginning when computers were used by university researchers to send and receive emails and networks were used for sharing printers, nobody had thought of terms like firewalls, BackOrifice, l0phtcrack or Cain & Abel. But now as millions of people and thousands of corporate houses worldwide are using the Internet and networks for banking, shopping, research, chatting, auctions, education and defense related works, the amount of sensitive information that can be intercepted is mind-boggling. Then there are viruses and Trojan horses. Computer viruses can be anything from user generated scripts to carefully compiled executables. Viruses have been with us since the day program buffer overruns and process bugs (programming errors in applications that crash the program whenever an invalid data entry is made) were discovered in Operating Systems and user friendly Operating Systems were developed. Viruses can come through emails, through removable media like floppy disks, CD ROMs, USB drives or through the network in general. If you go online frequently and if you find your computer running miserably slow, then chances are that you are infected. Trojan horses are an interesting class of software, the most famous examples being BackOrifice and SubSeven, which are based on the client server model and which allow a remote user to control the host computer remotely. These unwanted programs are usually hidden inside another program and install and run themselves when you run a seemingly harmless application; that is precisely the reason they are called Trojans. Hackers can move the mouse cursor on the remote machine, turn the desktop upside down, run applications, upload and download files, turn off the remote machine and lots of more stuff sitting in the comfort of their homes. It may sound fun but it can be frustrating for the end user. Trojans can be run as local applications and can be started in listening mode at system startup. You won‘t even know your computer has a Trojan running in the background unless you run a complete system scan or open Task Manager and scrutinize each process under the Processes tab. An understanding of the working of the sadistic hacker and his inventions will save a lot of time and energy in reinstating the whole system from scratch. You may have arrived at a point in your computing life when your beloved computer was infected with viruses and somebody told you to format and you had to hesitatingly format your hard disk losing all your precious data and years of memories. If you have gone through that painful phase of life then this chapter is meant for you (even if you haven‘t gone through it, carry on anyways). System formatting is not always the option when it comes to gaining back control over your system. Windows has been programmed to be user friendly while keeping most of its working in the background. As we saw in the chapter on the Windows Registry, how easy it is to manipulate the system. Most viruses take advantage of this fact and are devised in a way so as to use the systems features to hide them. To add salt to injury, users like you and me usually end up running the virus themselves. How many times have you double clicked on a normal looking exe and it did nothing? How many times have you cursed Windows for this unusual behavior? The truth is that knowledge is a vital weapon to combat menaces. You can start taking precautionary measures right from the point when you create a new user. Let us see how.
X.2: The Administrator‟s Dilemma Everybody would want to work on their computers as Administrators without realizing the potential damage that this could cause. By default, when you install Windows XP, the Home Edition version creates a password less Administrator account called Owner and the Professional Edition makes you create User Accounts after install. In both the cases the user accounts that you use to login
Page | 183
A Beginners Approach to Windows finally usually belongs to the administrator group. To understand how Users are actually allocated control over the system, we need to see the general groups that exist on a Windows machine. Windows, as you know by now, groups users on the basis of their administrative rights, or in more simpler terms, based on their system rights. The all-powerful group is the Administrators group. In fact there are three fundamental groups of users who exist on a given Windows machine. There will definitely be more then three but understanding these three is of primary importance. Administrators, Power Users and Users comprise the systems standard set of user groups. Administrators: Administrators have system wide access. They can schedule tasks, install and uninstall programs, edit the registry to make system wide changes, take system backup using the backup utility, create and delete partitions, change file permissions, encrypt and decrypt files and folders, create and delete users, change user groups, create network shares, create system restore points, install service packs or upgrade the Operating System, install drivers for hardware, start, stop or change service parameters, enforce password policies, create network connections and take ownership of files that have become inaccessible. Administrators practically are omnipotent on a Windows machine. Power Users: The rights of Power Users lie between that of Administrators and Users. Members of this group, by default are allotted permissions to modify system wide settings. Power Users can perform any Operating System Task except those that are reserved for the Administrators. Power Users can install programs that do not modify Operating System files or install themselves as System Services (Antiviruses for example), customize system wide resources like printers, date, time, power options etc., create and manage users and groups, start and stop services that are not started by default. Power users cannot add themselves to the Administrators group nor can they add others. Power Users do not have access to the files and folders of other users if on an NTFS partition unless they have been given file access permissions, we shall see how that is possible in the coming pages. Users: Users have absolute restrictions in terms of system wide changes are concerned. Users cannot install programs, nor can they run content that has not been signed by Microsoft. Users also cannot edit the registry keys that will affect the local machine. Users have full control over the files that they create and their data folder (%userprofile%) and their portion of the registry (HKEY_CURRENT_USER). Users can shutdown their computers only if they are workstations and not servers. Users are stripped of all rights and permissions on objects that could modify system parameters. Users can‘t even modify the system date!!
To view all the user groups on your computer, goto Start >> Run >> cmd. At the prompt type “net localgroup” without the quotes.
Apart from these three, there also exist other groups like the Backup Operators and the Guests. BackUp Operators: Members of this group can backup and restore files on a computer regardless of any permissions that protect those file. Backup Operators cannot change system security settings. Guests: This group usually has just one user called, well… Guest. Guests can login and logoff and browse the file system. Many security issues have been attributed to the guest account including some which relate to a system compromise and it is hence advisable to disable this account whenever possible. To disable the Guest account on a Windows XP Professional machine open Computer Management through the Control Panel >> Administrative Tools. Under Computer Management expand Local Users and Groups >> Users. You will be able to see all the users on the current local machine listed here. In the right hand pane, right click on the Guest account and select Properties. Under the General Tab, select the Account is disabled. Click OK to Apply Page | 184
A Beginners Approach to Windows settings and exit. You can in fact disable any account from here if you are a member of the administrators group except for built-in accounts (the Guest is an exception). A simple scenario should expose the seriousness of the problem and also help you understand which user account could be the most dangerous and which the least. Consider this: Your friend gave you program that he downloaded from the Internet. This program claims to be a prank application, which allows you to move the start button around the taskbar. You are proudly logged in the only account on your computer, the Administrator. You execute the program and lo your Start Button moves around, so far so good.
Moving the Start Button - Print Screen 10.1
You smile at yourself for your cheesy accomplishment. Then you close the program, causing the start button to return to its normal corner and continue working. Suddenly you find your screen turns upside down. Then the shutdown timer pops up counting down from 15, you try opening the Run box to stop the shutdown and you are greeted with a Restrictions message, as you helplessly watch your mouse dance around the screen, the shutdown timer ends counting with 2 seconds to spare. Then you are forcibly logged off. You frown in disbelief and log in again, just to find that you can no longer access any drive in My Computer. You also find that you have been locked out of the registry too. Sounds far fetched? Not at all I ssay. This was an example of a Trojan Horse that was possibly hidden in the prank program. Claiming do one thing but does loads of other stuff that you can‘t account for. In fact it is extremely easy to program an application that does all that and much more. Ok let us understand how the application did all what it did, then we shall see the simple steps you can follow to thwart any such scrupulous behavior of any unknown application. Most of what the application did was possible with the use of common Windows API and some clever programming. APIs as you‘ll already know are functions inside dlls that allows Windows and other applications to interact with each other. To turn the screen upside down, a screen print was taken, rotated by 180 as a bitmap and then displayed ‗Right on Top‘ of the desktop, all using APIs. You can find a harmless implementation of the Right On Top function (SetWindowPos function in User32.dll) in Task Manager under the Options menu which when selected causes the Task Manager to be on top of any window, either newly opened or previously existing. A 15 second shutdown timer is displayed using the command shutdown –s –t 15 which also causes an internal timer inside the application to be start that keeps the record of the number of Page | 185
A Beginners Approach to Windows seconds passed so that an abort shutdown can be issued to dramatically stop the timer at 2 seconds to spare. A DWORD NoRun is added to the \Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer key of either the HKEY_LOCAL_MACHINE or the HKEY_CURRENT_USER in the registry to prevent the run box from opening. The change will be effective if the policy is applied at the Local Machine level since it will be imposed no matter who logs on. But for the Run Restrictions to become effective, you have to logoff or restart, which you haven‘t done till this point, then how does the policy come into effect? The simple answer is that explorer.exe was enumerated from the process list by using another common API (Process32Next in a loop till Exe name = explorer.exe) then terminated by passing its PID to another common API (TerminateProcess()). Both functions are found in the kernel32.dll file. Explorer restarts and reads the new values from the registry thus enforcing the policies. All this happened when the inverted screen was displayed on screen. The mouse cursor can be made to move around the screen by using another API (SetCursorPos from user32.dll) by supplying it with the x and y co-ordinates of the point where you want the mouse cursor to be set. There are various methods to force a user to logoff, but the simplest is by issuing the command logoff or shutdown –l –t 00. The application by this time has already done majority of the damage. All drives in My Computer can be disabled by adding the NoViewOnDrive DWORD policy in the Explorer key of the registry under the Local Machine or the Current User with a value of 67108863 in decimal. Using the DisableRegistryTools DWORD policy in the System key locks out the registry editor. This was in no way a comprehensive list. There are several hundred APIs that Windows and applications use for their normal working and several of them can be exploited to wreak havoc on a normal looking system. You don‘t even have to execute the exe in order to run, applications (or more specifically code) can be run even if you do a seemingly harmless task like viewing a webpage. Code can be downloaded and run without the knowledge of the end user. Scripts in web pages could potentially ruin your system if proper care has not been taken to prevent their execution. This example was taken just to prove a simple, yet an often overlooked, aspect of computing, the Administrator account is potentially the most dangerous account on a system, and be it a standalone machine or a computer on a network. When a program runs when an administrator is logged on, the application too runs in the same permission space thus creating a big loophole for untrusted applications to play around with your system. The safest account is a normal user account with no privileges at all. With a normal account you can surf the Internet (a little more safely), run programs that will accidentally not cause system wide changes, play games, listen to music, watch movies and create word documents, all this without the fear of accidentally messing up your system at the end of the day. In fact the Administrator account should be used sparingly perhaps only in cases of an account lockout or user settings corruption issue. Applications can be installed in a normal user account by using the RunAs feature on the right click of the setup file. This calls for the use of best practices that come after years of experience after working with Windows. But before we go ahead and implement security policies and other edits, let us understand what role does NTFS play in keeping our data secure and what features of it can be used in providing a safer computing environment.
Page | 186
A Beginners Approach to Windows X.3: NTFS Security – The ACL Story An advice that all Microsoft Certified Professionals will give you is to convert your current file system to NTFS. We have already seen an overview of the NTFS File System; now let us see it through a security context, touching upon access control lists, file permissions and encryption. NTFS provides file level security through its much talked File access permissions which are implemented through the use of ACLs or Access Control Lists. Let us see how file permissions are assigned and how you can protect your data using them. As we all know, by now, the MFT or the Master File Table contains attribute records of all files and folders on an NTFS volume. Among these attributes, there exists a special attribute called the Security Descriptor (SD) which contains information related to security and permissions of the corresponding object. Within the SD, amongst other information there exist lists which define which users have access to the object (file or folder) and to what level of access is permitted to them. These are called Access Control Lists or ACLs. Every object on an NTFS partition has two types of ACLs: System Access Control List (SACL): This ACL is used to audit success and failures of attempts to access an object. Read ahead for an example. Discretionary Access Control List (DACL): This ACL is where permissions are stored that dictate what users and groups are allowed what type of access to an object. At this point, DACLs should be of primary importance to us since they contain access permissions and DACLs are broadly referred to as ACLs. To view the ACLs of an object on an NTFS volume, right click any object, a file or folder and go to Properties. Click the Security tab to display a summary of the ACLs. This page allows you to set permissions for the particular object. You can add users and groups and assign individual permissions to them. You can see current permissions to various users and groups in the upper frame of the page. The user names and group names are followed by their network names too whose format is computername\username or computername\groupname. In the figure the computer name has been erased for, well.., security reasons. The permissions pane will show you what different permissions can be assigned to an object. This list is by no means comprehensive. A little ahead we shall see the entire DACL Entry for an object. A DACL can accept a negative ACE (Access Control Entry) or a positive ACE. The Allow or Deny are just that. If you are the owner of the object (if you have created the file or folder or if it was created by a process running when you were logged on if the object was created by using your login credentials) then you can change permissions and assign individual restrictions to users and groups. The summarized permissions that you see on this page are Full Control (allows all access to the object), Modify (allows Read & Execute + Read + Write), Read & Execute (allows read access and execute functionality), Read (allows Read access), Write (allows write access) and Special Permissions (allows operations like delete, change permissions, write extended attributes etc.) One thing to bear in mind is that a Deny is given preference over an Allow permission. For example consider a user called Riyaz who belongs to the Administrators group who have full control over an object. Now if Riyaz is denied access to write, then this setting takes priority and Riyaz is denied write access, even though the group to which he belongs has Full Control.
Page | 187
A Beginners Approach to Windows
Summarized DACLs for Secret.txt - Print Screen 10.2
Let us now see how you can use DACLs to protect your data. Consider our file secret.txt that contains all your passwords and usernames. By intelligently employing file permissions, you can easily prevent access to any user on your computer whom you do not want the file to be accessible. Go to the properties of the file. Every new file or folder created on an NTFS volume will by default Inherit the security permissions from the parent folder. This means that if you create a file inside D:\MyData\, then by default the file permissions will show other users and groups if they have been defined in the permissions for D:\MyData\. As mentioned earlier, what you see under the security tab is the summarized values of access types to an object. You can view the entire list under the Advanced Security Settings page. Click on Advanced. Here under the Permissions (the first tab) tab, you will see the list of users/groups who have access permissions on your file.
Page | 188
A Beginners Approach to Windows
Advanced Security Settings for Secret.txt - Print Screen 10.3
Also you will see that an option that allows file permissions to be inherited from the parent is checked. For now uncheck the option, and click on Remove on the warning that comes up. This will probably clean out the whole list from view. This effectively gives a Deny to ―Everyone‖ on the computer. Click on Add to open up the Select User or Group box. Here you can type your username and click OK or for a safer and sure approach, click Advanced and the Find Now. Select your username from the search result and then click OK. When you click OK, the Permissions Entry page will open up showing you detailed access permissions of the DACLs for your secret.txt file.
Page | 189
A Beginners Approach to Windows
Effective DACL permissions for Secret.txt - Print Screen 10.3
Click on Full Control to automatically select all other permissions. Then OK your way back. You now have a file that is accessible to only you and nobody else. Try it out, logoff and login as as any other user and try accessing the file. You can even customize permissions in such a way so as to have no write permissions for a user and allow only read permissions. You do not have to repeat the entire procedure detailed above. You can add a new user from the Security tab itself. Go to Properties >> Security, click on Add >> Advanced >> Find Now. Select the User you want to change permissions for, then OK your way back to the Security page. Here change the permissions by selecting the user in question. You can even edit file permissions for the Administrator so that he gets only read and no write permissions on your file.
Page | 190
A Beginners Approach to Windows
Denying Administrator Write for Secret.txt - Print Screen 10.4
Use file permissions judiciously, always give at least one account the rights to ‗Take Ownership‘ (effective permissions) of the file, in case you ever consider your account for deletion. Taking Ownerships helps you gain access to files and folders that are not accessible. In case you denied other users (not ‗Everyone‘ since that would include you too) access to a file or folder and then it so happened that you had to delete and recreate your account, then you may not have access to your data. This comes as a very important point since all your precious data might be there right on the desktop and yet you may not be able to open it. To reclaim your data in such cases taking ownership is the only way out (as far as I know ;-)). You have to be the Administrator or a member of the Administrator group to be able to Take Ownership. Right click on the folder to which you get an access denied message, go to Properties >> Security tab >> Advanced >> Owner tab. Select your current username here. If your username is not listed then you can add your username by clicking on the Other Users or Groups >> Advanced >> Find Now and then by selecting your username from the list. select the Replace owner on subcontainers and objects check box which will be visible only if you are taking ownership of a folder. This checkbox will not be visible while taking ownership of files. Click on Apply and click Yes when you are prompted with the following message: You do not have permission to read the contents of directory. Do you want to replace the directory permissions with permissions granting you Full Control? Upon clicking Yes, all permissions will be replaced. This method is very effective for companies where user accounts are created for employees and when they leave the job, there could be data that should be retrieved back in the interest of the company. Use File permissions with care. Don‘t lock yourself out of your data, as it has happened to me on several occasions ;-)
Page | 191
A Beginners Approach to Windows Encryption, or the process of disguising a message or data in such a way so as to hide its actual meaning, is possible in Windows by using the Encrypting File System or EFS. EFS is supported on Windows 200, Windows XP Professional, Windows Server 2003 and its variants. EFS is not supported on Windows XP Home Edition. EFS works by way of creating cryptographic private keys that allow the user transparent access. Whatever data you encrypt will be inaccessible to other users, irrespective of what permissions he/she has. This is the advantage of using Encryption over file permissions. Your username and your password is used when creating the Private Key required to decrypt files when you try to access them. Hence, you may have noticed that when you attempt to change the password of another user through Control Panel >> User Accounts in Windows XP, you are presented with a warning that says the user will lose all his EFS-Encrypted files. This happens because the key is not updated with the new password if another user changes it. The decryption process happens automatically without any prompts, well of course if you are the user who encrypted the file in the first place. We can provide encryption in two ways. One, you can encrypt a single file and two; you can encrypt a whole folder so that all files in it and those which will be added to it later will be encrypted by default. Encrypted files are shown in a different color in Explorer. By default it‘s green, but anyways you can change that by using a registry edit. Let us use our Secret.txt file as an example. Create the file anywhere on your computer (and remember where you created it.), preferably in the root of C:\. Write some data into it and save the file. Then right click on the file and select Properties. Click on the Advanced button next to the Read-only and Hidden attribute check boxes. In the Advanced Attributes box that opens up, select the option that says Encrypt contents to secure data, click on OK and Apply. That‘s it. You have just made your file inaccessible to prying eyes.
Encrypting Secret.txt - Print Screen 10.5
Page | 192
A Beginners Approach to Windows
To test your adventure, log off and log in as another user. Try accessing the file. You will be surprised as to how easy this was. Encryption can really be a life saver. Encrypting a folder can be really advantageous since you have to just encrypt it once and all files added to it are encrypted by default. When you are encrypting a folder, you will be presented with a Confirm Attribute Change dialog box where you have to select the second option that allows you to apply changes to subfolders and files. Enabling this option allows you to add files to this folder, encrypting them on the fly. You are saved from the hassle of encrypting every file and folder that you need to be protected.
Applying encryption to subfolders and files - Print Screen 10.6
To ease the encryption and decryption process, you can add or modify a setting in the registry that allows you to shorten the process and reduces the entire ordeal to a right click option. Open the registry editor and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Create a new DWORD value and name it to EncryptionContextMenu and modify its value to 1. Changes are usually immediate and you will see an Encrypt/Decrypt command at the context of files and folders. Bear caution while dealing with user accounts; do not change your passwords from another account unless absolutely unavoidable.
X.4: Password Policies and the Password Reset Disk Safe passwords are easy to construct and remember too. Contrary to popular belief, long passwords are not necessarily strong. This section of the chapter will give you an insight into what goes in constructing a strong password and creating a Password Reset Disk that Windows XP users can use to login in case they have forgotten their passwords. Password policies can be applied by the Administrator on a Windows XP Professional box that will govern the nature and behavior of the passwords of the users created on the system. Before creating any accounts on the computer, create password and account polices for users by using the Security Policy Editor. Remember that strong passwords are a necessity of a Windows box. Before we actually get into defining polices, let us first understand what a strong password comprises of. To start off with, a strong password comprises of at least 14 characters and should not contain your username or computer name or a dictionary word or any other personal information. Assuming you are a big Harry Potter fan, let‘s use a word from JK Rowling‘s world to construct our strong password. How about expelliarmus? The most common type of passwords Page | 193
A Beginners Approach to Windows people use usually contain leetspeak, which is a type of written slang that replaces letters with numbers or other characters that look like the original alphabet. You must have seen people on the internet calling themselves w@rl0[k (warlock), 0r|)3r (order) etc. These are handles that people use to hide their identity. Let‘s use this same concept in constructing our password. Thus expelliarmus could be written as 3x|>3ll1@rmu$. You could then add some special characters at the beginning or end. Our final password could look like #3x|>3ll1@rmu$~. Now that‘s difficult to guess but easy to remember. The above method actually satisfies all the three criteria that I can think of for a strong password. First of all, it does not contain your name in it and it is larger then 14 characters. Secondly it uses alphanumeric and special characters and thirdly it is not easily guessable. Passwords have to be longer then or at least 14 characters in length. Don‘t even think about using personal information like birthdays, girlfriend‘s name, place of birth, or the name of your dog. Also, don‘t use words from the dictionary. If you have more than one email ID or if you use multiple services that require passwords (email, gaming, chat, forums and music download) then don‘t use the same password for all the services. Also always keep it a mixture of alphanumeric and special characters. It is also advisable to change your Windows login password often. To create password policies on your Windows XP Professional box, go to Start >> Run and type secpol.msc. This should start the Local Security Policy Editor. Remember, if your machine is a part of a domain (large corporate offices for example) then the Password Policies are set at the domain controller level and there isn‘t much you can do as a user. In our workstation example after you open the Security Policy Editor, expand Account Policies and then select Password Policy. You can change various parameters here. Double click Maximum password age and set the password expiry days as 21. Then double click the Minimum password length and set the character length to 14. A value of zero indicates your system does not require a password to login. Then the most important setting, double click on Password must meet complexity requirements and change its setting to Enabled. Change your current system password to match the policies you have described and then logoff and logon again. Along with the password policies you can also set the Account Lockout Policies. These policies come into effect if an invalid logon attempt is made to your system locally. For example if a malicious user uses your system and tries to login by guessing your passwords, then you can create a policy here that describes after how many login attempts will the account get locked and for how much time. To create these policies, click on Account Lockout Policy. In the right hand pane you will in all probability see three options. The first and the last will be set to ‗Not Applicable‘. If this is the case then it is because of the Account lockout threshold value being set to 0 invalid logon attempts. Double click on it and change the value from 0 to 5 login attempts and click OK. You will be presented with a Suggested Value Changes window that shows that the options for the other 2 settings have now been changed to 30 minutes. Click OK for now and then change their values individually. You cannot set the account lockout duration to a time smaller than that of the reset account lockout timer. Keep them the same, probably 15 minutes for optimum usage.
Page | 194
A Beginners Approach to Windows
The Local Security Policy Editor on Windows XP Professional - Print Screen 10.7
Windows XP provides a convenient way to reset your account password with the use of a Password reset disk. It is easy to create and use. Always bear in mind to safely protect your disk if you have created one. A Windows XP Password Reset Disk will not work for any other computer other then on which it was created. To start you will require one blank, formatted floppy disk. The procedure is a little different if you are a limited user. Administrators can create floppy reset disks for any user on the local machine whereas a limited user can do it only for his account. If you are an Administrator and if you wish to create the disk for another local user or yourself then: Go to Control Panel >> User Accounts. In the User Accounts pane, click the account that you want to work with. In the Related Tasks on the left of the window, click Prevent a forgotten password to start the Forgotten Password Wizard, and then click Next. Insert a blank, formatted disk into drive A, and then click Next. In the Current user account password box, type the password for the user account that you selected, and then click Next. If the account does not have a password, then keep this space blank. In case the user creates a password later, you could reset it using the floppy disk instead of User Accounts to preserve the EFS certificates and Encrypted data. When the Progress bar reaches 100% complete, click Next, and then click Finish. Remove the floppy disk and keep it in a safe place.
It is very important to keep the floppy safe because it could be used to compromise the system as well as the data on it.
If you are a limited user then the only change is that the Prevent a forgotten password option is available only on your account details in User Accounts. In that case when asked to enter the password during the creation of the reset disk by the wizard, enter the password of your account. Now we are ready with the reset disk, let‘s use it to reset the password assuming you have forgotten it. Logoff your account and at the welcome screen click on your username and instead of the password press Enter or click on the login arrow. You will be presented with an error message that looks like this. Page | 195
A Beginners Approach to Windows
Did you forget your password? You can click the "?" button to see your password hint. Or you can use your password reset disk. Please type your password again. Be sure to use the correct uppercase and lowercase letters. Click use your password reset disk. This should start the Password Reset Wizard. Click Next. Insert the password reset disk into drive A: when prompted to and then click Next. Type and confirm your new passwords in the space provided. You could also keep a hint as a reminder if you forget again. Not advisable though. Click Next, and then click Finish. The Wizard will quit and you will be returned to the welcome screen. Type your new password and press Enter to log in. You do not have to worry about re-creating the password reset disk because the disk is automatically updated with the new password information. Hence it is absolutely necessary to store the floppy in a safe and secure location.
X.5: Malicious Code and Common Infections Viruses, worms and Trojans have always tortured lives of Windows users. Many a times people grudgingly format there computers losing all their data and painstakingly reinstall Windows and the several other applications that were installed. Several virus infections can be detected by running a good antivirus. I wouldn‘t pass judgment on the ones I know but would definitely recommend a few. Kaspersky, McAfee and Symantec provide products that are really worth the money. These antiviruses (and many others) provide features like On-Demand Scanning and Real Time Monitoring of files. A user can invoke an antivirus program to scan the entire hard drive or specific files and folders, this is called On-Demand Scan and is available in all antivirus softwares. Real Time Monitoring works by examining system calls and I/O read write operations thus eliminating or suppressing threats before the viral action is completed. However this can cause substantial amounts of CPU cycles to be consumed. A virus is defined as a computer program that has the capability of copying itself and infecting other computers on which it is taken or networked too. Sometimes Trojan horses, worms and other forms of malware are also incorrectly referred to as viruses. Viruses spread through computer networks, emails or through removable media like floppies, CDs and USB drives. Most often then not worms, viruses and Trojan horses are confused with each other. Viruses require a host to propagate. They copy themselves into the host file and when a user runs the file the virus code is run thus infecting other files and doing whatever action it was meant to. Worms on the other hand can propagate without the need of a host. A worm usually copies itself as individual files and runs in memory creating copies of itself into removable media and network shares. Finally, a Trojan horse is a harmless looking application that appears to do some harmless activity, but carries a payload that is executed when run. Trojan Horses are used to deploy other nasty applications like key loggers, remote administration tools like BackOrifice and NetBus, and even erasing and overwriting data on a computer. There are applications available that allow you to join multiple files, the harmless application and the more sinister one so that they appear to be one program but both are executed when run. Many prank programs come with other malicious code. Simple applications like those that allow you to open and close your CD Rom drive tray may install a backdoor that allows a remote user to connect to your computer, transfer files and capture keystrokes. Imagine if you were typing your password for you mail account or credit card number at a shopping site!! The variations of these actions are huge. Viruses come in different forms. As the battle between anti virus companies and smart system users on one side and virus writers on the other side continues, the bad side is getting smarter faster then we can cope. Today‘s viruses can modify their code so that anti viruses don‘t detect Page | 196
A Beginners Approach to Windows them. Most antiviruses have virus signatures in their databases. These are pieces of code that are obtained from the virus. An executable is compared with this database to see if it contains the signature, if it does, it is flagged infected. Polymorphic viruses beat this type of scan method by changing the code while keeping its algorithm intact. Several other methods to prevent detection may also be employed by viruses. Some viruses even terminate the antivirus process from memory before it can be detected!! Some antiviruses detect the change in file size of an executable and flag it infected if it changes. Viruses have even beaten that by infecting these files yet not increasing their sizes. They accomplish this by overwriting unused areas of executable files. Viruses can chiefly be divided into two types based on the basis of their behavior when they are executed. Nonresident viruses, when executed, immediately search for other programs that can be infected, infect these files, and finally transfer control to the application they had infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus then stays active in the background and infects new hosts when those files are accessed by other programs or the Operating System itself. This allows the virus to infect a new file whenever it is accessed by the Operating System. There are viruses that can infect even Word and Excel files or any file that supports code execution called Macros. Macros in documents allow a user to repeat a certain task or perform a certain action that is programmed by the user. For example a macro could be written in Outlook Express that checks for the subject line when you send a mail and pop up a message that tells you that the Subject line is blank. This helpful feature is often exploited by virus writers to write code that gets executed when you open a file, infecting other files and probably mailing a copy of itself to all the people in your address book. Viruses have also been known to modify the boot sector of the hard disk. These viruses, aptly called boot sector viruses, modify the boot sector so that the virus gets executed every time you start the computer. The control is then transferred to the actual boot loader. Anti-viruses use two common methods to detect viruses. The first and the most common method of virus detection is using a list of virus signatures. Antiviruses examine the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus signatures. If a match is found then the user is presented with options of deleting, cleaning or quarantining the file. Virus signatures have to be updated regularly to protect your computer and data from new threats. The second method is to use heuristic analysis to find viruses based on common behaviors. This method allows detection of viruses of which signatures have not yet been created by the antivirus company. Heuristic analysis can create a lot of false positives, or may flag legitimate files as infected since the scan engine checks for common viral action like file replication or file overwrite or append. A combination of the two can keep many threats at bay. Worms are self replicating computer programs. They use computer networks and removable media to spread. Most often then not, the most popular worms have spread through email as attachments. Notable examples of these include the Sobig and MyDoom worms. Worms, unlike a virus, do not need a host program to propagate. Worms can also be used to carry payloads and trigger emails to certain addresses thus spamming users with thousands and millions of emails bringing down the entire mail system. This attack when done from multiple points is called a Distributed Denial of Service attack. Worms largely rely on emails and networks to spread causing network bandwidth issues and traffic congestion. An email worm when executed usually sends a copy of itself to all the users in the users contact list. Since the email appears to come from a trustworthy source (you in this case) the recipient opens the attachment causing the worm to send more copies of itself to everybody in the recipients contact list. This causes a rapid spread of the worm and in no time millions of computers are infected. Most worms just spread without harming the system (except for the network congestion) but some worms carry payloads and drop them on the infected systems. These payloads may include keyloggers, backdoor programs and even viruses amongst others.
Page | 197
A Beginners Approach to Windows Most often then not worms will remove access to Folder Options, the Registry Editor and the command prompt. In several cases the Task Manager is also disabled displaying an error saying “Task Manager has been disabled by your administrator” when you press Ctrl+Alt+Delete.
Task Manager Disabled - Print Screen 10.8
This is done by setting the DisableTaskMgr Dword value in the registry. The worm, if in memory, will reset any changes done to the registry immediately after you change settings to normal. Hence the approach is to terminate the application from memory and then attempt to change settings back. Many worms exploit the ignorance of several Windows users. Windows by default hides file extensions for known file types and hides hidden files and folders. Worms and even viruses take advantage of this fact. Worms create copies of themselves with the icon of a Windows folder and hide the original folder. Since Windows does not show file extensions for known file types, the exe extension is hidden and what the user sees is an innocent folder. When double clicked nothing visible may happen, but the worm will get executed causing more copies of itself to be made in other folders on the system. Worms prevent access to Task Manager because it is possible to terminate the application from memory if you can open Task Manager and go to the Process tab. Access to Command Prompt is denied to prevent you from running the tasklist, to display current processes, and taskkill, to terminate tasks using their Process Identifiers (PID) or image names and to also prevent you from running the reg command to change registry settings. Finally access to Folder Options and the registry editor is denied so that you cannot unhide folders and or modify registry values. Generally people prefer to use the Registry Editor instead of the reg command line tool which can easily provide access to the registry even if you have restrictions using regedit.
Tasklist showing running processes - Print Screen 10.9
Page | 198
A Beginners Approach to Windows
Many worms also create Autorun.inf files in the root directories of all the hard drives and have the open command set to the name and path of the application. An Autorun.inf file, as you will know, is a file that contains information about the action to be taken when a default command is executed. The default command on a drive is to Open it. When you double click on a drive in My Computer it should open by default in explorer. But the presence of an Autorun.inf file causes an autoplay option to be added. Even this text can be modified to something more inconspicuous like Open. etc. Since the Autorun.inf file and the file or files it causes to execute when you perform the default action are hidden, most often then not, with the system attribute set causing them to be superhidden, you will not see them when you manage to open the drive. Windows, by default, autoplays CD Rom discs and USB drives if they have an Autorun.inf file. You don‘t even have to double click on the drive, the worm executes without user intervention. Trojan Horses are an interesting class of nuisance. They appear as completely harmless applications that promise to do something innocent but actually do more then that. The name Tojan Horse is derived from a section of the legendary Torjan War in Greek Mythology, in which the Greeks built a wooden horse as an offering of peace to the City of Troy, and pretended to sail away. The wooden horse contained Greek soldiers hidden inside its belly. After the people of Troy (Trojans) brought the horse inside the city, the soldiers emerged and opened the Gates of the City to the Greeks and destroyed the city of Troy. Generically, any application that carries a payload that is not used by the main application and performs actions other then those promised or believed to do is termed as Trojan. A Trojan by itself is not harmful, but due to the various payloads they can carry are they termed malicious. Applications are specifically written to act as Trojans carrying payloads with them, while many others are made by joining payloads to already existing applications. Some of the popular payloads delivered by Trojans are NetBus, BackOrifice and Sub7. These are applications that allow the deployer to remotely control computers. These applications install a small program (the server) and allow the machine to be controlled remotely through a client. These tools by themselves are excellent programming masterpieces, but since they are used by script kiddies and sadistic hackers all over the world to wreak havoc, they have earned a bad reputation amongst security conscious people. Remote Administration Tools are not the only payload for Trojans to carry, although they are the most popular. Some other payloads include keyloggers, antivirus disablers, DoS tools or merely downloaders. Most of these payloads are bundled with prank applications that unsuspecting users happen to find across the Internet. The most popular payloads of Trojans are Remote Administration tools as mentioned earlier. Remote Administration tools can be used ethically to troubleshoot problems remotely and interact with users. Most of these applications come with a server and a client program. The server part of the program has to be run on the system you wish to control and the client (usually a Graphical User Interface) is used to send commands to the server. Windows provides several APIs that allow you to completely control a computer remotely and it is not very difficult to write a remote control application of your own. In the final year of my Engineering, way back in 2006, I managed to write a Remote Administration Tool of my own called NetCon which I shall briefly describe here.
Page | 199
A Beginners Approach to Windows
NetCon System & Network Page - Print Screen 10.10
Designed to work on the Local Area Network and written in VB 6.0 with over 80 Windows API, the program has the following features: Get Remote System Info: This info includes: Computer Name IP address Operating System Physical RAM Drives Product ID Registered Owner System Directory Windows Directory Processor Type Current Logged on User Temporary Directory Wallpaper location (Whew!!) Screen Resolution Get list of running Processes: This allows users to view and terminate processes on the remote computer. Shutdown Controls: Allows users to remotely shutdown, restart the system or logoff the current user. If the end system is Windows XP then the shutdown and restart commands will give a 12 second countdown. Get Open Ports: This command shows all the open listening ports and connections on the remote computer. Get Routing Table: Allows users to view the entire TCP/IP routing table. Get Adapter Status: This command allows viewing of the entire adapter status along with other information, equivalent of ipconfig /all. Send Message to remote computer. Displays a message box on screen when a user is logged in. Page | 200
A Beginners Approach to Windows
Run an application on the remote computer by supplying the full path of the program. Rename the Start Button on the Remote Computer!!! View Directory structure, disks and contents. File Transfer: Using binary mode for file transfer, this command allows you to copy files from the remote system and save it onto your computer. Fun Controls: These are commands intended for general experimental purpose. Click on the buttons to perform their respective functions. Open / Close CD ROM drive tray. Show / Hide Start Button Show / Hide Clock Show/Hide Desktop Show Black Screen & desktop alternatively. View / Set / Clear Clipboard Beep User with custom frequency (default 2000 Hz) Play custom sound. Default is C:\Windows\Media\tada.wav. Change Wallpaper on remote machine (requires logoff) Freeze mouse for 8 seconds Swap mouse buttons, the right click becomes left and vice versa. Crazy mouse. Mouse cursor is set at random locations for 8 seconds.
NetCon Fun Controls Page - Print Screen 10.11
Move Mouse. This is an advanced mouse control function written to remotely move the mouse on the remote computer with the administrator controlling cursor positions from the client machine. Right and left clicks can be manifested too. Live Keylogger allows you to view pressed keys on the remote machine in real time on a screen on the Info Pane. Screen Stuff: A highly advanced separate module written which exclusively employs the BitBlt and StretchBlt methods to manipulate the screen. Allows users to do the following functions: Get Remote Screen (AutoDump feature also available). Invert Remote Computer Desktop
Page | 201
A Beginners Approach to Windows
Invert Colors of the desktop. Fade Screen Colors Brighten Screen (MAX ALPHA) Darken Screen Show Ghost Image Monitor On / Off (Works on Laptops only)
The server cannot be seen under the TaskList but can be seen under the Process tab of the Windows Task Manager. It also adds itself to the Local Machine Run key (creates if non existent) in the Windows Registry so that it runs at system startup irrespective of who the logged on user is. NetCON v1.2 runs on port 7108 at system startup (upon a previous execution) in listening mode. These tools may be fun to use in the hands of novice users but can be real frustrating to the end user. The Windows API is a powerful collection of functions which can be used maliciously. Several applications exist out in the wild that incorporate these APIs. To read drives and directories, to copy themselves and spread, to open and infect other files, to create and add user accounts without your knowledge, to delete files and directories and replace them with executables of their own, to log every key you press on the keyboard, stealing your passwords and credit card numbers, emails and photographs, documents and other data, to prevent shutdown of the computer, to crash the operating System and in the worst case format your drives. The bad guys are using their knowledge to do evil stuff with their evil tools. Some simple precautionary measures can save a lot of time, money and pride. Here are a few methods that you can easily employ to keep your system safe and detect and delete threats before it‘s too late. One of the most common trick worms and some viruses use is to create copies of themselves that have icons of common file types or of folders but with the obvious ‗.exe‘ extension at the end of the filename. A very common example that I can recollect is the Jangan Dibuka.exe which has the icon of a Microsoft Word Document. This worm has got several other names like My Love.exe, Kenangan.exe, Hallo.exe, Puisi Cinta.exe, My Heart.exe, and Mistery.exe. Such worms may disable folder options and cause the hide file extensions for known file types option to be checked. A non suspecting user is bound to attempt to open a file that has the name ―My Love‖ and the icon of a word document. What they don‘t realize is that you are in fact executing the worm! Hence to detect such threat, you can either enable the show file extensions option through folder options, but that may not be helpful if the worm periodically checks for registry values and resets them according to its own convenience. Windows hides file extensions for shortcut (.lnk files), Explorer command files (.scf) and some other file types. These extensions will remain hidden even if you deselect the Hide file extensions for known file types. You can enable their view through a registry hack. I did not include the trick in the chapter on the registry since it would be much more captivating to use it here in its correct context. Link files and Explorer‘s command files have a special string value called NeverShowExt written under the HKEY_CLASSES_ROOT\lnkfile and HKEY_CLASSES_ROOT\SHCmdFile respectively. You can even do the opposite using a string value called AlwaysShowExt. You can direct Windows to show you file extensions for a known file type even when the option to Hide file extensions is enabled in Folder Options. Since the most dangerous file type to us presently would be the executable, navigate to HKEY_CLASSES_ROOT\exefile, create a new string value in the right hand pane and name it as AlwaysShowExt and keep its value blank. Restart explorer using the Task Manager or logoff and login again. This registry edit causes Windows to display the exe extension even when the option to Hide File extensions is enabled in Folder Options. Try it out. Apply the option in the View tab of Folder Options and navigate to any exe that you have, C:\Windows would be a nice place to check. Look at the filename of Explorer.exe, for instance, the file extension will be visible even though files around it will have their extensions hidden. This allows you to view the extension of a file before you run it. For best practices, deselect the option in Folder Options to Hide file extensions.
Page | 202
A Beginners Approach to Windows Some worms have long names like Picture_of_the_worlds_most_wanted_person.exe. This file for instance is a script written in AutoIt, a popular scripting language, and has the icon of an image file. Since the name is long, Windows Explorer does not display the whole name in Tiles and Icons view. The entire file name with the exe extension will be seen if the folder is made to display objects in Thumbnail view, Details view or List view. An unsuspecting user may execute the file expecting it to really be the picture of the worlds most wanted person! Be careful of files that have tempting names and are pretty long that are obscured by Windows. It‘s a feature in Windows to avoid cluttering and messy looks but is exploited by the malicious file writer. Enable double click to open option in Folder Options under the General Tab. That way you can view the file type, by merely selecting it, in the common tasks pane to the left of the window.
Common Tasks Pane showing file type - Print Screen 10.12
Windows allows programs to add to the system startup as an effective method to allow program execution without user intervention. This allows programs like Antivirus software and Network Monitoring Tools to start and run without user interference. Even this feature of Windows has been exploited. It is a common feature of viruses to add their path to system startup, so that even if you terminate the malicious file from memory using Task Manager, the virus will run the next time you restart your computer. A major drawback of the Task Manager is that it does not display additional information about a process like its path or child processes. Microsoft has a tool called Process Explorer that provides much more information than the native Task Manager of Windows. The tool, written by Mark Russinovich, shows loaded dlls, detailed description and thread information and the option to terminate individual threads and close open handles. This tool can be used to find the path of a virus or any other malicious file when it is in memory.
Page | 203
A Beginners Approach to Windows
Process Explorer - Print Screen 10.13
Windows XP provides msconfig that allows you to keep a check on startup items. However there are locations in the Windows registry that viruses or worms can write their path to without msconfig displaying them. In such cases Microsoft (again a Mark Russinovich creation) provides a tool called autoruns.exe which shows startup entries from over 50 locations!! One of the most important place to check is the shell value under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. The correct value is just explorer.exe, or its full path. There are possibilities of some malicious files changing the value to explorer.exe virusname.exe, which causes explorer.exe load the malicious file every time you login. The file will be executed even if you start the computer in Safe Mode. You can eliminate this threat by starting your computer in Safe Mode with command prompt and then running regedit, navigating to the said key and correcting the entry to explorer.exe. All in all, the best bet would be to disable all startup entries except for Antivirus software. Use msconfig to disable all entries except for any Antivirus software and use the Services.msc mmc snap in to control which services are running. Disable services that are not required. Be careful while using autoruns.exe, although it‘s a usewful tool, it lists all the entries that start when your computer starts and leaves the decision to disable any to the end user. There are several entries that belong to the OS. Disabling any of them might cause your computer to behave unexpectedly. The Logon tab contains the normal startup items that execute when you login.
Page | 204
A Beginners Approach to Windows
Autoruns.exe with its Logon Tab - Print Screen 10.14
Except for userinit.exe and explorer.exe, usually nothing else is needed from the list here. Verify that the entries are published by Microsoft. Anything else should be looked at with suspicion. A very interesting feature that most worms come with is that they create a autorun.inf file that as you know causes drives to execute a file or perform an action when the default option on the drive is selected. Merely inserting an infected CD into the CDROM drive could get you infected. Disabling autorun could well cause some CD to function improperly, especially those that rely entirely on the executable that runs when you insert the CD. Common examples would include Game and Software CDs that have an exe that shows a menu that allows you to select options and continue with the installation. To disable the autorun feature for CDROMs completely, fire up the registry editor and navigate to HKLM\System\CurrentControlSet\Services\CDRom and change the value of ―Autorun‖, or create a new DWORD value if it doesn't already exist, and set the data to equal 0 for to disable Autorun. You can easily right click on the drive icon in My Computer and select Autoplay AFTER scanning the CD with a reliable and updated antivirus. On a personal note, I keep the shift button pressed to bypass any Autorun executable and then open command prompt to attrib and dir on the contents. I then use the type command to read the contents of the autorun.inf file to see which executable it points to. Having done that, I proceed to open the Run dialog box and browse to the CD ROM, I right click on the executable and select properties through the file open dialog box, since some autorun.inf files tell Windows to execute programs even on Exploring the drive. The version tab gives me the information needed. Any oddity here and the exe goes through a thorough scan. The same treatment goes for a USB storage device or a pen drive too. Make sure that the access to regedit, cmd, folder options, msconfig and task manager is always enabled. There are registry policies that can lockout the Task Manager, the registry editor and folder options. Worms and viruses use this fact to disable access to these three important tools in Windows. The previous chapter on the Windows Registry explains all the three polices in greater detail and their settings too. What is of importance to note that although there is no explicit setting in Windows to disable cmd and msconfig, worms can still write their locations to the DisallowRun Page | 205
A Beginners Approach to Windows key, preventing users from executing them. Another simpler method chosen by ignorant worm writers is to continuously read the title bars of all Windows that open, if any of them is found to contain cmd.exe or System Configuration Utilty, the window is quickly minimized or the process is terminated. This consumes precious CPU and Memory usage and you may notice your system reacting slowly to mouse clicks and user interface interaction and command execution. You can easily open Task Manager and terminate the process that‘s troubling the system. But what do you do if the Task Manager is disabled. Restarting the computer in safe mode to access the task manager will not be of much help since the policies will still be in effect, preventing you from running task manager. The solution lies in the Safe Mode itself, but in Safe Mode with command prompt. This prevents any rogue application executed as an argument to explorer in the Winlogon key from running. Start the computer in Safe Mode with command prompt and enable the Task Manager and the registry editor using the reg command. If you can open the command prompt in normal mode, but the Task Manager is still locked out and deleting the policy through the reg command causes the worm in memory to rewrite the key back to the registry, the only way out is to terminate the worm first before enabling the Task Manager. It is a little known fact that Windows provides a command line tool to view and terminate tasks. Using Tasklist and Taskkill as mentioned earlier, you can manage running process on your computer. Open cmd and then type tasklist to see the current running processes. You can even see which dlls are loaded for all the process in memory!! Use tasklist /? for more options. Tasklist provides users with the list of current processes and their PIDs (Process Identifiers). Using these PIDs and image names you can terminate the associated application using taskkill. The general syntax is taskkill /PID 504 /F to forcibly kill the process with PID 504, taskkill /IM spool* /F /T to forcibly kill all process that start with ‗spool‘ and their child processes (same as end process tree in the Task Manager.) There are several filters also that you can apply. Detailed usage is beyond the context of this text. But noticing any unexpected memory consumption by an image you do not recognize, could be signs of malicious activity. Terminate applications with care and only if you are sure of them being malicious. The following screenshot shows taskkill being used to forcibly terminate all processes and their child processes that start with the string ‗note‘.
Taskill - Print Screen 10.14
A very important precautionary measure that Windows users HAVE to take is to use a limited user system account for your everyday computing. A limited user account allows you to write and save documents, watch movies, play games, listen to music and surf the internet. When you want to install an application, you can always right click over the executable and select RunAs, this allows you to install the application being in your security limits. The administrative account should not be used except for well administrative purposes. Deleting and creating partitions, formatting drives, debugging programs, creating or restoring system restore points are some instances where you might need to use the Admin account. Worms, viruses or any malicious files do maximum damage if they run in the Admin account. And finally always use an updated antivirus and scan your system regularly for threats. Real time monitoring of files could slow down systems that do not have enough resources. Real time monitoring enables virus and other threats to be eliminated before the Operating System can read the file hence continuously scanning memory and opening and reading files being accessed by Page | 206
A Beginners Approach to Windows Windows could prove to be costly on systems that are low on memory and CPU resources. This is one of the reasons many Windows users give when asked about the absence of antivirus software on their machines. In fact an Antivirus is perhaps the most important third party application you would install on your computer. Always update your antivirus virus definitions and scan engines. Almost all major antivirus software companies provide daily updates as either downloadable content or through the update engine in the Antivirus program itself. Run a full system scan daily if possible or with a maximum delay of one week between each scan. You could keep a scan running and have lunch and endorse other activities simultaneously. Almost all Antivirus products use a common procedure for threat response. When a malicious file or activity is detected, the program will alert the user with either a visual display or an audio tone or both in many cases. The alert will contain the name of the threat, the file name found to be malicious and the response to be taken. Many users get paranoid when a virus is detected on their systems and feel that the correct response would be to delete the file. Not always. There are several actions that you could choose, but the most common ones are to delete the file, to clean the file or to quarantine the file. Different responses should be chosen for different scenarios. Here‘s how you choose. When the threat detected is an individual file that you know does not belong on your system, files, with suspicious sounding names and without proper version information, are a sure go go. Files like ssvccihost.exe, lsasss.exe, winlogons.exe are some examples. Even if the name is a common Windows file, check its location and version information, like if you find lsass.exe file in the %homepath%\Application Data folder, deleting it would be the safest bet. Files are to be cleaned if they can be cleaned. It is a property of viruses that they require a host application to spread. A host application could be any executable or a file that allows executable code to run (like Microsoft Word Documents). These host applications may be required by Windows and by the user himself. It could be the exe of your favorite game, or they could be the MS Word documents of your application forms and letters. Deleting these does not make sense. In majority of the cases these files can be cleaned and the original file restored back. If the file cannot be repaired then most often then not the file would be in memory. Use the task manager to end the process from memory and then attempt cleaning the file. There is a worm called Passma32, commonly found as servicemgr.exe in Windows that infects executables and creates a value in the registry that allows it to run when a user logs in. When a user runs an infected executable, the worm dumps a copy of the original executable to the same directory with an extension of .hwd, changes its attribute to hidden and loads the file into memory. For example if my computer had Fifa06 installed in D:\Games\Fifa06\, and if the worm had infected the main game executable, fifa06.exe, then when I run the game, the worm creates a copy of fifa06.exe as fifa06.hwd in the same directory, changes the file attribute to hidden and loads it into memory so that effectively what I perceive is that my game ran without any issues, no worms, no problems. This executable can be cleaned of this worm; in fact any updated antivirus should be able to get rid of this particular threat. Lastly, the option that all major antivirus products provide is the option to quarantine the file. What simply happens is that the infected file if it cannot be cleaned or deleted then the user can move the file to an area on the system that acts like a vault containing threats that are not mitigated yet. Quarantining a file allows the user to clean the file later when an update has been found. This allows your files to be safely recovered later. When a file is quarantined, all operations to the file are restricted through the Operating System. I derive pleasure in visualizing it to be a prison of some sorts that keeps the malicious threat inside and in inactive mode. An antivirus product can be configured to attempt a set of procedures when a file is tagged infected. The antivirus by default attempts to clean the virus, failing which it tries to delete the threat, failing which the file is moved to quarantine. Following these simple measures could save a lot of time, energy and data. Be prepared for the worst case scenario. It is the same old story again; Precaution is better then Cure.
Page | 207
A Beginners Approach to Windows
X.6: Windows Network Security Windows Networking allows users to share files and resources across the globe. Users can access the internet and other computers on the Local Area Network. Networking opens avenues of businesses to organization allowing data to be stored on servers that are then requested by clients. Shopping, Banking, Email and Messaging are some of the activities possible on a network. If your computer is a standalone home machine then and if you use the internet, the chances of your computer being infected by malware through your browser are pretty high. Crackers and script kiddies out there may use your computer for an attack on an organization without your knowledge. Some process might slyly send data out including the keys typed on the keyboard and other personal information including files and documents stored on your computer. Data can be stolen off your hard drive and published on the internet. Network Security is a vast topic but it all starts from a single machine. Securing your computer is a start towards securing your network. Windows has several inbuilt components that allow your machine to be secured over the internet or the LAN. Let us look at them individually, securing your computer to be safe from internet based attacks and securing your computer from LAN based threats. Securing your computer from Internet based attacks can be understood in two different ways. One is through restricted access from external networks to your machine and second is to prevent malicious activity through your browser and email programs. The easiest way to keep a check on applications that are communicating with other computers or are requesting communication is to use a firewall. And Windows makes it easier by providing an inbuilt firewall called the Internet Connection Firewall. In Windows XP Service Pack 2 (SP2), ICF has been replaced with the Windows Firewall. A firewall in general terms is a dedicated system or software that is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Hardware based firewalls reside on routers or special devices specifically designed to act as firewalls. The most common use of a firewall is to prevent unauthorized access attempts from the Internet to the private network or your system. All network traffic is routed through a firewall which examines each packet that passes and allows only those that match its security criteria called rules. The Internet Connection Firewall, or the ICF, in Windows prevents unauthorized access from the outside world to your computer. The ICF follows the same norms as general firewalls do and consists of rules or generally speaking a set of rules which are used to inspect each and every single packet passing your computers perimeter. The ICF intercepts network traffic and applies its rule set to the traffic. Then the ICF filters packets according to the rules allowing or denying the passage of traffic based on the information in the header of each packet contained in the data. This is broadly called Packet Filtering. The ICF rules or generically any firewall‘s rules contain Network protocol specific information such as TCP/IP source and destination IP addresses and port numbers, along with other information such as connection parameters and size of the packet. This information is matched to the current packet being inspected and then further course of action, i.e. whether the packet enters the network (your computer here) or is dropped at the perimeter itself, is determined. Packet filtering is broadly of two types. Static and Stateful. Static packet filters typically drop or allow packets to pass through the network perimeter on rules based solely on the packets source and destination addressing and other header information. On the other hand a Stateful packet filter allows packets to pass or drops them based on the header information as well as the related information of requested or current session. Like for example the stateful packet filter may drop all packets that do not have header information related to ftp when the packets are being directed to the ftp port. The ICF uses a stateful filter thus allowing a more elaborate set of rules then a normal static filter.
Page | 208
A Beginners Approach to Windows To Open the Windows Firewall (Windows XP SP2 and higher) dialog, go to Control Panel >> Network Connection and right click on the connection on which you want to enable the firewall and select Properties. Go to the Advanced tab of the connection properties and then click on Settings.
Network Connections - Print Screen 10.15
The Windows Firewall can be easily configured through this dialog. The General tab displays the current status of the firewall. Select the On radio button to enable the firewall and click OK.
Windows Firewall - Print Screen 10.16
Page | 209
A Beginners Approach to Windows Windows also allows you to create exception rules. Under the Exception tab, you can select the programs that can accept incoming network connections and can communicate with the outside network. If the checkbox which allows Windows Firewall to display a notification at the bottom of this page is checked then, Windows Firewall will display a security alert with the name and Publisher of the application asking for network access. You can the select whether the application should be given access or not. Based on your choice, the Windows firewall will create an entry in the Exception tab.
Windows Security Alert - Print Screen 10.17
The Advanced tab has options to individually add exceptions to each connection on your system. Click on the settings button in the Network Connections frame to grant access to services running on the network and which communicate with the outside network through your system. For example, if a machine on your local network has a web server running and if your system acts as the gateway to the internet then you can select the HTTP Server service to allow incoming connections from the internet to reach the web server. ICMP or the Internet Control message Protocol allows computers on a network to communicate and share status information like ping echo replies and route and packet information. You can edit these and more settings for ICMP behavior under the second tab of Advanced Settings under the Advanced Settings of the connection in question. For general ICMP options, you can click on the Settings button under the ICMP frame under the Advanced tab of the Windows Firewall configuration dialog. Every connection to your system, successful connection, connection attempts and dropped packet information can be logged to a text file for later retrieval. This information is critical when researching the possibilities of a system break in or a network based attack. By default, the log file is stored in C:\Windows as pfirewall.log. Select the options to log dropped packets and log successful connections.
Page | 210
A Beginners Approach to Windows
Log Settings - Print Screen 10.18
If your system is behaving erratically with network connections and you have difficulty connecting to other computers on the network, then restore the default settings for Windows Firewall by clicking on the Restore Defaults button in the Default Settings frame. The firewall is as smart as the user who configures it. Unknown applications that ask for network access should not be allowed under the exceptions tab. Even when the security alert box pops up, make sure the Publisher is a trustworthy source and the importance of the application to have network access. Scrutinize every application that pops up the security alert box. Even the most convincing application could cause your entire network to collapse. That was about Firewalls and connections. Let us now see the importance and procedure to enforce share accesses. Windows as you know allows you to share a folder or other resources like printers and scanners over the network for immediate access by other users. Data that is shared on the network has to be secured to prevent unauthorized access. You can set permissions to individual users or groups and allow read or write access or full control to the share. To proceed, disable simple file sharing through folder options. Open Folder Options and under the view tab, scroll right down to find the option Enable Simple File Sharing (Recommended). Uncheck it and click on Ok for the settings to take effect. Then right click on a folder you wish to share and select Properties. Select the Sharing tab to show the Share Options. Click on Share this folder to share the folder on the network.
Page | 211
A Beginners Approach to Windows
Creating a Shared Folder - Print Screen 10.19
The share name is the name that will be displayed to other users on the network. You can describe the share by writing a comment about it in the space provided. Always set a user limit on how many users can simultaneously access the share. 3 would be more secure, but if it is a large network with the share being an important data exchange centre then you can use the Maximum allowed option. To set Permissions for users who access the share over the network, click on Permissions. By default everyone will have read permissions. You can add other users to have read and write permissions or even delete permissions by giving Full Control. OK your way back and you should be set. To access your folder from the network, go to My Network Places and click on View Workgroup Computers in the common tasks pane.
The View WorkGroup Computers option in My Network Places - Print Screen 10.20
Page | 212
A Beginners Approach to Windows Then open the computer on which the share is located to access the share. For ease of access you can right click on the share and select Map Network Drive to map the share as a drive in My Computer. To see all the folders that your system has shared, you can go to Computer Management >> Shared Folders.
Computer Management –Share Folders - Print Screen 10.21
Here you will see administrative information about every share on your system, including the default shares. All share names that end with $ are called default shares and can be accessed only by administrators over the network. They are created for troubleshooting and problem solving scenarios and can be safely deleted. You can also view the number of connections any given share has. Refresh the snap in to get an update. You can also create a new share through here by right clicking any where in the blank space and selecting New Share. Windows will present the Share a Folder Wizard which will guide you through the share creation procedure. You can view which users have opened which files on the network and terminate connections and close individual files through Sessions and Open Files.
Close Open File - Print Screen 10.22
Close Established Session - Print Screen 10.23
Page | 213
A Beginners Approach to Windows
All these precautions and security measures may sound so much that you‘ll be compelled to think that it is useless. Out of millions of computer‘s worldwide the chances of me being targeted are slim. Are you correct? The truth is that the world is a very small place digitally and it is always better to be prepared than losing your personal class & picnic photographs, your 1500 mp3 songs, 10 GB of rock videos, your dad‘s office documents, your mom‘s recipes, your brother‘s projects and the address book containing a list of all your girlfriends. Prevention is always better than cure…
Page | 214
A Beginners Approach to Windows
CHAPTER XI
Windows Tips & Tricks We have seen enough of Windows now. Let us now put whatever we have learnt into practical use. This chapter consists of the best tips and tricks that I employ for the smooth running of my computer. Many other Microsoft‘s best tricks and tips are also included. Windows can be tweaked to give optimal performance by following some simple tips. Follow these tricks and tips to ensure a long and healthy Windows installation. After this chapter the reader should be able to: Tweak the startup of Windows for their own needs. Customize Wallpapers and other desktop settings. Increase overall performance by memory management. Customize explorer to protect your computer from viruses and other threats. Chat live with another user on a Local Area Network using the TCP/IP stack. Securely hide & protect a folder or files from normal users. Play around with some of the eggs found in Windows.
Page | 215
A Beginners Approach to Windows Windows by itself may become slow if not tuned from time to time. Given below is a list of different tips and tricks involving different aspects of this Operating System. The tips and tricks described below pertain to the Windows XP OS unless otherwise specifically mentioned. Take full advantage of this chapter to tweak your once slow OS to something not less than a 512 MB 2.55 GHz PIV Windows 2000 system. Most of the common aspects of Windows have been covered here including Startup, Logon, Explorer, Memory Management, File Protection techniques and some of the most notable eggs in Windows.
XI.1: Startup The startup of a computer here refers to the phase from the moment you press the power on button to the time you see the welcome screen. After that it is called as Windows logon which is covered as a separate section. Some tricks given here may not work on your computer due to the difference in Motherboard models and Jumper (pin) connections on the Motherboard. A motherboard manual is almost always supplied with the computer when you buy it from the vendor; refer to it in cases of any difficulty. Tips and tricks are not visibly differentiated, since both will give the reader equal fun when employing.
Start Your computer with the Keyboard. Everybody starts their computers by pressing the Power On button on the cabinet. There are other methods too. You could use any device attached to your computer that has Power Management Support by the Motherboard. Common devices include your keyboard, mouse and the Network Card. We shall see how you can use your keyboard to start your computer. To use the keyboard to start booting, open the system BIOS setup, this can be done by pressing the Delete key just after the first beep. If you do not hear beeps, then keep pressing the delete key to get into your BIOS Setup. Some motherboards have a different key, check your Motherboard manual for details. Anyways once you are in the computer‘s CMOS setup, go to the Power Management Setup Page. Here you will see (if your motherboard supports it then) Power Management Settings. Enable the Power Management option to use the keyboard or any other device supported. All supported devices will be listed here. Look for a Keyboard Power On option, enable it and also change the Specific Key for Power On to a keyboard key (or combination like Start). You may be prompted to enter it twice. Save changes & exit Setup. The next time you want to start your computer, type Start on the keyboard and lo behold!! Cool ain‘t it?
Enable Quick Booting Usually when you start your computer, the BIOS checks all hardware and sends signals to all other interfaces and cards etc. This method can really slow down booting time especially if you have added a new IDE device or shuffled them from masters to slaves or from primary to secondary. To enable quick booting, open the system BIOS setup. Once you are in the computer‘s CMOS setup goto the Advanced Setup option and enable the option for Quick Boot and preferably set the computer‘s first boot device to IDE 0 if you have just one hard disk (and if it is on the primary IDE Channel) and the OS is on it. All these options will usually be one the same page. Consult your motherboard‘s manual if you cannot find the mentioned options.
Page | 216
A Beginners Approach to Windows Enable the Display of the Boot.ini The advantage of displaying the boot.ini file is that you can easily boot into safe mode or any of the other options presented during startup, you can press F8 when the boot.ini file is being displayed and then select an option to start. The boot.ini file shows all the Operating systems installed on your computer. If you have more than one OS installed or the recovery console present than the boot.ini file is always visible. The boot.ini file may be Read Only and/or Superhidden as a system file. To remove these attributes, go to My Computer >> C: 1. If the boot.ini file is visible (which is rarely the case) Right-Click on it and select Properties. Under the General tab remove the check mark against the Read-only box. Click on OK to save attributes and exit. 2. If the boot.ini file is not visible, go to View >> Folder Options (Windows 98) or Tools >> Folder Options on the Menu Bar (no folder options? Registry Policy, go back to the Windows Registry in the Tips & Tricks section) Once Folder Options opens go to the second tab (View) and then scroll down to remove the check mark next to the option saying Hide Protected Operating System files. You will be presented with a warning. Click on Yes. Also select the Show hidden files and folders option and Hide extensions for known file types. Click on OK to close the Folder Options dialog box. You should now be able to see the file. Remove the read only attribute by following the steps mentioned under 1. It‘s an easy job if you have fully understood the boot.ini file. We know that the boot.ini file is displayed only if the computer has 2 or more than 2 OSs. That means we will have to make the computer believe that there are two OSs when actually there is only one installed. To do this open the boot.ini file. On a single OS system the boot.ini file should look something like this: [Boot loader] Timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect
Windows
XP
Home
Edition"
Now just copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect
Windows
XP
Home
Edition"
Windows
XP
Home
Edition"
You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Test for boot" and add switches like /NOGUIBOOT and /SOS. Decrease the timeout value to 2 seconds from 30 seconds if you wish to. Press Ctrl + S to save the file. Close the file and restart by going to Start >> Turn Off Computer >> Restart to see the effects.
Page | 217
A Beginners Approach to Windows Change the bootscreen to your own. You will definitely have seen the Windows boot screen, the same old boring Windows loading with the logo and Windows written on it. You can change the screen to anything of your choice. The procedure is different for Windows 98 and Windows XP. Windows 98: The Windows 98 logo screen is located in the C:\ drive as logo.sys or in the C:\Windows folder as logow.sys. If the file logo.sys is not present in C:\ then copy it from the Windows folder using the command prompt. Whatever the case, open command prompt by going to Start >> Run >> command and then using the attrib command to unhide the file(s). In command type the following C:\> attrib –s –r –h C:\Windows\logow.sys C:\> attrib –s –r –h C:\logo.sys The above commands will remove the hidden, read-only and system attributes from the file. Then open Paint, from the file menu select open and open the logo.sys file and edit to whatever you want, just remember not to change the dimension of the file. Save the file as C:\logo.sys and then change the attributes of the file back to what they were by using command prompt and by typing C:\> attrib +s +r +h C:\logo.sys The logow.sys file pertains to the shutdown screen. Give it the same treatment as the logo.sys file and see the changes for yourself. Restart your computer to see the changes. Windows XP: The Windows XP logo screen is not found as a separate file. Instead the logo is embedded into the ntoskrnl.exe file. One method of having a custom boot screen is by adding a boot.ini switch. First create a 640 X 480 16 colour Bitmap through MSpaint. Open paint and goto to Image >> Attributes and set the Width and Height to 640 and 480 pixels respectively. Create an image and save the file as a 16 color bitmap by the name of Boot.bmp in the Windows directory. Second, open the boot.ini file and add a /bootlogo and /noguiboot to the Operating System name. Your final boot.ini file OS line should look something like this multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition Sfx" /fastdetect /bootlogo /noguiboot Save the boot.ini file and then restart using the Start Menu.
Page | 218
A Beginners Approach to Windows Change the welcome screen
Welcome Screen - Print Screen 11.1
Page | 219
A Beginners Approach to Windows
Welcome Screen - Print Screen 11.2
The welcome screen that you see at logon is a file found in the system32 folder called Logonui.exe. You can change the welcome screen to any other screen provided you have another logonui screen with you. There are several available on the internet. There are even Logon Screen creators like chameleonXP and LogonStudio. Just create one using these softwares or download the logonui.exe file and save it in some directory like C:\Windows. Then open the registry editor and navigate to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon. In the right hand pane scroll down to locate UIHost and change its value to the address of the logonui.exe file, typically C:\Windows\logonui.exe. Logoff to see the changes. You have to be logged on as an Administrator to effect the change.
Change the way users log on and off. If you don‘t like the welcome screen (???) and would prefer the Windows 2000 style of login then you can do the following. Open User Accounts through Control Panel and click on the Change the way users log on and off in the main page of user accounts. Remove the check in the Use the Welcome screen option and click on Apply Options. This will disable the Welcome screen and show a Windows 2000 kind of login. If you are a single user and auto login was enabled then that will be disabled and you will have to press Enter at the login box.
At the Welcome screen you can press Ctrl + Alt + Del twice to switch to the Windows 2000 style of login. If the logonui.exe file is corrupt you will be shown the Windows 2000 login box.
Page | 220
A Beginners Approach to Windows XI.2: Logon Logon in the context of this chapter is the phase from the Welcome Login screen to your computer‘s desktop. You can reduce the logon time by removing startup items and by preventing unwanted services from starting up.
Auto Logon If you are a single user or if everybody else use the same account and you wish to auto login every time you start Windows you can enable Auto Login. Go to Start >> Run >> control userpasswords2 which will open up the Advanced User Accounts dialog box on Windows XP. On Windows 2000 you can use the normal User Accounts found in Control Panel. Under the Users tab select the user you wish to Auto Logon as and remove the check against the option saying Users must enter a user name and …… Click on Apply and you will be presented with a dialog box which will ask you to enter the default User name and Password. Enter the required parameters and click on OK and OK again to close User Accounts. The next time you start your computer, you will be logged in with the default username and password.
User Accounts (Userpasswords2) - Print Screen 11.3
You can also type „rundll32 netplwiz.dll,UsersRunDll‟ in the run box to open up User Accounts. UsersRunDll is case sensitive and is a function in netplwiz.dll and the rundll32.exe application causes the dll to be run as an exe. Almost everything in Windows is done using either standalone programs or dll‟s.
Page | 221
A Beginners Approach to Windows Speed up Logon Whenever you install some program, it may so happen that the application may start at Windows startup. Sometimes it can get completely unnerving when your computer‘s memory is drenched only to start the computer. Whereas some programs are required immediately after startup, like Antivirus software or Network Monitoring tools, some are completely useless, like the Winamp tray program and the MSN messenger. These programs run in the background and eat up precious computer resources like CPU time and RAM space. Then there is the threat of viruses. Almost all viruses have the ability to copy themselves to system startup which can, as everybody knows, wreak havoc on your computer. On Windows XP and Windows 98 you can use the msconfig tool to remove startup objects. Just go to Start >> Run and type msconfig to start the System Configuration Utility. Click on the Startup tab to see all the startup programs. You can easily prevent a program from starting by removing the check next to it. Similar is the case with Services, but it is recommended to use the services management console snap-in to alter services settings. All the entries shown under the startup tab in msconfig are from the registry and the program files startup folder. You can also manually remove each entry physically from the registry by navigating to the keys described below. The drawback of msconfig is that it does not list any programs from the autoexec.bat file. The autoexec.bat file has the programs and set path configurations (for Windows 98), in Windows XP it is usually blank; but some programs can write their location into it so that they are executed at the next system startup. The Win.ini file is a special file in Windows 98 (Windows XP hardly refers to it) which has configurations for 16 bit program support. You can find it in your Windows directory. It usually contains information about mail configuration and mpeg extensions. Fonts and other program specific information may also be found here. Win.ini supports a method called [load] under which you can specify the full path of the executable that you want to run during logon. Windows 2000 provides the worst case scenario, it does not have msconfig. Hence it is necessary to know the locations where viruses or programs might put in their addresses. Just delete the values to prevent them from starting up. Registry HKCU HKCU HKCU HKCU
\ \ \ \
Software Software Software Software
\ \ \ \
Microsoft Microsoft Microsoft Microsoft
\ \ \ \
Windows Windows Windows Windows
\ \ \ \
CurrentVersion CurrentVersion CurrentVersion CurrentVersion
\ \ \ \
Run RunOnce RunServices RunServicesEx
HKLM HKLM HKLM HKLM
\ \ \ \
Software Software Software Software
\ \ \ \
Microsoft Microsoft Microsoft Microsoft
\ \ \ \
Windows Windows Windows Windows
\ \ \ \
CurrentVersion CurrentVersion CurrentVersion CurrentVersion
\ \ \ \
Run RunOnce RunServices RunServicesEx
Changes done to the Local Machine key of the Windows registry are global, which means that if there was a program that had its address in the HKLM key and if you removed it, then it won‘t start for all users on that particular computer. HKCU key is user specific and hence even if you have removed the reference to a program (say a virus) from your account‘s HKCU key, it may still be present in the HKCU key of the other user‘s on your machine; and if that is the case then the program may recopy its address into the HKLM key of the registry the moment the other user logs in, which will mess all the hardwork you had done.
Page | 222
A Beginners Approach to Windows There are some viruses that go a step further. They edit the Shell portion under Winlogon to run themselves as an argument to explorer. No way possible you can detect that!! HKLM \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ WinLogon The value of shell may look something like explorer.exe “C:\Windows\Skullstorm.exe” where skullstorm.exe is the virus. Check that too. Here the virus will run even in Safe Mode!!! Instead of clicking on Yes on the Dialog that is asked at the start of Safe Mode, press Ctrl + Alt + Del to bring up the Task Manager and run the registry editor and edit the value and delete the virus. Who said you need an antivirus? ;-) Open services.msc through Run and check if there are any unwanted services running; you can use the services table included in this book for your reference. The best option is to convert all services startup type to manual. Then restart your system normally. You will notice that the computer starts miserably slowly at this time. Once your computer starts completely, do some normal computing that you would do in everyday life, listen to music, play a game, open MSWord, Excel, Install & run programs, open My Documents, connect to the net, browse a few sites, download some files etc. This is to enable Windows to select which service is important for your daily computing. After you have finished with your routine, open Services.msc again and now see which services have started, turn them to Automatic and you can now be sure that Memory & Resource Management has been taken care of. Check the win.ini and autoexec.bat file for unwanted nuisance.
Change the Logon sound You must have definitely heard the Windows logon sound. Have you ever wanted to be greeted by the starting piano music of Marc Anthony‟s I dream at night instead of the boring rumbling of Windows? Here‘s how you do it. You will require additional help though. Check if you have got an mp3 to wav convertor. Winamp (any version) will do. Then you should have a sound editing tool. The best is Sound Forge. You can get a demo version of it on the Internet or search through the Digit or Chip Magazine CDs. And finally get a good song whose some part you will want as startup music. I am assuming you will be using Winamp and Sound Forge because they are the simplest and the best.
Page | 223
A Beginners Approach to Windows
Winamp Preferences - Print Screen 11.4
Create a folder in your D:\ drive by the name of sound or anything you want and copy the song into it. If the song is already in the .wav format, then skip this paragraph and jump to the editing in the next paragraph. Open the song in Winamp and play to check it. Then give a right click on the Winamp window to show the right click menu. Select Options >> Preferences to open the Winamp Preferences dialog box. Select Output from the left hand side pane to show all the output plug-ins for Winamp installed on your computer. You should have the Nullsoft Disk Writer plug-in [out_disk.dll] listed in the right hand pane. Select it and click on configure. In the directory listing box that appears Select the folder you created for the song (sound or something) and click on OK and then Close to close preferences. Now play the song; it will get converted into a wav file that has to be now edited using Sound Forge or something equivalent. Change the output plug-in of Winamp back to Nullsoft waveOut plug-in [out_wave.dll] to restore audio. File size of wav files is extremely large and hence you may find that your 4.2 MB of I dream at night.mp3 has become 46.3 MB of a wav file.
Page | 224
A Beginners Approach to Windows
Winamp mp3 to Wav Conversion - Print Screen 11.5
Open Sound Forge and open the created wav file through File >> Open. Sound Forge will build peaks and show you the song in a raw editable graphical format. Select the part you wish to make the Windows Logon file and goto Edit >> Trim/Crop. You can add fading effects to this file by going to Process >> Fade >> Out. Then save the file with a name that you will remember, something like Marc-Dream Logon.wav. Save it in a location you won‘t be messing around too much with. Close Sound Forge and delete the other temp peak files (*.sfk) and the converted wav and the copied mp3. Do not delete the newly created file. Open Control Panel and goto Sounds and Audio Devices. Under the Sounds tab of the Sounds and AudioDevices Properties dialog, search for the Start Windows program event. Select it and Browse for the newly created wav file. Select the file and click on OK. Click on the small Play button to hear the file playing. Click on OK to save changes and lo you have successfully achieved what you wanted. Logoff or restart properly to see the changes.
Change the shell Many of us find using the command prompt or cmd.exe more efficient when running simple tasks. You can cause Windows to start cmd.exe as the shell instead of explorer. This is as simple as changing an entry in the registry. Open the Windows registry editor and navigate to the following key: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon Page | 225
A Beginners Approach to Windows
In the right hand pane find a String value called Shell. Modify its value to the full path of cmd.exe i.e. %systemroot%\system32\cmd.exe and then logoff to see the changes. You can run the registry editor from the command prompt if you wish to undo any changes. To shutdown Windows use the Task Manager. This was child‘s play; but have you ever wanted to make explorer into yours completely. This includes, your own custom error messages, the Start Button renamed into any 5 character string, the right click menus in Hindi and lots more. You can do all of this but there is a trade off. You will be editing licensed and copyright software. You are requested not to distribute whatever you have edited. Only if you are using an OEM version of Windows, then only proceed, else skip this section. You could face legal prosecution if you are found guilty of violating the EULA. To read the EULA goto Start >> Run >> Eula.txt. This is purely for fun and I request users not to go overboard else you will end up with a messed shell (explorer). In any case I shall not be held responsible for any outcome, good or bad, out of the usage of this text…. That was for the legal part. To edit bitmaps and strings in explorer, you will have to use a Hex Editor or the best, use Resource Hacker. You can download it at http://rpi.net.au/~ajohnson/resourcehacker. Copy Explorer.exe from the %systemroot% folder into some other safe place as backup. Now open Resource Hacker and then open explorer.exe through File >> Open. Edit whatever you want and then save the file in system32 as explorer.exe itself. Then open the registry editor, navigate to the Winlogon Key under HKEY_LOCAL_MACHINE and change the value of shell to %systemroot%\system32\explorer.exe. End Explorer through Task Manager and start it again by going to New Task >> explorer. This causes Windows to load the file specified under the Winlogon key as its shell which is now your custom explorer.exe. I managed to pull this off.
Custom Right Click Context Menu on the Clock - Print Screen 11.6
Page | 226
A Beginners Approach to Windows
When using an antivirus, select the one that provides real time scanning of files so that you are always protected. Real time scanning keeps you protected by scanning files while copying them from external sources like CDs or floppy disks. And remember to update your Antivirus regularly to remain protected from new threats.
XI.3: Desktop & Wallpaper The desktop and wallpaper are unique for every user on a Windows system. You can customize your desktop and other related settings to give your computer a fresh and appealing look. The Quick Launch and the Taskbar especially can be tweaked to get the most out of them.
The Quick Launch The Quick Launch is the region next to the Start button that has icons for quickly accessing some programs and also has a Show Desktop shell file (*.scf) which minimizes all open windows and shows the desktop. If Quick Launch is not visible then you can enable it by right clicking on the Taskbar and selecting Toolbars >> Quick Launch. There are more toolbars available here including links, addresses and the Desktop. If you like to have an uncluttered desktop, you can enable this option and then hide all desktop icons. On Windows XP the desktop can be hidden by selecting the Arrange Icons by and then deselecting the option that says Show Desktop Icons. You can select New Toolbar from the right click menu of the taskbar and then select a folder to get the folder to the taskbar. This is practically useful if you have a folder deep nested in some drive (D:\..\..\..\..\ etc) and you access it frequently. Just create a toolbar and forget about going to My Computer to open it. Coming back to the Quick Launch, you can create many shortcuts to various objects in Windows. In Windows XP you can have shortcuts for Shutdown, logoff and Switch user as well. Here I will describe the procedure to create shortcuts for all three. For shutdown, you will be employing the fact that there is actually a shutdown.exe file in Windows XP that allows you to interactively shutdown your computer, restart or logoff. You can even shutdown remote computers with shutdown.exe. Its syntax is simple and we shall see only the shutdown and restart using this file. As we all know by now that the Quick Launch is actually a folder whose location is given by %homepath%\Application Data\Microsoft\Internet Explorer\Quick Launch which is different for every user. Open this folder and then right click and select New >> Shortcut. In the location of the item type the following as it is: Shutdown.exe -s -t 12 -c “This computer is about to shutdown!!” The –s tells shutdown.exe to shutdown the computer, the –t xx gives a timeout for the shutdown sequence, you can change that from zero to anything including 99999999999999 seconds to give 3199 days. The –c is for comments. Put any standard 127 character string under inverted commas for the comment. You can create more shortcuts in this folder for restart and logoff by changing the –s to –r and –l respectively. If in any case you wish to stop the shutdown or restart process when the timer is still going on, you have to use shutdown – a where the –a tells shutdown to abort the process. Create a shortcut to it and place it where you can immediately access it (when the need arises!!!). If you don‘t like the icon of the shutdown shortcut (the DOS kind of shortcut) then right click >> properties and select Change Icon and select an icon from the shell32.dll file. This command works only on Windows XP because the shutdown.exe file is found only on Windows XP. The funniest part is when you rename the newly created shortcut to something like ―GetLost‖ and move the shortcut to the Windows directory. Then you can go to Start>> Run and type getlost, and your computer will just do that!!! Page | 227
A Beginners Approach to Windows
System Shutdown - Print Screen 11.7
For Windows 98 create a shortcut having the following command: Rundll.exe user.exe,exitwindows to shutdown and Rundll.exe user.exe,exitwindowsexec to restart the computer. Another method of logoff is the plain logoff command that can be run from the run box or create a shortcut to it in Quick Launch. Logoff is found only on Windows XP To switch user, the command is slightly twisted but it is easy to understand. First create a shortcut in Quick Launch, or anywhere and in the location to the item just type the following: rundll32.exe user32.dll,LockWorkStation This command invokes a function in user32.dll called LockWorkStation which we normally define as the Switch user method. The dll user32.dll has many methods but the procedure of invoking them has to be done through rundll32.exe which is an application that runs dll files as though they were executables. A complete list of methods of user32.dll is beyond the scope of this text. But if you are still interested, then you can open notepad and open user32.dll through its File >> Open menu. You will see a lot of garbage characters, scroll down or search for the LockWorkStation text by using the notepad search. Along with it you will find many more methods which are continuously used by the Operating System. These functions called API (Application Programming Interface) functions and are used by almost all programmers to perform many OS functions like creating folders and Task Management. Do not do any changes to this file, else you will end up with a messed Operating System. Another thing that I mentioned above is the Show Desktop file that minimizes all open windows to show you the desktop. Well this is a normal text file but saved with a .scf extension.
Page | 228
A Beginners Approach to Windows
Windows always hides .lnk, .scf, .pif and some other extensions. You can see them only through a registry hack. .lnk files are program, file or folder shortcuts, .scf are explorer command files and .pif are MSDOS program shortcuts.
To create one of your own or to change the icon of an existing one, open notepad and then click and drag the Show Desktop file (from the Quick Launch) to the notepad window. You will see the following text: [Shell] Command=2 IconFile=explorer.exe,3 [Taskbar] Command=ToggleDesktop To change the icon of the file change the 3 to any other number between 0 and 17 for explorer or you can change the file itself by changing the explorer.exe to %systemroot%\system32\shell32.dll followed by a comma and the icon number. Icon numbers start from zero and end at the maximum that the file contains. All executables have their own icons. Do not leave any spaces between the exe name, comma and the icon number. Just copy this text into any blank text file and save it with a .scf extension to create your own Windows Explorer Command. Put it in any folder you want and double – click it to check the effects.
The Wallpaper and associated settings The wallpaper could be any valid image in any format supported by Windows. Everybody knows how to change the wallpaper from desktop properties. When you click on Browse to search for an image, right click in the folder and Change the view to thumbnail, which provides you a preview of the images. Select an image and click on OK. The thing is that if you have an image whose size is much smaller than your screen size, then you can either keep the image at the center or resize and resample the image so that it looks good when stretched. Smaller images look yuck when stretched. Never keep a .gif file as your wallpaper. They hog a lot of memory due to the animation in them (if there is). To know your current display mode goto Start >> Run >> dxdiag to open the Direct X Diagnostic tool. Under the display tab you will be able to see the screen resolution. Standard resolutions used worldwide are 800x600 and 1024x768 pixels. The greater it is the tinier the desktop appears. Sometimes it may so happen that your monitor may not be able to support the resolution that your computer graphics card can support, in those cases stick to the maximum that is supported by your monitor. (or buy a new monitor…) This is for those people who want to squeeze memory out of everything in Windows, do not keep a wallpaper, but instead have a black background. Keeping a wallpaper takes around 800 KB of more memory for the visual display and graphic calculation by the processor. But who cares, right? So get online and search some good wallpapers and enjoy. Some good websites that provide wallpapers are www.desktopwallpapers.com, www.shiftedreality.com, www.3dart.com, www.topwallpapers.com and www.digitalblasphemy.com. There is also a program called webshots that can be downloaded from www.webshots.com that allows you to download classic images and apply them to the background just by a keyboard shortcut, you don‘t have the hassle of opening Display Properties and browsing. This program is available for free download. You can try it out any time. If you don‘t want it and you also don‘t like browsing again and again for wallpapers, the alternate option that you can have is to copy all your favorite wallpapers to Page | 229
A Beginners Approach to Windows the My Pictures folder in My Documents and then access them directly in the Display Properties dialog. Windows XP provides an ultimate solution to all this mess by giving the Windows Picture and Fax Viewer and if you have View as Thumbnails or Filmstrip then you can just right click on the image and select it as the desktop background image. To end the discussion on wallpapers: when you select an image as a wallpaper, no matter what the extension is, Windows copies the image and converts it to a bitmap (*.bmp) file and saves it with the name of Wallpaper1.bmp in the %homepath%\Local Settings\Application Data\Microsoft. So indirectly you can change the wallpaper of the other users without logging into their account!!! Always refresh the screen when you are going to copy something on the desktop. This sometimes aids copying of files and helps the job to get over faster. If you have the Windows Classic desktop, you can hide the My Computer, Internet Explorer, Recycle Bin and the My Network Places icons by selecting Customize desktop from the Display tab of Display Properties. You can even change their icons. The new icon can be selected from exe, dll or other library files (*.ocx *.tlb etc.). This new icon path is updated in the CLSID value of the component in the registry.
XI.4: Explorer The Windows shell can be modified in N number of ways by still being inside the legal limit. Most of the tricks involve the registry, which have already been covered. There are many others that involve the registry only to some extent and some that hardly require it. There have to be some general considerations that have to be followed when working with Windows. Intelligent memory and program management will help in your PC surviving a longer duration of time. Some simple steps can be followed to make your PC the best in the neighborhood.
Memory Management Some people talk of Windows being a slow Operating System and you can hardly play games on it. Memory is something which is inside you can‘t help it nor can the OS. Every OS takes some memory for its running. Windows XP was released with the idea in the head that there will be at least 128 MB of RAM on the computer. Now if you have 128 MB of RAM and still your computer is slow, that means that there is something else that is eating the computer‘s precious RAM. If you have followed the tips of the previous sections and eliminated the startup items then you have won half the battle. Open Task Manager and under the Processes tab, right click explorer.exe and select End Process Tree and after explorer closes down goto File >> New Task and type Explorer for the shell to return and now see the difference. If you still want to make you Windows XP system faster, then right click on My Computer and select properties to open System Properties. Under the Advanced tab, select Performance settings. Select the Adjust for best performance option under the Visual Effects tab to remove th all the check marks on the several listed below. Now scroll down and select the 11 option th saying to smooth edges of screen fonts, the 14 option saying to use common tasks in th folders and finally the 15 option telling Windows to use drop shadows for icon labels on the desktop. Goto the Advanced tab and select the Processor Scheduling and Memory Usage to be adjusted for best performance of programs (if your computer is a desktop. If you intend using it as server then Background Services and System Cache makes a notable change in the server performance). Page | 230
A Beginners Approach to Windows
Virtual Memory Settings - Print Screen 11.8
Finally the most important of all, Click on the change button for Virtual Memory. In the Virtual Memory dialog box that opens all the drives of your computer will be listed. If your computer has just a single drive, it is bound to have a paging file. Select each drive and select the option to System managed size and click on Set. Do this for each drive and then click on OK. If you are prompted to restart, please do so. Another small adjustment that you have to do is, give the Start Button a right click and select Properties >> Classic Start menu to complete the new Windows look. Your Windows XP will have become Windows 2000 by the looks but by the speed, you will love it anyways.
General Discussions Windows has lots to be squeezed out. Here are some of the best tricks and tips that Administrators usually employ to customize explorer the way they want it.
Have you ever wanted to change the PM and AM of the system clock to something more
whacky? Here‘s how you do it: Open Control Panel >> open Regional and Language Options. Under the Regional Options tab, click on Customize. Under the Customize Regional Options dialog goto the Time tab and change the AM and PM symbol to any string that you want (like Morning and Night). Click on OK all the way back to save changes. The changes are usually immediate. If not then logoff and re-login to see the changes.
If you intend formatting your computer to do a fresh install of Windows then there are some very important things to be kept in mind. Your My Documents folder has to be moved to a drive other than the OS. If you cannot copy the folder entirely Windows has an inbuilt Page | 231
A Beginners Approach to Windows option. First create a folder in any other drive and name it something like Backup and then right click on the My Documents folder icon on the desktop and select properties. In the first tab itself the target path of the current folder is given. Just click on Move and Browse to the new folder you just created. Click on OK and when asked as to whether you wish to move all your documents to this new folder, select Yes and you are done. Just wait till all the files are copied, then you can move ahead with your formatting. Sometimes it also happens that some programs allow you to save their documents and these are saved in the program installation folder itself which is usually on the same drive as your OS. Just search through the folders to find anything worth a backup. If you have edited any system files or created new folders like the Turbo C Compiler then copy them too. If you have edited explorer to rename the Start button or something then copy the file to the backup folder.
If while installing some software, the setup is taking an unusually long time to complete or if the setup exits erratically with or without any errors, check the Temporary folder. First restart your computer and then delete the contents of the Local Settings Temporary and the Internet Temporary Files. To delete the Temporary files, goto Start >> Run and type %temp% which will open up the Temp folder, delete all its contents and then close it. Empty the Recycle Bin and then Open Internet Options from the Control Panel and delete the Cookies and files by selecting appropriate options under the General tab itself. For temporary internet files, delete all your offline content too if you wish to. Then clear Internet History and then again restart after all this.
Many Viruses have long and interesting names, not for pleasure but with a motive. Windows hides file extensions and hidden files are not displayed by default. This can act as a serious threat. A very famous example is the picture virus with Picture_of_the_world’s_most_wanted_person.exe as its filename. This exe has the icon of an image (*.jpeg) and since Windows hides file extensions of known file types, the exe will not be seen and guys like me will definitely want to see who is the world‘s most wanted person. There are viruses which have icons of MSWord files which copy themselves to floppy drives and other removable media when executed. These viruses copy themselves into the system folder and add their addresses to the registry so that they run at startup. Even at times viruses like the Passma.C Worm or commonly known as ServiceMgr of Windows infect an exe and when the exe is called a hidden infected copy of the exe is run while more files are infected on the hard disk. If you have hidden files enabled then you may miss this and other similar threats. More examples of this type would be the Folder.htt and the desktop.ini pair which goes on replicating in every folder. Precautions would be to disable hidden files and hiding of file extensions. Open folder options through Start >> Run >> Control folders. Under the General tab select the Doubleclick to open an item (single-click to select) option. Under the View tab select show hidden files and folders and remove the check against the hide extensions for known file types. Click on OK to save and exit. In case you do not find Folder Options under Tools, then chances are you are infected. Reenable Folder Options through the registry (Policies\Explorer) and then unhide hidden files. If the Registry Editor itself is disabled, use the reg command to re enable the registry and then clean your system (See the Chapter on the Windows Registry for the reg command usage).
Page | 232
A Beginners Approach to Windows To make Windows friendlier, you can give icons to individual folders according to the data they contain. This can be achieved in two ways. By creating a Desktop.ini file or by manually selecting customize from the properties of the folder. Under the Customize tab click on Change Icon and select one from the shell32.dll file. Whenever any folder is given an icon a desktop.ini file is created. This file is Superhidden and therefore you will have to enable the visibility of system files through folder options. Another method of opening the dektop.ini file would be to give it in the full path of the folder. Goto Start >> Run and type the full path to your folder followed by a \desktop.ini string. For example if your folder is D:\Games\Activision\Spiderman2 then the Run command should be D:\Games\Activision\Spiderman2\desktop.ini. A normal desktop.ini file will look like this (for general folders) [.ShellClassInfo] IconFile=%SystemRoot%\system32\SHELL32.dll IconIndex=221 You can change the icon index to any integer that is valid for the number of icons in the file. For shell32.dll it is 237. You can even add your own personalized tool tip message to the folder. Just add a line called Infotip in the desktop.ini file followed by the string that you wish to display. Suppose you have a folder full of songs then you can display a tool tip with the message that this folder contains songs. The final desktop.ini file should look something like this. [.ShellClassInfo] IconFile=%SystemRoot%\system32\SHELL32.dll IconIndex=221 InfoTip=”Best of Marc Anthony.” Save the file whenever possible. If the file is read only then remove the read only tag from the properties option of the file.
Whenever you write a CD you can program your own personalized menu using batch files or any other language for that matter and then make the CD auto running so that the menu pops up just like game companies and Microsoft does it. Its one of the easiest jobs in everyday computing. First select an exe or a batch file to be run when you insert the CD. If you have some other file of some other extension that has to run (like an html webpage, then you can write the batch code for it and make the batch file run). A drive or a CD will auto run if there is a file called autorun.inf in the root of it. Root of it means that when you open the drive the autorun.inf file should be the outermost file, it shouldn‘t be inside any other folder. This is a normal text file saved with a .inf extension. The normal syntax of the autorun.inf file is [autorun] OPEN=program_name.exe ICON=icon_path Keep the executable also alongside the autorun.inf file. If in any case the exe happens to be inside any folder then replace the program_name.exe by \folder_name\folder_name\program_name.exe. So now you know how the menu of MSOffice & Counter Strike pops up when you insert the CD into the drive. To prevent a CD from auto running just keep the shift button pressed when inserting a CD into the drive.
Page | 233
A Beginners Approach to Windows WindowsXP has a new feature called Prefetch. This is a folder that keeps shortcuts to recently used programs. The folder is found in the Windows folder. This is useful and obiviously a faster method of program location & execution, however as time goes it can fill up with old and obsolete programs addresses. To clean this periodically go to: Start >> Run >> Prefetch. Press Ctrl-A to select all the shorcuts and delete them. This is only to free up some disk space. Emptying the prefetch folder can cause the system to boot more slowly although the difference in times isin‘t significant.
You all must be familiar with the Blue Screen of Death on Windows 98. Well at times of disaster too, you can opt for some fun by having the screen customized to suit your eyes. You can change the normal colors of the background and text when you get a Blue Screen of Death. Open the SYSTEM.INI file in the Windows directory. In the [386Enh] add the entries: MessageTextColor=X MessageBackColor=X Where X is replace by the number for each of the following colors: Black = 0 Blue = 1 Green = 2 Cyan = 3 Red = 4 Magenta = 5 Yellow/Brown = 6 White = 7 Gray = 8 Bright Blue = 9 Bright Green = A Bright Cyan = B Bright Red = C Bright Magenta = D Bright Yellow = E Bright White = F
Never delete programs from the Program Files folder. Always uninstall them using the Windows Add/Remove Programs or the uninstaller supplied with it. When you install a program, along with the main executable other dlls and helper files or program child files are also copied to the hard disk. If the program requires system interaction most of the time then the chances are that the excess files are installed in the system32 folder. Now nobody can sift through the 1000 odd files in system32 folder to find the helper files of the program. That is why, even if you delete the program, space is wasted because of those unknown files. Needless to say there are the registry keys that are created during installation. Even these keys remain in the registry as null and useless data, resulting in increased size of the registry. In any case if you have deleted a program from the Program Files folder and you can still see it in Add/Remove Programs then open the registry and navigate to the following key and inspect and delete the key that shows a string in the right pane as DisplayName whose value is the program that you deleted.:
Page | 234
A Beginners Approach to Windows HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall Refresh the registry and the Add/Remove programs Control Panel applet to see the changes.
Do not delete any unnecessary keys here. This is a very crucial part of the registry. Any erratically deleted key could cause errors during future reinstall of the software.
Windows has many components that you hardly will be using. An example could be the irritating MSN messenger that starts up and sits in the background eating memory. There is a method of removing unwanted Windows components. Here‘s how. Open the C:\Windows\inf folder which is hidden and read-only. Goto Start >> Run >> inf, you will be directly taken to the inf folder. In this folder search for the sysoc.inf file. Open the file and in the Components section, simply remove the word hide. This will leave two commas together (like on the rest of the items). Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed. [Components] NtComponents=ntoc.dll,NtOcSetupProc,,4 WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7 Display=desk.cpl,DisplayOcSetupProc,,7 Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7 NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7 iis=iis.dll,OcEntry,iis.inf,,7 com=comsetup.dll,OcEntry,comnt5.inf,hide,7 dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7 IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7 TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2 msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6 ims=imsinsnt.dll,OcEntry,ims.inf,,7 fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7 AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7 msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 WMAccess=ocgen.dll,OcEntry,wmaccess.inf,,7 RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7 IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7 OEAccess=ocgen.dll,OcEntry,oeaccess.inf,,7 WMPOCM=ocgen.dll,OcEntry,wmpocm.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7 AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7 CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7 MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7 AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7 Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7 MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7 ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
If you think that some virus or some malware has corrupted your Windows files then there is an inbuilt tool that gives you the option of replacing modified (possibly infected!!) files with the original ones from the Windows CD. You can run the System File Checker to verify protected system files. Page | 235
A Beginners Approach to Windows
Command line switches are: sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x] /scannow - Scans all protected system files immediately. /scanonce - Scans all protected system files once. /scanboot - Scans all protected system files every time the computer is restarted. /revert - Returns the scan to its default operation. /purgecache - Purges the Windows File Protection file cache and scans all protected system files immediately. /cachesize=x - Sets the size, in MB, of the Windows File Protection file cache. Run sfc/scannow and insert the Windows CD when prompted for. There is yet another tool that checks for the digital signature on files. To help maintain the integrity of our systems, critical files have been digitally signed so that any changes to these files can be quickly detected. Use sigverif to scan all digitally signed files for incoherencies.
You must have noticed the name of your OEM (like HCL) etc. when you open System Properties. How about changing that to your name? They Information displayed here is stored in a file called Oeminfo.ini, found in the System32 folder in XP and System folder on Windows 98. If non existent create the OEMINFO.INI file in the System32 folder and enter or edit the lines: [General] Manufacturer= Model=<Some Supercomputer> [Support Information] Line1="Add whatever you want here" Line2="with the continuation of the text on the next line" Line3="keep the double quotes though." Open System Properties dialog box, you'll see a Support Information button. Click on this and the information you entered will be displayed. You can add more lines if you want to. To add or change the bitmap image, edit or create an image with 210x105 pixels (maximum) or smaller through Paint or your favorite image editing tool. Save the file as OEMLOGO.BMP in Windows\System32 folder. For the Image to be displayed the OemInfo.ini file should be present.
Directory navigation is quite simple when you put in a ―\‖ at the end of a folder. But navigating out? This is how you would do it with a backslash. Go to Run and type ―C:\Windows\System32\‖ and press Enter. You will find you are in the System32 folder (Duh..?) as expected. Now go back to Run and type ―C:\Windows\System32\..\..\‖. C drive will open up. The ―..\‖ tells explorer to navigate out of the current folder. Hence two ―..\‖ will get you back to C drive. Therefore ―..\‖ means the previous directory. Now try the C:\Windows\System32\.\.\ with a single dot instead of two. A ―.\‖ means the current directory, so C:\Windows\System32\.\.\ opens System32. You can infact navigate out of your current folder and navigate into some other folder on the same drive. For example; open C:\Windows\System32\oobe, now in the address bar type (don‘t press enter) ―..\..\Fonts‖, so that the final address in the Address bar looks like this: ―C:\Windows\System32\oobe\..\..\Fonts‖ Now press enter, you will be taken out into C:\Windows and then back into the Fonts folder. Pretty cool eh?
Page | 236
A Beginners Approach to Windows If your computer is on a Local Area Network you can chat with another user on the network in real time. There are two methods of doing this. One is the commonly known winchat method and the other the less common dxdiag method. To do a normal chat, go to Start >> Run >> winchat. This will open up the windows chat program. Click on Conversation >> Dial and then select a computer from the network either by browsing through the dialog or by typing its name in the box provided. The other method is by using the DirectX Diagnostic tool. This is slightly tricky so follow the instructions carefully. We shall be using the Direct X diagnostic tool to connect to another computer solely for the purpose of chatting. Go to Start >> Run >> dxdiag to start the Direct X Diagnostic tool. Wait till it checks for necessary signatures etc and then click on the network tab. In the Registered DirectPlay Service Providers select Internet TCP/IP Connection For DirectPlay. Then click on Test DirectPlay. In the DirectPlay Test dialog box, type in a username (anything) and select the TCP/IP service provider, select Create New session and click on OK. On the other computer from which you want to receive messages repeat the above but at the end where you selected Create New session, select join Existing session (leaving everything else exactly the same). You will be presented with another dialog in which the creator of the session will be listed. Select the session and click on Join and start chatting….. This can be done with any of the service providers, provided that they exist on both the computers and both the users on both the different machines have to create or join sessions from the same service providers. To simply send a one way message to any computer on the network use the net send command through cmd. The syntax is as follows: Net send [computername] “message” The computer should be on the same domain and in the same workgroup for this command to work properly. Else some modification in the command should be done. See Net Send ? for more details and the full syntax.
XI.5: File & Folder Protecting Techniques Every body has some or the other data on their computers which they wouldn‘t want anybody else to find. You wouldn‘t like if your younger brother or somebody comes and peeks into your mail or your personal photographs. Data protection and file & folder security is a must if you wish to have privacy.
Convert all your computer‟s hard disk partitions to NTFS for maximum security. Use the convert command of cmd.exe to change drive file systems without data loss. If you prefer using third party software, use Partition Magic 7.0. It‟s the best.
I have included six methods of folder hiding and protecting using Windows itself, here. Using the attrib command, using cacls, using CLSID values from the registry, using the copy command to byte stuff data into images, using Windows Encryption and using Alternate Data Streams. The attrib command is explained below.
The attrib command basically modifies attributes of files or folders. Attributes include read only, hidden, system and archive. These characters describe a file physically to the computer and Windows changes its access mechanisms based on these attributes. To understand this method, first create a folder in your computer‘s D: drive called Secret or something like that. Then open cmd.exe and run the attrib –s –h –r D:\Secret. This command will reset all the attributes of the folder. Here –s stands for system, -h for hidden and –r for read-only. The fact that we trying to employ is that when you hide folder in Windows it is just hidden but when you try to hide system file
Page | 237
A Beginners Approach to Windows or folder, Windows superhides it. Superhidden files or folders cannot be seen even if show hidden files are enabled from the Folder Options dialog. To see Superhidden files remove the check against the Hide protected operating system files option. Press Yes on the warning and now you can see your folder. Superhidden files and folders cannot be seen even if show hidden files are enabled. To super hide D:\Secret, open cmd.exe and at the command prompt type attrib +s +h +r D:\ secret. The +s, +h and +r will set all attributes. To access the folders just reset the s and h attributes from cmd .exe by attrib -s -h -r D:\ secret. If you find resetting and setting of attributes tiresome, then you can open My Computer and type the path (D:\Secret in this case) in the address bar to be taken straight into the folder. It is advised not to use the Run box since the Run history will show the folder path and the whole motive of secrecy is lost. This is not a powerful method but I still use it in some cases especially on FAT32 drives.
The Access Lists (ACLs) modifier or cacls.exe can be used to prevent access to a file or folder for specific users or everybody. Cacls.exe is a console based implementation of the Windows User Permissions module. You can right click on most NTFS folders and access the security TAB to do it using the GUI mode through the Properties option of the right click context menu. The cacls command works only on NTFS drives. The following example will show you the power of the cacls command. Create a sub folder inside D:\Secret called Data or something and store your data inside this new folder instead of storing it in D:\Secret. This is very very important. The reason I'll come to later. To protect the D:\Secret folder, open cmd and type the following D:\>cacls D:\Secret /D everyone Where the /D will disable the folder to all types of access for everyone. The ‗everyone‘ can be replaced by a specific user. Now try accessing the folder. You will get an ‗Access is denied‘ error.
To see the names of all the users on your computer, open cmd.exe and type net user.
To make the folder accessible, type the following at the prompt: D:\>cacls D:\Secret /G everyone:F where the /G tells cacls to grant access to the specified user (everyone here) and the :F tells cacls to give full access to the folder. Other access rights are R (Read only) W (Write and Read) and C (Change). Instead of using the cacls command again to gain access to the folder, you can simply type in the full path of the new folder you created inside Secret (Data in this case) in any explorer window, and you will be taken directly into the folder where your data is stored. Again do not use the Run command box for security reasons. But always have a backup of the data elsewhere because ACLs for a folder may differ on different versions of Windows. If in case you get access denied errors while granting access, then use the /C switch with the /G to continue processing on errors. D:\>cacls D:\Secret /C /G everyone:F It is a known problem that reverse cacls may not work if the user who created the folder is deleted or if the folder is being accessed through another installation of Windows. Which means that grant access may not always work, that is the reason why I said to create another folder called Data or anything so that in case grant access doesn‘t work, you should be able to atleast navigate straight into the Data folder from the Address Bar of Explorer and get your data out. The cacls command is worth a shot but has the major disadvantage that anybody with physical access to the folder can easily use cacls and access the folder or file. In that case, a small trick that Page | 238
A Beginners Approach to Windows can help you is that use the cacls command in combination with attrib. People won‘t even know that the folder exists until somebody is smart enough to use Folder Options. You cannot modify anything of a folder after locking it out with cacls therefore use the attrib +s +h +r D:\Secret command first and then cacls D:\Secret /D everyone. You could also use the registry to disable Folder Options to prevent other users from using the View Tab to show Superhidden files. If you have an entire drive full of sensitive data, then you can use the registry to lock out the entire drive to other users. See the registry chapter for more details.
If you have read the chapter on the Windows Registry, this next method should be a piece of cake. But first, let us try to understand the logic. Renaming of files and folders if carried out in some ways can act as protective measures. Windows recognizes files in two ways, through its file extension and/or by the file header. For example if you have a .wav file called ―Tere Bin.wav‖ then the extension tells Windows that the file is a Wave file which is basically an audio file and if file associations has wav files associated with Windows Media Player then the icon will be the familiar Windows Media Icon. When you double click on this file, it will by default open with Windows Media Player. This happens because the extension .wav is registered in the Windows registry with a unique hexadecimal number called CLSID (Class Identifier) that it should open with Media Player. Now, if you rename the file from ―Tere Bin.wav‖ to ―Tere Bin.txt‖ and if you double click on the file, it will open with notepad because of the extension, but if you drag and drop this text file into Windows Media Player, it will still play. This is because of the header. The header in case of wav files is the first 44 bytes of the file which has got information on what type of file it is etc. Windows Media Player will of course check for the extension, finding it non compatible (.txt) it will then check for the header, if it‘s a valid media file then it plays it, else a format not supported error is displayed. Now we know extensions are decided by the CLSID values in the registry. So if we rename a file or folder with a CLSID value of some other file or may be even the special folders, preceded by a dot, then logically Windows will attempt to execute the function associated with that CLSID. Got that? Alright…. enough of logic, here is an example. Create a folder called Test in D Drive or anywhere. Put some data into it, some mp3 files, some 5 or 6 wallpapers and maybe 2 PDF files. Open the registry editor (regedit.exe), then open the HKEY_CLASSES_ROOT hive because this key stores all CLSID values. Press F3 to open the find box. Type ―My Computer‖ and press Enter to search the CLSID for My Computer. You should reach HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} Right Click on the key and select rename and then right click again and copy {20D04FE0-3AEA1069-A2D8-08002B30309D} because this huge number is the CLSID value for My Computer. Close regedit and go back to your Test folder and rename it to Test., just use Ctrl+V to paste the CLSID, remember to put a dot between the name of the folder (whatever) and the CLSID. Once you press enter, and if you have done everything properly then, the folder Icon should turn to that of My Computer, not only the Icon, try double clicking the Folder, you will be surprised. Don‘t worry your data is safe. To get your data back, just rename it back to Test using command prompt, because normally explorer won‘t show you the CLSID value. Press TAB to complete the file name in cmd. To do it faster, create two batch files, one to lock (make My Computer) and the second one to unlock (make normal). Assuming the folder to protect is in D Drive named Secret, here is the batch file to lock. Run it from the same folder as the Secret folder. @echo off rename Secret Secret.{20D04FE0-3AEA-1069-A2D8-08002B30309D} exit To unlock use this batch file.
Page | 239
A Beginners Approach to Windows @echo off rename Secret.{20D04FE0-3AEA-1069-A2D8-08002B30309D} Secret exit Try out the other CLSIDS also out of the many that are available. There is a slight problem with the above method. The CLSID part of the file name will be visible in some cases. On some systems the whole folder name is displayed. Suppose you have named your Secret folder with the Recycle Bin CLSID {645FF040-5081-101B-9F08-00AA002F954E} then the whole folder name could be visible (See Print Screen)
Visible CLSID Extension – Print Screen 11.9
In such cases a user will be able to just rename the folder to anything of his choice, removing the CLSID and returning the folder to its normal form. If the extension is not visible then even if you rename the folder in explorer, it does not revert to a normal folder but remains as a Recycle Bin. To prevent this from happening, you can influence the folder‘s behavior using a desktop.ini file. Create a folder to hide your data. Open notepad and copy the following two lines as they are. [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} Save the file as a .ini file by selecting Save As type as All files and File name as desktop.ini. Save the file in the folder. Now comes the interesting part. Logically the folder should have got converted to another Recycle Bin, but it does not. What is missing is the folder not being recognized by Windows as a System folder. When you rename a folder using a CLSID value of a System Folder (My Computer, Recycle Bin, My network Places etc..), Windows automatically assumes them to be System folder‘s even though their S attribute is not set. Now to complete the trick, use cmd to set S attribute of the folder using the command attrib +s Your folder should now have become another Recycle Bin without the CLSID extension in the filename. To retrieve your data, use cmd to remove the S attribute using the command attrib –s .
The next method is what I prefer to use when I am sending important, data to my friends via a floppy or e-mail. This method just byte stuffs the data to another file mentioned in the copy
Page | 240
A Beginners Approach to Windows command and creates another file with both the original files merged. This method allows you to copy text or other documents into another file. You could very well hide an MSWord document inside a video file and play the video without any problem with your data safely hidden inside the video file. The only problem will be retrieving your MSWord file. Hence it is advised to restrict this method to only text (notepad) files and jpeg images. Create a folder in C drive called Test (or anything). Copy a jpeg into it and then create a notepad file and use 3 or 4 Carriage Returns before you write some data into it. This will make it easier to read the data from the image. Then open cmd.exe and go to C:\Test. Then use the copy command in this format: C:\>copy /b [image name] + [Text file] [destination image] So if the name of our image was C:\Test\Earth.jpg and the text file was C:\Test\Secret.txt then the command would look something like this: C:\Test>copy /b Earth.jpg+Secret.txt New.jpg This command will byte stuff the text file into the Image file and create a new image file called New.jpg which you can mail or send via a floppy. If you want to retrieve the text, just drag and drop the image in notepad and scroll right to the bottom, if you created the text file with carriage returns then the text should be plainly visible. But who would think hiding text into images was possible. (Hmmm..?) And this isn‘t even steganography…
As we saw in the last chapter Windows on NTFS drives provides encryption at the file and folder level. You can easily keep your data safe from other users on the same machine. Let us take a quick example here. Re-consider your D:\Secret folder. Go to its properties, then click on Advanced in the General tab itself. Then select the Encrypt Contents to secure data option. When you click on Apply or OK, you will be presented with a Confirm Attribute Changes dialog, select the second option of applying encryption to folders, subfolders and files. This is a good administrative practice since any folders or files added inside this directory will be encrypted. To decrypt the file or folder, follow the same procedure and remove the check mark against the Encrypt Contents to secure data option. Do not let any other user change your password, you will not be able to access your data if encrypted.
The last method is a helpless extension of a very little known feature of NTFS called ADS or Alternate Data Streams. To actually use it to hide data, we will have to understand what ADS is. It included several new features: quotas, sparse file support, reparse points, distributed link tracking and the Encrypting File System (EFS). ADS or Alternate Data Stream is any data attached to another file but not within the file itself. Windows implements many of its little known functions like additional file information and tagging files as encrypted using ADS. When a file is created as an Alternate Data Stream, it is always created linked to another file or even a folder. The ADS is present on the disk but isn‘t included in the file size calculating algorithm. And to top it all, a file or folder can have any number of ADS of any sizes that is only limited by the available free space. One of the most common uses of ADS is to store additional file information like the Author‘s name, Word count, Pages and other document data of a word file. You can view and edit this information by right clicking a word document >> properties and clicking on the summary tab. In fact any file will have a summary tab on an NTFS drive so that you can indirectly edit the ADS of that particular file. A file without any custom information added, contains a single data stream called $DATA which is the data inside the file itself and is not an alternate data stream. Any other streams attached to it will have the format filename.extension:ADSname:$data. When you open a normal file the default $DATA is read which is the data in the file itself. A normal file will be of the format filename.extension::$Data (Note there is no ADS). Imagine you had a text file full of passwords and you had attached (We shall see how) it to explorer.exe, then to access the contents of passwords.txt file you would have to use explorer.exe:passwords.txt:$Data. You can even have
Page | 241
A Beginners Approach to Windows ADS for a folder!! In fact any folder on a NTFS system. You could then store your passwords.txt file attached to C:\Windows!! You can attach any number of files to any single file or folder. That means you could attach a 600 MB ―Chak De.mpg‖ to a 4 MB ―Summer of 69.mp3‖ without increasing the size of your mp3 by a single byte!! Windows does not show the attached file in explorer or by any normal means. The whole 600 MB can be stored on to the hard disk (without anybody knowing) and retrieved later. Since ADS is not stored inside the parent file, the size of the mp3 remains the same!! That kinda sounds far fetched right? Alright let‘s have a small demonstration. I will show you how you can attach a text file to another file. Let‘s use explorer.exe and passwords.txt
Open Notepad and type the following: Orkut=atikin Rediff=Riyaz Yahoo=whatever These are web services and their respective passwords. You could type in anything you want. Then save the file as passwords.txt in C: drive.
Then go to Start >> Run >> cmd to open the command prompt. cd.. your way to C:\> then type the following: C:\>type passwords.txt > C:\Windows\explorer.exe:passwords.txt Delete the original passwords.txt file from C: drive. The above command is self explanatory but for all those who didn‘t grasp its entirety, here‘s how it works. The type command is a cmd internal command to display the contents of a file, so type [filename] will display the contents of the text file. The >, also called as the output redirection operator is used to redirect output from one command to another command or file. C:\Windows\explorer.exe:passwords.txt is the ADS to explorer.exe called Passwords.txt. Now your file is safe and since you have attached it to explorer.exe (highly unlikely to be deleted) you can sleep well. To retrieve the text file or the data inside, you can again use the command prompt or notepad.
Using command prompt: C:\>more < C:\Windows\Explorer.exe:Passwords.txt More is used to display output one screen at a time. Conveniently type does not work to display file contents here. The <, also (you must have already guessed it) called the input redirection operator takes the file contents from the file and gives it to more so it is displayed a (screen) page at a time. To dump it back to a text file use echo | more < C:\Windows\Explorer.exe:Passwords.txt > Passwords.txt This is slightly complicated. Echo is used to display whatever is given to it as an argument. Echo Hello will display Hello. The pipe (|) is used to pass the output of the more command to echo and the > is used to dump whatever got echoed to the text file Passwords.txt. Ok? Here is a simpler method.
Using notepad: Go to Start >> Run and type the following. Notepad C:\Windows\Explorer.exe:Passwords.txt Notepad should open up displaying the contents of the file. You can then use File >> Save As to save it anywhere you want.
Page | 242
A Beginners Approach to Windows
These are just two of the methods to read and write of the many that you can have. Just manipulate your cmd commands and think… Since ADS is any data attached to another file, it will be deleted only if you delete the parent file (or use a third part tool to delete… Sysinternals (now under Microsoft) provides a tool called streams). I wrote a tool some time ago that would allow users to create, delete, modify and extract alternate data streams using Visual Basic 6.0, although not available for download, here‘s a screenshot of the application:
NTStream: An application to work with NTFS ADS – Print Screen 11.10
Always remember the name of the data stream and the parent file to which you attached it. Creating data streams could take up valuable hard disk space (if you are planning to hide movies [;)]). You can use ADS to hide any type of data, even executable code. Although that‘s not good administrative practice, it can be done. Viruses and worms like Email-Worm.Win32.Dumaru.a and Win2K.Stream use ADS to spread. Use ADS efficiently and non-maliciously, use it to your advantage.
Page | 243
A Beginners Approach to Windows
XI.6: Eggs & Bugs Eggs are defined as deliberate programming errors or small animation or unexpected stuff left deliberately inside a program by the creator just for the sake of some fun. Many program eggs are simple animation or list of programmers or calendar or names of countries and things like that. Many of these eggs are activated by a special key combination or a mouse click at a very precise location in the program interface. Most of these are found in screensavers and the games that come shipped with Windows. Other Applications like Microsoft Word & Excel also have their share but their discussion is beyond the context of this text.
In Freecell (I don‘t know who else plays this except me….) press Ctrl + Shift + F10 during game play (when the cards are lined out), you will be presented with a Abort Retry Ignore box. Press Abort and move a card on the screen to win the entire game.
For all the solitaire lovers this ones a gem. Press Alt + Shift + 2 from the keyboard to force an easy win anytime during the game. Press any key to come out of the animation and when asked to deal again select No. You will be then left with a blank green screen. Press Alt + Shift + 2 again and check out the cards come out of the screen.
In Solitaire again, draw from the deck at least twice. Hold control and drag a card down from the deck. Press the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!! The cards will look weird while dragging though…
Pinball has got several cheats that allow you to easily surpass any previously recorded highest scores. At the first screen before launching the ball type the following to activate the respective function: 1max : Gets you extra balls at the start of a new ball. gmax : Activates the gravity well. rmax : Go up in ranks. bmax : No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. hidden test : You can move the ball around with the mouse. Left Click and keep mouse button pressed to move around. No notification is given that this mode is activated. Bugs are always found in some program or the other. No program can ever be made bug free. Best example that I can think of is a calculator. When you are programming a calculator, the user will enter numbers through a text box and click on the function (add, subtract, divide, multiply etc.). Now what may happen is that, you cannot be certain that the end user is actually going to type a number in the text box. A text box is meant to take in strings, you will internally (in the code) have to make sure that the character entered can be converted to an integer. So you won‘t be able to enter your name in the text box because that will give an error. You can also program the calculator in such a way that it will cause execution to jump to another function that checks if entered character can be converted to a number, if it can, proceed ahead else display a message or clear the text field. This function that handles the error is called an error routine. More prominent bugs are the divide by zero errors and factorials, but these can be checked with the help of error routines. Programming bugs in Windows are exploited by hackers to run applications on remote machines. This is both difficult to perform and extremely dangerous. Hence the need to keep your system patched. Read the Appendix for details and an overview on Security.
Page | 244
A Beginners Approach to Windows Windows has files to simulate the existence of some devices in its architechture. These virtual devices include the nul device, the comN (N = 1,2,3…9) ports, the two pipes, aux, con (console), lptN (N = 1,2,3) and the prn device for printer. You cannot by normal means create a folder or file in Windows with any of these names. (There‘s a challenge waiting here…) The folder will simply not recognize the name and revert back to New Folder. In Windows XP, if you go to Start >> Run and type C:\nul, Windows pops up a box to ask you which application to use to open this type of file. If you select notepad, you get an ―Incorrect function‖.
Do not try executing a location through a Start >> Run C:\nul\nul or C:\con\con or for that matter any combination of these or other virtual devices on Windows 98 or Windows 95. Windows 98 does not have the necessary exception handling for references to such devices and may crash.
Page | 245
A Beginners Approach to Windows
Challenges: 1. Create a folder called con in C:\.
Page | 246
A Beginners Approach to Windows
CHAPTER XII
Keyboard & Program Shortcuts This chapter lists most of the possible keyboard shortcuts that exist on a Windows machine. This chapter will surely make your life easy. Individual applications have their own shortcuts to navigate through their child windows. This chapter will highlight only the Windows Keyboard Shortcuts. After this chapter the reader should be able to: Use various Windows keyboard shortcuts.
Page | 247
A Beginners Approach to Windows All applications have shortcuts, but they are usually not user known, and it may so happen that you may accidentally stumble upon one shortcut and feel a great sense of elation. It is the case with all Windows users; Users, who have used Windows as their primary OS for quite a time now, will hardly use the mouse. Most commands and windows and applications can be handled through the keyboard. This is easier since almost all tasks can be performed by using the keyboard. I am not saying the mouse is not necessary, it is absolutely necessary otherwise how are you gonna play Unreal Tournament, but using the keyboard for common tasks can relieve lot of tension caused by moving the mouse and clicking the right button. Most of the shortcuts mentioned here are taken from the Microsoft Knowledge base, reformatted, condensed and rewritten for the sake of easier application of them.
XII.1: Windows Shortcuts Windows is full of shortcuts. Remember the general rule, a button or menu is accessible through the keyboard by pressing the ALT + (underlined letter) combination. If you cannot see any underlined letters on menus then press the ALT key on the keyboard to show all the underlined letters for the current active program.
General keyboard shortcuts These are general purpose shortcuts that can be used when you are on the desktop or when you are working with Windows. Keyboard Combination
Action / Output
CTRL + C
Copy
CTRL + X
Cut
CTRL + V
Paste
CTRL + Z
Undo
DELETE
Delete
SHIFT + DELETE
Delete selected item permanently without moving to the Recycle Bin
CTRL while dragging an item
Copy selected item
CTRL + SHIFT while dragging an item
Create shortcut to selected item
F2
Rename selected item
CTRL + RIGHT ARROW
Move the insertion point to the beginning of the next word
CTRL + LEFT ARROW
Move the insertion point to the beginning of the previous word
CTRL + DOWN ARROW
Move the insertion point to the beginning of the next paragraph
Page | 248
A Beginners Approach to Windows CTRL + UP ARROW
Move the insertion point to the beginning of the previous paragraph
CTRL + SHIFT with any of the arrow keys
Highlight a block of text
SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document
CTRL + A
Select all.
F3
Search for a file or folder.
ALT + ENTER
View properties for the selected item
ALT + F4
Close the active item, or quit the active program
ALT + Enter
Displays the properties of the selected object
ALT + SPACEBAR
Opens the shortcut menu for the active window
CTRL + F4
Close the active document in programs that allow you to have multiple documents open simultaneously.
ALT + TAB
Switch between open items.
ALT + ESC
Cycle through items in the order they were opened
F6
Cycle through screen elements in a window or on the desktop
F4
Display the Address bar list in My Computer or Windows Explorer
SHIFT + F10
Display the shortcut menu for the selected item
ALT + SPACEBAR
Display the System menu for the active window
CTRL + ESC
Display the Start menu
ALT + Underlined
letter in a menu name Display the corresponding menu
F10
Activate the menu bar in the active program.
F5
Refresh the active window
BACKSPACE
View the folder one level up in My Computer or Windows Explorer
ESC
Cancel the current task
SHIFT when you insert a CD into the CD-ROM drive
Prevent the CD from automatically playing.
Page | 249
A Beginners Approach to Windows
Dialog box keyboard shortcuts Keyboard Combination
Action / Output
CTRL + TAB
Move forward through tabs
CTRL + SHIFT + TAB
Move backward through tabs
TAB
Move forward through options
SHIFT + TAB
Move backward through options
SPACEBAR
Select or clear the check box if the active option is a check box
F4
Display the items in the active list
Natural keyboard shortcuts Most keyboards have the Windows Logo key and the Right Click menu key. You can use these keys, especially the Windows Logo key in combination with various keys on the keyboard to access some features of Windows. Keyboard Combination
Action / Output
WinKey
Display or hide the Start menu
WinKey + BREAK
Display the System Properties dialog box
WinKey + D
Show the desktop
WinKey + M
Minimize all windows
WinKey + SHIFT + M
Restores minimized windows
WinKey + E
Open My Computer in Explorer view
WinKey + F
Search for file or folder
WinKey + CTRL + F
Search for computers
WinKey + F1
Windows Help
WinKey + L
Switch User or Lock Computer
WinKey + R
Run Dialog Box
WinKey + U
Open Utility Manager
WinKey + (Shift) + Tab
Cycle through Taskbar Open Programs
Accessibility keyboard shortcuts Keyboard Combination Page | 250
Action / Output
A Beginners Approach to Windows
Right SHIFT for eight seconds
Switch FilterKeys on and off
Left ALT + left SHIFT + Print Screen
Switch High Contrast on and off
Left ALT + left SHIFT + Num Lock
Switch MouseKeys on and off
SHIFT five times
Switch StickyKeys on and off
NUM LOCK for five seconds
Switch ToggleKeys on and off
Windows Explorer keyboard shortcuts These shortcuts can be used in any explorer window. Keyboard Combination
Action / Output
End
Display the bottom of the active window
Home
Display the top of the active window
Num Lock + * [on numpad]
Display all subfolders under the selected folder
Num Lock + - [on numpad]
Collapse the selected folder
Left Arrow
Collapse current selection if it's expanded, or select parent folder
Right Arrow
Display current selection if it's collapsed, or select first subfolder
Ctrl + Left Arrow
Adjust the Left pane towards the left
Ctrl + Right Arrow
Adjust the Left pane towards the right
Backspace
Go to a higher level without collapsing any folders
Page | 251
A Beginners Approach to Windows
CHAPTER XIII
Troubleshooting Common Problems This chapter aims to provide you with reference information that you can use to troubleshoot you Windows installation. Most troubleshooting is defined and that too extremely to the detail in Windows help. This chapter covers some very common problems that users can face. Ten such errors are corrected using troubleshooting or by direct response. The Windows Recovery Console is also covered with a general description of commands and laying stress on the important ones. After this chapter the reader should be able to: Use the Recovery Console to write a new boot.ini file and a new MBR. Correct some common problems that can occur in Windows. Explain the difficult to understand Windows Errors (Exceptions and Illegal errors)
Page | 252
A Beginners Approach to Windows Nothing is perfect. Windows has its own set of difficulties just like any other Operating System. Troubleshooting Windows is the process of going to the root of a problem by following a path and eliminating options one by one till you get to the end. Windows has its own interactive troubleshooters that correct many problems right from graphics to booting of your computer. Windows now provides something called as the Recovery Console and the repair option so that you don‘t have to format your computer and reinstall everything. Data is safe and so are all your settings. Getting back to your desktop has never been easier.
XIII.1: The Recovery Console The Recovery Console of Windows 2000 and Windows XP comes as a boon to people like me who experiment a lot with their Windows installation and could end up a wall anytime. The Recovery Console is a non GUI DOS kind of environment having a fixed set of commands that allow users to correct several common problems. The Recovery Console has to be run from the original Windows Installation disk or it can also be installed as a boot option with an entry in the boot.ini file. The second option of installing the Recovery Console as a boot option is better since it will run of the hard disk and will be faster (and will also save some scratches of your CD). The CD will be there in any case if the hard disk Master Boot Record (MBR) has become corrupt or due to any other undocumented problem that prevents you from starting your computer. You can even create a new boot.ini file and disable or enable services. To install the Recovery Console insert the CD into the drive and at the Run prompt type the following at the Start >> Run box: G:\I386\winnt32.exe /cmdcons where G: is the name of the CD ROM drive, change it accordingly on your computer. Follow the onscreen instructions and you will have the Recovery Console installed in no time. It gets added as a boot option with a 30 second timeout. Lower the timeout if you wish to by using msconfig or by editing the boot.ini file. The next time you restart your computer you will see it in the Startup options for boot. When using Recovery Console, you can view and reuse previous commands by pressing the UP ARROW and DOWN ARROW keys, which move you forward or backward through your command history. For the list of Recovery Console commands that follow, brackets ([]) enclose optional parameters and a pipe (|) separates mutually exclusive choices. Recovery Console commands and parameters are not case sensitive. Most of the commands that exist in the Recovery Console are also present in cmd.exe therefore they will no be covered here. A complete list of the commands is given in the Appendix at the end of the book.
Batch Use the batch command to run the commands specified in a text file. Use the following syntax: batch inputfile [outputfile] Parameter Description inputfile
Specifies the text file (by using [drive:][path][filename] format) that contains the list of commands you want to carry out.
outputfile
If specified, stores the output of the Batch command in the specified file. If you do not specify a value for outputfile, the Batch command displays its output on the screen. Specify outputfile by using [drive:][path][filename] format.
Page | 253
A Beginners Approach to Windows The batch command cannot call itself recursively. Do not include the batch command in the file specified by the inputfile parameter.
Bootcfg For x86-based systems, use the bootcfg command to scan your hard disks and use the information to modify the contents of the Boot.ini file or rebuild a new copy. Use the following syntax: bootcfg [/add] [/default]| [/list] [/rebuild] [/scan] Parameter Description /add
Adds a Windows installation to the operating system boot menu list.
/default
Sets the default boot menu.
/list
Lists the entries already in the boot menu list.
/rebuild
Scans hard disks for Windows installations and to select which to add.
/scan
Scans all disks for Windows installations and display the results.
Chkdsk Use the chkdsk command to check a volume, and if needed, to repair the volume. Also, use Chkdsk to recover and move readable information before marking bad sectors as unusable. Use the following syntax: chkdsk [drive:] [/p]|[/r] You can use Chkdsk without parameters. When you do not specify a volume, Chkdsk runs on the current volume. Parameter Description drive:
Specifies the volume that you want Chkdsk to check.
/p
Performs an exhaustive volume check. This parameter does not make any changes to the volume.
/r
Locates bad sectors and recovers readable information before marking them as unusable. Implies /p.
Chkdsk requires the file Autochk.exe. If Chkdsk cannot find Autochk in the systemroot\System32 directory, it attempts to locate Autochk on the Windows installation CD. If you are using a multiple boot configuration, verify that you are issuing this command from the volume containing the proper version of Windows you wish to work with.
Dir Use the dir command to display a list of the files and folders in a directory. Use the following syntax: dir [drive:][path][filename] Parameter Description drive:
Specifies the volume of the directory for which you want a listing.
path
Specifies the directory for which you want a listing.
filename
Specifies the file for which you want a listing.
Page | 254
A Beginners Approach to Windows In Recovery Console, the dir command functions differently, listing all folders and files, including those with hidden and system attributes set. For each file and subdirectory, the dir command lists its attributes (if they apply) by using the following abbreviations. a Archive c Compressed d Directory e Encrypted h Hidden p Reparse point r Read-only s System file You cannot use wildcard characters with this command.
Disable Use the disable command to disable a service or driver. Use the following syntax: disable servicename Parameter Description servicename
Specifies the service or driver that you want to disable.
Use the related command listsvc to view a list of service and driver names for your system. The disable command displays the previous start type of a service before changing it to SERVICE_DISABLED. Record this value so that you can restore the original state of a service after troubleshooting a problem.
Diskpart Use the diskpart command to manage the partitions on your hard disk. For example, to create or delete disk partitions, use the following syntax: diskpart[/add|/delete] [device-name|drive-name|partition-name] [size] Parameter Description /add
Creates a new disk partition.
/delete
Deletes an existing partition.
devicename
Specifies the name of the device for which you want to create or delete a partition, for example, \Device\HardDisk0. To obtain the name of a device, view the output of the map command.
drive-name
Specifies the drive letter of the partition that you want to delete, for example, D:. Use only with /delete.
partitionname
Specifies the partition that you want to delete; can be used in place of the drive-name parameter. For example, \Device\HardDisk0. Use only with /delete.
size
Specifies the size, in megabytes, of the partition you want to create. Use only with /add.
If you do not use a parameter, a user interface for managing your partitions appears. Use this command with caution because this command can damage your partition table if the disk has been upgraded to dynamic disk.
Enable Page | 255
A Beginners Approach to Windows Use the enable command to enable or change the startup type of a service or driver. Use the following syntax: enable servicename [start_type] Parameter Description servicename
start_type
Specifies the service or driver that you want to enable.
Specifies the startup type for a service or driver. Valid values are: SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START
If you do not specify a new start type, the enable command displays the previous start type.
Expand Use the expand command to expand a compressed file stored on the Windows operating system CD or in a cabinet (.cab) file, and copy it to a specified destination. Use the following syntax: expand source [/f:filespec] [target] [/y] expand source [/f:filespec] /d Parameter Description source
Specifies the file you want to expand (by using [drive:][path][filename] format). You cannot use wildcard characters (* and ?).
target
Specifies the destination folder and/or file name for the new file using [drive:][path][filename] format.
/f:filespec
Specifies the specific file(s) you want to expand if the source contains more than one file. Wildcards are optional.
/y
Specifies that the confirmation prompt that appears when attempting to overwrite an existing file is not required.
/d
Specifies that files display, but does not expand the files in the cabinet file.
Fixboot Use the fixboot command to rewrite the boot sector code to the system volume. This is useful for repairing a corrupted boot sector on x86-based systems. If you need to replace the boot sector of a volume that is not the system volume, then you must specify the appropriate drive letter. Use the following syntax: fixboot [drive:] Parameter Description drive:
Specifies the volume drive letter on which to rewrite a new boot sector.
If you do not specify a drive, the default is the system boot volume.
Page | 256
A Beginners Approach to Windows Fixmbr Use the fixmbr command to rewrite the master boot code of the master boot record (MBR) of the startup hard disk. This command is useful for repairing corrupted MBRs. Use the following syntax: fixmbr [device-name] Parameter Description devicename
Specifies the name of the device that needs a new MBR, for example, \Device\HardDisk1.
If you do not specify a device, the default is disk 0. If disk 0 is not the device that needs repairing, you can obtain the device name of other disks by using the map command. If the fixmbr command detects an invalid or nonstandard partition table signature, it prompts you for permission before rewriting the MBR.
Help Use the help command to view Help information for Recovery Console commands. Use the following syntax: help [command] Parameter Description command
Specifies the command for which you want to view Help information.
Use the command parameter to specify a name of any Recovery Console command. If you do not specify a parameter, Help lists all the supported commands.
Listsvc Use the listsvc command to view details about the services and drivers on your system, including service start types. Use the following syntax: listsvc Use the listsvc command together with the disable and enable commands. The information displayed is extracted from the System registry file that is located in the systemroot\System32\Config folder. If the file System is damaged or missing, the information displayed might be inaccurate.
Logon Use the logon command to detect and log on to Windows installations. Use the following syntax: logon You must correctly enter the local Administrator password within three attempts or the computer restarts.
Map Use the map command to list all drive letters, file system types, volume sizes, and mappings to physical devices that are currently active. Use the following syntax: map [arc] Parameter Page | 257
Description
A Beginners Approach to Windows
arc
Use the arc parameter to force the use of the Advanced RISC Computing (ARC) specification format to describe paths instead of using device paths. You can use this information to create or repair the Boot.ini file.
Set Use the set command to set Recovery Console environment variables. Use the following syntax: set [variable = value] Environment Var
Description
AllowWildCards
Set to TRUE to enable wildcard character (* and ?) support for some commands, such as DEL, that do not otherwise support them.
AllowAllPaths
Set to TRUE to allow access to all files and folders on the computer.
AllowRemovableMedia
Set to TRUE to allow files to be copied to removable media, such as floppy disks.
NoCopyPrompt
Set to TRUE to suppress the confirmation prompt that appears when overwriting a file.
To display the list of current environment variables, use the set command without specifying a parameter. Systemroot Sets the current directory to the systemroot directory of the Windows installation with which you are currently working. Use the following syntax: systemroot Recovery Console on the whole does not support wildcards but this setting can be overridden by using the environment variable AllowWildCards. You even have the option of repairing your current installation of Windows, just insert the installation CD and boot from it. At the second page you will be prompted to press R to start repairing your current installation. This is the best option if your OS is severely damaged by accidental deletion of system files of file corruption by viruses or something. Repairing does not delete your settings (and that includes your My Documents folder) but just deletes the system files form system32 and Windows and copies new files from the CD. All your drivers, Program Files and Documents and settings are kept intact.
XIII.2: A List of Common Problems Windows can have many problems if not taken care of properly. Providing you the best, it asks for nothing more than proper care. Below is a list of some of the most common problems that can occur on a normal Windows home desktop. These problems have been resolved in a manner which will help you understand what caused the problem in the first place. Commonly you will get a wide variety of hardware problems and their solutions anywhere but this section of the text combines the most common software as well as hardware problems. For other more conscious problems use the Windows troubleshooters. You can access them by going to Start >> Help & Support and by searching for ―Troubleshooters‖.
Page | 258
A Beginners Approach to Windows 1. Monitor out of Frequency Sometimes when a program (a game for example) changes the current display frequency of your monitor to one that is not supported, the monitor may go off or a flashy message box will be displayed saying that the monitor has gone out of frequency. Many users panic and end up reinstalling Windows. There is a simple solution that can get your monitor back to life. This problem may also occur if you change your screen resolution to a higher (say from 800X600 to 1024X768 pixels) mode which may not be supported by the monitor frequency at that mode. Many standard monitors operate at a frequency of 60 Hertz. To see your current monitors frequency, open Display Properties. Go to the Settings tab and click on Advanced to open the Plug and Play Monitor properties. The number of tabs over here depends on the Video card and its drivers. But the one in which we are interested is the Monitor tab which has the Monitor refresh frequency displayed. If your monitor goes out of frequency then restart your computer from the Cabinet. You will lose all unsaved data. Press F8 just after the ‗Press Del to Enter Setup‘ message. Select the ‗Enable VGA mode‘ from the Advanced startup options to start your computer in the lowest resolution. Then once your computer starts normally, readjust the screen resolution and monitor refresh frequency to values that the computers hardware can survive on. 2. Crashing Applications and Hazy Games When you install a game or an application that switches over to full screen, you may face problems like the application may terminate or crash unexpectedly. The game might run with lot of difficulty, it may take an extremely long time to load or the visuals of the game may have ―burnt out‖ (a white hazy display). In most of the cases the culprits are the display settings, DirectX and/or the video memory. Increasing the amount of physical memory does help but there are always workarounds. If you have 128 MB of memory then you could opt for another stick of 128 (of the same frequency) to make the total to 256 which is fairly fast. The game loading will be resolved. Some games have a minimum requirement of 256 MB of RAM. If the problem persists, then try running the application or the game at a lower resolution or graphic acceleration. Most games have a settings page where you can lower the game graphics acceleration and the screen resolution. A standard resolution of 800x600 pixels can overcome many a problems. Try playing the game at lower graphics acceleration. For all Display and sound related applications (which include games) you require the latest version of Direct X. You can download the latest version from the Microsoft website, the current latest version is Direct X 9.0c. To see what you have got installed on your computer, goto Start >> Run >> dxdiag to open the DirectX Diagnostic Tool. On the first page itself, the DirectX version will be given along with other important system information. Display problems may also arise if the correct version of DirectX has been incorrectly or incompletely installed. Check the second tab (DirectX files) to see if any there is any incoherency with the installed files. See the notes on the screen to correct any errors. The third tab is the display which shows all the necessary information related to your video card. You can disable DirectDraw and Direct3D from here. These have to be disabled only in an extreme situation. You can test DirectDraw and Direct3D here. If the results are successful then please do not disable any option here. Finally try ending explorer and child processes and then play the game or run the application. To do this open Task Manager (Ctrl + Alt + Del) then under the Processes tab right click explorer.exe and select End Process tree. Then go to File >> New Task and browse for the game or the application that is causing the problem and run it. It should run by availing the memory that has become free due to the terminating of some processes. To get back your desktop, type explorer in the New Task box and press Enter.
Page | 259
A Beginners Approach to Windows 3. Inability to create a new Dial up connection We connect to the internet in many different ways including DSL modems, Broadband connections, VPN Networks and Dial up connections. The most widely used of these, the Dial Up connection allows you to access the internet through a phone line. You have to have a modem and a phone connection and an account with your ISP. You have to create a Dial Up connection to connect to the internet which will dial through your computer and authenticate you to logon. You can create a new connection by opening Network Connections from the Control Panel and then by selecting Create a new connection from the common tasks pane to the left of the window. If the pane is not visible you can go to File >> New Connection to start the New Connection Wizard. Sometimes, usually after an upgrade, you are not able to create a new connection especially a remote access or Dial Up connection. All items on the "Network Connection" page of the New Connection Wizard will be unavailable (dimmed). The network connections folder may be empty. The Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF) services do not start because of dependency failure. If you open services.msc and try starting the Remote Access Connection Manager, you will be presented with the following error: Could not start the Remote Access Connection Manager service on Local Computer. Error 5: Access is denied You will receive this error message even when you are logged on as Administrator or in an account that has admin privileges. You will not be able to create a new connection if one of the following is true: You install Service Pack 1 (SP1) for Windows XP, and then use the System Restore feature to restore Windows to a state before the installation of the service pack . You install SP1 for Windows XP when Windows XP Home is installed and then you upgrade to Windows XP Professional. You install Windows XP Home Edition (SP1) and then upgrade to Windows XP Professional in the 30 day activation period. To resolve this problem reinstall the SP1 for Windows XP again. If you cannot install the Service Pack then you will have to manually edit the registry. Open the registry editor and navigate to the following key: HKLM\System\CurrenControlSet\Services\Rasman Take a backup of this key by going to File >> Export and save it with a file name of rasman. Then verify that the Objectname string in the Rasman key is set to Localsystem. If not then modify it to LocalSystem. After you do this, delete the following keys by right clicking and selecting delete from the context menu: HKLM\System\CurrentControlSet\Services\RasMan\PPP\EAP\25 HKLM\System\CurrentControlSet\Services\RasMan\PPP\EAP\26 Restart your computer for the change to take effect. To prevent this problem from occuring, install the Q329441critical update from the Microsoft Update website. Use the advanced search in the Windows Update Catalog. After applying this update you can upgrade to Windows XP Professional.
Page | 260
A Beginners Approach to Windows 4. No Sound or crackled audio One of the most common problems faced by majority of users. The solution could be as simple as plugging in the audio jack to the correct port of your audio card. If you cannot hear any audio then try one of the following or all of them in the order given below: Try playing some other audio file. It may so happen that attached information to the audio file is corrupt or the file itself is corrupt with a misplaced header. If you cannot hear any other file then check for connectivity. Check the power and the audio jack connector to the audio input on your cabinet. Different speaker sets have different cable configurations. Consult your speaker documentation to be sure of the correct configuration. If still the problem persists then go to Start >> Run and type sndvol32 to open the Volume Control for your computer. Go to Options >> Properties and select the Mixer Device to your sound device. Select the Playback option and put a check against all components in the show volume controls for frame. Click on OK to come back to the volume control panel. Remove the mute check (if any) for all components except microphone. Increase the volume slider to full on all components. Keep the balance sliders in the centre and close the control. Make sure that your current audio device is the default device for Windows. To do this open Control Panel and go to Sounds and Audio device properties. On the Audio tab, click your sound device in the Default device lists under both Sound Playback and Sound Recording. Click on Apply to save changes. If the problem still persists then open Device Manager and check if the device is enabled. To do this double-click Sound, video and game controllers, right-click your sound device, and then click Properties. Under device usage, make sure that use this device (enable) is selected. Make sure Windows is configured to use the audio device connected. Under the Properties tab of your Audio Device Properties dialog expand Audio Devices and select your device and then select Properties and then click on Use Audio features on this device. Click OK until you return back to Device Manager, you may be prompted for restart, anyways just restart your computer. The last option that remains if still your device does not work then try reinstalling the device. Open Device Manager and right click on your audio device under Sound, video and game controllers and select Uninstall. Restart your computer. This will cause the computer to reallocate new resources to newly found hardware (your audio card in this case). Once your computer starts, reinstall the device by running the Add Hardware Wizard. Do not keep any magnetic or electrical objects close to your speakers, since the speakers themselves have magnets inside which may get damage or the magnetic field may disintegrate or distort resulting in crackled audio. Keep mobile phones and Radio Frequency (RF) devices (including transistors, walkie talkies and radio instruments) away from the speakers or your cabinet and monitor in general. 5. Slow startup and/or slow shutdowns Majority of slow startups are related to startup programs or device drivers. Start your computer in Safe Mode, by pressing F8 at the display of Operating Systems. Once in Safe Mode, open msconfig and go to the Startup tab and remove the check marks of all options in the list. This will disable all the startup items. Then restart the PC after msconfig prompts you to. This solves the problem in majority of the cases. You will not have the luxury of some of the important startup items like Antivirus software or sound and video settings manager (these are specific to hardware). You can re-enable the items one by one and check to see if the problem recurs. If the item is a non essential component that has been installed without your knowledge, you can uninstall it. Update your antivirus and run a full system scan because majority of the viruses run at startup. Get an antivirus that scans even the MBR of the floppy and the hard disk (McAfee of Network Solutions is a good one). If disabling all items does not resolve the issue then likely it is a service or device driver. Open msconfig and under the services tab select the Hide All Microsoft Services. This will display all the Page | 261
A Beginners Approach to Windows Non-Microsoft Services with their Status on your computer. Disable all of them and then start your computer in normal mode. Re-enable them one by one and check if the problem recurs. If it does then the last enabled service was the culprit. If still the problem persists then the last thing to do is to select the Startup type to Diagnostic Startup under the General tab of msconfig. Slow shutdowns can be caused by a number of factors, one of the major and the most common cause is the Clear Pagefile at shutdown option enabled. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this option is enabled, it causes the system pagefile to be cleared upon clean shutdown. This takes considerable time of the Operating System to flush-out the pagefile, thus causing the slow shutdown. You may disable ClearPageFileAtShutdown option to improve shutdown times. But the pagefile.sys will be intact and accessible via other Operating System, in case or dual or multi-boot. Open the registry editor and navigate to the following key and change the value of ClearPageFileAtShutdown to 0 disable the flushing of the page file(s). HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management Non responsive programs or services also contribute to slow shutdowns. Lowering the WaitToKillServiceTimeout value in the registry may also help. Open the registry editor and navigate to the following key and reduce the value of WaitToKillServiceTimeout (default being 20000ms) to your preference. By doing so, we're forcibly closing a non-responsive service. Another method of doing a faster shutdown is by forcing all applications to close irrespective of what they are and how important they are. This has to be used in the most extreme situations: Create a Windows XP shutdown shortcut as explained in the Tips & Tricks chapter, but add a –f parameter to it so that the final command looks something like this (may look different depending on the timeout and comment that you have given): Shutdown.exe -s -f -t 12 -c “This computer is about to shutdown!!” Use this shortcut to force open applications to close immediately. 6. Burnt or hazed desktop icons It may so happen that the desktop icons or drive icons may appear burnt or hazed. Icons may get patchy backgrounds or may appear distorted. There could be two reasons. One is that your screen resolution is set at a lower color (standard is 32 bit) or the IconCache.db file of the current user account has become corrupt. To change the color depth, open Display Properties and under the Settings tab change the Color quality to Highest. Click on Apply. The screen will go blank (or you may be asked to restart depending on the setting) and your desktop will be reconfigured. If this does not cure the Icons then definitely it is the case of a corrupt Iconcache.db file. This file is found in the %homepath%\Local Settings\Application Data directory and contains the Icon information about all the desktop and other icons specific to the logged on user. The file may be hidden. Use the Tools >> Folder Options to unhide the file under the second tab. Just delete this file
Page | 262
A Beginners Approach to Windows and do a normal restart. This file will be re-created at the next user logon complete with new and fresh icons. 7. Windows Could Not Start <Some File Missing> There are times when Windows may not start at all. The screen will just show a message saying that some file is missing or is corrupt. Usually it is the C:\Windows\System32\Config\System file or the C:\Windows\System32\Config\Software. As you already know these files are part of the Windows registry and are extremely important. Due to inappropriate access by a malicious program these files can be tampered with. To start your computer you will have to replace them with the originals found in the C:\Windows\Repair folder. Follow this procedure for ONLY the file that is said to be corrupt or missing. Start your computer with the Recovery Console and at the prompt navigate to the Config folder and rename the current (corrupt) System and Software to System.old and Software.old. Then use the copy command to copy the originals from the repair folder. The following commands in order will do the job: C:\Windows> cd System32\config\ C:\Windows\System32\Config> ren system system.old C:\Windows\System32\Config> ren software software.old C:\Windows\System32\Config> copy C:\Windows\Repair\System System C:\Windows\System32\Config> copy C:\Windows\Repair\Software Software Restart your computer by typing Exit. You may have to reconfigure most of your programs and your hardware. Many programs will not work as expected since the entire bunches of the registry have been replaced. Don‘t frown, at least your desktop is back. 8. HAL.DLL Missing or Corrupt More often than not a missing Hal.dll or corrupt Hal.dll is the result of the Boot.ini having a syntax error or a corrupt boot sector. Boot through the Recovery Console and use the bootcfg command with the /rebuild switch to rebuild the boot.ini file. Use the bootcg /list command to view the whole list of Installed Operating Systems. If this does not work then run chkdsk with the /r switch on the system drive (usually the C: drive) to check for bad sectors. Once the scan is complete, repeat the previous step.
XIII.3: Windows Errors Errors usually occur in a program when data what is read by the application is corrupt or the method of fetching the data is not understood by the Operating System. Errors occur on all OSs but of all of them the Windows Blue Screen is the most famous. The Blue Screen Error of Windows is distinct to Windows 98. In Windows 98 if you are playing something or reading data from a CD and you eject the disk out then a Blue Screen is displayed whereas on Windows XP a Continue, Abort, Retry box is provided. The Blue screen error can also occur on Windows XP but its presentation is different. The thing that is common in both is that both provide little information on what went wrong. Windows XP has the Event log which can be accessed from the Computer Management snap in which records all information in log files which can be read later to get to the problem. Windows 98 is left on its own. Illegal Operation errors, Exception errors and Kernel errors are the three types of errors that usually occur. A crashing application will show a blue screen on Windows 98 but on Windows XP you will be presented with a dialog saying that the specific application has crashed, you can view details and even send an error report to Redmond. Page | 263
A Beginners Approach to Windows
In case of an error, it is a general practice to believe that you are infected with a virus. They can be used useful for diagnosing problems. Exceptions Errors: These usually occur when the program code in memory is overwritten by itself. When you run an executable, Windows pushes the entire program in to the RAM (if there is space or a part of it is pushed in to the paging file if enough space is not available) and the execution begins. Suppose the program has to play a song then while doing so it may use a decoder for the song in a memory block reserved for the program itself, thus overwriting a part of its own code. Thus the entire application crashes. Fatal Errors: Fatal errors usually have the form: 'A FATAL EXCEPTION <XX> has occurred at xxxx:xxxxxxxx. Note: <XX> represents the actual processor exception from 00 to 0F and the xxxx:xxxxxxxx represents the code pointer, i.e. the actual address in the memory module where the error occurred. Whenever a program or application accesses an illegal instruction, invalid data, code or privilege levels, it returns certain error codes that are what we know as Fatal Errors. Whenever any such error occurs, the processor sends or returns an 'exception‘ to the operating system. These 'exceptions' are handled by the operating system as fatal exception errors. If the error causing application has interfered with the memory block of any Windows component then the error is non recoverable. You will have to restart your computer forcibly. Invalid Page Faults: Invalid Paging Faults occur if an application reads or writes to a memory location not allocated to it and when the program jumps to that instruction address it does not get the correct code and hence is terminated with the following error on Windows 98. 'This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor' The dialog box also provides you the name of the module that is causing the error. For example, if the error recurs every time you play a song or every time you perform a specific task, then reinstalling the application may fix the problem or try installing a higher version of the program. Like in my case the Winamp 2.7 Player on my computer crashed frequently when I played Solitaire. There was no link!! I reinstalled Winamp 2.7 but still the problem continued. Finally a installed Winamp 5.0 and the problem never occurred again. Invalid Page Faults are the easiest to diagnose. The module name is the only hope that we have to prevent the problem from recreating itself. The best way to get rid of such IPF errors is to re-install the component or file mentioned by the error message. If the error message is being displayed by more than a single application, then it probably means that there is something wrong with a Windows components rather than the application itself. Or if you perform a specific task with the application then it is certain that the problem lies with the application dll or library handling the routine. Windows Errors are not that difficult to understand. Most errors can be fixed by using troubleshooting, a little common sense and a whole lot of patience. Keep your system Updated at all times, scan your computer regularly with an Updated Antivirus, empty the Temporary Internet Folders and the %Temp% Folders of your account as well as the others.
Page | 264
A Beginners Approach to Windows
CHAPTER XIV
‘Flavors’ of Windows This chapter will basically provide an insight into the different versions of Windows that were released along with a brief description of their working. This chapter also includes a concise explanation on the MS DOS version of OS that formed as the basis of the Windows series. After this chapter the reader should be able to: Compare different flavors of Windows and understand the general working of each. Compare advantages of the different versions.
Note: The descriptions penned down in the following pages are brief in its context and the reader is
informed that any further accounts are beyond the scope of the book.
Page | 265
A Beginners Approach to Windows We have seen the working and methods of getting the most out of your OS in the last few chapters. Windows has gone through revolutionary changes during its initial stages of development. Initially when operating systems became commercially viable there were very few OSs which could provide multiple functionalities and still run services in the background. The following pages will enable its readers to see the basic differences between the different versions released by Microsoft.
XIV.1: MS-DOS to Windows XP SP2 Microsoft introduced its Operating System series by launching MS DOS (Microsoft Disk Operating System) which gave the user the abilities to create simple files and store data into preformatted file systems. Although there were many variations in the series, we shall only see those OSs that paved the way for some drastic changes. Although not a part of the Microsoft Windows series, MSDOS 6.22 has been included since DOS formed the basic foundation of the Windows series upto Windows 98 (Windows ME, Windows 2000 & Windows XP run their shell, explorer.exe, independently without any DOS support). >> MS-DOS 6.22 MS-DOS 6.22 was the last stand alone command line OS designed by Microsoft for the Personal Computer and is generally considered to be one of the most versatile and reliable DOS type OS ever released by Microsoft. It was not exactly Windows but future editions of Windows resided on its integral and promising structure. It had numerous safety features including a primitive type of Antivirus and a system backup utility, alongwith other enhancements designed to provide the safest possible computing environment of any MS-DOS version. MS-DOS 6.22 could run on virtually any PC platform with just 1 MB of RAM. MS-DOS 6.22 did not have setup disks as CDs but its setup had to be run from 1.44 MB floppy diskettes. The installation space required for this version of MS-DOS was around 6 MB and the usage of a mouse was optional. It was completely command based and did not support any GUI features. The display text was Mono, i.e. it did not require the usage of any display adapter as such. Below are few of the most noticeable features of this DOS version: DriveSpace and DoubleGaurd: DriveSpace was a well known file compression application that
came bundled with MS-DOS versions and later versions of Windows (3.1 & 9x). DriveSpace integrated disk compression with the OS and supported the hard disk as well as floppy disks. DriveSpace included DoubleGaurd safety checking which protected data by verifying data integrity before writing it physically to the disks. Scandisk: Scandisk not only detected but also diagnosed and repaired instances of bad sectors, clusters and verified disk errors on uncompressed normal drives and on DriveSpace compressed disks. Scandisk could repair file system errors and physical disk errors. File System errors include cross linked chains and lost clusters. MS-DOS Scandisk was restricted to FAT16. Backup: A small utility that was shipped with MS-DOS 6.22 and which took the backup of your crucial system files. MS-DOS 6.22 carried a version of Backup for DOS and Windows 3.1x as well. Defrag: This utility allowed the user to reorganize files on the hard disk, thus freeing up some unused space and allowing faster file access. SmartDrive: The SmartDrive program included with MS-DOS 6.22 speeded up the computer by using a disk cache that stored information being read from the computer‘s hard disk.
>> Windows 1.0 The first in the Windows series of operating systems, Windows 1.0 was released in November 1985, with the intention of providing multi-tasking capabilities in a GUI environment for end users. But unlike later versions, Windows 1.0 offered limited multitasking of existing MS-DOS programs and concentrated on creating a stable Application Programming Interface (API) for native programs for the future. Page | 266
A Beginners Approach to Windows
Windows 1.0 was often regarded as a "front-end to the MS-DOS operating system" rather than a full-fledged operating system, a description which was also applied to subsequent versions of Windows. Windows 1.0 allowed users to interact with the hardware by running itself over DOS. However unlike other shells available at the time, the Windows 1.0 shell known as MS-DOS Executive had its own memory management system and allowed a software based approach towards memory sharing called ‗virtual memory‘. Windows 1.0 with its feature of non-overlapping windows allowed users to switch over to other open windows without closing the present working window. Instead of over lapping, the windows were kept tiled. Only dialog boxes could appear over other windows. Windows 1.0 executables even though having the same extension and file header did not contain the ability to print "This program must be run under Windows" or similar message and exit when the program was run outside of Windows. Instead, the file header was created in such a way as to make DOS reject the executable with a "program too large to fit in memory" error message.
>> Windows 2.0, Windows 2.0 which was released in 1987 allowed for windows to overlap each other, as contrasted with Windows 1.0, which could only display multiple windows on screen by tiling them. The "Minimize" and "Maximize" feature of Windows was introduced with this version, as was a more sophisticated keyboard-shortcut mechanism in which shortcut keys were identified by underlining the character that, in combination with the "Alt" key, would cause them to be selected. File management tasks were still managed by use of the MS-DOS Executive program introduced in Windows 1.0, which was more list-driven than icon-oriented. The first Windows versions of Microsoft Word and Microsoft Excel ran on Windows 2.0. A year later, Windows/286 2.1 and Windows/386 2.1 were released, which could take advantage of the specific features of the Intel 80286 and Intel 80386 processors. Windows/286 Windows /286 was shipped with the ‗himem.sys‘ DOS driver which took care of the High Memory Area (HMA) specification of the Intel 80286 processor which allowed Windows 2.0 to expand its memory for programs. Windows/386 Windows/386 introduced a kernel over which the GUI and applications would run as virtual tasks of the 80386 processor. It allowed several MS-DOS programs to run in parallel virtual machines, rather than always suspending background applications to clear enogh memory for new programs. There was no disk-based virtual memory, so multiple DOS programs had to fit inside the available physical memory.
>> Windows 3.1 Windows 3.1 was a major change in the series of Non GUI based OSs. Windows 3.1 needed MSDOS version 3.1 or later to run over it. Windows 3.1 could run in two modes The ―386 enhanced mode‖ required a PC with a 386 processor (or higher) and 640 K of conventional memory plus 1024 K of extended memory, 8 MB of free hard disk space (10 MB recommended), and a floppy drive. The ―standard mode‖ asked for a PC with a 286 processor (or higher) and 640 K of conventional memory plus 256 of extended memory, 6 MB of free disk space (9 MB recommended), and a floppy dive.
Page | 267
A Beginners Approach to Windows Windows 3.1 for the first time used a display adapter to display its GUI interface. Windows 3.1 by itself did not boot but the user could access the Windows GUI interface by booting into the usual DOS prompt and typing ―win‖ at the prompt. To boot directly to Windows 3.1 the user needed to edit the Autoexec.bat file and appending it with ―win‖. Windows 3.1 also allowed users to start an application alongwith itself through the prompt, for example the following command would start Windows and start notepad as well: win c:\windows\notepad.exe If an MS-DOS application had to be run in Windows then one of the two modes had to be specified for the application, for example if game.exe is a DOS based application then the following command would start Windows in its standard mode and run game.exe too: win c:\windows\alcatraz\game.exe Windows 3.1 also had a program called ―File Manager‖ that did most of the file arranging and displaying them in folders and columns. This primitive form of Explorer helped the user to manage drives, directories and files. You could open different instances of ―File Manager‖ and then drag & drop files and folders from one drive to another to copy or move those files. To expand directories the user had to double click on them. Opening another instance was as easy as going to the ‗Window‘ menu and clicking on the New Window option. The ―File Manager‖ gave options to rename, delete and create directories and files. It also had a search facility that supported wildcards (* or ?) and you could also work with the files that appeared in the Search Results window in the same way you could work with files in the directory window. Windows 3.1 also came with Character Map, an application still found in Windows XP. This application allowed the user to insert special characters not found on the keyboard into your application like Excel. These characters included symbols like ®, ©, α, β, θ, λ etc. The Run dialog box could be accessed from the File menu of ―File Manager‖ and had the same use as present day Run command. Windows 3.1 also supported OLE i.e. Object Linking and Embedding and had an improved startup configuration.
>> Windows 95 Microsoft released Windows 95 in August 1995 as a major relief over Windows 3.1. Windows 95 was designed to offer the most out of the hardware of those years and was superior in performance. It took advantage of new and developing PC technologies like power management and plug and play of hardware accessories. Besides being able to run most of Windows 3.1 and MS DOS programs, Windows 95 was coupled with a hoard of useful programs and other improved features like Add/Remove Programs, Internet Dial up connection and support for long file names. Below are some of the most noticeable features of Windows 95: Active right mouse button: The right-click of a mouse would open a context menu full of useful
options. Clicking on any folder or file would enable a user to perform common tasks easily like renaming etc. Dial Up Networking: This feature allowed users to access online resources by connecting to their respective ISPs by dialing their ISPs number via a modem. This feature also allowed users to connect between two local computers. Windows Explorer: The primitive File Manager was replaced by Windows Explorer, a file so important, an entire chapter has been dedicated to study it. Explorer, in Windows 95, was basically used to manage, search and sort files and folders in to proper locations. Management and browsing of files, drives and directories becomes easier with Windows Explorer.
Page | 268
A Beginners Approach to Windows Shortcuts: Windows 95 provided additional ease in browsing by the use of shortcuts. Shortcuts
are basically links created for easy access to important or frequently used files. For example, consider a file called game.exe lying in the ―D:\Value\Data\Strings\Gamedata\bin‖ folder. Instead of going all the way to ―bin‖ to execute game.exe, a shortcut is created to it and placed on the desktop for easy access. To create a shortcut to a file click on the file whose shortcut has to be made and then press the Alt and Shift keys on the keyboard and drag the file to a location where you want the file‘s shortcut to be placed. MultiTasking: Windows 95 for the first time offered improved multitasking capabilities by sharing memory resources with 2 or more applications and allowing them to run simultaneously without any system interruptions. Taskbar: The taskbar was a great relief for Windows 3.1 users. The taskbar shows all open Windows and holds all minimized Windows and application. The user uses the taskbar to switch between applications. The Taskbar also holds the Start button. The start menu is explained I detail later. Plug & Play: This feature allowed users to plug in any hardware and the Add Hardware program would detect and search for drivers automatically and prompt you for an installation disk or location if it cannot find any drivers automatically. Windows 95 truly revolutionized computing as Windows users knew, the new GUI interface, the wallpapers, the screensavers, the Taskbar etc provided Microsoft the required fuel to push their dream of perfection with quality a step further and Windows 98 was launched in June 1998.
>> Windows 98 Windows 95 had many holes and bugs and hardware issues that were resolved with the coming of the one of the most stable OSs ever – Windows 98. Windows 98 was built over Windows 95 by adding several changes to obtain a full fledged 32 bit OS. Windows 98 promised many new and improved changes including faster system shutdown, networking, hardware support, System file checker, Media Player and lots more… Even after the release of a Windows version called Windows Millennium Edition (Windows ME), Windows 98 still continues to find itself on the desktop of common users and office workers. The scenario changed after Microsoft released Windows XP, but that‘s another story….. The most notable features of Windows 98 that allowed it to stand out are given below. The readers are informed here that these are not the only features of Windows 98, but several others exist but the ones that are important from the view of a normal home computer user are explained below: Disk Defragmenter: Whenever a file is updated or stored, Windows tends to store the file in the
largest continuous space available which may be different sectors for the entire file. This causes the computer to perform slowly since every time the file is opened the computer has to search and assemble the entire file again and again. Defragmenting is the process by which parts of files are written to contiguous (or alternate) sectors so that access and retrieval time of the computer is reduced. A Disk Defragmenter in short helps in improving the performance of your computer. System File Checker: This was something new in Windows. The System File Checker allowed the
user to verify whether the Windows system files (*.ocx, *.dll, *.vxd, *.exe, *.inf and so on) have been modified or corrupted. This was a relief for those people who feared reinstallation of Windows, you had to just run ‗sfc‘ at the run prompt and insert the Windows 98 CD when asked for, the System File Checker utility would then copy the needed files to the respective system folders and the user could heave a sigh of relief. Improved Dial up Networking: The dial up networking feature included with Windows 98 had the
additional characteristics like dial up scripting support and multilink channel aggregation (MCA) that allowed users to attain higher transfer speed by combination of all available dial up lines. Page | 269
A Beginners Approach to Windows
Windows Media Player: Windows 98 came with an updated version of Windows Media Player that
supported several audio, video and combined media formats like *.mpeg, *.mpg, *.avi, *.dat, *.mp3, *.wav and *.mid. New versions of Windows Media Player are available for download at the Microsoft Website. Internet Connection Sharing: This feature of Windows 98 SE allowed users to connect two or
more computers to the internet through the same line. This was made possible by making the computer connected directly to the internet as a gateway to the other computers on the LAN. Dr. Watson: Windows 98 came with an application called Dr. Watson (its refined version
drwtsn32.exe is found on XP systems) which intercepted program crashes and general protection faults and logged errors into a log file which could later be evaluated to give a complete description of the state of the system when the fault occurred. Multiple Display Support: Windows 98 for the first time enabled users to connect multiple monitors
to the same machine. Improved Control Panel: The control panel of Windows 98 allowed users to do several tasks like
searching for hardware, uninstalling programs and installing networks without any difficulty. System Configuration Utility: The Windows 95 ‗sysedit‘ or system editor was surpassed by
‗msconfig‘ of Windows 98 which allowed users to modify their startup and enable or disable individual items in AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and SYSTEM.INI. Users could easily select type of startup (Normal, selective or diagnostic). Disabling unwanted applications from starting up was as easy as removing a tick mark from the startup tab under this utility. System Information Tool: This utility provided detailed information on the system resources which
included information right from the OS Name to IRQ‘s of different devices. The File menu had an export command to export information to a text file which you could specify. The Tools menu provided easy access to several commonly used troubleshooting applications like Dr. Watson and Direct X Diagnostics. Windows System Update: This feature allowed users to automatically download and install
patches and updates. A web based service would scan your system for the hardware and software installed and either notify the user or continue downloading and installing new drivers and system files.
>> Windows Me Windows 98 was succeeded by Windows Me which included very few upgrades like Internet Explorer 5.5. It also bundled Windows Media Player 7 and included the new Movie Maker software, which provided basic video editing and was designed to be easy for home users. No Real Mode DOS: Windows Me did not include real mode MS-DOS. Windows 95 & Windows 98
had to load DOS and then the GUI interface was loaded. Windows Me came with this exception, the GUI shell (explorer.exe) was loaded without any DOS support. However, the changes to Windows Me were minor, with access to real mode DOS simply restricted, so some applications (such as older disk utilities) that required real mode would not run in Windows Me. System Restore: Windows Me introduced the "System Restore" feature that allowed the user to
create restore points to get their system back to point were it was working. If the installation of an application or a driver adversely affected the system, the user could undo the install and return the system to a previously-working state.
Page | 270
A Beginners Approach to Windows Improved Networking: The Network Setup wizard in Windows Me gave detailed step by step
procedures to configure a home peer to peer network and customizing printers, file and Internet sharing was made even simpler. The wizard even allowed the creation of a floppy disk that could be used to install the Windows Me network components and software on other computers that you want to include in the same network, even if the other computers were using Windows 95/98. The new TCP/IP networking stack under Windows Me allowed more than six instances of the protocols to be used by programs without the need of disabling or uninstalling any other feature or component.
>> Windows 2000 Windows 2000 (also known as Windows NT 5.0) is one of the most stable Operating Systems ever released which was designed to work with a uniprocessor or symmetric multiprocessor 32 bit Intel x86 computers. It is a part of the Windows NT series of operating systems and was released on February 17, 2000. The Windows NT series dates back to July 1993 when two versions of Windows NT 3.1 (Workstation & Advanced Server) were released. Windows 2000 or Windows NT 5.0 comes in four versions: Professional, Server, Advanced Server and Datacenter Server. Windows 2000 is very secure and with its NTFS file system and user accounts data management and protection has become a reality. Windows 2000 has dual mode architecture. The kernel mode provides unrestricted access to system resources and facilitates the user mode, which is heavily restricted and designed for most common applications. The system files are kept in %systemroot%\system32\ folder in case of Windows 2000 and higher. The Windows folder (%systemroot%) is named as ‗Winnt‘. Windows 2000 does not have msconfig and has two variants of the registry editor: regedit.exe and regedt32.exe (a full fledged 32 bit model with SAM and Security keys expandable) Advanced User Management: Windows 2000 allows the creation of users who could have access
to all the system resources called the Administrators and the limited account holders who would have limited permissions. Administrators can control almost everything on a given Windows 2000 system by using something called as Policies. Administrators can levy many restrictions on any user specific or an entire group. Administrators have full access to system resources including hardware installation, program installation/uninstallation, registry editing, scheduling tasks and creating and deleting users and so on. Hardware Wizard: Windows 2000 has a hardware wizard which has a simple interface for dealing
with many hardware problems. Users can install, configure, remove, troubleshoot and upgrade devices using this simplified hardware wizard. Improved Start Menu: The start menu in case of Windows 2000 needs special mention due to its
uniqueness. Windows 2000 keeps a note of programs and applications accessed through Start | Programs. After 6 sessions the start menu is altered to show the recently used items and the remaining items remain hidden in the collapsible Programs menu and can be accessed by clicking on the small double arrows displayed. Windows Explorer: The Explorer in Windows 2000 has many improvements, some of which
include an enhanced Folder Options applet which could be accessed through Tools option in the Menu bar unlike Windows 98 which had Folder Options under View. Crucial system files are ‗superhidden‘ and can be accessed by removing a tick mark in the Folder Options (explained in detail later). Managing file associations and customizing folders is easier in the case of Windows 2000. The Open/Save dialog boxes have common folders like My Computer & My Documents, on the left for quick and easy navigation. Search has been integrated into Explorer and can be accessed from any explorer window by clicking on the search button in the Standard Button Toolbar.
Page | 271
A Beginners Approach to Windows
>> Windows XP Codenamed „Whistler‟ during its development, Windows XP was publicly released on October 25 2001. The most common editions of Windows XP are the Windows XP Home Edition, which is targeted at home users, and the Windows XP Professional Edition which comes with a few better improvements for business and power users. The word XP comes from „Experience‟. Windows XP still follows the Windows NT version number being version 5.1 after Windows 2000 being 5.0. Windows XP also has several features exclusive only to server and workstation oriented Windows NT family, which include greater stability and efficiency due to its pure 32 bit kernel. Microsoft has customized Windows XP for different markets; Windows XP Media Center Edition for special Media Center PCs (Television and Radio broadcast receivers), Windows XP Tablet PC Edition for special laptops and notebooks (cannot be bought separately), Windows XP Embedded for set-top boxes, ATMs and medical devices, Windows XP Professional x64 Edition for computers with 64-bit processors, and Windows XP Starter Edition a low priced edition for users who want a feel of the new OS and is available only in Asia and South America. The windows folder is named as ‗Windows‘, unlike ‗Winnt‘ of Windows 2000, to make the OS more user friendly (perhaps). Windows XP has many notable improvements over previous versions of Windows. The following pages will mention just a few of them. Improved User Interface: Windows XP features a new task based Graphical User Interface (GUI).
The Start Menu and Search have been retouched to give a splendid looking pleasant interface. Along with visual effects like: A transparent blue selection rectangle in Explorer A watermark-like graphic on folder icons, indicating the type of information stored in the folder. Drop shadows for icon labels on the desktop Task-based sidebars in Explorer windows The ability to group the taskbar buttons of the windows of one application into one button The ability to lock the taskbar and other toolbars to prevent accidental changes The highlighting of recently-added programs on the Start menu Animation of Windows when minimising and maximising Fading and sliding of menus into view and lots more….. Windows XP gives the ultimate in visual styles too. Luna is the visual style that comes enabled by default. Many third party softwares allow creation of desktop visual themes and styles for XP. The Windows 2000 "classic" interface can be used instead if preferred or to conserve memory. User logon is a completely revised environment in case of Windows XP. Unlike the normal boring username and password box of Windows 2000 and in some Windows 98 machines, XP users have to click on their username and then enter a password if required. This improved interactivity can be overridden by disabling The Welcome Screen in the User Accounts panel to get back a Windows 2000 kind of logon environment. Windows Explorer: Search is integrated with Windows Explorer and has animated characters that
make the task of searching for files a pleasant chore. Readily available options include searching for Pictures, Music & Videos. Search also allows searching of superhidden system files. You can also change the animated characters and disable indexing (makes searching slower). Explorer recognizes contents of folders and displays common tasks in the left hand pane of the Window. For eg: If a folder contains video files, then common tasks will contain ‗Play all‘ which enables direct playing of all (compatible) video files in Windows Media Player. Common Tasks also contain links to ‗useful‘ places which includes ‗My Computer‘, a properties box which displays File Properties of any selected file. Explorer also has options to view Pictures as Thumbnails right on the Standard Buttons Bar. CD Burning being integrated into Explorer, easy compilation of CDs has become very easy. Since Internet Explorer & the Windows Explorer come merged, navigation Page | 272
A Beginners Approach to Windows to folders or websites can be done through any of the two. The Windows Explorer of XP also allows users to give customized icons to individual folders. Windows XP creates special folders for its users. These folders include the My Pictures, My Music, My Videos, and My Documents etc. Explorer recognizes the specialty of these folders and changes the File and Folders Tasks to incorporate another list of shortcut commands to suit the folder. For example in the My Music folder, you will get a ‗Shop for Music Online‘ shortcut which gives you a direct path to access and download legal music. These folders are usually found in you‘re my Documents folder on the desktop. Microsoft encourages users to keep data here for quick access, but this ‗My Documents‘ folder could well be the worst place to keep your data. See the Explorer & The Windows Interface chapter for in depth explanation. The right click context menu of ‗Send To‘ can also be changed by adjusting the contents of the Send To folder of a user in the same way as the New menu can be changed by a little tweaking. Windows XP keeps user profiles and related stuff at %systemroot%\Documents and Settings\. To see the contents of your profile folder go to start > run and type %homepath%. Explorer hides system files and other important files by default, thus when you go to your Windows folder you may get ―These files are hidden‖ type of message. To view these files just click on the ―Show the contents of this folder‖ link. Explorer hides the paging file and System Volume Information and other system folders in such a way that even after removing the check mark against the ‗Show hidden files and folders‘ option in Folder Options you are still unable to see these files. This is because Windows XP ‗superhides‘ these files. These files and folders are then accessible by removing the check mark against the ‗Hide Protected Operating System files (Recommended)‘ option in Folder Options in control panel. Explorer also allows customizing of display properties of files by changing available options. This can be done by selecting ‗Choose Details‘ under ‗View‘ menu of any open Explorer window. The right click context menu of Windows XP‘s Explorer has several enhancements over its predecessors. It recognizes the file type and displays a menu accordingly. For example if a picture file (*.bmp, *.jpg etc….) is selected and the context menu viewed, it will generally have a Preview option and an Edit option which will open the file in Windows Picture & Fax Viewer & Paint respectively (these options can be changed). If there exists a file whose extension is unknown to Windows, then Explorer allows the user to open the file using an application which the user thinks will work or automatically searches the web for the application that created the file. Explorer also allows users to see what the contents of a folder are without opening it. Just moving your mouse over the folder or selecting the folder with your arrow keys, shows you the size of the folder and its contents in tooltip kind of style. The Standard Buttons Bar can be customized to contain more buttons like ‗Stop‘, ‗Refresh‘, ‗Map Drive‘, ‗Disconnect‘, ‗Favorites‘, ‗History‘, ‗Fullscreen‘, ‗Move To‘, ‗Copy To‘, ‗Delete‘, ‗Undo‘, ‗Properties‘, ‗Cut‘, ‗Copy‘, ‗Paste‘ and ‗Folder Options‘. Explorer also sorts all files and displays them accordingly. The right click context menu has an option to arrange icons by Name, Size, Type and Date modified. The changes done to one folder can be made universal by selecting the ‗Apply to all Folders‘ in Folder Options under the View tab (Start > Run > control folders) User Management & Logon: Creating of users is as simple as opening ‗Control Panel‘ | ‗User
Accounts‘ and ‗Create a New Account‘. Users can be limited or administrators, and accounts protected by passwords. Fast User Switching allows another user to log in and use the system without having to log out the previous user and quit his or her applications. However Fast User Switching requires more system resources than having a single user logged in at a time. Fast User Switching is only available for stand-alone computers and users in a workgroup. It is not available if your computer is part of a network domain. Users can be restricted from performing various tasks on a local machine. The administrator on a Windows XP Professional Edition installed system can variably use the Group Policy Editor to indirectly edit the registry and put several restrictions on a user. For those who are familiar with the Windows NT kind of User Accounts control box can run ―control userpasswords2‖ from the run command box. Under the advanced tab you get options to manage your stored passwords for websites etc. and a .NET passport wizard. Page | 273
A Beginners Approach to Windows Users are again divided into Administrators, Users, Debuggers and Guests in Windows XP. Windows XP allows the creation of a ‗Password Reset Disk‘ which can be used in case a user has forgotten his/her password. There are two methods of logging in into a Windows XP machine: The Welcome Screen is the fastest and easiest way to log on. You log on simply by clicking your Username and typing in your password (if you have one), the classic logon is the most secure way to login because it requires you to type a username and password. A custom Welcome screen can be used in place of the normal Windows Welcome Screen. The trick is to change the path to the logonui.exe file of C:\Windows\System32\ to a custom created logonui.exe file, in the registry (Already explained in the Windows Tips & Tricks chapter). To choose between the Welcome Screen or the classic logon prompt, on the main User Accounts screen select Change the way users log on or off.
Security: Built over NT, Windows XP continues to give excellent security (sometimes a bit more)
like Windows 2000. The policies that can be applied to Users can be used to restrict several actions of these users. They can be disallowed access to many places on the hard disk, including entire drives. If your data is on an NTFS drive then it can be locked out by using the ‗cacls‘ command. NTFS drives also allow data to be encrypted so that any other user may not be able to read the contents. To help maintain the integrity of Windows XP systems, critical system files are digitally signed so that any changes to these files are quickly detected. The File Signature Verification utility helps verify digital signatures of these files and informs the user for any unexpected file changes. The System File Checker has become command line based, to access SFC just run ‗cmd‘ (the 32 bit command interpreter of XP) and type ‗sfc‘ at the prompt to get help or type ‗sfc /scannow‘ to start the System File Checker. Insert the Windows XP CD when asked by the utility to copy new files to replace files which have been damaged or whose versions have been scrupulously changed by other applications. Going online is safer with Windows XP; the dial up connection has an option to be guarded by an integrated firewall. You can configure your dial-up, virtual private network (VPN), and direct connections to enforce various levels of password authentication and data encryption. Authentication methods range from unencrypted to custom. The Internet Connection Firewall (ICF) should be enabled on any computer connected to the internet through a Broadband, cable or dial up connection. Communications that originate from a source outside an ICF computer, such as the Internet, are dropped by the firewall unless an entry in the Services tab is made to allow passage. Rather than sending you notifications about activity, ICF silently discards unsolicited communications, stopping common hacking attempts such as port scanning. Such notifications could be sent frequently enough to become a distraction. Instead, ICF can create a security log to view the activity that is tracked by the firewall. The log is by default ‗C:\Windows\pfirewall.log‘ where C: is your root drive. The firewall can be configured to allow ICMP and other services or disable them completely. The usage of certificates, digital documents used for secure authentication and transfer of data over networks and the internet, by internet explorer has increased the security of data and information exchange over the internet. The entity receiving the certificate is the subject of the certificate. The issuer and signer of the certificate is the certification authority. Typically, certificates contain the following information: The signature algorithm implemented (MD5, RSA etc) The subject's public key value The subject's identifier information, such as the name and e-mail address The validity period (the length of time that the certificate is considered valid) Issuer identifier information The digital signature of the issuer, which attests to the validity of the binding between the subject‘s public key and the subject‘s identifier information.
Page | 274
A Beginners Approach to Windows A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the now-expired certificate. Certificates can be viewed by using the Crypto Shell Extensions in Windows XP. Windows XP‘s users have additional security over Windows 98 users. Logon Passwords of XP users are hashed using the RSA MD4 hashing algorithm and then they are masked using another strong algorithm which has now been released by Microsoft. Once masked, the passwords are then stored into the Windows NT registry as the SAM file which resides at ‗%systemroot%\system32\config\sam‘ on the hard disk. Any attempt to open the file gives an error. Remote Assistance & Support: Windows XP comes with Remote Assistance which permits
support staff and computer technicians to temporarily take over a remote Windows XP computer over a network to resolve common software and hardware related issues. Remote Assistance can be used over the internet too. Remote Assistance is a convenient way to connect to another computer running a compatible OS (like Windows XP) and give a detailed walkthrough of the problem. After you are connected, you will be able to view your friend's computer screen and chat together in real time about what you both see. With your friend's permission, you can even use your mouse and keyboard to work with your friend on his or her computer. Remote Desktop is available only in Windows XP Professional. It is built on Terminal Services technology (Remote Desktop Protocol), and is similar to Remote Assistance, but allows remote users to access local resources such as printers. Any Terminal Services client, a special "Remote Desktop Connection" client, or a web-based client using an ActiveX control may be used to connect to the Remote Desktop. There are several resources that users can redirect from the remote server machine to the local client, depending upon the capabilities of the client software used: File System Redirection allows users to use their local files on a remote desktop within the terminal session. Printer Redirection allows users to use their local printer within the terminal session as they would with a locally or network shared printer. Port Redirection allows applications running within the terminal session to access local serial and parallel ports directly. Audio allows users to run an audio program on the remote desktop and have the sound redirected to their local computer. Clipboard can be shared between the remote computer and the local computer. Microsoft provides excellent online support along with frequent updates and security patches to keep your system protected at all times. These updates can be manually obtained from ‗http://windowsupdate.microsoft.com/‘ or Windows XP can be configured to silently download and apply updates without interfering with the users work. A major update released by Microsoft for Windows XP was Windows XP Service Pack 2 (there is a section dedicated to this update just a few pages ahead) which had several new patches and security addons. The Microsoft Knowledge Base, which is one of the most comprehensive online libraries on Microsoft Products gives detailed solutions to most customer related queries, be it Windows TCP/IP stack or common software uninstallation errors. The range of help offered is so wide that your guess is as good as mine. Microsoft has painstakingly compiled all its resources with the view of providing quality customer care through its web based help portal. The Help and Support Center that comes along with Windows XP provides excellent insights into the most usual problems faced by users when using a machine with Windows XP installed. Microsoft Help and Support Center is a comprehensive resource for practical tutorials, and demonstrations to help its users use Microsoft Windows XP. The Search feature provides excellent results, combined with the Index, or table of contents, all Windows Help resources, including those that are on the Internet can be viewed and accessed. In addition to the Help resources, you can access various Windows important and ‗life‘ saving utilities. Using Windows Help and Support Center, you can: Let a friend help you over the Internet by using Remote Assistance.
Page | 275
A Beginners Approach to Windows
Keep your computer up-to-date with the latest downloads from Windows Update. Use tools such as System Information to manage and maintain your computer. Find if your hardware and software are compatible with Windows XP. Use System Restore to get your computer to a previous functional state. Use troubleshooters to resolve common hardware and software issues. Get help online from a support professional by using Microsoft Online Assisted Support or from other Windows users through the Windows Newsgroups etc……
Task Manager: The Windows XP Task Manger is almost the same as that of Windows 2000,
except for the Networking and Users tab. Taskmanager can be opened by pressing Ctrl+Alt+Del, or by pressing Ctrl+Shift+Esc or by right clicking on the Taskbar and selecting Taskmanger. The Taskmanger is a handy utility which gives indepth information about any process running on your computer. You can get information like the PID (Process Identifier), the user running the process, CPU Time, Memory Usage (RAM Usage), Virtual Memory Size, I/O Reads, Thread Count etc… of a running program or process. You can select the columns by selecting Select Columns under the View menu. It displays the most commonly used performance measures for processes. You can see the status of the programs that are running and end programs that have stopped responding. You can also assess the activity of running processes using as many as fifteen parameters, and see graphs and data on CPU and memory usage. In addition, if you are connected to a network, you can view network status and see how your network is functioning. Finally, if you have more than one user connected to your computer, you can see who is connected, what they are working on, and you can send them a message. Be careful when ending a program, you will lose all unsaved data that you were working with in the program. Task Manager allows to ‗End Process Tree‘ an application, which means that the application along with any other processes that were created or started directly or indirectly by it will end. For e.g. if explorer.exe is given a ‗End Process Tree‘ while your Media Player and Internet Explorer is open then all of these applications along with startup programs and other indirect applications will end immediately. To get back the start button and your desktop back just go back to the Applications tab, click on New Task (same as Run) and type ‗explorer‘ (without the quotes…) Multimedia Enhancements: Windows XP boasts of an enhanced multimedia environment. Several
things have been improved in Windows XP to give its users the perfect experience that they can have when working with media files. The My Pictures folder in My Documents allows you to easily edit and organize photos. You can also create an online photo album or post photos to a Web site, add photos to a CD, and even order prints online. Windows Media Player is a cool program to play your audio and video files. You can perform virtually any task with music, from simply listening to a CD or Internet radio station to creating your own CDs and customized playlists. Several skins and visualizations are available which make playing and listening to music a visual treat. The Windows Movie Maker that comes bundled with Windows XP allows you to transfer files to your computer from a camcorder or digital video camera, or import external audio and video files into your work. You can collect, view, and edit video clips, and share your work by sending files in e-mail or posting them to a Web site. Power Management: Before Windows 98, power management was based on the Advanced Power
Management (APM) architecture. It was of limited use to most users and the feature was easily broken by the addition of hardware devices or software. In Windows 98, Advanced Configuration and Power Interface (ACPI ) was supported but disabled by default. Windows Me enabled ACPI by default. Windows XP's power management architecture is based on the ACPI standard. It supports multiple levels of sleep states, including critical sleep states when a mobile (or UPS connected) computer is running out of battery power, processor power control (the ability to adjust the speed of the computer's processor on-the-fly to save energy), and the ability of Windows XP to turn off the power to the screen of a laptop when the lid is closed. In addition, it also dims the screen when the laptop has low battery power. Page | 276
A Beginners Approach to Windows To change power options of your computer, goto Control Panel and open Power Options, under the Power Schemes tab select a Scheme suitable for your computer. . Hibernation: Hibernation involves Windows dumping the entire contents of the RAM to disk and then powering down. On startup it quickly reloads the data. It allows the system to be completely powered off while in hibernate mode. This requires a file the size of the installed RAM to be placed in the system's root directory, using up space even when not in hibernate mode. Hibernate mode is enabled by default and can be disabled in order to recover this disk space. To disable hibernaton open Control Panel, double click on Power Options, under the Hibernate Tab remove the Enable Hibernation check mark. Standby (Sleep) mode:
This involves Windows deactivating all nonessential hardware including the monitor, most fans, hard disks drives, and removable drives. This means that the system reactivates itself very quickly when 'woken up'. It does not allow the system to be powered down. In order to save power without user intervention a system can be configured to go to standby when idle and then hibernate if not re-activated. If hibernation is enabled, then holding the shift key down while the shutdown dialog box is open causes standby button to become the hibernate button. Windows Product Activation: Windows XP is the first Microsoft OS to use WPA or Windows
Product Activation to combat piracy. Activation requires the computer or the user to activate with Microsoft within a certain amount of time (30 days after the first run of the OS) in order to continue using the operating system. The informaton transmitted to Microsoft during activation includes a cryptographic hash of the following ten values: Display adapter name CD-ROM/ CD-RW/ DVD-ROM identification RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.) IDE adapter name Processor type SCSI adapter name Processor serial number (if applicable) Hard drive device type Hard drive volume serial number Network adapter MAC address This information is used to generate a number which, along with the CD Key and country of installation, is transmitted to Microsoft. Entering a specially crafted Volume License Key (VLK) into a copy of Windows XP Professional disables Windows Product Activation entirely. Copies of Windows XP Professional with WPA disabled through the use of a VLK are commonly referred to as "Windows XP Corporate Edition". A VLK can be entered during installation of Windows or afterwards, by invoking the Windows Product Activation Wizard. According to Microsoft, 90% of pirated installations of Windows XP use VLKs to bypass WPA. The most famous VLK being the one beginning with FCKGW, which was released with the first pirated copies of the final version of Windows XP. Activating and registering with Microsoft enables you to get faster help and resources to manage your computer more efficiently from time to time. >> Windows XP Service Pack 2 Service Pack 2 is not another operating system or so, but had to be included here because of its several advantages it has over Windows XP Service Pack 1. Major upgrades and patches are in the field of security. The main area of change is security, especially Internet security. Windows XP and its sister operating systems Windows 2000 and 2003 Server are well secured as far as protecting data and passwords go, but are full of holes when connected directly to the Internet. Page | 277
A Beginners Approach to Windows
The most visible change is that Service Pack 2 adds a Windows XP Security Center. This addition, which can be accessed through the Control Panel, gives users an easy access to the security features of XP such as the Firewall and Automatic Updates. The fully configurable firewall can now be accessed through the control panel instead of just a dumb check button in the Advanced Properties of your Internet Connection. The firewall is activated by default after the service pack is installed. More importantly, Microsoft has added screening for outbound connections to the firewall. This means that it can locate and block programs installed on your system that attempt to open ports so that other computers can connect to your system from the Internet thus preventing possible hack attacks. The new Internet Explorer Pop-up Blocker suppresses pop-up ads unless you choose to view them, and can be configured to allow specific websites to allow ads to appear. The Attachment Manager monitors and disables potentially unsafe attachments, which could contain viruses that might spread through Internet Explorer, Outlook Express, and Windows Messenger. Internet Explorer Add-On Manager allows the user to enable or disable any plugins or add-ons currently active in your Internet Explorer (Google and Yahoo! toolbars for example). Internet Explorer download Monitoring warns you about potentially harmful downloads and gives you the option to block files that could be malicious. Internet Explorer Information bar provides information about events that are happening as you browse the Web, so it is easier to know if anything is wrong with the page you are currently working with etc…… Other than security Service Pack 2 also gives Improved Wireless Support and has Windows Media Player 9 (cool) and a DirectX update to enable smooth functioning of games on your desktop.
Page | 278
A Beginners Approach to Windows
CHAPTER XV
Jargon Buster This chapter provides you the meanings of some common technical and computer related terms whose depth and meaning you were not able to grasp through the text. This chapter has been compiled with words that are used in common day computer related talks and will be useful in technical communication with your peers. After this chapter the reader should be able to: Use common computer and Internet related terms in everyday communication. Explain common concepts in computer working.
Page | 279
A Beginners Approach to Windows Technical Jargon may fill the air when you talk to some big shot of an IT related firm. You may feel left out in such talks. Here is a common list that will help you expand your line of thinking and communication. This list is compiled from various sources most of it being selected and condensed from the Microsoft Knowledge Base and the Glossary of Windows XP Home Edition Help & Support Centre.
XV.1: Definitions & Useful Terminology
Activation The process of unlocking all the features of a program by sending some encrypted unique key to the program company. This is usually incorporated to avoid piracy of the software. Windows XP uses WPA (Windows Product Activation) that allows the user to use Windows after 30 days of install for OEM machines. Active content Material that is updated frequently like news or weather reports is called active content Active partition The partition from which the computer boots. Usually C: drive on most computers running Windows. The active partition must be a primary partition on a basic disk. Active window A window that is being used or which is currently selected is called active. The operating system always applies the next keystroke or command you choose, to the active window. ActiveX Programmed interfaces that allow software to communicate with each other across networks and computers. ActiveX components can be written in various languages including C, VB and Visual C++. ActiveX controls allow users to click on buttons and tick checkboxes and make programmed interfaces easier to use by the end user. ActiveX controls are embedded into many programs for higher functionality, a fine example will be the file open dialog box that a program may have is due to an embedded ActiveX called comdlg32.ocx found in the system32 folder. Administrator Windows Administrators are the highest and the most powerful type of users on a system. An administrator is responsible for creating users, assigning passwords and permissions. Administrators can make system-wide changes to the computer, install software, and access all files on the computer. Administrators are members of the Administrators group and have full and unrestricted access to other user accounts on the computer. Allocation unit The smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. An allocation unit is also called a cluster. ASCII (American Standard Code for Information Interchange) A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. For example the number 5 is read by a standard computer as 35 or 00110101 and A is read as 41 or 01000001
Page | 280
A Beginners Approach to Windows Attribute For files, information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching. You can access the attributes of a file by giving a right-click >> properties on the file. You can also change or view the attributes of a file by using the attrib command through cmd.exe. Audio input device Any device capable of sending audio from an external source to the computer. Examples include microphones and CD ROM players. Authentication The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source of information, such as verifying a digital signature or verifying the identity of a user or computer by means of a password or digital code.
Background The Windows desktop background. Any picture file or pattern that can be applied as a Windows background is called a background picture file or simply a wallpaper. Bandwidth In analog communications, the difference between the highest and lowest frequencies in a given range. For example, an analog telephone line accommodates a bandwidth of 3,000 hertz (Hz), the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In digital communications, bandwidth is expressed in bits per second (bps). Bandwidth, when referring to digital systems, can simply be stated as the maximum amount of data that can be transferred through a given channel in a unit of time. Basic disk A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to four primary partitions, or three primary partitions and an extended partition with multiple logical drives. All standard hard disks are basic disk but can be converted to dynamic volumes. Basic input/output system (BIOS) A set of hardware implemented routines that runs and checks all hardware for connectivity, power and starts the operating system from the necessary disks or network according to the information stored in it. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. The system BIOS also supports the transfer of data among hardware devices through various data buses on the motherboard. Batch program/files A text file that contains one or more operating system commands in a sequential order and which is saved with a .cmd or a .bat extension. When you type the path and name of the file at the command prompt, Windows executes each instruction written in the file sequentially. Useful for doing repetitive tasks. Baud rate The speed at which a modem communicates with the server. Measured in bits per second (bps). Binary System A base-2 number system in which values are expressed as combinations of two digits, 0 and 1. The processor understands the language of computers in the form of binary digits. Instructions Page | 281
A Beginners Approach to Windows are passed to the devices and to the processor in the form of binary coded numbers. To convert a decimal (normal) number into binary, keep dividing by 2 till you get a remainder or zero and the remainders at each stage are kept as the number. For example: 5 is written as 0101 in 4 bit binary. Divide 5 by 2 you get 1 as remainder with 2x2 = 4, this remainder 1 is the least significant bit of our binary number. Next, you forget the remainder and divide 2 by 2 which gives you a 0 remainder, since 2x1 = 2. This zero remainder is our second digit from the right. Next you have 2x0 = 0, which gives you the remaining 1 as the remainder. This 1 is the third digit from the right. To make the number a complete nibble (a 4 bit binary number) we add a zero to the most significant position, that is to the extreme left. Thus you have 5 = 0101. To do the reverse you allot each position of the binary number with a 2 power value and then add its equivalent. The standard rule is, suppose 0101 is the binary 4 bit number, then the extreme right position carries a value of 0, then next position carries a value of 1, then 2, then 4, then 8, then 16, then 32 and so on. Hence you add its equivalent in the following manner: 1x1 + 0x2 + 1x4 + 0x8 = 1 + 4 = 5, which was our original number. Bits per second (bps) The number of bits transmitted every second, used as a measure of the speed at which a device, such as a modem, can transfer data. Boot The process of starting a computer. When first turned on (cold boot) or reset (warm boot), the computer runs the BIOS POSTs and other routine checks and then loads and starts the computer's operating system. Boot files The files needed to start an Operating System. With reference to Windows XP, ntldr and ntdetect.com. Boot partition The partition that contains the Operating System and its support files. The boot partition can be, but does not have to be the same as the system partition. Broadband connection A high-speed connection, usually pointing to Internet connectivity. Broadband includes DSL and cable modem service and are typically 256 kilobytes per second (KBps) or faster. Browser Program that decodes files from HTML format and displays them in a readable manner to the end user in the form of web pages. Some browsers allow users to read and send emails or listen to streaming audio or watch video files over the Internet. Common browsers include Internet Explorer, Opera, Netscape Navigator and Firefox. Buffer The process of collecting continuous fed information for output at once. In terms of hardware, a region of RAM reserved for use with data that is temporarily held while waiting to be transferred between two locations, such as between an application's data area and an input/output device. Bug A programming error that is left inside a program unconsciously. Bugs can be overcome by using the common ―On Error Resume Next‖ statement during programming, but it is not considered ethical. Programming bugs can sometimes be exploited by hackers to gain unauthorized access into computers. Example of a bug is when you add a number (integer) and a string (character) and try to assign this illogical computation to another integer. Another case could be when you try to divide a number by zero. Bugs usually cause the entire program to crash. The OS is not Page | 282
A Beginners Approach to Windows affected unless and until the program which has the bug is directly involved in the normal working of the OS itself. Burning The process of writing data from your computers hard disk or any other source to a CD ROM by using a specially designed device called a CD Writer or CD Burner. Bus A communication line used for data transfer among the components of a computer system. If you see the motherboard of your computer carefully you can see several lines running through the board, most of these carry data to and fro between various devices and the processor. A bus essentially allows different parts of the system to share data. Bytes A unit of data that typically holds a single character, such as a letter, a digit, or a punctuation mark. Some single characters can take up more than one byte. One byte is equal to 8 bits. For example the character ‗S‘ is ASCII 53 and hence the byte that equals the letter S is 01010011.
Cable modem A device that enables a broadband connection to the Internet by using cable television infrastructure. Access speeds vary greatly, with a maximum transfer of 10 megabits per second (Mbps). CD-R Recordable compact disc. Data can be copied to the CD on more than one occasion making them into multisession discs; however, data cannot be erased from the CD. CD-RW Rewritable compact disc. Data can be copied to the CD on more than one occasion and can be erased. Certificate A digital document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed by the issuing certification authority and can be issued for a user, a computer, or a service. Channel A path or link through which information passes between two devices.In terms of Internet terminology, a channel is a Web site designed to deliver content from the Internet to your computer, similar to subscribing to a favorite Web site. Client Any computer or program connecting to, or requesting the services of, another computer or program. Client can also refer to the software that enables the computer or program to establish the connection. Communication port A port on a computer that allows asynchronous communication of one byte at a time. A communication port is also called a serial port. You can connect various devices including printers and scanners to a serial port. Compatibility mode A feature of a computer or operating system that allows it to run programs written for a different system. Programs can be configured to run in compatibility mode of Windows 95, 2000 or NT on Page | 283
A Beginners Approach to Windows a Windows XP system. See the properties of the shortcut to the program. Programs often run slower in compatibility mode.
Default user The profile that serves as a basis for all user profiles. Every user profile begins as a copy of the default user profile. Windows XP has its default profile stored in C:\Documents & Settings\Default User\. Defragmentation The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval. Desktop The on-screen work area on which windows, icons, menus, and dialog boxes appear. This is also the first screen that a user sees when he/she logs on to a Windows system. Device Any piece of equipment that can be attached to a network or computer; for example, a computer, printer, joystick, adapter, or modem card, or any other peripheral equipment. Devices normally require a device driver to function with Windows. Device driver A program that allows a specific device, such as a modem, network adapter, or printer, to communicate with the operating system. Although a device might be installed on your system, Windows may not be able to use the device until you have installed and configured the appropriate driver. Device manager An administrative tool that you can use to manage the devices on your computer. Using Device Manager, you can view and change device properties, update device drivers, configure device settings, and uninstall devices. Right click on My Computer and select Manage >> Device manager. Dialog box A secondary window that contains buttons and various kinds of options through which you can configure certain settings or save or run some command or task. Digital video disc (DVD) A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. DVDs are often used to store full-length movies and other multimedia content that requires large amounts of storage space. DirectX An extension of the Microsoft Windows operating system that allows you to use the advanced multimedia capabilities of the hardware connected to your computer to play games and run other programs more efficiently. To configure DirectX settings, go to Start >> Run >> dxdiag. Domain A group of computers connected together primarily for administrative purposes. The domain is managed by a central domain controller that runs a database of information about the other systems on the network called the Active Directory. This database can be used to create users, groups and assign policies to the other computers on the network via the domain controller.
Page | 284
A Beginners Approach to Windows Double-byte characters A set of characters in which each character is represented by two bytes or 16 bits. Some languages, such as Japanese, Chinese, and Korean, require double-byte character sets. Download To transfer a copy of a file from a remote computer to the requesting computer by means of a modem or network. On the internet there are complete websites dedicated to downloading of software, music, movies, games and other files. Drive An area of storage that is formatted with a file system and has a drive letter. The storage can be a floppy disk, a CD, a hard disk, or another type of disk. You can view the contents of a drive by clicking its icon in My Computer. Dual boot A computer configuration that can start two different operating systems. Dynamic-link library (DLL) DLLs are files that contain extra functions or routines that are called by the main program only when needed. Many exe files carry dlls to lower their file size. For example Microsoft Word has its own dll files that contain functions to display toolbars in the main program. These dll files are installed along with the normal installation of Microsoft Word. An example that can be given here is the less heard impmail.dll that has the functions and routines to import mail in Outlook Express.
Egg Eggs are interesting programming ―mistakes‖ or bugs left on purpose in a program usually for the sake of fun. Eggs are usually not visible or seen unless a certain combination of keystrokes or some special input is given in the form of a number or string. Example of an egg in Windows is the solitaire egg. Open solitaire and press ALT + Shift + 2 on the keyboard to directly end the game. Embedded Object Information created in another program that has been pasted inside another document. When information is embedded, you can edit the information in the new document using toolbars and menus from the original program. For example, if you embed a audio file in a word document, you can play the audio by clicking on the toolbar that Word shows you when embedding is successful. Encrypting File System (EFS) The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003. (Windows XP Home doesn't include EFS) that allows transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. Unlike 3rd-Party encryption tools, EFS is fully integrated into the Windows Explorer shell, thus enabling easy encryption and decryption of files and folders. Encryption The process of disguising a message or data in such a way as to hide its actual meaning. This can be done by passing the message through an encryption algorithm that, for instance, replaces letters by their equivalent alphabetical numbers. Like A = 1, B = 2 etc, thus making the message difficult to read. The message is decrypted by passing it through a reverse algorithm. EULA End User License Agreement. This is a legal agreement between the company supplying the software and the end user containing all the legal aspects of distribution, installation and use of Page | 285
A Beginners Approach to Windows the software. The Windows EULA is displayed during installation and if you wish to read it after installation, you can open any explorer window and click on Help >> About Windows. In the dialog box that opens click on the blue End User License Agreement link to open the EULA.txt file. You can also manually read the EULA by going to Start >> Run >> eula.txt Extended characters Any of the 128 additional characters in the extended ASCII (8-bit) character set. These characters include those in several non-English languages, such as accent marks, and special symbols used for creating pictures like smileys (, ) etc. Extended partition Extended partitions are used to create multiple logical drives within themselves. Unlike primary partitions, you do not format an extended partition with a file system and then assign a drive letter to it. Instead, you create one or more logical drives within the extended partition. After you create a logical drive, you format it and assign it a drive letter. An MBR disk can have up to four primary partitions, or three primary partitions, one extended partition, and multiple logical drives. Extract Extraction is done to compressed files. When you extract a file, an uncompressed copy of the file is created in a folder you specify. The original file remains in the compressed folder. Popular compression formats include .zip, .rar and .tgz. Windows XP has inbuilt support for .zip files.
FAT A file system used by MS-DOS and other Windows-based operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. FAT32 A more efficient derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes. File extension A file extension is the text that follows the dot in a filename and which describes the contents and type of file and to some extent the application associated with it. For example Track.mp3 denotes the file to be a file of type audio or whatever.txt for that matter denotes a text file that can be opened and edited using notepad in Windows. File system In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems. File Transfer Protocol (FTP) A member protocol of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server. The ftp works through port 21. Firewall A software or hardware based program or a collection of them which prevents unauthorized access from the region defined as being outside the perimeter of a computing environment, can include the Local Area Network and/or the internet. A firewall basically prevents direct communication between network and external computers by routing communication through a dummy server outside of the network, which is called as a proxy server. The proxy server
Page | 286
A Beginners Approach to Windows determines whether it is safe to let a file pass through to the network. Most firewalls have comprehensive log files that describe communication attempts and other routing information. Flash Content Animation of text or characters or images with or without audio that are embedded into web pages for better appeal and effects. Flash is a product of Macromedia Inc. Flash is platform independent if the correct plug-in is installed. On Windows, the plug-in is found in the %systemroot%\system32\Macromed\Flash\ as Flash.ocx. Floppy Disk A reusable magnetic storage medium. The floppy disk used today is the rigid 3.5-inch disk that holds 1.44 MB. Font A graphic design that is applied to text or characters and symbols. A graphic design applied to a collection of numbers, symbols, and characters. A font describes a certain typeface, along with other qualities such as size, spacing, and pitch. Common fonts include Arial, Verdana and Tahoma Fragmentation When a file is copied from an external source to a physical disk (e.g. hard disk) the file is copied to all the free areas of the disk irrespective of the location. This causes an increase in fetching and retrieval of the file. This scattering is called file fragmentation.
Gigabyte (GB) 1,024 megabytes, though often interpreted as approximately one billion bytes. Guest An account specifically meant to provide restricted access to resources on a Windows XP computer. Guest users can login and check their mail and then logoff.
Hard disk A device, also called hard disk drive, that contains one or more inflexible platters coated with material in which data can be recorded magnetically with read/write heads. The hard disk exists in a sealed case that protects it and allows the head to fly 10 millionths to 25 millionths of an inch above the surface of a platter. Data can both be stored and accessed much more quickly than on a floppy disk. The primary storage medium for home and office computers. Hardware Any physical component of a computer that includes any peripheral equipment like printers, external modems, keyboards and mice. Hardware profile Data that describes the configuration and characteristics of specific computer equipment. This information can be used to configure computers for using peripheral devices. Different hardware profiles may be created by disabling or enabling devices. Hibernation A state in which your computer shuts down after saving everything in memory on your hard disk. When you bring your computer out of hibernation, all programs and documents that were open are restored to your desktop. Hibernation, if enabled can be accessed by pressing the Shift button during the Shutdown option display.
Page | 287
A Beginners Approach to Windows Hive A section of the registry that appears as a file on your hard disk. By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor to edit the file. Host Any Windows computer that runs a service program or any other program to which other computers on the network require access to. Some computers are specifically configured to run as servers for various client machines. Examples include telnet, web hosting and ftp servers. HTTP (Hypertext Transfer Protocol) The protocol used to transfer information on the World Wide Web. A type of HTTP address takes the form: http://www.microsoft.com. Hub A common connection point for devices in a network. Typically used to connect segments of a local area network (LAN), a hub contains multiple ports. When data arrives at one port, it is copied to the other ports so that all segments of the LAN can see the data. Hue The position of a color along the color spectrum. For example, green is between yellow and blue. This attribute can be set using Display in Control Panel. Hyperlink Colored and underlined text or a graphic that you click to go to a file, a location in a file, an HTML page on the World Wide Web, or an HTML page on an intranet. Hyperlinks can also go to newsgroups and to Gopher, Telnet, and FTP sites. HTML (Hypertext Markup Language) A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links. Most web pages that are available online are written in HTML.
Icon A small image displayed on the screen to represent an object that can be manipulated by the user. Icons serve as visual mnemonics and allow the user to control certain computer actions without having to remember commands or type them at the keyboard. You can double click an icon to open the file or folder or drive. More functions are available on the right click of the icon. IDE (Integrated Device Electronics) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate adapter card. Most home computer motherboards have 2 IDE channels on which you can connect maximum 4 IDE devices. Common IDE devices include Hard disk drives, CD ROM drives and DVD Drives. IIS (Internet Information Services) Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Page | 288
A Beginners Approach to Windows Insertion point The place where text will be inserted when typed. The insertion point usually appears as a flashing vertical bar in an application's window or in a dialog box. Install When referring to software, to add program files and folders to your hard disk and related data to your registry so that the software runs properly. Installing contrasts with upgrading, where existing program files, folders, and registry entries are updated to a more recent version. When referring to hardware, to physically connect the device to your computer, to load device drivers onto your computer, and to configure device properties and settings. Internet A worldwide network of millions of computers. If you have access to the Internet, you can retrieve information from millions of sources, including schools, governments, businesses, hospitals, shopping malls, military installations, industries, space agencies and individuals. You can connect to the internet through phone lines, direct cables or through an ISP. Internet address An address for a resource on the Internet that is used by Web browsers to locate Internet resources. An Internet address typically starts with a protocol name, followed by the name of the organization that maintains the site; the suffix identifies the kind of organization it is. For example, the address http://www.yale.edu/ provides the following information: http: This Web server uses the Hypertext Transfer Protocol. www: This site is on the World Wide Web. edu: This is an educational institution. Internet address is also called Uniform Resource Locator (URL). Interrupt A request for attention from the processor. When the processor receives an interrupt, it suspends its current operations, saves the status of its work, and transfers control to a special routine known as an interrupt handler, which contains the instructions for dealing with the particular situation that caused the interrupt. Intranet A network within an organization that uses Internet technologies and protocols, but is available only to certain people, such as employees of a company. An intranet is also called a private network. IP address A 32-bit address used to identify a node on an IP inter-network. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27) ISDN (Integrated Services Digital Network) A high-speed digital telephone service that can dramatically increase the speed at which you connect to the Internet or to your corporate LAN (local area network). ISDN can operate at 128 kilobytes per second (Kbps), which is five or more times faster than many analog modems. ISP (Internet service provider) A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password, and other connection information so users can connect their computers to the ISP's computers. An ISP typically charges a monthly or hourly connection fee.
Page | 289
A Beginners Approach to Windows
Keyboard Standard input device for computers having keys for characters and numbers along with secondary keys that provide additional functionalities. Many keyboards nowadays have around 102 keys. Kilobyte (KB) 1,024 bytes, though often interpreted as 1,000 bytes.
LAN (Local Area Network) LANs are network restricted to a specific locality but may take upto 500 computers and other devices including switches, hubs, USB devices, routers and cable modems. Linked Object An object that is inserted into a document but still exists in the source file. When information is linked, the new document is updated automatically if the information in the original document changes. If you want to edit the linked information, double-click it. The toolbars and menus from the original program will appear. If the original document is on your computer, changes that you make to the linked information will also appear in the original document. Log file A file that stores messages generated by an application, service, or operating system. These messages are used to track the operations performed. For example, Web servers maintain log files listing every request made to the server. Log files are usually plain text (ASCII) files and often have a .log extension. Logical Drive A volume that you create within an extended partition on a basic master boot record (MBR) disk. Logical drives are similar to primary partitions, except that you are limited to four primary partitions per disk, whereas you can create an unlimited number of logical drives per disk. A logical drive can be formatted and assigned a drive letter which can be then accessed from My Computer or by using the Windows Explorer. Logon The process of connecting to a computer by using a username and password. Locally, on a Windows XP system, Logon refers to the process of confirming your identity with the SAM by entering a username and password (if required) and then loading a pre-saved set of user environment for the user. Logon script Typically a batch file, a logon script runs automatically every time the user logs on. It can be used to configure a user's working environment at every logon. Long name A folder name or file name longer than the 8.3 file name standard (up to eight characters followed by a period and an extension of up to three characters) of the FAT file system. Windows XP supports long file names up to 255 characters.
Master IDE device Any device connected to an IDE channel on the motherboard and which is configured to be a master by means of jumper settings on the device. Masters have higher data transfer priority than slaves.
Page | 290
A Beginners Approach to Windows Maximize To enlarge a window to its largest size by clicking the Maximize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing X. MBR (Master Boot Record) The first sector on a hard disk, which starts the process of booting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code. Megabyte (MB) 1,048,576 bytes, though often interpreted as 1 million bytes. Minimize To reduce a window to a button on the taskbar by clicking the Minimize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing N. Modem (Modulator/Demodulator) A device that allows computer information to be transmitted and received over a telephone line. The transmitting modem translates digital computer data into analog signals that can be carried over a phone line. The receiving modem translates the analog signals back to digital form. Motherboard The main circuit board of a microcomputer. The motherboard contains the connectors for attaching additional boards. The processor, IDE channels (if any), floppy disk controllers and memory modules are connected to the motherboard. Mounted Drive A drive attached to an empty folder on an NTFS volume. Mounted drives function the same as any other drive, but are assigned a label or name instead of a drive letter. The mounted drive's name is resolved to a full file system path instead of just a drive letter. Members of the Administrators group can use Disk Management to create mounted drives or reassign drive letters. MouseKeys A keyboard feature that enables you to use the numeric keypad to move the mouse pointer and to click, double-click, and drag. MS-DOS-based program A program that is designed to run with MS-DOS and therefore may not be able to take full advantage of all Windows features. My Computer A folder that is accessible through the start menu or the desktop and which shows all the disk drives and removable media connected to your computer. You can access all other drives (C:, D:, etc) through the icons shown in My Computer. To change the settings of your computer you can go to the Control Panel which is also displayed in My Computer. My Documents A folder that provides you with a convenient place to store documents, graphics, or other files you want to access quickly. When you save a file in a program such as WordPad or Paint, the file is automatically saved in My Documents, unless you choose a different folder.
Page | 291
A Beginners Approach to Windows
Network A group of computers and other devices, such as printers and scanners, connected by a communications link, enabling all the devices to interact with each other. Networks can be small or large, permanently connected through wires or cables, or temporarily connected through phone lines or wireless transmissions. The largest network is the Internet, which is a worldwide group of networks. Network adapter A device that connects your computer to a network. This device is sometimes called an adapter card or network interface card or a LAN card. Network administrator A person responsible for planning, configuring, and managing the day-to-day operation of the network. Network administrator is also called a system administrator. Network password A password that you use to log on to a network. You can make this the same as your Windows password, so you have only one password to remember. Notification area The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete or the Windows Activation reminder or CD burning files. NTFS file system An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression. Windows 98 does not support the NTFS file system, although you get third party software like NTFSDOS which can access the NTFS file system and copy data to a FAT drive through the DOS environment. Number System Any system for representing numbers. The four number systems available are decimal, hexadecimal, octal, and binary. Decimals are from 0 to 9 and their combinations, hexadecimal counts from 0 to 9 and then A, B, C, D , E and F where F is decimal 15 and hexadecimal 10 is decimal 16. Octal counts using 8 numbers and binary counts using 1 and 0 where binary 01 is decimal 1 and 10 is decimal 2, 11 is decimal 3, 100 is 4 and 101 is decimal 5 and so on.
OLE (Object Linking & Embedding) A way to transfer and share information between applications by pasting information created in one application into a document created in another application, such as a spreadsheet or word processing file. OpenType fonts Outline fonts that are rendered from line and curve commands, and can be scaled and rotated. OpenType fonts are clear and readable in all sizes and on all output devices supported by Windows. OpenType is an extension of TrueType font technology. Page | 292
A Beginners Approach to Windows
Overflow Overflow refers to the condition when a calculation gives an unexpected result or a result that cannot be stored or computed using the present architecture. Examples include divide by zero or the infinite calculation of the product of all integers etc. Most programs are written in such a way as to prevent overflows or to hang and terminate when met with such a condition.
Packet An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data. Page Fault The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present. In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started. Page Faults Delta In Task Manager, the change in the number of page faults since the last update. Paged Pool The system-allocated virtual memory that has been charged to a process and that can be paged. Paging is the moving of infrequently-used parts of a program's working memory from RAM to another storage medium, usually the hard disk. In Task Manager, the amount of system-allocated virtual memory, in kilobytes, used by a process. Paging File A hidden file on the hard disk that Windows uses to hold parts of programs and data files that do not fit in memory. The paging file and physical memory, or RAM, comprise virtual memory. Windows moves data from the paging file to memory as needed and moves data from memory to the paging file to make room for new data. Paging file is also called a swap file. In Windows the paging file is found at the root of drives and named as pagefile.sys. Partition A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it. On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes. Password A security measure used to restrict logon names to user accounts and access to computer systems and resources. A password is a string of characters that must be provided before a logon name or an access is authorized. A password can be made up of letters, numbers, and symbols, and it is case sensitive. Peak Memory Usage In Task Manager, the peak amount of physical memory resident in a process since it started. Phishing A technique employed by crackers on the Internet to steal sensitive information like Credit card numbers, Usernames and Passwords by displaying web pages that appear genuine, thereby
Page | 293
A Beginners Approach to Windows fooling users in using their personal details which could possibly be then redirected to the special servers that collect this information. Pixel Short for picture element, one spot in a rectilinear grid of thousands of such spots that form an image produced on the screen by a computer or on paper by a printer. A pixel is the smallest element that display or print hardware and software can manipulate to create letters, numbers, or graphics. A pixel is also called a pel. Plaintext Data that is not encrypted. Sometimes also called cleartext. Plug and Play A set of specifications developed by Intel that allows a computer to automatically detect and configure a device and install the appropriate device drivers. Power scheme A group of preset power-management options. For example, you can set elapsed times for putting your computer on standby and for turning off your monitor and hard disk. You save these settings as a named power scheme. Primary disk The hard disk drive that contains the system and boot partitions used to start Windows. Primary mouse button The button you use most often for clicking and double-clicking. The primary mouse button is the left button on most mice and trackball devices, and the lower button on some trackball devices, but you can switch the function of the buttons by using the Mouse Properties dialog box in Control Panel. Print queue A print queue is a list of documents waiting to be printed on the printer. In the print queue, you can see information such as the size of the document, who sent the document, and status information for printing. Print spooler Software that accepts a document sent to a printer and then stores it on disk or in memory until the printer is ready for it. This collection of dynamic-link libraries (DLLs) receives, processes, schedules, and distributes documents for printing. The term spooler is an acronym created from simultaneous print operations on line. Printer A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers. Program A complete, self-contained set of computer instructions that you use to perform a specific task, such as word processing, accounting, or data management. Program is also called application. Program information file (PIF) A file that provides information to Windows about how best to run MS-DOS-based programs. When you start an MS-DOS-based program, Windows looks for a PIF to use with it. PIFs contain such items as the name of the file, a start-up directory, and multitasking options.
Page | 294
A Beginners Approach to Windows Protocol A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.
Quick Launch A customizable toolbar that lets you display the Windows desktop or start a program (for example, Internet Explorer) with a single click. You can add buttons to start your favorite programs from the Quick Launch location on the taskbar.
RAM (Random Access Memory) Memory that can be read from or written to by a computer or other devices. Information stored in RAM is lost when the computer is turned off. Reboot To restart a computer by reloading the operating system. This can be done by performing either a cold boot, such as turning the computer off and then back on, or a warm boot, such as turning the computer off by going to Start >> Shut Down and then clicking Restart. Recovery Console A command-line interface that provides a limited set of administrative commands that are useful for repairing a computer. Recycle Bin The place in which Windows stores deleted files. You can retrieve files you deleted in error, or you can empty the Recycle Bin to create more disk space. Registered file type File types that are tracked by the system registry and are recognized by the programs you have installed on your computer. Request for Comments (RFC) An official document of the Internet Engineering Task Force (IETF) that specifies the details for protocols included in the TCP/IP family. Remote Administration Tool (RAT) A type of program that allows users to remotely control computers across the Internet or the Local Area Network. These applications, usually based on the Client-Server Architecture, allow the remote users complete access to system resources and memory. The remote user can move the mouse cursor and install and run programs amongst others. Notable examples include BackOrifice and NetBus. Undocumented RATs are considered to be malicious. Restore Point A representation of a stored state of your computer. Restore point is created by System Restore at specific intervals and when System Restore detects the beginning of a change to your computer. Also, restore point can be created by you manually at any time. Right-Click To position the mouse over an object, and then press and release the secondary (right) mouse button. Right-clicking opens a shortcut menu that contains useful commands, which change depending on where you click.
Page | 295
A Beginners Approach to Windows ROM An acronym for Read-Only Memory, a semiconductor circuit into which code or data is permanently installed by the manufacturing process. ROM contains instructions or data that can be read but not modified. Router In a Windows environment, hardware that helps LANs and WANs achieve interoperability and connectivity, and can link LANs that have different network topologies (such as Ethernet and Token Ring). Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance. Routing The process of forwarding a packet through an internetwork from a source host to a destination host.
Saturation In color management, the purity of a color's hue, moving from gray to the pure color. Scrap A file that is created when you drag part of a document to the desktop. Screen resolution The setting that determines the amount of information that appears on your screen, measured in pixels. Low resolution, such as 640 x 480, makes items on the screen appear large, although the screen area is small. High resolution, such as 1024 x 768, makes the overall screen area large, although individual items appear small. Script A type of program consisting of a set of instructions to an application or tool program. A script usually expresses instructions by using the application's or tool's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment. Script Kiddie Inexperienced malicious hackers who use tools written by other computer programmers and hackers to launch attacks against computer systems and networks and/or deface websites. Script kiddies lack the ability to write their own programs and attempt to hack to impress friends or gain popularity in underground hacking communities. SCSI (Small Computer System Interface) A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices such as hard disks and printers, and to other computers and local area networks (LANs). Select To specify a block of data or text on screen by highlighting it or otherwise marking it, with the intent of performing some operation on it. Server In general, a computer that provides shared resources to network users. Service A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. Some examples of services are the Page | 296
A Beginners Approach to Windows Security Accounts Manager service, File Replication service, and Routing and Remote Access service. Share To make resources, such as folders and printers, available to others. Shared folder A folder on another computer that has been made available for other people to use on the network. Shared printer A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for you to use. Shared printer is also called a network printer. Shortcut A link to any item accessible on your computer or on a network, such as a program, file, folder, disk drive, Web page, printer, or another computer. You can put shortcuts in various areas, such as on the desktop, on the Start menu, or in specific folders. Slave IDE device Any device connected to an IDE channel on the motherboard and which is configured to be a slave by means of jumper settings on the device. Slaves have lower data transfer priority than masters. Snap-in A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in. Sound card Accessory expansion board for personal computers that permits recording and playing back sound. Sound file A sound file contains information that Windows uses to play sounds on your computer. Sound files have the file name extension .wav. Standby A state in which your computer consumes less power when it is idle, but remains available for immediate use. While your computer is on standby, information in computer memory is not saved on your hard disk. If there is an interruption in power, the information in memory is lost. Subnet mask A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.x.x.x. Switching hub A advanced hub that forwards packets to specific ports rather than, as in conventional hubs, broadcasting every packet to every port. In this way, the connections between ports deliver the full bandwidth available.
Page | 297
A Beginners Approach to Windows System Partition The partition that contains the boot files needed to start the Operating System (Ntldr, Boot.ini, NtDetect.com), usually the C: drive in My Computer. The system partition can be but does not have to be, the same as the boot partition. System Restore An inbuilt tool of Windows that tracks changes to your computer and creates a restore point when it detects the beginning of a change. You can use the System Restore Wizard to select a restore point to restore your computer to an earlier state when your computer was functioning the way you like. Systemroot The path where the Windows system files are located. Typically, this is C:\Windows, although you and folder name can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Window system files in any script or code. %systemroot% is an Global environment variable. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.
Tab Part of a dialog box that resembles blocks on top which when selected or clicked upon provide navigation between different sections of information in the dialog box. Task Manager A utility that provides information about programs and processes running on the computer. Using Task Manager, you can end or run programs and end processes, and display a dynamic overview of your computer's performance. Taskbar The bar that contains the Start button and appears by default at the bottom of the desktop. You can click the taskbar buttons to switch between programs. You can also hide the taskbar, move it to the sides or top of the desktop, and customize it in other ways by changing its properties. TCP/IP A set of networking protocols widely used on the Internet that provides communications across interconnected networks of computers with diverse hardware architectures and various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic. Telnet A terminal-emulation protocol that is widely used on the Internet to log on to network computers. Telnet also refers to the application that uses the Telnet protocol for users who log on from remote locations. Telnet servers usually run on port 23. Thumbnail A miniature version of an image that is often used for quick browsing through multiple images. Title Bar The horizontal bar at the top of a window that contains the name of the window. On many windows, the title bar also contains the program icon, the Maximize, Minimize, and Close buttons, and the optional ? button for context-sensitive Help. To display a menu with commands such as Restore and Move, right-click the title bar.
Page | 298
A Beginners Approach to Windows ToggleKeys A feature that sets your keyboard to beep when one of the locking keys (CAPS LOCK, NUM LOCK, or SCROLL LOCK) is turned on or off. Toolbar In a program in a graphical user interface, a row, column, or block of on-screen buttons or icons. When clicked, these buttons or icons activate certain functions, or tasks, of the program. For example, the toolbar in Microsoft Word contains buttons for, among other actions, changing text to italic or boldface, and for saving or opening a document. Users can often customize toolbars and move them around on the screen. Trojan Horse Broadly speaking a Trojan Horse is an application that impersonates as another common application in order to receive information. Trojan horses have also been used in common reference to Remote Control Tools, applications that when executed on a computer gives an attacker complete control of the remote system. Netbus, SubSeven, BackOrifice are well known Trojan Horses.
Unallocated space Available disk space that is not allocated to any volume. The type of volume that you can create on unallocated space depends on the disk type. On basic disks, you can use unallocated space to create primary or extended partitions. On dynamic disks, you can use unallocated space to create dynamic volumes. Use the Disk Management console under Computer Management to view and create Partitions. Unallocated Space can be formatted into a drive that can be used to store data. Unicode A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode character collection has multiple representation forms, including UTF-8, UTF-16, and UTF-32. Unicode Transmission Format 8 (UTF-8) A character set for protocols evolving beyond the use of ASCII. The UTF-8 protocol provides for support of extended ASCII characters and translation of UCS-2, an international 16-bit Unicode character set. UTF-8 enables a far greater range of names than can be achieved using ASCII or extended ASCII encoding for character data. Uninstall When referring to software, the act of removing program files and folders from your hard disk and removing related data from your registry so the software is no longer available. This is usually done through the Add/Remove Programs applet of Control Panel. Many programs come shipped with their own uninstallers. When referring to hardware, the act of removing the corresponding device drivers from your hard disk and physically removing the device from your computer. UPS (Uninterruptible Power Supply) A device connected between a computer and a power source to ensure that electrical flow is not interrupted. UPS devices use batteries to keep the computer running for a period of time after a power failure. UPS devices usually provide protection against power surges and brownouts as well. UPS service A service that manages an uninterruptible power supply (UPS) connected to a computer.
Page | 299
A Beginners Approach to Windows URL (Uniform Resource Locator) An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded with http://. A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm. For example http://www.geocities.com/frozencasanova/index.html. USB (Universal Serial Bus) An external bus that supports Plug and Play installation. Using USB, you can connect and disconnect devices without shutting down or restarting your computer. You can use a single USB port to connect up to 127 peripheral devices, including speakers, telephones, CD-ROM drives, joysticks, tape drives, keyboards, scanners, and cameras. A USB port is usually located on the back of your computer near the serial port or parallel port. USB port An interface on the computer that enables you to connect a Universal Serial Bus (USB) device. USB is an external bus standard that enables data transfer rates of 12 Mbps (12 million bits per second). USB ports support a plug that is approximately 7 mm x 1 mm. User A person who uses a computer. If the computer is connected to a network, a user can access the programs and files on the computer, as well as programs and files located on the network (depending on account restrictions determined by the network administrator). User account A record that consists of all the information that defines a user to Windows. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network, and accessing their resources. For Windows XP Professional and member servers, user accounts are managed with Local Users and Groups. For Windows Server domain controllers, user accounts are managed with Microsoft Active Directory Users and Computers. User name A unique name identifying a user account to Windows. An account's user name must be unique among the other group names and user names within its own domain or workgroup. User password The password stored in each user's account. Each user generally has a unique user password and must type that password when logging on or accessing a server.
Video adapter An expansion board that plugs into a personal computer to give it display capabilities. A computer's display capabilities depend on both the logical circuitry (provided in the video adapter) and the monitor. Each adapter offers several different video modes. The two basic categories of video modes are text and graphics. Within the text and graphics modes, some monitors also offer a choice of resolutions. At lower resolutions a monitor can display more colors. Most modern adapters contain memory, so that the computer's RAM is not used for storing displays. In addition, most adapters have their own graphics coprocessor for performing graphics calculations. These adapters are often called graphics accelerators. Popular examples include the NVidia GeForce and Banshee graphics accelerators. Virtual DOS Memory (VDM) VDM simulates a 16-bit environment, complete with the dynamic-link libraries (DLLs) that 16-bit programs require. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run Page | 300
A Beginners Approach to Windows simultaneously. VDM can be manually selected by using the Run in Separate Memory Space option in the Run box. Virtual memory Temporary storage used by a computer to run programs that need more memory than it has. For example, programs could have access to 4 gigabytes of virtual memory on a computer's hard drive, even if the computer has only 32 megabytes of RAM. The program data that does not currently fit in the computer's memory is saved into paging files. VPN (Virtual Private Network) The extension of a private network that includes encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet. VoIP (Voice over Internet Protocol) A method for sending voice over a LAN, a WAN, or the Internet using TCP/IP packets. Volume An area of storage on a hard disk. A volume is formatted by using a file system, such as FAT or NTFS, and has a drive letter assigned to it. You can view the contents of a volume by clicking its icon in Windows Explorer or in My Computer. A single hard disk can have multiple volumes, and volumes can also span multiple disks.
WAN (Wide Area Network) A communications network connecting geographically separated computers, printers, and other devices. A WAN allows any connected device to interact with any other on the network. Window A portion of the screen where programs and processes can be run. You can open several windows at the same time. For example, you can open your e-mail in one window, type a letter in another, copy files from a floppy disk in another window, and play a game of solitaire in another window. Windows can be closed, resized, moved, minimized to a button on the taskbar, or maximized to take up the whole screen. Wizard A tool that guides a user through the steps of a process or task by asking a series of questions or presenting options. For example, wizards might help you to start up a word processing document, install software, or create an internet connection for the first time. Workgroup A group of computers connected in a network primarily for the purpose of sharing resources and files. Unlike a domain there is no central database and each system acts as a standalone machine. Suitable for small office and home networks. World Wide Web A system for exploring the Internet by using hyperlinks. When you use a Web browser, the Web appears as a collection of text, pictures, sounds, and digital movies. Writable CD Recordable compact disc (CD-R) or rewritable compact disc (CD-RW). Data can be copied to the CD on more than one occasion. Rewritable compact discs can also be erased and new data can be written on it using a CD Writer.
Page | 301
A Beginners Approach to Windows
X86 Refers to microprocessors that have or imitiate the 32-bit Intel processor architecture. Pentium I, II, III and IV, Celeron are all examples of X86 processors.
Page | 302
A Beginners Approach to Windows
Answers to Challenges Chapter I: Challenge: Change boot sequence. Solution: This procedure may not work on your computer due to difference in motherboards and the CMOS. Please refer to your Motherboard manual on how to get into the BIOS Setup. Long cut method: When your computer starts you can press the DELETE key just after you hear the first beep or when the “Hit if you want to run SETUP” message pops up. Once inside the BIOS setup go to the Advanced Setup Page and change the 1st Boot Device, 2nd Boot Device and the 3rd Boot Device to any sequence you wish to. But also see to it that the “Try Other Boot Devices” is enabled or set to „Yes‟. This is just a precautionary measure taken to start your computer even if you have messed up the boot sequence. This method will permanently change your boot sequence until you go back and change it in the BIOS Setup. Short cut method: When you power up your computer you can press Esc or the F8 key to take you to a small menu which enables you to select your 1st boot device to your CD ROM, Floppy Drive, HDD, LAN etc. Just select the one you want and press Enter. This method is effective if you wish to boot from your CD ROM Drive while installing Windows. It saves you the hassles of going into the BIOS Setup and possibly messing up things. If no proper bootable device is found then the computer follows the order specified in the BIOS.
Page | 303
A Beginners Approach to Windows Chapter II: Challenge 1: Create a Windows 98 Startup disk. Solution: This is an easy job. Windows 98 DOS mode can be started from a floppy disk. You will not be able to use the Graphical Interface instead you can work in the DOS mode and correct problems. To create a startup disk, insert a floppy into the floppy drive. Open My Computer and right click on the 3 ½ inch Floppy drive icon. From the right click menu select Format. In the format page that opens, put a tick mark where it says Create Startup Disk. Click on Format to obtain a bootable floppy disk. Challenge 2: Change the name of your computer, AFTER installing Windows XP completely. Solution: To change the name of your computer, Right click on My Computer and select Properties. Click on the second tab after General called „Computer Name‟. Under this tab, click on Change. Enter a new name for your computer. This name can be 15 characters long and should consist of standard characters (A-Z, numbers 0-9, and hyphen). The name should not have a full stop and should not have all its characters as numbers. Please do not use the name of any user on the computer. You may be asked to restart your computer.
Page | 304
A Beginners Approach to Windows Chapter III: Challenge 1: This is for users with a single OS; Enable the visibility of the boot.ini file at system startup. Solution: The boot.ini file may be Read Only and/or Superhidden as a system file. To remove these attributes, go to My Computer >> C: 1. If the boot.ini file is visible (which is rarely the case) Right-Click on it and select Properties. Under the General tab remove the check mark against the Read-only box. Click on OK to save attributes and exit. 2. If the boot.ini file is not visible, go to View >> Folder Options (Windows 98) or Tools >> Folder Options on the Menu Bar (right on top). Once Folder Options opens go to the second tab (View) and then scroll down to remove the check mark next to the option saying Hide Protected Operating System files. You will be presented with a warning. Click on Yes. Also select the Show hidden files and folders option and Hide extensions for known file types. Click on Ok to close the Folder Options dialog box. You should now be able to see the file. Remove the read only attribute by following the steps mentioned under 1. This challenge is meant for users with a single OS on their computers since the boot.ini file is always visible for people with multi-OS scenario. Its an easy job if you have fully understood the boot.ini file. We know that the boot.ini file is displayed only if the computer has 2 or more than 2 OSs. That means we will have to make the computer believe that there are two OSs when actually there is only one installed. To do this open the boot.ini file. On a single OS system the boot.ini file should look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect Now just copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Test for boot" and add switches like /NOGUIBOOT and /SOS. Press Ctrl + S to save the file. Close the file and restart by going to Start >> Turn Off Computer >> Restart. Should work. Please undo the changes done to C: drive (Folder Options changes) to prevent accidental deletion or modification of important system files.
Page | 305
A Beginners Approach to Windows Challenge 2: Make the Windows Calculator run at system startup for all users without using the registry. Solution: Goto C:\Documents and Settings\All Users\Start Menu\Programs\Startup where C:\ is the drive in which Windows is installed, and Right-Click anywhere in the blank space in the folder. Select New >> Shortcut from the right-click menu. Type calc.exe in the space reserved for the location of the item. Click Next and then type any name for the shortcut. Click on Finish to create the shortcut. Press F5 to refresh the Window. If the Startup folder does not exist, you can create it by selecting New >> Folder from the right-click menu and name it as Startup. Logoff or restart to see the effect. This method does not work on Windows 98 because there is no Documents and settings or All Users folder on Windows 98 systems. Challenge 3: Convert the normal start menu to the Classic Start Menu and remove „Run‟ from it. Solution: Right-click on the start button and select Properties. Select the Classic Start Menu option under the start menu tab and press Apply. To remove run from the start menu, click on Customize and remove the check mark against the Display Run option. Click on Ok to close the Customize Classic Start Menu dialog box. Press on OK to close the Taskbar and Start Menu Properties dialog box. Click on Start to see the changes.
Challenge 4: Drag and put the entire Taskbar right on top of the desktop. Solution: To do this the Taskbar should not be locked. To unlock the Taskbar, Close all open windows then right-click anywhere on the taskbar except on the Start Button. Remove the tick mark against the Lock the Taskbar. Then give a single left click on the Taskbar and without leaving the mouse button drag the Taskbar to the top of the desktop and leave the mouse button.
Page | 306
A Beginners Approach to Windows Chapter IV: Challenge 1: Change the Icons for My Computer and My Documents. Solution: Right Click on an empty space on the desktop and select Properties. Once the Display Properties dialog box opens up go to the second tab that is the Desktop tab and click on Customize Desktop. In the new Desktop Items dialog that opens, click on the My Computer icon and click on Change Icon. You can then select an icon from explorer.exe or you can Browse for an icon of your choice. A better choice would be the shell32.dll file. Just type in the location of the file which is: %SystemRoot%\system32\shell32.dll in the Look for icons in this file and press Enter and select any icon from the huge list displayed. Repeat the procedure for My Documents. You can also open Display Properties by going to Start >> Settings >> Control Panel >> Display. Challenge 2: Create a Folder called Test in your C: drive and add this folder to the Send To menu of the right click context menu of files and folders. Solution: Create an empty folder in C:\ drive by giving a right click in an empty space in the drive and selecting New >> Folder. Name the folder to Test. Now go to Start >> Run and type %homepath%\SendTo\ Once you are in the SendTo folder, create a new shortcut to the C:\Test folder by giving a right click in any empty space and selecting New >> Shortcut and type C:\Test in the location box and click on Next, name the shortcut as Test and click on OK. Now you can easily right click on any file or folder and use Send To >> Test to create a copy of the file or folder in C:\Test. Challenge 3: Search the executable that is actually running as the Security Accounts Manager service. Solution: Here there are two tasks; one is to find out what is the actual executable (.exe) that is running as the Security Accounts Manager and the second task is to locate the file on your computer. To do both, open the Services Console by going to Control Panel >> Administrative Tools >> Services or go to Start >> Run and type services.msc. In the list of services that is being displayed scroll down to locate the Security Accounts Manager service. Double click on it or right-click select Properties. Under the General tab (the first one) see what the „Path to executable‟ is. It should be C:\WINDOWS\system32\lsass.exe that means that the executable we are in search of is lsass.exe which stands for Local Security Authority Subsystem. Challenge 4: Open Task Manager and locate the Security Accounts Manager service executable and try killing it and note the error. Solution: This one is easy. Open task manager in any way you want and go to the Processes tab and search for lsass.exe in the Image Name column. Right click on it and say End Process. Windows will prompt a message saying it is unable to terminate the process because it is a critical system process. The Security Accounts Manager is responsible for authentication of users logging on and manages all accounts on a computer. There are methods to kill critical processes too but they may cause your system to behave abnormally and in the case of lsass.exe, the computer restarts. Hence it is advised not to end processes, whatever they may be, without knowing the after effects of doing this.
Page | 307
A Beginners Approach to Windows Challenge 5: The default for opening *.txt files is Notepad, change that to WordPad. Solution: Open the Folder Options dialog by going to Tools >> Folder Options of any explorer window. Go to the File Types tab and wait for some time till the list of file extensions populates. Scroll down to find the txt extension, once found click on Change to open the Open With dialog box. Scroll down to find WordPad or Windows Write, if it is not there then click on Browse and in the File name text field type \Windows\system32\write.exe click on Open, OK and OK again to close folder options. Now the next time you double click on a .txt file, it will open in WordPad. Challenge 6: Add a separate option to the right click menu of *.jpg files. The option should be Open with MSPaint and the selection of the option should open the *.jpg file in MSPaint. Solution: This one is slightly tricky. Read carefully to achieve the correct result. Open Folder Options by going to Tools >> Folder Options of any explorer window. Go to the File Types tab and wait for some time till the list of file extensions populates. Scroll down to find the jpg extension, once found click on the extension name to see details in the lower frame. Click on the Advanced button to open the Edit File Type dialog box. Click on New and type Open with MSPaint in the Action text box. Then Browse for the Paint application, you will find it in the System32 folder in C:\Windows\. Click on OK, OK and Close to close Folder Options. Now go to any .jpg file and right click to see the change. To make your option the default, you can also click on Set Default button to make MSPaint your default option to open .jpg files. Challenge 7: Create a System Restore Point with the name System Restore Test. Solution: Go to Start >> All Programs >> Accessories >> System Tools >> System Restore to start the System Restore utility. Select the option of Create a restore point and then click Next. Type System Restore Test in the field for Restore point description and click on Create to complete the challenge.
Page | 308
A Beginners Approach to Windows Chapter V: Challenge 1: Make all the drives accessible from C:\ drive through folders like D Drive, E Drive etc. Solution: Create two folders if you have two drives (other than your C: drive), called D Drive and E Drive. Then open Administrative Tools >> Computer Management. In Computer Management click on Disk Management. In the right half right click on the D Drive block displayed and select Change letter and paths… Click on Add and then in the Add Drive Letter or Path dialog click on Browse and locate the folder you had created in C: Drive. Click on Ok to mount the Drive in to the folder. Repeat the steps for the other Drives also. You will now be able to access all the drives through your C:\ drive itself. Challenge 2: Convert the AM and PM to MA and MP respectively. Solution: Open Regional and Language Options through the Control Panel. Under the Regional Options tab click on Customize. Under the Customize Regional Options, click on the Time tab. In the text field for AM Symbol select AM and type MA or whatever you want. Do not make it too long else you will not be able to see. Repeat the same with PM Symbol field too. Click on OK to save and Exit. Challenge 3: Create a user environment variable to open the Windows Product Activation wizard by using the variable ACT. Solution: Open System Properties. Go to the Advanced tab. Click on Environment Variables. Under the User variables for %username% click on New and type in the variable name as ACT. In the variable value type the following without the quotes: “c:\WINDOWS\system32\oobe\msoobe.exe /a”. Click on OK to create. Click on OK on the main dialog to save and exit. Go to Start >> Run and type %ACT% to start the activation wizard. Challenge 4: Record your voice and save it as Audio1.wav. Now make it as your Windows XP startup sound. Solution: You will have to record your voice first. To do that, go to Start >> Programs >> Accessories >> Entertainment >> Sound Recorder to start the Sound Recorder. Adjust and check your microphone. See that there is output from the speakers. After confirming all this, click on the red record button and say something in the microphone to record it. After finishing stop the recording and click on File >> Save and type the name of the file as Audio1.wav and save it in a convenient location. For the second part of this challenge open your Sounds and Audio Devices Properties. Under the Sounds tab, under the Program Events scroll down to find Start Windows. Once found select it and click on Browse to locate your recorded wav file. You can even Preview play it in the Browse dialog. Click Ok to save changes and exit. This sound is user specific hence if some other user logs on, he/she will be greeted by the original Windows startup sound.
Page | 309
A Beginners Approach to Windows Chapter VI: Challenge 1: Make Windows check your D: drive for errors at startup. Solution: Open cmd.exe and type chkdsk D: /F. If cmd.exe says that Chkdsk cannot run because the volume is in use by another process and asks you whether you would like to force a dismount first press N for No and then cmd will inform you that Chkdsk cannot run because the volume is in use by another process. Then you will be asked the question you were waiting for. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N). Press Y to say Yes and complete the challenge. Challenge 2: Start cmd.exe at system startup with the background color as blue and the foreground color as white. Solution: This one is easy if you have understood the previous chapters and the arguments of cmd.exe. Open My Computer and navigate to C: >> Documents and Settings >> All Users >> Start Menu >> Programs >> Startup. Right click and select New >> shortcut. In the create shortcut dialog type cmd.exe /T:1F. Click Next and type a name for the shortcut and click on Finish to create shortcut. Restart or logoff Windows to see the effect. Challenge 3: Create a drive in My Computer for C:\Windows. Solution: Open cmd.exe and type subst K: C:\Windows. A drive with the letter K will be created in My Computer which will give direct access to C:\Windows. Challenge 4: Redirect the Output of tree to a text file in your D: drive by name tree.txt and open it in notepad. Then open the file in cmd.exe and view the contents in both. Solution: This somewhat tricky. Since we now know that using tree at the top or somewhere close to the root of drive will cause all the several sub directories to expand and get displayed in the prompt window. A smart thing would be to use cmd and dive deep into some directory and then take a tree shot at it. Open cmd.exe and change the current working directory to C:\Windows\System32\ by typing cd /D C:\Windows\System32. Then tree and check if the output comes under the medium category range. It should…. Now type tree >> D:\tree.txt to redirect the output of tree to D:\tree.txt. Go to D: drive and open the file and check the contents. Instead of straight lines you will see that there are unrecognizable characters. Now go back to command prompt and type type D:\tree.txt, to will get to see the same output as a normal tree command. The difference in character printing comes from the fact that the notepad file that is created stores ANSI characters and the lines are drawn using Unicode characters. The values remain same and they are decoded back to lines when you use type at the command prompt.
Page | 310
A Beginners Approach to Windows Chapter VIII: Challenge 1: Add an option in the boot.ini file to start Windows in safe mode with networking. Solution: Copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Safe Mode with NW" and add the safe mode switch /SAFEBOOT: NETWORK. Press Ctrl + S to save the file. So the final structure of your boot.ini file should be soething like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition Safe Mode with Network" /safebooot: network Note that the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect may vary on your computer depending on your hard disk and location of your Windows installation, in such cases copy the line that is present in your Boot.ini file. Challenge 2: Change the time for which the Windows Advanced Recovery Menu should be visible.
Solution: The Advanced Recovery Menu is visible if your system restarts unexpectedly during the loading screen or if it hangs during startup and/or if you have done a hard restart (you pressed the restart button on the cabinet). To change the time, right click My Computer on the desktop and select Properties. From the System Properties dialog, click on the Advanced tab and then click on Settings in the Startup and Recovery frame. In the Startup and Recovery dialog that opens up, change the Time to display recovery options when needed to what ever time you want. Click on OK and again OK on the System Properties dialog to save and close settings.
Page | 311
A Beginners Approach to Windows Chapter IX: Challenge 1: Add an option called “Open Paint” on the right click of the Start Button and all folders which will open MSPaint. Solution: You have to edit the registry at two places. Open the registry editor and go to HKEY_CLASSES_ROOT\Folder\shell\. Under shell\ create a new key and name it to Open Paint. Create another key below it and name it as command. In the right hand pane, modify the value of Default to mspaint. This will cause a command called Open Paint to be visible on the right click of any folder causing mspaint to run when executed. For the Start button, go to HKEY_CLASSES_ROOT\Directory\shell\ and under shell\ create a new key and name it to Open Paint. Create another key below it and name it as command. In the right hand pane, modify the value of Default to mspaint. Should Work. Challenge 2: Change the shell to Command Prompt. When Windows starts cmd.exe should run instead of Explorer.exe as the Windows shell. Solution: Open the registry editor and navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\. In the right hand pane, find a string called Shell and change its value to cmd.exe. The next time you start your computer or if you log off and log on, cmd.exe will fire up instead of explorer.exe. Challenge 3: Clear the recent file history of Windows Media Player. Solution: For a novice this could be a little time consuming to get to the correct key, so you can employ a small trick. First open any media file in Windows Media Player, after the file opens, close Media Player. Now open the registry editor and go to Edit >> Find and enter the name of the media file in the search box. Bear one thing in mind to select the HKEY_CLASSES_ROOT key selected so that the program searches from the start. Press F3 to continue searching after an entry is found. Keep searching till the search points to a RecentFileList key. Delete the entry for your media file and note the path to the key for future usage. For advanced users, here is the key: HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList\. You can delete the entire RecentFileList key also; Windows Media Player will recreate it when a new file is opened. Challenge 4: Change the My Computer Tooltip to anything of your choice. Solution: Let us employ the same trick again. Open regedit and search for My Computer keeping the HKEY_CLASSES_ROOT key selected. Search till you have located My Computer as the Default of a string value. You will get the correct key after around two searches. The key should be HKCR\CLSID\ {20D04FE0-3AEA-1069-A2D808002B30309D}\. In the right hand pane rename InfoTip to InfoTip.old and then create a new expandable string value and name it as InfoTip. Modify its value to anything you want. Refresh the registry by pressing F5. Changes are immediate. Challenge 5: Hide all the Items on the Desktop. Solution: This can be done by simply right clicking on the desktop and going to Arrange Icons by and removing the check against the Show Desktop Icons option. The registry method is as follows; open regedit and navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and create a new DWORD value called NoDesktop and modify its value to 1. Do the same under the Local
Page | 312
A Beginners Approach to Windows machine key also i.e Windows\CurrentVersion\Policies\Explorer.
under
HKLM\Software\Microsoft\
Challenge 6: Change the Warning text that is displayed when you remove the check against the Hide protected operating system files option in Folder Options under the View tab. Solution: This is slightly tricky. Search for the string Warning and keep searching till you are in a location that has to do something with SuperHidden or Folder or Explorer or any of these terms. If you have got it right you should reach the following location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Superhidden. This entire folder key and its subkeys determine what you should see under Folder Options in explorer. In the right hand pane of the SuperHidden key rename WarningIfNotDefault to WarningIfNotDefault.old to restore the correct message back if you want. Create a new string value and name it as WarningIfNotDefault and modify its value to anything funny. Refresh the registry by pressing F5. Open Folder Options through Tools in explorer and under the View tab click on the Hide protected operating system files option and see your own customized message. Cool ain‟t it. See what self exploration can give you….. Challenge 7: Change the text in the Time Zone tab of Date & Time Properties in Control Panel. Change (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi to (GMT+05:30) Vasco, Panjim, Ponda, Margao. Solution: This one is easy, if you have understood the previous tricks. Open regedit and search for Kolkata or any of the other strings that you wish to change in the Time Zone tab of Date and Time Properties. You should reach the following location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\India Standard Time\. In the right hand pane, find and modify the string value called Display to (GMT+05:30) Vasco, Panjim, Ponda, Margao. Press F5 to refresh the registry. Open Date & Time Properties by double clicking the clock in the Taskbar and go to the Time Zones tab to see changes.
Page | 313
A Beginners Approach to Windows Chapter XI: Challenge 1: Create a folder called con in C:\. Solution: This looks like an impossible feat when you create a new folder and name it to con. You may also have tried console command – mkdir C:\con. It still didn‟t work. As I mentioned earlier in the chapter itself, con, nul and the others are reserved names for devices and you cannot by normal means create folders with their names. All right now for the solution: Open cmd.exe and type mkdir C:\con\.\. The folder will be created. Notice the interesting properties of this folder, check its size, date created and modified. Try copying data into it. Try deleting the folder or renaming it to anything else. What do you observe? To delete the folder, use cmd and the command rmdir C:\con\.\
Page | 314
A Beginners Approach to Windows
Appendix A The Standard ASCII Table This table lists the ASCII characters and their decimal, octal and hexadecimal numbers. Characters which appear as names in parentheses (e.g., (nl)) are non-printing characters. protege Char
Dec
Oct
Hex
Char
Dec
Oct
Hex
Nul (soh) (stx) (etx) (eot) (enq) (ack) (bel) (bs) (ht) (nl) (vt) (np) (cr) (so) (si) (dle) (dc1) (dc2) (dc3) (dc4) (nak) (syn) (etb) (can) (em) (sub) (esc) (fs) (gs) (rs) (us) (sp) ! " # $ |% & ' ( )
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
0000 0001 0002 0003 0004 0005 0006 0007 0010 0011 0012 0013 0014 0015 0016 0017 0020 0021 0022 0023 0024 0025 0026 0027 0030 0031 0032 0033 0034 0035 0036 0037 0040 0041 0042 0043 0044 0045 0046 0047 0050 0051
0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x20 0x21 0x22 0x23 0x24 0x25 0x26 0x27 0x28 0x29
@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
0100 0101 0102 0103 0104 0105 0106 0107 0110 0111 0112 0113 0114 0115 0116 0117 0120 0121 0122 0123 0124 0125 0126 0127 0130 0131 0132 0133 0134 0135 0136 0137 0140 0141 0142 0143 0144 0145 0146 0147 0150 0151
0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4a 0x4b 0x4c 0x4d 0x4e 0x4f 0x50 0x51 0x52 0x53 0x54 0x55 0x56 0x57 0x58 0x59 0x5a 0x5b 0x5c 0x5d 0x5e 0x5f 0x60 0x61 0x62 0x63 0x64 0x65 0x66 0x67 0x68 0x69
Page | 315
A Beginners Approach to Windows * + , . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
0052 0053 0054 0055 0056 0057 0060 0061 0062 0063 0064 0065 0066 0067 0070 0071 0072 0073 0074 0075 0076 0077
0x2a 0x2b 0x2c 0x2d 0x2e 0x2f 0x30 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x3a 0x3b 0x3c 0x3d 0x3e 0x3f
j k l m n o p q r s t u v w x y z { | } ~ (del)
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
0152 0153 0154 0155 0156 0157 0160 0161 0162 0163 0164 0165 0166 0167 0170 0171 0172 0173 0174 0175 0176 0177
0x6a 0x6b 0x6c 0x6d 0x6e 0x6f 0x70 0x71 0x72 0x73 0x74 0x75 0x76 0x77 0x78 0x79 0x7a 0x7b 0x7c 0x7d 0x7e 0x7f
To see the characters when you type in equivalent ASCII Decimal code, open Notepad, keep the ALT button pressed and type in the decimal number pertaining to the character. For example open Notepad and type 75 (from the Numpad) while keeping the ALT button pressed to get the letter K. You can also use the key combination of [ALT]+ X in Microsoft Word to convert characters to their ASCII equivalents and vice-versa.
Page | 316
A Beginners Approach to Windows
Appendix B List of Recovery Console Commands The following is a list of all the commands of the Recovery Console of Windows XP Home Edition.
Attrib Fixboot Batch Fixmbr Bootcfg Format Cd or Chdir Help Chkdsk Listsvc Cls Logon Copy Map Del or Delete Md or Mkdir Dir More or Type Disable Rd or Rmdir Diskpart Ren or Rename Enable Set Exit Systemroot Expand
Page | 317
Windows® Riyaz Ahemed Walikar
Page | II
To my loving parents
Page | III
Preface Computers have helped us from the day they were invented. Either in the form of a simple abacus or the Japanese Earth Simulator, they have always played an undeniable role in the development and betterment of mankind. Computers can be considered to be a body and a soul interacting with each other to give our everyday results. The Soul is the computer Operating System and the Body is the hardware. Every computer technically requires an Operating System to function. Windows is the most widely used Operating System on this planet with over 92% of the world‘s computer familiar people having used Windows. Windows has been explained in layman‘s terms in this book, which makes it special. Readers are not required to have a technical background to understand the text. It is advisable for the readers to use the book practically. If possible keep a computer on your side when reading, so that you can actually test an implement what you have read. Chapter 1 deals with common hardware for common home desktops and a brief classification of Operating Systems. The important question of Why Windows has been answered in this chapter along with a brief overview of System BIOS. Chapter 2 deals with File Systems and installing of Windows. Chapter 3 starts of Windows with the Booting and Logon procedures. The Desktop, Start Button and the Taskbar have also been explained here. Chapter 4 explains the Windows shell, Explorer, along with Windows Product Activation. Chapter 5 explores the uses of Control Panel with most of the common applets covered. Chapter 6 & Chapter 7 basically deal with the DOS prompt and batch file programming. Chapter 8 explains the Windows Safe Mode, the best startup option for debugging Windows. Chapter 9 deals with the Windows Registry, the most interesting chapter of all, this chapter gives an in depth analysis of the Windows Registry and how it can be used to customize the looks and performance of Windows. Chapter 10 deals with Windows security, explaining what makes the Administrator‘s account the most dangerous account on your system, working of common viruses and worms, NTFS Security and Windows Network security touching upon the Windows Firewall and Share Security. Chapter 11 is another chapter to tweak your system with several tricks to keep your system running at its best. Chapter 12 is a small chapter on the Windows common Keyboard shortcuts. Chapter 13 teaches you how to deal with common system errors and OS malfunctions so that instead of running to the repair shop you can get your hands wet. Chapter 14 has the Windows journey highlighted through a short description of its predecessors from MSDOS 6.22 to the current surviving edition Windows Vista. The last technical chapter as such is the Jargon Buster, a chapter dedicated to common computer lingua and terms. For the common reader there are challenges at the end of some chapters that are interesting and addictive to sort out. You will be able to complete the challenges only after you read the chapter. For lesser mortals, answers are provided at the end of the book. There are 2 appendices; first giving the standard ASCII table, and the second has a list of Recovery Console. Many useful hints are provided throughout the text as additional tips and aid to the reader. The terms CMOS setup and BIOS setup have been used in the wider context. CMOS stands for Complementary Metal Oxide Semiconductor and BIOS means Basic Input Output System. The CMOS Setup Utility (also the BIOS Setup) can be used to configure the computer‘s boot sequence and processor voltages amongst other things. The BIOS can be reset in cases of errors by removing the battery or by resetting the clear CMOS jumper. Please do not try this at home if you are not well versed with computer hardware.
Page | IV
This book is meant for Home and Office Users. Although designed and written particularly for them, a wider circle of people can gain a sound amount of information. The book is aimed at being friendly with the reader so that the boring task of reading and employing becomes realistic. As mentioned earlier, use the book along with a computer so that you can immediately put into practical use whatever you have just read. As a note of caution the chapters are with reference to Windows XP Home Edition SP 1 (Uniprocessor) when mentioning about Toolbars and Explorer and the like unless explicitly mentioned otherwise. Read ahead and understand the best Operating System on this planet and try to make it better by understanding.
Page | V
Contents Foreword Preface 1. Before beginning……. Hardware that goes in Operating Systems: Classification and Overview Why Windows? Software that goes in System BIOS – A brief overview
2 4 7 7 8
2. Starting from Scratch File Systems Running Windows Setup Installing Windows
12 16 19
3. The Basics POST, Boot Keys and the Boot.ini Windows Logon & Startup The Desktop The Start Button The Taskbar
27 30 35 35 37
4. Explorer & The Windows Interface Windows Product Activation (WPA) The GUI Environment The Right Click Context Menu My Computer %Homepath% & My Documents Recycle Bin Searching for Files File Extensions & Open With Windows Services System Restore and Windows Update The Task Manager
40 42 45 49 52 55 56 58 62 66 71
5. The Control Panel Control Panel & Extensions (*.cpl) Accessibility Options (access.cpl) Add Hardware (hdwwiz.cpl) Add/Remove Programs (appwiz.cpl) Administrative Tools Date & Time (timedate.cpl) Display (desk.cpl) Folder Options Fonts (%systemroot%\fonts\) Internet Options (inetcpl.cpl) Network Connections (ncpa.cpl) Regional and Language Options (intl.cpl) Scheduled Tasks
77 79 81 83 86 88 90 92 94 95 98 100 101
Page | VI
1
11
26
39
76
System (sysdm.cpl) Taskbar & Start Menu Sounds and Audio Devices (mmsys.cpl) User Accounts (nusrmgr.cpl)
103 108 109 111
6. DOS Prompt – The Powerful Cmd.exe The DOS Prompt Console Commands
116 118
7. Batch Files & Scripts Batch Files Passing Arguments FOR Loops & IF Branching Examples
129 135 136 139
8. Windows Safe Mode What is the Safe Mode? Safe Mode & Other Startup Options
143 144
9. The Windows Registry Registration Databases The Registry Editors - Regedit & Regedt32 Hives, Keys and Data Types The .Reg File Registry Tricks & Tweaks The Reg command
150 151 152 154 155 174
10. Securing Windows Security – An overview The Administrator’s Dilemma NTFS Security - The ACL Story Password Policies and the Password Reset Disk Malicious Code and Infections Windows Network Security
182 183 187 193 196 208
11. Windows Tips & Tricks Startup Logon Desktop & Wallpaper Explorer File & Folder Protecting Techniques Eggs & Bugs
216 221 227 230 237 244
12. Keyboard & Program Shortcuts Windows Shortcuts
248
13. Troubleshooting Common Problems The Recovery Console A List of Common problems Windows Errors
253 258 263
14. 'Flavors' of Windows MS-DOS to Windows XP SP2
266
Page | VII
115
128
142
149
181
215
247 252
265
15. Jargon Buster Definitions & Useful Terminology
280
279
16. Answers to Challenges
303
17. Appendix A – The Standard ASCII Table
315
18. Appendix B – List of Recovery Console Commands
317
Page | VIII
A Beginners Approach to Windows
CHAPTER I
Before Beginning…… This chapter will basically give its readers a real idea of the vast advantages that one can avail of by using Operating Systems like Windows. A brief classification of Operating Systems is also included along with Hardware and Software accessories needed to say you have a computer. This chapter is a must for a newbie. Advanced Windows users and system administrators can however skip this chapter. After this chapter the reader should be able to: Understand the common hardware that goes in the making of a home computer Differentiate between operating systems and classify them on the basis of usage and tasks. Understand why Windows is better than most other operating systems Summarize the basic software that constitutes a normal home desktop computer Understand the concept of the system BIOS and Hyper threading.
Note: All information provided in this chapter deals with the BIOS at the very basic level. Any incorrect attempts to change values in the system BIOS manually may lead to inconsequential damage to the system. For complete reference to the values and details of each and every single page of the BIOS, please refer to the motherboard manual provided along with the computer or visit the manufacturer‘s website.
Page | 1
Riyaz Ahemed Walikar
A Beginners Approach to Windows A computer is lifeless without an operating system. A typical computer system has the usual hardware installed that enables it to run. An Operating system communicates between the hardware and the system user. Software is installed to make machine usage more realistic.
I.1: Hardware that goes in A computer consists not just of the monitor, mouse and the keyboard, but several other ‗hidden‘ things that lie entirely concealed inside the big box that stands next to your monitor. This ‗box‘ is called the cabinet (not the CPU). Hardware basically means any physical component of a computer system, including any peripheral device such as Input/Output devices (I/O devices) like keyboard, mouse, modems and printers. The internal connections of all the components are completed by the motherboard which houses many capacitors, resistors and Integrated Circuits including the CPU. Many other devices are connected to the motherboard inside the cabinet. A standard computer has several devices connected but the most simple and important ones are listed below along with a brief description. Audio input device: Any device capable of recording audio or music to your computer. Examples
include Microphones and digital voice recording devices. CD ROM Drive: A device capable of reading Compact Discs (CDs). This device is usually found on
most systems. If it can write data onto CDs than it is called a CD RW Drive. CDs are also of various types; CD – R, CD – RW, DVD – R and DVD – RWs to name a few. All differ from their construction and their ability to store data. Data written onto a CD – R cannot be erased but the same CD can be used for multiple data writing sessions if it is has been originally written as a multisession disc. Whereas CD – RWs act as huge ―floppies‖. Data written onto these discs can be erased a number of times and new data can be written on it. A digital versatile disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. You need a special DVD drive to read data from a DVD. Display Adapter: A display adapter / video card / graphics card is a device that gives a computer its
display abilities. The monitor works even if there is no graphics card but the screen resolution is not clear and images are distorted. Different video cards support different screen resolutions which are measured in pixels. 640 X 480, 768 X 1024, 800 X 600 and 1024 X 768 are common ones. Some graphic cards come with in built memory for storing screen details and resolution. Some adapters have the ability of doing graphic calculations and are sometimes referred to as Graphics Accelerators. Floppy Drive: A device capable of reading and writing data to a floppy disk. A floppy disk is a
reusable magnetic storage medium. A standard floppy disk holds 1.44 MB and is 3.5 inches in size. A floppy drive is usually allotted the drive letter A by the operating system. Hence inserting a floppy disk into the floppy drive and opening A:\ through My Computer will show the contents of the floppy disk. Hard Disk: This device, also called hard disk drive, contains many flat plate-like structures coated
with a magnetic material capable of storing data. Storing and accessing of data is much faster than on a floppy disk or a CD. All the other hardware is usually connected to the hard disk since it contains the operating system. The data on a hard disk includes the entire operating system and all the other files present in the C, D and other drives you see in My Computer. Keyboard: A keyboard, as everybody knows, is the device that allows you to send typed characters
on to the screen. A standard keyboard usually consists of 102 essential keys. Some keyboards
Page | 2
Riyaz Ahemed Walikar
A Beginners Approach to Windows have keys that have functions like shutting down the computer, opening web pages and volume control. Modem (modulator/demodulator): A device that allows a computer to send and receive data through
a telephone line. A modem converts the digital data from the computer into analog signals for transmission through a telephone cable and converts incoming data into digital form for the computer to understand. Modems can be internal or external. An Internal modem looks like a card and has a slot for the telephone line. An External modem on the other hand is usually in the shape of a box with blinking lights on it. Different modems have various data transfer speeds. Mouse: Mouse is basically a pointing device with 2 or more click buttons. The Left click is equivalent
to an Enter of the keyboard and the right click opens up a shortcut menu which changes depending on where you click and is equivalent to the key combination of ‗Shift + F10‘. A standard mouse may have more than 2 keys that do various odd jobs like going back one page or moving forward to another level of a folder etc. Network Adapter: A Network Adapter is a device that connects your computer to a network. A
Network Adapter has a slot for the network cable through which data is transferred between computers in a LAN (Local Area Network). This device is sometimes called a network interface card (NIC). Printers: These devices print text or images on paper or other printing material when invoked with a
print command from an application. When a print command is issued, the Print Spooler accepts the document sent to the printer to be printed and stores it into the memory till the printer is ready to print. Examples: Laser Printers, Ink – jet Printers, Dot Matrix printers. All of the above mentioned examples of printers differ in their ink and methods of printing resulting in different resolution and texture details. Processor: A Processor controls the operation of a computer and performs its processing. A
computer can have more than one processor. When there is only one processor, it is often referred to as the central processing unit (CPU). The processor is often integrated on to the motherboard and is rated according to its speed. A processor with a speed of 1.70 is enough to run a computer sans any errors, whereas high end gaming machines ask for more. RAM Card (Memory): This device has RAM (Random Access Memory) Integrated Circuits (ICs)
which the computer continually uses to read or write data when in an operation. Many other devices also use the RAM to temporarily keep data during a transfer operation. RAM Cards come in various memory sizes like 64 MB, 128 MB, 256 MB, 512 MB etc. A Computer used heavily for gaming and other high speed operations requires a higher amount of RAM. Information stored in RAM is lost when the power supply is disconnected. RAM Cards are sometimes also referred to as RAM Sticks or RAM Modules. Sound Card: Sound cards allow the user to playback sound files (Mp3s and Microsoft Wav files etc.)
through speakers or headphones. A sound card also enables voice recording through a microphone. Sound cards are usually integrated into motherboards. Any hardware to be duly recognized by Windows needs to have its driver installed onto the system. Device drivers are basically files that allow a specific device to communicate with the Operating System. Although a device might be connected to your system, Windows does not recognize its functions and usage until and unless its drivers are loaded. Drivers of some common and essential devices like keyboard, mouse, CD drive and Floppy drive are provided by Windows which get installed during the installation of the Operating System. Drivers are unique for different types of hardware.
Page | 3
Riyaz Ahemed Walikar
A Beginners Approach to Windows Driver files usually have a *.sys extension and are usually %systemroot%\Windows\System32\Drivers\ folder in case of Windows XP.
found
in
the
Warning: Any incorrect manual changes done to this folder or its contents can render your computer
useless.
I.2: Operating Systems: Classification & Overview A layman‘s definition of an Operating System (OS) is that it is a broad collection of programs and assorted applications that allow a computer user to interact with the installed hardware. Functions of Operating Systems: An operating system basically controls the execution of application program and acts as an interface between the computers hardware and its user. Operating systems have evolved drastically over the years to reach its current pinnacle. Primitive operating systems just consisted of a set of instructions for printing jobs and other odd works. Today‘s operating systems allow users to play music while playing a game. Evolution has taken operating systems along with user developed applications into a realm that virtually has no limit to the advances incurred. The hardware and software that goes into making a computer can be viewed in the form of a tree as shown below:
End User Application Programs Operating System Computer Hardware The user of the operating system and overlying applications is called the End User. The Application Programs could be anything from Microsoft Word to Macromedia‘s Flash MX. Many a times utilities or helper programs are bundled along with the operating system for example; Windows Paint, Calculator etc. Application Programs are usually third party programs that allow users to manipulate and use their computer resources to create useful work out of inputs given to the computer, for example; Macromedia‘s Flash MX allows users to create content rich documents for web designing, Adobe‘s Photoshop gives its users an easy to understand interface for editing and creating and editing images and pictures. The operating system is the underlying agent that acts as a mediator between the users/applications and the installed hardware. An operating system should have the following functional capabilities to be called a useful operating system; >> File and data creation: An operating system provides various tools that allow a user to create files that are specific to certain applications or may be a part of the OS itself. These tools may include various editors to assist the user in handling various files.
Page | 4
Riyaz Ahemed Walikar
A Beginners Approach to Windows >> Archiving: Archiving refers to the cataloging and storing of information about files that aid in the process of file search and retrieval. This function is not a necessity and can be overlooked. >> File Execution and Workspace Management: To run a given file, several procedures are carried out like loading instructions and data into memory, initializing I/O devices etc. The OS takes care of all the background tasks and gives hassle free results. The operating system allocates the available memory to various applications and converts user input into application specific instructions. >> Controlled Access to Files: In case of access to files an understanding of not only the instructions parsed to I/O devices is important but also the file format on the storage medium is also to be taken into consideration. The OS manages all the details. Furthermore, in case of multi-user Operating Systems, the OS can provide built in data security and protection mechanisms to control unauthorized user access to restricted files. >> Error Detection and Response: Errors can always creep up during program execution or when a system is running. These errors could be anything from hardware failure errors to buffer overflows. In all cases the OS has to give some response to the error in such a way that the integrity of the system is maintained. The response may range from ending the program that caused the error, to retrying the operation or simply informing the user that an error has occurred.
Classification of Operating Systems: Operating systems were classified according to the hardware features that they demanded and basic computer architecture. (The following classifications are not the only category of classification that can be applied to OSs, the most basic and common architectures have been taken into account. You may not see these systems around since most of these architectures are used as research equipment.)
Mainframe Batch Systems: Mainframes were the first type of computer systems that arrived in the scenario. Early computers were gigantic physically and input had to be given through cards and tape drives. The output was taken via line printers. The user seldom interacted with the computer instead he prepared a job consisting of the program, the data and some control information (if required) about the nature of the job and submitted it to the computer operator. The output consisted of the result of the program and register contents for debugging. These systems ran just one job or application at a time and system resources were not utilized to the maximum limits. To speed up processing, operators batched together jobs with similar needs and ran them through the computer as a group. The operator would sort programs into batches with similar requirements and, as the computer became available, would run each batch.
Mainframe Multiprogrammed Systems: With the introduction of disks to store data, Operating Systems could now store all jobs on the disk instead of keeping them on cards. With direct access to several jobs, the OS could now perform job scheduling, to use resources efficiently. Since a single job cannot keep the CPU busy at all times, multiprogramming is effective. Multiprogramming increases CPU utilization by organizing jobs so that the CPU always has one to execute. The Operating System keeps several jobs in memory. The OS picks one job from memory and executes it; eventually the job may have to wait for some task, such as an I/O operation, to complete. The OS then switches over to another job. When that job needs wait, it switches
Page | 5
Riyaz Ahemed Walikar
A Beginners Approach to Windows over to another job. Finally the first job finishes waiting and the CPU is returned to it. Hence as long as there is a job to execute, the CPU is never idle. Multiprogramming is the first instance where the OS has to take decisions for the users. If several jobs residing in the job pool (disks for eg.) are ready to be brought into memory, and if there is not enough memory to complete the request then the OS has to choose among the jobs available. In addition if several jobs in the memory once loaded are ready to execute then the system must again choose one at a time. Hence multiprogrammed systems are fairly sophisticated.
Mainframe Multitasking Systems: Multiprogrammed systems allowed efficient utilization of system resources including CPU, memory and peripheral devices, but it did not provide for user interaction with the ongoing execution of programs and computer system. Multitasking (or Time Sharing) is an extension to multiprogramming where the CPU executes multiple jobs by switching among them, but the switches occur so frequently that the users can interact with each program while it is running. A time shared computer system allows many users to share the computer simultaneously. Since each action or command in a time shared system tends to be short, only a little CPU time is needed for each user. As the system rapidly switches from one user to another, each user is given the impression that the entire computer system is dedicated to his use, even though it is being shared among many users. Multitasking systems are even more complex than multiprogrammed operating systems.
Desktops: These are relatively new and include the ones that you and I use at homes, schools and offices. Desktop machines are meant for performing simple calculations and for other practically viable activities. Gaming, accounting, Word Processing, animation, web designing, DTP, multimedia and internet browsing are some of the most common applications of desktops. These machines have operating systems that allow the user to customize his preferences while working on the terminal including screensavers and wallpapers. These are methods adopted by Graphical User Interface (GUI) Operating System makers to make computing a pleasant experience. Desktops or Personal Computers (PCs) running any OS should have file management, file protection and security for maximum of these types are connected online by average end users. Windows provides the best in all fields of Desktop enhancement right from Gaming to your Internet Browsing. Added with the tips given in Chapter 15, your computer could well be one of the most secure computers online.
Real Time Systems: Another special type of Operating Systems is the real time system. A real time system is used when rigid time restrictions have been placed on the operation of a processor or the flow of data. Applications include systems that control scientific experiments, weather monitoring, medical imaging systems and some industrial control systems. A real time system has well defined fixed time constraints. Processing of data must be done within that stipulated time else the system is useless. For example; it would be useless to have a robotic system which process data at a rate which tells it to stop, after it has smashed itself into a wall.
Page | 6
Riyaz Ahemed Walikar
A Beginners Approach to Windows Real time systems come in two flavors, hard and soft. A hard real time OS guarantees task completion in the fixed time interval. This goal requires that all the delays in the system be bounded, from the retrieval of stored data to the time the OS take to complete the processing request. Usually find applications in robotics or industrial control units. A less restrictive type of real system is a soft real time system, where a critical real time task gets priority over other tasks, and retains that priority until complete. Most Operating systems of today have incorporated the soft real time OS capabilities. These systems find applications where time is not a standard constraint like in animation and multimedia, virtual reality, advanced scientific projects like satellites and extraplanetary explorers.
I.3: Why Windows? A very interesting question indeed and aptly asked. With the availability of several Operating Systems that provide hoards of features ranging from internet security and hardware compatibility to gaming architecture support and online help why go for Windows. The answer: Windows has all the properties that are found in majority of the available Operating Systems; Combined!!. Right from the start Microsoft has been the leader in providing quality OSs with the changing faces of market available computer hardware. The entire Windows series right from Windows 1.0 to Windows XP Service Pack 2 (SP2) has something or the other changed to meet various system requirements and to make computing a pleasant task. Windows being a GUI type of OS promises and delivers the best in home and office computing. File management, file systems, password enforcement, OpenGL support, Direct X support, safe browsing, and accessories for disabled users, system tools, server and client applications inbuilt firewall (SP2), Administration and multiple user support, multitasking, Games, easy update, system file protection, Internet connectivity, multimedia and integrated CD burning (XP) are ‗some‘ of the several features offered by the Windows series of Operating Systems. Ease of Installation and concise instructions for configuration make the Windows series one of the most widely used group of Operating Systems available. Windows has many features for different types of users including office professionals, artists, students, animators, movie editors and IT experts. There is something for everybody when using Windows. With the release of Windows XP, Microsoft congregated the differences between its previous versions and users in such a way that enabled Windows XP to rule desktops worldwide. The online help given by Microsoft is worth a mention here. Ranging from installation issues to stack & buffer overflow error correction, Microsoft has collected everything possible under the sun about its products that give the user a sense of confidence when using them. Hence you can definitely say that online help is just a click away…..
I.4: Software That Goes In… So you have bought a new computer and the dealer said something about Windows XP, Office 2003 and Microsoft Visual Studio. Well, if it has not made any sense to you let me explain; Windows XP is the Operating System that is installed on your computer; Microsoft Office 2003 is a rich suite of applications including MS Word, MS Excel, MS PowerPoint and Outlook Express which allow users to create Text and Web Documents, Accounting Sheets, presentations and to check E Mails respectively. Microsoft Visual Studio is also another suite of applications consisting of Visual Basic, Visual C++, Visual FoxPro and Visual Interdev which are applications and compilers to create applications and debug them.
Page | 7
Riyaz Ahemed Walikar
A Beginners Approach to Windows In this section we shall see some of the basic and important software required by a computer to run and to do some of the most common jobs that computers are meant to do. As you all by now should know is that ‗software‘ is any application or group of programs that enable the user of a machine to utilize the hardware resources to create useful work out of inputs given to the computer. The Operating System in a way can be called as a software but the definition is not mandatory and neither optional. Operating System: Windows 98/NT XP, Internet Browser: Internet Explorer 6.0 (XP), Office: Office XP/2003, Software Development & Debugging: Microsoft Visual Studio 6.0, Multimedia: Windows Media Player & Windows Movie Maker, Library and Programming Aid: MSDN, CD Burning: Windows Media Player & Integrated CD Burning of Windows XP, Games: Solitaire, Pinball, Minesweeper, Hearts, FreeCell, Microsoft‘s Flight Simulator, Halo, Age of Empires, Crimson Skies, Rise of Nations, Paint & Image Editing: Microsoft Paint (integrated) and Microsoft Photo Editor, Online Messaging & Chatting: MSN Messenger, Email: Microsoft Outlook Express, Web Designing & Publishing: Microsoft FrontPage, Microsoft Web Publishing Wizard. There are loads of third party software (Non – Microsoft) that can be used as an alternative to the ones mentioned above. Other than these you may require software, called drivers, to make your hardware run. Device drivers are also a class of software that makes your Operating System recognize the hardware that is installed and make use of it. For e.g.: if you are playing a song in Windows Media Player you require speakers or headphones to listen to the output, now for the OS to recognize that there is a sound card which will allow us to hear the music it needs drivers that have to be loaded into memory which will allow the OS to do the necessary conversion and send the output through the speakers. These are not the only ones out there, just go to the ‗downloads‘ http://www.microsoft.com and check it out to believe what more is available.
section
of
I.5: System BIOS – A brief overview The computers BIOS is a ‗hardware based software kind of thing‘ that records settings and information of your computer such as date and time, the type of hardware installed and various configuration settings. Your computer applies that information to initialize all the components when booting up and basic functions of coordination between system components. If the BIOS has incorrect values or if the BIOS is damaged it may cause your system to malfunction or it may not allow your computer to boot at all. If that happens, you can enter the BIOS Setup and manually give values (that‘s hell painstaking and confusing) or use the BIOS‘ inbuilt feature of ‗Load Optimal Values‘ or ‗Load Best Performance Values‘ to start your computer properly. If all else fails then open your system and on the motherboard, somewhere close to the battery is the clear CMOS jumper (set of pins on the motherboard, it is usually specified). Use it to clear the CMOS memory which has stored the configuration information. Every time your computer starts, a message appears on the screen before the Operating System loads that prompts you to ―Hit
Page | 8
Riyaz Ahemed Walikar
A Beginners Approach to Windows Inside the Standard CMOS Setup, you can set up the computers date and time and the available IDE devices connected to both the IDE Channels inside, on the motherboard. Usually it is the Hard Disk Drive and the CD ROM drives. Floppy Drives have another separate channel. A computer has two channels called Primary and Secondary IDE channels. Each of these has a Master and a Slave. So you have a Primary Master, Primary Slave, Secondary Master and a Secondary Slave. That means that you can connect maximum 4 devices on to the computers IDE Channels (two primary and two secondary). The difference between a Master drive and a Slave device is the jumper setting on the respective device. Well that is of no importance to us as of now. The BIOS setup allows you to configure your computers booting sequence. For all those guys who didn‘t get the ring, let me explain. The Operating System has to be loaded to start your computer. Now the OS may be present on the Hard Disk (as is the usual case) or it may be present on a floppy disk (OS repair or DOS based OSs) or you may have to start the computer with the CD ROM st nd (for OS installation purposes). Whatever the case, the BIOS checks the 1 Boot Device, 2 Boot rd st Device and the 3 Boot Device and loads appropriately. You can configure the BIOS so that the 1 Boot Device is the Hard Disk (usually HDD-0 if you have only one hard disk) so that your computer boots faster. Also enable the Quick Boot option available in the BIOS under the Advanced Setup Page. If you enable this the system starts up more quickly by eliminating some of the Power on Test routines. You can enable or disable Hyper Threading. Windows XP supports Hyper Threading. More on HT further ahead… BIOS also manages Power and Plug and Play Device configuration. Alongwith these the BIOS also takes care of the settings of peripheral devices like the modem, audio card etc. (depends on the motherboard and peripheral make, usually relates only to onboard components). Hyper Threading is basically the division of processor load by the processor in such a way that it appears that there are two processors. The Intel Pentium 4 Processor (with HT Technology) has the Hyper Threading capability. Windows XP supports HT and the effect is even felt at the user level. You can enable or disable the HT function in the BIOS Setup under the Advanced Setup Page. This option is available only if the BIOS detects that your processor is HT capable. Under any other OS version other than Windows XP please disable HT. You can actually open Device Manager and view under the processors level to see two processors. Windows Task Manager also displays dual processor graphs under the performance tab (under CPU Usage History). Hyper threading is effective and it creates an illusion that the computer has actually become faster and under certain circumstances it actually does.
Page | 9
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenge: 1. Change the boot sequence of your computer. You can do it in two ways either temporarily or permanently. Hint: In one method you will be changing the boot option for one boot only and in the other (using the BIOS) you will be changing it for present as well as future boots as well.
Page | 10
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER II
Starting from Scratch So let‘s get to the real thing. This chapter is both for beginners as well as experienced users who are interested in knowing what file systems are, installing and running Windows, System folders and the like. Knowing some basic concepts about Windows right from installation will be an advantage while troubleshooting common problems. Installation and setup description have been described for Windows XP Home Edition and Windows 98, other Windows versions may differ slightly. After this chapter the reader should be able to: Explain what are file systems are and differences between FAT16, FAT32 & NTFS. Run setup and Install Windows 98 and Windows XP on any given machine with requisite hardware.
Note: The reader can skip the sub topic on File Systems and get started with Running Windows
Setup and can return back after installation of Windows is complete. The descriptions penned down in the following pages are brief in its context and the reader is informed that any further accounts are beyond the scope of the book.
Page | 11
Riyaz Ahemed Walikar
A Beginners Approach to Windows The case always remains that to get deeper into anything you need to resolve the surface. Understanding and troubleshooting Windows is not a difficult thing if the ground basics are clear. Installation issues have always haunted common users, which often lead novice Windows users to format the system and reinstall the entire OS losing precious data and time. A brief introduction to file systems and the boot process will benefit us in the long run. Installing Windows is also a simple process if done carefully. Let‘s begin with File Systems.
II.1: File Systems The overall structure, in which files are organized, named and stored is basically what the concept of file systems is all about. Operating Systems, in general, need a defined disk structure and metadata to identify the location of files and data on your hard disk. The operating system itself requires that the disk structure should be readable and efficient (in its own terms) so that it can install itself and later perform read and write tasks on files stored onto the hard disk. You always format a computer‘s hard disk with a File System. File systems can be of different types; they could be either disk based or network based. Every OS supports only certain kinds of File Systems. The following table will give some of the most common File Systems around and the ones that are important in context with this book. File System
Company / Creator
Original OS
FS FAT12 FAT16 HFS FAT32 HPFS UFS2 ext2 ext3 Reiser4 NTFS NSS ODS5
Bell Labs Seattle Computer Products Microsoft Apple Microsoft IBM & Microsoft. Kirk McKusick Rémy Card Stephen Tweedie, Namesys Microsoft, Gary Kimura, Tom Miller Novell Digital Equipment Corporation
Unix DOS DOS Mac OS Windows 9x OS/2 FreeBSD Linux Linux Linux Windows NT Netware VMS
Table 2.1File Systems Windows recognizes only the ones developed by Microsoft (too obvious?). MSDOS ran on FAT12 and FAT16. FAT32 supports almost all Windows versions and NTFS supports only Windows NT systems (includes XP, 2000 and 2003). For those readers who have not understood the expansion of the above mentioned File System names this should help clear the cobwebs in your heads: Abbreviations: FS FAT12 FAT16 HFS FAT32 HPFS UFS2 ext2 ext3
Page | 12
> > > > > > > > >
File System File Allocation Table 12 File Allocation Table 16 Hierarchical File System File Allocation Table 32 High Performance File System UNIX File System 2 Extension 2 Extension 3
Riyaz Ahemed Walikar
A Beginners Approach to Windows NTFS NSS ODS5
> > >
New Technology File System Novell Storage Services On-Disk Structure (Files – 11)
There are several other File Systems but you should not be concerned about them being a novice Windows user. The field of interest for the readers of this book should primarily be the FAT and NTFS file systems which support Windows. Let us begin with FAT in general: File Allocation Table: A partition is divided up into identically sized clusters which are small blocks of contnuous space on the hard disk. Cluster sizes vary depending on the type of FAT file system being used and the size of the partition. Typically cluster sizes lie somewhere between 2KB and 32KB. Each file may occupy one or more of these clusters depending on its size. However these cluster chains are not necessarily stored adjacently on the disk's surface but are often instead fragmented throughout the partition. Reading or writing of other files to the disk then slows down the computer. Each version of the FAT file system uses a different size for FAT entries. The size is indicated by the name, for example the FAT16 file system uses 16 bits for each entry while the FAT32 file system uses 32 bits. This difference means that the File Allocation Table of a FAT32 system can map a greater number of clusters than FAT16, allowing for larger partition sizes with FAT32. This also allows for more efficient use of space than FAT16, because on the same hard drive a FAT32 table can address smaller clusters which means less wasted space. The FAT file systems (FAT16 & FAT32) is the primary file system for consumer versions of Microsoft Windows upto and including Windows Me. The FAT file system is comparatively less complicated then the other optional file systems a PC can be formatted to. It is still a popular format for floppy disks and is supported by virtually all existing operating systems for Personal Computers. The FAT kind of file system comes in two main flavours (the others have lost their taste…), FAT16 and FAT32 (FAT12 is a dead topic and pursuing it any further is a futile attempt). There are many differences between the two in terms of maximum file size and maximum volume (partition) size among others. FAT16: Introduced in July 1988 for MS DOS 4.0 systems, FAT16 formatted partitions‘ sizes were limited by the 8-bit signed count of sectors per cluster, which could reach a maximum ‗power-oftwo‘ value of 64, giving 32 KB clusters with the usual 512 bytes per sector, hence fixing the ‗definitive‘ limit for FAT16 partition size at 2 gigabytes. Maximum number of files that could be stored on FAT16 partition was approximately 65520. FAT16 supported long filenames and the maximum filename size was 255 characters. Names of files could be any Unicode character except 'NUL‘. The maximum size that a file could take on was 4 GiB. One of the few feautres not found in later FAT versions (FAT32 to be specific) was that data could be compressed using utilities shipped with Windows like DoubleSpace and DriveSpace. FAT16 also supported some kind of primary encryption. FAT16 was not at all worth it when it came to data retrieval from the hard disk and was extremely slow in performance standards. Severe internal fragmentation of files and the absurd volume size limit caused Microsoft to think of an alternative. FAT32 was released as an option sometime in August 1996. FAT32: FAT32 finally overcame the volume size limit of FAT16 by introducing 32 bit cluster numbers, of which 28 bits are currently used. Theoretically this should support a total of 28 approximately 268435438 (<2 ) clusters, allowing for drive sizes to reach 2 terabytes. However due to limitations in Microsoft Windows‘ Scandisk utility, the file system is not allowed to grow 24 beyond 4177920 (<2 ) clusters, placing the maximum volume limit at approximately 124.55 Gigabytes (GB). Windows 2000 and Windows XP can both create FAT32 partitions with maximum size at 32 GB, whereas both operating Systems can read much larger volumes created by third party software. FAT32 was introduced with Windows 95. FAT32 supported file attributes such as Read-only, hidden, system, archive and volume name. FAT32 also recorded dates that were needed for file info like that modified, accessed and created. Unlike FAT16, FAT32 did not have
Page | 13
Riyaz Ahemed Walikar
A Beginners Approach to Windows any transparent encryption or compression abilities. The maximum file size that a file can attain is 4 32 GB minus 1 byte (2 – 1 bytes). For most power administrators and professionals this has become the biggest limitation of FAT32, since games, video capturing and editing applications and the system swap file (virtual memory paging file) can easily exceed this limit. It has a serious drawback in that when files are deleted and new files written to the media, the files can become scattered over the entire media making reading and writing a slow process. Defragmentation is one solution to this, but is often a lengthy process in itself and has to be repeated regularly to keep the FAT file system clean. As FAT is an ideal file system for small drives like floppy disks, FAT is likely to stay for a long time. It is also used on other removable storage of sizes smaller than the practical limits of NTFS, such as flash memory cards for digital cameras and USB pen drives. The FAT32 formatting support in Windows 2000 and XP is limited to drives of about 30 gigabytes, this effectively forces users of modern hard drives to either use NTFS or to format the drive using other tools outside Windows. For most purposes, the NTFS file system that was developed for the Windows NT line is superior to FAT from the points of view of efficiency, performance and reliability; its main drawback is the very limited support by non-Microsoft OSs. NTFS: NTFS or New Technology File System is the standard file system of Windows NT and its descendants Windows 2000, Windows XP and Windows Server 2003. NTFS was released in July 1993 with Windows NT 3.1. NTFS has five versions: v1.0, v1.1 and v1.2 found in NT 3.51 and NT 4, v3.0 found in Windows 2000 and v3.1 found in Windows XP and Windows Server 2003. These versions are sometimes referred to as v4.0, v5.0 and v5.1, after the version of Windows they ship with. Previous versions of Windows (Windows 95, 98 and ME) cannot read data from a NTFS drive. With a dual boot scenario with XP (NTFS) and 98 (FAT32), Windows 98 will not be able to read or write data to the NTFS formatted drive. Although there are third party utilities available to do the same. NTFS replaced Microsoft's previous FAT file system, used in MS-DOS and early versions of Windows. NTFS has several improvements over FAT such as improved support for metadata and the use of advanced data structures to improve performance, reliability and disk space utilization plus additional extensions such as security through the use of Access Control Lists (ACLs). NTFS disk is theoretically divided into two parts. The first 12% of the NTFS disk is assigned to socalled MFT area - the space which MFT metafile grows into. Any data recording into this area is impossible. The MFT-area is always kept empty so that the most important service file (MFT) should not be fragmented at growth. The rest 88% of the disks represent usual space for files storage. MFT which stands for Master File Table is the most important file on NTFS. It is the common table of files and is situated in the MFT area and is the centralized directory of all remaining disk files and itself. All disk files are mentioned in MFT. All information about a file except data itself is stored in this place: a file name, its size, separate fragments position on the disk, etc. If one MFT record is not enough for information, then several records are used. Let us see some properties of the NTFS file system that allow it to stand out. NTFS 5.0 was the third version of NTFS to be introduced to the Windows world by Microsoft. It included several new features: alternate data streams, quotas, sparse file support, reparse points, distributed link tracking and the Encrypting File System (EFS). Quotas File system quotas were introduced in NTFS 5.0. They allow the administrator of a computer that runs a version of Windows that supports NTFS to set a threshold of disk space that users may utilise. It also allows administrators to keep a track of how much disk space each user is using. An administrator may specify a certain level of disk space that a user may use before
Page | 14
Riyaz Ahemed Walikar
A Beginners Approach to Windows
they receive a warning, and then deny access to the user once they hit their upper limit of space. Volume mount points This allows additional file systems to be mounted without requiring a separate drive letter (like C: or D:) for each. Using this you can mount (put a shortcut kind of thing) into another drive. File compression NTFS can compress files using a variant of the LZ77 algorithm (also used in the popular ZIP file format). Encrypting File System (EFS) Provides strong and user-transparent encryption of any file or folder on an NTFS volume. EFS works in conjunction with the EFS service, Microsoft's CryptoAPI and the EFS File System Run-Time Library (FSRTL). EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt and decrypt large amounts of data than if an asymmetric key cipher is used. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file, and this encrypted data is stored in an alternate data stream of the encrypted file. To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key that is stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user. Also, in case of a user losing access to their key, support for recovery agents that can unencrypt files has been built in to the EFS system. Volume Shadow Copy (VSC) Efficiently keeps historical versions of files and folders on NTFS volumes by copying old, newly-overwritten data to shadow copy (copy-on-write). The old file data is overlaid on the new when the user requests a revert to an earlier version. On heavily loaded systems, Microsoft recommends setting up a shadow copy volume on separate disk to reduce the I/O load on the main volume. Alternate Data Streams (ADS) ADS allows files to be associated with more than one data stream. For example, a file such as oops.txt can have a ADS with the name of oops.txt:data.txt (format filename:ads) that can only be accessed by knowing the ADS name or by specialized directory browsing programs. ADS streams are not detectable in the original file's size but are deleted if the original file (i.e. text.txt) is deleted. While ADS is a useful feature for file retrieval and dispatch, it can also easily eat up hard disk space if not detected or forgotten. Later on we shall see how ADS can be utilized to hide data (any damn data) without anybody seeing it.. It‘s a pretty neat trick...
The NTFS file system has very few limitations and these are restricted to stuff like File names and ADS. The following file names can not be created on a NTFS drive due to the system's use of various components. A hard drive conversion to NTFS requires that the following names not be in use since the normal delete commands do not work as expected on these file names: con (single word, regardless of file extension) used by Windows like a file but really a data stream. So you can‘t have a con.txt or something like that on your disk. com0 - com9 (including all single digits, regardless of file extension) virtual communication ports. lpt0 - lpt9 (including all single digits, regardless of file extension) since they are used for printer ports nulI (regardless of file extension) prn (regardless of file extension) aux (regardless of file extension) Also when a multi-stream file is copied to non-NTFS volumes, only the main stream is copied and the lost data is not re-gained by re-copying the file to a NTFS drive.
Page | 15
Riyaz Ahemed Walikar
A Beginners Approach to Windows II.2: Running Windows Setup Installing Windows is a job easier done then said if done correctly. Windows setup gives a detailed step by step guide to installation. This section of the chapter will take you on a comprehensive installation simulation and thus help you in setting up a Windows desktop in no time. I have included the installation of Windows 98 and Windows XP only, since these are the two most asked for Operating Systems when it comes to either a fresh install or an upgrade. Installation of Windows 98 (in this book) will be through a bootable disk (clean install) and it will be done through the command prompt (command line based setup). Windows XP can be installed in two ways, either an upgrade from another Windows version or a fresh install. There are many things that have to be taken care of when installing Windows. We shall approach one by one of these as they become relevant. Let us start with Windows 98.
Windows 98:
Installation of Windows 98 requires very few constraints to be met. System preparation for a fresh install of Windows 98 is what we are going to see in this section. This section assumes that your computer is completely blank with no data at all on it and you are going to start the Windows 98 install on a blank hard disk. If this is not the case, i.e if there is some other OS on your computer like Windows XP or something, you may have to format your system. Check which of the following 2 principles is the one which you are directly concerned with. The following 2 principles also need a view for a Windows XP install. 1. If you have some other OS on your computer (either Non-Microsoft or Microsoft): Scan your computer with a good antivirus to clean and delete any possible virus threats residing in your other drives. Viruses like the ‗Service manager‘ (of the Passma family) infect *.exe files that means that even after you have formatted your root drive(C:\ ) the infection may reside as an infected .exe in the other drives and may soon spread it over to your new installation of Windows 98 in C:\ drive. Prevention is seriously better than cure. 2. If no other OS is present or there is absolutely no data on your computer or if you intend formatting all drives and create new partitions and file systems: Then it shouldn‘t be a big deal. Just continue with the instructions in this chapter and you will have a Windows 98 system up and running in no time. Windows 98 has to be installed in the first drive (C:\) on your computer. As a precautionary measure Microsoft advises users not to install 2 OSs on the same drive. If you want to install Windows XP or any other OS higher than Windows 98 along with Windows 98, install Windows 98 first and then go ahead with the installation of the other OS as documented in some other drive. You may have to make changes to the boot.ini file if you can‘t boot to one or the other OS after having two OSs on one computer. Having two (or more) Operating systems on one computer and having the ability to boot into either one (or any) at the users discretion at startup is called a dual (or multi) boot scenario. Windows 98 does not support the NTFS file system. So if your computer has NTFS drives you will not be able to access the data on these drives when working in Windows 98. To be on the safer side just convert these drives to FAT32 by using any of the numerous tools available online. Windows setup allows you to format these drives to FAT32 drives but you will lose the data on them.
Read the setup.txt file located in the Win98 folder on the Windows 98 Second Edition CD for issues that may affect particular computer configurations.
Hardware Requirements:
Page | 16
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows 98 has few hardware requirements that have to be met for the OS to run without any errors. The mentioned hardware and accessories are just the line, anything higher than the below mentioned hardware will help the system run faster and with lesser hassles for the system installer. Processor: RAM: Hard Disk Space: Monitor: Keyboard: Mouse: CD ROM Drive:
66 megahertz (MHz) or higher microprocessor 128 megabytes (MB) recommended (24 MB minimum) Minimum 400 MB free VGA monitor Standard keyboard Standard PS/2 Mouse or compatible pointing device CD-ROM or DVD Drive
Get the latest Windows 98 drivers for any scanners, modems, or peripheral devices attached to your computer. You can consult the hardware‘s documentation or visit the manufacturer's Web site for this information. Most of the time the drivers will be available on the same floppy disk or CD ROM that originally came bundled with the device; except that, if the manufacturer was intelligent enough (pun intended), they will be available in different folders named by the OS name.
Windows XP:
Windows XP can be installed as an upgrade or a fresh install can be performed if you have a clean hard disk or if you wish to erase all memories of your previous Operating System. We shall see both the cases as common procedures of Windows XP installation. Hardware Requirements: Windows XP has some certain hardware requirements that have to be met for a complete and working install of the OS. Before actually beginning the installation, make sure your computer‘s hardware components meet the minimum requirements. Microsoft has determined a minimum requirement catalog for Windows XP (given below) but anything higher than the below mentioned accessories is an aid to smooth functioning. Processor: RAM: Hard Disk Space: Monitor: Keyboard: Mouse: CD ROM Drive:
233 megahertz (MHz) Pentium or higher microprocessor (or equivalent) 128 megabytes (MB) recommended (64 MB minimum; 4(GB) maximum) 1.5 GB of free space on your hard disk VGA monitor Standard keyboard Standard PS/2 Mouse or compatible pointing device CD-ROM or DVD Drive
The Windows XP Setup Wizard automatically checks your hardware and software and reports any potential conflicts. To ensure a safe and proper installation check if your hardware is compatible with Windows XP. Microsoft has released a Hardware Compatibility List (HCL) for Windows XP systems which is a list of all hardware and drivers that are ‗XP compatible‘. You can view the Hardware Compatibility List (HCL) at the Microsoft Web site: http://www.microsoft.com/hcl/ If your hardware is not listed then get an updated driver for your hardware through the manufacturer‘s website. Usually the case is that Windows plays safe with your hardware and issues harmless and seemingly important hardware installation notifications saying that the driver that you are trying to install has not been digitally signed by Microsoft or some similar crap. ‗Stop Installation‘ is the recommended option according to Microsoft, but being a Windows user now, you should learn to play with fire and give it a go. I would prefer the ‗Continue Anyway‘ option that comes in the dialog
Page | 17
Riyaz Ahemed Walikar
A Beginners Approach to Windows box, if your hardware has been obtained from trustworthy manufacturers. All this is the later part of the soup that is still cooking. Backing Up: If you're upgrading from an earlier version of Windows, you should back up your current files. If you wish to do a clean install too you can back up your data following the same procedure as for an upgrade. You can back up files to a disk, a tape drive, or another computer on your network. If the C: contains any important data (especially My Documents) etc. just copy the files and folders etc to a non OS drive (other than C: or the drive you plan to install the OS). The C: drive may have to be formatted for installation or some files may be overwritten during installation. If you do not have more than one partition, that is if your computer just has C: drive than it is advisable to create another partition to store data. Extra drives always come in handy. PowerQuest‘s Partition Magic is a very good third party software that allows users to create and resize partitions or if you are comfortable with the Microsoft‘s fdisk then its good. Upgrade or Fresh Install? An upgrade to Windows XP is definitely advised if you're already using an earlier version of Windows that supports upgrading and if you want to keep your current files and preferences. During an upgrade, the Windows XP Setup Wizard replaces existing Windows files but preserves your existing settings and applications. Some applications might not be compatible with Windows XP and therefore might not function properly after an upgrade. You can upgrade to Windows XP from the following operating systems: * Windows 98 (all versions) * Windows Millennium Edition * Windows NT 4.0 Workstation (Service Pack 6 and later) * Windows 2000 Professional (including service packs) If your computer is currently running an unsupported operating system, you must install a new copy. The wizard installs Windows XP in a new folder. After the installation is complete, you will have to reinstall applications and reset your preferences. If you want to modify the way the wizard installs Windows XP, click Advanced Options, and then perform any of the following tasks: * Change the default location of the setup files. * Store system files in a folder other than the default folder (\Windows). * Copy the installation files from the CD to the hard disk. * Select the partition on which to install Windows XP Professional. Unless you're an advanced user (or if you know one), you should use the default settings. A clean install is a must if your hard disk is blank (it‘s obvious… what are you going to upgrade from otherwise?) or if your current OS does not support an upgrade. A clean or fresh install can be done by selecting the fresh Install option in the Windows XP Setup wizard but the most common and safest method is to do it through a ‗bootable disk‘ i.e. the Windows XP CD should be inserted at system startup and the computers CMOS should be configured in such a way that the system boots from the CD first. There are three other methods of Installing Windows XP, the Unattended Installation, the Sysprep and by the Remote Installation Services.
Page | 18
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows Unattended Installation - Unattended installations use setup scripts to answer installation questions like the Computername, Organisation, Serial Key, Regional Settings etc. and to automate the Setup process. This simplifies the installation of the operating system. Sysprep Install (System Preparation Tool) - This is a timesaving way to install Windows XP on multiple computers that use identical or similar hardware configurations. Sysprep uses an image of the i386 folder that contains all the Windows files to install on multiple computers. Remote Installation Services (RIS) - Enables you to perform a clean installation of Windows XP on multiple computers throughout a network. This requires a computer running the Remote Installation Service. RIS relies on the Pre-Boot Execution Technology (PXE). In this systems that do not have an Operating System are made to boot with their Network Adapter as their first boot device and which then connects to a RIS Server and the installation proceeds through the network.
II.3: Installing Windows Installation of Windows 98 has been explained through a bootable disk (i.e. clean install of Windows 98), and that of Windows XP has been explained in both the possible ways, i.e. as a clean install as well as an upgrade to Windows 98. Let us start with Windows 98 first.
Windows 98: The chances of any Windows user using an OS as old as Windows 95 is very slim and hence the question of upgrading to Windows 98 from previous versions is left out of this book. We shall only see the clean install of Windows 98 in this section. One thing to be kept in mind is that Windows 98 always installs in the C:\ (the first drive on the hard disk). This part of the chapter assumes that you have NOTHING on your computer and all the hard disk is completely blank. If there is data on the computer take a back up to floppy disks or CD RWs or to an external drive. When you select to remove all files in setup (read on to understand) your entire hard disk is erased and all partitions deleted, formatted and converted to one single FAT partition The C: drive. Hence if you have any important files on your computer please take a back up on to some external device. Start your computer and just press the Delete button of your keyboard to open your computers CMOS setup. (The key may vary on your computer but the most common keys include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Here you have to configure your BIOS to boot from the CD ROM drive first. This option is usually available under the ‗Advanced Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s manual if you don‘t want to take a risk. Then insert the Windows 98 CD and exit the CMOS setup. When asked to save changes say Y for yes and exit the setup. Your computer should restart and if the CD is a bootable Windows 98 CD you should get a screen saying ‗Press any key to boot from CD….‘ or something similar, press Enter to start the Setup. You will see the first screen that has 2 options Boot from Hard Disk and Boot from CD ROM. Select the second option and press Enter. The next screen has three options, Start Windows 98 setup from CD ROM, Start computer with CD ROM support and Start computer without CD ROM support. Select the first option. There is a timer anyways; it will default to the first option. After you press Enter, Windows Setup will load all drivers and files needed to detect hard disk drives, floppy drives and additional hardware. Now starts the actual setup. This screen will be a blue screen on which you will have three options; press Enter to setup Windows, for help press F1 and to quit press F3. Press Enter to continue installation.
Page | 19
Riyaz Ahemed Walikar
A Beginners Approach to Windows
The next screen in most of the cases will contain 2 options. One option will ask you to remove files and the other will tell you to keep the files. These options are usually prompted if your computer contains a NON-MS DOS OS, something like Windows XP or OS/2. Since you will be installing everything new. Select Remove Files. Your computer will then restart. After your computer restarts if you are prompted again to boot from the CD, press Enter. Follow the same steps as mentioned above till a stage where setup will format the hard disk. After the format a screen saying Setup is preparing to install Windows will come up after which Setup will perform a routine check on your system. To continue press Enter. To quit setup press Escape which I assume nobody would want to do at this stage. Anyways, when you press Enter, setup runs scandisk, a small yet powerful utility that checks your hard disk for bad sectors and damaged sections. Press Continue on the box that pops up. After setup collects some information needed for setup to run completely, setup will ask you for the location to install the Windows 98 system files. By default it is the C:\Windows folder. Select it and click on next. In the next page select the install type to be Typical which will install the most common Windows components. Click on next. Now the setup will ask for some information like your Name and Company. Enter the relevant info and continue. Now select your current location from the drop down list. If your country does not appear in the list, select the one closest to you. After this Windows will start copying files and you can sit back and read the informative text that is continuously being displayed on the right hand side of the screen. After the file copying phase, Windows will restart. Boot from the hard disk now. You will be greeted with a boot screen saying Windows 98 Getting ready to start Windows for the first time. Windows will now prompt you to create a user, just enter your username and press Enter Windows will now ask you to agree to a License Agreement. Read it and select I Agree and continue. Now comes an important part. Enter your 25 character product key which you will find on the Certificate of Authenticity (CoA) label. Click next after you have entered your valid serial key. Click Finish on the dialog box. Windows will then initialize its driver database. After that Windows will detect Non Plug & Play hardware. Usually after this Windows restarts. After your computer restarts completely, Windows will ask you to set the current time and date through the Date & Time Properties. Windows will then compile components of the Control Panel and Start Menu, followed by Windows Help. MS-DOS program settings for 16 bit applications will be configured alongwith the entire system. After the system settings are updated, the computer restarts. That‘s it. Windows now starts normally, except that you may have to install drivers for your sound, video and printer hardware for them to work. To install drivers for your hardware just insert the driver medium (like a CD-ROM or floppy diskette) when asked for them and click on Next. The Add Hardware Wizard will do the rest. Windows is now installed completely. Click on the Start Button to start exploring or you can take a visual tour by taking the windows tour.
Windows XP: As mentioned before Windows XP can be installed in two ways; as an upgrade to Windows 98 (or ME, NT 4.0 and 2000) and as a fresh install. The installation of Windows XP Home Edition has
Page | 20
Riyaz Ahemed Walikar
A Beginners Approach to Windows been taken up in the Clean Install part and the Installation of Windows XP Professional Edition has been taken up when upgrading from Windows 98. As you will see there isn‘t much difference in both the installation procedures. Clean Install of Windows XP is perhaps the best method to install if you have a clean hard disk or an Operating system with another file system (like Linux on an ext2 partition). Windows XP setup can be started by booting the computer from the Windows XP CD-ROM. The BIOS has to be configured so that the computer can be started with the help of the CD instead of the hard disk.
Press the Delete button of your keyboard to open your computers CMOS setup just after you power on your computer. (The key may vary on your computer but the most common keys include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Configure your BIOS to boot from the CD ROM drive first. This option is usually available under the ‗Advanced Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s manual if you don‘t want to take a risk. Then insert the CD and exit the CMOS setup. When asked to save changes say Y for yes and exit the setup. Your computer should restart and if the CD is a bootable Windows XP CD you should get a screen saying ‗Press any key to boot from CD….‘ Do as the screen tells you press Enter or any key for that matter. Windows XP setup starts by loading all important files needed for installation including the drivers needed to recognize the NTFS and FAT32 file system. The first screen displays 3 options one that says Press ENTER to setup Windows, to repair system using recovery console press R and Quit Setup press F3. If you see this screen carefully, right down you will see all the operations that can be run on this page in short texts. Now press Enter.
Recovery Console is covered in the chapter on Troubleshooting Common Problems. Do not worry about it now.
Page | 21
You will get to see one of the most concisely and cleverly written Licenses on this planet on this page. If you have the patience read all of it, by pressing the Page Down and Page Up keys (I personally advise you read it, it clearly draws the line between multiple installations on different computers using the same disk. It can save you from a lot of legal hassles.) This type of license is called a EULA (End User License Agreement). You can read it anytime later by clicking on Help >> About Windows from any explorer window and then by clicking on the highlighted End User License Agreement link. Anyways press F8, after reading, as directed at the bottom of the screen to Agree to the license. Setup information is loaded from a file called setupp.ini. Then you get to see a page showing all the drives on your computer. This page will determine where your Windows XP will be installed. Select the drive that you want to use for Windows XP installation and press Enter. Since this is a clean install, it is indeed effective to select C: drive. Then will follow a format warning page that will ask you to make sure that the drive selected by you is really the drive or not. Press C to continue. Then comes the format page. On this page you get to select what type of format you would like to perform on the drive selected. These options include formatting using the NTFS type of file system and formatting using the FAT32 type of file system. The quick format option for these file systems are also available but using the complete format (without the quick) option is more effective. There is an option to leave file system intact but that‘s up to the users to make a decision. Formatting drives using the NTFS file system has its own advantages. Select an option and press Enter. After you select the necessary format option, Setup formats the selected drive appropriately and then the actual installation starts.
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Page | 22
Setup then creates a list of files to be copied. It then starts copying these files to the installation folder. Setup will then ask you to restart the computer. This is done automatically in 15 seconds or can be done manually by pressing Enter at the screen. You may get the message to boot from your CD again (‗Press any key to boot from CD….‘). Do not boot from your CD now. Continue with the start of Windows. Setup will now continue in its Graphical mode. You will see a message on screen saying ‗Setup will complete in approximately 39 minutes‘). Sit back and read the informative text that is continuously being displayed on the right hand side of the screen. After another 3 minutes or so Windows will start installing devices. Your screen may flicker and the installation may seem to have frozen, but it is natural and there is nothing to panic about. Now comes your role. Setup will now prompt a Regional & Language Options Dialog Box. Here you can install files for East Asian Languages & files for Complex Script and Right to Left Languages. After you done the necessary customization click OK and then click on Next. In the next page that comes, Enter your name (anything except Administrator and Guest) and Organization. Click on Next. Setup will now ask for your unique 25 character product key. This key is provided on the Certificate of Authenticity (CoA label) that comes with the original Windows XP CD. Enter the key with care and click Next when done. The next page asks you to give your computer a name. This name can be 15 characters long and should consist of standard characters (A-Z, numbers 0-9, and hyphen). The name should not have a full stop and should not have all its characters as numbers. Click Next. Adjust your computers Date & Time Settings on the screen that comes up. The date and time rarely need to be changed, but the Time Zone almost always requires a change to match your zone. Now you can again sit back and read some more of the informative stuff that comes on the screen. Setup installs Network Components. Setup will then install Start Menu items. In the final phases of installation Windows XP setup will ‗register components‘. This is just the updating of the Windows registry with the new files that have been copied, especially the .dll, .ocx, and .tlb files. These are important Library and System files that keep the system running properly, any changes to the location of any of the .dll or other library files on your system can render it useless. In the last stage of Windows Setup, any temporary files are removed and Settings are saved. The computer should now restart. Once the computer starts, Windows will attempt to adjust screen resolution. (Size of icons and the size of screen etc). You will then be greeted by the Welcome screen. Since there are no users created during install, Windows XP Home Edition creates a password less administrator account called Owner. You can take a quick tour of Windows XP when prompted, or later by clicking Start >> Programs >> Accessories >> Tour Windows XP. You may have to install drivers for your video and sound card among other devices that you may have. To see which devices on your computer require devices, click on Start >> Control Panel. Once Control Panel opens, double click Administrative Tools. Under Administrative Tools open Computer Management. In Computer Management (in the left hand side column) select Device Manager. The right hand side of the window will then show you the devices connected to your computer. The devices having a yellow icon are the ones that need drivers. Install them accordingly. You are now ready to use on of the best Operating Systems ever on this Planet!!!!
Riyaz Ahemed Walikar
A Beginners Approach to Windows Let us see the Upgrade method of Installing Windows XP Professional through a Windows 98 machine.
Page | 23
Start your computer. After Windows 98 starts completely, scan your computer with an antivirus with the latest updates to detect and remove any virus threats that may hamper installation. This procedure is very important since your drives may contain a virus or any other malicious program which may corrupt Windows XP later when it is installed. After scanning and after you are sure that there are no viruses on your computer, insert the Windows XP CD in to your CD ROM Drive. The Windows XP CD has autorun capability hence setup will run automatically. If it does not due to some reason, then open My Computer, open your CD-Rom Drive and doubleclick Setup.exe to start setup. In the first page that comes up select the type of installation as Upgrade. Click Next Setup will then display the End User License Agreement (EULA). Select I accept this agreement and press Next. You will be now asked for your product key. Enter your 25 character product key on this page. You will find the product key on the Certificate of Authenticity (CoA). Press Next. Windows setup will now offer to compile an upgrade report. Setup collects information about installed programs and check known compatibility issues with your computers hardware with its database. Select any one of the three or select the last option No Report if you are confident that your computer‘s hardware or installed software will not affect Windows XP in any malicious way. The Next Page shows the Update Options dialog. If you are connected to the internet then I recommended you go online and download the latest updates. If not click on No, Skip this & Continue If you had selected to show the Upgrade Report then here you will get to see the report. Click on Continue or save the file by clicking on Save As. Windows will now copy files needed for installation. After this phase the computer will generally restart. Now if you get the message To boot from the CD ROM drive at system startup, ignore it, since this is the upgrade to Windows XP is entirely a graphical (not involving the command prompt) procedure. You will now be shown the boot.ini file, a Windows file explained in the chapters to come, edited so that you can either continue installation or cancel Windows XP Setup. By default after some time Windows XP installation will continue. You can even press Enter to the option saying Microsoft Windows XP Setup. Your computer will now continue with the installation of Windows XP in a minimal graphics mode. The screen may look sick here, but don‘t worry, it will return to normal after some time. Setup will then start Installing Windows. You can sit back and relax, reading the informative text that scrolls by on the screen on the right hand side. Windows will install devices and the network components. After that Windows will start copying files to the system directories. Windows will then install Start Menu Items and perform registration of system components with the registry. In the Finalizing Installation Phase of Windows XP, setup will upgrade program and system settings from Windows 98 to that of Windows XP. It will then save settings and delete any temporary files created during installation. You will now be prompted to create users and enter an Administrator password. Don‘t try to create a user with a name that is also the Computer name. Keep the Administrator password blank if you are not on a network so that you can easily login with the Administrator account and you will not have to fumble around searching for the password.
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Your computer may require sound, video and modem drivers along with other additional hardware drivers. See the documentation provided by the manufacturer on how to install device drivers for the specific hardware and for specific Operating Systems. To see which devices on your computer require devices, click on Start >> Control Panel. Once Control Panel opens, double click Administrative Tools. Under Administrative Tools open Computer Management. In Computer Management (in the left hand side column) select Device Manager. The right hand side of the window will then show you the devices connected to your computer. The devices having a yellow icon are the ones that need drivers. Install them accordingly. You can install drivers from here by right clicking on each device that has a yellow icon and then selecting Upgrade Driver. The Hardware Upgrade Wizard starts, put in the motherboard CD which usually contains the drivers for sound and video, click on Next with the Install the Software Automatically Option.
Windows XP can be easily customized according to user preferences. For easier memory management and for a substantial increase in computing create more drievs by partitioning and distributing space, so that paging files be created onto these drives. There is another advantage of having more than one drive; you can save your data on the other drives if you are reinstalling Windows XP.
Page | 24
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenges: 1. Create a Windows 98 Startup disk through My Computer. 2. Change the name of your computer, AFTER installing Windows XP completely.
Page | 25
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER III
The Basics This chapter will give the reader an insight into the normal startup of a normal Windows XP system. Alongwith that some the Start button, its functional abilities and the Taskbar, which form the Windows Desktop, is also covered. This chapter points to Windows XP Home Edition unless otherwise mentioned specifically. After this chapter the reader should be able to: Explain the importance of the boot.ini file and list all the boot keys. Understand the Windows Logon and customize it. Explain the various components of the Windows Desktop. Customize the Windows Desktop. Note 1: The reader can skip the topic on POST, Boot Keys and Boot.ini and move on straight to The Desktop section and then come back if the interest arises to the Boot.ini. Note 2: If you have bought a new computer then it may so happen that your desktop and Start Menu may look different from the descriptions and illustrations in this book because your computer manufacturer may already have customized Windows XP.
Page | 26
Riyaz Ahemed Walikar
A Beginners Approach to Windows After going through the Windows Install it is theoretically necessary to know the events that occur during the Windows Boot including the Windows Logon Screen and Post Logon Events. Starting from the BIOS POST to the desktop, this chapter takes you on a journey through the normal and complete startup of a common PC. A description of the Windows Desktop and its components is also given. In depth explanation is in the next chapter.
III.1: POST, Boot Keys and the Boot.ini The first thing that the BIOS does when it starts the computer is the Power On Self Test, or POST for short. The POST has nothing to do with Windows or any other Operating System cause no Operating System is loaded at this early stage. It is a BIOS built-in diagnostic program that checks all the important hardware to ensure that everything is present and functioning properly, before the BIOS begins the actual boot. These important hardware basically contain the Processor, the system buses (small connecting wires that carry information), the video card and all the devices needed by the target OS for its computing environment. It later continues with additional tests like memory testing and RAM enumeration including other conventional tests that you may see on screen before the Operating System starts. POST runs quickly and you may not even notice it has occurred except for the time when your computer develops a serious internal hardware problem (like damaged RAM Modules etc.). At this stage you may get to hear a series of beeps emanating from the computer. These beeps are meant to give you a fair idea of what the internal problem is. Most motherboards have a set of POST Error Beep codes. Like for example, my computer has a Mercury Intel 845GLM-L motherboard and a set of two beeps denotes that the system has started without any problems. Different BIOSs have different error codes. Some computers start without giving any beep. Whatever the case may be, POST error codes help system servicemen to analyze the problem and rectify it accordingly. Normal beeps can be disabled completely by changing the computer sound jumper (pin) on the motherboard. Boot Keys are the keys that allow you to interrupt a normal boot process and give control to the user to select some hitherto unknown system options. You may have observed at system startup that if you press the F8 key a list of new options is displayed on the screen. As explained in the previous chapter, you can press the Del key to enter the system BIOS and you can interrupt the booting sequence by pressing Esc and selecting a new boot device (Of course if the Try Other Boot Devices option in the BIOS is enabled your computer will definitely boot even if no proper bootable image is found on the device you selected by interrupting the normal sequence). There are no well defined boot keys as such, but the most common ones that are usually found on any system are Esc,F1, F2, F3, F4, F5, F6, F7, F8, F10, F12 and Del. The function of the keys may differ on your computer but commonly these keys are used to boot from a floppy disk, go to the BIOS, interrupt the boot sequence to select boot device, display advanced options for Windows like the boot into Safe Mode, use Last Known Good Configuration etc., bypass CD ROM boot check etc. The Boot.ini is perhaps the most important file that allows you to start Windows (.ini files are initialization files). The Boot.ini file always resides in the first drive (i.e C:\) no matter what and where the Operating System is (except for non Microsoft OSs like Linux etc. these OSs carry their own Boot loaders and are normally executed before the Boot.ini file). Normally you will not be able to see the contents of the Boot.ini file at Windows startup if you have just one Operating System installed. A typical Boot.ini file looks like this: [boot loader] timeout=30
Page | 27
Riyaz Ahemed Walikar
A Beginners Approach to Windows default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect Like all other .ini file the boot.ini file can be opened in notepad and viewed or edited for reference. To open the boot.ini file on your computer go to Start >> Run and type “\boot.ini” without the quotes. The file usually has Read-Only and Superhidden attributes. You may not be able to change the contents and Save the file. There is another safer method of looking at the boot.ini file. Go to Start >> Run and type “msconfig” without the quotes to open the System Configuration Utility (Not found on 2000). The fourth tab is the boot.ini file. Here you can change the boot parameters, add switches, change timeout, check boot paths etc. Windows will request a restart after you say OK. Restart the computer to see the changes.
If your computer has its Operating system on some other drive other than the C: drive you may not be able to open the boot.ini file with “\boot.ini” instead replace the “\” with “C:\” without the quotes. Hence boot.ini has the necessary information to tell the computer the location of the Operating System. If you have multiple Operating Systems, then your file may look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect Let us dissect the file and view each line in contemporary fashion. [boot loader] >> This line tells the computer that the boot.ini file is a Boot Loader for the Operating System. After this verification is done the computer jumps to the timeout section timeout=30 >> This line tells the computer to wait for 30 seconds (time is as specified) while displaying the Operating System menu. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> This line tells the computer to start the computer with \Windows folder located at the first partition (partition(1)) in the first hard disk (disk(0)) which is a IDE device (multi(0)) on the primary IDE Channel (rdisk(0)). This is the default option and will be used if no Operating System is selected by the user. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect >> This line tells the computer to boot into the first partition (C:\) when selected. The name of the Operating System is Microsoft Windows XP Home Edition. The /fastdetect part is called a switch which causes the computer to start the said Operating System in several different ways for different switches. multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /bootlog >> For computers having more than one OS, you come across another line which looks something like the above. This line indicates that the OS is located in the second partition (typically D:\) Common Switches: Switches are like arguments given to the boot.ini file to start the selected OS with certain selected features. The list of switches is huge and needs an in depth understanding of memory, video, graphics, drivers and what not. The following is a selected list.
Page | 28
Riyaz Ahemed Walikar
A Beginners Approach to Windows /BASEVIDEO Causes Windows to use the standard VGA display driver over custom display drivers. /BOOTLOG Causes Windows to write a detailed log of the boot to the file %SystemRoot%\Ntbtlog.txt /BOOTLOGO Causes Windows XP to display a custom Boot Screen created by a user. Detailed procedure of creating a custom Boot Screen is given in the Windows Tips & Tricks Chapter. /FASTDETECT The default boot option for Windows. Windows Plug and Play device drivers perform detection of parallel and serial devices like keyboards and mice at startup but this is not required when booting Windows. Thus, specifying /FASTDETECT causes NTDETECT to skip parallel and serial device enumeration. /LASTKNOWNGOOD Causes the system to boot as if the Last Known Good Configuration Option was chosen. This option has its advantages that the user can automatically boot to a previously saved good configuration in case of a system crash and if the system hangs on a normal start. /MAXMEM= Limits Windows to ignore (not use) physical memory beyond the amount indicated. The number is interpreted in megabytes. Example: /MAXMEM=64 would limit the system to use the first 64 MB of physical memory even if more were present. Useful in investigations of memory related system crashes. /NOGUIBOOT Causes Windows to hide the boot screen. The VGA video driver responsible for displaying the bitmap (picture of Windows starting) is not initialized. Use in conjunction with /BOOTLOGO or /SOS. /NUMPROC= Specifies the number of processors that can be used on a multiprocessor system. Example: /NUMPROC=2 on a system with 3 processors will cause Windows to use two out of the three processors. /ONECPU Causes Windows to use only one CPU on a multiprocessor system. Same as /NUMPROC=1. /SAFEBOOT: Causes Windows to boot into safe mode. An unnecessary switch in fact since Ntldr (Windows NT Loader) specifies it when booting into Safe Mode using the F8 key just after the second beep on a normal computer or during the time when the boot.ini file is being displayed. Following the colon users must specify either one of the three additional switches; MINIMAL, NETWORK or DSREPAIR. The MINIMAL and NETWORK flags correspond to safe boot with no network and safe boot with network support, respectively. The DSREPAIR (Directory Services Repair) switch causes Windows to boot into a mode in which it restores the Active Directory service from a backup medium you present. /SOS Causes Windows to display the device drivers that are loaded at system startup. The system version number (including the build number), amount of physical memory, and number of processors is also displayed. This switch should be used with the /NOGUIBOOT switch. This switch
Page | 29
Riyaz Ahemed Walikar
A Beginners Approach to Windows is very helpful if your system stops responding during startup. Especially if the loading bar on the Windows Boot Screen freezes you can at least boot into safe mode change the boot.ini file by adding a /SOS switch and boot normally to see where it freezes. Incorrect changes to the boot.ini may prevent you from booting into your computer. In that case boot from a floppy (Windows 98) or start the computer with the Windows CD (Windows XP) and copy the backup file into the C: drive. For Windows XP you cannot copy the file to C: drive (If your OS is in C: drive). But you can create another boot.ini file through the recovery console. Detailed explanation is provided in the Troubleshooting Common Problems chapter under The Recovery Console section.
III.2: Windows Logon & Startup The boot process of Windows 98 is outlined below followed by the booting of Windows XP system. The study of the boot process (also called bootstrapping) is very essential as far as Windows Troubleshooting is concerned. The Boot process of Windows 98 goes through the following important stages: o The hardware mode o Real mode o Protected Mode o OS & desktop Initialization After the POST an Interrupt to run the boot sequence is issued. An interrupt is like the branching out of the flow of a program to complete another task and then returning execution to the main program from where the interrupt was issued. The interrupt in this case is called INT 19h. Here the first boot device is checked and if there is no OS present then you will see a ―DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER‖. The information to search for the first boot device is taken from the BIOS settings. Then the control is moved over to the MBR from which the Partition Information is read. The Initial Program Loader (IPL) searches the boot.ini and loads the OS into memory. Here the hardware mode ends. The Real mode is when real mode or 16 bit Windows components are loaded into memory. The physical memory gets divided into the Base Memory (640 KB) for real mode components, the Expanded Memory (If base isn‟t enough) and the Extended Memory for 32 bit applications. Files that are put into the Base memory are IO.SYS, MSDOS.SYS, CONFIG.SYS, COMMAND.COM and AUTOEXEC.BAT. This is typically the starting scenario for a DOS machine.
Base Memory
Expanded Memory
Extended Memory
Windows 98 can read 32 bit applications using a file called HIMEM.SYS which is used to read programs from the extended memory. If the base memory gets overcrowded with applications then the Base Memory is expanded and a file called EMM386.EXE is used to access applications in it. After memory segregation is done, IO.SYS is loaded which is responsible for probing the hardware, it also displays the C:\logo.sys file which contains the bitmap image of the startup. Next the MSDOS.SYS, which is also called the kernel of DOS, is loaded into memory. It is responsible for the loading of the drivers and managing applications interactivity with the hardware. Then CONFIG.SYS is put into memory which loads hardware configuration. COMMAND.COM, the
Page | 30
Riyaz Ahemed Walikar
A Beginners Approach to Windows command line interface of Windows 98 is loaded and then Autoexec.bat is parsed. This ends the Real Mode. The Protected Mode loads the Windows files, by using WIN.COM and by using the system.ini and registry settings. The OS and Desktop Initialization phase of bootstrapping loads several important files needed for the Graphical User Environment to function properly. These include the KERNEL386.EXE (The kernel for Windows 98), KRNL32.DLL (Its API), GDI.EXE (Graphics Device Interface), GDI32.dll (Its API), USER.EXE (User Configuration) and the USER32.DLL (Its API). Finally Explorer.exe is executed and the desktop is shown. Windows XP boot differs in several aspects. The Windows XP booting scenario consists of the following stages: Pre-Boot Sequence Boot Sequence Kernel Loading Logon Sequence The Pre-Boot Sequence is the POST and the INT 19h boot loading. The Boot Sequence is very important and some important decisions are taken here. NTLDR is the most important file required to boot. This file transfers execution to other files when it finishes loading all the files under its environment. The NTLDR first accesses the file system on the boot drive (typically C:\), then if hyberfil.sys is found, and if it contains a previous hibernation image then the contents of hyberfil.sys are loaded into memory and the system resumes off where it left off. If no image is found then the boot.ini is read and the boot menu displayed. Once Windows XP is selected, NTLDR runs ntdetect.com, which gathers information about the computer's hardware. Then all the information collected by ntdetect.com is passed to ntoskrnl.exe by NTLDR, which is then loaded into memory. Ntoskrnl.exe is the kernel of Windows XP and is responsible for various system services such as hardware virtualization, process and memory management, etc. There is actually another file that exists. This file called ntkrnlpa.exe is for processors that support Physical Address Extension (PAE). PAE is a feature of processors that allows for upto 64 GB of physical memory to be used in 32-bit systems!! The kernel pair names differ on systems with different number of processors. If you are one a computer with a single processor then these files are Ntoskrnl.exe and Ntkrnlpa.exe. For a multiprocessor system they are Ntkrnlmp.exe and Ntkrpamp.exe. Both these files are located in the system32 folder in the Windows directory. In the Kernel loading phase, ntoskrnl.exe calls Hal.dll. This file provides and handles the interaction of software and hardware via the Hardware Abstraction Layer (HAL). HAL is an abstraction layer, implemented in the Windows OS, between the physical hardware and Windows XP. The kernel forms the link between users and the computer, over which the entire OS runs and the HAL allows Windows to recognize all hardware, including the buses, processors and memory modules, hence if the HAL is damaged or is missing, Windows will not start. Then the Session Manager Subsystem (SMSS.exe) is loaded into memory. SMSS.exe performs several critical operations, such as the creation of environment variables, starting Client/Server Runtime Subsystem (CSRSS.exe). It stays in memory even after the system has started up completely to handle the creation of logon sessions via Winlogon. The CSRSS.exe provides functionality for applications to interact with the Windows API functions in the various system DLLs.
DLLs or Dynamic Link Library files that are used by Executable files for additional processing. These files store additional definitions, functions called API for Application Programming Interface and information that is required by the main executable to run properly.
Page | 31
Riyaz Ahemed Walikar
A Beginners Approach to Windows The Logon Sequence occurs with the help of several Windows Components. A file called the LSASS.exe (Local Security Authority Subsystem) is loaded into memory which is responsible for enforcing the security policy on the system. It also verifies users logging on to the computer and creates security tokens or user information relating to access permission and rights. The Graphical Identification and Authentication is implemented in Windows XP via a file aptly called msgina.dll. It is also responsible for displaying the "Security Options" dialog when the user is logged on, which provides options to shut down, log off, change the password, start the Task Manager, and lock the workstation, when the user presses Ctrl+Alt+Delete. Along with msgina.dll and winlogon.exe the Windows Login Screen, which is actually a file called logonui.exe, is displayed. After the loading of drivers is completed, Windows searches for user profiles and loads them into memory. This is done by winlogon.exe which stays in the memory even after Windows starts entirely. User enumeration is slightly tricky, read carefully to understand the method. Windows XP Home Edition creates a password-less Administrator account during installation and another default password-less account called the Owner. The story is somewhat different with Windows XP Professional Edition, which creates an Administrator account but asks you to give a password during installation. Along with it, it also allows you to create accounts before logging in. After creating users, you can easily login using these accounts. There exists another default created account called the Guest account on both types of XP which is explained later.
Welcome Screen - Print Screen 3.1
The Welcome screen is perhaps one of the most innovative ways of logging into a Windows XP box. This interactive method allows you to login using just a single click of your mouse (of course if there is no password). By default, Windows XP Home Edition logs into the Owner‘s account. The login screen is displayed only if there are 2 or more active users on a computer or if your account
Page | 32
Riyaz Ahemed Walikar
A Beginners Approach to Windows has a password or if Auto Login is disabled. The Administrator account is hidden by default. Whatever the case may be, to wait at the login screen create another user, or give your account a password, or turn on the Guest account or logoff once you login or unhide the Administrator account… Read the chapter on the Windows registry for the hack.
To change the way users log on and off and to change user attributes and to create new users, go to Start >> Control Panel >> User Accounts, and follow the onscreen instructions. This screen is displayed by a system file called logonui.exe that is generally found in the system32 folder in the Windows directory. This screen too can be changed by changing the address of the logonui.exe file to a custom logonui.exe file in the registry. More of this in the Windows Tips & Tricks chapter under the Logon section. If your computer has been configured to shutdown without logon, then you will see a Shutdown button in the lower left side of the screen. Just click on your user name (enter a password if you have one) and you will be logged in into your account. During the welcome display you will hear an audio file being played. This audio file is a Microsoft WAV file that is played from the C:\Windows\Media\ folder. The file is named as Windows XP Startup.wav. Similarly during shutdown a file called Windows XP Shutdown.wav is played. There is a method by which each individual user can play his or her custom audio file during system startup and shutdown, the normal conditions being that the files should be in the Microsoft WAV format. During the play of this audio file and the Welcome message, Windows loads the user‘s folder settings and start menu items, the customized user desktop and startup programs. The folder and icon settings along with the specific users registry settings are stored in the C:\Windows\Documents and Settings\$Username$\ where $Username$ implies the logged on user name. Startup programs are those applications which run at Windows startup without the user‘s intervention. These programs write their address into the registry in such a place that Windows starts these programs as soon as you logon. An example of this type of program could be an Antivirus or the MSN Messenger. These programs do not usually harm your computer‘s normal working unless they belong to the category of viruses. But to conserve memory and to prevent any program related system crash, it is better to have minimum number of startup programs. There are basically four places where a startup program could possibly write its address. These places are common for both Windows 98 and Windows XP. The first 2 places are in the system registry and the other 2 are on the hard disk. The first registry location is: \HKCU\Software\Microsoft\Windows\CurrentVersion\Run The second registry location is: \HKLM\Software\Microsoft\Windows\CurrentVersion\Run There usually exist three more locations under the CurrentVersion key for both HKLM and HKCU called RunOnce, RunOnceEx and RunServices. Entries under these keys are usually one time executing programs and system services. There are some very smart viruses out there that write their address as an argument to the system shell (explorer.exe), which is obviously dangerous since the virus is executed even in safe mode. Always make sure the value of Shell at the following location is Explorer.exe \HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon
Page | 33
Riyaz Ahemed Walikar
A Beginners Approach to Windows
HKCU stands for HKEY_CURRENT_USER and HKLM stands for HKEY_LOCAL_MACHINE. The address under HKCU‟s Run will cause the program pointed by the address to run at startup of the user for which the program was installed. The address under HKLM‟s Run will cause the program pointed by the address to run at startup of ALL Users irrespective of who installed it.
The other 2 places you will find startup programs addresses are in the WIN.INI file and in a folder called Startup in the Start Menu. First let us see the WIN.INI file. The WIN.INI file resides in the Windows directory and is a very important Windows system file when it comes to 16 bit applications. 16 bit applications are those which run on processors which are of 16 bit or higher. Windows XP and Windows NT are full fledged 32 bit systems whereas Windows 95 is a 16 bit Operating System. The WIN.INI and SYSTEM.INI files used to keep user related and system wide settings in older Operating Systems that are now primarily taken over by the registry. The popular game Prince (the DOS Version) is a 16 bit application whereas most applications on today‘s computers are 32 bit like Macromedia Dreamweaver MX which is a web designing and editing tool. Windows XP requires WIN.INI to store the settings of 16 bit applications. To open the WIN.INI file go to C:\Windows\ and double click on the WIN.INI file. The WIN.INI file may have several sections like MAIL, FONTS, EXTENSIONS, MCI EXTENSIONS, DESKTOP, LOAD etc. Programs can be run at startup by writing their location in the WIN.INI file under the section called LOAD. If you are extra cautious like me, then there is another method of editing the WIN.INI file without messing anything up. Go to Start >> Run and type msconfig. After the System Configuration Utility opens up, click on the third tab which is the WIN.INI file assorted into sections. Just remove the tick against load (if it is there) to remove the given program from startup. Click on OK and restart if you wish to. Finally, a folder called Startup is responsible for startup programs. Since this is just like any other folder (except for its special location), programs themselves can be put in this folder or their address can be copied into it in the form of a shortcut. Every User has his own Startup folder located in C:\Documents and Settings\$Username$\Start Menu\Programs\ where $Username$ has to be replaced by the name of the user. There is a common Startup folder whose contents will always run no matter who the user at startup. This common All Users folder is located at C:\Documents and Settings\All Users\Start Menu\Programs\. Frequently visit these locations to see and delete entries that you find out of the order.
Many viruses and other harmful programs usually run at startup. These locations will provide you with the culprits. Caution has to be taken though; you may end up removing a „good‟ program from startup. Many a times you may find your system to be running more slowly then expected. Often it is due to unwanted programs running at startup like the Windows Messenger and Windows Update even when you are not connected to the net. You can change or delete these programs from startup at your will. After your system starts completely, the boot configuration and system startup configuration is stored in the registry to be used as the Last Known Good Configuration. This same setup will be
Page | 34
Riyaz Ahemed Walikar
A Beginners Approach to Windows loaded if your system does not start and you select the Last Known Good Configuration option at System startup by pressing F8.
III.3: The Desktop The screen that you see once Windows starts completely is called the Desktop. The desktop consists of the background picture called the wallpaper, the desktop icons and the taskbar along with the start button. The Windows Desktop can be customized and changed according to the mood and style of the user. The Windows desktop acts as the starting point for your Windows Exploration. The Start button and the taskbar have been taken up separately to give a better understanding of individual components. To change the wallpaper, do the following; Right click on a blank area on your desktop. Select Properties to open the Display Properties dialog box. Click on the Desktop tab. Select the wallpaper you want from the list or to search for your own wallpaper click on Browse. Click on OK to apply and exit.
To change the screen resolution, do the following; Right click on a blank area on your desktop. Select Properties to open the Display Properties dialog box. Click on the Settings tab. Select the Screen Resolution and the Color Quality. For best clarity and optimal picture, select screen resolution as 1024 by 768 pixels and color quality as 32 bit. Click on apply. If you can see the new screen click OK else if your screen goes blank with an Out of Frequency message then WAIT FOR 15 SECONDS, to restore the screen. Each user on a Windows XP system have their own desktop and icon settings. Initially when the user first logs on or when a new user is created, the desktop looks very much the same with the same green meadows wallpaper, but these and the other settings can be changed by the respective user. The Windows XP desktop usually has only the Recycle Bin when you first start your computer after Windows XP installation. The Recycle Bin as the name suggests is a place where the deleted files are kept. You can later retrieve files from it and restore the files to the original place from where it was deleted or empty the Recycle Bin to delete contents permanently. Periodically you should empty contents of the Recycle Bin.
III.4: The Start Button Click here to begin!! This button gives you access to almost everything on your computer. Right from the Control Panel to the Windows Media Player you can do almost everything and go almost anywhere. If you still don‘t know what I am talking about (Duh...) the Start Button is the small green button on the left down corner of your computer‘s desktop. This button (labeled start) is your beginning point for any activity. If you move your mouse over the start button you will see a yellow box appearing next to the mouse pointer saying Click here to begin. This box is called a tool tip. Tool tips are concise information about Windows files and components which pop up here and there to give relevant information about the component over which the mouse was moved or is currently standing.
Page | 35
Riyaz Ahemed Walikar
A Beginners Approach to Windows Click the start button to see an assorted collection of items. Coming from the top to the bottom and from left to right you will see the following components. Username: Your name and the picture of your choice always appear at the top of the start menu. Internet & E-Mail: These are applications that are permanently found on the start menu allow you to access the internet and check your e mails. By default the web browser and the e mail client on a Windows XP computer are Internet Explorer and Outlook Express respectively. Recent programs: Here you will find six of the most recently used applications. This part of the start menu changes as you use your computer. All Programs: You can click here to see all the programs installed on your computer. Periodic reminders are also shown here if any new program has been installed. Common Folders: This part of the start menu (the right hand side) consists of locations on the computer where you can save documents, picture and music files in their own folders. Generally you will find My Documents, My Pictures, My Music and My Computer here. An expected folder not listed here is the My Videos. All these folders (My Pictures, My Music and My Videos) are found in My Documents. Control Panel: When you click on this, you will be taken to the Control Panel, a place where you can change and modify several system settings. The Control Panel is such an important place that an entire chapter has been dedicated to it. Help & Support: The Windows XP Help Center is one of the best collections of support and troubleshooting issues ever written. You will find everything here, literally everything, including advanced issues like Server Configurations. Just open help & Support and type ‗Walkthroughs‘ to see a plethora of collected virtual animated stuff that will help you sort through common issues. Search: Search, as the name suggests, is used to locate files on your hard disk. You can use both advanced as well as simple search. Run: A helpful component of Windows that allows us to run any program or open any folder or file by just typing the path and pressing Enter or OK. Some programs run without giving the full path if their folder is in the system path. Log Off: Click logoff to complete your Windows session and return to the Welcome screen. You can even use the Switch user button to let someone else use the computer. By doing this you will be brought back to the Welcome screen but your programs will not be closed. You don‘t have to close your applications to switch users. Running too many applications can slow down your computer. To quickly Switch User, press the Start button and L. Turn off Computer: Click here to turn off the computer, restart or put the computer in stand-by mode to conserve power. If your computer supports Hibernation, then you can hibernate your PC by pressing Shift at the shutdown menu. The Stand-By button should turn into a Hibernate button.
On Hibernating, Windows XP dumps the entire contents of the memory on to the hard disk and switches of the computer. When you start again this hard disk data is loaded back into memory and you can resume your work as you had left it. This data is kept in a file called Hiberfil.sys in your root drive. The start menu can also be accessed from the keyboard by pressing Ctrl + Esc. This key combination will pop up the start menu; you can then navigate using the arrow keys on your keyboard. Most keyboards nowadays also have a Windows key on the keyboard between the Alt and Ctrl keys. To change the components and to customize the start menu, Right Click on the Start button and select Properties.
Page | 36
Riyaz Ahemed Walikar
A Beginners Approach to Windows III.5: The Taskbar Another major component is the Taskbar, which forms the lower blue portion of the desktop. The Taskbar‘s job is to show open programs and directories and to collect minimized applications. The taskbar has 4 major parts. The first one is the start button; the second is the Toolbar section the most common of which is the Quick Launch; the third one is the tasks section which shows open windows and minimized applications and the last is called the system tray. The start button has been taken up in the previous section, coming to the Toolbars; there are a number of them. These may be added by external programs like the Google Desktop or are Windows customized like the Windows Media Player and the Address bar. To see the entire list, Right Click on the taskbar, select Toolbars. Quick Launch is the most common among them all. You can have more than two Toolbars on the Taskbar. You can even create your own customized Toolbar. The Quick Launch Toolbar consists of frequently used applications like the Windows Media Player and can be opened with a single click. You can add your own programs and folder shortcuts to the Quick Launch for easy one click access. The third section is the tasks section. Here you will see minimized windows and open applications with their titles. The Windows XP Taskbar has a special feature that it makes each open program to collect and group open windows if several windows accumulate on the taskbar. You have to then just click on the taskbar then to switch between files within the program. The last section of the taskbar is the system tray, which displays the system time and other important notifications. The System Tray is called the Notification Area in Windows XP. Here important information like Windows Product Activation, CD Burning info and Windows Product updates etc. is often displayed. Sometimes background running applications also have their system tray icon over here and you can access many of the application‘s commands by using the right click of your mouse on that particular programs icon. To adjust the system date and to customize the system tray, right click anywhere in the system tray and select an option. The Taskbar can be dragged and moved around to any of the four sides of the Explorer Window. First make sure though that It‘s not locked. Right click the taskbar and uncheck Lock the Taskbar option. Assume that several windows are open at once and the taskbar is filled with windows and then you want to access a file on the desktop, how do you go about minimizing all open windows? The answer lies in the right-click menu of the taskbar (except over the start button). If you see carefully there is an option called Show the Desktop. This command causes all open windows to be minimized to the taskbar irrespective of whether they have a minimize button or not. Cool ain‘t it?
Try pressing the Windows Logo Key + D. This key combination also minimizes all open windows so does the key combination of the Windows Logo Key + M.
You can also Cascade windows behind one another and Tile windows vertically and horizontally from this right click menu of the taskbar. To customize the taskbar, right click on the taskbar and select properties. We shall take up the Windows Interface, Explorer in detail in the next chapter.
Page | 37
Riyaz Ahemed Walikar
A Beginners Approach to Windows Challenges: 1. This is for users with a single OS; Enable the visibility of the boot.ini file at system startup. 2. Make the Windows Calculator run at system startup for all users without using the registry. 3. Convert the normal start menu to the Classic Start Menu and remove „Run‟ from it. 4. Drag and put the entire Taskbar right on top of the desktop.
Page | 38
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER IV
Explorer & the Windows Interface This chapter explains all the important concepts related to the Windows interface, including disk drives, services, file extensions, system restore and task management. The concept Windows Product Activation is also taken at a basic level. Searching for files and understanding the importance and disadvantages of using the default My Documents folder is also explained. After this chapter the reader should be able to: Explain activation and activate his/her copy of Windows through the internet. Explain the various components of the Windows Explorer. Identify various applications by looking at file extensions. Explain basic Windows services. Use system restore to correct problems Use the task manager to end unwanted tasks and processes. Note: Readers can skip the Windows Product Activation section and move ahead. This section had to be included here expecting that after the installation of Windows, Windows users may need some amount of aid since Windows prompts users to ―Activate Windows‖ by giving periodic reminders in the system tray.
Page | 39
Riyaz Ahemed Walikar
A Beginners Approach to Windows The desktop, the start button, the taskbar, the icons, the folders and everything else on the computer that users can interactively work around with is run through Explorer. Every operating system has something called as a shell. Older Operating Systems had Command Prompt as the shell. Windows 3.1 had the File Manager. Now we have the Explorer. The shell of Windows is called as Explorer which is an executable file in the C:\Windows\ folder called explorer.exe. Every instruction that is given to the computer is first interpreted by Explorer and gives the resultant output after getting the job done by several other exes and dlls. Like suppose you would want to see the contents of a CD, then you would normally go to My Computer and click on the CD Drive icon. All this is through explorer. In the pages to come we shall some of the most important concepts of this important system file called explorer.exe.
IV.1: Windows Product Activation (WPA) Microsoft has introduced a revolutionary technology in Windows XP to combat the growing menace of piracy. Windows XP asks for something called as Activation after installation. Activation requires the user to activate with Microsoft within a certain amount of time (30 days after the first run of the OS) in order to continue using the operating system. The informaton transmitted to Microsoft during activation includes a cryptographic hash of the following ten values: Display adapter name CD-ROM/ CD-RW/ DVD-ROM identification RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.) IDE adapter name Processor type SCSI adapter name Processor serial number (if applicable) Hard drive device type Hard drive volume serial number Network adapter MAC address (if present) This information is used to generate a number which, along with the CD Key and country of installation, is transmitted to Microsoft. Activating and registering with Microsoft enables you to get faster help and resources to manage your computer more efficiently from time to time. Activation is extremely easy and useful. Activation is compulsory wheras Registeration is optional. Due to activation you cannot install the same copy of Windows XP on two different computers. After you complete installing Windows XP, and start the computer for the first time, you will see a reminder in the system tray that tells you to Activate Windows. You can use Windows for a period of 30 days after which your computer will be locked at logon. After the 30 day period if you click on your username then explorer is not started, instead the WPA wizard opens up and asks you to Activate or Remind later. If you select Remind later then you are logged off. The only 2 ways in which you can reach to your desktop is by either Activating or through safe mode. But through safe mode Windows starts with the lowest configuration so you can‘t use your audio or video devices and several other devices. So activation is the best option. Going through the advantages of using Windows XP over other Operating Systems, activation and using the original source shouldn‘t be a big drawback. To activate Windows start the Windows activation wizard either by clicking on the reminder or by going to Start >> Programs >> Accessories >> System Tools >> Activate Windows. The wizard
Page | 40
Riyaz Ahemed Walikar
A Beginners Approach to Windows is an executable found in the C:\Windows\System32\oobe\ directory called msoobe.exe run with an argument of /a.
„msoobe‟ in „C:\Windows\system32\oobe\msoobe.exe‟ stands for Microsoft Out of box Experience. The „/a‟ argument is given to the exe to start the Activation wizard.
Hence another method of starting the wizard would be to go to Start >> Run and type C:\Windows\system32\oobe\msoobe.exe /a as shown. There are 2 methods of activating Windows, in the first method you can activate through the internet; it‘s hardly a 20 second job. In the second method you are prompted to call a Windows representative to whom you are supposed to dictate out a Windows XP generated number to which in return the Windows representative will give a number in return which you are supposed to enter in the Wizard. We shall see both the methods in detail now. Activation through Internet: The fastest and the best method. First connect to the Internet. To connect to the internet see the section on Network Connections in the Control Panel chapter. Start the WPA wizard and select the first option which says ‗Yes, let‟s activate Windows over the internet now.‘ Click on Next. In the next page that opens you will be asked if you would like to register with Microsoft along with Activating Windows. As mentioned earlier registration is optional and is not required to activate Windows.
Registering your copy of Windows is actually advantageous if you frequently go online. Microsoft notifies it‟s registered users of product updates, new products, events and special offers.
If you select the first option to register and activate Windows, Windows will ask you to fill out a form where you have to mention your name and address along with your country. You can skip this page if you are not interested by clicking on skip or press Next to continue. Windows will now check for internet connectivity and you will have activated Windows in no time. Activation through phone: This is a slower method and can be used by users who do not have an internet connection. Anyways start the WPA wizard and select the second option which says ‗Yes I want to telephone a customer service representative to activate Windows.‘ This method involves 4 steps. Windows will generate a new installation ID as mentioned earlier form specific hardware components which will be used during activation. Step 1: You have to select your current location. This is so that the computer can search and display a telephone number for you to call. Step 2: A telephone number is provided depending on the location you just selected. Call on this number to talk to a customer service representative. Step 3: The customer service personnel will ask you for the Installation ID which can be seen down here that consists of 54 numbers arranged in 9 blocks of 6 digits each. If the customer service representative asks you to change your product key only then click on the Change Product Key else leave it as it is. Step 4: After you tell the customer service representative the installation ID, he will dictate out a 42 digit number which has to be entered in the 7 blocks numbered A, B, C, D, E, F and G with 6 numbers in each. After entering the number into the blocks click on Next to complete activation. You have to activate Windows during the 30 day period, else you will be logged off if you wish to activate later. You cannot use Windows after this period except through safe mode.
Page | 41
Riyaz Ahemed Walikar
A Beginners Approach to Windows IV.2: The GUI Environment The Windows Graphical User Interface (GUI) environment is a result of its shell that is due to Explorer. The Windows Explorer has many useful features but to understand each one of them we need to understand some of the basic concepts of this powerful yet simple program. In this section we shall see some of the basic components of a standard explorer window (for e.g. My Computer). Whenever you open any folder, there are some very common ‗parts‘ of the window that are present in most other explorer windows. Except for a few shell folders (system folders) most other windows and folders have the same basic structure. Let us take the example of My Computer. It is a shell folder. Normally My Computer will have the following toolbars, menus and components: The Title Bar: This is the topmost bar, usually blue in color. This bar shows the name of the open
window preceded by the icon of the folder (Print Screen 4.1a). This bar also contains the Minimize, Restore or Maximize and the close button. The Minimize button is the first from the left and is denoted by a minus (-) sign. The restore button is visible when the current window is maximized else the maximize button is visible in the same place. The restore button is a small ‗dual window placed behind one another‘ kind of thing. The maximize button is a square window. The close button is an X which is the button to the extreme right (Print Screen 4.1b). Minimizing is to reduce the current open window to
Title Bar - Print Screen 4.1a
Title Bar - Print Screen 4.1b
the taskbar. Maximize is to fill the screen with the open window and Restore is to put the window to the original size the way it was opened (or resized or positioned). If a window is restored you can resize the window to suit your need. Move your mouse over the edge of the window till the normally single sided arrow key turns into a double sided arrow. You can then click and drag to resize. You can also double-click on this bar to toggle between maximize and restore modes (if supported). You may have noticed the small icon on the extreme left on the title bar, well this icon allows you to maximize, minimize, close, restore or move the current window. Just click on it and you will be presented with a menu. The Menu bar: This is the second bar from top to bottom. This bar contains common menu options
like File, Edit, View, Favorites, Tools and Help. File contains options like Open, Delete, Search, Explore, Rename, Send to, New and Properties. If you have installed third party softwares like WinZip and Winamp then their options are also found in the File menu. (Print Screen 4.2) If no item is selected then the File menu contains just Close and New. The file menu changes for different types of files. In My Computer you will not get options of Delete and New because there is nothing in My Computer that you can delete. Edit contains options like Undo, Cut, Copy, Paste, Paste Shortcut, Copy to Folder, Move to Folder, Select All and Invert Selection. Most of these options have their keyboard shortcuts mentioned and these shortcuts are universal, that is they work in most applications including Microsoft Word and MS Visual Studio. Undo (Undo your last action) – Ctrl + Z, Cut – Ctrl + X, Copy – Ctrl + C, Paste –
Page | 42
Riyaz Ahemed Walikar
A Beginners Approach to Windows Ctrl + V, Select All (selects all objects in the folder or file) – Ctrl + A. The Invert Selection is used to invert the current selection.
File Menu - Print Screen 4.2
View contains options to enable or disable the viewing of other toolbars in the page. It also contains options to change the current viewing of file and folder icons. You can change the current view to thumbnails, icons, list tiles and details. The most informative of these being the details view. You also get to arrange icons according to their name, size, type etc. Under View itself you have the option of choosing details for the current folder. You can select several attributes to be shown in Arrange Icons by option by going to Choose Details. You also have the Go To option which takes you to recently visited places or up one level. Finally there is the Refresh option to refresh the contents of the current folder. Favorites menu allows you to customize the current folder to be easily accessible by adding it to the Favorites list. You can also navigate to common web pages over the internet like MSN and hotmail. Tools menu usually has just four options, Map Network Drive, Disconnect Network Drive, Synchronize and Folder Options. Map Network Drive allows you to assign a drive letter to a shared network folder from some other computer on the network so that you can access it through My Computer. Disconnect Network Drive disconnects the connected network drive and Synchronize allows you to update your offline web pages from a network resource. Folder Options is a very important and integral part of explorer. Using this tiny component you can change folder settings and file extension properties. You can change the applications with which a file opens currently. For example we know that .txt files open with notepad, using folder options we can change it to another application. It is explained in detail in the Control Panel Chapter. The Folder Options dialog is available under View in Windows 98. You can use the Help menu to open Help & Support Center for any help about Windows and its components. There is also an internet shortcut to find out if your current copy of Windows is legal or not. Then there is the About Windows dialog box that gives you information about the current
Page | 43
Riyaz Ahemed Walikar
A Beginners Approach to Windows Windows installation including available memory to the OS. You can also read the EULA by clicking on the EULA link. The Standard Toolbar: This bar is the one below the menu bar. If this bar is not visible then go to
View >> Toolbars >> Standard Buttons to enable this toolbar. The most common buttons you will see on this bar are the Back, Forward, Up, Search, Folders and Views. To add more buttons right click on the bar and select Customize. This bar is like a shortcut to View, Edit and File menu but with graphical images. Instead of going all the way to Edit >> Copy you can just click on the copy button on the standard toolbar. The Copy button does not exist on the bar by default. Go to View >> Toolbars >> Customize and add it.
The Standard Toolbar - Print Screen 4.3
Another thing that is important on this bar is the Folders option. When you click on this button what you see is the typical explorer window that was seen in Windows 98. The left hand side of the window separates out in a tree like format and the right hand side displays the contents of the folder selected on the left hand side. You can use this Window to drag items from one folder to another in the left hand side. To move objects from one folder to another, press the Alt + Shift keys and drag the file or folder from the right hand side to another folder on the left hand side folder. To copy objects, press the Ctrl key or simply drag the file or folder from the right hand side to another folder on the left hand side tree. To create a shortcut of the item in another folder, press the Ctrl + Shift keys while dragging the item. The Status bar: The status bar is the down most bar in an explorer window. If this bar is not visible
then go to View and select the Status bar option (second in line) to enable this toolbar. This bar shows information about the current folder and its contents.
The Status Bar - Print Screen 4.4
The Address Bar: This bar shows the current location and can be used to open any file or folder in
the computer by typing the path of the folder or file over here and pressing the Go button. If you cannot see the address bar, right click on the standard toolbar and select the address bar option; OR go to View >> Toolbars >> Address Bar. You can even select a location to go from the drop down menu of the address bar.
Address Bar - Print Screen 4.5
Explorer windows just like Internet Explorer windows can be viewed in Fullscreen. To toggle between Fullscreen press F11 on the keyboard.
Now leaving the topic of toolbars, let us see something more elaborate and interesting that comes with the Explorer of Windows XP. Also called as Common Tasks, this is a novel concept employed by Windows. Explorer recognizes contents of folders and displays common tasks in the left hand pane of the Window. For e.g.: If a folder contains video files, then common tasks will contain ‗Play all‘ which enables direct playing of all (compatible) video files in Windows Media Player. Common Tasks also contain links to ‗useful‘ places which includes ‗My Computer‘, a details box which
Page | 44
Riyaz Ahemed Walikar
A Beginners Approach to Windows displays File Properties of any selected file. Using the Common Tasks you can copy or move files & folders; rename and delete files etc. If the common tasks pane is not visible then go to Tools >> Folder Options, under the General Tab select the Show common tasks in folders option. Click on Apply and OK. This setting is universal, that is, it will be applied to all folders on the computer.
The Enter key on the keyboard is also called as a Carriage Return.
IV.3: The Right Click Context Menu One of the several things that simplify computing in Windows is perhaps the Right Click menu which can be used on almost anything in Windows. The right click menu contains many options that otherwise you would have to search under File and Edit or in the common tasks pane. You can even add your own options in the right-click menu either through the Windows registry or through Folder Options under Tools. The right click has many options depending on where and on what it is clicked. Some options like Open and Delete may remain constant no matter where the right click is used; any other special option is taken up below as and when they come into picture. Doing a right click over any object or place is the same as selecting the object and pressing Shift+ F10. Let us see some of the most common places the right click is most likely to be used: My Computer: The right click menu of My Computer has Open, Explore, Search, Manage, Map Network Drive, Disconnect Network Drive, Create Shortcut, Delete, Rename and Properties. Search opens up Windows Search for File and Folders also accessible through the Start Menu. Manage opens Computer Management, one of the most important utilities in the Windows XP package that allows you to configure everything from disk drives to connected devices to running services. Create Shortcut creates a shortcut of My Computer on the desktop. Delete allows you to delete the My Computer Icon from the desktop. You cannot delete My Computer practically but you can hide it as just that this option does. To restore the icon back you have to go to Display Properties in Control Panel, under the Display Tab click on Customize. Renaming the My Computer to anything you like (standard names – no \ / : * ? ― < > | etc) is made easy by using the rename option. The Properties option of My Computer opens the System Properties dialog box which shows system information like OS version and available memory. Here you can also change the name of your computer and adjust memory settings.
When ever you right click over any item, the option that you see in bold black is the action that is performed when you double – click on that item and often it is the Open command.
Desktop: The right click menu of the desktop is quite unique compared to others. Here you will get
the option to Arrange Icons according to Name, Size, Type and Date Modified. If you see carefully there is an Option to Show Desktop Items. You can hide desktop icons by deselecting this option. Cool isn‘t it? You can also auto arrange icons on the desktop if they are strewn around a lot. You can run the Desktop Clean Wizard from here. The Desktop Clean Wizard is a small utility that allows you to delete unused icons from the desktop to make the desktop clutter free. Along with the Arrange Icons options there is a screen Refresh option which is the same as pressing F5 on the keyboard. If your Graphics Card driver supports right click contextual menus then you may also see graphic related options typical to the installed graphic adapter. Another important option that you usually get to see is the New option. This option allows users to create a new file, folder or shortcut just by clicking on New and selecting the appropriate type. The Properties option of desktop opens the Display Properties dialog box, which other wise can also be opened from the Control Panel.
Page | 45
Riyaz Ahemed Walikar
A Beginners Approach to Windows Start Button: The right click menu of the Windows Start Button has options like Open, Explore,
Properties, Open All Users and Explore All Users. When you click on Open, C:\Documents and Settings\$Username$\Start Menu\ is opened, where $Username$ is your username. Start Button Properties opens up the Taskbar & Start Menu Properties where you can customize the look of the start menu. Open All Users opens C:\Documents and Settings\All Users\Start Menu\ folder and you can create or edit shortcuts here. System Tray: The system tray‘s right click menu has the Toolbars option, Adjust Date/Time,
Customize Notifications, Cascade Windows, Tile Windows Horizontally, Tile Windows vertically, Show the Desktop, Task Manager, Lock the Taskbar and Properties. You can disable or enable the Quick Launch through the Toolbars option. You can also open the Task Manager from here. Customize Notifications will help you to change the display option for information or icons displayed in the system tray. It is the same as selecting Properties and then clicking on Customize from the Taskbar & Start Menu Properties dialog. Show the Desktop option minimizes all open windows irrespective of whether they have a minimize button or not. You can also Cascade windows behind one another and Tile windows vertically and horizontally from this right click menu of the taskbar. To customize the taskbar, right click on the taskbar and select properties. Quick Launch: Most of the options are the same as that of the system tray or taskbar in general
except one. If you carefully right click on the Quick Launch without moving over any other icon then you get an option to Open Folder which takes you to a folder whose path is C:\Documents and Settings\$Username$\Application Data\Microsoft\Internet Explorer\Quick Launch which proves that Internet Explorer and the Windows Explorer are closely related to such an extent that IE configures many Explorer settings. Recycle Bin: This is an interesting system folder. The right click menu of the Windows Recycle Bin
has usually just 4 options: Open, Explore, Empty Recycle Bin and Properties. Practically there is no method to get rid of the recycle bin except through a modification in the system registry. The Open and Explore options open the recycle bin to display contents. Empty Recycle Bin erases all deleted files from the bin. A confirmation is asked before deleting since these files will be irrecoverable after being erased from the Bin. The Properties option will open the Recycle Bin Properties. Here you can specify the size of the Recycle Bin. By default it is 10 % the drive size but this amount can be varied. You can conserve disk space by reducing the size of the recycle bin but if a file you are deleting has a file size larger than the allotted space of the recycle bin, then the file is deleted directly without being put into the Recycle Bin. Here you can select a Global option to have the Recycle Bin to manage its size by taking the indicated size of each drive or you can configure each drive independently. You can also direct the Recycle Bin to delete the item directly without sending to recycle bin and you can also enable or disable the showing of a confirmation message before going ahead with the deletion. Folders: When you right click over any folder, the most common options are already available but
an extra option that you will find is the Sharing and Security option. By clicking on this option and by setting options in the resultant dialog box that opens you can share a folder over the network for easy access. The Send To option allows you to copy the folder onto a floppy drive, a CD Drive (if it is a writer), Desktop as a shortcut and to My Documents. The Properties option of a folder has a Customize tab along with the General and Sharing tabs. Under the General tab you get to see the Type, Location, Size, Size on Disk, Contains, Created and the Attributes like Read Only or Hidden etc. Setting the attribute to Hidden will cause the Folder to get hidden and you will be able to see it only if the Show Hidden Files & Folders option is enabled under the View tab in Folder Options. The Customize tab helps you to customize the look and feel of the selected folder. You can describe the folder as a Music, Video or Picture folder by selecting the appropriate option under the Use this folder type as a template drop down box. If you wish to be reminded about the contents of the current folder then you can Choose Picture to be seen when the folder is seen with the Thumbnail
Page | 46
Riyaz Ahemed Walikar
A Beginners Approach to Windows view. You can even change the icon of the folder to any icon of your choice. You can select an icon from the %SystemRoot%\system32\Shell32.dll file or from any .exe, .dll or .ico file by clicking on Browse. Files: The right click menu of most recognized files is the same except for the Open and Edit (if it
exists) options. When you click on Open the file opens with its default application. Like suppose you have .txt file then it will open with notepad by default. But if you wish to open that file with WordPad or Microsoft Word then you have to press Shift and then give a right click on the file. Then select the Open With… option that enables you to select another application for the current file extension. If a file with an unrecognized file extension exists then double clicking or selecting open from the right click context menu will cause Windows to pop up a box saying that it cannot open the file but you can go online and check out what application supports that file extension; or if you know what program the file will run with select the second option and you will be presented with a dialog from which you can select the program. If in the future you want file with that extension to always open in the program that you just selected then select the Always use the selected program to open this kind of file checkbox and press OK. In the Properties box of files you usually get to see the Type of File, Name of the Program that it opens with, location, size, dates on which the file was created, modified and accessed. You can change the default program with which the file opens by clicking on Change. The number of informative tabs in the file properties box may differ with different files. File and Folder renaming both follow the same law. You cannot use \ / : * ? “ < > | or . because these characters are meant to be reserved for the OS. In Folder: This section of the chapter basically points to the menu that is generated when you right
click in a blank area in the folder. The right click menu changes with the type of the folder. For example, if the folder has been specified as a picture folder then the view and Arrange Icons by options have extra folder specific options like view as Filmstrip and Arrange icons by the date on which the pictures were taken. You can even customize the folder by selecting the Customize this folder option from the menu. You can even see the properties of the folder by selecting properties from the context menu. On Drives: When you use the right click on a hard disk drive you get an option never seen before
called Format which erases the data on that particular disk and prepares it for new usage. You can format using any of the 3 available file systems (NTFS, FAT32, FAT).
Page | 47
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CD Rom Right Click Context Menu - Print Screen 4.6
You cannot format an active drive like the one that has your operating system or the other drives until and unless there is absolutely no file from that drive that is being used by the OS. Another option available is the copy command which copies the entire contents of the present drive to the location you say paste on (of course the destination drive should have that amount of memory to hold the contents of an entire drive). The Properties option of disk drives opens the drive properties dialog which gives information on the disk usage and free space remaining on disk in the form of a pie chart. The file system is also mentioned. You can run the disk cleanup which cleans the drive of unwanted temporary files and recycle bin files alongwith catalogs. If supported, you can also compress the drive to save disk space. Under the Tools tab you can check the current drive for errors and defragment if you wish to. CD ROM & Removable Drives get an additional option called eject which pops the CD Tray out or ejects the hardware which will no longer be detected by Windows till the next boot or when the device is removed and reattached. You cannot format CD Roms, but you can erase Rewritable discs. Internet Explorer icon on Desktop: This had to be included here because of its unique properties.
The Internet Explorer (IE) icon of the desktop usually has just 5 options in its right click menu. The first one being Open Home Page which opens the browser and takes you to the home page to which the browser was set the default being http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome. You can change this to any site you want to by going to the Properties options. The next option in the menu is the Create Shortcut which creates a shortcut to Internet Explorer on the desktop. Delete causes the IE icon from the desktop to be hidden and like the My Computer icon you can enable it back again by going to Display Properties. The next is Rename which as the name suggests allows you to rename the IE icon. The last being properties opens the Internet Properties, also accessible through the Tools menu in IE as Internet Options. The Internet Properties allows you to change several options including management of history folder, adjust privacy settings and enable or disable Java logging.
Page | 48
Riyaz Ahemed Walikar
A Beginners Approach to Windows
To see the properties of any item just press the Alt key and double click over it or press Alt + Enter after selecting that item.
Most options in the right click of any item can be accessed by their shortcut key. You can make out the shortcut key by looking at the underlined letter in the option name. If you right click using your mouse you may not be able to see the underlined line, but you can always use the combination of Shift + F10 to see the key. For example click on any folder using you mouse; give a single click to just select the folder. Then press Shift + F10 to pop up the right click menu. If you see carefully the letter r is underlined in the option of Properties. Now press r on the keyboard to open the properties of that folder, its as easy as that. One thing that is quite interesting on the classic desktop of Windows XP is that no matter what and how many icons are there on the desktop, no matter what filenames they have; whenever you right click on the desktop and say Arrange Icons by Name, Size, Type or date Modified some icons refuse to follow the command. These include the My Documents, My Computer, My Network Places, Recycle Bin and Internet Explorer in that order. Try dragging these icons elsewhere on the desktop and then rearrange icons on the desktop through the right click and see for yourself.
IV.4: My Computer All the drives and folders on your computer can be accessed from one place with ease. The My Computer system folder can be reached through the Start Menu if your Windows XP has the default Start Menu; otherwise you will typically find it on your desktop.
A funny way of opening My Computer is by going to Start >> Run and by typing three or more than three DOTS (…). The maximum is 227 dots. Works on Windows XP.
First to make My Computer more understandable through this text do the following: o Open My Computer in any way you like and maximize the screen. o Right click in any blank area of My Computer and select View >> Tiles o Next, right click again and select Arrange Icons By >> Type o Then finally right click again and select Arrange Icons By >> Show in Groups My Computer shows all the disk and floppy drives connected to the computer. Alongwith these items you will most probably see the My Documents folder of the other users too. This is true if you are an administrator on your computer. The Control Panel is also visible in My Computer. If it‘s not visible you can still access the Control Panel from My Computer by clicking on Change a Setting in the System Tasks in the Common Tasks pane. If you are still not satisfied and would like to see the Control Panel over here then go to Tools >> Folder Options. In the Folder Options dialog that opens go to the second tab (View Tab) and scroll down in the Advanced Settings section and check the option that says Show Control Panel in My Computer. If you have opened My Computer through the desktop or through run then the Forward and Back buttons are grayed out. But you can always use the Up button to go to the Desktop. The Common Tasks pane of My Computer has three sections, the topmost section is the System Tasks, the second sections is the Other Places and the last one is the Details. By default the System Tasks has 3 options and 4 options when a CD-ROM drive is selected. The first one is View System Information, which is the same as a Right Click >> Properties of My Computer, which shows the System Properties dialog. The second option is the Add or Remove Programs, which opens up the Add or Remove Programs window from which you can install and
Page | 49
Riyaz Ahemed Walikar
A Beginners Approach to Windows uninstall programs. The third option is the Change a Setting, which opens up the Control Panel. There is a fourth option too, but only visible when you select a CD-ROM or any other ejectable drive. This option called Eject this disk causes the CD ROM Drive tray to come out so that you can insert a CD or replace the existing one. You can also eject a CD or DVD Drive by giving a right click over it and selecting eject from the context menu. The Other Places section contains links to places like My Network Places, My Documents, Shared Documents and Control Panel. You can navigate to these locations simply by clicking on these links. The Details section shows information about items that are selected like if a disk drive (C:\ Drive for example) is selected then this section will contain details like name of drive (disk label), File System, Free Space and Total Space of the selected disk drive. You can rename only the disk drives in My Computer. You cannot rename the Documents folder of other users. These folders are shortcuts to the My Documents folder of the other users on your computer. One feature of Explorer is that when you insert a CD into the CD-ROM drive, then Windows automatically reads the data and opens up the appropriate program or asks you for some action. For example if you have inserted an mp3 music CD then Windows will automatically ask you to pick an action or if the default is set to open Windows Media Player then the player will open up and start playing. You can change these and other Auto Play settings by going to properties of the CDROM drive in My Computer. The My Computer icon from the desktop can be hidden by a Right–Click delete. As mentioned earlier, this does not delete My Computer but actually hides it. To restore My Computer, go to display Properties and under the Desktop tab click on Customize Desktop. Put a check mark against My Computer and say OK. You can format a standard floppy disk in two ways, either through the Command Prompt or through Explorer, that is, through My Computer. To format a floppy disk or to create a Startup Disk, Right– Click on the floppy icon and select Format. From the Format dialog box select whether to enable quick format or not and then click start. To create Startup Disk put a check against the Create an MS-DOS Startup disk option and click on Start. Startup disks can be used to start your computer in MS-DOS if your computer is giving problems and then you will be able to at least copy important data to your other drives then format and reinstall the OS in the same drive. The Windows XP startup disk is not of much help since XP has the Windows Recovery Console., but for Windows 98 it‘s a different story.
Page | 50
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Floppy Format - Print Screen 4.7
Assume you have opened C:\> and minimized it and then later you have opened D:\> drive; now to copy a file from one place to another you can press Ctrl and click and drag the file to the minimized window and wait till the window maximizes and then drop the item in that open window. Same is true for the desktop, if you have many windows open, you can drag the file over to a blank spot on the taskbar and wait for all open windows to minimize automatically upon which you can then drop the item on the desktop. If you try dragging an entire drive or any other item onto some other item then you will notice that no copy of the item is made instead a shortcut is created pointing to the item in My Computer. If Windows cannot create a shortcut at some place due to some reason then it will ask you if you wish to place the shortcut on the desktop or not. Like in My Computer itself, if you try dragging a hard disk drive to the Floppy Drive Icon then (if there is no floppy in the drive) Windows will inform you that the shortcut cannot be created and whether you would like to place the shortcut on the desktop. Windows XP has integrated CD Burning into explorer, a technology until now never seen in any Microsoft OS. If you have a CD-RW Drive, that is, a drive that can burn CDs, then you can copy data to the CD Drive by merely giving a Right-Click on the file or folder and selecting Send To >> CD-RW Drive. Once you have sent all data to the drive, go to My Computer and double click on the CD-RW Drive icon to open it and select Write these files to CD from the common tasks pane on the left hand side. You will be presented with a Wizard that guides you through the writing process. By default the drive writes at the maximum speed that the CD can take. If you want to adjust the speed of the drive while writing a CD then open My Computer, Right-Click on the CD-RW Drive icon and select Properties. Under the Recording tab select the recording speed that the drive should employ to write CDs. Until the CD is written Windows stores the temporary files on the hard disk whose
Page | 51
Riyaz Ahemed Walikar
A Beginners Approach to Windows location is given by C:\Documents and Settings\$Username$\Local Settings\Application Data\Microsoft\CD Burning\.The $Username$ is replaced by the current logged on user‘s username.
CD Burning refers to the procedure of writing data on to CDs using specialized software and a drive that can essentially write data from the computer on to the CD ROM.
The CD Writing Wizard- Print Screen 4.8
IV.5: %Homepath% & My Documents A standard home computer may have many Users and therefore it becomes essential that each user may have his or her separate folder with customized looks. The term %Homepath% is actually the name given to the current user‘s special system folder. Every user has his own special folder that is created when the user was created on the computer. This folder is the C:\Documents and Settings\$Username$\ folder that is found in the %Homedrive% (C:\ drive in this case). You can use these terms as shortcuts to open their respective folders. Just go to Start >> Run and type %Homepath% and press Enter to see your folder.
The %homepath% folder can also be opened by going to Start >> Run and typing a single dot (.) OR a double inverted comma (“). Works for Windows XP.
Page | 52
Riyaz Ahemed Walikar
A Beginners Approach to Windows Let us take a standard example of Administrator. His %homepath% will be C:\Documents and Settings\Administrator. This folder has all the settings of the current logged on user (the Administrator in this case). When newly created a standard %homepath% has the following items: Application Data H Local Settings H Templates H PrintHood H SendTo H NetHood H Ntuser.dat.LOG H F Ntuser.dat H F My Recent Documents H Ntuser.ini H S F Desktop Start Menu Favorites Cookies Windows Administrator‘s Documents The H and S signify Hidden and System attributes of the files and folders. The F is shown here to signify that it is a file. You may not be able to see all of the above mentioned files and folders. To see all the above mentioned files and folders, go to Tools >> Folder Options and under the View tab select the option that says Show hidden files and folders, further scroll down and remove the check mark that says Hide protected system files (Recommended). Windows will warn you that it ain‘t good but you continue and click on Yes. Although not necessary for the beginner, we shall now see the basic importance of some of these files and folders. What should be more relevant to the beginner is the last folder in the list i.e. the My Documents folder (current user is Administrator). Application Data: This folder contains standard file settings for different applications. For example if you have Adobe‘s Photoshop 6.0 installed and you have used it at least once then this folder may contain user specific brushes and color settings etc. This folder may also contain a folder called Microsoft under which you will get the user specific settings for various Microsoft Applications like Word, Excel and Internet Explorer. The Quick Launch that you find on the taskbar is actually a folder whose location is C:\Documents and Settings \Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch. Programs may not work correctly if these sub folders are moved or altered. Local Settings: Local Settings has 4 important folders 2 of which can neither be shared nor customized. One is the History folder that contains Internet Explorer (IE) History and Temporary Internet Files which stores files that are downloaded temporarily on to the system, like for example if you visit http://www.microsoft.com then all images and flash animation files are downloaded and kept in this folder and then displayed in IE so that if you come back to a certain page back again then the page reloads faster. The other 2 folders are Application Data and Temp. Application Data here also does almost the same thing except a few changes here and there. One important thing to notice is the CD Burning folder that Windows uses while burning CDs. The Temp folder is a (as the name suggests) temporary folder that is used by setup files and running applications to create temporary copies of opened files. The contents of these files are periodically deleted by the applications themselves. This folder also holds the Error Report that the Error Reporter talks about. If that did not make sense then let me explain; Windows XP has an inbuilt error reporting tool that takes a snapshot of the system when an error occurs and prompts you to send the error report to Microsoft so that they can help you rectify the problem. This error report is kept in folders having weird names like dir.000.tmp and the like. The Temp folder can also be accessed from the desktop by going to Start >> Run and typing %Temp% in the text box. You can safely delete the contents of
Page | 53
Riyaz Ahemed Walikar
A Beginners Approach to Windows the Temp and Temporary Internet Files periodically to conserve hard disk space. It is actually good practice to delete the contents of the Temp folder since they may contain harmful files downloaded accidentally from the web. Templates: This folder contains the templates that are used when creating new files by applications. Like for example if you select File >> New in Microsoft Word then the file that is created is a copy of the file winword.doc until it is saved. A Template is basically a master copy of a file which applications use to create child documents out of. SendTo: This contains some of the items that are seen in the right-click menu of most files and folders. You can add your own shortcuts here and see the result in the right-click menu. Ntuser.dat.log: This file alongwith Ntuser.dat is used by Windows and it contains user specific information like User settings of the Desktop and application permissions. More on this in the Registry Chapter. My Recent Documents: This folder contains the shortcuts to the documents opened in the current session. You can see these files in the Classic Start Menu under the Documents option. Along with files opened, this folder also contains the shortcuts to folders opened but you cannot see the folders in the start menu. Desktop: This folder contains the desktop icons, files and folders of the current user. Along with the icons from the Desktop folder of All Users, your current desktop is displayed. Start Menu: This folder contains all the icons and folders from the Start Menu of the current user. This along with the Start Menu of All Users, your current Start Menu is displayed. Favorites: This folder contains the links and the Links folder that are displayed in the Favorites Menu in the Menu Bar of any Explorer Window. Cookies: This folder contains cookies downloaded from the internet. Cookies are small helper files that enable a website to recognize the current visitor and display certain logged on user specific information on their webpage. For example assume that you are surfing a shopping website and you want to buy a camera and you even book it and the next time you go online after may be 3 days and you log in to the website. The website then shows that you have booked a camera. This information is stored in small files called cookies which are stored by the website on to your computer. Cookies are practically harmless but if you are still concerned about security you can disable them completely through the Internet Options dialog. Administrator’s Documents: This folder contains files and folders personal to the user. This same folder is also seen on the Desktop and in the Start Menu. Each user has his/her own personal folder with sub folders already customized by Windows to store Music & Video files. A standard My Documents folder contains pre-customized folders like My Music, My Pictures and My Videos. The My Documents folder is usually found on the desktop if you are using the Classic Start Menu else it will be there in the Start Menu. You can have it in both the places in fact. Just right click the My Documents icon in the Start Menu and select the Show on Desktop option. If you wish to make your My Documents folder inaccessible to the other users of your computer then you can do it by making your folders private. This is not applicable everywhere but limited to only C:\Documents and Settings\$Username$ and sub folders, where $Username$ is your username on the computer and C: drive is the root drive on which Windows is installed. To make a folder private, Right-Click on the folder and select Properties; after which under the Sharing tab, put
Page | 54
Riyaz Ahemed Walikar
A Beginners Approach to Windows a check mark against the Make this folder private option. Another thing to notice about the My Documents folder is that it does not have the Customize tab in its Properties. One thing that makes no sense is the fact that Microsoft advises their OS users to store all their files in their My Documents folder. You may have seen during Windows Installation that setup splashes information on the screen telling you to store files and other data in My Documents. Even when you want to save a file in Notepad, MS Word, MS Excel or any of the several other applications that allow you to create and edit files, you may have noticed that the default folder that is opened to save is the My Documents folder. Also when you want to open a file from the File >> Open menu of the application, often it is the My Documents folder that opens up for you to select a file. The reason that it does not make any sense is because of the simple reason that the My Documents folder lies in the %systemroot% drive. Now you may wonder what is wrong with it. Well your %systemroot%, usually the C:\ drive, contains the Operating System and it may so happen that your computer may get infected with a virus or any malicious program and it is a fact that most viruses infect system files and that means that the possibility of you reinstalling Windows cannot be ruled out. There are viruses out there that can literally wipe out boot sectors. So if someday your computer refuses to start, giving an error that Ntdll.dll could not be found or Error Loading Operating System and there is no other way other than formatting your drive, creating a new boot sector or a Master Boot Record and reinstalling Windows what will you do to save your files? The best workaround to the above problem is that you can create two or more than two partitions and name one as Data and the other as Multimedia and so on and save crucial data on to these drives. In that way, even if something happens to your computer and you have to reinstall Windows you can still pray that your data is almost safe. You can make something foolproof, but you can‟t make something damn foolproof. If your data matters to you more than your life, then please take a backup on to an external device and regularly scan your computer using an updated Antivirus.
IV.6: Recycle Bin The Recycle Bin is like a dustbin in which you throw away unwanted stuff from folders. Whenever you right-click and select delete, the file or folder is stored in the Recycle Bin until it is ready to be thrown out permanently. Files and folders can also be deleted by pressing the Delete key on the keyboard. Normally when you delete a file or folder, Windows asks you to confirm the deletion by popping a confirmation message. This message can be bypassed by changing the properties of the Recycle Bin. You will under normal circumstances you will always find the Recycle Bin on the Windows Desktop. When you first run Windows, Recycle Bin is the lone component that you will see sitting on the desktop in the right hand corner down. Recycle bin is an effective solution for unwanted files that keep piling up. You can periodically delete files that you do not need and if the need arises restore them from the Recycle Bin. You can even configure Windows to delete files permanently out without storing them in the Recycle Bin. Although this is not advised, you can still do it.
To delete items permanently without sending them to the Recycle Bin you can press Shift + Delete.
You can adjust the Recycle Bin to store files upto a certain size and delete the remaining. To adjust these and other settings, right-click on the Recycle Bin icon and select Properties to open the Recycle Bin Properties dialog box. Here you will see „n‟ tabs where n-1 is the number of drives on your computer. One tab which is extra under the Recycle Bin Properties is the Global tab. If the Use one setting for all drives option is selected under this tab then all other options are disabled
Page | 55
Riyaz Ahemed Walikar
A Beginners Approach to Windows under the other tabs. Keeping this option selected you can then adjust the maximum size of the Recycle Bin in terms of percentage. This is a common setting for all drives. Let us take an example to understand this option more clearly. Assume that you have a computer with a 40 GB hard disk. Your computer has 4 drives of 10 GB each. Now your computer‘s current Recycle Bin setting allows you to store files which will not take more than 10 percent of the drives. That means that you cannot store more than around 100 MB of deleted files in the Recycle Bin. All data on a computer is stored in the form of binary numbers so that the processor and other devices can understand it. Binary format is a form of storing data using just two numbers: 1 and 0. The word „Hello‟ may be stored as 110010101000100110. These digits are converted to high (1) and low (0) forms of voltage by semiconductor devices and transistors seen on the motherboard and inside the processor. A high voltage (around 6 volts) is interpreted as a 1 and a low voltage (around 2 volts) is interpreted as a 0 by the processor and other hardware. A group of 4 digits is called a nibble. 2 nibbles make a bit. 8 bits make a byte. 1024 bytes make 1 Kilobyte (KB). 1024 kilobytes make 1 Megabyte (MB). 1024 megabytes make 1 Gigabyte (GB) and most computers today have 40 to 80 GB hard disks. When saying 40 & 80 GB disks, the size is literally not so. 40 GB comes out to 38162 MB (37.26 GB) practically. If you attempt to delete a file whose size is larger than the limited size then the file is deleted directly. Windows asks you before deleting though. If you notice carefully there is an option to delete files directly without sending them to the Recycle Bin. You can even prevent Windows from displaying a confirmation box when you delete an item by de-selecting the Display delete confirmation dialog. Click on OK to save changes. If you open the Recycle Bin, you will see that the common tasks pane has a section called Recycle Bin Tasks which contains just 2 options. One is to Empty the Recycle Bin. This will delete all files from the Recycle Bin forever. You can restore all items from the Recycle Bin to their original locations by selecting the Restore all items option from the Recycle Bin Tasks section of the common tasks pane. You cannot open a file or folder when in Recycle Bin. If you right click over any item you will see that the default action that is performed is to show the properties dialog of the item. If you want to see the contents of a file or folder you have to either restore the item to its original location or you can cut the item and paste it in any folder and then open it. The properties dialog of the items in the Recycle Bin may not show you the exact location instead you may be shown only the folder. Like for example if you have a file in D:\Games\Section 13\data\system\ called soldier.tfp and if you delete it and then you see the properties of the soldier.tfp file in Recycle Bin, you may be shown that the Origin of the file is ‗system and now you will have to wonder where the file will go if you restore it because there could be several folders with the name system, Windows itself has a folder called system which stores all system files in Windows 98 and mouse and keyboard drivers in Windows XP. A way of knowing the location of a file is to see the tooltip that Windows displays when you move your mouse over the file in Recycle Bin. You can change the icon of the Recycle Bin (full and empty) by opening Display Properties and selecting Customize Desktop under the Desktop tab.
IV.7: Searching for Files Most computers have on an average 25000 files; these include your Windows system files and your personal data. Some people have large collections of music and video files on their computer whereas some people like me like to collect desktop wallpapers and other pictures. I have a whooping 11,674 pictures on my hard disk. In these cases you may want to get a certain file and
Page | 56
Riyaz Ahemed Walikar
A Beginners Approach to Windows you just can‘t remember the locations or you may know the location but you don‘t know the file. I have met people who have forgotten where they had kept their entire mp3 collection, overnight!! Windows Search comes to the rescue on these accounts. Older versions of Windows also had a Search option but it wasn‘t all that user friendly. Windows XP has a search that you would love to use. Windows XP‘s integrated explorer search allows you to search for any kind of file from any folder on your PC. Open any folder, My Computer for instance, and just click on Search on the standard toolbar (there is a magnifying glass next to it, you can‘t miss it) to open the search pane on the left hand side of the screen. Windows XP search is pretty much self explanatory. In the search pane click on the Pictures, Music, or Video option to search for any or all of them. You can even use advanced search options and search with a filename. If you don‘t know the name of the file but you know that it began with nat then you can use wildcard characters like the asterisk (*). Just type nat* and click on search. Windows will search all files that begin with nat and which are pictures or music files or videos depending on the option selected. You can even search for Documents which include MS Word, MS Excel, MS PowerPoint and other Office applications. You can specify the time when it was modified to search faster. These are not the only file types you can search. Use the All files and folders option to search for files of any extension by just putting the extension of the files preceded by an asterisk. For example, if I want to search for a video file whose name contains the letters ‗per‗and whose extension was something like .av, (assume I can‘t get the remaining letters), I can still search and get positive results. I have to just open search and click on the All files and folders option. In the first text box, All or part of the filename, I have to type *per*.av* and click on search. This will cause Windows to search all files which have the letters per and whose extension begins with av. I may get a search result with my file Superman.avi somewhere in the D:\ drive. You can use this Windows search tool to search for computers on your network or you can use it to search for people in your address book which you may have configured for Outlook Express (it‘s a mail client). Help and Support centre is also accessible from here. You can then use Help and Support for your other searches. You can even search the Internet through the Windows search!! You can customize many things in Search. Just click on Change preferences. You can turn off the animated character that is visible and active below or you can switch him for another character. More characters are available when you install MS Ofiice. Indexing service is an interesting concept; when you select the Yes, enable Indexing Service option, Windows automatically categorizes and indexes files and folders throughout your computer and keeps the records of each and every folder on your computer so that searching takes place more faster and effectively. If you are well versed with file extensions and file names you can try using the Advanced Search Mode as default. Click on Change files and folders search behavior and select Advanced. Click OK to save changes. You can also disable Search from showing informative balloon tips. Suppose you have searched for a file called mother.jpg, which by its extension we know that it is a picture file, now turning AutoComplete off will prevent Windows from showing the last few entries that were made during the search and you will have to type the name all over again. With Auto Complete on, you have to just type in the first one or two characters and the previously searched words beginning with the same characters are displayed. After a search when the searched files are being displayed you can right click on any of the files and select Open Containing folder to see the other files in that directory. After finishing a search you can even save your search as a *.fnd file. To save your search, just right-click anywhere in a blank space in the search window and select Save Search. Type a name for the file and click on Save.
Page | 57
Riyaz Ahemed Walikar
A Beginners Approach to Windows One of the things that most people don‘t know is that you can make the animated character do several tricks that it is programmed to do. Just give a single click on it and select Do a trick from the menu that comes up. I personally like Merlin and his cooking of green magic potion trick. Search can be run from any folder by clicking on search from the standard toolbar, but remember to change the Look In section of the search to the folder of your choice because Windows will search for files only in that folder through which search was opened. The other way of opening the Search window is through the Start button. Click on Start >> Search >> For files or folders.
IV.8: File Extensions & Open With Windows and similarly all applications recognize files by something called as file extensions. File extensions are nothing but the part that comes after the dot (.) in a filename. Windows recognizes almost all file extensions except those for which no programs are installed. Windows explorer itself being a .exe file is an executable file because of its .exe extension. Windows will not recognize that .doc is a MS Word document unless and until Office is installed and MS Word is present. Windows by default hides file extension of known file types. This can be quite disastrous since there are viruses that have icons of picture files and have long and attractive filenames so that the innocent computer user may fall prey to the program. Since extensions are hidden by default an unsuspecting user might open the virus (since it‘s an exe, it will run) thinking that it is a picture file. To show file extensions open any folder and go to Tools >> Folder Options to open the Folder Options dialog box. If there is no Option for Folder Options then it will be disabled through the registry, jump to the chapter on Windows Registry, enable Folder Options and come back here. Under the View tab of the Folder Options dialog, scroll down and deselect the option that says Hide extensions for known file types. One file that does not show its file extension even after removing this check and that is the shortcut file. Windows shortcut files have an extension of *.lnk (link when extended) All the program shortcuts in the start menu and the desktop have an extension of .lnk. Windows programmers were aware of the fact that there could be deceiving viruses out there so to prevent infections out of stupid actions this option was built. But if even shortcuts would show their extensions then the entire desktop, start menu, search and all the other places where shortcuts are used would look all crappy. Also any accidental changes to these shortcuts would prevent some programs form running properly. Below is a list of some common file extensions that you would probably see on a normal computer along with a brief description and the name of the application(s) that can be commonly used to open and handles such file extensions.
Extension
Description
Application
*.ADP
Microsoft Access Project File
MS Access
*.AIF
AIFF Audio file
QuickTime Media Player
*.ANI
Cursor Files. The Windows mouse cursor etc..
Windows
*.ASF
Audio/Video file
Windows Media Player
*.AVI
Audio Video Interleaved file. An AVI clip is a series of bitmap frames like a movie.
Windows Media Player
Page | 58
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.BAT
Batch Files. DOS commands script file. Very helpful in running common tasks.
Windows (run as an executable)
*.BMP
Bitmap Image
MS Paint/Adobe Photoshop
*.CAB
Cabinet files. Mostly used by setup files during installation of a program. Data is stored in these files and copied to the system from here.
Windows
*.CAT
Catalog files. Security & Program descriptions.
Crypto Shell Extensions ‗rundll32.exe cryptext.dll‘
*.CER
Security Certificate files. Validates program and system interaction.
Crypto Shell Extensions ‗rundll32.exe cryptext.dll‘
*.CHM
Compiled HTML help file. Files containing help and information about a program.
hh.exe
*.COM
Command prompt or MS – DOS applications. Found in abundance on older systems.
MS-DOS / Windows
*.CPL
Control Panel Extension files. Components of the Control Panel which are run with control.exe.
Windows / Control Panel
*.DAT
Data files. VCD movies and program information formats.
Windows Media Player (VCD)/Associated program
*.DB
Database files. Common eg is the Thumbs.db file found in Windows XP.
Windows
*.DBF
Database files. Tables of version I, II, III & IV
Microsoft Access
*.DIB
Image files.
Paint
*.DLL
Dynamic Link Library files. One of the most important extensions in Windows. Used by almost all applications to call Windows functions and procedures or run self developed procedures. E.g All Windows Icons and tool tips are stored in shell32.dll file.
Windows / Application for which developed
*.DOC
Word Document
MS Word
*.DOCHTML
Word HTML Document
MS Word
*.DOT
Document Template file
MS Word
*.DRV
Device Driver. Allows the hardware to interact with the OS.
Windows
*.EXE
Executable file
Windows
Page | 59
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.FLA
Flash Document. Flash animation and effects are done through this file.
Macromedia Flash
*.FON
Font File. Contains fonts to be used by system.
fontview.exe
*.GIF
Image file. Two or more frames can be added to make a single gif image which will then give an animated look. Used in buttons on websites and on banners.
MS Paint / Adobe Photoshop
*.GZ
Compressed file. Used as an archive.
Winzip
*.HLP
Help files. Contain help and information about program they come along with.
winhlp32.exe
*.HTML
HyperText Markup Language files. Webpages basically.
Internet Explorer / MS Frontpage / MS Word
*.ICO
Icon files.
MS Paint
*. INF
Setup information files.
Any Text Editor (e.g. Notepad)
*. INI
Program Initialization files. Contain program configuration settings.
Any Text Editor (e.g. Notepad)
*. JPEG/JPG
Image file. Clear images and a reduced file size. Much smaller than *.bmp files.
MS Paint / Adobe Photoshop
*.KEY
Registration entries. Contains information specific to the system registry. Information can be added to the registry by right-click Merge or double click.
Windows / Edit - Any Text Editor (e.g. Notepad)
*.LOG
System or program log files. Contain information about what happened in the past when the program was running.
Any Text Editor (e.g. Notepad)
*.M3U
Media list. Used by media applications to store path and filenames of media files which are to be being played.
Winamp / Any Text Editor (e.g. Notepad)
*.MID/MIDI
MIDI audio file. Not music exactly but a series of tones that appear in a tune. Mobile ringtones and Old Video game music are examples.
Winamp/Windows Media Player.
*.MMM
Multimedia Movie Clip
Windows Media Player
*.MOV
QuickTime Movie
QuickTime Player
*.MP2
Audio file. Stands for MPEG Layer 2
Windows Media Player / Winamp / Any other Audio
Page | 60
Riyaz Ahemed Walikar
A Beginners Approach to Windows Player *.MP3
Audio file MPEG Layer 3
Windows Media Player / Winamp / Any other Audio Player
*.MPE/MPEG
Multimedia file. Movie file in most cases. Motion Pictures Experts Group.
Windows Media Player / Winamp / Any other Multimedia Player
*.MPG
Movie File
Windows Media Player / Winamp / Any other Multimedia Player
*.MSC
Microsoft Management Console file. Child files for Main console running.
MMC.exe
*. MSI
Windows Installer. Setup.exe kind of file except that it uses the Windows Installer that comes with Windows, all information still being in the MSI file.
msiexec.exe
*.NFO
MSInfo file. System Information and other general and detailed info showing file.
Opens with msinfo32.exe
*.OCX
Activex Controls. Used by applications to create objects that are used in normal system working.
Windows / Other Applications
*.PCX
Image File
MS Paint / Adobe Photoshop
*.PNG
Image File
MS Paint / Adobe Photoshop
*.POT
PowerPoint Template
MS PowerPoint
*. PPS
PowerPoint Slideshow
MS PowerPoint
*.PPT
PowerPoint Presentation file
MS PowerPoint
*.RAM
Real Media Player‘s multimedia file
Real Player
*.REG
Registration entries. Contains information specific to the system registry. Information can be added to the registry by right-click Merge or double click.
Windows / Edit - Any Text Editor (e.g. Notepad)
*.RM
Real Media Player‘s multimedia file
Real Player
*.RTF
Rich Text format. An old popular format for storing text documents.
MS Word / Wordpad
*.SCR
ScreenSaver
Windows (run as an executable)
Page | 61
Riyaz Ahemed Walikar
A Beginners Approach to Windows *.SWF
Shockwave Flash Movie. Animated movie created using Flash or any flash supported application.
Flash Player.
*.TLB
Type Library files.
Windows / Applications referring to them.
*.TXT
Text files.
Any Text Editor (e.g. Notepad)
*.WAV
Windows Audio Video file. Common format for playing music on Windows. Huge size though if codecs are not used.
Winamp / Windows Media Player / Windows
*.WMA
Windows Media File
Windows Media Player
*.WMV
Windows Media Video. Video File; very difficult to edit and add effects. Very few players offer support. Clear but huge file size.
Windows Media Player 9
*.XLS
Excel Worksheet
MS Excel
*.ZIP
Zipped Compressed archive file. Used to store several files and folders in a single file as compressed archive.
WinZip / Windows Compressed Zip Folders.
We can change file associations through folder options to cause files to be opened by other applications. For example if mp3 files on your computer open with Windows Media Player, then you can change that to Winamp by changing the file association to Winamp. Open Folder Options go to File Types, search for the mp3 extension and click on Change to select a program and click OK.
IV.9: Windows Services Windows has several programs running called Services in the background that are continuously using the processing power of the computer to complete Windows requests and user generated actions. Along with inbuilt and essential Windows services you may also find many other third party applications. Basically every action that is performed by Windows depends or is used by a service. To see a complete list of services on your computer go to Control Panel >> Administrative Tools >> Services or go to Start >> Run and type services.msc. The list is a Microsoft Management Console snap-in (*.msc). Services can be configured with one of three settings, disabled, manual and automatic. Automatic services will be started every time Windows is loaded, while manual services must be started by the user through the Management Console snap-in or through an executable file or command. Disabled services are those that cannot be run. Generally speaking, manipulating most of these system services can in fact cause your system to stop responding the way you want it to. Many of these services are critical to the functioning of the Windows Operating system. There are certain exceptions though and you can always disable or stop these services from the services console window. Even some third party services may run as a service and hamper with the normal functioning of your system. It is also common for most services to have dependencies, that is, they depend or are depended upon by other services and their termination or start may cause other services to behave unexpectedly.
Page | 62
Riyaz Ahemed Walikar
A Beginners Approach to Windows Below is a list of common and important Windows services that you may find on a Windows XP system. You can change the status of any of these services by selecting properties from the right click menu. These services and settings are taken from a Windows XP Home Edition computer, the service and startup type may differ on your computer. The most important services are usually ‗Automatic‘ like the Remote Procedure Call Service and the Application Layer Gateway Service.
Service Name
Description
Startup Type
Alerter
Notifies users of administrative alerts
Manual
Application Layer Gateway
Provides support for Internet Connection Sharing and the Internet Connection Firewall
Automatic
Application Management
Provides software installation services such as Assign, Publish, and Remove. (Add/Remove Programs)
Manual
Automatic Updates
Enables the download and Installation of Windows updates
Automatic
Background Intelligent Transfer Service
Uses idle network bandwidth to transfer data.
Automatic
ClipBook
Provides support to the ClipBook Viewer that allows remote computers to access the copied or cut items on the local computer.
Manual
Computer Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers.
Automatic
Cryptographic Services
Management of Certificates and the File Signature database.
Automatic
DHCP Client
Manage network configuration by registering and updating IP addresses and DNS names.
Automatic
Distributed Link Tracking Client
Maintains a link of NTFS files moving in a computer or between two computers in a network.
Automatic
DNS Client
Resolves and caches Domain Name System (DNS) names.
Automatic
Error Reporting Service
Allows error reporting for services and applications.
Automatic / Manual / Disabled
Event Log
Record System, Security, and Application Events. Viewed with the MMC Event Viewer (eventvwr.exe in NT).
Automatic
Fast User Switching Compatibility
Enable multiple users to login to the same PC simultaneously. One user can switch user and the other user can login.
Automatic
Page | 63
Riyaz Ahemed Walikar
A Beginners Approach to Windows Help and Support
Provides the interface for XP‘s Help and Support
Automatic
Human Interface Device Access
Provides support for extra keyboard buttons and some other multimedia devices.
Manual / Disabled
IMAPI CD-Burning COM Service
Enables Windows XP CD Writing property.
Automatic
Indexing Service
Indexes contents and properties of files on local and remote computers
Manual / Disabled
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Automatic
Logical Disk Manager
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration.
Automatic
Logical Disk Manager Administrative Service
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Manual
Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger
Manual
Net Logon
Network Authentication: Supports pass-through authentication of account logon events for computers in a domain.
Automatic
NetMeeting Remote Desktop Sharing
Allows authorized people to remotely access your Windows desktop using NetMeeting.
Manual
Network Connections
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Manual
Network DDE
Support the network transport of DDE (Dynamic Data Exchange) connections.
Manual / Disabled
Network DDE DSDM
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable.
Manual / Disabled
Network Location Awareness (NLA)
Collects and stores network configuration and location information, and notifies applications when this information changes.
Automatic / Manual
Plug and Play
Enables a computer to recognize and adapt to hardware changes with little or no user input.
Automatic
Page | 64
Riyaz Ahemed Walikar
A Beginners Approach to Windows Stopping or disabling this service will result in system instability. Print Spooler
Loads files to memory for later printing.
Automatic / Manual
Protected Storage
Provides secure storage for sensitive data like Outlook Express passwords etc.
Automatic
Remote Access Auto Connection Manager
Creates a connection to a remote network whenever a program references a remote address.
Manual
Remote Access Connection Manager
Creates a network connection. Used to create Dial-ups and other RAS connections.
Manual
Remote Desktop Help Session Manager
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable.
Manual
Remote Procedure Call (RPC)
The most important service. Provides the endpoint mapper to all RPC activities including user logon and server manager. If RPC terminates, the system usually restarts.
Automatic (You cannot change the status on some machines)
Remote Procedure Call (RPC) Locator
Manages the RPC name service database.
Manual
Removable Storage
Manages removable media, drives etc.
Manual
Secondary Logon
Enables starting processes under alternate credentials.
Automatic / Manual
Security Accounts Manager
Stores security information for local user accounts.
Automatic (You cannot change the status on some machines)
Server
Support for file sharing, print sharing
Automatic
System Event Notification
Track system events such as Windows logon, network, and power events.
Automatic
System Restore Service
Performs system restore functions.
Automatic
Task Scheduler
Enables a user to configure and schedule automated tasks on this computer.
Automatic
TCP/IP NetBIOS Helper
Support for name resolution via a lookup of the LMHosts file.
Automatic / Manual
Themes
XP Active Desktop Themes, and quick launch toolbars
Manual / Disabled
Windows Audio
Manages audio devices for Windows-based
Automatic
Page | 65
Riyaz Ahemed Walikar
A Beginners Approach to Windows programs. If this service is stopped, audio devices and effects will not function properly. Windows Installer
Installs, repairs and removes software according to instructions contained in .MSI files.
Automatic
Windows Management Instrumentation
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly.
Automatic
Windows Time
Maintains date and time synchronization on all clients and servers in the network.
Automatic
WMI Performance Adapter
Collect performance library information.
Manual
Workstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable.
Automatic
When you install any antivirus software, the program may run as a service. To see all the running services (Microsoft or Non Microsoft), go to Start >> Run and type msconfig to open the System Configuration Utility. Select the fifth tab to see the services page. Check the Hide all Microsoft Services check box to see all Non Microsoft Services. You can even enable all or disable all services here. Please do not enable all services because this will slow down your computers performance considerably. You will have to restart your computer to see the changes. The best option is to open the Services.msc snap in and convert all services startup type to manual. Then restart your system normally. You will notice that the computer starts miserably slowly at this time. Once your computer starts completely, do some normal computing that you would do in everyday life, listen to music, play a game, open MSWord, Excel, Install & run programs, open My Documents, connect to the net, browse a few sites, download some files etc. This is to enable Windows to select which service is important for your daily computing. After you have finished with your routine, open Services.msc again and now see which services have started, turn them to Automatic and you can now be sure that Memory & Resource Management has been taken care of.
IV.10: System Restore & Windows Update System Restore, an integral component of Windows saves us a lot of trouble by allowing us to jump back to a previous working state of Windows. By the name itself you should get an idea of what this does. System Restore is a component of Windows XP that you can use to restore your computer to a previous state, if a problem occurs, without losing your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or e-mail). System Restore monitors changes to the system and some application files, and it automatically creates easily identified restore points. These restore points allow you to revert the system to a previous time. They are created daily and at the time of significant system events (such as when an application or driver is installed). You can also create and name your own restore points at any time. System Restore is completely reversible. That is you can change back to your current computer‘s
Page | 66
Riyaz Ahemed Walikar
A Beginners Approach to Windows configuration even after you have restored. System Restore is automatically installed and configured on Windows XP if your computer has at least 200MB of free disk space after Windows XP is installed. This complicated looking property of Windows XP is fairly simple to understand. Windows XP creates folders called System Volume Information which is present in every drive that is being monitored. Like suppose you have your D:\ drive, there will be a System Volume Information folder, if your drive is being monitored by System Restore, and usually it will be inaccessible. Firstly because you may not be able to see it and secondly even if you manage to see it, you may not be able to open it because this folder is usually protected by a Control Access List (detailed later). To see the System Volume Information folder go to Tools >> Folder Options. In the Folder Options dialog that opens up click on the View Tab and scroll down and remove the check against the option that says Hide Protected Operating System files (Recommended). You will be prompted with a warning, click on OK and proceed to any drive and check out for yourself. The System Volume Information folder contains sub-folders whose names begin with RPX$$ where the $$ stand for a number that is generated when the restore point is created. These folders contain all the information required to restore the computer back to a previous working condition. System Restore when invoked as an application to create or restore ‗Restore Points‘ then a file called rstrui.exe, which is found in %Systemroot%\system32\Restore\ is run. Let us take an example; assume that you've obtained a new and powerful game called Section 13 from a friend and you wish to try it out but are feeling out of mind since the game is not exactly compatible with Windows XP (assume, there‘s absolutely no way that can happen though) and your hardware. You do not want to reinstall your OS if something goes wrong and you also want to try out the game. Then run System Restore and create a restore point. You can start System Restore by going to Start >> All Programs >> Accessories >> System Tools >> System Restore. The System Restore welcome screen displays 2 options, which you can select to perform the desired function. First we shall see how to create a restore point. Select the second option that says ‗Create a restore point‘ and press Next. Type a name for your restore point, Anything that will help you remember what you created this restore point for. Something like ‗Before Installing Section 13‘ will do. Remember that once created, a restore point cannot be changed. Click on Create and Windows will create a custom restore point for you. The current system time and date are automatically added to your restore point. After the restore point is created you will be presented with a page that will give you the details of time and date when it was created. For now click on Close.
Page | 67
Riyaz Ahemed Walikar
A Beginners Approach to Windows
System Restore (Creating a Restore Point) - Print Screen 4.9
In case the game works its well and fine, but if it doesn‘t and your Windows XP does not start properly then you can start the computer in Safe Mode and restore your computer to the working state by selecting the restore point named ‗Before Installing Section 13‘. The best method to do this is through the Safe Mode. To start your computer in safe mode, press the F8 key when your computer starts. If you enable the visibility of the boot.ini file (see the previous chapter‘s challenges) then it shouldn‘t be a big deal. Once started go to Start >> Run and type \windows\system32\restore\rstrui.exe. To restore you computer to a previous state, select the first option that says ‗Restore my computer to an earlier time‘ and press Next. In the Select a Restore Point page, select a date from which you want to restore. The dates that are only in bold contain restore points. Select the date on which you installed the game and select the name that you had given to the point from the right hand pane. Click Next. The next page is the last page for you to change your mind, else click on Next to start restoration. Close all open applications and files and folders. During restoration Windows shuts down and after all the settings and files are restored Windows restarts with the new restored mode. If in case you are not happy with your restoration you can either reverse it back or select another restoration point from the System Restore window.
Page | 68
Riyaz Ahemed Walikar
A Beginners Approach to Windows
System Restore (Changing Drive Space Settings) - Print Screen 4.10
OK now that you have understood the basics of System Restore, lets see how you can change the allotted space of System Restore files. As explained Windows stores these files in RPX folders in a folder called System Volume Information which is present on the drive on which System Restore is enabled. By default Windows enables it on all drives with a space usage of 12% of the total drive space. To change System Restore settings, right click on My Computer >> Properties and then click on the System Restore tab. You can turn off System Restore on all drives directly by clicking on the lone check box on this page or change individual drive settings by selecting a drive and the pressing the Settings button. You can adjust the amount of space to be used by System Restore to save files which are to be restored if the need arises. Lowering the amount of space means less number of restore points can be saved.
Please turn off System Restore on all drives when running a virus scan, since the System Restore folders „System Volume Information’ may contain a copy of the virus and it is a known fact that Windows does not allow any software to see what‟s inside these folders even if they are antivirus softwares. After the virus scan enable System Restore.
Windows Update is another time saving and customer friendly component of Windows. Windows is a web based software update service for Microsoft Windows Operating Systems. It offers a location for downloading critical system component updates, service packs, security fixes, patches and free upgrades to selected Windows components. Additionally, it automatically detects the user's hardware and provides driver updates when available, and can offer beta versions of some
Page | 69
Riyaz Ahemed Walikar
A Beginners Approach to Windows Microsoft programs. You require Internet Explorer to use Windows update if you are checking and downloading manually. Windows XP‘s Service Pack 2 was a part of Windows Update 5 which was released some time in late 2004. Windows provides an inbuilt component that manages updates when you are connected. You can configure Windows Update to download and install updates as and when they are obatined or to ask you after downloading them or to ask you before downloading any updates. Windows connects to http://windowsupdate.microsoft.com/ which is the centre for all patches and updates. The Windows component that manages all downloads is %SystemRoot%\system32\wupdmgr.exe which checks for connectivity and displays periodic information about update status. Windows update can run in the background without interfering with your work and inform you when the downloads are complete. To change these or other update settings, right click on My Computer >> Properties and then click on the Automatic Updates tab. The Automatic selection is the default one but you can change that to any of the other options available. You can even disable Automatic Updates but that is not recommended. If all the options are grayed out (disabled) then the Windows Update Service is probably not running. Open Services and start the Automatic Updates service. Keep your edition of Windows updated in all cases to prevent any flaws or bugs to be exploited by malicious programmers. Prevention is seriously better than cure.
Windows Updates - Print Screen 4.11
Page | 70
Riyaz Ahemed Walikar
A Beginners Approach to Windows IV.11: The Task Manager Perhaps the most diagnostic and important tool not seen in Windows 98 but found in Windows 2000 and Windows XP is the Task Manager. This small yet powerful utility allows you to check where all your computer‘s memory is being used, debug processes, end unwanted programs, check for unknown applications, check virtual memory accesses, see kernel times, see network usage and traffic, disconnect and check users logged on and a hell lot of things more. You may be able to see application windows and open files lined up on the taskbar, but they are not all that are running. If you notice that your computer is not giving the performance that it used to give and your computer‘s hard disk light keeps flashing even if you are not doing anything, you can use the Task Manager to catch hold of the culprit. On older systems, like Windows 98 & 95, when you press the (universal) combination of [Ctrl] + [Alt] + [Del] a list of programs is displayed that are running on the computer and that‘s it. There is no other information shown. You can end programs from here, but when you try to end explorer, Windows pops up the shut down computer dialog box. Even then you can click on Cancel on the shutdown dialog box to restart explorer with the desktop refreshed but what is the use of this dumb box if it does not show anything more than running applications.
The Windows Task Manager- Print Screen 4.12
Page | 71
Riyaz Ahemed Walikar
A Beginners Approach to Windows The Task Manager of Windows XP can be opened by pressing the [Ctrl] + [Alt] + [Del] key combination or you can right click on an empty area on the taskbar and select Task Manager or you can also press the Ctrl + Shift + Esc keys. The Windows XP task manager is found in two forms, one as an executable file called taskmgr.exe and the other as a MS-DOS application (*.com) called taskmgr.com, both are found in the system32 folder in %systemroot% (usually C:\Windows). Anyways just open task manager and see the various functionalities for yourself. If you double click the task manager interface when it is open under the Performance tab then the task manager switches to expanded mode. In this mode you cannot see the tabs or the menu. Double click again to return to normal. The task manager usually has 5 tabs (on Windows 2000 the Users tab is missing because multiple logins is not supported) which are Applications, Processes, Performance, Networking and Users. Since each tab is of special importance therefore we shall see each of the tabs individually: Applications: This is the first tab that task manager has and is the default one that is selected (Task manager remembers what tab was being viewed the last time it was run and displays the same tab on its next run). In this tab you can see all the Programs that are running on your computer. This tab just shows programs that are visible on the taskbar or which have been minimized to the system tray. You can End a particular task by right clicking over it and selecting End Task. If you wish to see which *.exe the program actually is then right click on the icon of the program in task manager and select Go to Process. You will be immediately taken to the second tab, the Processes tab, which will have your selected process as the real executable that was running. For example open your computers C:\ drive through My Computer and then open Task Manager and then under the Applications tab right click on the C:\ drive icon and select Go to Process and you will be taken to the next tab and explorer.exe will be highlighted. As we already know C:\ drive runs through explorer.exe (the Windows shell) and this tiny little experiment is big proof. The best view that can be availed in this tab to see applications is the Details view. To change the current view, click on View in the Menu bar and select Details. Using this view you can see if an application is actually running or is Not Responding. You can then easily end programs that are not responding by just a right click. Processes: This tab shows all the processes running on your computer. If your computer is being used by more than one person that is if you have used Switch User functionality of Windows XP then you can see what process the other user was using in his session by checking the box that says Show processes from all users. You can scrutinize a particular process by using almost 25 parameters that can be selected from the View menu. Go to View and click on Select Columns. In the dialog that opens up select the column that you would like to see in task manager. For now select PID, CPU Usage, Memory Usage, Peak Memory Usage, Username and Virtual Memory Size. Click on OK and see the columns that have come up in task manager. You can click on any column name to arrange the respective column‘s data in ascending or descending order. Every process has an Image Name which makes the first column. The PID is an integer value assigned to every process that runs on your computer and it uniquely identifies every process with the processor. User Name is well the name of the user that started the process. You may notice that even if your User Name is Neo or something like that there will be processes running with user names like System, Local Service, Network Service etc. These services are started by Windows and are required by Windows to run properly. Most of these processes are Windows Services like for example, alg.exe is the Application Layer Gateway service. CPU Usage is the one of the two things that can be used to work out memory and resource hogging processes. This column shows the percentage of CPU power that a particular process uses. You may notice that most processes may show a 00 percent CPU usage; these processes use the CPU infrequently or may uses and complete the task so quickly that the percent increase and decrease is visible as zero. If you arrange the CPU Usage column, the process called System Idle Process should have the majority (almost 99% when system is idle) CPU Usage. This is not exactly a process but a sign of system idleness and the higher the CPU Usage for this so called process, the more of the processor‘s power is available for use. The next column is the Memory Usage column. This is the other factor
Page | 72
Riyaz Ahemed Walikar
A Beginners Approach to Windows that allows us to find resource hoggers. Arranging processes according to their memory usage will cause us to see which process is using the major chunk of it. This memory is your computer‘s RAM (I have 128 MB on my machine) and it is shown here in Kilobytes or $$$$$ K. If you do not recognize the process you can right click and select End Process or you can select End Process Tree to end child processes too. Child processes are processes that are started by a certain process or use some part of a main process frequently. Like suppose MSN messenger is running and if you end process tree explorer.exe then even MSN messenger gets killed since it was started using the explorer interface. If you want to restart a process then you can go to File >> New Task and type the name of the process or browse for it. For example if you have killed explorer and the desktop icons and the task bar have vanished then you can type explorer and press Enter to start the Windows shell again. Peak Memory Usage shows the maximum memory that a process used after it was started. VM Size is the column showing Virtual Memory usage by a process. Virtual Memory is free space on your computer‘s hard drive that is allotted into a file called the Paging File or Page File and is used like physical memory (See the Tips & Tricks Chapter for more) by the Operating System. There are several other parameters you can use to judge a process like Thread Count, Base Priority, Handle Count etc. See the Help Menu for in depth explanation. Performance: This tab shows the CPU usage and Page file usage in terms of graphs. Besides being informative, this tab also shows the amount of memory used by the Windows kernel and how much is used by running applications. The Windows kernel is the main Windows engine that runs and allows hardware and software to interact. This kernel loads during system startup and stays in main memory. To see kernel usage of memory, go to View >> Show Kernel Times; the memory usage of the Windows Kernel will be shown in red. If your computer has two processors than you will see two graphs here (excluding the Page File graph) or if your computer has the Intel P4 processor with HT technology and if Hyper threading has been enabled in the BIOS then too you can see two graphs here. The other graph that is also found here is the Page File Usage History Graph. This graph shows the usage of Virtual memory and amount of paging file used. Networking: This tab shows network information like the usage of network from which you can obtain an idea of the amount of data that is being sent over the network. You can examine a connection using almost 25 various parameters. Select View >> Select Columns to adjust the columns that appear on this page. You can also see the Network Adapter History by going to View >> Network Adapter History and you can select the Bytes sent (Red), Bytes received (Yellow) and the total number of Bytes (Green) to be shown on this page. If you are copying files over the network or are playing games on the network then you can easily diagnose the data that is being sent in and out. Users: The last tab in the Task Manager, not found in Windows 2000, also has some very important functions. This tab shows all the users that are connected to the current computer. Suppose your friend wants to use your computer for some time and you do not wish to close your documents then you can easily Switch User and let your friend login in some other account (assume that he has a account on your compute), then if your friend opens Task Manager and goes to the Users tab, he or she will be able to see that you are connected. He or she can then Log you off or connect you back. Logging you off will cause your open account to be closed, you may or may not be prompted to save your work depending on the application it was. Connecting you will cause your friend to enter the Switch User phase and you can again use your computer as you had left it (your friend has not logged off, that means he is still connected). You can even send the other user a console message that he or she will see when he or she logs on. The Windows XP task manager also allows you to put your computer to Stand By mode, or Hibernate, or Turn off, or Restart, or Log Off, or Switch Users all at the command of a single click. To do any of the above go to Shutdown on the Menu bar.
Page | 73
Riyaz Ahemed Walikar
A Beginners Approach to Windows Another interesting thing that you can do with task manager is that you can select Options >> Hide when Minimized. This causes the task manger to get minimized to the system tray when ever you minimize it. This feature allows you to open the task manager quickly in situations where heavy processing will be done and you fear the application that you may want to open may hang causing Windows to give a hard restart. In such cases Task Manager will open up more quickly since it just has to come to the foreground and then you can use it to close unresponsive programs. Whenever you open task manager a small graph kind of icon comes in the system tray which shows the CPU usage by applications. You can move your mouse pointer over it to see the amount of CPU usage through a tool tip that pops up. This was the general Windows Interface, now its tuning time. Lets see the Control Panel in the next Chapter.
Page | 74
Riyaz Ahemed Walikar
A Beginners Approach to Windows
Challenges: 1. Change the Icons for My Computer and My Documents. 2. Create a Folder called Test in your C: drive and add this folder to the Send To menu of the right click context menu of files and folders. 3. Search the executable that is actually running as the Security Accounts Manager service. 4. Open Task Manager and locate the Security Accounts Manager service executable and try killing it and note the error. 5. The default for opening *.txt files is Notepad, change that to WordPad. 6. Add a separate option to the right click menu of *.jpg files. The option should be Open with MSPaint and the selection of the option should open the *.jpg file in MSPaint. 7. Create a System Restore Point with the name System Restore Test.
Page | 75
Riyaz Ahemed Walikar
A Beginners Approach to Windows
CHAPTER V
The Control Panel This chapter offers an understanding of the Windows Control Panel and its components. The most important and default components of the Control Panel have been explained. Most of the matter contained in this chapter will also be found strewn around in the entire book but they have to be reported here as a base since the Control Panel is the centre for all user configurable procedures. After this chapter the reader should be able to: List all the Control Panel extensions found on a Windows XP system. Uninstall unnecessary programs Install fonts. Clear Internet History and Temporary files. Create an Internet connection. Make a home network. Change display settings and virtual memory settings for better performance of games and applications. Apply Logon and Logoff sounds amongst other Windows sounds. Create Users and customize them. Use the Control Panel to tweak and configure XP for better and customized performance. Note: This chapter has been written with Windows XP as the base. The descriptions may appear to be different for your version of Windows.
Page | 76
A Beginners Approach to Windows The Windows Control Panel is the centre for all system configurations, though not all but almost everything in Windows can be configured here. This includes the sound, video, services, virtual memory, date and time, installed hardware, disk drives, installed applications, users, network connections, fonts and a hell lot more. The control panel itself is a .exe called control.exe located in %systemroot%\system32\ on Windows XP systems. To open the Control Panel go to Start >> Settings >> Control Panel or My Computer >> Control Panel either from the main window or from the Common tasks pane. Control Panel can also be opened by going to Start >> Run and by typing control.exe.
V.1: Control Panel & Extensions (*.cpl) The Windows Control Panel like any other exe has its own files, just like WinWord (Microsoft Word) has support for .doc files or for that matter Microsoft Visual basic (vb6.exe) has support for .vbp and .frm files. All the components that you see in the Control Panel, called applets, are actually files with a .cpl extension found in the system32 folder. Other then the usual .cpl files, the Control Panel also supports some extended components like the Windows Fonts Folder, Folder Options, Scheduled Tasks and Administrative Tools amongst others. After you install Windows the standard Control Panel components that you usually see are the following:
Accessibility Options (access.cpl) Add Hardware (hdwwiz.cpl) Add/Remove Programs (appwiz.cpl) Administrative Tools Date & Time (timedate.cpl) Display (desk.cpl) Folder Options Fonts (%systemroot%\fonts\) Internet Options (inetcpl.cpl) Network Connections (ncpa.cpl) Regional and Language Options (intl.cpl) Scheduled Tasks System (sysdm.cpl) Taskbar & Start Menu Sounds and Audio Devices (mmsys.cpl) User Accounts (nusrmgr.cpl)
Although you may see more this is the standard list. After installation of modem devices and graphic cards or other devices you may see more items. These individual items may differ on different computer depending on the hardware and software installed; hence these are excluded in the current chapter. The Control Panel on your computer may look completely or slightly different from the descriptions penned down but that is because of the Windows XP styling and nothing else. The Control Panel can be displayed in two ways: Classic View & Category View. The components and procedures (including all dialog boxes and actions) remain the same but the methodology involved in opening the actual component itself differs. Just to make it clear let us take an example; open Control Panel; now if its in Category View (it will be written in bold: Pick a category) click on Appearance and Themes. In the new page that opens click on Display under the „or pick Control Panel icon‟ section. This will open up the Display Properties dialog box. Else if it is in Classic View, double click on Display to open Display Properties. What finally opened was the same thing, only the way of opening it was different. The reason that the Classic View has been taken up here instead of the Category View, which is much more efficient, is that the Windows 98 Control Panel has a design similar to the Windows XP Control Panel in Classic View. You can easily switch over to the Category View in Windows XP by selecting Switch to Category View in the common tasks pane.
Page | 77
A Beginners Approach to Windows
If the Common Tasks pane is not visible then go to Control Panel >> Folder Options. In the Folder Options dialog that opens up, under the General tab select „Show common tasks in folders‟ option. Click on OK to save changes. This setting is universal; it will affect all folders in explorer and its good.
There are several advantages of using the Category View of the Control Panel. First of all it allows you to open certain specific locations extremely easily. For example if a newbie is told to change the wallpaper, the person will wonder where to go. Even if he manages to open Display Properties, he will have to again click on the desktop tab. This has been simplified in the Category View. You know that the wallpaper has something to do with the Appearance of your computer so you have to click on Appearance and Themes and then select Change the desktop background from the Pick a task… section. See the Common tasks for more interesting and useful places. The second and perhaps a bigger advantage is that the Category View allows you to start Troubleshooters for certain specific topics like Display or Sound etc. You can run a troubleshooter just by the click of a button. Troubleshooters are specially designed step by step problem solvers that Microsoft has designed for its Windows Users. You may face a problem with your computer hardware or software; then you can easily run a troubleshooter for the specific problem and correct it. To see all the available troubleshooting items go to Start >> Help & Support and type List of Troubleshooters in the search field and press Enter to search. Click on the searched result under the Suggested Topics section The Classic View has its advantage that you can see each individual component and if you have the exploring nature then you can easily explore and do a lot of changes to your system. This chapter describes, as already mentioned, the Control Panel in its raw form, the Classic View. Let us see each component individually now.
Page | 78
A Beginners Approach to Windows
V.2: Accessibility Options (access.cpl) Windows was designed to be used by almost everybody. Using the Accessibility Options you can adjust your computer settings for vision, hearing and mobility. The Accessibility Options dialog has 5 tabs namely Keyboard, Sound, Display, Mouse and General. The Accessibility Options is meant to improve computing for all users by changing various available features of Windows like the keyboard and mouse. We shall see each of these tabs with due consideration.
Accessibility Options- Print Screen 5.1
Keyboard: Here you can change keyboard settings for specific kinds of users. This page allows you to modify key settings to be used by people who have difficulty pressing two keys simultaneously and for those people who type the same character several time continuously. There are three different types of methods or ‗key types‘ involved, StickyKeys, FilterKeys and ToggleKeys. StickyKeys are meant for people who have difficulty pressing two keys simultaneously. Selecting this option causes the modifier keys (Ctrl, Alt and Shift) and the Windows logo key to remain pressed until another of those keys is pressed. For example if you are playing a game which requires you to walk through a jungle (assume) and the keys to make the character walk are Ctrl + W. Now you may find it difficult to walk and jump or shoot at the same time. Then you can use sticky keys to keep Ctrl key stuck to the keyboard and just press the W key to walk. The shortcut to enable StickyKeys is by pressing the Shift key 5 times. You can also have Windows produce a sound when StickyKeys are activated. You can change these and other settings by clicking on Settings. Turning on FilterKeys will cause the keyboard to ignore repeated or brief keystrokes. Select the checkbox and press Apply to enable FilterKeys. The default is 1 second. For example to type the word astalavista it will take 11 seconds because each character will come on screen after keeping Page | 79
A Beginners Approach to Windows the respective key pressed for 1 second. You can also adjust the keyboard repeat rate, which is the rate at which a key is repeated when you hold it down. These and other settings can be adjusted by pressing Settings. The shortcut to enable FilterKeys is to hold down the right Shift for 8 seconds. Turning on ToggleKeys will cause a high-pitched sound to emanate from the computer whenever the CAPS LOCK, NUM LOCK or SCROLL LOCK keys are pressed and a low pitched beep to be sounded whenever any of these keys are put off. The concept of ToggleKeys comes in handy if you are not sure of your typing, like me, and keep on pressing the CAPS LOCK key again and again instead of pressing ‗a‘. With the beep you can immediately be made aware that these keys are pressed. For those who are not interested in the sounds can always have a look at the keyboard ‗lights‘ to get ready info. The shortcut to enable ToggleKeys is to hold down the NUM LOCK key for 5 seconds. You can enable or disable this shortcut under Settings of the ToggleKeys frame. Some programs have additional help for keyboard usage. This help is usually not visible but can be enabled by selecting the Show extra keyboard help in programs option. Sound: This tab has an interesting component called the SoundSentry. Turning on the SoundSentry causes Windows to flash part of the screen whenever the computer produces a beep. You can specify which part of the screen to be flashed when a beep is made. The available options are the current active window‘s title bar, the entire active window or the entire desktop or screen. To see the effect, enable ToggleKeys and then enable SoundSentry and select to flash the desktop. Click on Apply to save settings and then press the CAPS LOCK key to see the effect. You can also use ShowSounds to instruct programs that usually convey information only through sounds to also provide all information visually, such as display of informative text and icons. Display: The options in this tab can change the current display into one with very high contrast for users with disability in reading. The contrast scheme can be changed by pressing Settings and selecting another scheme from the drop down combo box. The shortcut to switch to high contrast mode is left Alt + left Shift + Print Screen. You can also change the cursor blink rate and the cursor width. Move the sliders to see the effect. Click on Apply to save settings. The best place to see the effect is the Run command box. Go to Start >> Run for this purpose. Mouse: Under the Mouse tab you get to enable something called as MouseKeys which enables you to use the NumPad keys to move the mouse pointer, click, drag and double click items just like you would be using the mouse. The shortcut to enable MouseKeys is left Alt + left Shift + NUM LOCK combination. You can change the pointer speed and specify its Top speed and acceleration. Keep the arrow keys pressed to accelerate and Insert key (on the NumPad) to click and Delete key to click activate. Press Settings to change these and other options. General: This tab has options for general application of the entire Accessibility Options dialog. You can turn of the accessibility features if they are idle for about 5 minutes or so. You can change the time according to your settings from 5 minutes to 30 minutes. You can also configure your computer to produce a sound when turning a feature on or off. You can also ask a warning message to be given when turning a feature on. There is something called as SerialKeys which allows you to attach special input devices to the computer‘s serial port. These devices, also called augmentative communication devices, are for people who are unable to use the standard keyboard and mouse. There is also a frame called Administrative options which allow you to apply all accessibility options of the current user to the logon desktop which means that all users who will be logging in will be able to use these features. You can also make the current accessibility options the default template for new users. This means that whenever a new user will be created these accessibility options will be pre-selected for that user too. These settings can only applied by an Administrator or a person of the Administrator‘s group. Always press OK to save and exit.
Page | 80
A Beginners Approach to Windows You can also open the Accessibility Options directly without going to Control Panel. Just go to Start >> Run and type control access.cpl. Though just typing access.cpl at the Run prompt will open the Accessibility Options on Windows XP it may not work on other Windows versions.
V.3: Add Hardware (hdwwiz.cpl) Whenever you reinstall your operating system or attach a new device to your computer you may (almost always) require to install drivers or support software for the device to work properly. Many devices are of Plug and Play type like Removable USB drives (commonly known as pen drives) which usually do not require drivers, Windows provides built in support to these devices. Device drivers are usually supplied along with the device by the manufacturer. Like for example your computer may have an internal modem whose drivers are usually shipped in a disk (usually a CD or a floppy disk), you can then use this disk along with the Add Hardware wizard to install the device safely. The first screen will give you a warning kind of thing saying that if the hardware came with an installation disk then use it instead of using this wizard. This is actually a confusing statement since Windows checks the CD also (later in the Wizard) to see if it contains the drivers for the hardware which is actually safe because these CDs usually contain drivers for other hardware or may contain drivers for several OS versions which will confuse you more than ever.
Add Hardware Wizard- Print Screen 5.2
Click Next to continue, Windows will now search for all the hardware connected to your computer (installed as well as those lacking drivers). If you have connected the device to your computer and switched it on (like an external modem etc.) then the Add Hardware wizard will prompt you with another new wizard whose sole purpose will be to install drivers for this new device. This new dedicated Wizard called the Found New Hardware Wizard will search for your hardware‘s drivers automatically or through a specific location. If an installation disk (like the CD ROM or floppy disk) came along with the hardware then insert it into the computer now. The best option is to use the recommended setting i.e. to install the software automatically. Just select it, press ‗Next‘ and relax. If the installation disk has the necessary files then you will see a file copy progress dialog. An important thing to be mentioned here is that Windows checks the files that are being copied and Page | 81
A Beginners Approach to Windows you may be warned that the product has not undergone testing to verify its compatibility with Windows XP. If the manufacturer has provided you the installation disk assuring you that it contains drivers for the hardware on an XP system then you can take a risk and continue installing or if you do not wish to take a chance then you can Stop Installation. The Warning is displayed because Microsoft has not tested the hardware you are installing, since there are so many different varieties of hardware available and in locations spread across the globe that it becomes difficult for even Microsoft to test and certify all of them. Microsoft has a Hardware Compatibility List that shows all the hardware that can be used on a Windows XP system without any problems. The list is displayed at their website. If you have managed to get the drivers from the net or have copied the files to your system or you know the exact location on the disk (which folder and all that) then you can always use the ‗Advanced‘ option to install from a list or specific location. Click ‗Next‘ to proceed. The next page gives you 2 options, either you can ask Windows to search for the best drivers in the locations specified or prevent Windows from searching the driver assuring it that you will choose the driver to install. We shall see both these options. The first one and by default selected is Search for the best driver in these locations. If you know the location of the driver files then you can check the Include this location in the search: option and Browse for the location. A funny thing is that you can‘t select a location which does not have an *.inf file that is, if you search your computer through the Browse for folder dialog for a folder, you cannot press OK until a folder with an *.inf file is not found. That‘s advantageous in one way, you will at least land in the correct folder since *.inf files as you know contain setup information without which the drivers cannot be installed.
The entire computer‟s hardware and other software‟s *.inf files are kept in %systemroot%\inf\ folder. Hence incase you uninstall any of your computer‟s device in the future you can always search for the inf in this folder. The folder is usually not available through the Browse for folder dialog because its attributes are Superhidden, but you can type the whole path in the space provided.
If you select the second option of Don‟t search. I will choose the driver to install, you will be shown a list of all hardware connected to your computer. Select the type of device that you are installing and click Next. Windows does not guarantee you will find your driver here or the driver you find in this list will be the best for your hardware but it maintains a list of all drivers that have been used on the system and displays them accordingly. If your device manufacturer is not listed then click on Have Disk, select the drive of the installation disk and click on OK. If you don‘t have the installation disk, then select a driver from the menu and click on Next. You may have to restart the computer to for the hardware to be made available to Windows. See the reminder balloons that pop up in the system tray for handy information. If for some reason the device had a problem like if the device could not start etc. then you will be prompted to start a troubleshooter but in most cases the troubleshooter is started automatically if a problem is detected. This was the description of the Found New Hardware Wizard, the sub part of the main Add Hardware Wizard. If your device is not Plug and Play compliant then you can still add the hardware by using this wizard. Just click next on the first page and when the wizard asks you whether you have connected the device to the computer or not select that you have connected it and continue. You will see a list of all hardware on your computer. Here you can troubleshoot any devices that are giving problems (marked with a yellow exclamation) or add a new device by going to the bottom of the list and selecting Add a new hardware device. You can then search and install the hardware automatically or select it from a list. If all has gone according to the description then your device should be functioning normally. In case you do not have the drivers for your hardware then you can always search the net.
Page | 82
A Beginners Approach to Windows You can also start the Add Hardware wizard without going to Control Panel. Just go to Start >> Run and type control hdwwiz.cpl.
V.4: Add/Remove Programs (appwiz.cpl)) When any program is installed, Windows keeps a record of the program in the registry and displays the list of all the programs in the Add/Remove Programs Control Panel applet. This component of the Control Panel has taken a complete turnover from its Windows 98 counterpart. The Add/Remove Programs has four sections Change or Remove Programs, Add New Programs, Add/Remove Windows Components and Set Program Access and Defaults. We shall see each of these components individually.
Add/Remove Programs - Print Screen 5.3
The most frequent and important use of the Add/Remove Programs is, as the name suggests, is to Add or Remove installed programs. Adding of programs through this applet is not recommended since setup files don‘t always have the name setup.exe and some other exe may be executed in the procedure. Anyways that‘s for later, coming back to the removing or uninstallation of programs, as it is technically known, is an important procedure since some programs may occupy large amounts of space on your hard disk and you may be hardly using them. For example you may install a game that takes almost 800 MBs of your precious hard disk. Its useless keeping the game on your computer after you have finished the game. You could always use the 800 MBs for something more useful. It is always better to uninstall an item if you have the original installation files on a CD or your hard disk. And just like installation of the game or any item is done through an interface (usually the setup.exe file), its uninsatallation too deserves a proper ceremony. That was for the lighter part but the actual reason why we have to uninstall stuff and not just delete them is as follows. Any game or program uses menus and dialog boxes and/or the graphics hardware Page | 83
A Beginners Approach to Windows options in Windows. Now, Windows provides menus and dialogs through its files like comctl32.ocx etc and program specific configuration and data is found in its associated dll and ocx files. These files may be copied to the system32 folder during the installation of the program and registered into the Windows registry that they are there and so and so program uses them. If you delete the program folder, you will leave the extra dll and ocx files in the system32 folder and their (now) redundant information in the registry. This may cause crossover linkages between files and may also slow down Windows registry access speed in the long run. To avoid this programs have to be properly uninstalled and not deleted. When you open Add/Remove Programs, the default page that is shown is the Change or Remove Programs. This is your main page and you will be able to see a list of all the installed programs on your computer.
You can actually uninstall a program in two ways. One is through the Add/Remove Programs menu and the other is through the programs uninstaller itself. To access the programs‟ uninstaller, click on Start >> Programs and navigate to the program you wish to uninstall. If you are lucky (because some programs don‟t have uninstallers and rely on Windows to do it for them) then you will see an uninstaller in the menu. Click on it to start the uninstaller or if it is not there then use Add/Remove Programs.
You can sort this list according to the Name, Size, Frequency of Use and Date last used. Sort using Size and check the largest program which you have installed on your computer. To uninstall a program click on Remove to start the corresponding uninstaller. Sometimes some programs allow you to do a fresh install by replacing the original program. If there is a Change button next to the Remove button you can use it to change the original program. Windows also allows you to go to the Software programmers‘ company website and search for additional information and product updates. You can do this by clicking on the Click here for support information (if it is there) to go to product support websites. On thing to note while uninstalling any program is that Windows might encounter files that are shared between multiple programs (.dll or .ocx files) and will prompt if more than program is using it. Majority of the times keep the files, else other programs may stop responding normally. The next page that Add/Remove Programs can show you is the Add New Programs which allows you to install programs. This is not a recommended procedure as already mentioned because not all install (setup) programs have their names as setup.exe and can be misleading since other exe files are also displayed and can be executed. Anyways to open the Add New Programs page click on the menu in the left hand side of the page. Here you get two options; one is to add a program from an installation disk like floppy or CD and the other is to add new Windows features, device drivers and system updates from the internet. This is the same as using Windows Update from the Start Menu. When you click on the CD or Floppy button on this page, a program installation wizard opens up which searches for executables with the name setup.exe, install.exe, uninstall.exe or names which are derivatives of the above. If it does not find any setup files it will inform you of the same and then gives you an option of searching for the executable manually by clicking on Browse.
Page | 84
A Beginners Approach to Windows
Windows Component Wizard - Print Screen 5.4
The next in line is the Add/Remove Windows Components (Print Screen 5.4) which allows you to add or remove some of the components in Windows XP. When you click on this button you will see that the Windows setup starts up and displays you the current list of all installed Windows components. You can then add or remove components by checking on the respective check boxes. Some of the Windows components that can be installed or uninstalled in this manner are Accessories like calculator, paint and character map alongwith Windows games, Internet Explorer, MSN Messenger, Internet Management services and lots more. To see sub sections or further information and instructions click on Details where available. You can also start the ‗Add/Remove Windows Components‘ wizard by going to Start >> Run and by typing sysocmgr.exe /i:sysoc.inf. Where sysocmgr.exe stands for System Optional Component Manager and is an executable found in the System32 folder and sysoc.inf is the setup information file found in %systemroot%\inf and contains windows installation information for its several components. The last option accessible through the Add/Remove Programs interface is the Set Program Access and Defaults. This is an interesting settings page and many a people are unaware that it actually exists. This page allows you to configure most commonly used applications to suit your needs. You basically have three choices; Microsoft Windows, Non Microsoft and Custom. Each of these choices allow you to select your defaults for common and everyday usage programs. Like if you select Microsoft Windows, your default Web Browser will be set to Internet Explorer, Email Program will be Outlook Express, Media Player will be the Windows Media Player, Messaging Program will be MSN Messenger and Java Virtual Machine will be set to the Microsoft Virtual Machine. Likewise if you select Non-Microsoft your computer‘s settings will be changed that using Non-Microsoft components. The best option is to select custom and select individual components yourself. Click on the small double arrow on the extreme right of the choice name to expand individual items. Click on OK to save settings. You can also start the Add/Remove Programs applet without going to Control Panel. Just go to Start >> Run and type control appwiz.cpl.
Page | 85
A Beginners Approach to Windows V.5: Administrative Tools Administrative Tools as the name suggests is available only to administrators and novice users are cautioned against changing any settings as these may reflect on the overall performance of your system. The Administrative Tools differ slightly when spoken in context with Windows 2000 and Windows XP. Administrative Tools is a collection of around 7 items, the number varies with different computers and different configurations. 4 of them, the most important and equally interesting to the beginner, are explained in this section. They include Computer Management, Performance, Event Viewer and Services. Out of these Event Viewer and Services can be accessed through the Computer Management console and hence will be covered under it. Computer Management can also be accessed by giving a right click on My Computer and selecting Manage. The Computer Management console window has two parts; the left hand side has an
explorer kind of view and you can select items on the left to display their contents on the right. The first item that you see on top is System Tools which has 4 subsections. Under the Event Viewer section you can read informative logs for Applications, System and Security. For example if you have an application that crashes frequently then you can check out the Event Viewer >> Applications log for details. The System logs contain general as well as error details for all Windows based services and general applications. The Application logs contain information pertaining to applications and error causing programs. Like for example we know that all programs require dll files to run (the dll files may be Microsoft or Non-Microsoft in origin) and if a program crashes frequently then you will be able to see what dll or module caused the error and you can take necessary measures like reinstalling of the application or reinstalling just the dll. The Security logs have no much information for beginners but advanced users can grasp hordes of information from them. These logs show something called as Security Audits. Whenever you start your computer, each and every program or service that starts gives an OK signal to the OS asserting that it has successfully started under a specific username alongwith other information about its logon. This is called an Audit. Security Logs contain both Success Audits as well as Service Failure Audits. Shared folders show you the shares, sessions and open files that are being used by network resources or by users logged on to the network. These folders are visible even though your computer may not be on the network. Next in line usually is the Performance Logs and Alerts section which gives you advanced system performance information. In the Counter Logs page you will see logs of System Performance which can also be read manually by going to %systemdrive%\perflogs\System_Overview.log. You can also read Trace Logs and System Alerts in this section. The Device Manager snap in comes next. One of the most important components of the Microsoft Management Console, the Device Manager shows all the hardware that is attached to your computer. The Device Manager contents are structured in a tree like format. Right on top you will see your computer name with all the other hardware connected to it below. You can click on the individual plus signs to expand each component. If a device does not have drivers installed, you will see a question mark as the device icon. If a device has problems starting then you will see an exclamation mark next to the device icon. Usually devices do not start or function improperly if there are no free resources for it to function. Disabled devices are usually marked with a small red cross. You can right click on any device or your computer name and select Scan for hardware changes so that Windows searches for additional devices and refreshes the current list. By default devices are shown by type. You can change this View to devices by connection or resources by type and resources by connection. Click on View on the Menu bar to change options. Just double click on a device or right click and select properties to view the properties page of a device. You can start a troubleshooter for a device if it is having problems or update drivers from its Properties page or from the right click menu.
Page | 86
A Beginners Approach to Windows
If a device is having problems starting then first try uninstalling the device from the system. This can be done through the Right Click menu of the devices or through the Properties page and then scan for any hardware changes. If the problem still persists then try uninstalling devices that have their resources close to that of the current device. This has to be done with utmost care since you may uninstall some other important device. This could lead to your system to malfunction.
The next section in the Computer Management hierarchy is the Storage section which has disk and storage related components. The first in line is the Removable Storage which displays Media libraries and ejectable drives so that Media files can be loaded to be played on your system.
Windows Disk Defragmenter- Print Screen 5.5
The next and another very important part of Computer Management in general is the Disk Defragmenter (Print Screen 5.5). As explained earlier whenever you copy files to your hard disk from external devices or when you execute an instruction, data is continuously being written to and from the hard disk. This is done in a very haphazard manner on the small scale. Windows tends to store the file in the largest continuous space available which may be different sectors for the entire file. This causes the computer to perform slowly since every time the file is opened Windows has to search and assemble the entire file again and again. Defragmenting is the process by which parts of files are written to contiguous (or alternate) sectors so that access and retrieval time of the computer is reduced. When you click on the Disk Defragmenter icon, Windows will display all the volumes (partitions) on your hard disk. They will have the same label names as that shown in My Computer. You can select to Analyze your drive or Defragment it. Actually Analyzing is recommended since Windows will carry out analysis of all files on the selected drive and show you a report of which files are the most strewn around and whether you should actually defrag your volume or not. Do not run or open any applications when Disk Defragmenter is running because any Input Output request to the hard disk is treated as a new start by the Disk Defragmenter and you will find it resetting itself after every few minutes. Disk Defragmentation can take some time since lots of data has to be moved and rearranged (it all
Page | 87
A Beginners Approach to Windows depends on the amount of data on your hard disk) but what you get is a faster and more reliable computer after waiting it out patiently. Next we have the Disk Management section. This part of Computer Management allows easy configuration of disk drives connected to the computer. You can even mount entire partitions into a folder on some other drive. The Logical Disk Manager Service provides information about all online as well as offline disks. Online disks are those in which data can be written or which is physically present like your hard disks. You can even change drive letters and mount partitions as NTFS folders into other drives or folders. For example suppose your computer has 3 NTFS drives (C:\, D:\ and E:\). You can mount the D: and E: drives into your C: Drive so that they are accessible from C: itself. You don‘t have to go to My Computer to open these individual drives. Just right click on the drive that you want to mount and select Change Drive Letter and Paths and then click on Add. To change a drive letter click on Change. Windows cannot change or remove the drive letter of the system drive. You can also change the view of the Disk Management Snap in to suit your needs. Click on View on the menu bar and select the Top and Bottom sections. To change the color and pattern of display select Settings from the View menu. The next and last section is the Services and Applications section which shows all the services installed and configured on the computer and which also allows you to control Indexed directory settings. We have already seen in the previous chapter how indexing service helps us to search faster, but is slightly memory consuming. Here you can easily add or delete existing drives and folders that are indexed. Many people are unaware of the powerful ―infile‖ searcher of Windows. This is not a separate program but a query that is parsed to the Indexing Service. Click on Query the Catalog >> and in the Search text box enter the character you wish to locate through the indexed records. Make sure the Indexing Service has started for the query to work. Let us take an example to make this clear. Suppose you have a file in your D:\ drive and which has the word social in it. By in it I mean in it, like a text file with the words Man is a social animal. The file may be of any Office Application or a normal text, *.ini, *.inf. or webpage. Querying usually returns results which are sorted by Rank in ascending or descending order whatever the Results may be. Administrative Tools provide solutions to customize internal Windows settings and adjust devices etc. Please use the Administrative Tools carefully. Since Administrative Tools is a folder dragged as a snap in by the Management Console. Hence it is not possible to use something like control Admintools.cpl since AdminTools is not a control panel extension. But you can use the same line to open Administrative Tools. Go to Start >> Run and type control AdminTools without any extension. The Control Panel calls Explorer to show the Administrative Tools folder through Control Panel when this command is executed.
V.6: Date & Time (timedate.cpl) Windows allows you to change the system time and your current time zone through this small applet. Open the Date and Time Properties box from the Control Panel to change the current month and year. It allows you to change the date, month and year along with the time. Any changes here will also be reflected in the system BIOS. Click on a date on the date chart that is displayed. Click on the month combo box to select a month and enter the current year manually or click on the updown arrow keys to change year. Click on Apply to save settings. Windows can set the year from 1980 to 2099.
Page | 88
A Beginners Approach to Windows
Date & Time Properties - Print Screen 5.6
Every individual machine on this planet comes under a certain Time Zone just like everything else. To set your current time zone according to GMT standards click on the second tab i.e. the Time Zone tab. Select your location from the drop down list. If your location is not listed then select a location which is closest to yours‘. Click on Apply to save changes. The third tab called Internet Time is of practically no use for home users. Windows allows users to synchronize your computer‘s time with that of an internet time server through this tab. Select a time server and press Update Now. Of course, synchronization will only occur if you are connected to the internet and hence this serves little or practically no function for the common home user. It shouldn‘t bother you anyways; you can always look at the clock hanging on your room wall for reference. But when it comes to offices and industries, synchronizing time with servers becomes important for businesses to work properly with clients all around the globe. If you have installed Windows yourself then you may recollect that you had done date and time settings when installing Windows along with Time Zone configuration. All these settings can be changed here. Sometimes it may so happen that some programs may crash unexplainably or may say that the program cannot be run since it has expired. In such cases open the Date and Time Properties dialog and check for the year for usually this is the culprit. In many cases the system's BIOS changes the year to something Windows cannot recognize. Like once when I had my computer‘s BIOS reset, the year that Windows was following was 385210, which is quite absurd!! These problems may arise if you have replaced your computer‘s CMOS battery or if you have reset your BIOS. You can also open Date and Time by double-clicking the clock on the taskbar or by giving a right click in the system tray and selecting Adjust Date/Time. Also you could go to Start >> Run and type timedate.cpl.
Page | 89
A Beginners Approach to Windows V.7: Display (desk.cpl) Windows allows you to change and customize desktop related settings specific to each user. This means that each user on a Windows XP or Windows 2000 can have their personal theme, wallpaper, screensaver and their own appearance for buttons and toolbars. Open the Display Properties applet through the Control Panel or right click in an empty space on the desktop and select Properties. The Display Properties dialog usually has 5 tabs named Theme, Desktop, Screen Saver, Appearance and Settings. ―Usually‖ because sometimes it happens that some unwanted registry changes by programs may cause one or more tabs to be invisible (Read more in the chapter on The Windows Registry). Whatever the case the full fledged Display Properties displays 5 tabs, each one of which has been covered in depth below.
Display Properties - Print Screen 5.6
To change the way Windows looks, click on the Themes tab. Although it is by opened by default when you start Display Properties, if it is not then you can always click on the tab. A Theme is defined as a collection of background wallpaper, desktop settings, icons, sounds and start menu customization. You can create individual themes by changing various settings on your computer through the Display Properties dialog and then save it as a theme through the Themes tab. By default when you install Windows, it gives you just two themes. One is the Luna theme (Windows XP desktop) and the second one is the Windows Classic theme (Windows 2000 desktop). You can save your current desktop and visual settings by clicking on Save As and by typing a name for the theme. After saving the theme, it will be visible in the theme drop down list. You can even go online and search for themes by clicking on ‗More themes online‘. The features that are saved as part of your custom theme are your Desktop background wallpaper, its position (Tiled, Stretched etc.), color, icons, screensaver, Windows & buttons, color scheme, font size, pointer schemes or individual pointers, sound schemes and individual program events. Most of the above settings can be done through the Display Properties dialog. For the Sound and Mouse Pointer settings read on. You can even delete themes that you don‘t require. You cannot delete the themes that came installed with Windows.
Page | 90
A Beginners Approach to Windows The next tab is the Desktop tab which allows you to change the current wallpaper and desktop icons. To select wallpaper just select one from the several shown in the Background wallpaper select box. This space shows you wallpaper from the current users My Pictures folder and from the %systemroot%\Web\Wallpaper folder. It is not necessary that you apply wallpapers that are found in these two directories only. You can use the Browse button to search for a wallpaper and then click on Apply to apply the wallpaper. In the preview pane if the selected picture does not appear appealing to you then you can change the Position of the picture to stretch, centre or tiled. Stretching will cause the wallpaper to fill the screen and tiling will cause the picture to get repeated over and over again and again over the entire desktop. You can change the icons of My Computer, Recycle Bin, My Documents and My Network Places. You can also enable or disable desktop icons from being visible by clicking on Customize Desktop. You can even run the desktop clean wizard which helps you in removing desktop icons which have not been used for a long time. You can even display a web page on your desktop through the Web tab under the Desktop Items dialog. The Screen Saver tab allows you to select a screen saver and have it activated after a certain time of user inactivity. A Screen Saver is basically a program with a .scr extension that should be run if you are not going to use your computer for sometime and will not be shutting down. Screen Savers are usually pleasant designs or moving images that are shown on your screen by covering it fully. Screen Savers are to prevent ―Screen Burning‖. We all know that the computer‘s monitor is made of a picture tube just like a Television. If left inactive for some time with the same image displayed on the screen, the image kind of gets electrically ―stuck‖ to the screen. If you shutdown your PC after such prolonged gap of inactivity, you may be able to see a ghost image on the screen even after you shutdown which will slowly disappear. Frequent occurrences of such cases can damage your computer‘s monitor. Anyways, coming back to the Screen Saver tab, you can select a screen saver from the drop down menu. Select a screen saver to display a miniature preview in the small monitor in the tab. To see a fullscreen preview of the Screen Saver click on the preview button and don‘t move the mouse. You can specify how much time you want the screen saver to wait before it pops up when system is inactive. On Windows XP systems you can have the screen saver to display the Welcome Screen by checking the option available. Another option could be to put your computer in a low power state when idle. You can have Windows turn off your monitor or your hard disks or you can cause your system to standby or hibernate (if available) after a specified period of time. Select a time unit from the drop down menu for any of the available options or select pre-customized Power Schemes. You can even save your customized Power Scheme for future use. It is advised not to turn off your hard disks if you are using a Desktop Computer (PC) and when using AC Power Supply. The Appearance tab allows you to change literally every visible option in the Windows Interface. You can change windows, buttons, message boxes, text, title bar captions, font size of captions, scrollbars, tooltips and icons. To change the color scheme that Windows is currently using click on Color Scheme and select one from the drop down menu. Check out the Maple color scheme, it‘s cool. Click on Advanced to change individual settings. Click on Apply to see the effects. You can even save the then new look of Windows as a Theme by going back to the Themes tab and selecting Save As. If you want to change back to the previous look of your Windows system you can go to the Themes tab and select Windows Classic or Windows XP depending on your taste or change back each and every setting manually back from the ―Advanced Appearance‖ dialog of the Appearance tab. You can even select effects like Tool Tip fading and hiding of Keyboard Navigation buttons until Alt is pressed. Try them out to see the changes. The last tab is the Settings tab. This tab may vary on different computer due to difference of video cards. This section of Display Properties allows you to change the screen resolution and, if allowed by the graphics adapter, to change the gamma (brightness) of the screen. Your graphics adapter name along with the Monitor support will be displayed here. You can change the screen resolution by varying the slider towards more or less. You will see a small preview in the Preview Monitor. My Video Adapter supports just 2 modes, 800 X 600 and 1024 X 768 pixels. The modes will vary on different machines. Click on Apply to change the resolution. Your screen will go blank and a Windows message box will pop up which will ask you if you would like to keep the configured Page | 91
A Beginners Approach to Windows Monitor and Desktop settings. If you like the new desktop look, then click on Yes, else to revert back click on No. By default Windows will revert back to its original settings if no button is clicked within 15 seconds. Keep the Color Quality at Highest 32 bit mode for better visuals. Click on Advanced (if available) to change the Monitor and Graphic Card settings. In case of any problems click on Troubleshoot to start the Windows Troubleshooter which will help you in resolving you any issues with the graphics adapter or the monitor.
It may so happen that after you click on “APPPLY” to change the screen resolution, the screen will go blank and the monitor switches off or displays an out of frequency error. Do not panic in such a case and do not press anything on the keyboard because Windows reverts back to the original settings if no button is pressed after 15 seconds. Even after 15 seconds if the monitor does not turn on try pressing the monitor power on button on the monitor. If still the problem persists than start the computer in VGA mode. Read the chapter on Troubleshooting Common Problems to know more.
Display Properties can also be opened by going to Start >> Run and typing desk.cpl followed by Enter.
V.8: Folder Options Folder Options allows us to configure the look of folders and files in general. When you open Folder Options you will see that it has 4 tabs. The first called General allows you to change options specific to folders and view in general. The General tab has three frames. The Tasks frame allows you to enable or disable Common Tasks in folders. Common Tasks is the panel in explorer that is displayed in the left hand section of every folder opened. You can show common tasks or use Windows Classic folders. The second frame of Browse folders allows you to change the way folders open. You can have folders open in the same explorer window or cause folders to open in individual windows. The first setting is recommended since the second option consumes more memory. To understand the third frame you have to know what hyperlinks are. When you have to go to another location in a browser window you may get the option of clicking on text or a custom image or something that links the current page and the one that you are trying to view. In this frame you get to make all folder and desktop items act as hyperlinks. That means that a single click will cause the item to get activated. Like suppose you have a folder on the desktop which will open with a single click. This is advantageous for people who find double clicking tiresome. On the whole single clicking shouldn‘t be used for one common security reason. Viruses or some other malware may get executed by mistake. The Default option is to double click on a item to open it. The second tab is the View tab. This tab has options that allow you to display files and folders on your computer or network. The Folder Views frame has two buttons. One is a grayed out button that says “Apply to All Folders”. It is grayed out because ―Folder Options‖ has been opened through Control Panel; if opened through any other explorer window, this button is normal. This button causes the current folders settings to be applied to each and every folder on your computer. Like suppose you are in D:\ drive and your current folder settings are that the icons should be arranged in a list and Auto arrange is selected, then if you say Apply to All Folders then these settings will be applied to all the folders on your computer. “Reset All Folders” will cause all settings of all folders to default to the normal Windows Installation. These settings do not include the toolbar configuration.
To open Folder Options through any normal Explorer window (My Documents for example) go to Tools >> Folder Options, on the Menu Bar.
The Advanced settings options allow you to change a whole lot of things in the normal display and working of files and folders. Let us see all of them one by one. Under File and Folders, the first option causes Windows to search the network (if available) periodically to see if there are any Page | 92
A Beginners Approach to Windows printers or shared folders. If your computer is not a part of a network then you can disable this option. The second option allows you to see file size information of folders when you move your mouse over a folder. You may have noticed that a tooltip emerges which shows you the folder contents and approximate size of the folder when you move your mouse over it. Removing the check mark disables this option. The next option is to Display simple folder view in Explorer‘s Folders list. This option causes Windows Explorer (WinKey + E) to automatically display a folders contents as well as it subfolders when it is selected. The next option in line allows you to see contents of system folders like your %systemroot%, %homepath% and Program Files. These folders contain files required by Windows to run and work properly hence these folders and files are hidden by default. The next option allows you to display the full path in the address bar and the option after that causes Windows to display the full path in the title bar. The Do not cache thumbnails options disables the automatic storage of file thumbnails into a cache file called Thumbs.db. Windows can reuse the cache file to display folder contents if a certain folders View settings are kept to Thumbnails. If disabled, folders having thumbnail view will take slightly more time to open.
Under Hidden files and folders, there are just 2 options, show hidden files and folders and do not show hidden files and folders. These options allow you to hide or unhide files and folders having the hidden attribute. To see attributes of a file or folder, right click on the item and select Properties. As far as possible select the show hidden files and folders options, it is safer that way. This along with the next option disabled will allow you to identify and delete malicious programs and viruses. As we have already seen that there are several file extensions on a given computer. Windows to improve character and screen visuals hides known file extensions b default. This can be a serious security threat, since there are viruses out there that have the icon of a MS Word file and are .exe in extension. Now if the .exe part is hidden, how will you know that it is virus? Although when you select the file, common tasks and the status bar display sufficient information to tell you that the file you have selected is of type application, but majority of people hardly see here and may be tempted to open the file and read its contents, barely knowing that they will be executing a virus. Next option hides protected Operating System files. This is a recommended option and should be adhered to in most of the cases. A hidden system file has the attributes of hidden, system and read-only (usually). The ―Launch folder windows in a separate process‖ option causes Windows to open separate folders in separate memory space. Although this causes system stability to increase, this option is heavy on system performance. Under the Managing pairs of Web pages and folders section, you have options to select the behavior of web pages. Whenever you have a web page, you have an associated folder with it that contains all the extra code, images and button files etc. In this section you can allow Windows to manage the pair as a single file, or view and manage them as 2 complete individual entities. Finally there are options to make Windows remember each folder‘s view settings, make Windows restore previous folders that were open when you shut down or logged off, show Control Panel in My Computer, to show encrypted or compressed NTFS files in color (usually dark blue) and the option to show a pop up description of folder and desktop items. The next tab is the File Types which show all the file extension supported and their respective programs with which they open. This has been covered in the previous chapter, please take note. The last in line is Offline Files which allows you to work with files and folders stored on your network even when you are disconnected. This is made possible by creating a synchronized cache on to your local computer from all the network computers shared resources. You can update your Offline Files when logging on and while logging off. You can even configure Windows to show a reminder balloon (in the system tray) when computers on the network go offline. The interval between such reminders can also be changed. Encryption of offline data is also supported.
Page | 93
A Beginners Approach to Windows
Folder Options (Offline Files) - Print Screen 5.8
You can also select the amount of Hard Disk space to use (your system drive space) to store the Offline files. Click View Files to see the offline content. Under the Advanced options, you get to configure Windows to notify you when a system on the network goes offline. Offline files will be enabled only when Fast User Switching is disabled. More on this ahead.
V.9: Fonts (%systemroot%\fonts) A Font is basically a handwriting style that is user created and used by Windows and many other applications to change the style and formatting of a document. Fonts is a special folder that contains font files that the system continuously uses to read fonts and display them in various application like the Welcome screen and so on. The font‘s folder is found in the C:\Windows\ directory. Fonts can have various extensions and icons depending on the type of file. The general types of font usually found are True Type and Open Type. True Type fonts have a double ―T‖ written on the icon and those of open type have a O written on them. TrueType fonts are device-independent fonts that are stored as outlines. They can be sized to any height, and they can be printed exactly as they appear on the screen. On the other hand Open Type Fonts are clear and readable in all sizes and on all output devices supported by Windows. Open Type is an extension of TrueType font technology. Raster fonts are designed with a specific size and resolution for a specific printer and cannot be scaled or rotated. If a printer does not support raster fonts, it will not print them. The five raster fonts are Courier, MS Sans Serif, MS Serif, Small, and Symbol. Raster fonts are also called bit-mapped fonts. You can always double click and open a font file to see the writing style. You cannot copy any font out of this folder, to copy fonts out, copy the entire Fonts folder into some other location and then try copying. To install a new font on to your computer, just copy the font into the Fonts folder, the font will be installed. If a conflicting name or font is found then the font will not install saying that the font is already present and to uninstall the previous font if you want to install the new one. Another method Page | 94
A Beginners Approach to Windows of installing a font is to click on File >> Install New Font from the menu bar. Browse for the font through the search dialog and click on OK to install font. To uninstall a font, right click and delete the font. Another thing that you may notice is that the Folder Options when selected through the font‘s folder does not show the file type tab. Instead a True Type Fonts tab is displayed which allows you to select only True Type Fonts to display in programs. The font‘s folder can also be opened by going to Start >> Run and typing Fonts, without .cpl or anything since the fonts folder is an integrated explorer folder.
V.10: Internet Options (inetcpl.cpl) A whole lot of Internet settings can be tweaked and changed through the Internet Options. You can open the Internet Options dialog from Internet Explorer too. Open Internet Explorer and click on Tools >> Internet Options on the menu bar. Internet Options is also the dialog of Internet Explorer, which means that it can also be opened by the Right Click >> Properties option on the Internet Explorer icon on the desktop. There is a slight difference when you open Internet Options from the Control Panel and from the Internet Explorer‘s Tools menu. The difference is so small that you will hardly notice it: when you open Internet Options from the Control Panel, it is named as Internet Properties and when opened from Internet Explorer or from the right-click >> Properties of Internet Explorer desktop icon, then it is named as Internet Options. Both are the same, just the difference in the caption of the dialog. It is unexpected though….
Internet Properties - Print Screen 5.9
Internet Options has seven tabs normally. Each of these tabs can customize your Internet surfing and to a certain extent even your normal Windows working since Internet Explorer and the Windows Explorer are integrated at some levels. Let us now see the tabs of Internet Options in detail.
Page | 95
A Beginners Approach to Windows The first tab is the General tab that allows you to configure some common Internet Options like the start page and the time for which Windows should keep pages in History. You can also customize the way a web page looks, from this tab. From top to bottom; you have three frames. The home page is the address of a website or location that the browser (Internet Explorer) searches and displays when it is opened. Whenever you open the browser through the desktop shortcut or otherwise it will by default go to the page mentioned in the Address field of this tab. You have the option of selecting the default webpage by clicking on Use Default which makes ‗http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome‘ the default webpage. You can even keep the page to a blank by clicking on Use Blank, which sets the address field to ‗about:blank‘. Custom addresses are also allowed. For example if you want Google to be the home page whenever you open Internet Explorer then you can type in www.google.co.in in the Address field. Every time you view a webpage it so happens that the website copies files like images and sounds or animations into a Temporary Internet folder on your hard disk. This is done for faster loading of pages, since opening a file from you local machine is faster than opening it from a machine which is distanced in terms of network traffic. These temporary internet files contain an interesting and controversial group of files called cookies. Cookies are files created and maintained specifically for certain users to study their browsing habits. Lie suppose you login to a shopping website to buy a digital camera, this website will save a file on to the hard disk of your computer with information of your interest in digital electronics. Now suppose you login after a few days into the same website, the website searches and locates its cookie and then displays items that match your interest. If you are afraid that your privacy is at risk then you can delete cookies in the temporary internet folder by pressing the Delete Cookies button. Over a large period of time, the size of temporary files can become alarming. It is hence a healthy practice to delete the contents of temporary folders once in a while. Click on Delete Files to empty the contents of the temporary folder. Select the Delete all offline content option to delete locally stored web pages. To customize settings for temporary files click on Settings. Here you can specify how frequently you want Internet Explorer to check for newer file versions. You can even specify the maximum folder size that the temporary folder can have. Keep it as low as possible (1 MB). Here you will also be able to see the location of your temporary Internet folder which usually is %systemdrive%\Documents and Settings\%Username%\Local Settings\Temporary Internet Files\. You can change this location to another folder by clicking on Move Folder…. To view the contents of the temporary folder click on View Files…. To view Downloaded objects like executables and .msi scripts click on View Objects....which will open %systemroot%\Downloaded Program Files\ which is the default folder to store downloaded program folders. These folders will contain files even though you may not have downloaded them yourself. Many applications get updated once you connect to the Internet, these files are essential for the proper running of the applications that had downloaded them. Next in line is the History folder setting. The history folder contains links to pages or locations you have visited, for quick access. You can view the contents of your history folder by opening any Windows Explorer window or Internet Explorer window and pressing the key combination of ―Ctrl + H‖ which will open up a toolbar to the left of the screen through which you can view the contents of your history. You will be surprised to see the amount of data that can be retrieved from the history folders. You can even read your mails and online surfed data from the history folder. You can clear History manually by clicking on Clear History or by setting a count in the Days to keep pages in history: option. Keep this setting at 1 day. You can even keep it at zero but it can create problems with searching of history files. To change the color of the background or text (links – visited and unvisited) click on Colors… Here you can change the color of links that have been visited and even give hover color. Text fonts can also be changed irrespective of the font in which the webpage was originally written by clicking on Fonts… Some websites offer documents in multiple languages. You can specify these under the Language Preference dialog which can be opened by clicking on Languages… You can even override a webpage‘s setting of font styles, font size and color by selecting the respective options through the Accessibility… button. Click on Apply to save changes. Page | 96
A Beginners Approach to Windows
The next tab in line is the Security tab. This tab allows you to distinguish between websites on the basis of content. Web sites are divided into 4 zones. The first is the Internet zone, the second is the Local Intranet, the third is the Trusted sites and the last is the Restricted sites. You can add websites of your choice to any of the zones by clicking on Sites when a zone of your choice is selected. You can set the security level for these zones by moving the slider or by selecting custom options through the Custom Level button. The custom level options are usually meant for Administrators and individual descriptions are beyond the scope of this text. Individual configuration of each and every website you visit can be quite time consuming and tiring. The third tab is the Privacy tab. This allows you to set your online privacy settings, by customizing cookie configuration. Keep the setting on Medium by moving the slider up or down. You can even override automatic cookie handling by selecting the options available under the Advanced button. Keep the settings on Prompt for secure reasons. Internet Explorer will ask you for an appropriate option if a cookie is encountered. Individual cookie configuration for websites can also be done through the Edit button which will allow you to add websites of your choice whose cookies you want to enable or disable. The next tab, called Content, is provided for advanced Internet users. This tab allows you to configure the Content Advisor. Click on Enable to open the Content Advisor configuration page. Here you can select rating levels that can be viewed on your computer. Categories include Language, Nudity, Sex and Violence. These categories have rating levels on the internet. You can prevent these sites from opening by specifying the level that has to be shown. There is also a tab here that allows you to set a website as an Approved Site thus overriding any settings of the Content Advisor. Under the general tab of the Content Advisor you can allow users to see sites that have no ratings or/and allow a supervisor or the Content Advisor configuration personnel to enter a password to be able to see these websites. You can create a Content Advisor password by clicking on Create Password… You can even add Rating Systems by clicking on Rating Systems, the default installed is the RSACi. Under the Advanced tab of the Content Advisor, you can select a ratings bureau if some rating systems require to check or update their current rating levels. The Certificates frame allows users to change Certificate properties and details. Certificates are documents that contain information of how data should be encrypted while being transferred from one computer to another and they allow the Operating System to decode contents and give authorization users. You can Import your own certificates and customize options. It would be advisable that being a newbie, please do not change any options under the Certificates and Publishers buttons. Some websites require you to complete forms etc. Like for example suppose you want to create a new e-mail ID on the net, then you are required to fill in some details like your Name, Address, age, date of birth etc. which can be quite tiresome if you have many forms to be filled. You can use the Auto Complete option of Internet Explorer that automatically fills the details for you. You can create a Profile through the My Profile… button. The Connections tab shows you the Virtual Private Network (VPN) connections and the Internet Connections (including Dial-Up and Broadband). To setup an Internet Connection click on Setup to start the New Connection wizard (covered in detail later). You can also add other network connections like VPN, ISDN or/and Direct Computer Serial connections. Click on Settings… if you wish to add a proxy server to the connections. You can even change your Local Area Network Settings (although not most of it) through the LAN Settings… button. The Programs tab allows you to specify which program Windows automatically uses for each Internet service. If you have MS Office with MS FrontPage installed then you can set the HTML Editor to Microsoft FrontPage, E-Mail to Outlook Express, Newsgroup to Outlook Express, Internet call to NetMeeting, Calendar to Microsoft Outlook and Contact list to Address Book. You can reset all your changes including the start page to the Internet Explorer defaults by clicking on the Reset Page | 97
A Beginners Approach to Windows Web Settings…. If you have more than one web browser installed on your computer then you can make Internet Explorer check to see whether it is the default browser or not. Click on Apply to save settings. The last tab, rightfully called Advanced, allows you to change the entire settings of Internet Explorer. It is advised not to mess around with these settings unless you know what you are doing. Click on Restore Defaults to load default values and options. Explaining every option under this tab is beyond the scope of this text. Click on Apply and OK to save and Exit the Internet Options dialog box. Internet Options can also be opened by going to Start >> Run and by typing inetcpl.cpl followed by a carriage return.
V.11: Network Connections (ncpa.cpl) The Network Connections control panel applet is a full fledged explorer window in itself. Whenever you open the Network Connection icon in Control Panel, the file ncpa.cpl is run which opens the Network Connections interface in an Explorer window. Enable the common tasks if not visible by going to Folder Options and selecting Show common tasks in folders in the Tasks frame of the General tab. Click on OK to save and exit settings. The Network Connections window allows you to configure your computer connections, be they dialup or your home network. All connections are listed here. We shall see how a dial – up connection is to be created followed by the setting up of home network. To create a dial up connection to connect to the internet through your phone: click on Create a new connection or go to File >> New Connection In the wizard that opens, click on Next Select the Connect to the Internet option (topmost) and click on Next. Select the Set up my connection manually option and click on Next. In this page select the type of connection that you want to have. We will assume a dial up connection using a dial up modem, for which you will have to select the first option saying Connect using a dial up modem and click on Next. In this page type the ISP name, if you want, and click on Next. The name you type here will be the name of the connection you are creating. Here can enter the phone number of the server. Please take care to enter the number correctly. You may have to type in the area code or ―1‖ to make it work correctly. A simple technique to see if the number is a valid ISP number is to dial the number manually through your landline phone and if you hear garbage or weird modem noises on the other end, you can bet on it that it is valid. In the next page, type in your Username and Password. Confirm your ISP password by typing it again. You can select options to make this the default Internet Connection, to use this same Username & Password for anybody who wants to connect and to turn on the Internet Connection Firewall for this connection. The last page allows you to create a desktop shortcut to this connection. Select the check box and click on Finish. To connect to the Internet just double click on the desktop icon of Dial up Connection and type in the Username, Password and the Phone Number if you had not typed it in during setup and click on Dial. You will be connected to the net in no time. Before we begin the procedure to make a home network we have to understand what the components of a simple network are. A network is basically the connection of two or more computers in such a way that they can share printers, files and an internet connection. Networks Page | 98
A Beginners Approach to Windows are usually used to share files and printers but they can also be used to play LAN games and control usage. A LAN or Local Area Network refers to the network made by computers in the same physical geographic location. To make a network of two or more computers you require computers with network cards, a hub or switch and network cables with connectors. A modem is required only if you wish to share your Internet Connection on the network.
A hub connects multiple computers at a central location. A hub is typically used when connecting two or more computers to an Ethernet network. Hub is a broadcast device, means it broadcasts data to all computers on the network and it is the duty of the destination computer to accept data and all others to drop data that they are not intended to receive. Switches on the other hand are unicast devices that send data directly to the destination computer.
After obtaining all of the above hardware, start the Network Setup by clicking on File >> Network Setup Wizard or by selecting Setup a home or a small office network from the common tasks pane. Once the wizard starts follow the following steps: In the wizard that opens, click on Next Check if you have installed the network cards and attached the hubs/switches and the cables appropriately. Connect to the Internet from the machine which has a modem, to make it the Internet Connection Sharing (ICS) host. During setup, the wizard will determine the ICS host if it is connected to the net. Click on Next. Select the statement that best describes your computer. If your computer connects directly to the Internet and the other computers also connect directly to the internet then select the first option. If your computer is a standalone machine which connects directly to the Internet and there is no Network present then select the second option or if your computer belongs to a network that does not have a network connection yet, select the third option. You can view examples of each description by clicking on View an example. Click on Next to continue. The next page asks you to give a Computer name. Your computer will have a name but it may not appeal to you. You can change the name of your computer and if you wish give a description of it. Some ISPs require that you have a specific computer name, and if that is the case, leave the computer name as it is. Click on Next. Here you have to give a name to your network. The default is MSHOME. You can have a more familiar name like HOME or OFFICE or MILITARY etc. One thing to bear in mind is that all the computers on the network should have the same workgroup name. Click on Next to continue. The next page will show you all the settings that will be applied if you click on Next, after confirming all of them, click on Next. The wizard will then apply all settings and create a network. You have to then run the wizard on the other computers which you want to include in the network. If you intend connecting a Windows 98 machine then run the wizard through the Windows XP CD ROM from its startup screen. Network Connections also allows you to change the settings of a connection. You can do this by selecting Change settings of this connection from the common tasks menu. You can also right click on an item and select properties to change settings of an object. Network can also be repaired by selecting the repair option from the File menu or the right click context menu. Two terminal Networks will work like this, but if your network has more terminals then you will have to assign IP Addresses. Open Properties of your Local Area Connection and select Internet Protocol(TCP/IP) and click Properties. Select Use the following IP Address type the IP Adress in decimal form for the current machine (eg: 192.168.100.254). The Computer which connects to the net directly will be your Gateway. Keep the DNS fields blank for now. Click on OK. Repeat the procedure for the other computers, use consecutive IP addresses for ease of recollection. Page | 99
A Beginners Approach to Windows
Use ping 192.168.100.254 to check if the other computer whose IP is 192.168.100.254 is on the network. If you get a 32 byte reply packet then your good. Replace 192.168.100.254 with the other computer‘s IP Address that you would want to test. Network Connections can also be opened by going to Start >> Run and by typing ncpa.cpl and OK.
V.12: Regional and Language Options (intl.cpl) The Regional and Language Options dialog allows users to change the Language and select a location for providing services like weather report and news. Most of these settings are configured during the installation of Windows. The Regional and Language Options also allows you to set number, currency and time formats. The Regional and Language Options has three tabs each of which has been covered below.
Regional & Language Options - Print Screen 5.10
The first tab is the Regional Options tab. Here you can modify the way numbers, currency, time and date are displayed on your computer. You can select a standard of display from the drop down list or click on Customize to change these items manually. The Customize Regional Options available through the Customize button has four tabs each of which allow you to set numbers, currency, time and date formats. The Numbers tab allows you to change the decimal symbol (.), digit grouping symbol (,), negative sign symbol (-), list separator, measurement system and lots more. You can change any of the options to anything valid. Click on Apply to save settings. The Currency tab allows you to format currency related options. In this tab you can change the currency symbol from $ to Rs., set the format for positive and negative currency, change the decimal symbol for currency and change the way digits are grouped amongst other options available. The Time tab allows you to customize the way you see your system clock in the notification area (system tray). The standard format is ―hh:mm:ss tt‖ where hh = hours, mm = minutes, ss = seconds and tt = AM or PM. You can Page | 100
A Beginners Approach to Windows change the time format to anything that is available and allowed by the dialog. You can change the time separator from ―:‖ to anything you like. The AM and PM symbols can also be changed in a similar way. The time format notation is explained in the same tab for easier understanding. The Date tab allows you to configure the date formats (both long and short) and the year setting. A short date is something like ―2/11/2006‖ and a long date is something like ―Saturday, February 11, 2006‖. You can make Windows interpret a two digit year to be a year between 1930 and 2029 or any 100 year span of your choice. The second tab, called Languages, allows you to install support for East Asian languages and complex scripts that include right to left languages (including Thai). You can select the boxes and click on OK or Apply for the installation to start. The complex scripts (the first option) take upto 10 MB of space on your disk and consist of language support for Arabic, Armenian, Georgian, Hebrew, Indic, Thai and Vietnamese. The East Asian Languages consist of Chinese, Japanese and Korean and require upto 230 MB of additional space on your hard disk. You will be prompted to insert the Windows Installation CD when you click on OK or Apply. To change or view the languages and methods you can use to enter text, click Details, which will open up the Text Services and Input Languages dialog box. Here you can add Non standard keyboard layout by clicking on Add. For example you can add a Hindi Keyboard or Tamil for that matter and use the language bar (it pops up on the desktop right on top or on the taskbar next to the system tray) to switch between the English keyboard and others that you have installed. Click on Language Bar to select the Show the Language bar on the desktop option. You can even give shortcuts to the switching between keyboards through the Key Settings button. Under the Advanced tab you can turn on advanced text services in programs like notepad and others which do not normally support speech and handwriting recognition or other advanced input services. You can even turn off advanced text services, it is not recommended though for East Asian language users since it closes the Language Bar and keyboard layout switching becomes a mess. The last tab is the Advanced tab. It is advised that you leave this page as it is. This page allows you to change the system setting to allow non-Unicode programs (programs that can read and use ANSI characters. These are very old programs, compiled using native compilers). Select a language to match the language version of the Non-Unicode programs you want to use. This enables the program to display menu and other options correctly and in a readable format. You can even add or remove code page conversion tables by selecting or deselecting the appropriate check box. By adding the correct code page conversion tables, Windows is able to interpret the letters and other characters used in that program and convert them to and from Unicode characters.
Examples of Unicode characters are ╬, ╥, ☻, ♥, ♣, ♣ which can be written in notepad by using an ASCII equivalent. Open notepad by going to Start >> Run >> notepad. Hold down the Alt key and type 1230 on the NUMPAD and then release the Alt key to give ╬. Try other combinations for other characters.
In this tab you also have the option of applying all the settings to the current user account and apply it even to the default user profile that will be used if a new user is being created. Any new users created after you apply this setting will automatically have the settings selected by you through this page. You may have to restart your computer. Click on OK to save all settings and Exit. The Regional and Languages Options dialog can also be opened by going to Start >> Run and by typing intl.cpl followed by an Enter.
V.13: Scheduled Tasks The Scheduled Tasks of Windows allows you to schedule a task for Windows to run at a convenient time as required by the user. You can schedule antivirus scans, disk defragmentation task, drive checking tasks etc. at a time you feel suitable. Page | 101
A Beginners Approach to Windows
To create a new job, double click the Add Scheduled Task icon to start the Scheduled Task Wizard. The Wizard will search all the available programs on your computer and display them in the programs box. If your required program is not listed then click on Browse to manually locate it. After you have located the program or when you select an application from the list, click on Next. Type a name for the task, this name can be the same as that of the program. You now have to select the time when you would want the job to be performed. You have options to perform the task Daily, Weekly, Monthly, One time only, When your computer starts or When you log on. Each of these options has a different setting once you click on next. These settings can be easily configured and therefore I‘ll leave these settings to you. Click on Next once you have done the necessary time and date or account and password settings. You can now finish the wizard by clicking on Finish and you can simultaneously call for the properties of the task by selecting the option to open advanced properties for that task when you click on Finish. The properties dialog of a scheduled task has three tabs. The first tab called Task allows you to change the location of the executable (you can change the executable itself by clicking on Browse). You can even specify the Username in the Run as text field and Password (click on Set password) for the task if not done so previously. You can enable or disable this task by removing the check mark against the Enabled option. The second tab is the Schedule tab which allows you to change what you had specified in the wizard. Here you can modify the schedule task to occur at a different time. You can even have multiple schedules for a single task. Click on the Show multiple schedules option to enable multiple schedule setting. The third tab is the Settings tab which allows you to configure the aftermath of task completion, like you can delete the task once it is completed and if it is not scheduled to run again. You can even stop the task if it runs continuously for a certain period of time which you can specify. You can also make the computer start the task if the computer has been idle for some time which again you can specify. You can also make Windows stop the task if the computer ceases to be idle. It is advised not to start any scheduled task if the computer is running on batteries. Hence select the options that point to this (namely the first and the second). The third option here is to make the computer come out of Stand-By mode to run this task. Another important item to mention here is the Advanced option on the menu bar. It has got options that allow you to configure Scheduled Tasks in general. You can stop using task scheduler or pause its running. You can even make it notify you of missed tasks due to system power down or anything else for that matter. You also have something known as the AT Service Account configuration which deals with the AT command of Command Prompt. Setting the option to System Account causes the AT command to be used as a system wide component, else you can restrict its usage by giving an account who is capable of using it. The AT command schedules commands and programs to run on a computer at a specified time and date through the Command Prompt. The Schedule service must be running to use the AT command. You can also read the log file that is continuously being updated to see where and what the errors were if any and to study the normal functioning of the program. You can open the log file by going to Advanced >> View Log on the menu bar. The log file is found in %systemroot% by the name of SchedLgU.txt. The right click in the Scheduled Tasks folder gives only one New option, a New scheduled task whose selection will cause the Wizard to run. The Scheduled Tasks option accessible through the Control Panel is actually a folder in %systemroot% called Tasks and hence you can also open Scheduled Tasks without going to the Control Panel by going to Start >> Run and by typing Tasks followed by an Enter.
Page | 102
A Beginners Approach to Windows V.14: System (sysdm.cpl) A very Important component of the Control Panel, System Properties allows you to change Windows settings that are related to memory and the system in general. It also displays important information about your system, like processor type and speed and total physical memory available on your system. You can also find information about hardware and device properties, as well as configure hardware profiles and report system and program errors to Microsoft when they occur.
Another way of opening System Properties is to press the “Start + Pause Break” key combination.
System Properties - Print Screen 5.11
System Properties has 7 tabs arranged in a 4 and 3 tab fashion. Each of these tabs have their own distinct functionality. Whenever you open System Properties, the first tab that is by default selected is the General tab. Here you will be shown system related information like the name of the Operating System, alongwith its version and name of the Service Pack (if any). This is followed by the information of the registered owner of the computer. This is the same information that you had entered during installation of Windows. Here you will see your name, company and a 20 character serial key that may look something like XXXXX-OEM-XXXXXXX-XXXXX. The OEM part of it tells you that your copy of Windows installed is an OEM product. OEM stands for Original Equipment Manufacturers and includes companies that manufacture computers. The next part of the information displayed on this page is the system information. Here you will see the type and speed of your processor. An example is; Intel(R) Pentium(R) 4 CPU 2.00GHz where Intel(R) Pentium(R) 4 CPU is the name of your processor and 2.00 GHz is the speed of the processor. The speed shown here may actually be slightly less then what your computer‘s manufacturer told you or the speed that is written in the computers manual. This can be due to the voltage changes in the processor Page | 103
A Beginners Approach to Windows configuration or due to incorrect reading by the OS. This is also the case with the RAM count. Here you will also see the amount of RAM installed on your computer. Although the standard RAM cards available are 128, 256, 512 or 1GB, it may so happen that Windows may not display the exact size here. This is because some computers use a portion of the Physical RAM as VRAM (Video RAM), and this amount is subtracted from the actual size. Sometimes it may so happen that there will be bitmap image on display next to the System information section and your computer manufacturer‘s name is also visible in the Computer section of this tab. This is a simple trick that is used by OEM companies to make publicity about their presence. Read the chapter on Tips & Tricks to add your own image and information here. The second tab is the Computer Name tab which allows you to modify your computer‘s name. Here you will be able to see the current name of your computer and also the name of the Workgroup. The information saved or modified through this page is used by Windows to identify that particular machine on a network. To change the name of your computer, click on Change and under Computer name, type a new name for the computer, and then click OK. You can even change the name of your workgroup for that matter. To see the NetBIOS name and to specify a Primary DNS (Domain Name System) suffix, click on More… If you are not on a network leave this field and the Workgroup field as it is. Click on Apply to save changes. You may have to restart your computer for the changes to take effect. The next tab, called Hardware, deals with the attached system hardware and peripheral devices on your computer. You can start the Add Hardware Wizard by clicking on the Add Hardware Wizard button. The Device Manager frame allows you to start the Device Manager snap-in and change Driver signing settings. Windows device drivers and operating system files have been digitally signed by Microsoft to ensure their quality. A Microsoft digital signature is your assurance that a particular file has met a certain level of testing, and that the file has not been altered or overwritten by another program's installation process. Many devices that require driver files for them to work properly have their drivers tested and digitally signed by Microsoft. Software for hardware products with the Designed for Microsoft Windows XP logo has a digital signature from Microsoft, indicating that the product was tested for compatibility with Windows and has not been altered since testing. During hardware installation, Windows might detect software that has not passed Windows Logo testing to verify its compatibility with Windows XP. In such cases you can have Windows take a predefined action. To change these actions click on the Driver Signing button, to open the Driver Signing Options dialog. Under File signature verification, click on Ignore to allow all device drivers to be installed on this computer, regardless of whether they have a digital signature, Warn to display a warning message whenever an installation program attempts to install a device driver without a digital signature. This is the default behavior for Windows or click on Block to prevent an installation program from installing device drivers without a digital signature. If you are the Administrator then you can have the current action as the system default. Just check the Administrator option and click on OK to save changes. Before we see what the Hardware Profiles button does, let us first try to understand what a Hardware Profile actually is. A hardware profile is a set of instructions that tells Windows which devices to start when you start your computer or which settings to use for each device. When you first install Windows, a hardware profile called Profile 1 (for laptops, the profiles are Docked Profile or Undocked Profile) is created. By default, every device that is installed on your computer at the time you install Windows is enabled in the Profile 1 hardware profile. The profile named Profile 1 (Current) provides a model for you to create new hardware profiles. It will not appear in the list of available hardware profiles shown during startup. If there is more than one hardware profile on your computer, you can designate a default profile that will be used every time you start your computer. You can also have Windows ask you which profile to use every time you start your computer. Once you create a hardware profile, you can use Device Manager to disable and enable devices that are in the profile. When you disable a device in a hardware profile, the device drivers for the device are not loaded when you start your computer.
Page | 104
A Beginners Approach to Windows Click on the Hardware Profiles button to open the Hardware Profiles dialog. To create a customized profile, click on Copy and then type name for the profile. You can customize your new profile by enabling or disabling devices for that profile in Device Manager. You can also make the computer to wait until a profile is selected or make the computer select the first profile in the list in 30 seconds (can be changed). The next tab is the Advanced tab which allows you to configure virtual memory, user profiles and startup and recovery options. You to be an Administrator to make changes in this tab. To change performance related settings click on Settings in the Performance frame. In the Performance Options dialog under the Visual Effects tab, select the settings you want to use for the appearance and performance of Windows. By default Windows XP has the ―Let Windows choose what‘s best for my computer‖ option selected. You can change that and adjust your Windows XP settings for better performance or better appearance. You can even have a custom option and select individual options from those listed. Click on Apply to see the changes. Under the Advanced tab you can specify whether your processor priority should be towards the performance of Programs or Background services. Similar is the case with memory usage on your computer; you can specify whether Programs should have the edge or the system cache. If your computer is a Server (normal PCs are called Workstations) then you can have Processor Scheduling and Memory usage to Background services and System cache respectively. Right down you will see the total paging file size on your computer for all drives. Click on Change to modify Virtual Memory settings. To create a page file on a drive, just select the drive, select the option saying System managed size and click Set. Click on OK to save changes. You may have to restart your computer for the changes to take effect.
When your computer is running low on RAM and more is needed immediately, Windows uses hard drive space to simulate system RAM. This is known as virtual memory, and is the space is called the paging file. The default size of the virtual memory pagefile (named pagefile.sys) created during installation is 1.5 times the amount of RAM on your computer. The more the paging files and sizes the faster your computer becomes. The paging file is normally a superhidden system file in the root of the drive.
To change or modify User Profiles click on Settings under the User Profiles frame. A user profile defines customized desktop environments, such as individual display, and network and printer connections settings. You can delete or copy profiles through the User Profiles dialog that opens up through the Settings button. Here you can see all the profiles that are present on your computer along with their size, type, status and last modified date. The size shown is inclusive of the My Documents folder and hence may be alarmingly large for your account. There are basically three types of profiles: a local user profile, which is created the first time you log on to a computer and is stored on the computer's local hard disk. Any changes made to your local user profile are specific to the computer on which the changes are made. Then there is the roaming user profile, which is created by your system administrator and is stored on a server. This profile is available every time you log on to any computer on the network. Any changes made to your roaming user profile will be updated on the server. Finally, there is the mandatory user profile, which is a roaming profile that can be used to specify particular settings for individuals or an entire group of users. Only system administrators can make changes to mandatory user profiles. To change startup and recovery options click on Settings in the Startup and Recovery frame. The Startup and Recovery dialog allows you to change the Default Operating system; incase of computers with multiple OSs. You can also change the time for which you want the boot.ini to be displayed with all the Operating Systems. In case of auto restarts or a hard reboot a recovery options page is shown at startup just after the display of the boot.ini file. You can specify the time for which this page should be shown by changing the time in the field provided. To manually edit
Page | 105
A Beginners Approach to Windows the startup options through the boot.ini file, click on Edit to open the boot.ini file in notepad. This method of manually editing is not advised though.
An easier and safer method to edit the boot.ini file is through msconfig. Go to Start >> Run and type msconfig followed by a carriage return. The fourth tab is the BOOT.INI tab through which you can safely modify startup options.
You can even specify what Windows should do in case of system failure. Windows can be configured to do the following when a severe error (called a Stop error or fatal system error or the Blue Screen Error) occurs: Write an event to the system log Alert administrators Dump system memory to a file that advanced users can use for debugging. Automatically restart the computer. The dump of system memory to a log file can be valuable for debugging the cause of the Stop error. If you contact your technical support representatives about the error, they might ask for the log file. Note that Windows writes the log file to the same file name (Memory.dmp, by default) each time a Stop error occurs. To preserve log files, you should rename the log file with a unique name after the computer restarts. You can select the type of information you want Windows to record when the system stops unexpectedly under Write debugging information. There are three possible options: Small Memory Dump records the smallest amount of information that will help identify the problem. This option requires a paging file of at least 2 MB on the boot volume of your computer and specifies that Windows will create a new file each time the system stops unexpectedly. A history of these files is stored in the directory listed under Small Dump Directory. Kernel Memory Dump records only kernel memory, which speeds up the process of recording information in a log when the system stops unexpectedly. Depending on the amount of RAM in your computer, you must have 50 MB to 800 MB available for the paging file on the boot volume. The file is stored in the directory listed under Dump File. Complete Memory Dump records the entire contents of system memory (RAM) when the system stops unexpectedly. If you choose this option you must have a paging file on the boot volume large enough to hold all of the physical RAM plus one megabyte (MB). The file is stored in the directory listed under Dump File. To change Environment Variables for users and system, click on the Environment Variables button. Environment variables are strings that contain information such as drive, path, or file name. They control the behavior of various programs. For example, the TEMP environment variable specifies the location in which programs place temporary files. Any user can add, modify, or remove a user environment variable. However, only an administrator can add, modify, or remove a system environment variable.
You can go to Start >> Run and type any of the environment variable to see funny error messages or to open the folder or file if it exists. The format is “%variable%” with the quotes if the value is of more than one word. For example "%PROCESSOR_IDENTIFIER%".
You can create a unique shortcut to any folder or program on your computer through a variable. Like for example assume you have a folder that you want to open in your D: drive. Assume the name and location of the folder to be D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\. Now instead of going to My Computer and all the way in, you can create an environment variable with the name d or anything you like and the value to be ―D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\‖ with the inverted commas Page | 106
A Beginners Approach to Windows so that you don‘t have to type them in the run box. Now say OK to create and test it by going to Start >> Run and by typing %d% followed by Enter. If everything went correctly, it should work.
Program Error Report - Print Screen 5.11
When a system error occurs, the computer displays a blue screen containing error codes, and all computer operations stop. When an illegal operation or other error occurs in a program (such as Microsoft Word), that causes a program error, the program stops working. You can report system and program errors to Microsoft. This reporting system allows Microsoft to track and address operating system, Windows component, and program errors. You can configure error reporting to send only specified information. For example, if you only want to report system errors, you can specify that reports be generated only for the operating system. The same is true for Windows components, such as Windows Explorer, Paint, or Internet Explorer; and for programs, such as Microsoft Word, installed on your computer. When an error occurs, a dialog box will be displayed, prompting you to indicate whether or not you want to report the problem (Print Screen 5.11). When you choose to report the problem, technical information about the problem is collected and then sent to Microsoft over the Internet. If a similar problem has been reported by other people, and more information is available, a link to that information will be provided. The next tab in line is the System Restore tab, which allows you to configure System Restore settings on all the drives present on your computer. To change the amount of space that should be used to keep System Restore files, click on Settings after selecting a drive from the scroll menu. Move the slider to set space that has to be used. Decreasing the space may reduce the number of System Restore points that can be created. You can even turn off System Restore on all drives or on selected drives only. To turn off System Restore on all drives, select the Turn off System Restore on all drives option whereas to turn off System Restore for individual drives, select the drive and click on Settings. In the drive settings dialog, select the Turn off System Restore on this drive option and click on OK. You cannot turn off System Restore on your system drive without turning it off on all drives. If you turn off System Restore, all existing restore points will be deleted and you will not be able to track or undo changes to your computer. The next tab is the Automatic Updates. Here you can specify whether you want to use the Windows updater or not. With Automatic Updates, Windows routinely checks for updates that can help protect your computer against the latest viruses and other security threats. These high-priority updates are available through the Windows Update Web site and include security updates, critical updates, or service packs. When you turn on Automatic Updates, you don't have to search for updates online or worry that critical fixes might be missing. Windows automatically downloads and installs them for you, using a Page | 107
A Beginners Approach to Windows schedule that you determine. If you prefer to download and install updates yourself, you can also set up Automatic Updates to notify you whenever any high-priority updates become available. Here you can also turn off Automatic Updates which is not advisable though since your computer will remain vulnerable to malicious programs and hackers. You can manually check for updates on the Windows update website by clicking on the Windows Update Website link. Windows updates are taken from http://windowsupdate.microsoft.com/ The last tab of System Properties is called Remote, which allows you to configure options for Remote Assistance. To allow Remote Assistance connections select the Allow Remote Assistance invitations to …… option. Click on the Remote Assistance link to open Help and Support Center with information on Remote Assistance. You can set the maximum amount of time invitations to be open from your computer by clicking on Advanced. Remote Assistance enables a person in another location to connect to your computer from another computer running a compatible operating system, such as Microsoft Windows XP, and walk you through your solution. After the person is connected, he or she will be able to view your computer screen and chat online with you in real time about what you both see. With your permission, he or she can even use his or her mouse and keyboard to work with you on your computer. If you are working on a corporate or local area network, firewalls might stop you from using Remote Assistance. In this case, check with your network administrator before using Remote Assistance. You can also open System Properties by going to Start >> Run and by typing sysdm.cpl followed by a carriage return or by giving an right click on My Computer and selecting Properties.
V.15: Taskbar & Start Menu The Taskbar and Start Menu properties dialog is used to change settings of the Windows start menu and the taskbar. It can also be opened by selecting properties from the right click menu of the Taskbar or Start button. You can change the display of the start menu, hide the clock, customize the notification area and a lot more things. The Taskbar and Start Menu properties dialog has two tabs. The first one called the Taskbar has options to configure the taskbar in general. You can change the Taskbar appearance by selecting or deselecting the options available here. You can Lock the taskbar at its current position on the desktop so that it cannot be moved and automatically also lock any toolbar present on the taskbar like the Quick Launch etc so that it cannot be changed. You can also Auto-hide the taskbar. To redisplay the taskbar, point to the area of the screen where the taskbar is located. You can also Keep the taskbar on top of other windows so that it is always visible when you maximize program windows. If the Auto-hide taskbar option is selected and you want to be sure that your taskbar will be visible whenever you point to it, select the Keep the taskbar on top of other windows checkbox. Similar program documents can be grouped by selecting the Group similar taskbar buttons. This will cause taskbar buttons opened by the same program to be displayed in the same location of the taskbar. The Windows XP taskbar has the additional property that if many windows are opened by the same program and if space is unavailable on the taskbar then it collects all common program windows into a group button. Clicking on this group button allows you to access any document you want. You can even close all documents by just giving a right-click Close Group on the taskbar button. You can hide the Quick Launch by removing the check against the Show Quick Launch option. The clock in the Notification Area (system tray) can be removed by de-selecting the Show the clock option in the Notification area frame. You can even hide unused icons in the notification area. To customize each icon in the notification are click on Customize. In the Customize Notifications dialog that opens you can select Behavior of individual items and set them to Hide when inactive, Always hide or Always show. Click on Apply to save changes.
Page | 108
A Beginners Approach to Windows
Taskbar and Start Menu Properties - Print Screen 5.12
The second tab is the Start Menu tab which allows you to change the way the Start menu appears or behaves. You can select the type of Start menu you want to have, you have the option of selecting the Windows XP Start menu or the Classic Start menu. Select a start menu type and click on customize to modify it. The Windows XP Start menu can be customized by having large icons or small ones for programs. You can even change the number of recently used programs that are displayed in the Start menu (the default is 6). You can even clear the list to start afresh. Clearing items does not delete the original program. Under the Advanced tab of the Customize dialog you can enable or disable start menu items and clear recent documents. You can make Windows highlight newly installed programs by selecting the Highlight newly installed programs option. The Classic Start Menu can be customized by selecting it and clicking on Customize. You can Add shortcuts to programs or files on your machine. You can even remove currently installed Start Menu program folders. Just click on remove, select a start menu folder from the list and click on Remove. Clicking on Advanced will open up the Start Menu folder in explorer view. The Start menu folder is actually the %Homepath%\Start Menu folder which is specific for every user that logs on. Using the Advanced button you can add individual folders, shortcuts or files to the Start menu. You can sort the contents of the Start menu by clicking on Sort. This rearranges the items on the Programs list in the Start menu so that they are displayed in the default order. You can even clear the recent Documents cache by clicking on Clear. Clearing does not delete the documents that have been cleared. You can have Administrative Tools, Run and Favorites to be displayed in the Start menu by selecting the appropriate option from the Advanced Start menu options box. Click on Apply to save changes. Click on OK to save changes & exit.
V.16: Sounds and Audio Devices (mmsys.cpl) The Sounds and Audio Devices properties dialog allows you to change system sound and audio properties of your audio hardware. Many settings under this dialog are specific to the hardware installed on your computer. The common ones are covered below. Using the Sounds and Audio Page | 109
A Beginners Approach to Windows Devices properties dialog of Control Panel, you can configure the system volume, adjust vocals, specify Startup and Shutdown music, change audio recording hardware and configure other audio options. The Sounds and Audio Devices Properties dialog has 5 tabs. The first tab called Volume has options to configure the systems volume in general. Here you will see a slider that controls the Device volume. You can even Mute the volume on your computer here. Select the Place volume icon in the taskbar option to place the volume control icon in the system tray. You can use it to control volume for different devices on the system including the microphone, CD player, the Line In and the SW Synthesizer. Click on Advanced in the Device volume frame to see the volume control that will be accessible through the system tray. Next you have Speaker settings; click on Speaker Volume to adjust the volume levels for the speakers attached to your computer. Click on Advanced to select speakers, adjust audio playback features and apply sound effects to your audio playback. Under the Advanced Audio Properties available through the Advanced button, select a speaker setup that best matches your PCs speaker configuration. Under the Performance tab of the Advanced Audio Properties, keep the Hardware acceleration and Sample rate conversion quality to Full and Best respectively. If you are having problems with your computer‘s audio hardware (hissing noise or pinging of the speakers) then lower these two parameters. This has to be done only for error correction purposes. Click on Apply to save changes.
An audio file on the basic level can be of two types; one called stereo and the other called mono. Stereo files have audio in both the channels (left and right) with or without different volumes whereas mono files just have a single channel.
Sounds and Audio Properties - Print Screen 5.13
The next tab is the Sounds tab which allows you to apply sound schemes to Windows events. A sound scheme is a set of sounds applied to events in Windows and programs. Here you can select an existing scheme and save or delete modified schemes. To change sounds for a certain Windows event, select it from the event list and then select a sound from the Sounds drop down menu. You can even Browse for a *.wav file of your choice. You can use the small play button located between the Browse button and the drop down menu to play and listen to the audio file selected. All the Page | 110
A Beginners Approach to Windows audio files mentioned in the drop down list are found in the %systemroot%\Media folder. If you want to select a *.wav file of your choice see that you don‘t select a file whose size is larger than around 2.7 MB and whose duration is not more than 60 seconds. The third tab, called the Audio tab, allows you to select the Default devices for audio playback, audio recording and MIDI music playback. You can select each of these hardware from the drop down list which displays all available hardware of the selected type. Click on Advanced to display advanced audio properties for devices listed. Clicking on Volume will open up volume controls which can be adjusted to obtain optimal audio output from your hardware. MIDI stands for Musical Instrument Digital Interface and is audio in frame format. MIDI files do not have channels or synthesizable audio information but consists of sounds that are produced by computer hardware like beeps of various frequencies. Video games (like Mario) used MIDI files as audio. The fourth tab is the Voice tab that allows you to configure your audio device for Voice playback and Voice recording. These two options are very much the same as those that were configured in the previous page for Sound playback and Sound recording respectively. Additional here is the option to Test hardware your audio devices. Click on it to start the Sound Hardware Test Wizard. The last tab, called Hardware, shows all the audio hardware and compression and decompression (codecs) software connected to the computer and functioning. If you are having problems with your computer‘s sound hardware, click on the Troubleshoot button to start a Windows troubleshooter. Click on Properties to see the properties of the item selected in the list. Click on Apply to save settings and click on OK to save & exit.
V.17: User Accounts (nusrmgr.cpl) The Control Panel User Accounts is used to change, add or modify users on a given Windows XP system. User Accounts provides an easy to use interface to create and modify users. When you start User Accounts, you are greeted with the General Tasks page (although not specified anywhere) where you can pick listed tasks like Change an account, Create a new account or you can Change the way users log on or off. When you click on Change an account, you will be displayed all the accounts that exist on your computer; you can then click on the corresponding username to change details. Click on Create a new account to create a new account. Type a name for the account. Take care that the name cannot be the name of your computer and it cannot be "Guest‖ or ―Administrator‖ or that of a user already present. This name will appear on the Welcome Screen and on the Start menu. Click on Next after you type the name. You will be then asked if you would want this account to be an Administrator account or a Limited account. Administrators have full and complete control over a computer. On the other hand, Limited users have several restrictions. You can change the way users log on or off by clicking on the link with precisely the same name. Using the Welcome Screen is the best and most interactive way of logging in to a Windows XP system. You can also enable Fast User Switching which allows you to use the Switch User button on the logoff menu (Start >> Log off %Username% >> Switch User). This option allows you to login into some other account without logging off from your own.
You can optionally press the Start button + L (Win Key + L) to switch User.
Unselect the Use the Welcome screen option to use the Windows 2000 style of logging in. This can be considered an option in cases where security is a factor, since using this option does not show all the users of the machine and logging in becomes difficult unless and until you know the username which has to be typed in the Username field. Click on Apply options to save changes.
Page | 111
A Beginners Approach to Windows
User Accounts - Print Screen 5.14
To change individual properties for users or to assign passwords or memberships, click on the Username whose properties you want to change. You can then change your name, create a password, change the display picture, change your account type or setup your account to use a .NET Passport. You cannot rename your account to that of another existing user or Guest or Administrator, nor can you rename your account to your computer name. You can create a password as well as a password hint so that you don‘t forget the password and simultaneously nobody else knows about it. Good passwords should contain both letters as well as numbers and should be at least 10 characters in length. Remember that if you are using a password hint, it is visible to everyone who uses the computer. So keep a hint which nobody else other than you should link it with the password. After you have created a password you will be asked whether you would want to make your files and folders private. Selecting Yes, Make Private will cause the entire %Homepath% folders and subfolders to be locked to users with limited accounts. This means that they will not be able to gain access to your Desktop, My Documents or any other %Homepath% folder. You can change the display picture to a variety of images available by default or you can even select your own by clicking on Browse for more pictures. Click on Change Picture to save settings. You can even open the Themes tab of Display Properties from here by clicking on Change the computer theme from the Related Tasks pane on the left. If there exist more than 2 administrators on a computer (the main Administrator account is hidden by default and is visible only when you start your computer through Safe Mode) then you can change any other account to a Limited from an Administrator or vice versa. Click on Change Account Type to commit any changes. The last option allows you to add a .NET Passport to your Windows XP user account. Follow the on screen instructions in the Wizard to have your .NET Passport up and functional in no time. You should be connected to the internet to complete this task. User Accounts also shows you the passwords that are stored on for Network Resources and websites. Click on Manage my network passwords to change or modify entries. Just select an entry and click on Properties.
Page | 112
A Beginners Approach to Windows You can turn on the Guest account by selecting the Guest account under Change an account and then select Turn on the Guest Account. You cannot give a password to the Guest account nor can you rename it. Sometimes it may so happen that you may forget your password and there is no hint. To prevent such occurrences, you can create a Password reset disk using the Forgotten Password Wizard. You can then change your password at the login screen itself using the Password reset floppy. Deleting your own account is a small trick employing the fact that there should be at least one user who is an Administrator. Just login through the other account and delete your account. The same is the case with deleting your any account. Windows will ask you whether you would want to keep his or her files.
The Control Panel, as mentioned earlier, is an executable in the system32 folder of Windows. Whenever you open a Control Panel item its respective .cpl is run as an argument to the control.exe and from here some other Windows process like rundll32.exe or explorer take over and completes the request. For example, when you open Internet Options through Control Panel, what Windows receives is ―control.exe inetcpl.cpl‖ after which rundll32.exe is called by Control.exe and the Internet Properties is displayed. Rundll32.exe is an executable in the system32 folder that runs dll files as if they were executables. We know that many of the processes and applications that are found running or can be run are either in the .exe, .scr, .bat, .com, .cmd or .vbs format. Dlls were known to us as Dynamic Link Libraries containing functions and additional data that is required by the executable. Some dll can be run like an executable which is done by the rundll32.exe program. There are some inbuilt arguments in control.exe which when passed to the main program will open the respective item. Below is a list of some of them. You can type the entire thing in the run box and check for yourself:
Control scannercamera --- opens the scanners and cameras explorer window. Control folders --- opens folder options. Control netconnections --- opens the Network Connections explorer window. Control schedtasks --- opens scheduled tasks window. Control admintools --- opens Administrative Tools. Control fonts --- opens fonts explorer window. Control printers --- opens printers window. Control userpasswords2 --- this opens the hidden User accounts of Windows XP. This is the Windows 2000 User Accounts dialog. Control userpasswords --- opens up the Windows XP User Accounts. Control telephony --- opens the Phone & Modem options (if available) Control keyboard --- opens up keyboard properties. Control mouse --- opens up mouse properties. Control international --- opens Regional and Language options. Control ports --- opens up System Properties with the Computer name tab selected. Control date/time --- opens the Date/Time properties. Control color --- opens up Display Properties with the Screensaver tab selected. Control desktop --- opens up the display properties with the Themes (default) tab selected.
For example go to Start >> Run and type ―control admintools‖ without the quotes to open the Administrative Tools. Try out the various Control Panel Applets to obtain a fully customized Windows XP machine.
Page | 113
A Beginners Approach to Windows Challenges: 1. Make all the drives accessible from C:\ drive through folders like D Drive, E Drive etc. 2. Convert the AM and PM to MA and MP respectively. 3. Create an environment variable (user) to open the Windows Product Activation wizard by using the variable ACT. 4. Record your voice and save it as Audio1.wav. Now make it as your Windows XP startup sound.
Page | 114
A Beginners Approach to Windows
CHAPTER VI
DOS Prompt – The Powerful Cmd.exe In this chapter you will learn about some of the most common commands of the Windows DOS prompt. We shall concentrate more on the more efficient cmd of Windows NT systems. After this chapter the reader should be able to: Explain the Windows command prompt and its usage. Differentiate between command.com and cmd.exe. Use the various commands of cmd to perform various everyday tasks.
Page | 115
A Beginners Approach to Windows Windows on its own can handle most of its input output requests and other normal functions, but some processes like disk checking during startup and some older programs require the command prompt to run. Especially programs written in C or C++ were made specific to older Operating systems. In older versions of Windows, the DOS (Disk Operating System) was loaded first and then explorer (the Windows shell) was called over it. In Windows XP and Windows 2000 systems, the command prompt processor can be launched over on top of NT for a console session. The terms cmd.exe and DOS will be used interchangeably unless exclusively specified.
VI.1: The DOS Prompt The term DOS prompt is broadly referred to both cmd.exe as well as command.com. Cmd.exe is a file found in %systemroot%\system32 folder same is the case for command.com. In Windows 98 systems, command.com is found in C:\Windows\system folder.Windows 98 does not have cmd.exe. While older Windows versions started the DOS environment first and then started the Windows explorer shell, the same is not the case for Windows XP and 2000 systems. Windows XP has been built with an independent mode of access for the command.com and other 16 bit files. Cmd.exe is a full blown 32 bit command interpreter of Windows. To start cmd.exe, go to Start >> Run and type cmd and press enter. This variant of the command interpreter has many advantages over its ancestor command.com. We shall see some of them in the pages to come. Windows XP and 2000 run 32 bit programs with ease. Cmd.exe runs most programs if executed through it. Some older programs may have to be run in compatibility mode and thus would require command.com. Command.com is called by cmd.exe as and when required. Another useful feature of cmd.exe is the ability to complete paths or program locations using the Tab button. If for example you press the Tab button at the cmd prompt when your current working directory is C:\Windows then you will be presented with the folder names or file names present in that folder. This feature saves your typing energy…. Not just that path completion enables you to correctly use folder or file names if they are more than 8 characters in length or if they have a space in them. Longer file or folder names can be used by including a double inverted comma (―) before and after the path. For example if you are currently in C: drive and you wish to access you‘re My Documents folder through Documents and Settings then you can type: C:\>cd "Documents and Settings\Neo\My Documents" You don‘t even have to type the whole thing, just type the first one or two letters of Documents and Settings (Doc for example) and press TAB, the path will be completed. Then add a slash (\) and press TAB again, repeat till you reach your destination. The same would not work for command.com. Another big advantage of using cmd.exe over command.com is that you can copy text from the prompt to any text editor by right clicking on the prompt screen and selecting mark which enables the copier of the window, then select the text that you want to copy as you would in a normal text file and press Enter to copy or select it from the right click menu of the Title bar through Edit. Command.com also provides the copy and paste option but it is restricted under Windows XP and 2000 and it is available only through the Title bar and not through the screen. In command.com filenames are terminated after the sixth character and are replaced by a ~1. Long filenames are not supported by command.com For example if you were to change in to the Documents and Settings directory in C: drive the command would be: C:\>cd Docume~1 Instead of: C:\>cd ―Documents and Settings‖
Page | 116
A Beginners Approach to Windows This can cause a lot of problems in programs that rely on path and address locations for installations. Another advantage of cmd.exe is that it hardly relies on ntvdm.exe unlike command.com which calls ntvdm.exe to generate the DOS environment. The problem with this is that if a program unexpectedly goes into an infinite loop or hangs due to some error then ntvdm.exe uses almost 99 percent of your CPU strength thus almost freezing entire Windows. Ending this mess is a mess in itself since it brings up the End Task dialog instead of closing like cmd.exe which can be closed by using the close button on the Title bar. Some keyboard shortcuts specified by Doskey that enable faster usage of the cmd.exe are: UP and DOWN ARROWS recall commands ESC clears command line F7 displays command history ALT+F7 clears command history F8 searches command history F9 selects a command by number Cmd.exe and command.com parse a command in almost a similar fashion. Whenever a command is entered at the prompt by us followed by a carriage return, cmd.exe and command.com check to see if it is internal or an external command and then the execution takes place. Internal commands are inbuilt into DOS. Commands like copy, dir, del and cls are inbuilt into DOS. There are some commands which are actually programs that are kept in the Windows directory and which can be run from the prompt as a command. Commands like format, scandisk, telnet and net are external commands. So whenever we give a DOS command, either internal or external cmd.exe executes it by first checking if it is internal. If no internal command matches then it checks to see if it is an external command and then it executes it. If none is the case then an error is displayed. If an external program matches the name of an internal command, DOS does not even bother to check if it exists or not and always executes the internal command.
Cmd.exe - Print Screen 6.1
The DOS environment has several commands; in fact any program can be regarded as a command to cmd.exe. We shall see some of the internal commands of cmd.exe and some commonly used external commands like format etc. in the following pages.
Page | 117
A Beginners Approach to Windows VI.2: Console Commands As mentioned earlier, commands are divided into internal and external. But we shall make no differentiation here since only those commands have been explained which will be helpful in the next chapter and which are easy for the novice user to grasp. To get a full list and to see the overview of cmd.exe go to Start >> Run and type the following: hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm You will get a list of many common commands supported by DOS if you type Help at the prompt. More information can be obtained for a single command by typing the command name followed by a /?. The following list has been edited and expanded to give it a more meaningful read. Some commands may be missing here but you may find them in the cmd help list. To start cmd.exe or command.com, go to Start >> Run and type cmd or command and press enter. ASSOC Displays or modifies file extension associations. You can use this command to change or add new file extensions and the default program to associate with it. Standard usage is of the form assoc [.xxx = [fileType]], where xxx is a new or existing file extension. When used without any parameters, the command displays all the extensions registered on the current computer. You can also use the assoc command to view individual file associations like assoc .jpg. For example, to register a new file extension .mp8 which let us assume is a music file and we would want Winamp to open it then assoc .mp8=Winamp.File will do. To check it type assoc .mp8. ATTRIB Displays or changes file attributes. Attributes of a file or folder include hidden, read-only, system and archive. For example if you have a folder named Test in your C:\ drive and you wish to hide and set it to read only plus you wish to remove the archive attribute and disable system attribute then attrib +R +H –S –A C:\Test will do. Here +R, +H specify that read only and hidden attributes should be set and the –S and –A arguments specify that the folder should not be archived nor should it be a system folder. Remember a hidden & system attributed file becomes a superhidden file. BREAK Sets or clears extended CTRL+C checking. The break command is used extensively in batch files to give user control wherein the user will see a message prompting him to Press any key to continue…The user can stop the batch file execution by pressing Ctrl + C. This is a standard key combination to halt a command execution. Like for example if you type dir at the prompt when you are in the system32 folder the list that scrolls by is huge and if you wish to break out of it then you can press Ctrl + C. CACLS Displays or modifies Access Control Lists (ACLs) of files. This is an external command, a program that you will find in the system32 directory called cacls.exe. Works only on NTFS drives. Access lists is a special feature of NTFS drives that prevents users from accessing folders or files even when they are visible right on the desktop. Users will get an Access is denied error. Usage is simple, assume you have a folder in your D: drive called Test in which all your important documents are present. Then to deny access to this folder you can type at the prompt cacls D:\Test /d everyone. This command modifies the ACL of the folder to deny access to the user group everyone. To grant access to everyone use cacls D:\Test /g everyone:F. The F parameter specifies that the group everyone should be given full access. The other parameters available are N for None, R for Read only, W for Write permissions and C for change permissions (same as W). The group everyone can be also replaced by a specific user or a localgroup. To see the users or groups on your computer, type net users or net localgroup at the command prompt. Page | 118
A Beginners Approach to Windows
Remember that access lists differ for different OSs hence a folder locked in Windows XP Home Edition may not open in Windows XP Professional Edition. Even sometimes the reverse cacls does not work and you will get an Access is denied message when attempting to Unlock a folder locked by cacls. You can create another folder inside D:\Test and then use cacls on D:\Test. This will allow you to access your data inside the newly created folder inside D:\Test by typing the full path in the address bar of any explorer window or in the Run box and since only you will be knowing the full path, your data is still safe. CALL Calls one batch program from another. Particularly useful in batch file programming. General syntax is call [full batch file path] [arguments if any]. After execution of the other batch file control is passed back to the original file from which the call command was given. Call can also be used to run a program since all programs are treated as external commands. So you could also have something like call C:\Windows\explorer.exe which will open My Documents in explorer view. CD / CHDIR Displays the name of or changes the current directory. Most common of all commands, this command is used to change the current working directory to the one specified after the cd command. Usage is cd [directory name] if the directory is a sub folder of the current directory. You have to use the full path including the drive letter if the directory is somewhere else. Assume your current working directory is C:\Windows and you want to change to D:\Projects\Books\Chapters then you will have to type the full path along with cd; cd D:\Projects\Books\Chapters will change your directory to D:\Projects\Books\Chapters. The asterisk wildcard is supported to some extent. Like if you have two directories in D: drive called Best and Test then you can change your current working directory from D:\ drive to Test by typing cd Te*. DOS will change the directory to the first available directory satisfying Te* (Test in this case). If you want to change back to the parent directory then you can use cd .. to change back. To change back to the drive root use cd \. Long file names with spaces have to be enclosed in quotes (if extensions are disabled). For example if you are working in C:\ drive and you wish to change to the Start menu folder of All users then type: cd “Documents and Settings\All Users\Start Menu\‖ If you are working in D:\drive and if you wish to change to the above folder then this command may not work, you will have to specify cd to change even the drive by passing a /D parameter along with the full path including the drive letter in inverted commas. cd /D “C:\Documents and Settings\All Users\Start Menu\”. To enable command prompt extensions type cmd.exe /E:ON in the run box. CHCP Displays or sets the active code page number. chcp [xxx] where xxx specifies a code page number. Type chcp without a parameter to display the active code page number. CHKDSK Checks a disk and displays a status report. Chkdsk is an external command found as a program in system32 folder as chkdsk.exe. Syntax of usage is chkdsk [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/L:size]] where volume specifies the drive letter (followed by a colon e.g. C:), filename: specifies the files to check for fragmentation (FAT/FAT32 drives only), /F fixes errors on the disk, /V displays the full path and name of every file on the disk (FAT/FAT32 drives only) whereas on NTFS drives displays cleanup messages if any, /R locates bad sectors and recovers readable information (implies /F), /L:size changes the log file size to the specified number of kilobytes, if size is not specified, chkdsk displays current size (NTFS only), /X forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F).
Page | 119
A Beginners Approach to Windows CHKNTFS Displays or modifies the checking of disk at boot time. Using this command you can specify the drive to be checked at the next boot. Use chkntfs /C [drive name with colon] to make Windows check if the drive is dirty. If the drive is found to be dirty then chkdsk is called and it checks the drive. To restore default no check values type chkntfs /D at the prompt. To see current status of a drive type chkntfs [drive name with colon]. CLS Clears the screen. Type cls and press enter. CMD Starts a new instance of the Windows command interpreter. You can start cmd.exe with several parameters. Syntax is cmd [/A | /U] [/Q] [/T:bf] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [[/C | /K] string] where /C carries out the command specified by string and then terminates, /K carries out the command specified by string but remains active, /Q turns echo off, /A causes the output of internal commands to a pipe or file to be ANSI, /U causes the output of internal commands to a pipe or file to be Unicode, /T:bf sets the background/foreground colors (see the color command below), /E:ON enable command extensions, /E:OFF disable command extensions, /F:ON enable file and directory name completion characters using the Tab key, /F:OFF disable file and directory name completion characters COLOR Sets the default console foreground and background colors. color [BF]. BF specifies the color code. B for background and F for the foreground text. These codes are hex digits that can be any of the following values: 0 = Black 8 = Gray 1 = Blue 9 = Light Blue 2 = Green A = Light Green 3 = Aqua B = Light Aqua 4 = Red C = Light Red 5 = Purple D = Light Purple 6 = Yellow E = Light Yellow 7 = White F = Bright White If no argument is given, this command restores the color to what it was when cmd.exe started. This value either comes from the current console window, the /T command line switch or from the DefaultColor registry value. You cannot give the foreground and background to have the same color. For example: color 4F produces red on bright white. COMP Compares the contents of two files or sets of files. The general syntax is comp [file1] [file2] [/D] [/A] [/L] [/N=number] [/C] where file1 specifies location and name of first file to compare, file2 specifies location and name of second file to compare, /D displays differences in decimal format, /A displays differences in ASCII characters, /L displays line numbers for differences, /N=number compares only the first specified number of lines in each file, /C disregards case of ASCII letters when comparing files. Wildcards are supported for filenames. COMPACT Displays or alters the compression of files on NTFS partitions. The general syntax is: compact [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename [...]] where /C compresses the specified files. Directories will be marked so that files added afterward will be compressed. /U uncompresses the specified files. Directories will be marked so that files added afterward will not be compressed. /S performs the specified operation on files in the given directory and all subdirectories. Default "dir" is the current directory. /A displays files with the Page | 120
A Beginners Approach to Windows hidden or system attributes. These files are omitted by default. /I continues performing the specified operation even after errors have occurred. By default, compact stops when an error is encountered. /F forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default. /Q reports only the most essential information. Filename specifies a file or directory. When executed without parameters, compact displays the compression state of the current directory and any files it contains. CONVERT Converts FAT volumes to NTFS. You cannot convert the current drive. If you wish to convert your D: drive from FAT32 to NTFS then convert D:\ /FS:NTFS /X will do. Here D:\ is the name of the drive you wish to convert, FS:NTFS tells DOS to convert the file system on D: drive to NTFS. The /X parameter forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid. COPY Copies one or more files to another location. The common syntax is copy [source file] [destination] /Y. Copy will prompt if a file exists with the same name as that being copied in the destination directory. By using the /Y parameter, Windows will overwrite without asking the user. DATE Displays or sets the date. When used without any parameters, date shows the current day and date in the format Sun 03/12/2006 which is day MM/DD/YYYY. It will also prompt you to enter a new date, which you can ignore by pressing an enter. If command extensions are enabled then you can use date /T to just display date. DEL/ERASE Deletes one or more files. The common syntax is del [/P] [/F] [/S] [/Q] names erase [/P] [/F] [/S] [/Q] names where names specifies a list of one or more files or directories. Wildcards may be used to delete multiple files. If a directory is specified, all files within the directory will be deleted. /P prompts for confirmation before deleting each file. /F force deleting of read-only files. /S delete specified files from all subdirectories. /Q quiet mode, do not ask if ok to delete on global wildcard. For example if you wish to delete the contents of multiple folders like D:\Test, D:\Test2, D:\Test3 and so on containing read only files without asking you then del /F /Q D:\Tes* will do the job. DIR Displays a list of files and subdirectories in a directory. Common syntax is: dir [drive:][path][filename] [/B] [/C] [/D] [/L] [/P] [/Q] [/S] [/W] [/X] [/4] where [drive:][path][filename] specifies drive, directory, and/or files to list. /B uses bare format (no heading information or summary). /C display the thousand separator in file sizes. This is the default. Use /-C to disable display of separator. /D same as wide but files are list sorted by column. /L uses lowercase file and folder names to be displayed. /P pauses after each screenful of information, practically useful if you are in a system32 like directory and you have given a dir command. /Q display the owner of the file, shows all the users who have access to the file or folder. /S displays files in specified directory and all subdirectories. /W uses wide list format to display directory contents. /X this displays the short names generated for non-8.3 file names. The format is that of /N with the short name inserted before the long name. If no short name is present, blanks are displayed in its place. Used for compatibility between command.com and cmd.exe. /4 displays four-digit years. Wildcards are also supported. That is if you want to see the listing of only those files that have the characters est in them then you can use *est* in the filename. For example if you want to see the directory listing of C:\Windows system32\ of files or folders having de in their names, in wide format with short names (DOS ~1 style) along with full directory listing without any extra information and pause after every screen pass then dir C:\Windows\system32\*de* /p /w /x /b will do. Page | 121
A Beginners Approach to Windows DISKCOMP Compares the contents of two floppy disks. This command is used to compre the contents of two floppy drives only. You should have two floppy drives installed on your computer and the syntax is: diskcomp [drive1: [drive2:]]. DISKCOPY Copies the contents of one floppy disk to another. The general syntax of this command is diskcopy [drive1: [drive2:]] [/V]. Here /V verifies that the information is copied correctly. The two floppy disks must be the same type. That is if drive1 is 1.44 MB 3 ½ inch drive then drive 2 should also meet the same specification. ECHO Displays messages, or turns command echoing on or off. Echo is extensively used in batch files to display messages on the command prompt screen. Using echo without any parameters displays the current status of the echo command whether it is off or on. You can even set the state of the echo command by using echo ON or echo OFF at the prompt. To display Hello on the screen type echo Hello. If the message constitutes spaces then enclose the entire message in quotes. EXIT Quits cmd.exe program (command interpreter). Closes the program an returns control to Windows. FIND Searches for a text string in a file or files. Useful when searching for text in binary text files. The syntax of the find command is: find [/V] [/C] [/N] [/I] "string" [[drive:][path]filename[ ...]] where /V displays all lines NOT containing the specified string. /C displays only the count of lines containing the string. /N displays line numbers with the displayed lines. /I ignores the case of characters when searching for the string. "string" specifies the text string to find. [drive:][path]filename specifies a file or files to search. FORMAT Formats a disk for use with Windows. The most commonly used parameter and syntax of the format command is: format volume [/FS:file-system] [/V:label] [/Q] [/C] [/X] where volume specifies the drive letter followed by a colon. /FS:filesystem specifies the type of the file system (FAT, FAT32, or NTFS). /V:label specifies the volume label. /Q performs a quick format. /C files created on the new volume will be compressed by default (NTFS only). /X forces the volume to dismount first if necessary. All opened handles to the volume would no longer be valid. To quick format a floppy with a New label type format a: /q /v:New. HELP Provides Help information for Windows commands. To see more information about any other command type help [command name] or command name followed by a /?. For example to see the help for the echo command type echo /?. LABEL Creates, changes, or deletes the volume label of a disk. Use the label command to change the label of the current drive by typing label [label name]. For some other drive type label [drive:] [label name]. Using label without parameters causes cmd to display current drive label and prompts you if you would like to enter a new volume label. MD/MKDIR Creates a directory. The general syntax is mkdir [drive:]path and md [drive:]path. If the intermediate path does not exist and if command extensions are enabled, then mkdir creates the Page | 122
A Beginners Approach to Windows intermediate folders required. For example if you wish to create a folder in D:\Project\Books\Chapters\Complete called Final and if the none of the folders exist (Project, Books, Chapters and Complete) then these are automatically created by mkdir. MORE Displays output one screen at a time. This command can be used to read files. The most commonly used arguments are more /S /C /Tx [drive:][path]filemname where, /S causes multiple blank lines to be squeezed into a single line. /C clears the screen before showing the output. /Tx causes tabs to be expanded to x spaces. The default is 8 spaces. The [drive:][path]filemname is the full path of the file that has to be read. You can even open executables although the garbage will be incomprehensible. MOVE Moves one or more files from one directory to another directory. The general syntax is move /Y [full path of file1][full path of file2][….] [destination path]. The /Y argument disables prompting of confirmation if there is a destination file that will be overwritten. If you are moving just one file then you can even rename it after moving it to the destination folder by giving a filename after the destination argument. PATH Displays or sets a search path for executable files. Whenever you type an executable program name at the prompt, cmd.exe searches some default locations for the file. Common locations include %systemroot%, %systemroot\system32\ etc. You can add more locations to this list by using the path command. The common syntax is path [[drive:]path; [[drive:]path2; [[drive:]path3; %path% Type path ; to clear all search-path settings and direct cmd.exe to search only in the current directory. Including %path% in the new path setting causes the old path to be updated to the new setting. Type path without parameters to display the current path. PAUSE Suspends processing of a batch program and displays the message Press any key to continue ... PRINT Prints a text file. The general syntax is print [/D:device] [[drive:][path]filename[...]] where /D:device specifies a print device. PROMPT Changes the Windows command prompt. The syntax is prompt [text]. The text could be anything of normal characters and/or of the following special codes. $A & (Ampersand) $B | (pipe) $C ( (Left parenthesis) $D Current date $E Escape code (ASCII code 27) $F ) (Right parenthesis) $G > (greater-than sign) $H Backspace (erases previous character) $L < (less-than sign) $N Current drive $P Current drive and path $Q = (equal sign) $S (space) $T Current time $V Windows XP version number $_ Carriage return and linefeed Page | 123
A Beginners Approach to Windows $$ $ (dollar sign) For example if you wish to convert the normal D:\> prompt of cmd to something unique then try prompt $D [%username%]$G. Since my username is Cipher this command gave me a prompt that showed Sun 03/12/2006 Cipher>. Play around with it to find more. RD/RMDIR Removes or deletes a directory. The syntax is simple: rmdir [/S] [/Q] [drive:]path rd [/S] [/Q] [drive:]path where /S removes all directories and files in the specified directory in addition to the directory itself. Used to remove a directory tree. /Q quiet mode, do not ask if ok to remove a directory tree with /S. RECOVER Recovers readable information from a bad or defective disk. This command is mostly used to recover information from bad floppy disks. General syntax is recover [drive:][path]filename. Data cannot be recovered if your partitions are active or are being used by Windows. REM Records comments (remarks) in batch files. General syntax is rem [comment]. The comment is not displayed when preceded by the rem command. Analogous to // or /*comment*/ of C and C++. REN/RENAME Renames a file or files. The syntax is same for both the commands: rename [drive:][path]filename1 filename2 ren [drive:][path]filename1 filename2 where filename1 is the file you wish to rename and filename2 is the new name that you wish to give. The new filename should be complete with extensions (if any). Note that you cannot specify a new drive or path for your destination file. START Starts a separate window to run a specified program or command. Start without any argument starts another instance of cmd.exe. start ["title"] [path] [/MIN] [/MAX] [/SEPARATE | /SHARED] [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL] [/WAIT] [command/program] [parameters] where, path is starting directory, MIN start window minimized, MAX start window maximized, SEPARATE start 16-bit Windows program in separate memory space, SHARED start 16-bit Windows program in shared memory space, LOW start application in the IDLE priority class, NORMAL start application in the NORMAL priority class, HIGH start application in the HIGH priority class, REALTIME start application in the REALTIME priority class, ABOVENORMAL start application in the ABOVENORMAL priority class, BELOWNORMAL start application in the BELOWNORMAL priority class, WAIT start application and wait for it to terminate, command/program specifies application or batch file to run. If it is an internal cmd command or a batch file then the command processor is run with the /K switch to cmd.exe. This means that the window will remain after the command has been run. If it is not an internal cmd command or batch file then it is a program and will run as either a windowed application or a console application. Parameters these are the parameters passed to the command/program. SUBST Associates a path with a drive letter. This command creates a drive in My Computer for the folder specified. The syntax is subst [virtual drive letter:] [[drive:]\path] where, virtual drive letter is an unassigned drive letter in My Computer and drive:\path is the folder whose image you want to make in the virtual drive letter. Practically useful if you have a folder deep nested inside like D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\. You can Page | 124
A Beginners Approach to Windows then create a drive pointing to this folder by typing subst K: D:\Project Works\Books\A Beginner's Approach to Windows\ Chapters\Completed\. To delete an existing virtual drive type subst [virtual drive letter:] /D. To see all existing virtual drives type subst without any parameters. TIME Displays or sets the time. When used without any parameters, time shows the current time in the format 18:39:29.39 which is HH:MM:SS:milliseconds. It will also prompt you to enter a new time, which you can ignore by pressing an enter. If command extensions are enabled then you can use time /T to just display the time in the format 06:41 PM. TITLE Sets the window title for the command prompt window. General syntax is title [string] where, string specifies the title for the command prompt window. TREE Graphically displays the directory structure of a drive or path in the form of a tree. This command can be used with two arguments. The general syntax is tree [drive:][path] [/F] [/A] where, /F display the names of the files in each folder. /A use ASCII text instead of extended characters. To see the tree structure of the current directory and sub directories just type tree without any path or drive. TYPE Displays the contents of a text file. General usage is type [drive:][path]filename. VER Displays the Windows version. Type ver without any parameters to view your Windows version. VERIFY Tells Windows whether to verify that your files are written correctly to a disk. Type verify without a parameter to display the current VERIFY setting. Verify can be turned on or off by giving verify ON | OFF at the prompt. VOL Displays the disk volume label and serial number, if they exist. The syntax is vol [drive:] XCOPY Copies files and directory trees. Xcopy stands for extended copy mode of cmd.exe. The general syntax of usage is: xcopy source [destination] [/A | /M] [/D[:mm-dd-yy]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] where, source specifies the file(s) to copy, destination specifies the location and/or name of new files, /A copies only files with the archive attribute set, doesn't change the attribute. /M copies only files with the archive attribute set, turns off the archive attribute. /D:mm-dd-yy copies files changed on or after the specified date. If no date is given, copies only those files whose source time is newer than the destination time. /P prompts you before creating each destination file. /S copies directories and subdirectories except empty ones. /E copies directories and subdirectories, including empty ones. /V verifies each new file. /W prompts you to press a key before copying. /C continues copying even if errors occur. /I if destination does not exist and copying more than one file, assumes that destination must be a directory. /Q does not display file names while copying. /F displays full source and destination file names while copying. /L displays files that would be copied. /G allows the copying of encrypted files to destination that does not support encryption. /H copies hidden and system files also. /R overwrites read-only files. /T creates directory structure, but does not copy files. Does not include empty directories or subdirectories. /T /E includes empty directories and subdirectories. /U copies only files that already exist in destination. /K copies Page | 125
A Beginners Approach to Windows attributes. Normal Xcopy will reset read-only attributes. /N copies using the generated short names. /O copies file ownership and ACL information. /X copies file audit settings (implies /O). /Y suppresses prompting to confirm you want to overwrite an existing destination file. /-Y causes prompting to confirm you want to overwrite an existing destination file. /Z copies networked files in restartable mode. If for example you wish to copy hidden read only database files to another directory which has similar files with the same name then you can use xcopy D:\Databases\*.dbf “D:\New Databases\Databases\Extras\” /C /O /Y /R /H One thing known to very few Windows users is the ability of a cmd.exe command output to be redirected to another command or to a file on the hard disk. This is practically useful if you want the directory listing of some folder that has got several sub folders inside and you wish to take a print of this. The operator used is called the output redirection operator given by >. For example if you wish to take a print of the output of dir C:\Windows\system32\ then you can redirect the directory listing from the screen to a text file like this: dir > D:\dirlist.txt. Then you can open the file and read for yourself. If the file dirlist.txt exist then the contents are overwritten, if it does not exist then it is created. There is also a double output redirection operator ( >> ) that enables output of a command to be appended to an existing file instead of overwriting it as is the case with the single output redirection operator. Thus you can have dir D:\Projects\ >> dirlist.txt which will append the output of the directory listing of D:\Projects to dirlist.txt. Just like we have output redirection operators for redirecting output, we also have a input redirection operator ( < ) to redirect input. For example the format command requires users to press ENTER to start the format, ENTER again for no label and N to say No to format another floppy. All this can be combined in a text file. Let us call it abc.txt. The contents of this file should be two Enters and an N. The file should look like this:
Input Redirection - Print Screen 6.2
Don‘t press enter after N, just save the file in a convenient location. Then you can start cmd.exe and type format a:/q < abc.txt. Remember, your current working directory should be the same as the folder where your abc.txt file is saved. So it would be more convenient to store the file at the root of your drive. Any drive would do. You‘ll love it this way….. Piping is an interesting concept. Piping combines both the input and output redirection operators and is used to redirect the output of a command to another command. An excellent example would be echo y | del *.tmp This command will cause y to be echoed to the screen but will be piped to the del command which prompts for a yes (Y) or no (N) when using without the /Q argument. Thus this command will delete all temporary files in the current working directory without asking the user.
Page | 126
A Beginners Approach to Windows Challenges: 1. Make Windows check your D: drive for errors at startup. 2. Start cmd.exe at system startup with the background color as blue and the foreground color as white. 3. Create a drive in My Computer for C:\Windows. 4. Redirect the Output of tree to a text file in your D: drive by name tree.txt and open it in notepad. Then open the file in cmd.exe and view the contents in both.
Page | 127
A Beginners Approach to Windows
CHAPTER VII
Batch Files & Scripts In this chapter we shall see the importance and usage of batch file scripting. Although not directly related to the Windows GUI environment, batch files can be used to perform several day to day things in a quick and untiring manner. You should read the previous chapter on DOS commands to take full advantage of this chapter. After this chapter the reader should be able to: Understand the importance of batch files. Write simple batch programs using common DOS commands. Write complicated loops using FOR and IF and other conditional statements. Redirect program output to files on the disk or to other batch programs. Write several programs that will ease your Windows usage.
Page | 128
A Beginners Approach to Windows Programming has become a hobby for many computer users. Industries worldwide are searching for programmers who can cut through the worst logical problems and provide simple solutions. Let us take a step into this reality. For those who are still in the Neolithic Age, let me explain what programming actually is. Many a times problems crop up that require an automated solution since providing manual interference every time becomes mundane and time consuming. For example nd suppose, a company pays its employees on the 2 of every month. Now salaries are derived on the basis of employee work hours, post and other company policies. If the company is huge then calculating each of the 5000 odd employee salaries could well require another department in the company. To automate the entire process, a computer program could be written that could take the employee number (for ease of input), post and other policies depending on the company as input and print out the pay check out on paper for each and every employee. Many users will wonder as to how Windows by itself can be used for programming. Well as we saw in the last chapter, cmd.exe provides several commands that can be used to create a powerful environment to write and execute simple scripts and batch programs. This chapter will cover the art of programming with batch files. It‘s fun more than serious study. After this chapter you should be able to write your own innovative and time saving programs. Take note that the term scripts and programs are used exchangingly in the context limited to batch files and batch programming. This chapter should mark your starting step into the programming world.
VII.1: Batch Files Like every programming language has support for their environment specific files, same is the case with batch files. Files with a .c and .cpp are source code files of C and C++ respectively and same is the case with .pl files which are extensions of Perl script source code files. Programming with batch files is not hardcore programming as seen with other languages. Other languages allow you to create variables, create and destroy memory references, allocate memory dynamically and manipulate the system. But same is not the case with batch files. Batch files just contain cmd.exe commands that are executed line by line through cmd.exe. Batch files generally are of two types. One type has the normal .bat extension and the other has the .cmd extension. Batch files can be run just as any other executable file that is by double clicking on them. Whenever a batch file is run, Windows checks for the extension of the file and then calls cmd.exe to execute the commands contained within the file. Cmd.exe opens the file, reads the first line and then closes the file and if the line is a valid command, cmd.exe then executes the command and, updates the cmd.exe address pointer to the second line, opens the file, reads and closes the file, executes the command, and this procedure is repeated till end of file is reached or a exit statement is met on the way. All valid cmd.exe commands can be used in batch files. This includes all external, internal and program commands. You can run other batch files from within one batch file by using call or start commands. Note that batch files are considered to be internal DOS commands.
While creating a batch file, keep in mind that the batch file name is not the same as another cmd command. For example if you have a batch file with the name of dir.bat and if you try to execute it at the prompt, then cmd.exe will give the directory listing of the directory instead of running the batch file. To run the batch file in such a case you will have to type the entire file name at the prompt i.e. C:\> dir.bat which of course is unwanted.
So how do I create a batch file in the first place? Since batch files are just text files containing cmd.exe commands with a .bat extension, you can create them using any text editor. The best option however is notepad. So open notepad by going to Start >> Run >> notepad. No matter what Page | 129
A Beginners Approach to Windows you type, just remember to give the file a .bat extension. This can be done in notepad in the Save dialog box. In notepad go to File >> Save. In the file name box, type a name for the batch file with a .bat extension and in the Save as type, select All files from the drop down list and then click on Save to save the file. It is worth noting that batch files can be run from the command prompt or from the Run dialog box through Start. Let us create our first simple batch file which will open your D: drive. Open notepad and type the following and save it with a .bat extension. Name it as something like d.bat. chdir D: explorer d: cls exit Let us study this file line by line. The first line tells DOS to change the current working directory from whatever it was to D: drive. This is unnecessary since explorer can be run from anywhere. Anyways, the second line tells cmd.exe to launch explorer with D: drive as an argument. Explorer can be run without its .exe extension; this is automatically added by cmd. The next line tells cmd to clear the DOS screen and the final line exits the prompt. The basic motive of the batch file was to open D: drive in explorer. All other lines can be dropped and your batch file could as well look something like this: explorer D: It would still work. One thing you may have become aware of is that, you should be in the same directory as the batch file to execute it. The task of changing to the directory containing the batch files can become very boring. An alternative (and the best practice) would be to save all batch files in a single folder, something like C:\Batch would do. Then you can direct cmd and Windows to look for the batch file in the directory by default. This can be done by adding the folder C:\Batch to the system variable Path. Open System Properties and under the Advanced tab click on Environment Variables. In the Environment Variables dialog, search for the System Variable called Path. Select it and click on Edit. Add the name of the folder whose contents you want Windows and cmd to run without entering the whole path or changing current directories, preceded by a ―;‖. So finally the path variable should contain the following %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Batch This will run the batch file from anywhere. You just have to type the name of the batch file at the prompt or at run. The best place for executing a batch file is through the command prompt because the prompt will show the output of the batch file and stay on the screen, otherwise the case with the Run style of batch file execution is that the command prompt will be visible till execution and then close irrespective of whether an exit command was included in the batch file. Open command prompt and just type d and press Enter. Explorer should open the D: drive. Another useful batch file would be the one having the exit command. Open notepad and type exit and save the file as a batch file with the name q.bat. Save it in the directory whose address is mentioned in the Path variable. Now whenever you wish to exit the command prompt just type q instead of exit. Let us see some of the most widely and commonly used commands in batch files. Most of the DOS commands that we saw in the previous chapter have not been included to avoid redundancy.
The REM command The Remark command is used to enter comments in your batch file. If you have created a big batch file with lots of complicated loops and commands then by using the REM command you can make any user understand what the code does, if the user is reading the code. Whatever is typed after the REM command is not even displayed on screen. Hence you can have as many lines of Page | 130
A Beginners Approach to Windows explanation in the batch file without them being displayed on screen. The only thing that you have to bear in mind is not to add many remarks, since this will cause the program execution to slow down. Another thing is that REM commands are usually used for batch files that are large. You should, as a programmer‘s practice, not add REM for small programs. The REM command is analogous to the /* comment */ of C, // of C++ and „ of Visual Basic. Example: REM cls REM D: REM Exit REM
This is an example to change the current drive to D: drive that cleared the screen that changes the drive Closes cmd.exe and returns control to shell.
If the REM command still displays the comments on screen then you can precede the REM command by an @ symbol which will prevent the command from displaying on the screen, yet get executed. So the program may have to look like the following snippet for it to work properly. @REM This is an example to change the current drive to D: drive cls @REM that clears the screen D: @REM that changes the drive Exit @REM Closes cmd.exe and returns control to shell.
The Echo command The Echo command is used to display comments on the screen or to give user an idea what the batch file is doing. You may argue that you can remove the REM command and just keep the comments, but cmd.exe will interpret them as commands and give an error saying that the comment, whatever it may be, is not an internal or external command in DOS. The echo command is what printf is to C and cout is to C++. Any thing written after the echo command will cause it to be displayed on the screen. It is true that batch programs display all commands they are executing but sometimes they are not enough and it is better to also insert ECHO commands, which give a better description of what is presently being done. Example: @REM Program to copy mp3 files from D: drive to C: drive. Echo Program to copy mp3 files from D:\Music to C:\Music Echo Copyright © 2005-06 xcopy D:\Music\*.mp3 C:\Music /Y /I Echo All files have been successfully copied Echo Thank you for using this program. Execute this file and see the output. The file is saved in the root of D: drive and has been named mp3copier: D:\>mp3copier D:\>Echo Program to copy mp3 files from D:\Music to C:\Music Program to copy mp3 files from D:\Music to C:\Music D:\>Echo Copyright © 2005-06 Copyright © 2005-06
Page | 131
A Beginners Approach to Windows D:\>xcopy D:\Music\*.mp3 C:\Music /Y /I D:\Music\Track1.mp3 D:\Music\FishTrax.mp3 D:\Music\Vaporizer.mp3 3 File(s) copied D:\>Echo All files have been successfully copied All files have been successfully copied D:\>Echo No file was overwritten. D:\>Echo Thank you for using this program. Thank you for using this program. D:\> Here Echo has to be set off before beginning with the program so that the Echo command itself is not displayed but instead whatever it has to display should be shown on screen. So just type Echo off at the beginning of the batch file to prevent echo from being displayed. Furthermore to prevent Echo Off itself from being displayed, use the @ symbol to suppress output but still continue execution. So your final program should look something like this. @Echo off @REM Program to copy mp3 files from D: drive to C: drive Echo Program to copy mp3 files from D:\Music to C:\Music Echo Copyright © 2005-06 xcopy D:\Music\*.mp3 C:\Music /Y /I Echo All files have been successfully copied Echo Thank you for using this program. The output for this program will be: D:\>mp3copier Program to copy mp3 files from D:\Music to C:\Music Copyright © 2005-06 D:\Music\Track1.mp3 D:\Music\FishTrax.mp3 D:\Music\Vaporizer.mp3 3 File(s) copied All files have been successfully copied Thank you for using this program. D:\> Now that looks neat. For those who are wondering what arguments were passed to xcopy; the /Y was to suppress the confirmation whether to overwrite and the /I was to force xcopy to believe that C:\Music is a directory and not an extensionless file. To display a blank line in the output you can use a blank line in the batch file which is equivalent to an Enter or you can use the Echo command with a dot (Echo.)
The Pause command The Pause command is used to halt program execution for an indefinite period until and unless an user intervenes and presses a key on the keyboard. The program can be terminated at pause command by pressing Ctrl + C or Ctrl + Break. The Pause command in short gives the user time
Page | 132
A Beginners Approach to Windows to react and cancel the batch program if he wishes to. You can also use the Break command to do the same thing. Example: @Echo Off @REM Example of Pause command. Echo Alert!! Echo. Echo This will delete all temporary files from your temp folder. Echo Press Ctrl + C to stop execution Pause Del %temp%\*.* Echo Files have been deleted. Thank you for using our service. When you execute this file at the prompt and press Ctrl + C, you will get the following output. The file is saved in the root of D: drive and has been named tempdel: D:\>tempdel Alert!! This will delete all temporary files from your temp folder. Press Ctrl + C to stop execution Press any key to continue . . . Terminate batch job (Y/N)? y D:\> In the other case if you press Enter or any other key then the output changes accordingly: D:\>tempdel Alert!! This will delete all temporary files from your temp folder. Press Ctrl + C to stop execution Press any key to continue . . . Files have been deleted. Thank you for using our service. D:\>
The Call and Start command The Call and Start command basically do the same thing, calling of external programs or other batch files from within one batch file. The syntax is call %name_of_file%. The file could be another executable or a batch file in the same directory or in a directory recognized in the path variable. The start syntax is somewhat confusing; start “” “%name_of_file” arg. A blank ―‖ is necessary otherwise you cannot pass arguments if any to the program. See this example for further understanding. Example: @echo off @rem example of Call and start Echo This program will call explorer to open D: drive. Call explorer D: Echo. Echo This program will also start another session of cmd.exe with colors Start "" "cmd.exe" /T:AF
Page | 133
A Beginners Approach to Windows In this code the blank quotes (―‖) after the start command allow cmd.exe to accept the /T:0E argument that colors the new cmd with yellow and black. As already mentioned we can call another batch file also from within a batch file. Let us try calling mp3copier from the previous section through this file. The code will change accordingly. @echo off @rem example of Call and start Echo This program will call the batch file mp3copier.bat. Call mp3copier Echo. Echo This program will also start another session of cmd.exe with colors Start "" "cmd.exe" /T:AF There is absolutely no need of giving the .bat extension for mp3copier, since cmd.exe checks to see if there is an internal command, external command or any program from a directory defined in the path variable. Mp3copier.bat executes and returns control to the original batch file.
The GoTo command The GoTo command is used for branching purposes. Using the GoTo command we can jump to another section of the batch file and then continue execution in that part and then if we want to return back use another goto statement and jump back to the location from where you had jumped. The Goto command is always used with a label. This label is the location where the control is transferred as soon as the Goto command with that specific label is encountered. Labels are always written beginning with a colon : and then the label. Hence the general syntax is GoTo Label where label is defined somewhere later in the program. Example: @echo off @rem example of Goto Echo This program will call explorer and then use GoTo to jump to another location then return back using another Goto and finally exit. Call explorer D: Goto local :back Call sol Call spider Exit :local Echo. Echo control has reached here after jumping. Del %temp%\*.* /Q Echo Press Ctrl + C to end batch file completely. Pause Goto back This code is pretty much self explanatory, but anyways let me make it simpler. Explorer is called without any arguments causing My Documents to open. And then the GoTo statement is encountered which causes the program execution to transfer to the label local which has been declared just after the exit command. This causes all files from the temporary folder to be deleted upon pressing of any key. If you press Ctrl + C here then the program is terminated completely without going to the Goto back statement. When you continue, the program execution gets transferred to the back label declared below the GoTo local statement which continues program execution and opens Solitaire and Spider Solitaire and finally exits the cmd.exe prompt.
Page | 134
A Beginners Approach to Windows There is no uppercase or lowercase specifications in cmd.exe as far as commands are considered. This means that GoTo is the same as goto, GOTO, goto or Goto.
VII.2: Passing Arguments An Argument, as we have seen for several programs, is additional information that allows us to manipulate the program itself. The best example that I can come up with is Explorer.exe. When run without any arguments, explorer opens up My Documents, but you can always pass one of your drive letters with a colon to open the respective drive or any folder for that matter on your hard disk. We can also create batch files that can take in external parameters and use them in their execution. In many scripts and programming languages we find that the % character is used to obtain external parameters. Even in the Windows registry, as you will see later, the % character has been used to pass the name of a file or location as an argument. The same applies to cmd.exe. It can read up to 9 external arguments passed from a batch file to the executing command. To make it more clear let us see an example. @Echo off Echo %1 %2 Save this file as d.bat or something simple like that and then at the prompt type the two arguments that the batch file is supposed to take. D:\>d Hello World This will print Hello World on the screen. %1 is replaced by Hello and %2 by World. If the number of arguments passed to the batch files exceeds then what is needed by the batch file then the remaining arguments are just dropped. If a file takes arguments and if none is passed then the command at which the argument was due to be used will give an error or will complete in a way not anticipated. The following batch file will make it clear. @Echo off Format %1: /q This batch file when run with an argument of A will ask you to insert a new disk in drive A (floppy drive) to quick format it. Now if no argument is specified then the program will give an Invalid Drive Specification error. D:\>d A Insert new disk for drive A: and press ENTER when ready... Now if no argument is passed, the output changes to: D:\>d Invalid drive specification. There is a command called Shift that is shown in the help of cmd.exe but was not explained in the previous chapter for a very honest reason. To know the working of shift you have to understand what arguments are and how they are used to give batch files information; which is what you have achieved in this chapter. Shift is used to shift the position of replaceable parameters in batch files. Now suppose you wish to pass more than 9 arguments to a batch file (I wouldn‘t understand why though) then you can use the same argument character (%1) as many number of times as you want by shifting the value. An example should make it clear. Let us modify the previous Hello world program to make it clear. Note the argument characters in the program. Page | 135
A Beginners Approach to Windows
@Echo off Echo %1 Shift Echo %1 At the prompt type the two arguments that the batch file is supposed to take. D:\>d Hello World This will print Hello World on two lines by using the same argument character that is %1. The thing that cmd.exe does here is that Hello is printed out and then it is shifted to %2, since %2 is not present, Hello is dropped completely and World is moved into %1. D:\>d Hello World Hello World D:\> Thus using the shift command in a batch file you can pass as any number of arguments as you want and still run the program. The only thing to bear in mind is the execution time of the batch program may reduce due to generic calculation of arguments passed and mutual transfer amongst variable characters, so as far as possible try using not more than 9 arguments.
VII.3: FOR Loops & IF Branching If you want to perform a certain set of instructions over and over again without having to write them every time you want to perform them, you can use the FOR loop. The syntax of the FOR loop is slightly confusing and I will try to make it as clear as possible. The syntax is: FOR %%Variable IN (set) DO command The Variable is a single character except 0-9 and set are the values that are assigned to the variable and command is the command that cmd.exe has to execute whenever a value from set is assigned to the variable. An example will make this clear. @Echo off FOR %%P IN (C:\, D:\, D:\Music\) DO DIR %%P This command will cause the values in the set to be copied to %P, one by one and execute the Dir Command with the value in %P. The two %% are to be used since cmd.exe deletes one instance of the %. If you are using the ‗for loop‘ in the prompt (not through a batch file) then you can use a single %. Anyways, coming back to this program, this FOR loop will cause dir to display the directory listing of C: drive, then the directory listing of D: drive and then of the D:\Music folder. Another example of the FOR loop is given below: @Echo off FOR %%A IN (*.mp3, *.xls, *.txt, *.jpg) DO XCOPY D:\Data\%%A C:\Test\ /I /Y This FOR loop will first copy all the mp3 files from the D:\Data\ folder to C:\Test overwriting any previously present files of the same name. Then when all mp3 files have been copied, the for loop
Page | 136
A Beginners Approach to Windows copies *.xls into %A and then xcopy copies all the Excel files present in the folder to C:\Test, then the for loop gets updated and then copies text files and finally all picture files into the C:\Test folder. The FOR loop can be made more intelligent by allowing the user to pass external arguments and using these arguments in the set of the FOR loop. An example is shown below: @Echo off Echo This program takes three arguments from the user and the uses the FOR loop to copy the files specified by the argument. Echo The user has specified the following three extensions to copy: %1 %2 %3 FOR %%S IN (%%1, %%2, %%3) DO XCOPY D:\Data\%%S C:\Test\ /I /Y Save the file with a simple name, something like ext.bat will do. At the prompt type the following D:\>ext *.bmp *.mp3 *.doc The arguments when used within a FOR loop should also have two % for compatibility. The above command at the prompt will cause all *.bmp files from the D:\Data\ directory to the C:\Test\ directory then the FOR loop will copy all mp3 files and then finally all word documents are copied. The /I switch for xcopy causes xcopy to assume C:\Test is a directory and the /Y as you‘ll know suppresses confirmation whether to overwrite existing files.
Sometimes it may so happen that you want to check some condition is true or false or some value and then proceed with the next line of execution. In this situation, the IF branching method comes as a life saver. Using an IF statement you can cause the execution to be transferred to anywhere in the program or continue as it is. The general working of an IF statement is: If (condition = TRUE) { do this command exit loop (or do anything else) } else { do this exit loop (or do anything else) } The IF condition can be used for checking the values of a variable and then proceed accordingly. Along with the normal comparing of variable (strings), the IF command can also be used to check for the existence of files. An important use of the IF statement is in the checking of file existence or availability. The IF statement can be written in a way that will allow the program to check if a particular file exists and then perform the next execution accordingly. The general syntax of this command is IF [NOT] EXIST filename command We can check for the availability of a file and then perform a command. An example will make it clear: IF EXIST C:\Windows\Explorer.exe Echo The Windows shell exists.
Page | 137
A Beginners Approach to Windows When executed, this IF statement will check if the file Explorer.exe exists and then echo ―The Windows shell exists‖ on to the screen. If on some weird unnatural Windows computer this file did not exist then this command would not display anything. You can then combine an Else with the IF statement to complete the logic in the code. Remember that the IF and Else have to be on the same line and the command part has to be enclosed in brackets. Let us modify the above example itself and check the result. Better still let us write a batch file with the complete source code. @echo off IF EXIST C:\Windows\Explorer.exe (Echo The Windows shell exists) ELSE (Echo No shell) Now when you run this batch file at the prompt, the program will output ―The Windows Shell exists‖. Modify the code and change the explorer.exe to something like xplorer.exe and then run the batch file, you will get ―No shell‖ as the program output. The syntax also has a NOT EXIST extension that is just the opposite of EXIST and can be used to run a command if the condition becomes false. We saw methods of checking for files, but what about folders? The IF command can also be used to check if folders exist or not. Windows considers that every folder has a default file that gives the address of the folder. This file is named as a . (dot). Thus if you modify the IF EXIST command to include the path of the folder with its dot file then the IF statement can be used to check for existence of the folder. An example will make it more clear. @echo off IF EXIST C:\Windows\. (Echo Folder Exists) ELSE (Echo No Such folder) The IF statement can also be combined with the GOTO command or for that matter any command. GOTO allows you to transfer control of instructions in a way defined by the user. The IF statement could check for the existence of files or folders and then jump to a sub routine kind of thing that will consist of instructions that have to be executed if the conditions are met. Another example here: @echo off IF EXIST C:\Music\Cher-Believe.mp3 (GOTO FOUND) ELSE (Echo No Such file) xcopy G:\Cher\Cher-Believe.mp3 C:\Music\ /I del %temp%\*.tmp exit :FOUND Echo The Song exists Echo. Echo Now the program will exit Pause Exit The above program is very much self explanatory but anyways I‘ll do my work. The program checks if the file C:\Music\Cher-Believe.mp3 exists or not, if it does not exist then the program echoes that there is no such file and then copies the same file from the CD ROM drive (assuming G: drive) to your C:\Music folder. Then the batch program deletes all temporary files from the temporary folder and then exits. On the other hand if the file exists then the execution is transferred to the label :FOUND and then execution continues from the label onwards. Prompt then echoes that the song exists and then exits after giving you a chance to see the output. The other use of the IF statement is to compare two strings, either passed as an argument or internal commands. The syntax is
Page | 138
A Beginners Approach to Windows IF [NOT] string1 == string2 command Most of the time this statement is used to compare arguments passed to the batch file and then execute a set of commands by using straight commands or the GOTO label method. An example will make it clearer. Create a batch file with the following and which takes one argument. Call the file disk.bat or something like that. @echo off IF %1 == chk GOTO :DISKCHECK IF %1 == dfg (GOTO DEFRAG) ELSE (Echo Invalid Argument) exit :DISKCHECK chkdsk Pause Exit :DEFRAG defrag C: -a Pause Exit Run the batch file with either of the two parameters i.e. chk or dfg. D:\>disk dfg This will cause the program to compare the argument with chk (which is false) and then with dfg (which is true) which causes the program execution to jump to the :DEFRAG label. Here the program calls defrag.exe to analyse the C: drive (-a argument to defrag.exe) and then waits for you to see the output and the exits upon any keystroke. The same is the case if the chk argument is passed which causes the program execution to jump to :DISKCHECK label and then execute chkdsk for the current drive and then wait and exit. If no argument or anything other than chk and dfg are passed then the program gives an Invalid Argument error and then exits.
VII.4: Examples We have seen many commands that can be employed to write several simple programs to ease everyday Windows tasks. Let us see some examples in the following section. Program to start an application depending on the argument passed:
The following batch file takes in one argument which is a number which corresponds to an application in the program. @echo off cls Echo. Echo Game Selection Program Echo. Echo 1. Solitaire Echo 2. Spider Solitaire IF %1 == 1 GOTO SOLITAIRE IF %1 == 2 GOTO SPIDER GOTO END :SOLITAIRE sol Page | 139
A Beginners Approach to Windows GOTO END :SPIDER spider :END This program may sometimes give an ―GOTO was unexpected here‖ error. But that depends on the OS that you have. Pass 1 as an argument to start Solitaire and 2 to start Spider solitaire. Program to check what OS you have installed:
This is a very generic example. In that sense this program will check for some files found only on typical OSs. For example regedt32.exe is not found on Windows 98 and so. This program will check and work for three Operating Systems, Windows XP, Windows 2000 and Windows 98. @echo off cls Echo. IF EXIST %systemroot%\system32\regedt32.exe (GOTO NT) ELSE GOTO NONNT GOTO END :NT IF EXIST %systemdrive%\Winnt\. (Echo Windows 2000) ELSE Echo Windows XP GOTO END :NONNT IF NOT EXIST %systemrooot%\system32\. Echo Windows 98 GOTO END :END This program first checks to see if regedt32 is there in the system32 folder, if it is there (which is the case with all NT systems) then control is transferred to the instruction after the :NT label. Then the program checks if the %systemroot% directory is Windows or Winnt, upon which an output is given that it is Windows XP or Windows 2000 respectively. If in the first case regedt32 was not found then we can be sure that it is not Windows XP or Windows 2000, but to perform one more check the program checks to see if the system32 folder is present (which is absent in Windows 98) and then echoes a message saying the system is Windows 98 if it is not found.
Program to copy files specified by user:
This is a modification of a program already included somewhere above. This program will copy files of extension type passed as arguments to the following batch file. @echo off cls REM to copy 2 types of files. Mkdir D:\Backup xcopy C:\Data\%1 D:\Backup\ /I /Y shift xcopy C:\Data\%1 D:\Backup\ /I /Y echo File Copying Complete This program is pretty much self explanatory. Pass two file extensions as arguments. This program creates a directory called Backup in D: drive. And then copies the files or all files that have been passed with wildcards (*.mp3) into this newly created directory.
Page | 140
A Beginners Approach to Windows Program to check if a file exists and then run applications:
This program uses the IF exist statement to check for file existence and then runs a program associated with it. The programs may or may not have a relation with the file that exists. @echo off cls IF EXIST D:\Test.mp3 (GOTO FOUND) ELSE regedit GOTO END :FOUND shutdown –s –t 60 pause :END This program will shutdown the computer if Test.mp3 exists, if it does not then the Registry Editor is started. You can include other programs instead of the ones that I have specified.
Program to erase all traces of your computer usage:
The following batch file will erase all your computer usage history at the next login. To work at every login you have to place this file at system startup either through startup Program Files or through the registry. @echo off cls del %temp%\*.* /Q del Recent /Q Echo All Files deleted Echo. Echo Nobody knows what you did. Two locations have been utilized the Recent documents and the temporary folder. You can modify the code accordingly to erase Internet History too.
Use Batch File Programming judiciously or you may end up deleting unexpected files through wildcards or something. Batch File Programming will hopefully form your base for other extended programming languages like C, C++, Java & Visual Basic. Understanding the logic is more important than the construct. If you figure out the logic, you can well write a program in any number of ways you want. Logic and Programming Language Syntax should someday enable you to write your own OS …
Page | 141
A Beginners Approach to Windows
CHAPTER VIII
Windows Safe Mode In this chapter we shall see the importance of the Windows Safe Mode. The Administrator account which is usually available only through Safe Mode will be used for most of the corrections that have to be done. Different Safe Modes have also been covered, which include Safe Mode with command prompt and Safe Mode with Networking. After this chapter the reader should be able to: Start the computer in Safe Mode. Use System Restore through Safe Mode to correct problems.
Page | 142
A Beginners Approach to Windows The Windows Safe Mode has been in Windows right through Windows 95 and provides a secure and safe environment to correct Windows problems. Using Safe Mode you can remove viruses, correct hardware problems, resolve conflicting software issues, use system restore to rollback your system to another time and do a lot more. The Safe Mode of Windows 98 and Windows XP differ on several levels. Both the variants are explained in the text to follow. In general the Windows Safe Mode is used to diagnose and correct several common hardware as well as software issues. Before formatting your system out of frustration try the Safe Mode while following this chapter.
VIII.1: What is the Safe Mode? A very good question by a newbie. The existence of a Safe Environment in Windows is just a vague idea by many users and the question of why would they want to use the Safe Mode is another story altogether. If you are unable to start your computer, or if your computer crashes frequently or if your computer has suddenly become very slow or if your display, sound or any other hardware is giving problems then you can rely on Safe Mode and use it to get your PC on the tracks once again. The basic idea of Safe Mode is to start Windows with the least device drivers needed to start the computer without any hang-ups. Windows disables startup programs and nonessential services to create an environment useful for troubleshooting and diagnosing problems. Windows starts a minimal set of drivers that the operating system needs to function. Explaining it technically, Windows XP can start the Safe Mode in three configurations, one is the normal Safe Mode, the second one is the Safe Mode with command prompt (cmd.exe) as the shell and the last one is the Safe Mode with Networking. There is no much difference in the startup of these three types though. Windows starts the computer with minimal hardware drivers and software that is necessary to make the computer start. Hence you will not be able to hear any audio or see any videos properly. Your printer will not work nor will your several other devices that work when Windows starts normally. To start Windows in Safe Mode, do one of the following: Press F8 on the Operating System select menu. If this menu can‘t be seen (single OS systems) then press F8 just after the BIOS post. This is the time when your computer gives a beep and the lights on your keyboard glow on and off for a fraction of a second. If your computer failed to start successfully in an attempt previously made then you will get the recovery options screen which has an option to start Windows in Safe Mode. You can still start Windows normally by selecting the option from this menu. Windows always keeps a record of the most recent successful restore point. This record can be used to boot your PC by selecting the Last Known Good Configuration option. The essential drivers and system services enabled in safe mode include the following: Drivers for serial or PS/2 mouse devices, standard keyboards, hard disks, CD-ROM drives, and standard VGA devices. Your system BIOS must support universal serial bus (USB) mouse and USB keyboard devices in order for you to use these input devices in safe mode. You can enable or disable USB devices through the BIOS as and when the need arises though. System services for the Event Log, Plug and Play, remote procedure calls (RPCs), and Logical Disk Manager. Windows 98 starts Safe Mode in its own way, since there are no well defined users on a Windows 98 system it starts in the default user‘s configuration. The autoexec.bat and config.sys files are not run. Also the system.ini file is not parsed, instead a file called system.cb is created and used which loads the drivers needed for Windows 98 to communicate with the various parts of the computer. The Windows desktop loads up in 16 colors and at a resolution of 640 x 480 with the words "Safe Mode" in each corner. Windows 98 Safe Mode starts up automatically if a successful boot could not Page | 143
A Beginners Approach to Windows be completed unlike Windows XP where you have to select Safe Mode from the options listed at startup. If Windows XP boots properly through the Safe Mode then you can be sure that the problem was caused by one of the drivers or programs that were being loaded during normal system startup. If you had installed any new hardware or software after which your Windows started giving problems, then you can use the Safe Mode to uninstall or disable hardware through the Device Manager. As we have already seen, Windows XP creates an Administrator account during installation which is usually not available if you have any other account enabled. The Administrator account can be accessed through the Safe Mode as it becomes visible and you can select it from the Logon screen. Although this account will have the same functionality as a normal administrator account on your computer, you can still use it as an alternative if your account itself is having a problem or your %userprofile% folder and files within have gone haywire. You can then login using this account and delete your account and create a fresh account for yourself. Remember to copy all your important files and folders from the My Documents folder and paste them somewhere else.
VIII.2: Safe Mode & Other Startup Options When you press F8 at system startup you will be greeted by the Windows Advanced Options menu which allows you to start your computer in Safe Mode, Enable Boot Logging, Enable VGA mode, Debugging mode and the Last Known Good Configuration. The general description of each of these modes is included here: Safe Mode: Loads the minimum set of device drivers and system services required to start Windows. User specific startup programs do not run. Safe Mode with Networking: Starts Windows XP with minimal drivers and services required for network connectivity. Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings. Nonessential services and startup programs not related to networking do not run. Safe Mode with Command Prompt: Exactly same as the normal Safe Mode except that the Windows shell, explorer.exe, is not started, instead the application listed under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot in the registry as an AlternateShell, is started. Usually it is cmd.exe. You can change it to anything you require, though I wouldn‘t understand why such a need would ever arise. In case you wanted to start the GUI environment of Windows, you can simply type explorer.exe at the command prompt and start Explorer. Enable Boot Logging: An interesting and option which allows you to start Windows normally while simultaneously recording startup information like loaded drivers etc. This option creates a log file (Ntbtlog.txt) in the %systemroot% folder, which contains the file names and status of all drivers loaded into memory during startup. This option is the same as starting your computer with the /BOOTLOG switch in the boot.ini file. Enable VGA Mode: A very important option if your graphics card or monitor is giving problems. This option starts the computer in standard VGA mode by using the current video driver. This option helps you recover from distorted video displays caused by using incorrect settings for the display adapter or monitor. This option can be used to correct problems like the common Out of frequency error of monitors. Last Known Good Configuration: Starts the computer with the registry and driver configuration in use that had allowed the computer to start successfully the last time it was up and running.
Page | 144
A Beginners Approach to Windows Debugging Mode: Starts Windows in Kernel Debugger Mode, which allows you to use a kernel debugger or an external kernel dump reader for troubleshooting and system analysis. Start Windows normally: Starts Windows in normal mode. Reboot: Restarts the computer. Whenever you start the computer in safe mode (whichever combination), Windows will ask you whether you want to use the System Restore functionality to restore your system to a more stable time. System Restore in safe mode usually solves most of the problems that a Windows user can normally face. You cannot create System Restore points under safe mode. Often the only way to correctly remove certain persistent virus and spyware programs is to run your system in safe mode. Many forms of malicious software will protect or reinstall themselves constantly if they are allowed to start in the first place. These programs will situate themselves in one of the many autorun locations in the Windows XP registry and file structure, so when Windows is started normally, so is the offending software, running as a process in the background. When you start the PC in safe mode, these autorun locations are not used, and no software is started automatically. This can allow virus and spyware removal programs the opportunity they need to correctly and completely remove the malicious software. If you are having virus or spyware problems on your PC, you should always run antivirus and anti-spyware programs in safe mode to ensure that they have maximum effect.
Device Driver RollBack & Uninstall - Print Screen 8.1
If you have installed any new device like a modem or a printer etc and now you cannot boot or your system restarts frequently or shows you the blue stop screen, then you can start your PC in safe mode and disable these devices. To do this first start your PC in safe mode then right click on ‗My Computer‘ select ‗Manage‘. In the Computer Management console select ‗Device Manager‘. In the right hand pane right click on the device that you have just installed and select Disable from the context menu. Now restart your PC through the Start menu. The next time you start your PC, Windows will skip the particular device during startup. Do not disable devices that are essential for the system to work properly. The same is true if you have updated the hardware drivers and now Page | 145
A Beginners Approach to Windows the system refuses to start normally. Then you can start your computer in Safe Mode and then attempt a roll-back of the driver. Roll-back means that Windows will uninstall the current driver and then reinstall the older driver automatically. To do this start your computer in safe mode, right click on My Computer and select manage. Open Device Manager through the Computer Management console. In the right hand pane, right click on the device for which you have installed new drivers and select Properties. Under the driver tab of the Properties dialog of the device click on Roll Back Driver. If there are no drivers backed up by Windows then it will ask you whether you want to start the Windows troubleshooter. You can select Yes and follow the onscreen instructions to correct any possible device conflict (Print Screen 8.1). If your PC boots normally into Safe Mode but does not boot normal Windows, then most likely than not, you are having a software issue. The cause could either be hardware driver or a program that you have installed (or which has got installed without your knowledge). To determine what is causing the failure, examine carefully the way the crash or hang occurs. If the system crashes before the Windows Interface appears (before the Logon Screen) then it is most likely a hardware driver related issue. If the system becomes extremely slow or crashes after you logon, then most likely that you have a startup program that is the nuisance. If you are not sure which driver is causing the hang or crash, you can use the Windows XP built-in File Signature Checker to check for files that don‘t have a digital signature. If you do have a driver issue, it's likely to be because that particular driver has not been properly tested with Windows XP. Start your computer in safe mode and then go to Start >> Run and type sigverif to start the File Signature Verifier (Print Screen 8.2). Under Advanced select the Look for other files that are not digitally signed option and the file type as *.sys from the drop down menu. Once you have located the unsigned drivers, create a folder in C: drive called Backup or something similar and then locate the drivers from the addresses provided by the File Signature Verifier. Once you have located a driver, cut and paste it into the back up folder and then restart your computer in normal mode. You will get error messages saying that at least one driver or service failed to start or something similar to it; ignore them and check whether the problem you were experiencing has gone or it still persists. You can try all the drivers in this way and when the problem goes away you can be sure that it was due to the file that you last moved. Don‟t try this method with video drivers. For video drivers start your computer by selecting the Enable VGA mode option at startup.
File Signature Verification - Print Screen 8.2
Page | 146
A Beginners Approach to Windows If the problem is due to a software or program that you had recently installed, then you can start your PC in safe mode and then use the System Configuration Utility to check and remove any malicious applications at system startup. These programs could include, corrupt firewalls, viruses, spywares and/or other adware. Go to Start >> Run and type msconfig to start the System Configuration Utility (Print Screen 8.3). Go to the Startup tab which shows all the applications that run at system startup. Deselect all and then select one of them and press OK to save changes and exit. Restart the system to start in normal Windows (not safe mode) and see if the problem persists. If it does then it was the program that you had selected to run at startup that was the culprit. You can then uninstall it through safe mode or delete it if it was standalone (like a virus or something). If the problem disappears then deselect the one that was selected and then select some other application and try starting in normal mode. Do this till the problem reappears and then take necessary action. Better still, run an updated antivirus to check if there are any viruses running at startup.
System Configuration Utility- Print Screen 8.3
Use these techniques only if all else fails because these methods take a hell lot of time. Use System Restore otherwise to revert you system to a stable phase. Windows XP‘s system restore creates restore points even when you are not aware of it. Like when you install a big program or install a new hardware device or driver. You can use any of those restore points to start your system successfully.
Page | 147
A Beginners Approach to Windows Challenges: 1. Add an option in the boot.ini file to start Windows in Safe Mode with Networking.
2. Change the time for which the Windows Advanced Recovery Menu should be visible.
Page | 148
A Beginners Approach to Windows
CHAPTER IX
The Windows Registry Understanding the Windows Registry for a proper understanding of the Operating System is necessary. This chapter will explain the structure of the Windows Registry and also highlight some of the common tricks that an administrator can employ to tweak his system. After this chapter the reader should be able to: Understand the importance of the Windows Registry Explain usage of regedit & regedt32 for registry editing Explain what are hives, keys and different types of values that the registry can take. Employ common registry tweaks for optimal system performance. Use the reg.exe command to access the registry Warning: Incorrect editing of the registry may severely damage your system. Backup any important
data to a Non OS drive (usually other than C:\ drive) before making any changes to the registry.
Page | 149
A Beginners Approach to Windows
The Windows Registry is a comprehensive database containing information about a computers configuration. It contains information that is continually accessed by Windows during operation and during running of applications. The registry basically contains information about the installed programs, settings for folders and desktop features, user profiles, hardware connections and driver details.
IX.1: Registration Databases The method of storing the Windows registry differs in case of Windows 95/98/Me and Windows XP/NT by the various files that they use.
The Windows 95/98/Me registration database: In case of Windows 95/98/Me, the registry is found in the following five files with Hidden & Read Only attributes for general protection. System.Dat: stores common hardware and software settings of the system. User.Dat: stores settings for specific users including software settings. If there is more than one user, then multiple user profiles enable each user to have a separate USER.DAT file, located in %Systemroot%\Profiles\%UserName%\ System.Da0 And User.Da0: Backups of System.dat & User.dat created by Windows after a successful boot. Found only on Windows 95 systems. Classes.Dat: stores data contained in the HKEY_CLASSES_ROOT Hive key, found only on Windows ME systems. Policy.Pol: Provides additional information specific to the network. This is a optional file that comes into existence when network policies are defined in the HKEY_LOCAL_MACHINE and or HKEY_CURRENT_USER policies key. Windows
98/ME‘s
automatic
Registry
backup
is
enabled
by
the
command
C:\Windows\Scanregw.exe /autorun found as a String Value called "ScanRegistry" under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run
Windows 98 and Me back up the registry into compressed CAB files in the %WinDir%\Sysbckup. A maximum of 99 different backup copies can be stored; a new one is created with every successful boot every new day. They are named from rb000.cab, rb001.cab … up to rb099.cab. Check the date stamp to determine the newest backup set. The Windows XP registration database:
When it comes to Windows XP, the registry is slightly different. Windows XP stores its registry in these six files located in the %SystemRoot%\System32\Config folder (default is C:\Winnt\ System32\Config or C:\Windows\System32\Config depending on whether your system is Windows NT or XP respectively): Default: stores the HKEY_USERS\.Default key. Sam: stores the HKEY_LOCAL_MACHINE\Sam key. Security: stores the HKEY_LOCAL_MACHINE\Security key. Software: stores the HKEY_LOCAL_MACHINE\Software key. System: stores the HKEY_LOCAL_MACHINE\System key and the HKEY_CURRENT_CONFIG Hive key. Ntuser.Dat, located in the %SystemRoot%\Profiles\ %UserName% folder, stores the HKEY_CURRENT_USER Hive key.
Windows XP/NT keeps the original copy of the above files in C:\Windows\repair. These files are the first copy of their type that were created when the OS was installed.
Page | 150
A Beginners Approach to Windows IX.2: The Registry Editors – Regedit & Regedt32 Most data from the MS-DOS configuration files—autoexec.bat and config.sys, and from the Windows system initialization files—control.ini, system.ini, win.ini, etc, is now contained in the registry, together with most of the other system settings. Most Win32 (32-bit) specific applications store their initialization and configuration data into the registry instead of into INI files. The Registry is stored in a binary data executable format. The Registry editor is an advanced tool for viewing and editing the Windows registry. The registry is arranged in the form of an explorer like tree with keys and sub keys when seen through a registry editor. The registry editor enables you to modify keys and values. There are two types of registry editors in Windows XP. The Regedit & Regedt32 do the same thing except for a few changes here and there. Regedt32 allows users to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ. On Windows 2000 systems, regedt32 allowed you to set permissions to individual keys and sub keys and also it couldn‘t import or export registration files (*.reg). In Windows XP and Windows Server 2003 regedt32.exe is just an application that launches regedit.exe.
Regedt32 on Windows 2000 - Print Screen 9.1
Windows 98 does not have the Regedt32 version of the registry editor. The downside of using the inbuilt Windows registry editors i.e. Regedit & regedt32 do not warn you if the key that you are modifying causes any harm or not. Using third party registry editors may overcome this limitation but on the whole you should be familiar with all the keys to do any system wide changes. To open the registry editor, click Start, click Run, type regedit, or regedt32 and then click OK. The registry looks like the Windows Explorer in design. The left pane consists of keys which can be expanded into sub keys. The right pane shows different data types. Regedit is found as an executable file in %Systemroot% (usually C:\Windows\) named as regedit.exe and regedt32.exe is found in the system32 folder in %Systemroot%\ The entire Windows Registry can also be backed up as a .reg file by running Regedit > File > Export.
Page | 151
A Beginners Approach to Windows
The Registry Editor - Print Screen 9.2
Microsoft Windows 98 automatically creates a backup copy of the registry every time Windows starts, in addition to this you can manually create a backup using the Registry Checker utility by running SCANREGW.EXE from Start >> Run. Scanregw,exe is not found in Windows XP. On Windows XP selecting the Last Known Good Configuration during startup causes Windows to start with the last copy that allowed it to boot properly the last time.
IX.3: Hives, Keys & Data Types The Registry consists of two basic components: 1. Key & Sub Keys: Folder or a directory that you can see in the left hand pane of the registry editor. They organize the registry data in a hierarchical format. Keys can contain sub keys and values. Each key or subkeys name is predefined by the system or created by users or Win32 (32bit) programs, and can contain spaces and most alphanumeric characters. The Windows 95/98/Me registry contains six root keys under ‗My Computer‘ (see further below) and several sub keys below each root (parent) key. 2. Value: Value or data is stored as individual settings for different Win32 programs or for the system. These are the entities you see on the right hand pane of the registry editor. Some of these may not be available in regedit or may differ with Operating Systems. The following are the most common data types stored in the registry: REG_DWORD [DWORD Value]: Double WORD data of 4 bytes (32 bits) in length, in 3 numeric formats: decimal (base of 10), hexadecimal (base of 16) or binary (base of 2). REG_BINARY [Binary Value]: data of any length, in two numeric formats: binary (base of 2) or hexadecimal (base of 16).
Page | 152
A Beginners Approach to Windows
REG_SZ [String Value]: data of any length, in three Unicode or ANSI formats: simple
text/ASCII (string), expanded (%string%) or extended (multi-string). REG_EXPAND_SZ [Expanded String Value]: in system variable (%string%) format, stores environment variables within strings, accessed by substituting variables with actual system path names. REG_MULTI_SZ [Multiple String Value]: in extended multi-string format, stores multiple strings into a single Registry entry.
Other data types not available through the standard registry editors include: REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format. REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format. REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type. REG_NONE - No defined value type. REG_QWORD - A 64-bit number. REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format. REG_RESOURCE_LIST - A device-driver resource list. When you run the Registry Editor, you‘ll see the following expandable Registry subtrees, each marked with a plus (+) sign, under the "My Computer" heading (main node). To further expand each subtree and view all underlying branches (subkeys), click on the plus (+) signs of the five main Hive keys below. Typical layout of the Windows 95/98/Me/NT/XP registry [+] My Computer -[+] HKEY_CLASSES_ROOT (HKCR): Software settings, CLSID folder data, program template data, drag-n-drop, shortcut settings and sub keys for every defined file association, also found at HKEY_LOCAL_MACHINE\ SOFTWARE\Classes. -[+] HKEY_CURRENT_USER (HKCU): Settings related to current user. Configuration settings include desktop related stuff and software configurations alongwith policies. Subkeys:
-[+] AppEvents: Assigned system and applications sound events settings. -[+] Control Panel: Control Panel settings -[+] Identitites: Created and used by MS Outlook Express 4/5 and its Address Book. -[+] Keyboard: Current keyboard layout. -[+] Printers: Information about printer related settings. -[+] Network: Network connection settings. -[+] RemoteAccess: Current logon location settings, if using Dial-Up Networking. SessionInformation: Program Count, keeps track of the number of open applications visible on the Taskbar. -[+] Software: Software configuration settings for the currently logged on user, sorted by vendor or developer. -[+] HKEY_LOCAL_MACHINE (HKLM): User independent hardware and software machine specific information. The most important key in the registry: bus type, startup programs, device drivers, CLSID folder data, keyboard layout etc. Subkeys:
-[+] Drivers: Used by the Device Manager to keep track of active loaded drivers for hardware peripherals like plug-n-play devices, PC cards, PCMCIA etc. -[+] Hardware: Detailed information about all the devices connected to your computer in a format only the OS understands. -[+] Network: Information and settings about network(s) the user is currently logged on to. Page | 153
A Beginners Approach to Windows -[+] Security: Network security information and settings. -[+] SOFTWARE: Software-specific information and settings sorted by developer. Has the Microsoft\Windows\ key which has most of the machine specific settings like installed programs etc. -[+] System: Contains details about the Operating System and related settings, CurrentControlSet\Enum\ for hardware profiles and individual description. -[+] HKEY_USERS (HKU): Information about desktop and user specific settings for each user who logs on to the same Windows 9x/Me system. Each user has a separate subkey here. If there is only one user, the only subkey is ".Default". -[+] HKEY_CURRENT_CONFIG (HKCC): Information about the current hardware profile used by the local computer at startup, pointing to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current. -[+] HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.
IX.4: The .Reg File It sometimes can be timesaving to enter values into the registry without having to navigate to some deep key. Here‘s where Windows gives you the option of adding keys and data to the registry using text files having the .reg extension. You can even delete keys by just double clicking and accepting the confirmation dialog that comes up. You can export the entire registry to text files or import data from them. To export a key goto File >> Export and save the key with a filename. For example lets take the HKEY_CURRENT_USR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer key. Exporting this key on my computer gave me the following: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "ClearRecentDocsonExit"=dword:00000001 This format is for Windows XP computers because the Registry Editor version is 5.00. On Windows 98 systems however the same .reg file would look like the following: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "ClearRecentDocsonExit"=dword:00000001 The format is quite simple, REGEDIT4 indicates the file type and version, [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] indicates the key the values are from, "NoDriveTypeAutoRun"=dword:00000091" and "ClearRecentDocsonExit"=dword:00000001 are the values themselves, the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.
Page | 154
A Beginners Approach to Windows So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry. Deleting keys or values using a REG file: As mentioned earlier, it is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete inside the square bracket. For example to delete the [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] key the reg file would look like this (under Windows 98): REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] To delete individual values instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete a value "YPager" the file would look like: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "YPager"=-
This feature can be used constructively if used with intelligence. It may so happen that data may be entered into the registry that could possibly corrupt it, or values may be deleted unknowingly, in any case Windows would be at risk. It is always essential to make a backup of the Windows Registry in case of any untoward incident. Editing the registry requires excellent skill and workmanship, one mistake and your Windows is gone, but no mistakes and your Windows lives much longer. It happens that after prolonged usage of Windows, adding & removing programs, adding and configuring hardware, desktop settings and other Windows Configuration, that the registry tends to be filled with unreferenced garbage data that has no relevance to any program currently on your system. To clean the registry, Microsoft gives a small program called Regclean, you can download it from the several locations on the internet. Regclean checks the registry for unwanted, unreferenced values and creates a .reg file with all garbage values. If you can‘t you can add back the values to the registry by double-clicking on the reg file, else just delete it. RegClean is really efficient and since it‘s a Microsoft product, u shouldn't have second thoughts.
IX.5: Registry Tricks & Tweaks Editing the registry can make or break a system. The following is a list of some of the most famous Windows registry tricks and values that ought to give your computer a general boost and show you how to play around with your system. Some keys and values may not be present on your registry but can easily be created by right clicking and selecting from the context menu. It may so happen that the tricks mentioned here may not work immediately, in such cases a logoff or restart is recommended. Always refresh the registry by pressing F5 before exiting. The tricks are provided as is and the guarantee that they may work solely lies on the OS version. Incorrect registry editing can hamper system working and in some cases can cause you to reinstall Windows. Remember, you can assign specific key permissions for different users. If you have created policies for users, you can lock out specific keys of the registry using Permissions from the Edit menu, or you can even lock out the entire registry by disabling access. Read on. Page | 155
A Beginners Approach to Windows
As mentioned previously, the registry editor can be run by going to Start >> Run >> Regedit
GENERAL WINDOWS TWEAKS >> Disable Tool Tips Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Edit: Modify or create a new DWORD value in the right hand pane of the window, "ShowInfoTip" and set the Value to 0. To restore set the Value to 1. This edit excludes the Start Button. Comments: Use this to disable the tool tips that pop up when you move your mouse over folders and files or buttons. This edit does not prevent the ‗Click here to begin‘ tool tip on the start button from popping up.
>> Disable Status Messages during Boot, Logon, Logoff, Shutdown Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Edit: Create a new Dword value. Name the new value ―DisableStatusMessages‖. Double click the new value and set it to 1. Comments: This prevents status messages from showing up like the Windows is shutting down and the like. Includes all status messages of startup, logon and shutdown.
>> Disable Balloon Tips Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWORD value, "EnableBalloonTips" and set the Value to 0. To restore set the Value to 1. Comments: Use this to get rid of the (for me) annoying ‗balloon tips‘ that pop up in the system tray reminding you that of something or the other.
>> Disable/Enable Boot Defrag Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction Edit: Select ―Enable‖ from the list on the right. Right click on it and select Modify. Change the value to Y to enable and N to disable. Comments: This causes Windows boot files to be defragged and places them in contiguous sectors, thus makes them available for quicker launch at the next boot.
>> Disable Error Reporting Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting. Edit: Modify or Create a new Dword Value, ―DoReport‖, 1 = Send Reports, 0 = Don't Send. Comments: This disables Windows from asking you whether you want to send error reports whenever an error occurs.
>> Disable Crash Control Auto Reboot Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl Edit: Create or modify Dword value, "AutoReboot" set the Value to 1. To disable set the value back to 0. Comments: Changing this option to 1 causes the computer to automatically restart when a stop error occurs which would otherwise stop at the Blue Screen. This will not allow you to see what caused the exception since the blue screen lists the error code.
Page | 156
A Beginners Approach to Windows >> Disable Low Disk Space Message Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Edit: Modify Dword value, ―NoLowDiskSpaceChecks‖ and set the value to 1. Logoff or Reboot your machine. Comments: Windows will not bother you with annoying low disk space messages.
>> Disable Search Assistant. Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState. Edit: In the right pane, look for or create a string value called: ―UseSearchAsst‖ and set its value to: No Comments: Will disable the search assistant for Windows. Forget the dog and the merlin.
>> Disable the Thumbnail Cache Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced Edit: Create a new DWORD value, or modify the existing value, called 'DisableThumbnailCache' and edit the value to 0 to enable or 1 to disable. Comments: This edit disables Windows ability to create Thumbnails for images or video files. On systems with large number of multimedia files this setting can save a lot of memory space.
>> Disable/Turn Off System Beeps Key: HKEY_CURRENT_USER\Control Panel\Sound Edit: In the right pane, right click "Beeps", modify, set the value to no. Comments: Use this to disable the irritating system beep that you get when you pull the volume slider out of focus.
>> Disable Desktop Cleanup Wizard Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\ CleanupWiz. Edit: Create a new DWORD value, or modify the existing value, called 'NoRun' and edit the value to 0 to enable or 1 to disable. Comments: This disables the Desktop Cleanup Wizard that displays which icons weren‘t used for a long time and tells you it can take care of them. >> Change the Text in Internet Explorer‟s Title Bar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: In the right pane, change the value of the string, "WindowTitle", to any string of your choice. Comments: This edit enables you to add your own Title to Internet Explorer‘s Title bar. You must have seen IE with ‗Hacked by Godzilla‘ or something similar at cyber cafes or at home, this is where the change is done.
>> Change Name and Company Information after Installing Win XP Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Edit: In the right pane, modify ―RegisteredOrganization‖ and ―RegisteredOwner‖ to your liking. Comments: You can use this to change the name and company information that you provided while installing. Page | 157
A Beginners Approach to Windows
>> Get Rid of the "Links" Folder in Favorites Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar. Edit: Set the String value of "LinksFolderName" to equal a blank string. Open IE and delete the Links folder from the Favorites menu. The next time you start Internet Explorer the Links folder will not be recreated. Comments: Have you tried deleting the Links folder in Internet Explorer and noticed how shamelessly it reappears? You can now finally win.
>> Run Explorer Full Screen Keys: HKEY_CURRENT_USER\Console. HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main Edit: In the right pane find or create the DWord value ―FullScreen‖ and modify the value to 1. For the second key, in the right pane find or create a string called ―FullScreen‖ and modify the value to yes. Comments: This edit causes Explorer, all Windows folder, views to be displayed in full screen by default since you can press F11 anytime in explorer to go full screen. Very handy when viewing folders having loads of images.
>> Add Open Notepad to Every Folders right click menu Key: HKEY_CLASSES_ROOT\Directory\shell\ Edit: Create a new ―key‖ and it as Notepad. In the right hand pane, modify the default value to something like ―Launch &Notepad‖ where the ―&‖ sign will cause N to get underlined and will thus act as the shortcut. Then create another ―key‖ below ―Notepad‖ key and name it as ―command‖. In the right hand pane, modify the default value and enter ―notepad.exe‖ Comments: You can in fact use this option to add any program to the right click of folders.
>> Customize the Windows Logon and Security Dialog Title Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon. Edit: Create or modify the string value named ―Welcome‖ to anything you wish. You will have to logoff or restart to see the changes. Comments: This setting allows you to add additional text to the title of the standard Windows Logon and Windows Security dialog boxes.
>> Legal Notice Dialog Box before Logon Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon Edit: Modify the value named ―LegalNoticeCaption‖ to the caption on the dialog box (e.g. Warning!!). If this value doesn't already exist create it. Then modify the value named ―LegalNoticeText‖ to represent the body of the dialog box (e.g. Your activities on this computer are being monitored blah blah blah…). Restart to see the dialog box pop up before logon. Comments: This is cool... This allows you to create a warning box that is displayed before the user actually logs in.
Page | 158
A Beginners Approach to Windows >> Change the Message Shown on the Logon Box Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ Winlogon. Edit: Create a new string value named ―LogonPrompt‖ and enter the text you want to display. Comments: The default message is: ―Enter a user name and password that is valid for this system.‖ You can change this text to a custom message. Show your authority.
>> Change the Title of Windows Media Player Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\ WindowsMediaPlayer Edit: Create a new string value called "TitleBar" and set it to the text you would like to be displayed in the title bar of Windows Media Player. Comments: This edit shows a custom string on the Title Bar of Windows Media Player. Shows how customizable Windows is.
>> Display the Attributes Column in Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWord value called ―ShowAttribCol‖ and set the value to '1' to enable the attributes column. Comments: This causes an additional column displaying file attributes to be listed when the contents of a folder are seen in Details View. Paying tributes to Windows 95.
>> Force the Use of the Windows XP Style Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer. Edit: Create a new DWORD value, or modify the existing value, called ―NoSimpleStartMenu" and edit the value to 1 to force the newer start menu. Comments: This prevents the users from changing the Start Menu to classic through the Taskbar properties. When set to 1, this disables the Start Menu check box in Taskbar Properties.
>> Remove Common Groups from the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD called ―NoCommonGroups‖ and set the value to 1 to hide them, 0 to display them. Comments: This edit will remove all the entries located in C:\Documents and Settings\All Users\Start Menu and its sub-folders from the Start Menu when All Programs is accessed.
>> Add Control Panel to right click menu of My Computer Key: HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}. Edit: Create a new key called ―shell‖ (if it is not present), then create another key below it and name it as ―Control Panel‖. In the right hand pane modify the value of default to ―Open &Control Panel‖. Then create another key called ―command‖ and modify the right hand side default value and make it ―control.exe‖. Results are usually immediate. Comments: Control Panel will be added to the right click menu of My Computer. You can use the name of any executable under the shell key to create a right click menu. You could for example add regedit to the right click.
Page | 159
A Beginners Approach to Windows >> Add Your Own Tips Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Tips. Edit: You can create a new string value named by incrementing the existing value names and set it to the required tip text. You can just modify the existing tips for fun. Comments: The Tips in Windows can be altered to suit your needs. Its fun.
>> Enable Start Menu Scrolling Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new String value, or modify the existing value, called '‖StartMenuScrollPrograms‖ and edit the value to YES or NO. Comments: This edit causes the Program Files in the Start Menu to be of fixed size and the list can be scrolled by keeping the mouse pointer at the small arrows at the end and top of the menu.
>> Change the Login Window Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon Edit: Create a new DWORD value, or modify the existing value, called ―LogonType‖ and edit the value to (0 = Classic Mode, 1 = Welcome Screen) Comments: This changes the Login Window from the Welcome screen to the Logon Box and vice versa.
>> Activate Clear Type on the Welcome Screen Key: HKEY_USERS\.DEFAULT\Control Panel\Desktop Edit: In the right pane, right click "FontSmoothingType", modify and change the value to 2. Comments: Using this option allows the text and images to be drawn sharply on the screen. Very helpful if you are using an LCD panel or a notebook.
>> Clear Cached Command Lines from the Run Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU. Edit: Delete the value corresponding to the command you want to remove, or remove all the entries to clear the list completely. Comments: This clears of the list that accumulates when you use the run menu. For people who use the run menu for most of Windows tasks, this list could be pretty huge...
>> Disable Show Last User Name Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurentVersion\Policies\system Edit: Create a new DWORD value, or modify the existing value, called ―dontdisplaylastusername‖ and edit the value to 1 for hiding last logon. Comments: This is an additional security concern that you can implement. Using this edit will cause the last logged on user‘s username to be erased from the logon box at Windows Logon. Will be visible if you have the Welcome screen turned off.
>> Remove Username from the Start Menu Keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Page | 160
A Beginners Approach to Windows Edit: Create a new DWORD value, or modify the existing value, called ―NoUserNameInStartMenu‖ and change its value to 1 to hide username from the start menu. Comments: This removes the username from the Windows XP Start Menu. The Start menu may appear a bit odd for a few days for people who are used to seeing their names there…
>> Disable Windows XP Tour Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\ Tour Edit: Modify or create a new DWORD value in the right hand pane of the window, "RunCount" and set the Value to 0. To restore set the Value to 1. Comments: Disable the Windows XP Tour that pops up when you login after a Windows installation. The Windows XP Tour could be irritating at times, in any case a must go through if you are a new user.
>> Make Notepad as the default application for files without an association. Key: HKEY_CLASSES_ROOT\*\shell Edit: If shell does not exist create it. Under shell create a new key called open, and edit the string "(Default)" to read "Open with Notepad". Under open create a new key called command, and edit the string "(Default)" to read "notepad.exe %1" (including the quotes). Comments: A very helpful registry hack that allows you open extension-less files or files without a default application by a double click.
>> Change the Command Prompt format (C:\>) Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment Edit: Create a new Expandable String Value (REG_EXPAND_SZ) and name it as Prompt. Modify its value to any of the following combinations: Special Codes: $A - & (Ampersand) $B - | (pipe) $C - ( (Left parenthesis) $D - Current date $E - Escape code (ASCII code 27) $F - ) (Right parenthesis) $G - > (greater-than sign) $H - Backspace (erases previous character) $L - < (less-than sign) $N - Current drive $P - Current drive and path $Q - = (equal sign) $S - (space) $T - Current time $V - Windows XP version number $_ - Carriage return and linefeed $$ - $ (dollar sign) Variables: %USERNAME% - Current Username %COMPUTERNAME% - Local computer name %USERDOMAIN% - Local domain name Page | 161
A Beginners Approach to Windows
The default prompt is "$P$G" (i.e. "C:\>"), some alternatives include: [%computername%]$S$P$G to show the computer, drive and path [%username%]$S$P$G to show the current user, drive and path. Comments: Makes your command prompt look whacky. If you use the prompt often then this is definitely your take. My favorite is: [%username%]$S$V$S$P$G
>> Disable the Windows Installer Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer Edit: Create or modify the DWORD value named ―DisableMSI‖ and set the value to 2 to disable, 1 for admin use only and 0 to enable. Comments: Very useful if you have multiple accounts and if you don‘t want the other account users to install applications that use msiexec.exe. Also you can check for this value in the registry if you have received this error “The System Administrator has set policies to prevent this installation.”
>> Change the Color of Encrypted Files Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer Edit: Create a new Binary value, or modify the existing value called 'AltEncryptionColor' to any value in the format RR GG BB 00 (default = 00 80 40 00) Comments: When you encrypt a file in Windows (See Securing Windows), the file name changes to a bright green color. To change this color you can use this edit and modify it to suit your needs. Try red (FF 00 00 00) or yellow (FF FF 00 00). The values are in hex hence they range as 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0A, 0B, 0C, 0D, 0E, 0F, 10, 11, 12 and so on…
>> Customize the Open and Save Dialog Box Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 Edit: Create new DWORD values or modify existing ones for the following changes: ―NoBackButton‖ - Hides the back button ―NoFileMRU‖ - Hides the most-recently-used (MRU) list ―NoPlacesBar‖ - Hides the places bar Modify the value to 0 to display or 1 to remove. Comments: This allows you to play around with the look and settings of the Common Dialog Control Open and Save box. Use the Browse button in the Run box to test your settings. >> Remove the Minimize, Maximize and Close Tooltips Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: Create a new String value, or modify the existing value called ―MinMaxClose‖ to 0 to disable or 1 to enable tooltips. Comments: This disables the tooltips from popping out when you move your mouse over the Minimize, Maximize or Close buttons in an explorer window.
>> Show Windows Version on Desktop Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: Create a new DWORD (or String on Windows 98 and Me) value, or modify the existing value called 'PaintDesktopVersion' set the value to equal '1' to display the version. Page | 162
A Beginners Approach to Windows Comments: A nifty little hack that displays the version of Windows including the full name and the build of the OS. Here‘s a screen shot.
Windows Version on Desktop - Print Screen 9.3
>> Rename My Computer to “Username on Computername” Key: HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} Edit: Rename the value named "LocalizedString" to "LocalizedString.old". Create a new REG_EXPAND_SZ value named "LocalizedString", and set the value to "%USERNAME% on %COMPUTERNAME%" Comments: Use this to change the My Computer to anything of your choice. To use Environment variables like %username%, %homepath% and %systemroot% in place of My Computer this method should be used, for everything else there‘s always the standard rename option.
>> Prevent Windows from shutting down through the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoClose‖. Modify its value to 1. Comments: This prevents Windows from shutting down, usually used on machines on a domain, can be implemented on your local system. When you try to shutdown your computer through the Start >> Shutdown option, a Restrictions message is displayed. There are other ways to shutdown your machine though…
>> Remove Run from the Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoRun‖. Modify its value to 1. Comments: This option removes the Run command box from the Start menu. Not a wise thing to do, knowing the importance of the Run box. If you use the Win key + R, you get a Restrictions message preventing you from opening it.
>> Remove Tray Items from Taskbar Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value and name it to ―NoTrayItemsDisplay‖. Modify its value to 1.
Page | 163
A Beginners Approach to Windows Comments: Removes the items in the tray. The applications themselves are running in the background but their icons are not displayed. This edit makes your taskbar look neater and clutter free.
>> Remove My Computer from the Desktop and Start Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum Edit: Create a new DWORD value, or modify the existing value called ―{20D04FE0-3AEA-1069A2D8-08002B30309D}‖ to 0 to show, 1 to remove. Comments: My Computer is not displayed on the Desktop as well as the Windows XP Start Menu. >> Prevent Files from being added to Recent File List of Media Player Key: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences Edit: Create a new Binary value, or modify the existing value called ―AddToMRU‖ to 00 to disable file adding and 01 to enable. Comments: This is very helpful for guys who wouldn‘t want the recent file list in Windows Media Player to be populated with recent files. The recent file list will remain empty no matter what you watch.
>> Directly delete a file instead of sending it to Recycle Bin. Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket Edit: Create a new DWORD value, or modify the existing value called ―NukeOnDelete‖ to 1 to directly delete. Comments: Same as doing a Shift + Delete on a file. The file or folder is deleted directly without going to the recycle bin. This value can also be set by going to the properties of recycle bin and selecting the Do not move files to the Recycle Bin option. Here‘s the option.
Setting NukeOnDelete through Properties - Print Screen 9.4
Page | 164
A Beginners Approach to Windows >> Restore Folder Windows at Startup Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Edit: Create a new DWORD value, or modify the existing value called '‖PersistBrowsers‖ to 0 to prevent explorer from re-opening windows or 1 to re-open windows. Comments: When you shutdown your computer with folders still open, this setting causes explorer to reopen the folders that were not closed when Windows was last shutdown or the user was logged off.
>> Disable the "Log on using dial-up connection" Check Box Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Edit: Create a new String value, or modify the existing value, called 'RasDisable' and edit the value to 1 for Restriction Enabled and 0 for Restriction Disabled. Comments: This edit disables the option to Log on using dial-up connection during Logon. Windows allows users to optionally connect to a Windows domain using dial-up networking through this option.
INTERNET EXPLORER & OUTLOOK EXPRESS TRICKS >> Auto Disconnect for Internet Explorer Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters Edit: In the right pane, find ―Autodisconnect‖ and change the time accordingly. Comments: The Auto Disconnect feature is designed to terminate the connection to your Internet Service Provider (ISP) after a designated period of inactivity. This is what you specify in the time settings. The value is in minutes. This feature also prompts you to disconnect from your ISP after you close all instances of Internet Explorer. Thus reminding you and in a way saving you the trouble to manually disconnect from the tray icon.
>> Set the Start Page in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: Modify the existing value, called ―Start Page‖ to any URL you want (eg: http://www.microsoft.com) Comments: This one is simple to understand. This edit sets the Start Page in Internet Explorer; the link that you specify here will be opened whenever you start IE. This is the same as setting the start page from Internet Options under the general tab, but at least you get to know where the change is being done. >> Change the Text in Internet Explorer‟s Title Bar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. Edit: In the right pane, change the value of the string, "WindowTitle" to something like ―I know what you did last summer…..‖ Comments: This is pretty cool. You can change the text in the Title bar of Internet Explorer to something more appropriate to your taste. You may have also seen the title bar of Internet Explorer display something like Hacked by Godzilla, or something else. Now you know what to delete…
Page | 165
A Beginners Approach to Windows >> Change default Internet Explorer Download Directory Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer Edit: In the right pane, double click on the ―Download Directory‖ value. Enter the path to the folder you want as your download location. Comments: When you click on a link that IE does not understand how to handle (.exe, .zip or .rar etc), it will ask you for a download and then you can choose the directory to save it. Instead of searching for the directory, how about IE showing up a directory of your choice everytime you download. Use this edit to control which becomes your default directory.
>> Get rid of the Unread Mail message at the Welcome Screen Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UnreadMail Edit: Create a new DWORD value called "MessageExpiryDays" and set it to "0". Comments: When you receive mail through Outlook Express, a message will be displayed on the Welcome screen under your username informing you that there are some x number of unread mail messages. This edit removes the nagging message. I like my Welcome Screen clean.
>> Modify the Internet Auto-Dial Settings Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings Edit: Create a binary value named "EnableAutodial", and set its value to equal "01 00 00 00" to enable autodial or "00 00 00 00" to disable it. Comments: A very important tweak that prevents Windows from Auto dialing your ISP when a service or application requests information from the web. Use it to secure your system so that applications do not cause a connection to the ISP to progress when you aren‘t at your desk.
>> Customize the Auto Complete Mode Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ AutoComplete Edit: Create a new string value, or modify the existing value, named "Append Completion" and set it to "yes" to append the suggested text as you are typing or "no" to show a drop-down list. Comments: This comes really handy when you are typing text into a field. The Auto complete feature allows you to select previously entered text or suggestions that match your current incomplete text thus saving a lot of typing work. Here‘s the difference…
Append Completion = “no” - Print Screen 9.5
Page | 166
A Beginners Approach to Windows
Append Completion = “yes” - Print Screen 9.6
>> Remove MSN Messenger from Outlook Express Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express Edit: Create a new DWORD value, or modify the existing value, called ―Hide Messenger‖ and set the value to 2 to remove messenger from Outlook Express. Comments: MSN Messenger has a very annoying habit of popping up whenever you start Outlook Express. This tweak lets you prevent messenger from starting up whenever you start Outlook Express.
>> Control Internet Explorer Error Reporting Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main. Edit: Create a new DWORD value called "IEWatsonEnabled" and set it to "0". Create another DWORD value called "IEWatsonDisabled" and set it to "1". Restart your browser for the changes to take effect. Comments: This edit suppresses the Microsoft‘s Error reporting tool to be inactive for Internet Explorer.
>> Open Internet Explorer Shortcuts in a New Window Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new DWORD value, or modify the existing value called ―AllowWindowReuse‖ to 0 to open in new window or 1 to open in the same window. Comments: This tweak causes Internet Explorer to open new windows for links click on pages. Excellent tweak that allows you to open new windows without using the right click option.
>> Hide the Internet Explorer Icon Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value, or modify the existing value called ―NoInternetIcon‖ to 1 to hide and 0 to display. Comments: This edit removes the Internet Explorer Icon when set to 1 from the desktop and the Quick Launch folder. Can also be done through Display Properties >> Desktop >> Customize Desktop and by removing the check against Internet Explorer.
>> Disable Internet Explorer Download Notification Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―NotifyDownloadComplete‖ to yes or no depending on your preference. Page | 167
A Beginners Approach to Windows Comments: IE informs you whether the current download has completed or not. You can change this setting according to your preference.
>> Lock the Internet Explorer Toolbars Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar Edit: Create a new DWORD value, or modify the existing value called ―Locked‖ to 0 to unlock or 1 to lock. Comments: Locks the toolbars of Internet Explorer when Locked is set to 1. you can also lock toolbars by from the right click context menu of a toolbar in IE, this edit lets you know where you did the changes in the registry.
>> Add a Background Bitmap to the Internet Explorer Toolbar Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar Edit: Add a new string value, or modify the existing value, named "BackBitmap" for IE4 or "BackBitmapIE5" for IE5 and IE6, then set the value to the path and name of bitmap file you wish to use (e.g. "C:\WINDOWS\CLOUDS.BMP") Comments: This allows you to have a colorful background to your toolbars. IE looks pretty cool with images of your choice. To restore your IE to ‗normal‘ without the background image, window title and other customizations run Rundll32 Iedkcs32.dll,Clear. The command is case sensitive.
>> Block Executable Attachments in Outlook Express Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express Edit: Create a new DWORD value, or modify the existing value called ―BlockExeAttachments‖ to 0 to disable restriction or 1 to enable restriction. Comments: This is a very important edit that revolves around securing your computer against malicious code sent to you as an executable attachment. Outlook will filter out the attachment thus preventing the exe from being downloaded on the system either accidentally or deliberately. Might cause some problems if the attachment is a valid, clean executable.
>> Remove the Go Button in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―ShowGoButton‖ to yes or no to show or hide respectively. Comments: Causes IE to hide or show the ‗Go‘ button. You can still browse by pressing Enter on the keyboard.
>> Automatically Resize Images in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Edit: Create a new String value, or modify the existing value called ―Enable AutoImageResize‖ to yes or no to resize or disable resizing respectively. Comments: This is an essential edit if you use the Internet Explorer often when browsing the Internet. Images come in different sizes and may not be properly rendered n your browser. This edit automatically resizes the images fit the page context and the screen; hence causing web pages to appear more ordered.
Page | 168
A Beginners Approach to Windows >> Internet Explorer FTP Mode (Folder View or Traditional View) Key: HKEY_CURRENT_USER\Software\Microsoft\Ftp Edit: Create a String or modify the existing one called "Use Web Based FTP" to "no" for the folder view or "yes" for the traditional view. Comments: This is a very helpful edit if you frequently visit ftp sites and upload data. When on a Local Area Network, ftp sites may have read write permissions, and if you wish to upload data to an ftp site that gets displayed in its traditional view in IE then it gets cumbersome. With the Folder view, ftp sites are displayed like Windows Explorer folders, so you can just copy the data from your source folder, use a right click and paste it in the destination ftp site when in Folder view.
>> Disable the Outlook Express Splash Screen Key: HKEY_CURRENT_USER\Identities\{Unique-Identity}\Software\Microsoft\Outlook Express\5.0 Edit: Create a new DWORD value or modify the existing one called "NoSplash" to 1 to disable splash. Comments: Disables the Splash screen that pops up every time you start Outlook Express when NoSplash is set to 1.
>> Disable Password Caching in Internet Explorer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings Edit: Create a new DWORD value, or modify the existing value called ‖DisablePasswordCaching‖ to 1 to disable password cache, 0 is for default. Comments: When you use a Username and Password to login into web services like email and social networking sites (like orkut and myspace), if the password cache option is enabled your password is stored on the system for ‗ease of refilling‘ the form the next time you login. This is a security risk and hence this edit should be immediately employed to make your system a bit safer.
>> Empty Temporary Internet Files on Exit Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache Edit: Create a new DWORD value, or modify the existing value called ‖Persistent‖ to 0 to empty temporary files or 0 to default. Comments: Another important security edit. This tweak will erase all your temporary files when you close IE instead of you manually navigating to the Temporary Internet Folder and deleting them.
SYSTEM & SYSTEM PERFORMANCE >> Show Super hidden Operating System Files Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Edit: Create a new DWORD value, or modify the existing value, called ―ShowSuperHidden‖ and change the value to 0 to hide and 1 to show. Comments: This edit causes explorer to show system files which are recommended by Microsoft to be kept hidden, but since many viruses and unwanted applications use this security feature of Windows to hide themselves, using this edit will at least display them if you have something funny somewhere. You can also show super-hidden files by going to Folder Options and unchecking the ‗Hide Protected OS Files‘ under the View tab. Page | 169
A Beginners Approach to Windows
>> Unload DLL's Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer. Edit: Create a new sub-key named ―AlwaysUnloadDLL‖ and set the Default value to equal '1' to disable Windows caching the DLL in memory. Comments: After an application closes, Windows caches the DLLs that were loaded by it in memory for some time. This can cause performance issues on low memory systems. Use this edit to unload DLLs no longer required.
>> End Task Time Out Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Edit: Modify or create a new string value called, "WaitToKillServiceTimeout" and change the Value to 2000. Close the registry editor and restart your machine. Comments: This value (in milliseconds) changes the time given to a service or an application to shutdown after it has been notified that the system has been issued the shutdown command. Lowering this value decreases shutdown time but there could be a trade-off for applications that require more time to cleanup memory space of data. 2000 milliseconds is ideal.
>> Change Default Search Options Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer Edit: Modify the following values, setting them to "1" to select the parameter as a default or "0" as unselected. ―CaseSensitive‖, ―IncludeSubFolders‖, ―SearchHidden‖, ―SearchSlowFiles‖, ―SearchSystemDirs‖. Comments: When you use search, there is an option to provide more advanced options like to search in system folders, in hidden files and folders, in tape backup and filename is case sensitive. You can set these options in the registry and use them as default in any future searches instead of setting them manually each time you use Search.
>> Automatically Close Non-Responding Applications on Shutdown Key: HKEY_USERS\.DEFAULT\Control Panel\Desktop Edit: Modify or create a new string value called ―AutoEndTasks" and change its value to ―1‖ to kill unresponsive applications at shutdown automatically. Comments: When you shut down your computer, enabling this option will cause unresponsive applications to be killed immediately. Faster shutdown but again the trade off…
>> Speed Up Menu Display Key: HKEY_CURRENT_USER\Control Panel\Desktop Edit: In the right pane select, "MenuShowDelay". Right click, modify and set the value to 100. Comments: This determines the interval from the time the cursor is pointed at a menu until the menu items are displayed. Best noticeable effect is on the Start Menu items.
>> Run a Program at Windows Startup just once Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce Edit: Create a string value, name it to anything and modify it to the executable path. Page | 170
A Beginners Approach to Windows Comments: This edit causes an application to be run at Windows Startup and then the entry is erased.
>> Run a program whenever Windows starts. Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run Edit: Create a string value, name it to anything and modify it to the path of the executable. The first entry will cause the program to run only for the current logged in user whereas the second entry is global mode. Comments: Very important locations for viruses and other unwanted applications to run without user intervention. Especially the HKEY_CURRENT_USER entries, since they are easily writable. Keep a frequent check on these locations for unwanted applications.
>> Speed up Network Share viewing by preventing Remote Schedule Task Check Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComput er\NameSpace Edit: Delete the key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and reboot. Comments: If your computer is on a LAN and if you use the Start >> Run >> \\
>> Remove Properties from My Computer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer Edit: Create a new DWORD value, or modify the existing value, called ―NoPropertiesMyComputer‖ and change the value to 1 to restrict the viewing of System Properties or 0 to keep default status. Comments: This prevents access to the System Properties box. Can be enforced if you do not want users to change virtual memory settings or alter environment variables.
>> Enable DVD Player in Media Player Key: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings. Edit: Create a new string value called "EnableDVDUI" and set it to "yes" to enable DVD functionality. Comments: Enables the DVD playback feature in Windows Media Player. You will be presented with DVD specific options whenever Media Player starts.
>> View Which Hot Fix Patches Have Been Installed Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Hotfix Comments: Periodically Microsoft releases Hot Fix's to patch bugs in Windows and other products, this key contains information about which Hotfixes have been installed.
Page | 171
A Beginners Approach to Windows >> Change or Add System Environment Variables Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager \Environment Edit: Modify any value by double clicking on the name of the variable. To create new variable, create new Expandable String and rename it to the variable name that you want. Modify its value to the variable value that you want. Comments: You can create or edit existing environment variables. Effective when your access to System Properties is disabled. Note: Variables are required by the OS and programs to run properly, any incoherent changes to existing variables can cause Windows to function incorrectly.
>> Remove Computer Management Option from the right click of My Computer Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "NoManageMyComputerVerb" to 1 to remove the Manage option from the right click context menu of My Computer. Comments: With this edit set to 1, you will not be able to access Computer Management from the right click menu of My Computer. In simple words, the Manage option from the menu will be absent.
>> Disable the Windows Key Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layout Edit: Create a new Binary value, or modify the existing value called ―Scancode Map‖ to (―00 00 00 00 00 00 00 00 03 00 00 00 00 00 5B E0 00 00 5C E0 00 00 00 00‖) (without the “ and brackets.) Comments: This edit will disable the Windows Key that is found on most keyboards.
>> Show Run in Separate Memory Space Option in the Run Command box Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a new DWORD value, or modify the existing value called ―MemCheckBoxInRunDlg‖ to 1 to show checkbox. Comments: This edit adds the Run in Separate Memory Space check box to Run dialog box. When selected, this option lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process. The additional check box is enabled only when a user types the name of a 16-bit program in the Run dialog box.
>> Control the CD-ROM Autorun Function Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom. Edit: Change the value of ―Autorun‖, or create a new DWORD value if it doesn't already exist, and set the data to equal 0 for Autorun disabled. Comments: Always disable this option as a security measure. Autorun programs could be infected and could infect your system too. If the CD contents have been found to be safe by a scan then you can always use the right-click >> Autorun option on the CD ROM drive. >> Disable CD Burning in Windows XP Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Page | 172
A Beginners Approach to Windows Edit: Create a new DWORD value, or modify the existing value called ―NoCDBurning‖ to 0 to allow Recording or 1 to disable CD burning through Windows. Comments: Windows XP has inbuilt support for CD-burning which can be disabled by using this edit if you are using a third party tool to burn CDs.
>> Hide the Taskbar Clock Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "HideClock" to 1 to remove the clock from the System Tray. Comments: This edit will remove the clock from the System Tray or the Notification Area in Windows XP.
>> Prevent Access to the Contents of Selected Drives Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called ―NoViewOnDrive" to the following decimal values for the corresponding drives: A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863 To hide 2 or more drives just add their equivalent numbers and change the value of NoViewOnDrive to the sum. For example to hide floppy drive (A:), D: drive and E: drive, add 1 + 8 + 16 = 25. Change the value of NoViewOnDrive to 25 in Decimal. Comments: This is a nifty little edit that can be used to prevent access to an entire drive. You can have a drive full of sensitive data and then use this edit to lock it out.
>> Disable the Ability to Right Click on the Desktop Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called ―NoViewContextMenu‖ to 1 to disable right click on the desktop. Change the value to 0 or delete the DWORD to restore right click. Comments: This edit will prevent users from right-clicking on the Desktop. You can still right click on the Taskbar and the Start button though.
>> Clear Page File at Shutdown Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Memory Management Edit: Create a DWORD or modify the existing one called "ClearPageFileAtShutdown" to 1 to clear the Page File at shutdown. Comments: The page file is a portion of the hard drive that Windows uses to store parts of applications and functions that don‘t fit into memory. When a user shuts down Windows, the page file is not cleared which could be a security issue if access to the drive is possible. The page file could be read through another Operating System and possibly passwords can be retrieved, hence the need to clear the page file at shutdown; but again the trade off. Since the page file is large, flushing requires some time which could affect the overall shutdown time.
Page | 173
A Beginners Approach to Windows >> Disable Folder Options Menu Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Edit: Create a DWORD or modify the existing one called "NoFolderOptions" to 1 to remove the Folder Options option from the Tools menu of any Explorer window. Comments: This is one of the most common changes done to the registry by viruses that hide themselves by changing their attribute to hidden. This edit removes access to Folder Options from the Tools menu in Explorer. Set the value of NoFolderOptions to 1 to enable or just delete the DWORD.
>> Restrict Users from Running Specific Applications Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Edit: Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run. Then create a new sub-key called ―DisallowRun‖ and define the applications that are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restricted (e.g. "calc.exe"). Note: Never restrict the use of the registry editors. In addition to these there are several tricks that you can employ without any reference, just navigate through the various keys and values and experiment and see the changes in your system for different values. If in case you do not know the exact name or value of key or something, you can always use the Find feature available through the Edit menu on the Menu bar. The challenges provided at the end of this chapter will prove to be a starting point for your exploration.
IX.6: The Reg command In some cases it may so happen that the registry editor may not be accessible, it could be a virus that has written into the registry to prevent its editing, or it could be a policy imposed by the system administrator. The registry can be locked out by adding it to DisallowRun (see Tips & Tricks) or by creating a System Policy. If a program has read/write permissions to the registry, it can very well modify, add or delete keys. There are viruses that write either the DisallowRun to the registry with regedit.exe & regedt32.exe as the programs that are disabled or in most cases to achieve everything in a single value a ―DisableRegistryTools‖ DWORD value set to 1 is written to either HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Or; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
This prevents the running of any standard Microsoft Registry Editing Tools. This policy is so strong that even some third party non – Microsoft registry Editing Tools are also prevented access. Viruses may do this so that whatever changes they have done, like removing the Folder Options menu so that you don‘t see the virus that it is a hidden file, etc cannot be re-edited. The only thing that even most administrators do is to reinstall Windows. Microsoft must have come across this problem, hence the reg.exe file was put, atleast I think that must have been the one of the reasons. Reg.exe is a small command line based utility found in the System32 folder in Windows XP & Windows 2000 that allows console mode editing of the registry, Page | 174
A Beginners Approach to Windows you can view keys of the registry, add keys, delete, export, import and almost everything that the Regedit program can do. It can also be used through scripts to access the registry. For example you could use this program to edit the registry add keys read the registry. For people using scripting tools like AutoIt, this is the only method to delete keys and values from the registry. The reg program also allows you to access the registry of a remote computer. To run the reg.exe file open command prompt by going to Start >> Run >> cmd.exe, at the prompt type reg.exe. The standard output without any parameters is as below: Console Registry Tool for Windows - version 3.0 Copyright (C) Microsoft Corp. 1981-2001. All rights reserved REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT ] Return Code: (Except of REG COMPARE) 0 - Succussful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG REG REG REG REG REG REG REG REG REG REG
QUERY /? ADD /? DELETE /? COPY /? SAVE /? RESTORE /? LOAD /? UNLOAD /? COMPARE /? EXPORT /? IMPORT /?
This program is very important if you are locked out of the registry, hence descriptive analysis has been taken up. I have simplified each parameter help, since what they display could be confusing to some people. Try, the examples first, them out by simultaneously keeping the registry editor (regedit.exe) opened. If reg.exe says that the key or value name was not found, use regedit to create keys and values then experiment on them using reg.exe. The commands are not case sensitive, reg add is the same as REG ADD or rEg aDD. Note that:HKLM – HKey_Local_Machine HKCU – HKey_Current_User HKCR – HKey_Classes_Root HKU – HKey_Users HKCC – HKey_Current_Config Page | 175
A Beginners Approach to Windows
REG QUERY: Used to view keys and values in the registry. REG QUERY KeyName [/v ValueName OR /ve] [/s] KeyName [\Machine\]FullKey Machine - Name of remote machine. If excluded means local machine. (Only HKLM and HKU are available on remote machines.) FullKey - in the form of ROOTKEY\SubKey name ROOTKEY [HKLM | HKCU | HKCR | HKU | HKCC] SubKey - The full name of a registry key under the selected ROOTKEY /v query for a specific registry key, ValueName - The value name, under the current selected Key, to query. If omitted, all values under the Key are queried. /ve query for the default value or empty value name <no name> /s queries all subkeys and values, if queried right at root, will expand the entire registry. Examples: REG QUERY HKLM\Software\Microsoft\Active Setup /v DisableRepair Displays the value of the DisableRepair under the Active Setup key. REG QUERY HKLM\Software\Microsoft\Active Setup /s Displays all subkeys and values under the registry key Active Setup.
REG ADD: Used to add keys and values in the registry. REG ADD KeyName [/v ValueName] [/t Type] [/s Separator] [/d Data] [/f] /v The value name, under the selected Key, to add /t RegKey data types [REG_SZ, REG_MULTI_SZ, REG_DWORD_BIG_ENDIAN REG_DWORD, REG_BINARY, REG_DWORD_LITTLE_ENDIAN REG_NONE, REG_EXPAND_SZ]. If omitted, REG_SZ is assumed. /s Specify one character that you use as the separator in your data string for REG_MULTI_SZ. If omitted, use "\0" as the separator. /d The data to assign to the registry ValueName being added /f Force overwriting the existing registry entry without prompt Examples: REG ADD \\Matrix\HKLM\Software\Test Adds a key HKLM\Software\Test on remote machine Matrix. REG ADD HKLM\Software\DeltaSquad /v Team /t REG_SZ /d Omega Adds a value (Name: Team, Type: String (REG_SZ), Data: Omega) REG ADD HKLM\Software\DeltaSquad /v Weapons /t REG_MULTI_SZ /d AK47\0MS-242\0Krieg-22 Adds a value (name: Weapons, type: Multiple String Value (REG_MUTLI_SZ), data: AK47\0MS-242\0Krieg-22\0\0) REG ADD HKLM\Software\DeltaSquad /v Path /t REG_EXPAND_SZ %%systemroot%% Adds value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%) Notice: Use the double percentage (%%) inside the expand string .
Page | 176
/d
A Beginners Approach to Windows
REG DELETE: Used to delete keys and values in the registry. Use with caution. REG DELETE KeyName [/v ValueName OR /ve OR /va] [/f] /v Specify the ValueName, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted /ve delete the value of empty value name <no name> /va delete all values under this key, NOT the subkeys. /f Forces the deletion without prompt. Use only in scripts as caution. Examples: REG DELETE HKLM\Software\DeltaSquad Deletes the registry key DeltaSquad and its all subkeys and values REG DELETE \\MATRIX\HKLM\Software\Test /v SingleEdition Deletes the registry value SingleEdition under Test on MATRIX.
REG COPY: Used to copy keys and values from one subkey to another. REG COPY KeyName1 KeyName2 [/s] [/f] /s Copies all subkeys and values from KeyName1 to KeyName2 /f Forces the copy without propmt Examples: REG COPY HKLM\Software\Crap HKCU\Software\BigBoss\Crap /s Copies all subkeys and values under the key Crap in HKLM to the key Crap under HKCU. REG COPY \\MATRIX\HKLM\Software\Omega HKLM\Software\Sigma Copies all values under the key Omega on MATRIX to the key Sigma on the current local machine.
REG SAVE: Used to save keys and values from the registry to a file on your computer. REG SAVE KeyName FileName FileName -- The name of the file to save. Filename has to be supplied. If only filename is given without the full path, then file is created in the current working directory. Examples: REG SAVE HKLM\Software\ControlRoom Data.hiv Saves the hive ControlRoom to the file Data.hiv in the current folder.
REG RESTORE: Used to restore keys and values from a file to the registry. REG RESTORE KeyName FileName SubKey -- The full name of a registry key to restore the hive file into, overwriting the existing key's values and subkeys FileName -- The name of the file to restore. This file should have been created using REG SAVE. Examples: REG RESTORE HKLM\Software\Microsoft\ControlRoom Data.hiv Restores the file Data.hiv overwriting the key ControlRoom.
Page | 177
A Beginners Approach to Windows
REG LOAD: Loads keys and values from a file to the live registry (Only HKLM & HKU). REG LOAD KeyName FileName FileName -- The name of the hive file to load. You must use REG SAVE to create this file. Examples: REG LOAD HKLM\TempHive Data.hiv Loads the file Data.hiv to the Key HKLM\TempHive. You cannot load inside any other keys, only at root. Reg.exe will give an Access is Denied Error if the Hive Key you are attempting to create and load the hiv file, already exists.
REG UNLOAD: Unloads the specified key from the live registry (HKLM & HKU Only) REG UNLOAD KeyName KeyName -- ROOTKEY\SubKey Examples: REG UNLOAD HKLM\TempHive Unloads the hive TempHive in HKLM
REG COMPARE: Used to comapre keys and values of one subkey with another. REG COMPARE KeyName1 KeyName2 [/v ValueName OR /ve] [Output] [/s] If FullKey2 is not specified, FullKey2 is the same as FullKey1 ValueName -- The value name, under the selected KeyName1, to compare. When omitted, all values under the Key are compared. /ve compare the value of empty value name <no name> /s Compare all subkeys and values Output [/oa | /od | /os | /on] When omitted, output only differences. /oa Output all of differences and matches /od Output only differences /os Output only matches /on No output Return Code: 0 - Succussful, the result compared is identical 1 - Failed 2 - Successful, the result compared is different Examples: REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2 Compares all values under the key Delta with Delta2 REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2 /v Team Compares the value Team under the key Delta and Delta2 REG COMPARE \\MATRIX\HKLM\Software\Test \\. /s Compares all subkeys and values under HKLM\Software\Test on MATRIX with the same key on the current local machine.
Page | 178
A Beginners Approach to Windows
REG EXPORT: Used to export a key and/or subkeys to an importable .reg file. REG EXPORT KeyName FileName FileName -- The name of the file to export the KeyName as a .reg file. Examples: REG EXPORT HKLM\Software\DeltaSquad D:\DeltaConfig.reg Exports all subkeys and values of the key DeltaSquad to the file DeltaConfig.reg in the D Drive. You can then double click the file to add it back or open in notepad and read contents.
REG IMPORT: Used to import keys and values from a file of Regedit format. REG IMPORT FileName FileName -- The name of the disk file to import (local machine only). The file should be in the standard REGEDIT format, can be created from REG EXPORT. Examples: REG IMPORT D:\DeltaConfig.reg Imports registry entries from the file DeltaConfig.reg from the D Drive.
The entire reg program was explained here because it can be a life saver if your registry editor is disabled and you know there is a virus on your computer, but its hidden, and you can‘t access folder options to reenable show hidden files and folders. The only way (other than gpedit.msc on WinXP Professional) to get to folder options is by removing NoFolderOptions DWORD value from the Explorer Policy key in HKCU. You also need the registry editor for several other useful and creative tweaks. So here‘s how you go about it. If you get an error saying Restrictions: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator, when trying to run regedit.exe or regedt32 or Registry Editing has been disabled by your administrator, then try the following step by step procedure to get your rights and your registry editor back. Goto Start >> Run >> cmd At the prompt type Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Check to see if there is a DisableRegistryTools DWORD value set to 1. If Yes then delete it by Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools You should be able to run regedit now. If there is no DisableRegistryTools when you query, then change the reg query to Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Check if there is a subkey called DisallowRun, if yes then Delete it by Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer \DisallowRun Regedit should now be able to run, navigate to the Explorer key and delete the DisallowRun DWORD value also. Use the reg file for good, programming viruses to delete keys and values is by virtue of computing bad and distasteful.
Page | 179
A Beginners Approach to Windows
Challenges: 1. Add an option called “Open Paint” on the right click of the Start Button and all folders which will open MSPaint. 2. Change the shell to Command Prompt. When Windows starts cmd.exe should run instead of Explorer.exe as the Windows shell. 3. Clear the recent file history of Windows Media Player. 4. Change the My Computer Tooltip to anything of your choice. 5. Hide all the Items on the Desktop. 6. Change the Warning text that is displayed when you remove the check against the Hide protected operating system files option in Folder Options under the View tab. 7. Change the text in the Time Zone tab of Date & Time Properties in Control Panel. Change (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi to (GMT+05:30) Vasco, Panjim, Ponda, Margao.
Page | 180
A Beginners Approach to Windows
CHAPTER X
Securing Windows This chapter on Windows Security reveals how Windows Security is jeopardized and what steps you can take to secure your system from unwanted threats. We shall also see how security begins at your system level and how it will manifest at the network level. Users and file permissions are also explained. After this chapter the reader should be able to: Explain how the Administrator account can be dangerous. Understand how common Windows API can be used maliciously. Explain NTFS Security and its benefits over other file systems. Use NTFS Encryption and Access Control Lists to protect data. Explain how common viruses work and how to prevent an infection. List the advantages of using the Windows Firewall. Secure Windows Networks by using share permissions.
Page | 181
A Beginners Approach to Windows Secure systems aren‘t a far-fetched dream. A comprehensive knowledge of the realm of security and managing resources should hold strong enough to keep intruders at bay. Below is a layman‘s guide to secure computing with Windows. A brief inspection of key features of Windows XP like the support for NTFS, user access control lists and patch work has been taken up.
X.1: Security – An Overview No Operating System is entirely secure. The bad guys out there are continuously finding holes in systems that allow them to gain control of computers remotely. The good guys also do the same but also create patches or explain how to patch the hole or what necessary preventive measures have to be taken to keep your system safe. Security can be divided into 3 distinct subjects: System Security, Network Security and Web Security. These distinctions are custom made by me since they best describe the security scenario on the whole. System security pertains to the desktop level and file system level security. This includes data isolation from unauthorized prying eyes and user access rights and management. Network Security deals with perimeter based defense mechanisms and access to shared network resources and protocols. Web Security deals with the understanding of the Internet and browsing securely out there. The realm of Web Security also contains Web Application Security and End server security. Most insecure systems today are not due to smart hackers but due to users with restricted knowledge of the security scenario. The combination of System, Network and Web security truly covers all the aspects of Secure Computing. Operating Systems and Network resources if securely taken care of, can be utilized without any hindrance and to its full potential. Internet, the biggest library of digital information on this planet is also the weakest network of computers. The Internet has brought people from different nations and social strata closer via its services like e-mail, voice chats, messengers, blogs and forums. Tons of information on literally anything ranging from a grasshopper‘s digestive system to NASA‘s Hubble Space Telescope photographs is available online. Everybody uses the net, but hardly anybody thinks of its undocumented side, Internet Security. The Internet is, at its core, a global connection of many millions of computers that belong to companies, universities, banks, research facilities, defense wings, governments and individuals. Any possible network attack at a 2-computer network level is also theoretically applicable to the Internet. People wake up to this fact after they have been hard hit. Why bother? Some ask. I have nothing of importance on my hard disk, many home users say. But won‘t you be surprised if your photograph (kept safely in the My Documents folder of your PC at home) turns up on a porn website, digitally edited to look authentic. It can happen. Companies and banks have crashed. Several people have got their self-respect disgraced. Firms have gone bankrupt overnight; millions have been lost in revenues all because of sheer negligence. How do all these seemingly impossible situations arise? To understand and proceed further let us get one image clear. Networking gurus are basically divided into 2 tribes by a thin line; hackers and crackers. Any computer criminal these days is branded as a hacker, which is explicitly incorrect. Hacking is a term in the online world that reminds you of a guy with a cap on his head, sitting in front of a computer screen in the dark, busy typing crap on a terminal window with CDs and pizzas strewn around. This is certainly not the correct picture. Hackers are usually good system programmers and network administrators who actually search and patch security holes in local or remote systems. Then there are crackers. Crackers are sadistic hackers who have turned bad just to grab immediate publicity, but what they don‘t realize is the amount of chaos and damage they are causing to the hacked systems and their users. They essentially use the same tools that a hacker uses but to gain notoriety. Computer Crackers commit various nefarious activities that include password stealing, phishing, accessing and manipulating sensitive data that could range from credit card numbers to classified military projects. A lot of companies and millions of users worldwide have woken up to the threat of cyber crimes. Netizens are now on the watch for cyber criminals. There have been several cases of website Page | 182
A Beginners Approach to Windows defacing and in some cases entire business websites have been brought down. Distributed Denial of Services (DDOS) attacks were considered theoretically possible before Yahoo!, EBay and CNN.com crashed in 2000. Crackers, in DDOS, compromise several small weak networks and exponentially break into still weaker networks and then using these final end systems flood web servers with bogus data packets essentially causing these remote machines to hang and thus causing denial of valid services to its valid end users. You may not even know your computer was a part of a DDOS attack. In the beginning when computers were used by university researchers to send and receive emails and networks were used for sharing printers, nobody had thought of terms like firewalls, BackOrifice, l0phtcrack or Cain & Abel. But now as millions of people and thousands of corporate houses worldwide are using the Internet and networks for banking, shopping, research, chatting, auctions, education and defense related works, the amount of sensitive information that can be intercepted is mind-boggling. Then there are viruses and Trojan horses. Computer viruses can be anything from user generated scripts to carefully compiled executables. Viruses have been with us since the day program buffer overruns and process bugs (programming errors in applications that crash the program whenever an invalid data entry is made) were discovered in Operating Systems and user friendly Operating Systems were developed. Viruses can come through emails, through removable media like floppy disks, CD ROMs, USB drives or through the network in general. If you go online frequently and if you find your computer running miserably slow, then chances are that you are infected. Trojan horses are an interesting class of software, the most famous examples being BackOrifice and SubSeven, which are based on the client server model and which allow a remote user to control the host computer remotely. These unwanted programs are usually hidden inside another program and install and run themselves when you run a seemingly harmless application; that is precisely the reason they are called Trojans. Hackers can move the mouse cursor on the remote machine, turn the desktop upside down, run applications, upload and download files, turn off the remote machine and lots of more stuff sitting in the comfort of their homes. It may sound fun but it can be frustrating for the end user. Trojans can be run as local applications and can be started in listening mode at system startup. You won‘t even know your computer has a Trojan running in the background unless you run a complete system scan or open Task Manager and scrutinize each process under the Processes tab. An understanding of the working of the sadistic hacker and his inventions will save a lot of time and energy in reinstating the whole system from scratch. You may have arrived at a point in your computing life when your beloved computer was infected with viruses and somebody told you to format and you had to hesitatingly format your hard disk losing all your precious data and years of memories. If you have gone through that painful phase of life then this chapter is meant for you (even if you haven‘t gone through it, carry on anyways). System formatting is not always the option when it comes to gaining back control over your system. Windows has been programmed to be user friendly while keeping most of its working in the background. As we saw in the chapter on the Windows Registry, how easy it is to manipulate the system. Most viruses take advantage of this fact and are devised in a way so as to use the systems features to hide them. To add salt to injury, users like you and me usually end up running the virus themselves. How many times have you double clicked on a normal looking exe and it did nothing? How many times have you cursed Windows for this unusual behavior? The truth is that knowledge is a vital weapon to combat menaces. You can start taking precautionary measures right from the point when you create a new user. Let us see how.
X.2: The Administrator‟s Dilemma Everybody would want to work on their computers as Administrators without realizing the potential damage that this could cause. By default, when you install Windows XP, the Home Edition version creates a password less Administrator account called Owner and the Professional Edition makes you create User Accounts after install. In both the cases the user accounts that you use to login
Page | 183
A Beginners Approach to Windows finally usually belongs to the administrator group. To understand how Users are actually allocated control over the system, we need to see the general groups that exist on a Windows machine. Windows, as you know by now, groups users on the basis of their administrative rights, or in more simpler terms, based on their system rights. The all-powerful group is the Administrators group. In fact there are three fundamental groups of users who exist on a given Windows machine. There will definitely be more then three but understanding these three is of primary importance. Administrators, Power Users and Users comprise the systems standard set of user groups. Administrators: Administrators have system wide access. They can schedule tasks, install and uninstall programs, edit the registry to make system wide changes, take system backup using the backup utility, create and delete partitions, change file permissions, encrypt and decrypt files and folders, create and delete users, change user groups, create network shares, create system restore points, install service packs or upgrade the Operating System, install drivers for hardware, start, stop or change service parameters, enforce password policies, create network connections and take ownership of files that have become inaccessible. Administrators practically are omnipotent on a Windows machine. Power Users: The rights of Power Users lie between that of Administrators and Users. Members of this group, by default are allotted permissions to modify system wide settings. Power Users can perform any Operating System Task except those that are reserved for the Administrators. Power Users can install programs that do not modify Operating System files or install themselves as System Services (Antiviruses for example), customize system wide resources like printers, date, time, power options etc., create and manage users and groups, start and stop services that are not started by default. Power users cannot add themselves to the Administrators group nor can they add others. Power Users do not have access to the files and folders of other users if on an NTFS partition unless they have been given file access permissions, we shall see how that is possible in the coming pages. Users: Users have absolute restrictions in terms of system wide changes are concerned. Users cannot install programs, nor can they run content that has not been signed by Microsoft. Users also cannot edit the registry keys that will affect the local machine. Users have full control over the files that they create and their data folder (%userprofile%) and their portion of the registry (HKEY_CURRENT_USER). Users can shutdown their computers only if they are workstations and not servers. Users are stripped of all rights and permissions on objects that could modify system parameters. Users can‘t even modify the system date!!
To view all the user groups on your computer, goto Start >> Run >> cmd. At the prompt type “net localgroup” without the quotes.
Apart from these three, there also exist other groups like the Backup Operators and the Guests. BackUp Operators: Members of this group can backup and restore files on a computer regardless of any permissions that protect those file. Backup Operators cannot change system security settings. Guests: This group usually has just one user called, well… Guest. Guests can login and logoff and browse the file system. Many security issues have been attributed to the guest account including some which relate to a system compromise and it is hence advisable to disable this account whenever possible. To disable the Guest account on a Windows XP Professional machine open Computer Management through the Control Panel >> Administrative Tools. Under Computer Management expand Local Users and Groups >> Users. You will be able to see all the users on the current local machine listed here. In the right hand pane, right click on the Guest account and select Properties. Under the General Tab, select the Account is disabled. Click OK to Apply Page | 184
A Beginners Approach to Windows settings and exit. You can in fact disable any account from here if you are a member of the administrators group except for built-in accounts (the Guest is an exception). A simple scenario should expose the seriousness of the problem and also help you understand which user account could be the most dangerous and which the least. Consider this: Your friend gave you program that he downloaded from the Internet. This program claims to be a prank application, which allows you to move the start button around the taskbar. You are proudly logged in the only account on your computer, the Administrator. You execute the program and lo your Start Button moves around, so far so good.
Moving the Start Button - Print Screen 10.1
You smile at yourself for your cheesy accomplishment. Then you close the program, causing the start button to return to its normal corner and continue working. Suddenly you find your screen turns upside down. Then the shutdown timer pops up counting down from 15, you try opening the Run box to stop the shutdown and you are greeted with a Restrictions message, as you helplessly watch your mouse dance around the screen, the shutdown timer ends counting with 2 seconds to spare. Then you are forcibly logged off. You frown in disbelief and log in again, just to find that you can no longer access any drive in My Computer. You also find that you have been locked out of the registry too. Sounds far fetched? Not at all I ssay. This was an example of a Trojan Horse that was possibly hidden in the prank program. Claiming do one thing but does loads of other stuff that you can‘t account for. In fact it is extremely easy to program an application that does all that and much more. Ok let us understand how the application did all what it did, then we shall see the simple steps you can follow to thwart any such scrupulous behavior of any unknown application. Most of what the application did was possible with the use of common Windows API and some clever programming. APIs as you‘ll already know are functions inside dlls that allows Windows and other applications to interact with each other. To turn the screen upside down, a screen print was taken, rotated by 180 as a bitmap and then displayed ‗Right on Top‘ of the desktop, all using APIs. You can find a harmless implementation of the Right On Top function (SetWindowPos function in User32.dll) in Task Manager under the Options menu which when selected causes the Task Manager to be on top of any window, either newly opened or previously existing. A 15 second shutdown timer is displayed using the command shutdown –s –t 15 which also causes an internal timer inside the application to be start that keeps the record of the number of Page | 185
A Beginners Approach to Windows seconds passed so that an abort shutdown can be issued to dramatically stop the timer at 2 seconds to spare. A DWORD NoRun is added to the \Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer key of either the HKEY_LOCAL_MACHINE or the HKEY_CURRENT_USER in the registry to prevent the run box from opening. The change will be effective if the policy is applied at the Local Machine level since it will be imposed no matter who logs on. But for the Run Restrictions to become effective, you have to logoff or restart, which you haven‘t done till this point, then how does the policy come into effect? The simple answer is that explorer.exe was enumerated from the process list by using another common API (Process32Next in a loop till Exe name = explorer.exe) then terminated by passing its PID to another common API (TerminateProcess()). Both functions are found in the kernel32.dll file. Explorer restarts and reads the new values from the registry thus enforcing the policies. All this happened when the inverted screen was displayed on screen. The mouse cursor can be made to move around the screen by using another API (SetCursorPos from user32.dll) by supplying it with the x and y co-ordinates of the point where you want the mouse cursor to be set. There are various methods to force a user to logoff, but the simplest is by issuing the command logoff or shutdown –l –t 00. The application by this time has already done majority of the damage. All drives in My Computer can be disabled by adding the NoViewOnDrive DWORD policy in the Explorer key of the registry under the Local Machine or the Current User with a value of 67108863 in decimal. Using the DisableRegistryTools DWORD policy in the System key locks out the registry editor. This was in no way a comprehensive list. There are several hundred APIs that Windows and applications use for their normal working and several of them can be exploited to wreak havoc on a normal looking system. You don‘t even have to execute the exe in order to run, applications (or more specifically code) can be run even if you do a seemingly harmless task like viewing a webpage. Code can be downloaded and run without the knowledge of the end user. Scripts in web pages could potentially ruin your system if proper care has not been taken to prevent their execution. This example was taken just to prove a simple, yet an often overlooked, aspect of computing, the Administrator account is potentially the most dangerous account on a system, and be it a standalone machine or a computer on a network. When a program runs when an administrator is logged on, the application too runs in the same permission space thus creating a big loophole for untrusted applications to play around with your system. The safest account is a normal user account with no privileges at all. With a normal account you can surf the Internet (a little more safely), run programs that will accidentally not cause system wide changes, play games, listen to music, watch movies and create word documents, all this without the fear of accidentally messing up your system at the end of the day. In fact the Administrator account should be used sparingly perhaps only in cases of an account lockout or user settings corruption issue. Applications can be installed in a normal user account by using the RunAs feature on the right click of the setup file. This calls for the use of best practices that come after years of experience after working with Windows. But before we go ahead and implement security policies and other edits, let us understand what role does NTFS play in keeping our data secure and what features of it can be used in providing a safer computing environment.
Page | 186
A Beginners Approach to Windows X.3: NTFS Security – The ACL Story An advice that all Microsoft Certified Professionals will give you is to convert your current file system to NTFS. We have already seen an overview of the NTFS File System; now let us see it through a security context, touching upon access control lists, file permissions and encryption. NTFS provides file level security through its much talked File access permissions which are implemented through the use of ACLs or Access Control Lists. Let us see how file permissions are assigned and how you can protect your data using them. As we all know, by now, the MFT or the Master File Table contains attribute records of all files and folders on an NTFS volume. Among these attributes, there exists a special attribute called the Security Descriptor (SD) which contains information related to security and permissions of the corresponding object. Within the SD, amongst other information there exist lists which define which users have access to the object (file or folder) and to what level of access is permitted to them. These are called Access Control Lists or ACLs. Every object on an NTFS partition has two types of ACLs: System Access Control List (SACL): This ACL is used to audit success and failures of attempts to access an object. Read ahead for an example. Discretionary Access Control List (DACL): This ACL is where permissions are stored that dictate what users and groups are allowed what type of access to an object. At this point, DACLs should be of primary importance to us since they contain access permissions and DACLs are broadly referred to as ACLs. To view the ACLs of an object on an NTFS volume, right click any object, a file or folder and go to Properties. Click the Security tab to display a summary of the ACLs. This page allows you to set permissions for the particular object. You can add users and groups and assign individual permissions to them. You can see current permissions to various users and groups in the upper frame of the page. The user names and group names are followed by their network names too whose format is computername\username or computername\groupname. In the figure the computer name has been erased for, well.., security reasons. The permissions pane will show you what different permissions can be assigned to an object. This list is by no means comprehensive. A little ahead we shall see the entire DACL Entry for an object. A DACL can accept a negative ACE (Access Control Entry) or a positive ACE. The Allow or Deny are just that. If you are the owner of the object (if you have created the file or folder or if it was created by a process running when you were logged on if the object was created by using your login credentials) then you can change permissions and assign individual restrictions to users and groups. The summarized permissions that you see on this page are Full Control (allows all access to the object), Modify (allows Read & Execute + Read + Write), Read & Execute (allows read access and execute functionality), Read (allows Read access), Write (allows write access) and Special Permissions (allows operations like delete, change permissions, write extended attributes etc.) One thing to bear in mind is that a Deny is given preference over an Allow permission. For example consider a user called Riyaz who belongs to the Administrators group who have full control over an object. Now if Riyaz is denied access to write, then this setting takes priority and Riyaz is denied write access, even though the group to which he belongs has Full Control.
Page | 187
A Beginners Approach to Windows
Summarized DACLs for Secret.txt - Print Screen 10.2
Let us now see how you can use DACLs to protect your data. Consider our file secret.txt that contains all your passwords and usernames. By intelligently employing file permissions, you can easily prevent access to any user on your computer whom you do not want the file to be accessible. Go to the properties of the file. Every new file or folder created on an NTFS volume will by default Inherit the security permissions from the parent folder. This means that if you create a file inside D:\MyData\, then by default the file permissions will show other users and groups if they have been defined in the permissions for D:\MyData\. As mentioned earlier, what you see under the security tab is the summarized values of access types to an object. You can view the entire list under the Advanced Security Settings page. Click on Advanced. Here under the Permissions (the first tab) tab, you will see the list of users/groups who have access permissions on your file.
Page | 188
A Beginners Approach to Windows
Advanced Security Settings for Secret.txt - Print Screen 10.3
Also you will see that an option that allows file permissions to be inherited from the parent is checked. For now uncheck the option, and click on Remove on the warning that comes up. This will probably clean out the whole list from view. This effectively gives a Deny to ―Everyone‖ on the computer. Click on Add to open up the Select User or Group box. Here you can type your username and click OK or for a safer and sure approach, click Advanced and the Find Now. Select your username from the search result and then click OK. When you click OK, the Permissions Entry page will open up showing you detailed access permissions of the DACLs for your secret.txt file.
Page | 189
A Beginners Approach to Windows
Effective DACL permissions for Secret.txt - Print Screen 10.3
Click on Full Control to automatically select all other permissions. Then OK your way back. You now have a file that is accessible to only you and nobody else. Try it out, logoff and login as as any other user and try accessing the file. You can even customize permissions in such a way so as to have no write permissions for a user and allow only read permissions. You do not have to repeat the entire procedure detailed above. You can add a new user from the Security tab itself. Go to Properties >> Security, click on Add >> Advanced >> Find Now. Select the User you want to change permissions for, then OK your way back to the Security page. Here change the permissions by selecting the user in question. You can even edit file permissions for the Administrator so that he gets only read and no write permissions on your file.
Page | 190
A Beginners Approach to Windows
Denying Administrator Write for Secret.txt - Print Screen 10.4
Use file permissions judiciously, always give at least one account the rights to ‗Take Ownership‘ (effective permissions) of the file, in case you ever consider your account for deletion. Taking Ownerships helps you gain access to files and folders that are not accessible. In case you denied other users (not ‗Everyone‘ since that would include you too) access to a file or folder and then it so happened that you had to delete and recreate your account, then you may not have access to your data. This comes as a very important point since all your precious data might be there right on the desktop and yet you may not be able to open it. To reclaim your data in such cases taking ownership is the only way out (as far as I know ;-)). You have to be the Administrator or a member of the Administrator group to be able to Take Ownership. Right click on the folder to which you get an access denied message, go to Properties >> Security tab >> Advanced >> Owner tab. Select your current username here. If your username is not listed then you can add your username by clicking on the Other Users or Groups >> Advanced >> Find Now and then by selecting your username from the list. select the Replace owner on subcontainers and objects check box which will be visible only if you are taking ownership of a folder. This checkbox will not be visible while taking ownership of files. Click on Apply and click Yes when you are prompted with the following message: You do not have permission to read the contents of directory
Page | 191
A Beginners Approach to Windows Encryption, or the process of disguising a message or data in such a way so as to hide its actual meaning, is possible in Windows by using the Encrypting File System or EFS. EFS is supported on Windows 200, Windows XP Professional, Windows Server 2003 and its variants. EFS is not supported on Windows XP Home Edition. EFS works by way of creating cryptographic private keys that allow the user transparent access. Whatever data you encrypt will be inaccessible to other users, irrespective of what permissions he/she has. This is the advantage of using Encryption over file permissions. Your username and your password is used when creating the Private Key required to decrypt files when you try to access them. Hence, you may have noticed that when you attempt to change the password of another user through Control Panel >> User Accounts in Windows XP, you are presented with a warning that says the user will lose all his EFS-Encrypted files. This happens because the key is not updated with the new password if another user changes it. The decryption process happens automatically without any prompts, well of course if you are the user who encrypted the file in the first place. We can provide encryption in two ways. One, you can encrypt a single file and two; you can encrypt a whole folder so that all files in it and those which will be added to it later will be encrypted by default. Encrypted files are shown in a different color in Explorer. By default it‘s green, but anyways you can change that by using a registry edit. Let us use our Secret.txt file as an example. Create the file anywhere on your computer (and remember where you created it.), preferably in the root of C:\. Write some data into it and save the file. Then right click on the file and select Properties. Click on the Advanced button next to the Read-only and Hidden attribute check boxes. In the Advanced Attributes box that opens up, select the option that says Encrypt contents to secure data, click on OK and Apply. That‘s it. You have just made your file inaccessible to prying eyes.
Encrypting Secret.txt - Print Screen 10.5
Page | 192
A Beginners Approach to Windows
To test your adventure, log off and log in as another user. Try accessing the file. You will be surprised as to how easy this was. Encryption can really be a life saver. Encrypting a folder can be really advantageous since you have to just encrypt it once and all files added to it are encrypted by default. When you are encrypting a folder, you will be presented with a Confirm Attribute Change dialog box where you have to select the second option that allows you to apply changes to subfolders and files. Enabling this option allows you to add files to this folder, encrypting them on the fly. You are saved from the hassle of encrypting every file and folder that you need to be protected.
Applying encryption to subfolders and files - Print Screen 10.6
To ease the encryption and decryption process, you can add or modify a setting in the registry that allows you to shorten the process and reduces the entire ordeal to a right click option. Open the registry editor and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Create a new DWORD value and name it to EncryptionContextMenu and modify its value to 1. Changes are usually immediate and you will see an Encrypt/Decrypt command at the context of files and folders. Bear caution while dealing with user accounts; do not change your passwords from another account unless absolutely unavoidable.
X.4: Password Policies and the Password Reset Disk Safe passwords are easy to construct and remember too. Contrary to popular belief, long passwords are not necessarily strong. This section of the chapter will give you an insight into what goes in constructing a strong password and creating a Password Reset Disk that Windows XP users can use to login in case they have forgotten their passwords. Password policies can be applied by the Administrator on a Windows XP Professional box that will govern the nature and behavior of the passwords of the users created on the system. Before creating any accounts on the computer, create password and account polices for users by using the Security Policy Editor. Remember that strong passwords are a necessity of a Windows box. Before we actually get into defining polices, let us first understand what a strong password comprises of. To start off with, a strong password comprises of at least 14 characters and should not contain your username or computer name or a dictionary word or any other personal information. Assuming you are a big Harry Potter fan, let‘s use a word from JK Rowling‘s world to construct our strong password. How about expelliarmus? The most common type of passwords Page | 193
A Beginners Approach to Windows people use usually contain leetspeak, which is a type of written slang that replaces letters with numbers or other characters that look like the original alphabet. You must have seen people on the internet calling themselves w@rl0[k (warlock), 0r|)3r (order) etc. These are handles that people use to hide their identity. Let‘s use this same concept in constructing our password. Thus expelliarmus could be written as 3x|>3ll1@rmu$. You could then add some special characters at the beginning or end. Our final password could look like #3x|>3ll1@rmu$~. Now that‘s difficult to guess but easy to remember. The above method actually satisfies all the three criteria that I can think of for a strong password. First of all, it does not contain your name in it and it is larger then 14 characters. Secondly it uses alphanumeric and special characters and thirdly it is not easily guessable. Passwords have to be longer then or at least 14 characters in length. Don‘t even think about using personal information like birthdays, girlfriend‘s name, place of birth, or the name of your dog. Also, don‘t use words from the dictionary. If you have more than one email ID or if you use multiple services that require passwords (email, gaming, chat, forums and music download) then don‘t use the same password for all the services. Also always keep it a mixture of alphanumeric and special characters. It is also advisable to change your Windows login password often. To create password policies on your Windows XP Professional box, go to Start >> Run and type secpol.msc. This should start the Local Security Policy Editor. Remember, if your machine is a part of a domain (large corporate offices for example) then the Password Policies are set at the domain controller level and there isn‘t much you can do as a user. In our workstation example after you open the Security Policy Editor, expand Account Policies and then select Password Policy. You can change various parameters here. Double click Maximum password age and set the password expiry days as 21. Then double click the Minimum password length and set the character length to 14. A value of zero indicates your system does not require a password to login. Then the most important setting, double click on Password must meet complexity requirements and change its setting to Enabled. Change your current system password to match the policies you have described and then logoff and logon again. Along with the password policies you can also set the Account Lockout Policies. These policies come into effect if an invalid logon attempt is made to your system locally. For example if a malicious user uses your system and tries to login by guessing your passwords, then you can create a policy here that describes after how many login attempts will the account get locked and for how much time. To create these policies, click on Account Lockout Policy. In the right hand pane you will in all probability see three options. The first and the last will be set to ‗Not Applicable‘. If this is the case then it is because of the Account lockout threshold value being set to 0 invalid logon attempts. Double click on it and change the value from 0 to 5 login attempts and click OK. You will be presented with a Suggested Value Changes window that shows that the options for the other 2 settings have now been changed to 30 minutes. Click OK for now and then change their values individually. You cannot set the account lockout duration to a time smaller than that of the reset account lockout timer. Keep them the same, probably 15 minutes for optimum usage.
Page | 194
A Beginners Approach to Windows
The Local Security Policy Editor on Windows XP Professional - Print Screen 10.7
Windows XP provides a convenient way to reset your account password with the use of a Password reset disk. It is easy to create and use. Always bear in mind to safely protect your disk if you have created one. A Windows XP Password Reset Disk will not work for any other computer other then on which it was created. To start you will require one blank, formatted floppy disk. The procedure is a little different if you are a limited user. Administrators can create floppy reset disks for any user on the local machine whereas a limited user can do it only for his account. If you are an Administrator and if you wish to create the disk for another local user or yourself then: Go to Control Panel >> User Accounts. In the User Accounts pane, click the account that you want to work with. In the Related Tasks on the left of the window, click Prevent a forgotten password to start the Forgotten Password Wizard, and then click Next. Insert a blank, formatted disk into drive A, and then click Next. In the Current user account password box, type the password for the user account that you selected, and then click Next. If the account does not have a password, then keep this space blank. In case the user creates a password later, you could reset it using the floppy disk instead of User Accounts to preserve the EFS certificates and Encrypted data. When the Progress bar reaches 100% complete, click Next, and then click Finish. Remove the floppy disk and keep it in a safe place.
It is very important to keep the floppy safe because it could be used to compromise the system as well as the data on it.
If you are a limited user then the only change is that the Prevent a forgotten password option is available only on your account details in User Accounts. In that case when asked to enter the password during the creation of the reset disk by the wizard, enter the password of your account. Now we are ready with the reset disk, let‘s use it to reset the password assuming you have forgotten it. Logoff your account and at the welcome screen click on your username and instead of the password press Enter or click on the login arrow. You will be presented with an error message that looks like this. Page | 195
A Beginners Approach to Windows
Did you forget your password? You can click the "?" button to see your password hint. Or you can use your password reset disk. Please type your password again. Be sure to use the correct uppercase and lowercase letters. Click use your password reset disk. This should start the Password Reset Wizard. Click Next. Insert the password reset disk into drive A: when prompted to and then click Next. Type and confirm your new passwords in the space provided. You could also keep a hint as a reminder if you forget again. Not advisable though. Click Next, and then click Finish. The Wizard will quit and you will be returned to the welcome screen. Type your new password and press Enter to log in. You do not have to worry about re-creating the password reset disk because the disk is automatically updated with the new password information. Hence it is absolutely necessary to store the floppy in a safe and secure location.
X.5: Malicious Code and Common Infections Viruses, worms and Trojans have always tortured lives of Windows users. Many a times people grudgingly format there computers losing all their data and painstakingly reinstall Windows and the several other applications that were installed. Several virus infections can be detected by running a good antivirus. I wouldn‘t pass judgment on the ones I know but would definitely recommend a few. Kaspersky, McAfee and Symantec provide products that are really worth the money. These antiviruses (and many others) provide features like On-Demand Scanning and Real Time Monitoring of files. A user can invoke an antivirus program to scan the entire hard drive or specific files and folders, this is called On-Demand Scan and is available in all antivirus softwares. Real Time Monitoring works by examining system calls and I/O read write operations thus eliminating or suppressing threats before the viral action is completed. However this can cause substantial amounts of CPU cycles to be consumed. A virus is defined as a computer program that has the capability of copying itself and infecting other computers on which it is taken or networked too. Sometimes Trojan horses, worms and other forms of malware are also incorrectly referred to as viruses. Viruses spread through computer networks, emails or through removable media like floppies, CDs and USB drives. Most often then not worms, viruses and Trojan horses are confused with each other. Viruses require a host to propagate. They copy themselves into the host file and when a user runs the file the virus code is run thus infecting other files and doing whatever action it was meant to. Worms on the other hand can propagate without the need of a host. A worm usually copies itself as individual files and runs in memory creating copies of itself into removable media and network shares. Finally, a Trojan horse is a harmless looking application that appears to do some harmless activity, but carries a payload that is executed when run. Trojan Horses are used to deploy other nasty applications like key loggers, remote administration tools like BackOrifice and NetBus, and even erasing and overwriting data on a computer. There are applications available that allow you to join multiple files, the harmless application and the more sinister one so that they appear to be one program but both are executed when run. Many prank programs come with other malicious code. Simple applications like those that allow you to open and close your CD Rom drive tray may install a backdoor that allows a remote user to connect to your computer, transfer files and capture keystrokes. Imagine if you were typing your password for you mail account or credit card number at a shopping site!! The variations of these actions are huge. Viruses come in different forms. As the battle between anti virus companies and smart system users on one side and virus writers on the other side continues, the bad side is getting smarter faster then we can cope. Today‘s viruses can modify their code so that anti viruses don‘t detect Page | 196
A Beginners Approach to Windows them. Most antiviruses have virus signatures in their databases. These are pieces of code that are obtained from the virus. An executable is compared with this database to see if it contains the signature, if it does, it is flagged infected. Polymorphic viruses beat this type of scan method by changing the code while keeping its algorithm intact. Several other methods to prevent detection may also be employed by viruses. Some viruses even terminate the antivirus process from memory before it can be detected!! Some antiviruses detect the change in file size of an executable and flag it infected if it changes. Viruses have even beaten that by infecting these files yet not increasing their sizes. They accomplish this by overwriting unused areas of executable files. Viruses can chiefly be divided into two types based on the basis of their behavior when they are executed. Nonresident viruses, when executed, immediately search for other programs that can be infected, infect these files, and finally transfer control to the application they had infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus then stays active in the background and infects new hosts when those files are accessed by other programs or the Operating System itself. This allows the virus to infect a new file whenever it is accessed by the Operating System. There are viruses that can infect even Word and Excel files or any file that supports code execution called Macros. Macros in documents allow a user to repeat a certain task or perform a certain action that is programmed by the user. For example a macro could be written in Outlook Express that checks for the subject line when you send a mail and pop up a message that tells you that the Subject line is blank. This helpful feature is often exploited by virus writers to write code that gets executed when you open a file, infecting other files and probably mailing a copy of itself to all the people in your address book. Viruses have also been known to modify the boot sector of the hard disk. These viruses, aptly called boot sector viruses, modify the boot sector so that the virus gets executed every time you start the computer. The control is then transferred to the actual boot loader. Anti-viruses use two common methods to detect viruses. The first and the most common method of virus detection is using a list of virus signatures. Antiviruses examine the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus signatures. If a match is found then the user is presented with options of deleting, cleaning or quarantining the file. Virus signatures have to be updated regularly to protect your computer and data from new threats. The second method is to use heuristic analysis to find viruses based on common behaviors. This method allows detection of viruses of which signatures have not yet been created by the antivirus company. Heuristic analysis can create a lot of false positives, or may flag legitimate files as infected since the scan engine checks for common viral action like file replication or file overwrite or append. A combination of the two can keep many threats at bay. Worms are self replicating computer programs. They use computer networks and removable media to spread. Most often then not, the most popular worms have spread through email as attachments. Notable examples of these include the Sobig and MyDoom worms. Worms, unlike a virus, do not need a host program to propagate. Worms can also be used to carry payloads and trigger emails to certain addresses thus spamming users with thousands and millions of emails bringing down the entire mail system. This attack when done from multiple points is called a Distributed Denial of Service attack. Worms largely rely on emails and networks to spread causing network bandwidth issues and traffic congestion. An email worm when executed usually sends a copy of itself to all the users in the users contact list. Since the email appears to come from a trustworthy source (you in this case) the recipient opens the attachment causing the worm to send more copies of itself to everybody in the recipients contact list. This causes a rapid spread of the worm and in no time millions of computers are infected. Most worms just spread without harming the system (except for the network congestion) but some worms carry payloads and drop them on the infected systems. These payloads may include keyloggers, backdoor programs and even viruses amongst others.
Page | 197
A Beginners Approach to Windows Most often then not worms will remove access to Folder Options, the Registry Editor and the command prompt. In several cases the Task Manager is also disabled displaying an error saying “Task Manager has been disabled by your administrator” when you press Ctrl+Alt+Delete.
Task Manager Disabled - Print Screen 10.8
This is done by setting the DisableTaskMgr Dword value in the registry. The worm, if in memory, will reset any changes done to the registry immediately after you change settings to normal. Hence the approach is to terminate the application from memory and then attempt to change settings back. Many worms exploit the ignorance of several Windows users. Windows by default hides file extensions for known file types and hides hidden files and folders. Worms and even viruses take advantage of this fact. Worms create copies of themselves with the icon of a Windows folder and hide the original folder. Since Windows does not show file extensions for known file types, the exe extension is hidden and what the user sees is an innocent folder. When double clicked nothing visible may happen, but the worm will get executed causing more copies of itself to be made in other folders on the system. Worms prevent access to Task Manager because it is possible to terminate the application from memory if you can open Task Manager and go to the Process tab. Access to Command Prompt is denied to prevent you from running the tasklist, to display current processes, and taskkill, to terminate tasks using their Process Identifiers (PID) or image names and to also prevent you from running the reg command to change registry settings. Finally access to Folder Options and the registry editor is denied so that you cannot unhide folders and or modify registry values. Generally people prefer to use the Registry Editor instead of the reg command line tool which can easily provide access to the registry even if you have restrictions using regedit.
Tasklist showing running processes - Print Screen 10.9
Page | 198
A Beginners Approach to Windows
Many worms also create Autorun.inf files in the root directories of all the hard drives and have the open command set to the name and path of the application. An Autorun.inf file, as you will know, is a file that contains information about the action to be taken when a default command is executed. The default command on a drive is to Open it. When you double click on a drive in My Computer it should open by default in explorer. But the presence of an Autorun.inf file causes an autoplay option to be added. Even this text can be modified to something more inconspicuous like Open. etc. Since the Autorun.inf file and the file or files it causes to execute when you perform the default action are hidden, most often then not, with the system attribute set causing them to be superhidden, you will not see them when you manage to open the drive. Windows, by default, autoplays CD Rom discs and USB drives if they have an Autorun.inf file. You don‘t even have to double click on the drive, the worm executes without user intervention. Trojan Horses are an interesting class of nuisance. They appear as completely harmless applications that promise to do something innocent but actually do more then that. The name Tojan Horse is derived from a section of the legendary Torjan War in Greek Mythology, in which the Greeks built a wooden horse as an offering of peace to the City of Troy, and pretended to sail away. The wooden horse contained Greek soldiers hidden inside its belly. After the people of Troy (Trojans) brought the horse inside the city, the soldiers emerged and opened the Gates of the City to the Greeks and destroyed the city of Troy. Generically, any application that carries a payload that is not used by the main application and performs actions other then those promised or believed to do is termed as Trojan. A Trojan by itself is not harmful, but due to the various payloads they can carry are they termed malicious. Applications are specifically written to act as Trojans carrying payloads with them, while many others are made by joining payloads to already existing applications. Some of the popular payloads delivered by Trojans are NetBus, BackOrifice and Sub7. These are applications that allow the deployer to remotely control computers. These applications install a small program (the server) and allow the machine to be controlled remotely through a client. These tools by themselves are excellent programming masterpieces, but since they are used by script kiddies and sadistic hackers all over the world to wreak havoc, they have earned a bad reputation amongst security conscious people. Remote Administration Tools are not the only payload for Trojans to carry, although they are the most popular. Some other payloads include keyloggers, antivirus disablers, DoS tools or merely downloaders. Most of these payloads are bundled with prank applications that unsuspecting users happen to find across the Internet. The most popular payloads of Trojans are Remote Administration tools as mentioned earlier. Remote Administration tools can be used ethically to troubleshoot problems remotely and interact with users. Most of these applications come with a server and a client program. The server part of the program has to be run on the system you wish to control and the client (usually a Graphical User Interface) is used to send commands to the server. Windows provides several APIs that allow you to completely control a computer remotely and it is not very difficult to write a remote control application of your own. In the final year of my Engineering, way back in 2006, I managed to write a Remote Administration Tool of my own called NetCon which I shall briefly describe here.
Page | 199
A Beginners Approach to Windows
NetCon System & Network Page - Print Screen 10.10
Designed to work on the Local Area Network and written in VB 6.0 with over 80 Windows API, the program has the following features: Get Remote System Info: This info includes: Computer Name IP address Operating System Physical RAM Drives Product ID Registered Owner System Directory Windows Directory Processor Type Current Logged on User Temporary Directory Wallpaper location (Whew!!) Screen Resolution Get list of running Processes: This allows users to view and terminate processes on the remote computer. Shutdown Controls: Allows users to remotely shutdown, restart the system or logoff the current user. If the end system is Windows XP then the shutdown and restart commands will give a 12 second countdown. Get Open Ports: This command shows all the open listening ports and connections on the remote computer. Get Routing Table: Allows users to view the entire TCP/IP routing table. Get Adapter Status: This command allows viewing of the entire adapter status along with other information, equivalent of ipconfig /all. Send Message to remote computer. Displays a message box on screen when a user is logged in. Page | 200
A Beginners Approach to Windows
Run an application on the remote computer by supplying the full path of the program. Rename the Start Button on the Remote Computer!!! View Directory structure, disks and contents. File Transfer: Using binary mode for file transfer, this command allows you to copy files from the remote system and save it onto your computer. Fun Controls: These are commands intended for general experimental purpose. Click on the buttons to perform their respective functions. Open / Close CD ROM drive tray. Show / Hide Start Button Show / Hide Clock Show/Hide Desktop Show Black Screen & desktop alternatively. View / Set / Clear Clipboard Beep User with custom frequency (default 2000 Hz) Play custom sound. Default is C:\Windows\Media\tada.wav. Change Wallpaper on remote machine (requires logoff) Freeze mouse for 8 seconds Swap mouse buttons, the right click becomes left and vice versa. Crazy mouse. Mouse cursor is set at random locations for 8 seconds.
NetCon Fun Controls Page - Print Screen 10.11
Move Mouse. This is an advanced mouse control function written to remotely move the mouse on the remote computer with the administrator controlling cursor positions from the client machine. Right and left clicks can be manifested too. Live Keylogger allows you to view pressed keys on the remote machine in real time on a screen on the Info Pane. Screen Stuff: A highly advanced separate module written which exclusively employs the BitBlt and StretchBlt methods to manipulate the screen. Allows users to do the following functions: Get Remote Screen (AutoDump feature also available). Invert Remote Computer Desktop
Page | 201
A Beginners Approach to Windows
Invert Colors of the desktop. Fade Screen Colors Brighten Screen (MAX ALPHA) Darken Screen Show Ghost Image Monitor On / Off (Works on Laptops only)
The server cannot be seen under the TaskList but can be seen under the Process tab of the Windows Task Manager. It also adds itself to the Local Machine Run key (creates if non existent) in the Windows Registry so that it runs at system startup irrespective of who the logged on user is. NetCON v1.2 runs on port 7108 at system startup (upon a previous execution) in listening mode. These tools may be fun to use in the hands of novice users but can be real frustrating to the end user. The Windows API is a powerful collection of functions which can be used maliciously. Several applications exist out in the wild that incorporate these APIs. To read drives and directories, to copy themselves and spread, to open and infect other files, to create and add user accounts without your knowledge, to delete files and directories and replace them with executables of their own, to log every key you press on the keyboard, stealing your passwords and credit card numbers, emails and photographs, documents and other data, to prevent shutdown of the computer, to crash the operating System and in the worst case format your drives. The bad guys are using their knowledge to do evil stuff with their evil tools. Some simple precautionary measures can save a lot of time, money and pride. Here are a few methods that you can easily employ to keep your system safe and detect and delete threats before it‘s too late. One of the most common trick worms and some viruses use is to create copies of themselves that have icons of common file types or of folders but with the obvious ‗.exe‘ extension at the end of the filename. A very common example that I can recollect is the Jangan Dibuka.exe which has the icon of a Microsoft Word Document. This worm has got several other names like My Love.exe, Kenangan.exe, Hallo.exe, Puisi Cinta.exe, My Heart.exe, and Mistery.exe. Such worms may disable folder options and cause the hide file extensions for known file types option to be checked. A non suspecting user is bound to attempt to open a file that has the name ―My Love‖ and the icon of a word document. What they don‘t realize is that you are in fact executing the worm! Hence to detect such threat, you can either enable the show file extensions option through folder options, but that may not be helpful if the worm periodically checks for registry values and resets them according to its own convenience. Windows hides file extensions for shortcut (.lnk files), Explorer command files (.scf) and some other file types. These extensions will remain hidden even if you deselect the Hide file extensions for known file types. You can enable their view through a registry hack. I did not include the trick in the chapter on the registry since it would be much more captivating to use it here in its correct context. Link files and Explorer‘s command files have a special string value called NeverShowExt written under the HKEY_CLASSES_ROOT\lnkfile and HKEY_CLASSES_ROOT\SHCmdFile respectively. You can even do the opposite using a string value called AlwaysShowExt. You can direct Windows to show you file extensions for a known file type even when the option to Hide file extensions is enabled in Folder Options. Since the most dangerous file type to us presently would be the executable, navigate to HKEY_CLASSES_ROOT\exefile, create a new string value in the right hand pane and name it as AlwaysShowExt and keep its value blank. Restart explorer using the Task Manager or logoff and login again. This registry edit causes Windows to display the exe extension even when the option to Hide File extensions is enabled in Folder Options. Try it out. Apply the option in the View tab of Folder Options and navigate to any exe that you have, C:\Windows would be a nice place to check. Look at the filename of Explorer.exe, for instance, the file extension will be visible even though files around it will have their extensions hidden. This allows you to view the extension of a file before you run it. For best practices, deselect the option in Folder Options to Hide file extensions.
Page | 202
A Beginners Approach to Windows Some worms have long names like Picture_of_the_worlds_most_wanted_person.exe. This file for instance is a script written in AutoIt, a popular scripting language, and has the icon of an image file. Since the name is long, Windows Explorer does not display the whole name in Tiles and Icons view. The entire file name with the exe extension will be seen if the folder is made to display objects in Thumbnail view, Details view or List view. An unsuspecting user may execute the file expecting it to really be the picture of the worlds most wanted person! Be careful of files that have tempting names and are pretty long that are obscured by Windows. It‘s a feature in Windows to avoid cluttering and messy looks but is exploited by the malicious file writer. Enable double click to open option in Folder Options under the General Tab. That way you can view the file type, by merely selecting it, in the common tasks pane to the left of the window.
Common Tasks Pane showing file type - Print Screen 10.12
Windows allows programs to add to the system startup as an effective method to allow program execution without user intervention. This allows programs like Antivirus software and Network Monitoring Tools to start and run without user interference. Even this feature of Windows has been exploited. It is a common feature of viruses to add their path to system startup, so that even if you terminate the malicious file from memory using Task Manager, the virus will run the next time you restart your computer. A major drawback of the Task Manager is that it does not display additional information about a process like its path or child processes. Microsoft has a tool called Process Explorer that provides much more information than the native Task Manager of Windows. The tool, written by Mark Russinovich, shows loaded dlls, detailed description and thread information and the option to terminate individual threads and close open handles. This tool can be used to find the path of a virus or any other malicious file when it is in memory.
Page | 203
A Beginners Approach to Windows
Process Explorer - Print Screen 10.13
Windows XP provides msconfig that allows you to keep a check on startup items. However there are locations in the Windows registry that viruses or worms can write their path to without msconfig displaying them. In such cases Microsoft (again a Mark Russinovich creation) provides a tool called autoruns.exe which shows startup entries from over 50 locations!! One of the most important place to check is the shell value under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. The correct value is just explorer.exe, or its full path. There are possibilities of some malicious files changing the value to explorer.exe virusname.exe, which causes explorer.exe load the malicious file every time you login. The file will be executed even if you start the computer in Safe Mode. You can eliminate this threat by starting your computer in Safe Mode with command prompt and then running regedit, navigating to the said key and correcting the entry to explorer.exe. All in all, the best bet would be to disable all startup entries except for Antivirus software. Use msconfig to disable all entries except for any Antivirus software and use the Services.msc mmc snap in to control which services are running. Disable services that are not required. Be careful while using autoruns.exe, although it‘s a usewful tool, it lists all the entries that start when your computer starts and leaves the decision to disable any to the end user. There are several entries that belong to the OS. Disabling any of them might cause your computer to behave unexpectedly. The Logon tab contains the normal startup items that execute when you login.
Page | 204
A Beginners Approach to Windows
Autoruns.exe with its Logon Tab - Print Screen 10.14
Except for userinit.exe and explorer.exe, usually nothing else is needed from the list here. Verify that the entries are published by Microsoft. Anything else should be looked at with suspicion. A very interesting feature that most worms come with is that they create a autorun.inf file that as you know causes drives to execute a file or perform an action when the default option on the drive is selected. Merely inserting an infected CD into the CDROM drive could get you infected. Disabling autorun could well cause some CD to function improperly, especially those that rely entirely on the executable that runs when you insert the CD. Common examples would include Game and Software CDs that have an exe that shows a menu that allows you to select options and continue with the installation. To disable the autorun feature for CDROMs completely, fire up the registry editor and navigate to HKLM\System\CurrentControlSet\Services\CDRom and change the value of ―Autorun‖, or create a new DWORD value if it doesn't already exist, and set the data to equal 0 for to disable Autorun. You can easily right click on the drive icon in My Computer and select Autoplay AFTER scanning the CD with a reliable and updated antivirus. On a personal note, I keep the shift button pressed to bypass any Autorun executable and then open command prompt to attrib and dir on the contents. I then use the type command to read the contents of the autorun.inf file to see which executable it points to. Having done that, I proceed to open the Run dialog box and browse to the CD ROM, I right click on the executable and select properties through the file open dialog box, since some autorun.inf files tell Windows to execute programs even on Exploring the drive. The version tab gives me the information needed. Any oddity here and the exe goes through a thorough scan. The same treatment goes for a USB storage device or a pen drive too. Make sure that the access to regedit, cmd, folder options, msconfig and task manager is always enabled. There are registry policies that can lockout the Task Manager, the registry editor and folder options. Worms and viruses use this fact to disable access to these three important tools in Windows. The previous chapter on the Windows Registry explains all the three polices in greater detail and their settings too. What is of importance to note that although there is no explicit setting in Windows to disable cmd and msconfig, worms can still write their locations to the DisallowRun Page | 205
A Beginners Approach to Windows key, preventing users from executing them. Another simpler method chosen by ignorant worm writers is to continuously read the title bars of all Windows that open, if any of them is found to contain cmd.exe or System Configuration Utilty, the window is quickly minimized or the process is terminated. This consumes precious CPU and Memory usage and you may notice your system reacting slowly to mouse clicks and user interface interaction and command execution. You can easily open Task Manager and terminate the process that‘s troubling the system. But what do you do if the Task Manager is disabled. Restarting the computer in safe mode to access the task manager will not be of much help since the policies will still be in effect, preventing you from running task manager. The solution lies in the Safe Mode itself, but in Safe Mode with command prompt. This prevents any rogue application executed as an argument to explorer in the Winlogon key from running. Start the computer in Safe Mode with command prompt and enable the Task Manager and the registry editor using the reg command. If you can open the command prompt in normal mode, but the Task Manager is still locked out and deleting the policy through the reg command causes the worm in memory to rewrite the key back to the registry, the only way out is to terminate the worm first before enabling the Task Manager. It is a little known fact that Windows provides a command line tool to view and terminate tasks. Using Tasklist and Taskkill as mentioned earlier, you can manage running process on your computer. Open cmd and then type tasklist to see the current running processes. You can even see which dlls are loaded for all the process in memory!! Use tasklist /? for more options. Tasklist provides users with the list of current processes and their PIDs (Process Identifiers). Using these PIDs and image names you can terminate the associated application using taskkill. The general syntax is taskkill /PID 504 /F to forcibly kill the process with PID 504, taskkill /IM spool* /F /T to forcibly kill all process that start with ‗spool‘ and their child processes (same as end process tree in the Task Manager.) There are several filters also that you can apply. Detailed usage is beyond the context of this text. But noticing any unexpected memory consumption by an image you do not recognize, could be signs of malicious activity. Terminate applications with care and only if you are sure of them being malicious. The following screenshot shows taskkill being used to forcibly terminate all processes and their child processes that start with the string ‗note‘.
Taskill - Print Screen 10.14
A very important precautionary measure that Windows users HAVE to take is to use a limited user system account for your everyday computing. A limited user account allows you to write and save documents, watch movies, play games, listen to music and surf the internet. When you want to install an application, you can always right click over the executable and select RunAs, this allows you to install the application being in your security limits. The administrative account should not be used except for well administrative purposes. Deleting and creating partitions, formatting drives, debugging programs, creating or restoring system restore points are some instances where you might need to use the Admin account. Worms, viruses or any malicious files do maximum damage if they run in the Admin account. And finally always use an updated antivirus and scan your system regularly for threats. Real time monitoring of files could slow down systems that do not have enough resources. Real time monitoring enables virus and other threats to be eliminated before the Operating System can read the file hence continuously scanning memory and opening and reading files being accessed by Page | 206
A Beginners Approach to Windows Windows could prove to be costly on systems that are low on memory and CPU resources. This is one of the reasons many Windows users give when asked about the absence of antivirus software on their machines. In fact an Antivirus is perhaps the most important third party application you would install on your computer. Always update your antivirus virus definitions and scan engines. Almost all major antivirus software companies provide daily updates as either downloadable content or through the update engine in the Antivirus program itself. Run a full system scan daily if possible or with a maximum delay of one week between each scan. You could keep a scan running and have lunch and endorse other activities simultaneously. Almost all Antivirus products use a common procedure for threat response. When a malicious file or activity is detected, the program will alert the user with either a visual display or an audio tone or both in many cases. The alert will contain the name of the threat, the file name found to be malicious and the response to be taken. Many users get paranoid when a virus is detected on their systems and feel that the correct response would be to delete the file. Not always. There are several actions that you could choose, but the most common ones are to delete the file, to clean the file or to quarantine the file. Different responses should be chosen for different scenarios. Here‘s how you choose. When the threat detected is an individual file that you know does not belong on your system, files, with suspicious sounding names and without proper version information, are a sure go go. Files like ssvccihost.exe, lsasss.exe, winlogons.exe are some examples. Even if the name is a common Windows file, check its location and version information, like if you find lsass.exe file in the %homepath%\Application Data folder, deleting it would be the safest bet. Files are to be cleaned if they can be cleaned. It is a property of viruses that they require a host application to spread. A host application could be any executable or a file that allows executable code to run (like Microsoft Word Documents). These host applications may be required by Windows and by the user himself. It could be the exe of your favorite game, or they could be the MS Word documents of your application forms and letters. Deleting these does not make sense. In majority of the cases these files can be cleaned and the original file restored back. If the file cannot be repaired then most often then not the file would be in memory. Use the task manager to end the process from memory and then attempt cleaning the file. There is a worm called Passma32, commonly found as servicemgr.exe in Windows that infects executables and creates a value in the registry that allows it to run when a user logs in. When a user runs an infected executable, the worm dumps a copy of the original executable to the same directory with an extension of .hwd, changes its attribute to hidden and loads the file into memory. For example if my computer had Fifa06 installed in D:\Games\Fifa06\, and if the worm had infected the main game executable, fifa06.exe, then when I run the game, the worm creates a copy of fifa06.exe as fifa06.hwd in the same directory, changes the file attribute to hidden and loads it into memory so that effectively what I perceive is that my game ran without any issues, no worms, no problems. This executable can be cleaned of this worm; in fact any updated antivirus should be able to get rid of this particular threat. Lastly, the option that all major antivirus products provide is the option to quarantine the file. What simply happens is that the infected file if it cannot be cleaned or deleted then the user can move the file to an area on the system that acts like a vault containing threats that are not mitigated yet. Quarantining a file allows the user to clean the file later when an update has been found. This allows your files to be safely recovered later. When a file is quarantined, all operations to the file are restricted through the Operating System. I derive pleasure in visualizing it to be a prison of some sorts that keeps the malicious threat inside and in inactive mode. An antivirus product can be configured to attempt a set of procedures when a file is tagged infected. The antivirus by default attempts to clean the virus, failing which it tries to delete the threat, failing which the file is moved to quarantine. Following these simple measures could save a lot of time, energy and data. Be prepared for the worst case scenario. It is the same old story again; Precaution is better then Cure.
Page | 207
A Beginners Approach to Windows
X.6: Windows Network Security Windows Networking allows users to share files and resources across the globe. Users can access the internet and other computers on the Local Area Network. Networking opens avenues of businesses to organization allowing data to be stored on servers that are then requested by clients. Shopping, Banking, Email and Messaging are some of the activities possible on a network. If your computer is a standalone home machine then and if you use the internet, the chances of your computer being infected by malware through your browser are pretty high. Crackers and script kiddies out there may use your computer for an attack on an organization without your knowledge. Some process might slyly send data out including the keys typed on the keyboard and other personal information including files and documents stored on your computer. Data can be stolen off your hard drive and published on the internet. Network Security is a vast topic but it all starts from a single machine. Securing your computer is a start towards securing your network. Windows has several inbuilt components that allow your machine to be secured over the internet or the LAN. Let us look at them individually, securing your computer to be safe from internet based attacks and securing your computer from LAN based threats. Securing your computer from Internet based attacks can be understood in two different ways. One is through restricted access from external networks to your machine and second is to prevent malicious activity through your browser and email programs. The easiest way to keep a check on applications that are communicating with other computers or are requesting communication is to use a firewall. And Windows makes it easier by providing an inbuilt firewall called the Internet Connection Firewall. In Windows XP Service Pack 2 (SP2), ICF has been replaced with the Windows Firewall. A firewall in general terms is a dedicated system or software that is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Hardware based firewalls reside on routers or special devices specifically designed to act as firewalls. The most common use of a firewall is to prevent unauthorized access attempts from the Internet to the private network or your system. All network traffic is routed through a firewall which examines each packet that passes and allows only those that match its security criteria called rules. The Internet Connection Firewall, or the ICF, in Windows prevents unauthorized access from the outside world to your computer. The ICF follows the same norms as general firewalls do and consists of rules or generally speaking a set of rules which are used to inspect each and every single packet passing your computers perimeter. The ICF intercepts network traffic and applies its rule set to the traffic. Then the ICF filters packets according to the rules allowing or denying the passage of traffic based on the information in the header of each packet contained in the data. This is broadly called Packet Filtering. The ICF rules or generically any firewall‘s rules contain Network protocol specific information such as TCP/IP source and destination IP addresses and port numbers, along with other information such as connection parameters and size of the packet. This information is matched to the current packet being inspected and then further course of action, i.e. whether the packet enters the network (your computer here) or is dropped at the perimeter itself, is determined. Packet filtering is broadly of two types. Static and Stateful. Static packet filters typically drop or allow packets to pass through the network perimeter on rules based solely on the packets source and destination addressing and other header information. On the other hand a Stateful packet filter allows packets to pass or drops them based on the header information as well as the related information of requested or current session. Like for example the stateful packet filter may drop all packets that do not have header information related to ftp when the packets are being directed to the ftp port. The ICF uses a stateful filter thus allowing a more elaborate set of rules then a normal static filter.
Page | 208
A Beginners Approach to Windows To Open the Windows Firewall (Windows XP SP2 and higher) dialog, go to Control Panel >> Network Connection and right click on the connection on which you want to enable the firewall and select Properties. Go to the Advanced tab of the connection properties and then click on Settings.
Network Connections - Print Screen 10.15
The Windows Firewall can be easily configured through this dialog. The General tab displays the current status of the firewall. Select the On radio button to enable the firewall and click OK.
Windows Firewall - Print Screen 10.16
Page | 209
A Beginners Approach to Windows Windows also allows you to create exception rules. Under the Exception tab, you can select the programs that can accept incoming network connections and can communicate with the outside network. If the checkbox which allows Windows Firewall to display a notification at the bottom of this page is checked then, Windows Firewall will display a security alert with the name and Publisher of the application asking for network access. You can the select whether the application should be given access or not. Based on your choice, the Windows firewall will create an entry in the Exception tab.
Windows Security Alert - Print Screen 10.17
The Advanced tab has options to individually add exceptions to each connection on your system. Click on the settings button in the Network Connections frame to grant access to services running on the network and which communicate with the outside network through your system. For example, if a machine on your local network has a web server running and if your system acts as the gateway to the internet then you can select the HTTP Server service to allow incoming connections from the internet to reach the web server. ICMP or the Internet Control message Protocol allows computers on a network to communicate and share status information like ping echo replies and route and packet information. You can edit these and more settings for ICMP behavior under the second tab of Advanced Settings under the Advanced Settings of the connection in question. For general ICMP options, you can click on the Settings button under the ICMP frame under the Advanced tab of the Windows Firewall configuration dialog. Every connection to your system, successful connection, connection attempts and dropped packet information can be logged to a text file for later retrieval. This information is critical when researching the possibilities of a system break in or a network based attack. By default, the log file is stored in C:\Windows as pfirewall.log. Select the options to log dropped packets and log successful connections.
Page | 210
A Beginners Approach to Windows
Log Settings - Print Screen 10.18
If your system is behaving erratically with network connections and you have difficulty connecting to other computers on the network, then restore the default settings for Windows Firewall by clicking on the Restore Defaults button in the Default Settings frame. The firewall is as smart as the user who configures it. Unknown applications that ask for network access should not be allowed under the exceptions tab. Even when the security alert box pops up, make sure the Publisher is a trustworthy source and the importance of the application to have network access. Scrutinize every application that pops up the security alert box. Even the most convincing application could cause your entire network to collapse. That was about Firewalls and connections. Let us now see the importance and procedure to enforce share accesses. Windows as you know allows you to share a folder or other resources like printers and scanners over the network for immediate access by other users. Data that is shared on the network has to be secured to prevent unauthorized access. You can set permissions to individual users or groups and allow read or write access or full control to the share. To proceed, disable simple file sharing through folder options. Open Folder Options and under the view tab, scroll right down to find the option Enable Simple File Sharing (Recommended). Uncheck it and click on Ok for the settings to take effect. Then right click on a folder you wish to share and select Properties. Select the Sharing tab to show the Share Options. Click on Share this folder to share the folder on the network.
Page | 211
A Beginners Approach to Windows
Creating a Shared Folder - Print Screen 10.19
The share name is the name that will be displayed to other users on the network. You can describe the share by writing a comment about it in the space provided. Always set a user limit on how many users can simultaneously access the share. 3 would be more secure, but if it is a large network with the share being an important data exchange centre then you can use the Maximum allowed option. To set Permissions for users who access the share over the network, click on Permissions. By default everyone will have read permissions. You can add other users to have read and write permissions or even delete permissions by giving Full Control. OK your way back and you should be set. To access your folder from the network, go to My Network Places and click on View Workgroup Computers in the common tasks pane.
The View WorkGroup Computers option in My Network Places - Print Screen 10.20
Page | 212
A Beginners Approach to Windows Then open the computer on which the share is located to access the share. For ease of access you can right click on the share and select Map Network Drive to map the share as a drive in My Computer. To see all the folders that your system has shared, you can go to Computer Management >> Shared Folders.
Computer Management –Share Folders - Print Screen 10.21
Here you will see administrative information about every share on your system, including the default shares. All share names that end with $ are called default shares and can be accessed only by administrators over the network. They are created for troubleshooting and problem solving scenarios and can be safely deleted. You can also view the number of connections any given share has. Refresh the snap in to get an update. You can also create a new share through here by right clicking any where in the blank space and selecting New Share. Windows will present the Share a Folder Wizard which will guide you through the share creation procedure. You can view which users have opened which files on the network and terminate connections and close individual files through Sessions and Open Files.
Close Open File - Print Screen 10.22
Close Established Session - Print Screen 10.23
Page | 213
A Beginners Approach to Windows
All these precautions and security measures may sound so much that you‘ll be compelled to think that it is useless. Out of millions of computer‘s worldwide the chances of me being targeted are slim. Are you correct? The truth is that the world is a very small place digitally and it is always better to be prepared than losing your personal class & picnic photographs, your 1500 mp3 songs, 10 GB of rock videos, your dad‘s office documents, your mom‘s recipes, your brother‘s projects and the address book containing a list of all your girlfriends. Prevention is always better than cure…
Page | 214
A Beginners Approach to Windows
CHAPTER XI
Windows Tips & Tricks We have seen enough of Windows now. Let us now put whatever we have learnt into practical use. This chapter consists of the best tips and tricks that I employ for the smooth running of my computer. Many other Microsoft‘s best tricks and tips are also included. Windows can be tweaked to give optimal performance by following some simple tips. Follow these tricks and tips to ensure a long and healthy Windows installation. After this chapter the reader should be able to: Tweak the startup of Windows for their own needs. Customize Wallpapers and other desktop settings. Increase overall performance by memory management. Customize explorer to protect your computer from viruses and other threats. Chat live with another user on a Local Area Network using the TCP/IP stack. Securely hide & protect a folder or files from normal users. Play around with some of the eggs found in Windows.
Page | 215
A Beginners Approach to Windows Windows by itself may become slow if not tuned from time to time. Given below is a list of different tips and tricks involving different aspects of this Operating System. The tips and tricks described below pertain to the Windows XP OS unless otherwise specifically mentioned. Take full advantage of this chapter to tweak your once slow OS to something not less than a 512 MB 2.55 GHz PIV Windows 2000 system. Most of the common aspects of Windows have been covered here including Startup, Logon, Explorer, Memory Management, File Protection techniques and some of the most notable eggs in Windows.
XI.1: Startup The startup of a computer here refers to the phase from the moment you press the power on button to the time you see the welcome screen. After that it is called as Windows logon which is covered as a separate section. Some tricks given here may not work on your computer due to the difference in Motherboard models and Jumper (pin) connections on the Motherboard. A motherboard manual is almost always supplied with the computer when you buy it from the vendor; refer to it in cases of any difficulty. Tips and tricks are not visibly differentiated, since both will give the reader equal fun when employing.
Start Your computer with the Keyboard. Everybody starts their computers by pressing the Power On button on the cabinet. There are other methods too. You could use any device attached to your computer that has Power Management Support by the Motherboard. Common devices include your keyboard, mouse and the Network Card. We shall see how you can use your keyboard to start your computer. To use the keyboard to start booting, open the system BIOS setup, this can be done by pressing the Delete key just after the first beep. If you do not hear beeps, then keep pressing the delete key to get into your BIOS Setup. Some motherboards have a different key, check your Motherboard manual for details. Anyways once you are in the computer‘s CMOS setup, go to the Power Management Setup Page. Here you will see (if your motherboard supports it then) Power Management Settings. Enable the Power Management option to use the keyboard or any other device supported. All supported devices will be listed here. Look for a Keyboard Power On option, enable it and also change the Specific Key for Power On to a keyboard key (or combination like Start). You may be prompted to enter it twice. Save changes & exit Setup. The next time you want to start your computer, type Start on the keyboard and lo behold!! Cool ain‘t it?
Enable Quick Booting Usually when you start your computer, the BIOS checks all hardware and sends signals to all other interfaces and cards etc. This method can really slow down booting time especially if you have added a new IDE device or shuffled them from masters to slaves or from primary to secondary. To enable quick booting, open the system BIOS setup. Once you are in the computer‘s CMOS setup goto the Advanced Setup option and enable the option for Quick Boot and preferably set the computer‘s first boot device to IDE 0 if you have just one hard disk (and if it is on the primary IDE Channel) and the OS is on it. All these options will usually be one the same page. Consult your motherboard‘s manual if you cannot find the mentioned options.
Page | 216
A Beginners Approach to Windows Enable the Display of the Boot.ini The advantage of displaying the boot.ini file is that you can easily boot into safe mode or any of the other options presented during startup, you can press F8 when the boot.ini file is being displayed and then select an option to start. The boot.ini file shows all the Operating systems installed on your computer. If you have more than one OS installed or the recovery console present than the boot.ini file is always visible. The boot.ini file may be Read Only and/or Superhidden as a system file. To remove these attributes, go to My Computer >> C: 1. If the boot.ini file is visible (which is rarely the case) Right-Click on it and select Properties. Under the General tab remove the check mark against the Read-only box. Click on OK to save attributes and exit. 2. If the boot.ini file is not visible, go to View >> Folder Options (Windows 98) or Tools >> Folder Options on the Menu Bar (no folder options? Registry Policy, go back to the Windows Registry in the Tips & Tricks section) Once Folder Options opens go to the second tab (View) and then scroll down to remove the check mark next to the option saying Hide Protected Operating System files. You will be presented with a warning. Click on Yes. Also select the Show hidden files and folders option and Hide extensions for known file types. Click on OK to close the Folder Options dialog box. You should now be able to see the file. Remove the read only attribute by following the steps mentioned under 1. It‘s an easy job if you have fully understood the boot.ini file. We know that the boot.ini file is displayed only if the computer has 2 or more than 2 OSs. That means we will have to make the computer believe that there are two OSs when actually there is only one installed. To do this open the boot.ini file. On a single OS system the boot.ini file should look something like this: [Boot loader] Timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect
Windows
XP
Home
Edition"
Now just copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft /fastdetect
Windows
XP
Home
Edition"
Windows
XP
Home
Edition"
You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Test for boot" and add switches like /NOGUIBOOT and /SOS. Decrease the timeout value to 2 seconds from 30 seconds if you wish to. Press Ctrl + S to save the file. Close the file and restart by going to Start >> Turn Off Computer >> Restart to see the effects.
Page | 217
A Beginners Approach to Windows Change the bootscreen to your own. You will definitely have seen the Windows boot screen, the same old boring Windows loading with the logo and Windows written on it. You can change the screen to anything of your choice. The procedure is different for Windows 98 and Windows XP. Windows 98: The Windows 98 logo screen is located in the C:\ drive as logo.sys or in the C:\Windows folder as logow.sys. If the file logo.sys is not present in C:\ then copy it from the Windows folder using the command prompt. Whatever the case, open command prompt by going to Start >> Run >> command and then using the attrib command to unhide the file(s). In command type the following C:\> attrib –s –r –h C:\Windows\logow.sys C:\> attrib –s –r –h C:\logo.sys The above commands will remove the hidden, read-only and system attributes from the file. Then open Paint, from the file menu select open and open the logo.sys file and edit to whatever you want, just remember not to change the dimension of the file. Save the file as C:\logo.sys and then change the attributes of the file back to what they were by using command prompt and by typing C:\> attrib +s +r +h C:\logo.sys The logow.sys file pertains to the shutdown screen. Give it the same treatment as the logo.sys file and see the changes for yourself. Restart your computer to see the changes. Windows XP: The Windows XP logo screen is not found as a separate file. Instead the logo is embedded into the ntoskrnl.exe file. One method of having a custom boot screen is by adding a boot.ini switch. First create a 640 X 480 16 colour Bitmap through MSpaint. Open paint and goto to Image >> Attributes and set the Width and Height to 640 and 480 pixels respectively. Create an image and save the file as a 16 color bitmap by the name of Boot.bmp in the Windows directory. Second, open the boot.ini file and add a /bootlogo and /noguiboot to the Operating System name. Your final boot.ini file OS line should look something like this multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition Sfx" /fastdetect /bootlogo /noguiboot Save the boot.ini file and then restart using the Start Menu.
Page | 218
A Beginners Approach to Windows Change the welcome screen
Welcome Screen - Print Screen 11.1
Page | 219
A Beginners Approach to Windows
Welcome Screen - Print Screen 11.2
The welcome screen that you see at logon is a file found in the system32 folder called Logonui.exe. You can change the welcome screen to any other screen provided you have another logonui screen with you. There are several available on the internet. There are even Logon Screen creators like chameleonXP and LogonStudio. Just create one using these softwares or download the logonui.exe file and save it in some directory like C:\Windows. Then open the registry editor and navigate to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon. In the right hand pane scroll down to locate UIHost and change its value to the address of the logonui.exe file, typically C:\Windows\logonui.exe. Logoff to see the changes. You have to be logged on as an Administrator to effect the change.
Change the way users log on and off. If you don‘t like the welcome screen (???) and would prefer the Windows 2000 style of login then you can do the following. Open User Accounts through Control Panel and click on the Change the way users log on and off in the main page of user accounts. Remove the check in the Use the Welcome screen option and click on Apply Options. This will disable the Welcome screen and show a Windows 2000 kind of login. If you are a single user and auto login was enabled then that will be disabled and you will have to press Enter at the login box.
At the Welcome screen you can press Ctrl + Alt + Del twice to switch to the Windows 2000 style of login. If the logonui.exe file is corrupt you will be shown the Windows 2000 login box.
Page | 220
A Beginners Approach to Windows XI.2: Logon Logon in the context of this chapter is the phase from the Welcome Login screen to your computer‘s desktop. You can reduce the logon time by removing startup items and by preventing unwanted services from starting up.
Auto Logon If you are a single user or if everybody else use the same account and you wish to auto login every time you start Windows you can enable Auto Login. Go to Start >> Run >> control userpasswords2 which will open up the Advanced User Accounts dialog box on Windows XP. On Windows 2000 you can use the normal User Accounts found in Control Panel. Under the Users tab select the user you wish to Auto Logon as and remove the check against the option saying Users must enter a user name and …… Click on Apply and you will be presented with a dialog box which will ask you to enter the default User name and Password. Enter the required parameters and click on OK and OK again to close User Accounts. The next time you start your computer, you will be logged in with the default username and password.
User Accounts (Userpasswords2) - Print Screen 11.3
You can also type „rundll32 netplwiz.dll,UsersRunDll‟ in the run box to open up User Accounts. UsersRunDll is case sensitive and is a function in netplwiz.dll and the rundll32.exe application causes the dll to be run as an exe. Almost everything in Windows is done using either standalone programs or dll‟s.
Page | 221
A Beginners Approach to Windows Speed up Logon Whenever you install some program, it may so happen that the application may start at Windows startup. Sometimes it can get completely unnerving when your computer‘s memory is drenched only to start the computer. Whereas some programs are required immediately after startup, like Antivirus software or Network Monitoring tools, some are completely useless, like the Winamp tray program and the MSN messenger. These programs run in the background and eat up precious computer resources like CPU time and RAM space. Then there is the threat of viruses. Almost all viruses have the ability to copy themselves to system startup which can, as everybody knows, wreak havoc on your computer. On Windows XP and Windows 98 you can use the msconfig tool to remove startup objects. Just go to Start >> Run and type msconfig to start the System Configuration Utility. Click on the Startup tab to see all the startup programs. You can easily prevent a program from starting by removing the check next to it. Similar is the case with Services, but it is recommended to use the services management console snap-in to alter services settings. All the entries shown under the startup tab in msconfig are from the registry and the program files startup folder. You can also manually remove each entry physically from the registry by navigating to the keys described below. The drawback of msconfig is that it does not list any programs from the autoexec.bat file. The autoexec.bat file has the programs and set path configurations (for Windows 98), in Windows XP it is usually blank; but some programs can write their location into it so that they are executed at the next system startup. The Win.ini file is a special file in Windows 98 (Windows XP hardly refers to it) which has configurations for 16 bit program support. You can find it in your Windows directory. It usually contains information about mail configuration and mpeg extensions. Fonts and other program specific information may also be found here. Win.ini supports a method called [load] under which you can specify the full path of the executable that you want to run during logon. Windows 2000 provides the worst case scenario, it does not have msconfig. Hence it is necessary to know the locations where viruses or programs might put in their addresses. Just delete the values to prevent them from starting up. Registry HKCU HKCU HKCU HKCU
\ \ \ \
Software Software Software Software
\ \ \ \
Microsoft Microsoft Microsoft Microsoft
\ \ \ \
Windows Windows Windows Windows
\ \ \ \
CurrentVersion CurrentVersion CurrentVersion CurrentVersion
\ \ \ \
Run RunOnce RunServices RunServicesEx
HKLM HKLM HKLM HKLM
\ \ \ \
Software Software Software Software
\ \ \ \
Microsoft Microsoft Microsoft Microsoft
\ \ \ \
Windows Windows Windows Windows
\ \ \ \
CurrentVersion CurrentVersion CurrentVersion CurrentVersion
\ \ \ \
Run RunOnce RunServices RunServicesEx
Changes done to the Local Machine key of the Windows registry are global, which means that if there was a program that had its address in the HKLM key and if you removed it, then it won‘t start for all users on that particular computer. HKCU key is user specific and hence even if you have removed the reference to a program (say a virus) from your account‘s HKCU key, it may still be present in the HKCU key of the other user‘s on your machine; and if that is the case then the program may recopy its address into the HKLM key of the registry the moment the other user logs in, which will mess all the hardwork you had done.
Page | 222
A Beginners Approach to Windows There are some viruses that go a step further. They edit the Shell portion under Winlogon to run themselves as an argument to explorer. No way possible you can detect that!! HKLM \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ WinLogon The value of shell may look something like explorer.exe “C:\Windows\Skullstorm.exe” where skullstorm.exe is the virus. Check that too. Here the virus will run even in Safe Mode!!! Instead of clicking on Yes on the Dialog that is asked at the start of Safe Mode, press Ctrl + Alt + Del to bring up the Task Manager and run the registry editor and edit the value and delete the virus. Who said you need an antivirus? ;-) Open services.msc through Run and check if there are any unwanted services running; you can use the services table included in this book for your reference. The best option is to convert all services startup type to manual. Then restart your system normally. You will notice that the computer starts miserably slowly at this time. Once your computer starts completely, do some normal computing that you would do in everyday life, listen to music, play a game, open MSWord, Excel, Install & run programs, open My Documents, connect to the net, browse a few sites, download some files etc. This is to enable Windows to select which service is important for your daily computing. After you have finished with your routine, open Services.msc again and now see which services have started, turn them to Automatic and you can now be sure that Memory & Resource Management has been taken care of. Check the win.ini and autoexec.bat file for unwanted nuisance.
Change the Logon sound You must have definitely heard the Windows logon sound. Have you ever wanted to be greeted by the starting piano music of Marc Anthony‟s I dream at night instead of the boring rumbling of Windows? Here‘s how you do it. You will require additional help though. Check if you have got an mp3 to wav convertor. Winamp (any version) will do. Then you should have a sound editing tool. The best is Sound Forge. You can get a demo version of it on the Internet or search through the Digit or Chip Magazine CDs. And finally get a good song whose some part you will want as startup music. I am assuming you will be using Winamp and Sound Forge because they are the simplest and the best.
Page | 223
A Beginners Approach to Windows
Winamp Preferences - Print Screen 11.4
Create a folder in your D:\ drive by the name of sound or anything you want and copy the song into it. If the song is already in the .wav format, then skip this paragraph and jump to the editing in the next paragraph. Open the song in Winamp and play to check it. Then give a right click on the Winamp window to show the right click menu. Select Options >> Preferences to open the Winamp Preferences dialog box. Select Output from the left hand side pane to show all the output plug-ins for Winamp installed on your computer. You should have the Nullsoft Disk Writer plug-in [out_disk.dll] listed in the right hand pane. Select it and click on configure. In the directory listing box that appears Select the folder you created for the song (sound or something) and click on OK and then Close to close preferences. Now play the song; it will get converted into a wav file that has to be now edited using Sound Forge or something equivalent. Change the output plug-in of Winamp back to Nullsoft waveOut plug-in [out_wave.dll] to restore audio. File size of wav files is extremely large and hence you may find that your 4.2 MB of I dream at night.mp3 has become 46.3 MB of a wav file.
Page | 224
A Beginners Approach to Windows
Winamp mp3 to Wav Conversion - Print Screen 11.5
Open Sound Forge and open the created wav file through File >> Open. Sound Forge will build peaks and show you the song in a raw editable graphical format. Select the part you wish to make the Windows Logon file and goto Edit >> Trim/Crop. You can add fading effects to this file by going to Process >> Fade >> Out. Then save the file with a name that you will remember, something like Marc-Dream Logon.wav. Save it in a location you won‘t be messing around too much with. Close Sound Forge and delete the other temp peak files (*.sfk) and the converted wav and the copied mp3. Do not delete the newly created file. Open Control Panel and goto Sounds and Audio Devices. Under the Sounds tab of the Sounds and AudioDevices Properties dialog, search for the Start Windows program event. Select it and Browse for the newly created wav file. Select the file and click on OK. Click on the small Play button to hear the file playing. Click on OK to save changes and lo you have successfully achieved what you wanted. Logoff or restart properly to see the changes.
Change the shell Many of us find using the command prompt or cmd.exe more efficient when running simple tasks. You can cause Windows to start cmd.exe as the shell instead of explorer. This is as simple as changing an entry in the registry. Open the Windows registry editor and navigate to the following key: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon Page | 225
A Beginners Approach to Windows
In the right hand pane find a String value called Shell. Modify its value to the full path of cmd.exe i.e. %systemroot%\system32\cmd.exe and then logoff to see the changes. You can run the registry editor from the command prompt if you wish to undo any changes. To shutdown Windows use the Task Manager. This was child‘s play; but have you ever wanted to make explorer into yours completely. This includes, your own custom error messages, the Start Button renamed into any 5 character string, the right click menus in Hindi and lots more. You can do all of this but there is a trade off. You will be editing licensed and copyright software. You are requested not to distribute whatever you have edited. Only if you are using an OEM version of Windows, then only proceed, else skip this section. You could face legal prosecution if you are found guilty of violating the EULA. To read the EULA goto Start >> Run >> Eula.txt. This is purely for fun and I request users not to go overboard else you will end up with a messed shell (explorer). In any case I shall not be held responsible for any outcome, good or bad, out of the usage of this text…. That was for the legal part. To edit bitmaps and strings in explorer, you will have to use a Hex Editor or the best, use Resource Hacker. You can download it at http://rpi.net.au/~ajohnson/resourcehacker. Copy Explorer.exe from the %systemroot% folder into some other safe place as backup. Now open Resource Hacker and then open explorer.exe through File >> Open. Edit whatever you want and then save the file in system32 as explorer.exe itself. Then open the registry editor, navigate to the Winlogon Key under HKEY_LOCAL_MACHINE and change the value of shell to %systemroot%\system32\explorer.exe. End Explorer through Task Manager and start it again by going to New Task >> explorer. This causes Windows to load the file specified under the Winlogon key as its shell which is now your custom explorer.exe. I managed to pull this off.
Custom Right Click Context Menu on the Clock - Print Screen 11.6
Page | 226
A Beginners Approach to Windows
When using an antivirus, select the one that provides real time scanning of files so that you are always protected. Real time scanning keeps you protected by scanning files while copying them from external sources like CDs or floppy disks. And remember to update your Antivirus regularly to remain protected from new threats.
XI.3: Desktop & Wallpaper The desktop and wallpaper are unique for every user on a Windows system. You can customize your desktop and other related settings to give your computer a fresh and appealing look. The Quick Launch and the Taskbar especially can be tweaked to get the most out of them.
The Quick Launch The Quick Launch is the region next to the Start button that has icons for quickly accessing some programs and also has a Show Desktop shell file (*.scf) which minimizes all open windows and shows the desktop. If Quick Launch is not visible then you can enable it by right clicking on the Taskbar and selecting Toolbars >> Quick Launch. There are more toolbars available here including links, addresses and the Desktop. If you like to have an uncluttered desktop, you can enable this option and then hide all desktop icons. On Windows XP the desktop can be hidden by selecting the Arrange Icons by and then deselecting the option that says Show Desktop Icons. You can select New Toolbar from the right click menu of the taskbar and then select a folder to get the folder to the taskbar. This is practically useful if you have a folder deep nested in some drive (D:\..\..\..\..\ etc) and you access it frequently. Just create a toolbar and forget about going to My Computer to open it. Coming back to the Quick Launch, you can create many shortcuts to various objects in Windows. In Windows XP you can have shortcuts for Shutdown, logoff and Switch user as well. Here I will describe the procedure to create shortcuts for all three. For shutdown, you will be employing the fact that there is actually a shutdown.exe file in Windows XP that allows you to interactively shutdown your computer, restart or logoff. You can even shutdown remote computers with shutdown.exe. Its syntax is simple and we shall see only the shutdown and restart using this file. As we all know by now that the Quick Launch is actually a folder whose location is given by %homepath%\Application Data\Microsoft\Internet Explorer\Quick Launch which is different for every user. Open this folder and then right click and select New >> Shortcut. In the location of the item type the following as it is: Shutdown.exe -s -t 12 -c “This computer is about to shutdown!!” The –s tells shutdown.exe to shutdown the computer, the –t xx gives a timeout for the shutdown sequence, you can change that from zero to anything including 99999999999999 seconds to give 3199 days. The –c is for comments. Put any standard 127 character string under inverted commas for the comment. You can create more shortcuts in this folder for restart and logoff by changing the –s to –r and –l respectively. If in any case you wish to stop the shutdown or restart process when the timer is still going on, you have to use shutdown – a where the –a tells shutdown to abort the process. Create a shortcut to it and place it where you can immediately access it (when the need arises!!!). If you don‘t like the icon of the shutdown shortcut (the DOS kind of shortcut) then right click >> properties and select Change Icon and select an icon from the shell32.dll file. This command works only on Windows XP because the shutdown.exe file is found only on Windows XP. The funniest part is when you rename the newly created shortcut to something like ―GetLost‖ and move the shortcut to the Windows directory. Then you can go to Start>> Run and type getlost, and your computer will just do that!!! Page | 227
A Beginners Approach to Windows
System Shutdown - Print Screen 11.7
For Windows 98 create a shortcut having the following command: Rundll.exe user.exe,exitwindows to shutdown and Rundll.exe user.exe,exitwindowsexec to restart the computer. Another method of logoff is the plain logoff command that can be run from the run box or create a shortcut to it in Quick Launch. Logoff is found only on Windows XP To switch user, the command is slightly twisted but it is easy to understand. First create a shortcut in Quick Launch, or anywhere and in the location to the item just type the following: rundll32.exe user32.dll,LockWorkStation This command invokes a function in user32.dll called LockWorkStation which we normally define as the Switch user method. The dll user32.dll has many methods but the procedure of invoking them has to be done through rundll32.exe which is an application that runs dll files as though they were executables. A complete list of methods of user32.dll is beyond the scope of this text. But if you are still interested, then you can open notepad and open user32.dll through its File >> Open menu. You will see a lot of garbage characters, scroll down or search for the LockWorkStation text by using the notepad search. Along with it you will find many more methods which are continuously used by the Operating System. These functions called API (Application Programming Interface) functions and are used by almost all programmers to perform many OS functions like creating folders and Task Management. Do not do any changes to this file, else you will end up with a messed Operating System. Another thing that I mentioned above is the Show Desktop file that minimizes all open windows to show you the desktop. Well this is a normal text file but saved with a .scf extension.
Page | 228
A Beginners Approach to Windows
Windows always hides .lnk, .scf, .pif and some other extensions. You can see them only through a registry hack. .lnk files are program, file or folder shortcuts, .scf are explorer command files and .pif are MSDOS program shortcuts.
To create one of your own or to change the icon of an existing one, open notepad and then click and drag the Show Desktop file (from the Quick Launch) to the notepad window. You will see the following text: [Shell] Command=2 IconFile=explorer.exe,3 [Taskbar] Command=ToggleDesktop To change the icon of the file change the 3 to any other number between 0 and 17 for explorer or you can change the file itself by changing the explorer.exe to %systemroot%\system32\shell32.dll followed by a comma and the icon number. Icon numbers start from zero and end at the maximum that the file contains. All executables have their own icons. Do not leave any spaces between the exe name, comma and the icon number. Just copy this text into any blank text file and save it with a .scf extension to create your own Windows Explorer Command. Put it in any folder you want and double – click it to check the effects.
The Wallpaper and associated settings The wallpaper could be any valid image in any format supported by Windows. Everybody knows how to change the wallpaper from desktop properties. When you click on Browse to search for an image, right click in the folder and Change the view to thumbnail, which provides you a preview of the images. Select an image and click on OK. The thing is that if you have an image whose size is much smaller than your screen size, then you can either keep the image at the center or resize and resample the image so that it looks good when stretched. Smaller images look yuck when stretched. Never keep a .gif file as your wallpaper. They hog a lot of memory due to the animation in them (if there is). To know your current display mode goto Start >> Run >> dxdiag to open the Direct X Diagnostic tool. Under the display tab you will be able to see the screen resolution. Standard resolutions used worldwide are 800x600 and 1024x768 pixels. The greater it is the tinier the desktop appears. Sometimes it may so happen that your monitor may not be able to support the resolution that your computer graphics card can support, in those cases stick to the maximum that is supported by your monitor. (or buy a new monitor…) This is for those people who want to squeeze memory out of everything in Windows, do not keep a wallpaper, but instead have a black background. Keeping a wallpaper takes around 800 KB of more memory for the visual display and graphic calculation by the processor. But who cares, right? So get online and search some good wallpapers and enjoy. Some good websites that provide wallpapers are www.desktopwallpapers.com, www.shiftedreality.com, www.3dart.com, www.topwallpapers.com and www.digitalblasphemy.com. There is also a program called webshots that can be downloaded from www.webshots.com that allows you to download classic images and apply them to the background just by a keyboard shortcut, you don‘t have the hassle of opening Display Properties and browsing. This program is available for free download. You can try it out any time. If you don‘t want it and you also don‘t like browsing again and again for wallpapers, the alternate option that you can have is to copy all your favorite wallpapers to Page | 229
A Beginners Approach to Windows the My Pictures folder in My Documents and then access them directly in the Display Properties dialog. Windows XP provides an ultimate solution to all this mess by giving the Windows Picture and Fax Viewer and if you have View as Thumbnails or Filmstrip then you can just right click on the image and select it as the desktop background image. To end the discussion on wallpapers: when you select an image as a wallpaper, no matter what the extension is, Windows copies the image and converts it to a bitmap (*.bmp) file and saves it with the name of Wallpaper1.bmp in the %homepath%\Local Settings\Application Data\Microsoft. So indirectly you can change the wallpaper of the other users without logging into their account!!! Always refresh the screen when you are going to copy something on the desktop. This sometimes aids copying of files and helps the job to get over faster. If you have the Windows Classic desktop, you can hide the My Computer, Internet Explorer, Recycle Bin and the My Network Places icons by selecting Customize desktop from the Display tab of Display Properties. You can even change their icons. The new icon can be selected from exe, dll or other library files (*.ocx *.tlb etc.). This new icon path is updated in the CLSID value of the component in the registry.
XI.4: Explorer The Windows shell can be modified in N number of ways by still being inside the legal limit. Most of the tricks involve the registry, which have already been covered. There are many others that involve the registry only to some extent and some that hardly require it. There have to be some general considerations that have to be followed when working with Windows. Intelligent memory and program management will help in your PC surviving a longer duration of time. Some simple steps can be followed to make your PC the best in the neighborhood.
Memory Management Some people talk of Windows being a slow Operating System and you can hardly play games on it. Memory is something which is inside you can‘t help it nor can the OS. Every OS takes some memory for its running. Windows XP was released with the idea in the head that there will be at least 128 MB of RAM on the computer. Now if you have 128 MB of RAM and still your computer is slow, that means that there is something else that is eating the computer‘s precious RAM. If you have followed the tips of the previous sections and eliminated the startup items then you have won half the battle. Open Task Manager and under the Processes tab, right click explorer.exe and select End Process Tree and after explorer closes down goto File >> New Task and type Explorer for the shell to return and now see the difference. If you still want to make you Windows XP system faster, then right click on My Computer and select properties to open System Properties. Under the Advanced tab, select Performance settings. Select the Adjust for best performance option under the Visual Effects tab to remove th all the check marks on the several listed below. Now scroll down and select the 11 option th saying to smooth edges of screen fonts, the 14 option saying to use common tasks in th folders and finally the 15 option telling Windows to use drop shadows for icon labels on the desktop. Goto the Advanced tab and select the Processor Scheduling and Memory Usage to be adjusted for best performance of programs (if your computer is a desktop. If you intend using it as server then Background Services and System Cache makes a notable change in the server performance). Page | 230
A Beginners Approach to Windows
Virtual Memory Settings - Print Screen 11.8
Finally the most important of all, Click on the change button for Virtual Memory. In the Virtual Memory dialog box that opens all the drives of your computer will be listed. If your computer has just a single drive, it is bound to have a paging file. Select each drive and select the option to System managed size and click on Set. Do this for each drive and then click on OK. If you are prompted to restart, please do so. Another small adjustment that you have to do is, give the Start Button a right click and select Properties >> Classic Start menu to complete the new Windows look. Your Windows XP will have become Windows 2000 by the looks but by the speed, you will love it anyways.
General Discussions Windows has lots to be squeezed out. Here are some of the best tricks and tips that Administrators usually employ to customize explorer the way they want it.
Have you ever wanted to change the PM and AM of the system clock to something more
whacky? Here‘s how you do it: Open Control Panel >> open Regional and Language Options. Under the Regional Options tab, click on Customize. Under the Customize Regional Options dialog goto the Time tab and change the AM and PM symbol to any string that you want (like Morning and Night). Click on OK all the way back to save changes. The changes are usually immediate. If not then logoff and re-login to see the changes.
If you intend formatting your computer to do a fresh install of Windows then there are some very important things to be kept in mind. Your My Documents folder has to be moved to a drive other than the OS. If you cannot copy the folder entirely Windows has an inbuilt Page | 231
A Beginners Approach to Windows option. First create a folder in any other drive and name it something like Backup and then right click on the My Documents folder icon on the desktop and select properties. In the first tab itself the target path of the current folder is given. Just click on Move and Browse to the new folder you just created. Click on OK and when asked as to whether you wish to move all your documents to this new folder, select Yes and you are done. Just wait till all the files are copied, then you can move ahead with your formatting. Sometimes it also happens that some programs allow you to save their documents and these are saved in the program installation folder itself which is usually on the same drive as your OS. Just search through the folders to find anything worth a backup. If you have edited any system files or created new folders like the Turbo C Compiler then copy them too. If you have edited explorer to rename the Start button or something then copy the file to the backup folder.
If while installing some software, the setup is taking an unusually long time to complete or if the setup exits erratically with or without any errors, check the Temporary folder. First restart your computer and then delete the contents of the Local Settings Temporary and the Internet Temporary Files. To delete the Temporary files, goto Start >> Run and type %temp% which will open up the Temp folder, delete all its contents and then close it. Empty the Recycle Bin and then Open Internet Options from the Control Panel and delete the Cookies and files by selecting appropriate options under the General tab itself. For temporary internet files, delete all your offline content too if you wish to. Then clear Internet History and then again restart after all this.
Many Viruses have long and interesting names, not for pleasure but with a motive. Windows hides file extensions and hidden files are not displayed by default. This can act as a serious threat. A very famous example is the picture virus with Picture_of_the_world’s_most_wanted_person.exe as its filename. This exe has the icon of an image (*.jpeg) and since Windows hides file extensions of known file types, the exe will not be seen and guys like me will definitely want to see who is the world‘s most wanted person. There are viruses which have icons of MSWord files which copy themselves to floppy drives and other removable media when executed. These viruses copy themselves into the system folder and add their addresses to the registry so that they run at startup. Even at times viruses like the Passma.C Worm or commonly known as ServiceMgr of Windows infect an exe and when the exe is called a hidden infected copy of the exe is run while more files are infected on the hard disk. If you have hidden files enabled then you may miss this and other similar threats. More examples of this type would be the Folder.htt and the desktop.ini pair which goes on replicating in every folder. Precautions would be to disable hidden files and hiding of file extensions. Open folder options through Start >> Run >> Control folders. Under the General tab select the Doubleclick to open an item (single-click to select) option. Under the View tab select show hidden files and folders and remove the check against the hide extensions for known file types. Click on OK to save and exit. In case you do not find Folder Options under Tools, then chances are you are infected. Reenable Folder Options through the registry (Policies\Explorer) and then unhide hidden files. If the Registry Editor itself is disabled, use the reg command to re enable the registry and then clean your system (See the Chapter on the Windows Registry for the reg command usage).
Page | 232
A Beginners Approach to Windows To make Windows friendlier, you can give icons to individual folders according to the data they contain. This can be achieved in two ways. By creating a Desktop.ini file or by manually selecting customize from the properties of the folder. Under the Customize tab click on Change Icon and select one from the shell32.dll file. Whenever any folder is given an icon a desktop.ini file is created. This file is Superhidden and therefore you will have to enable the visibility of system files through folder options. Another method of opening the dektop.ini file would be to give it in the full path of the folder. Goto Start >> Run and type the full path to your folder followed by a \desktop.ini string. For example if your folder is D:\Games\Activision\Spiderman2 then the Run command should be D:\Games\Activision\Spiderman2\desktop.ini. A normal desktop.ini file will look like this (for general folders) [.ShellClassInfo] IconFile=%SystemRoot%\system32\SHELL32.dll IconIndex=221 You can change the icon index to any integer that is valid for the number of icons in the file. For shell32.dll it is 237. You can even add your own personalized tool tip message to the folder. Just add a line called Infotip in the desktop.ini file followed by the string that you wish to display. Suppose you have a folder full of songs then you can display a tool tip with the message that this folder contains songs. The final desktop.ini file should look something like this. [.ShellClassInfo] IconFile=%SystemRoot%\system32\SHELL32.dll IconIndex=221 InfoTip=”Best of Marc Anthony.” Save the file whenever possible. If the file is read only then remove the read only tag from the properties option of the file.
Whenever you write a CD you can program your own personalized menu using batch files or any other language for that matter and then make the CD auto running so that the menu pops up just like game companies and Microsoft does it. Its one of the easiest jobs in everyday computing. First select an exe or a batch file to be run when you insert the CD. If you have some other file of some other extension that has to run (like an html webpage, then you can write the batch code for it and make the batch file run). A drive or a CD will auto run if there is a file called autorun.inf in the root of it. Root of it means that when you open the drive the autorun.inf file should be the outermost file, it shouldn‘t be inside any other folder. This is a normal text file saved with a .inf extension. The normal syntax of the autorun.inf file is [autorun] OPEN=program_name.exe ICON=icon_path Keep the executable also alongside the autorun.inf file. If in any case the exe happens to be inside any folder then replace the program_name.exe by \folder_name\folder_name\program_name.exe. So now you know how the menu of MSOffice & Counter Strike pops up when you insert the CD into the drive. To prevent a CD from auto running just keep the shift button pressed when inserting a CD into the drive.
Page | 233
A Beginners Approach to Windows WindowsXP has a new feature called Prefetch. This is a folder that keeps shortcuts to recently used programs. The folder is found in the Windows folder. This is useful and obiviously a faster method of program location & execution, however as time goes it can fill up with old and obsolete programs addresses. To clean this periodically go to: Start >> Run >> Prefetch. Press Ctrl-A to select all the shorcuts and delete them. This is only to free up some disk space. Emptying the prefetch folder can cause the system to boot more slowly although the difference in times isin‘t significant.
You all must be familiar with the Blue Screen of Death on Windows 98. Well at times of disaster too, you can opt for some fun by having the screen customized to suit your eyes. You can change the normal colors of the background and text when you get a Blue Screen of Death. Open the SYSTEM.INI file in the Windows directory. In the [386Enh] add the entries: MessageTextColor=X MessageBackColor=X Where X is replace by the number for each of the following colors: Black = 0 Blue = 1 Green = 2 Cyan = 3 Red = 4 Magenta = 5 Yellow/Brown = 6 White = 7 Gray = 8 Bright Blue = 9 Bright Green = A Bright Cyan = B Bright Red = C Bright Magenta = D Bright Yellow = E Bright White = F
Never delete programs from the Program Files folder. Always uninstall them using the Windows Add/Remove Programs or the uninstaller supplied with it. When you install a program, along with the main executable other dlls and helper files or program child files are also copied to the hard disk. If the program requires system interaction most of the time then the chances are that the excess files are installed in the system32 folder. Now nobody can sift through the 1000 odd files in system32 folder to find the helper files of the program. That is why, even if you delete the program, space is wasted because of those unknown files. Needless to say there are the registry keys that are created during installation. Even these keys remain in the registry as null and useless data, resulting in increased size of the registry. In any case if you have deleted a program from the Program Files folder and you can still see it in Add/Remove Programs then open the registry and navigate to the following key and inspect and delete the key that shows a string in the right pane as DisplayName whose value is the program that you deleted.:
Page | 234
A Beginners Approach to Windows HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall Refresh the registry and the Add/Remove programs Control Panel applet to see the changes.
Do not delete any unnecessary keys here. This is a very crucial part of the registry. Any erratically deleted key could cause errors during future reinstall of the software.
Windows has many components that you hardly will be using. An example could be the irritating MSN messenger that starts up and sits in the background eating memory. There is a method of removing unwanted Windows components. Here‘s how. Open the C:\Windows\inf folder which is hidden and read-only. Goto Start >> Run >> inf, you will be directly taken to the inf folder. In this folder search for the sysoc.inf file. Open the file and in the Components section, simply remove the word hide. This will leave two commas together (like on the rest of the items). Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed. [Components] NtComponents=ntoc.dll,NtOcSetupProc,,4 WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7 Display=desk.cpl,DisplayOcSetupProc,,7 Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7 NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7 iis=iis.dll,OcEntry,iis.inf,,7 com=comsetup.dll,OcEntry,comnt5.inf,hide,7 dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7 IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7 TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2 msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6 ims=imsinsnt.dll,OcEntry,ims.inf,,7 fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7 AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7 msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 WMAccess=ocgen.dll,OcEntry,wmaccess.inf,,7 RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7 IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7 OEAccess=ocgen.dll,OcEntry,oeaccess.inf,,7 WMPOCM=ocgen.dll,OcEntry,wmpocm.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7 AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7 CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7 MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7 AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7 Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7 MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7 ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
If you think that some virus or some malware has corrupted your Windows files then there is an inbuilt tool that gives you the option of replacing modified (possibly infected!!) files with the original ones from the Windows CD. You can run the System File Checker to verify protected system files. Page | 235
A Beginners Approach to Windows
Command line switches are: sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x] /scannow - Scans all protected system files immediately. /scanonce - Scans all protected system files once. /scanboot - Scans all protected system files every time the computer is restarted. /revert - Returns the scan to its default operation. /purgecache - Purges the Windows File Protection file cache and scans all protected system files immediately. /cachesize=x - Sets the size, in MB, of the Windows File Protection file cache. Run sfc/scannow and insert the Windows CD when prompted for. There is yet another tool that checks for the digital signature on files. To help maintain the integrity of our systems, critical files have been digitally signed so that any changes to these files can be quickly detected. Use sigverif to scan all digitally signed files for incoherencies.
You must have noticed the name of your OEM (like HCL) etc. when you open System Properties. How about changing that to your name? They Information displayed here is stored in a file called Oeminfo.ini, found in the System32 folder in XP and System folder on Windows 98. If non existent create the OEMINFO.INI file in the System32 folder and enter or edit the lines: [General] Manufacturer=
Directory navigation is quite simple when you put in a ―\‖ at the end of a folder. But navigating out? This is how you would do it with a backslash. Go to Run and type ―C:\Windows\System32\‖ and press Enter. You will find you are in the System32 folder (Duh..?) as expected. Now go back to Run and type ―C:\Windows\System32\..\..\‖. C drive will open up. The ―..\‖ tells explorer to navigate out of the current folder. Hence two ―..\‖ will get you back to C drive. Therefore ―..\‖ means the previous directory. Now try the C:\Windows\System32\.\.\ with a single dot instead of two. A ―.\‖ means the current directory, so C:\Windows\System32\.\.\ opens System32. You can infact navigate out of your current folder and navigate into some other folder on the same drive. For example; open C:\Windows\System32\oobe, now in the address bar type (don‘t press enter) ―..\..\Fonts‖, so that the final address in the Address bar looks like this: ―C:\Windows\System32\oobe\..\..\Fonts‖ Now press enter, you will be taken out into C:\Windows and then back into the Fonts folder. Pretty cool eh?
Page | 236
A Beginners Approach to Windows If your computer is on a Local Area Network you can chat with another user on the network in real time. There are two methods of doing this. One is the commonly known winchat method and the other the less common dxdiag method. To do a normal chat, go to Start >> Run >> winchat. This will open up the windows chat program. Click on Conversation >> Dial and then select a computer from the network either by browsing through the dialog or by typing its name in the box provided. The other method is by using the DirectX Diagnostic tool. This is slightly tricky so follow the instructions carefully. We shall be using the Direct X diagnostic tool to connect to another computer solely for the purpose of chatting. Go to Start >> Run >> dxdiag to start the Direct X Diagnostic tool. Wait till it checks for necessary signatures etc and then click on the network tab. In the Registered DirectPlay Service Providers select Internet TCP/IP Connection For DirectPlay. Then click on Test DirectPlay. In the DirectPlay Test dialog box, type in a username (anything) and select the TCP/IP service provider, select Create New session and click on OK. On the other computer from which you want to receive messages repeat the above but at the end where you selected Create New session, select join Existing session (leaving everything else exactly the same). You will be presented with another dialog in which the creator of the session will be listed. Select the session and click on Join and start chatting….. This can be done with any of the service providers, provided that they exist on both the computers and both the users on both the different machines have to create or join sessions from the same service providers. To simply send a one way message to any computer on the network use the net send command through cmd. The syntax is as follows: Net send [computername] “message” The computer should be on the same domain and in the same workgroup for this command to work properly. Else some modification in the command should be done. See Net Send ? for more details and the full syntax.
XI.5: File & Folder Protecting Techniques Every body has some or the other data on their computers which they wouldn‘t want anybody else to find. You wouldn‘t like if your younger brother or somebody comes and peeks into your mail or your personal photographs. Data protection and file & folder security is a must if you wish to have privacy.
Convert all your computer‟s hard disk partitions to NTFS for maximum security. Use the convert command of cmd.exe to change drive file systems without data loss. If you prefer using third party software, use Partition Magic 7.0. It‟s the best.
I have included six methods of folder hiding and protecting using Windows itself, here. Using the attrib command, using cacls, using CLSID values from the registry, using the copy command to byte stuff data into images, using Windows Encryption and using Alternate Data Streams. The attrib command is explained below.
The attrib command basically modifies attributes of files or folders. Attributes include read only, hidden, system and archive. These characters describe a file physically to the computer and Windows changes its access mechanisms based on these attributes. To understand this method, first create a folder in your computer‘s D: drive called Secret or something like that. Then open cmd.exe and run the attrib –s –h –r D:\Secret. This command will reset all the attributes of the folder. Here –s stands for system, -h for hidden and –r for read-only. The fact that we trying to employ is that when you hide folder in Windows it is just hidden but when you try to hide system file
Page | 237
A Beginners Approach to Windows or folder, Windows superhides it. Superhidden files or folders cannot be seen even if show hidden files are enabled from the Folder Options dialog. To see Superhidden files remove the check against the Hide protected operating system files option. Press Yes on the warning and now you can see your folder. Superhidden files and folders cannot be seen even if show hidden files are enabled. To super hide D:\Secret, open cmd.exe and at the command prompt type attrib +s +h +r D:\ secret. The +s, +h and +r will set all attributes. To access the folders just reset the s and h attributes from cmd .exe by attrib -s -h -r D:\ secret. If you find resetting and setting of attributes tiresome, then you can open My Computer and type the path (D:\Secret in this case) in the address bar to be taken straight into the folder. It is advised not to use the Run box since the Run history will show the folder path and the whole motive of secrecy is lost. This is not a powerful method but I still use it in some cases especially on FAT32 drives.
The Access Lists (ACLs) modifier or cacls.exe can be used to prevent access to a file or folder for specific users or everybody. Cacls.exe is a console based implementation of the Windows User Permissions module. You can right click on most NTFS folders and access the security TAB to do it using the GUI mode through the Properties option of the right click context menu. The cacls command works only on NTFS drives. The following example will show you the power of the cacls command. Create a sub folder inside D:\Secret called Data or something and store your data inside this new folder instead of storing it in D:\Secret. This is very very important. The reason I'll come to later. To protect the D:\Secret folder, open cmd and type the following D:\>cacls D:\Secret /D everyone Where the /D will disable the folder to all types of access for everyone. The ‗everyone‘ can be replaced by a specific user. Now try accessing the folder. You will get an ‗Access is denied‘ error.
To see the names of all the users on your computer, open cmd.exe and type net user.
To make the folder accessible, type the following at the prompt: D:\>cacls D:\Secret /G everyone:F where the /G tells cacls to grant access to the specified user (everyone here) and the :F tells cacls to give full access to the folder. Other access rights are R (Read only) W (Write and Read) and C (Change). Instead of using the cacls command again to gain access to the folder, you can simply type in the full path of the new folder you created inside Secret (Data in this case) in any explorer window, and you will be taken directly into the folder where your data is stored. Again do not use the Run command box for security reasons. But always have a backup of the data elsewhere because ACLs for a folder may differ on different versions of Windows. If in case you get access denied errors while granting access, then use the /C switch with the /G to continue processing on errors. D:\>cacls D:\Secret /C /G everyone:F It is a known problem that reverse cacls may not work if the user who created the folder is deleted or if the folder is being accessed through another installation of Windows. Which means that grant access may not always work, that is the reason why I said to create another folder called Data or anything so that in case grant access doesn‘t work, you should be able to atleast navigate straight into the Data folder from the Address Bar of Explorer and get your data out. The cacls command is worth a shot but has the major disadvantage that anybody with physical access to the folder can easily use cacls and access the folder or file. In that case, a small trick that Page | 238
A Beginners Approach to Windows can help you is that use the cacls command in combination with attrib. People won‘t even know that the folder exists until somebody is smart enough to use Folder Options. You cannot modify anything of a folder after locking it out with cacls therefore use the attrib +s +h +r D:\Secret command first and then cacls D:\Secret /D everyone. You could also use the registry to disable Folder Options to prevent other users from using the View Tab to show Superhidden files. If you have an entire drive full of sensitive data, then you can use the registry to lock out the entire drive to other users. See the registry chapter for more details.
If you have read the chapter on the Windows Registry, this next method should be a piece of cake. But first, let us try to understand the logic. Renaming of files and folders if carried out in some ways can act as protective measures. Windows recognizes files in two ways, through its file extension and/or by the file header. For example if you have a .wav file called ―Tere Bin.wav‖ then the extension tells Windows that the file is a Wave file which is basically an audio file and if file associations has wav files associated with Windows Media Player then the icon will be the familiar Windows Media Icon. When you double click on this file, it will by default open with Windows Media Player. This happens because the extension .wav is registered in the Windows registry with a unique hexadecimal number called CLSID (Class Identifier) that it should open with Media Player. Now, if you rename the file from ―Tere Bin.wav‖ to ―Tere Bin.txt‖ and if you double click on the file, it will open with notepad because of the extension, but if you drag and drop this text file into Windows Media Player, it will still play. This is because of the header. The header in case of wav files is the first 44 bytes of the file which has got information on what type of file it is etc. Windows Media Player will of course check for the extension, finding it non compatible (.txt) it will then check for the header, if it‘s a valid media file then it plays it, else a format not supported error is displayed. Now we know extensions are decided by the CLSID values in the registry. So if we rename a file or folder with a CLSID value of some other file or may be even the special folders, preceded by a dot, then logically Windows will attempt to execute the function associated with that CLSID. Got that? Alright…. enough of logic, here is an example. Create a folder called Test in D Drive or anywhere. Put some data into it, some mp3 files, some 5 or 6 wallpapers and maybe 2 PDF files. Open the registry editor (regedit.exe), then open the HKEY_CLASSES_ROOT hive because this key stores all CLSID values. Press F3 to open the find box. Type ―My Computer‖ and press Enter to search the CLSID for My Computer. You should reach HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} Right Click on the key and select rename and then right click again and copy {20D04FE0-3AEA1069-A2D8-08002B30309D} because this huge number is the CLSID value for My Computer. Close regedit and go back to your Test folder and rename it to Test.
Page | 239
A Beginners Approach to Windows @echo off rename Secret.{20D04FE0-3AEA-1069-A2D8-08002B30309D} Secret exit Try out the other CLSIDS also out of the many that are available. There is a slight problem with the above method. The CLSID part of the file name will be visible in some cases. On some systems the whole folder name is displayed. Suppose you have named your Secret folder with the Recycle Bin CLSID {645FF040-5081-101B-9F08-00AA002F954E} then the whole folder name could be visible (See Print Screen)
Visible CLSID Extension – Print Screen 11.9
In such cases a user will be able to just rename the folder to anything of his choice, removing the CLSID and returning the folder to its normal form. If the extension is not visible then even if you rename the folder in explorer, it does not revert to a normal folder but remains as a Recycle Bin. To prevent this from happening, you can influence the folder‘s behavior using a desktop.ini file. Create a folder to hide your data. Open notepad and copy the following two lines as they are. [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} Save the file as a .ini file by selecting Save As type as All files and File name as desktop.ini. Save the file in the folder. Now comes the interesting part. Logically the folder should have got converted to another Recycle Bin, but it does not. What is missing is the folder not being recognized by Windows as a System folder. When you rename a folder using a CLSID value of a System Folder (My Computer, Recycle Bin, My network Places etc..), Windows automatically assumes them to be System folder‘s even though their S attribute is not set. Now to complete the trick, use cmd to set S attribute of the folder using the command attrib +s
The next method is what I prefer to use when I am sending important, data to my friends via a floppy or e-mail. This method just byte stuffs the data to another file mentioned in the copy
Page | 240
A Beginners Approach to Windows command and creates another file with both the original files merged. This method allows you to copy text or other documents into another file. You could very well hide an MSWord document inside a video file and play the video without any problem with your data safely hidden inside the video file. The only problem will be retrieving your MSWord file. Hence it is advised to restrict this method to only text (notepad) files and jpeg images. Create a folder in C drive called Test (or anything). Copy a jpeg into it and then create a notepad file and use 3 or 4 Carriage Returns before you write some data into it. This will make it easier to read the data from the image. Then open cmd.exe and go to C:\Test. Then use the copy command in this format: C:\>copy /b [image name] + [Text file] [destination image] So if the name of our image was C:\Test\Earth.jpg and the text file was C:\Test\Secret.txt then the command would look something like this: C:\Test>copy /b Earth.jpg+Secret.txt New.jpg This command will byte stuff the text file into the Image file and create a new image file called New.jpg which you can mail or send via a floppy. If you want to retrieve the text, just drag and drop the image in notepad and scroll right to the bottom, if you created the text file with carriage returns then the text should be plainly visible. But who would think hiding text into images was possible. (Hmmm..?) And this isn‘t even steganography…
As we saw in the last chapter Windows on NTFS drives provides encryption at the file and folder level. You can easily keep your data safe from other users on the same machine. Let us take a quick example here. Re-consider your D:\Secret folder. Go to its properties, then click on Advanced in the General tab itself. Then select the Encrypt Contents to secure data option. When you click on Apply or OK, you will be presented with a Confirm Attribute Changes dialog, select the second option of applying encryption to folders, subfolders and files. This is a good administrative practice since any folders or files added inside this directory will be encrypted. To decrypt the file or folder, follow the same procedure and remove the check mark against the Encrypt Contents to secure data option. Do not let any other user change your password, you will not be able to access your data if encrypted.
The last method is a helpless extension of a very little known feature of NTFS called ADS or Alternate Data Streams. To actually use it to hide data, we will have to understand what ADS is. It included several new features: quotas, sparse file support, reparse points, distributed link tracking and the Encrypting File System (EFS). ADS or Alternate Data Stream is any data attached to another file but not within the file itself. Windows implements many of its little known functions like additional file information and tagging files as encrypted using ADS. When a file is created as an Alternate Data Stream, it is always created linked to another file or even a folder. The ADS is present on the disk but isn‘t included in the file size calculating algorithm. And to top it all, a file or folder can have any number of ADS of any sizes that is only limited by the available free space. One of the most common uses of ADS is to store additional file information like the Author‘s name, Word count, Pages and other document data of a word file. You can view and edit this information by right clicking a word document >> properties and clicking on the summary tab. In fact any file will have a summary tab on an NTFS drive so that you can indirectly edit the ADS of that particular file. A file without any custom information added, contains a single data stream called $DATA which is the data inside the file itself and is not an alternate data stream. Any other streams attached to it will have the format filename.extension:ADSname:$data. When you open a normal file the default $DATA is read which is the data in the file itself. A normal file will be of the format filename.extension::$Data (Note there is no ADS). Imagine you had a text file full of passwords and you had attached (We shall see how) it to explorer.exe, then to access the contents of passwords.txt file you would have to use explorer.exe:passwords.txt:$Data. You can even have
Page | 241
A Beginners Approach to Windows ADS for a folder!! In fact any folder on a NTFS system. You could then store your passwords.txt file attached to C:\Windows!! You can attach any number of files to any single file or folder. That means you could attach a 600 MB ―Chak De.mpg‖ to a 4 MB ―Summer of 69.mp3‖ without increasing the size of your mp3 by a single byte!! Windows does not show the attached file in explorer or by any normal means. The whole 600 MB can be stored on to the hard disk (without anybody knowing) and retrieved later. Since ADS is not stored inside the parent file, the size of the mp3 remains the same!! That kinda sounds far fetched right? Alright let‘s have a small demonstration. I will show you how you can attach a text file to another file. Let‘s use explorer.exe and passwords.txt
Open Notepad and type the following: Orkut=atikin Rediff=Riyaz Yahoo=whatever These are web services and their respective passwords. You could type in anything you want. Then save the file as passwords.txt in C: drive.
Then go to Start >> Run >> cmd to open the command prompt. cd.. your way to C:\> then type the following: C:\>type passwords.txt > C:\Windows\explorer.exe:passwords.txt Delete the original passwords.txt file from C: drive. The above command is self explanatory but for all those who didn‘t grasp its entirety, here‘s how it works. The type command is a cmd internal command to display the contents of a file, so type [filename] will display the contents of the text file. The >, also called as the output redirection operator is used to redirect output from one command to another command or file. C:\Windows\explorer.exe:passwords.txt is the ADS to explorer.exe called Passwords.txt. Now your file is safe and since you have attached it to explorer.exe (highly unlikely to be deleted) you can sleep well. To retrieve the text file or the data inside, you can again use the command prompt or notepad.
Using command prompt: C:\>more < C:\Windows\Explorer.exe:Passwords.txt More is used to display output one screen at a time. Conveniently type does not work to display file contents here. The <, also (you must have already guessed it) called the input redirection operator takes the file contents from the file and gives it to more so it is displayed a (screen) page at a time. To dump it back to a text file use echo | more < C:\Windows\Explorer.exe:Passwords.txt > Passwords.txt This is slightly complicated. Echo is used to display whatever is given to it as an argument. Echo Hello will display Hello. The pipe (|) is used to pass the output of the more command to echo and the > is used to dump whatever got echoed to the text file Passwords.txt. Ok? Here is a simpler method.
Using notepad: Go to Start >> Run and type the following. Notepad C:\Windows\Explorer.exe:Passwords.txt Notepad should open up displaying the contents of the file. You can then use File >> Save As to save it anywhere you want.
Page | 242
A Beginners Approach to Windows
These are just two of the methods to read and write of the many that you can have. Just manipulate your cmd commands and think… Since ADS is any data attached to another file, it will be deleted only if you delete the parent file (or use a third part tool to delete… Sysinternals (now under Microsoft) provides a tool called streams). I wrote a tool some time ago that would allow users to create, delete, modify and extract alternate data streams using Visual Basic 6.0, although not available for download, here‘s a screenshot of the application:
NTStream: An application to work with NTFS ADS – Print Screen 11.10
Always remember the name of the data stream and the parent file to which you attached it. Creating data streams could take up valuable hard disk space (if you are planning to hide movies [;)]). You can use ADS to hide any type of data, even executable code. Although that‘s not good administrative practice, it can be done. Viruses and worms like Email-Worm.Win32.Dumaru.a and Win2K.Stream use ADS to spread. Use ADS efficiently and non-maliciously, use it to your advantage.
Page | 243
A Beginners Approach to Windows
XI.6: Eggs & Bugs Eggs are defined as deliberate programming errors or small animation or unexpected stuff left deliberately inside a program by the creator just for the sake of some fun. Many program eggs are simple animation or list of programmers or calendar or names of countries and things like that. Many of these eggs are activated by a special key combination or a mouse click at a very precise location in the program interface. Most of these are found in screensavers and the games that come shipped with Windows. Other Applications like Microsoft Word & Excel also have their share but their discussion is beyond the context of this text.
In Freecell (I don‘t know who else plays this except me….) press Ctrl + Shift + F10 during game play (when the cards are lined out), you will be presented with a Abort Retry Ignore box. Press Abort and move a card on the screen to win the entire game.
For all the solitaire lovers this ones a gem. Press Alt + Shift + 2 from the keyboard to force an easy win anytime during the game. Press any key to come out of the animation and when asked to deal again select No. You will be then left with a blank green screen. Press Alt + Shift + 2 again and check out the cards come out of the screen.
In Solitaire again, draw from the deck at least twice. Hold control and drag a card down from the deck. Press the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!! The cards will look weird while dragging though…
Pinball has got several cheats that allow you to easily surpass any previously recorded highest scores. At the first screen before launching the ball type the following to activate the respective function: 1max : Gets you extra balls at the start of a new ball. gmax : Activates the gravity well. rmax : Go up in ranks. bmax : No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. hidden test : You can move the ball around with the mouse. Left Click and keep mouse button pressed to move around. No notification is given that this mode is activated. Bugs are always found in some program or the other. No program can ever be made bug free. Best example that I can think of is a calculator. When you are programming a calculator, the user will enter numbers through a text box and click on the function (add, subtract, divide, multiply etc.). Now what may happen is that, you cannot be certain that the end user is actually going to type a number in the text box. A text box is meant to take in strings, you will internally (in the code) have to make sure that the character entered can be converted to an integer. So you won‘t be able to enter your name in the text box because that will give an error. You can also program the calculator in such a way that it will cause execution to jump to another function that checks if entered character can be converted to a number, if it can, proceed ahead else display a message or clear the text field. This function that handles the error is called an error routine. More prominent bugs are the divide by zero errors and factorials, but these can be checked with the help of error routines. Programming bugs in Windows are exploited by hackers to run applications on remote machines. This is both difficult to perform and extremely dangerous. Hence the need to keep your system patched. Read the Appendix for details and an overview on Security.
Page | 244
A Beginners Approach to Windows Windows has files to simulate the existence of some devices in its architechture. These virtual devices include the nul device, the comN (N = 1,2,3…9) ports, the two pipes, aux, con (console), lptN (N = 1,2,3) and the prn device for printer. You cannot by normal means create a folder or file in Windows with any of these names. (There‘s a challenge waiting here…) The folder will simply not recognize the name and revert back to New Folder. In Windows XP, if you go to Start >> Run and type C:\nul, Windows pops up a box to ask you which application to use to open this type of file. If you select notepad, you get an ―Incorrect function‖.
Do not try executing a location through a Start >> Run C:\nul\nul or C:\con\con or for that matter any combination of these or other virtual devices on Windows 98 or Windows 95. Windows 98 does not have the necessary exception handling for references to such devices and may crash.
Page | 245
A Beginners Approach to Windows
Challenges: 1. Create a folder called con in C:\.
Page | 246
A Beginners Approach to Windows
CHAPTER XII
Keyboard & Program Shortcuts This chapter lists most of the possible keyboard shortcuts that exist on a Windows machine. This chapter will surely make your life easy. Individual applications have their own shortcuts to navigate through their child windows. This chapter will highlight only the Windows Keyboard Shortcuts. After this chapter the reader should be able to: Use various Windows keyboard shortcuts.
Page | 247
A Beginners Approach to Windows All applications have shortcuts, but they are usually not user known, and it may so happen that you may accidentally stumble upon one shortcut and feel a great sense of elation. It is the case with all Windows users; Users, who have used Windows as their primary OS for quite a time now, will hardly use the mouse. Most commands and windows and applications can be handled through the keyboard. This is easier since almost all tasks can be performed by using the keyboard. I am not saying the mouse is not necessary, it is absolutely necessary otherwise how are you gonna play Unreal Tournament, but using the keyboard for common tasks can relieve lot of tension caused by moving the mouse and clicking the right button. Most of the shortcuts mentioned here are taken from the Microsoft Knowledge base, reformatted, condensed and rewritten for the sake of easier application of them.
XII.1: Windows Shortcuts Windows is full of shortcuts. Remember the general rule, a button or menu is accessible through the keyboard by pressing the ALT + (underlined letter) combination. If you cannot see any underlined letters on menus then press the ALT key on the keyboard to show all the underlined letters for the current active program.
General keyboard shortcuts These are general purpose shortcuts that can be used when you are on the desktop or when you are working with Windows. Keyboard Combination
Action / Output
CTRL + C
Copy
CTRL + X
Cut
CTRL + V
Paste
CTRL + Z
Undo
DELETE
Delete
SHIFT + DELETE
Delete selected item permanently without moving to the Recycle Bin
CTRL while dragging an item
Copy selected item
CTRL + SHIFT while dragging an item
Create shortcut to selected item
F2
Rename selected item
CTRL + RIGHT ARROW
Move the insertion point to the beginning of the next word
CTRL + LEFT ARROW
Move the insertion point to the beginning of the previous word
CTRL + DOWN ARROW
Move the insertion point to the beginning of the next paragraph
Page | 248
A Beginners Approach to Windows CTRL + UP ARROW
Move the insertion point to the beginning of the previous paragraph
CTRL + SHIFT with any of the arrow keys
Highlight a block of text
SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document
CTRL + A
Select all.
F3
Search for a file or folder.
ALT + ENTER
View properties for the selected item
ALT + F4
Close the active item, or quit the active program
ALT + Enter
Displays the properties of the selected object
ALT + SPACEBAR
Opens the shortcut menu for the active window
CTRL + F4
Close the active document in programs that allow you to have multiple documents open simultaneously.
ALT + TAB
Switch between open items.
ALT + ESC
Cycle through items in the order they were opened
F6
Cycle through screen elements in a window or on the desktop
F4
Display the Address bar list in My Computer or Windows Explorer
SHIFT + F10
Display the shortcut menu for the selected item
ALT + SPACEBAR
Display the System menu for the active window
CTRL + ESC
Display the Start menu
ALT + Underlined
letter in a menu name Display the corresponding menu
F10
Activate the menu bar in the active program.
F5
Refresh the active window
BACKSPACE
View the folder one level up in My Computer or Windows Explorer
ESC
Cancel the current task
SHIFT when you insert a CD into the CD-ROM drive
Prevent the CD from automatically playing.
Page | 249
A Beginners Approach to Windows
Dialog box keyboard shortcuts Keyboard Combination
Action / Output
CTRL + TAB
Move forward through tabs
CTRL + SHIFT + TAB
Move backward through tabs
TAB
Move forward through options
SHIFT + TAB
Move backward through options
SPACEBAR
Select or clear the check box if the active option is a check box
F4
Display the items in the active list
Natural keyboard shortcuts Most keyboards have the Windows Logo key and the Right Click menu key. You can use these keys, especially the Windows Logo key in combination with various keys on the keyboard to access some features of Windows. Keyboard Combination
Action / Output
WinKey
Display or hide the Start menu
WinKey + BREAK
Display the System Properties dialog box
WinKey + D
Show the desktop
WinKey + M
Minimize all windows
WinKey + SHIFT + M
Restores minimized windows
WinKey + E
Open My Computer in Explorer view
WinKey + F
Search for file or folder
WinKey + CTRL + F
Search for computers
WinKey + F1
Windows Help
WinKey + L
Switch User or Lock Computer
WinKey + R
Run Dialog Box
WinKey + U
Open Utility Manager
WinKey + (Shift) + Tab
Cycle through Taskbar Open Programs
Accessibility keyboard shortcuts Keyboard Combination Page | 250
Action / Output
A Beginners Approach to Windows
Right SHIFT for eight seconds
Switch FilterKeys on and off
Left ALT + left SHIFT + Print Screen
Switch High Contrast on and off
Left ALT + left SHIFT + Num Lock
Switch MouseKeys on and off
SHIFT five times
Switch StickyKeys on and off
NUM LOCK for five seconds
Switch ToggleKeys on and off
Windows Explorer keyboard shortcuts These shortcuts can be used in any explorer window. Keyboard Combination
Action / Output
End
Display the bottom of the active window
Home
Display the top of the active window
Num Lock + * [on numpad]
Display all subfolders under the selected folder
Num Lock + - [on numpad]
Collapse the selected folder
Left Arrow
Collapse current selection if it's expanded, or select parent folder
Right Arrow
Display current selection if it's collapsed, or select first subfolder
Ctrl + Left Arrow
Adjust the Left pane towards the left
Ctrl + Right Arrow
Adjust the Left pane towards the right
Backspace
Go to a higher level without collapsing any folders
Page | 251
A Beginners Approach to Windows
CHAPTER XIII
Troubleshooting Common Problems This chapter aims to provide you with reference information that you can use to troubleshoot you Windows installation. Most troubleshooting is defined and that too extremely to the detail in Windows help. This chapter covers some very common problems that users can face. Ten such errors are corrected using troubleshooting or by direct response. The Windows Recovery Console is also covered with a general description of commands and laying stress on the important ones. After this chapter the reader should be able to: Use the Recovery Console to write a new boot.ini file and a new MBR. Correct some common problems that can occur in Windows. Explain the difficult to understand Windows Errors (Exceptions and Illegal errors)
Page | 252
A Beginners Approach to Windows Nothing is perfect. Windows has its own set of difficulties just like any other Operating System. Troubleshooting Windows is the process of going to the root of a problem by following a path and eliminating options one by one till you get to the end. Windows has its own interactive troubleshooters that correct many problems right from graphics to booting of your computer. Windows now provides something called as the Recovery Console and the repair option so that you don‘t have to format your computer and reinstall everything. Data is safe and so are all your settings. Getting back to your desktop has never been easier.
XIII.1: The Recovery Console The Recovery Console of Windows 2000 and Windows XP comes as a boon to people like me who experiment a lot with their Windows installation and could end up a wall anytime. The Recovery Console is a non GUI DOS kind of environment having a fixed set of commands that allow users to correct several common problems. The Recovery Console has to be run from the original Windows Installation disk or it can also be installed as a boot option with an entry in the boot.ini file. The second option of installing the Recovery Console as a boot option is better since it will run of the hard disk and will be faster (and will also save some scratches of your CD). The CD will be there in any case if the hard disk Master Boot Record (MBR) has become corrupt or due to any other undocumented problem that prevents you from starting your computer. You can even create a new boot.ini file and disable or enable services. To install the Recovery Console insert the CD into the drive and at the Run prompt type the following at the Start >> Run box: G:\I386\winnt32.exe /cmdcons where G: is the name of the CD ROM drive, change it accordingly on your computer. Follow the onscreen instructions and you will have the Recovery Console installed in no time. It gets added as a boot option with a 30 second timeout. Lower the timeout if you wish to by using msconfig or by editing the boot.ini file. The next time you restart your computer you will see it in the Startup options for boot. When using Recovery Console, you can view and reuse previous commands by pressing the UP ARROW and DOWN ARROW keys, which move you forward or backward through your command history. For the list of Recovery Console commands that follow, brackets ([]) enclose optional parameters and a pipe (|) separates mutually exclusive choices. Recovery Console commands and parameters are not case sensitive. Most of the commands that exist in the Recovery Console are also present in cmd.exe therefore they will no be covered here. A complete list of the commands is given in the Appendix at the end of the book.
Batch Use the batch command to run the commands specified in a text file. Use the following syntax: batch inputfile [outputfile] Parameter Description inputfile
Specifies the text file (by using [drive:][path][filename] format) that contains the list of commands you want to carry out.
outputfile
If specified, stores the output of the Batch command in the specified file. If you do not specify a value for outputfile, the Batch command displays its output on the screen. Specify outputfile by using [drive:][path][filename] format.
Page | 253
A Beginners Approach to Windows The batch command cannot call itself recursively. Do not include the batch command in the file specified by the inputfile parameter.
Bootcfg For x86-based systems, use the bootcfg command to scan your hard disks and use the information to modify the contents of the Boot.ini file or rebuild a new copy. Use the following syntax: bootcfg [/add] [/default]| [/list] [/rebuild] [/scan] Parameter Description /add
Adds a Windows installation to the operating system boot menu list.
/default
Sets the default boot menu.
/list
Lists the entries already in the boot menu list.
/rebuild
Scans hard disks for Windows installations and to select which to add.
/scan
Scans all disks for Windows installations and display the results.
Chkdsk Use the chkdsk command to check a volume, and if needed, to repair the volume. Also, use Chkdsk to recover and move readable information before marking bad sectors as unusable. Use the following syntax: chkdsk [drive:] [/p]|[/r] You can use Chkdsk without parameters. When you do not specify a volume, Chkdsk runs on the current volume. Parameter Description drive:
Specifies the volume that you want Chkdsk to check.
/p
Performs an exhaustive volume check. This parameter does not make any changes to the volume.
/r
Locates bad sectors and recovers readable information before marking them as unusable. Implies /p.
Chkdsk requires the file Autochk.exe. If Chkdsk cannot find Autochk in the systemroot\System32 directory, it attempts to locate Autochk on the Windows installation CD. If you are using a multiple boot configuration, verify that you are issuing this command from the volume containing the proper version of Windows you wish to work with.
Dir Use the dir command to display a list of the files and folders in a directory. Use the following syntax: dir [drive:][path][filename] Parameter Description drive:
Specifies the volume of the directory for which you want a listing.
path
Specifies the directory for which you want a listing.
filename
Specifies the file for which you want a listing.
Page | 254
A Beginners Approach to Windows In Recovery Console, the dir command functions differently, listing all folders and files, including those with hidden and system attributes set. For each file and subdirectory, the dir command lists its attributes (if they apply) by using the following abbreviations. a Archive c Compressed d Directory e Encrypted h Hidden p Reparse point r Read-only s System file You cannot use wildcard characters with this command.
Disable Use the disable command to disable a service or driver. Use the following syntax: disable servicename Parameter Description servicename
Specifies the service or driver that you want to disable.
Use the related command listsvc to view a list of service and driver names for your system. The disable command displays the previous start type of a service before changing it to SERVICE_DISABLED. Record this value so that you can restore the original state of a service after troubleshooting a problem.
Diskpart Use the diskpart command to manage the partitions on your hard disk. For example, to create or delete disk partitions, use the following syntax: diskpart[/add|/delete] [device-name|drive-name|partition-name] [size] Parameter Description /add
Creates a new disk partition.
/delete
Deletes an existing partition.
devicename
Specifies the name of the device for which you want to create or delete a partition, for example, \Device\HardDisk0. To obtain the name of a device, view the output of the map command.
drive-name
Specifies the drive letter of the partition that you want to delete, for example, D:. Use only with /delete.
partitionname
Specifies the partition that you want to delete; can be used in place of the drive-name parameter. For example, \Device\HardDisk0. Use only with /delete.
size
Specifies the size, in megabytes, of the partition you want to create. Use only with /add.
If you do not use a parameter, a user interface for managing your partitions appears. Use this command with caution because this command can damage your partition table if the disk has been upgraded to dynamic disk.
Enable Page | 255
A Beginners Approach to Windows Use the enable command to enable or change the startup type of a service or driver. Use the following syntax: enable servicename [start_type] Parameter Description servicename
start_type
Specifies the service or driver that you want to enable.
Specifies the startup type for a service or driver. Valid values are: SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START
If you do not specify a new start type, the enable command displays the previous start type.
Expand Use the expand command to expand a compressed file stored on the Windows operating system CD or in a cabinet (.cab) file, and copy it to a specified destination. Use the following syntax: expand source [/f:filespec] [target] [/y] expand source [/f:filespec] /d Parameter Description source
Specifies the file you want to expand (by using [drive:][path][filename] format). You cannot use wildcard characters (* and ?).
target
Specifies the destination folder and/or file name for the new file using [drive:][path][filename] format.
/f:filespec
Specifies the specific file(s) you want to expand if the source contains more than one file. Wildcards are optional.
/y
Specifies that the confirmation prompt that appears when attempting to overwrite an existing file is not required.
/d
Specifies that files display, but does not expand the files in the cabinet file.
Fixboot Use the fixboot command to rewrite the boot sector code to the system volume. This is useful for repairing a corrupted boot sector on x86-based systems. If you need to replace the boot sector of a volume that is not the system volume, then you must specify the appropriate drive letter. Use the following syntax: fixboot [drive:] Parameter Description drive:
Specifies the volume drive letter on which to rewrite a new boot sector.
If you do not specify a drive, the default is the system boot volume.
Page | 256
A Beginners Approach to Windows Fixmbr Use the fixmbr command to rewrite the master boot code of the master boot record (MBR) of the startup hard disk. This command is useful for repairing corrupted MBRs. Use the following syntax: fixmbr [device-name] Parameter Description devicename
Specifies the name of the device that needs a new MBR, for example, \Device\HardDisk1.
If you do not specify a device, the default is disk 0. If disk 0 is not the device that needs repairing, you can obtain the device name of other disks by using the map command. If the fixmbr command detects an invalid or nonstandard partition table signature, it prompts you for permission before rewriting the MBR.
Help Use the help command to view Help information for Recovery Console commands. Use the following syntax: help [command] Parameter Description command
Specifies the command for which you want to view Help information.
Use the command parameter to specify a name of any Recovery Console command. If you do not specify a parameter, Help lists all the supported commands.
Listsvc Use the listsvc command to view details about the services and drivers on your system, including service start types. Use the following syntax: listsvc Use the listsvc command together with the disable and enable commands. The information displayed is extracted from the System registry file that is located in the systemroot\System32\Config folder. If the file System is damaged or missing, the information displayed might be inaccurate.
Logon Use the logon command to detect and log on to Windows installations. Use the following syntax: logon You must correctly enter the local Administrator password within three attempts or the computer restarts.
Map Use the map command to list all drive letters, file system types, volume sizes, and mappings to physical devices that are currently active. Use the following syntax: map [arc] Parameter Page | 257
Description
A Beginners Approach to Windows
arc
Use the arc parameter to force the use of the Advanced RISC Computing (ARC) specification format to describe paths instead of using device paths. You can use this information to create or repair the Boot.ini file.
Set Use the set command to set Recovery Console environment variables. Use the following syntax: set [variable = value] Environment Var
Description
AllowWildCards
Set to TRUE to enable wildcard character (* and ?) support for some commands, such as DEL, that do not otherwise support them.
AllowAllPaths
Set to TRUE to allow access to all files and folders on the computer.
AllowRemovableMedia
Set to TRUE to allow files to be copied to removable media, such as floppy disks.
NoCopyPrompt
Set to TRUE to suppress the confirmation prompt that appears when overwriting a file.
To display the list of current environment variables, use the set command without specifying a parameter. Systemroot Sets the current directory to the systemroot directory of the Windows installation with which you are currently working. Use the following syntax: systemroot Recovery Console on the whole does not support wildcards but this setting can be overridden by using the environment variable AllowWildCards. You even have the option of repairing your current installation of Windows, just insert the installation CD and boot from it. At the second page you will be prompted to press R to start repairing your current installation. This is the best option if your OS is severely damaged by accidental deletion of system files of file corruption by viruses or something. Repairing does not delete your settings (and that includes your My Documents folder) but just deletes the system files form system32 and Windows and copies new files from the CD. All your drivers, Program Files and Documents and settings are kept intact.
XIII.2: A List of Common Problems Windows can have many problems if not taken care of properly. Providing you the best, it asks for nothing more than proper care. Below is a list of some of the most common problems that can occur on a normal Windows home desktop. These problems have been resolved in a manner which will help you understand what caused the problem in the first place. Commonly you will get a wide variety of hardware problems and their solutions anywhere but this section of the text combines the most common software as well as hardware problems. For other more conscious problems use the Windows troubleshooters. You can access them by going to Start >> Help & Support and by searching for ―Troubleshooters‖.
Page | 258
A Beginners Approach to Windows 1. Monitor out of Frequency Sometimes when a program (a game for example) changes the current display frequency of your monitor to one that is not supported, the monitor may go off or a flashy message box will be displayed saying that the monitor has gone out of frequency. Many users panic and end up reinstalling Windows. There is a simple solution that can get your monitor back to life. This problem may also occur if you change your screen resolution to a higher (say from 800X600 to 1024X768 pixels) mode which may not be supported by the monitor frequency at that mode. Many standard monitors operate at a frequency of 60 Hertz. To see your current monitors frequency, open Display Properties. Go to the Settings tab and click on Advanced to open the Plug and Play Monitor properties. The number of tabs over here depends on the Video card and its drivers. But the one in which we are interested is the Monitor tab which has the Monitor refresh frequency displayed. If your monitor goes out of frequency then restart your computer from the Cabinet. You will lose all unsaved data. Press F8 just after the ‗Press Del to Enter Setup‘ message. Select the ‗Enable VGA mode‘ from the Advanced startup options to start your computer in the lowest resolution. Then once your computer starts normally, readjust the screen resolution and monitor refresh frequency to values that the computers hardware can survive on. 2. Crashing Applications and Hazy Games When you install a game or an application that switches over to full screen, you may face problems like the application may terminate or crash unexpectedly. The game might run with lot of difficulty, it may take an extremely long time to load or the visuals of the game may have ―burnt out‖ (a white hazy display). In most of the cases the culprits are the display settings, DirectX and/or the video memory. Increasing the amount of physical memory does help but there are always workarounds. If you have 128 MB of memory then you could opt for another stick of 128 (of the same frequency) to make the total to 256 which is fairly fast. The game loading will be resolved. Some games have a minimum requirement of 256 MB of RAM. If the problem persists, then try running the application or the game at a lower resolution or graphic acceleration. Most games have a settings page where you can lower the game graphics acceleration and the screen resolution. A standard resolution of 800x600 pixels can overcome many a problems. Try playing the game at lower graphics acceleration. For all Display and sound related applications (which include games) you require the latest version of Direct X. You can download the latest version from the Microsoft website, the current latest version is Direct X 9.0c. To see what you have got installed on your computer, goto Start >> Run >> dxdiag to open the DirectX Diagnostic Tool. On the first page itself, the DirectX version will be given along with other important system information. Display problems may also arise if the correct version of DirectX has been incorrectly or incompletely installed. Check the second tab (DirectX files) to see if any there is any incoherency with the installed files. See the notes on the screen to correct any errors. The third tab is the display which shows all the necessary information related to your video card. You can disable DirectDraw and Direct3D from here. These have to be disabled only in an extreme situation. You can test DirectDraw and Direct3D here. If the results are successful then please do not disable any option here. Finally try ending explorer and child processes and then play the game or run the application. To do this open Task Manager (Ctrl + Alt + Del) then under the Processes tab right click explorer.exe and select End Process tree. Then go to File >> New Task and browse for the game or the application that is causing the problem and run it. It should run by availing the memory that has become free due to the terminating of some processes. To get back your desktop, type explorer in the New Task box and press Enter.
Page | 259
A Beginners Approach to Windows 3. Inability to create a new Dial up connection We connect to the internet in many different ways including DSL modems, Broadband connections, VPN Networks and Dial up connections. The most widely used of these, the Dial Up connection allows you to access the internet through a phone line. You have to have a modem and a phone connection and an account with your ISP. You have to create a Dial Up connection to connect to the internet which will dial through your computer and authenticate you to logon. You can create a new connection by opening Network Connections from the Control Panel and then by selecting Create a new connection from the common tasks pane to the left of the window. If the pane is not visible you can go to File >> New Connection to start the New Connection Wizard. Sometimes, usually after an upgrade, you are not able to create a new connection especially a remote access or Dial Up connection. All items on the "Network Connection" page of the New Connection Wizard will be unavailable (dimmed). The network connections folder may be empty. The Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF) services do not start because of dependency failure. If you open services.msc and try starting the Remote Access Connection Manager, you will be presented with the following error: Could not start the Remote Access Connection Manager service on Local Computer. Error 5: Access is denied You will receive this error message even when you are logged on as Administrator or in an account that has admin privileges. You will not be able to create a new connection if one of the following is true: You install Service Pack 1 (SP1) for Windows XP, and then use the System Restore feature to restore Windows to a state before the installation of the service pack . You install SP1 for Windows XP when Windows XP Home is installed and then you upgrade to Windows XP Professional. You install Windows XP Home Edition (SP1) and then upgrade to Windows XP Professional in the 30 day activation period. To resolve this problem reinstall the SP1 for Windows XP again. If you cannot install the Service Pack then you will have to manually edit the registry. Open the registry editor and navigate to the following key: HKLM\System\CurrenControlSet\Services\Rasman Take a backup of this key by going to File >> Export and save it with a file name of rasman. Then verify that the Objectname string in the Rasman key is set to Localsystem. If not then modify it to LocalSystem. After you do this, delete the following keys by right clicking and selecting delete from the context menu: HKLM\System\CurrentControlSet\Services\RasMan\PPP\EAP\25 HKLM\System\CurrentControlSet\Services\RasMan\PPP\EAP\26 Restart your computer for the change to take effect. To prevent this problem from occuring, install the Q329441critical update from the Microsoft Update website. Use the advanced search in the Windows Update Catalog. After applying this update you can upgrade to Windows XP Professional.
Page | 260
A Beginners Approach to Windows 4. No Sound or crackled audio One of the most common problems faced by majority of users. The solution could be as simple as plugging in the audio jack to the correct port of your audio card. If you cannot hear any audio then try one of the following or all of them in the order given below: Try playing some other audio file. It may so happen that attached information to the audio file is corrupt or the file itself is corrupt with a misplaced header. If you cannot hear any other file then check for connectivity. Check the power and the audio jack connector to the audio input on your cabinet. Different speaker sets have different cable configurations. Consult your speaker documentation to be sure of the correct configuration. If still the problem persists then go to Start >> Run and type sndvol32 to open the Volume Control for your computer. Go to Options >> Properties and select the Mixer Device to your sound device. Select the Playback option and put a check against all components in the show volume controls for frame. Click on OK to come back to the volume control panel. Remove the mute check (if any) for all components except microphone. Increase the volume slider to full on all components. Keep the balance sliders in the centre and close the control. Make sure that your current audio device is the default device for Windows. To do this open Control Panel and go to Sounds and Audio device properties. On the Audio tab, click your sound device in the Default device lists under both Sound Playback and Sound Recording. Click on Apply to save changes. If the problem still persists then open Device Manager and check if the device is enabled. To do this double-click Sound, video and game controllers, right-click your sound device, and then click Properties. Under device usage, make sure that use this device (enable) is selected. Make sure Windows is configured to use the audio device connected. Under the Properties tab of your Audio Device Properties dialog expand Audio Devices and select your device and then select Properties and then click on Use Audio features on this device. Click OK until you return back to Device Manager, you may be prompted for restart, anyways just restart your computer. The last option that remains if still your device does not work then try reinstalling the device. Open Device Manager and right click on your audio device under Sound, video and game controllers and select Uninstall. Restart your computer. This will cause the computer to reallocate new resources to newly found hardware (your audio card in this case). Once your computer starts, reinstall the device by running the Add Hardware Wizard. Do not keep any magnetic or electrical objects close to your speakers, since the speakers themselves have magnets inside which may get damage or the magnetic field may disintegrate or distort resulting in crackled audio. Keep mobile phones and Radio Frequency (RF) devices (including transistors, walkie talkies and radio instruments) away from the speakers or your cabinet and monitor in general. 5. Slow startup and/or slow shutdowns Majority of slow startups are related to startup programs or device drivers. Start your computer in Safe Mode, by pressing F8 at the display of Operating Systems. Once in Safe Mode, open msconfig and go to the Startup tab and remove the check marks of all options in the list. This will disable all the startup items. Then restart the PC after msconfig prompts you to. This solves the problem in majority of the cases. You will not have the luxury of some of the important startup items like Antivirus software or sound and video settings manager (these are specific to hardware). You can re-enable the items one by one and check to see if the problem recurs. If the item is a non essential component that has been installed without your knowledge, you can uninstall it. Update your antivirus and run a full system scan because majority of the viruses run at startup. Get an antivirus that scans even the MBR of the floppy and the hard disk (McAfee of Network Solutions is a good one). If disabling all items does not resolve the issue then likely it is a service or device driver. Open msconfig and under the services tab select the Hide All Microsoft Services. This will display all the Page | 261
A Beginners Approach to Windows Non-Microsoft Services with their Status on your computer. Disable all of them and then start your computer in normal mode. Re-enable them one by one and check if the problem recurs. If it does then the last enabled service was the culprit. If still the problem persists then the last thing to do is to select the Startup type to Diagnostic Startup under the General tab of msconfig. Slow shutdowns can be caused by a number of factors, one of the major and the most common cause is the Clear Pagefile at shutdown option enabled. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile. When this option is enabled, it causes the system pagefile to be cleared upon clean shutdown. This takes considerable time of the Operating System to flush-out the pagefile, thus causing the slow shutdown. You may disable ClearPageFileAtShutdown option to improve shutdown times. But the pagefile.sys will be intact and accessible via other Operating System, in case or dual or multi-boot. Open the registry editor and navigate to the following key and change the value of ClearPageFileAtShutdown to 0 disable the flushing of the page file(s). HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management Non responsive programs or services also contribute to slow shutdowns. Lowering the WaitToKillServiceTimeout value in the registry may also help. Open the registry editor and navigate to the following key and reduce the value of WaitToKillServiceTimeout (default being 20000ms) to your preference. By doing so, we're forcibly closing a non-responsive service. Another method of doing a faster shutdown is by forcing all applications to close irrespective of what they are and how important they are. This has to be used in the most extreme situations: Create a Windows XP shutdown shortcut as explained in the Tips & Tricks chapter, but add a –f parameter to it so that the final command looks something like this (may look different depending on the timeout and comment that you have given): Shutdown.exe -s -f -t 12 -c “This computer is about to shutdown!!” Use this shortcut to force open applications to close immediately. 6. Burnt or hazed desktop icons It may so happen that the desktop icons or drive icons may appear burnt or hazed. Icons may get patchy backgrounds or may appear distorted. There could be two reasons. One is that your screen resolution is set at a lower color (standard is 32 bit) or the IconCache.db file of the current user account has become corrupt. To change the color depth, open Display Properties and under the Settings tab change the Color quality to Highest. Click on Apply. The screen will go blank (or you may be asked to restart depending on the setting) and your desktop will be reconfigured. If this does not cure the Icons then definitely it is the case of a corrupt Iconcache.db file. This file is found in the %homepath%\Local Settings\Application Data directory and contains the Icon information about all the desktop and other icons specific to the logged on user. The file may be hidden. Use the Tools >> Folder Options to unhide the file under the second tab. Just delete this file
Page | 262
A Beginners Approach to Windows and do a normal restart. This file will be re-created at the next user logon complete with new and fresh icons. 7. Windows Could Not Start <Some File Missing> There are times when Windows may not start at all. The screen will just show a message saying that some file is missing or is corrupt. Usually it is the C:\Windows\System32\Config\System file or the C:\Windows\System32\Config\Software. As you already know these files are part of the Windows registry and are extremely important. Due to inappropriate access by a malicious program these files can be tampered with. To start your computer you will have to replace them with the originals found in the C:\Windows\Repair folder. Follow this procedure for ONLY the file that is said to be corrupt or missing. Start your computer with the Recovery Console and at the prompt navigate to the Config folder and rename the current (corrupt) System and Software to System.old and Software.old. Then use the copy command to copy the originals from the repair folder. The following commands in order will do the job: C:\Windows> cd System32\config\ C:\Windows\System32\Config> ren system system.old C:\Windows\System32\Config> ren software software.old C:\Windows\System32\Config> copy C:\Windows\Repair\System System C:\Windows\System32\Config> copy C:\Windows\Repair\Software Software Restart your computer by typing Exit. You may have to reconfigure most of your programs and your hardware. Many programs will not work as expected since the entire bunches of the registry have been replaced. Don‘t frown, at least your desktop is back. 8. HAL.DLL Missing or Corrupt More often than not a missing Hal.dll or corrupt Hal.dll is the result of the Boot.ini having a syntax error or a corrupt boot sector. Boot through the Recovery Console and use the bootcfg command with the /rebuild switch to rebuild the boot.ini file. Use the bootcg /list command to view the whole list of Installed Operating Systems. If this does not work then run chkdsk with the /r switch on the system drive (usually the C: drive) to check for bad sectors. Once the scan is complete, repeat the previous step.
XIII.3: Windows Errors Errors usually occur in a program when data what is read by the application is corrupt or the method of fetching the data is not understood by the Operating System. Errors occur on all OSs but of all of them the Windows Blue Screen is the most famous. The Blue Screen Error of Windows is distinct to Windows 98. In Windows 98 if you are playing something or reading data from a CD and you eject the disk out then a Blue Screen is displayed whereas on Windows XP a Continue, Abort, Retry box is provided. The Blue screen error can also occur on Windows XP but its presentation is different. The thing that is common in both is that both provide little information on what went wrong. Windows XP has the Event log which can be accessed from the Computer Management snap in which records all information in log files which can be read later to get to the problem. Windows 98 is left on its own. Illegal Operation errors, Exception errors and Kernel errors are the three types of errors that usually occur. A crashing application will show a blue screen on Windows 98 but on Windows XP you will be presented with a dialog saying that the specific application has crashed, you can view details and even send an error report to Redmond. Page | 263
A Beginners Approach to Windows
In case of an error, it is a general practice to believe that you are infected with a virus. They can be used useful for diagnosing problems. Exceptions Errors: These usually occur when the program code in memory is overwritten by itself. When you run an executable, Windows pushes the entire program in to the RAM (if there is space or a part of it is pushed in to the paging file if enough space is not available) and the execution begins. Suppose the program has to play a song then while doing so it may use a decoder for the song in a memory block reserved for the program itself, thus overwriting a part of its own code. Thus the entire application crashes. Fatal Errors: Fatal errors usually have the form: 'A FATAL EXCEPTION <XX> has occurred at xxxx:xxxxxxxx. Note: <XX> represents the actual processor exception from 00 to 0F and the xxxx:xxxxxxxx represents the code pointer, i.e. the actual address in the memory module where the error occurred. Whenever a program or application accesses an illegal instruction, invalid data, code or privilege levels, it returns certain error codes that are what we know as Fatal Errors. Whenever any such error occurs, the processor sends or returns an 'exception‘ to the operating system. These 'exceptions' are handled by the operating system as fatal exception errors. If the error causing application has interfered with the memory block of any Windows component then the error is non recoverable. You will have to restart your computer forcibly. Invalid Page Faults: Invalid Paging Faults occur if an application reads or writes to a memory location not allocated to it and when the program jumps to that instruction address it does not get the correct code and hence is terminated with the following error on Windows 98. 'This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor' The dialog box also provides you the name of the module that is causing the error. For example, if the error recurs every time you play a song or every time you perform a specific task, then reinstalling the application may fix the problem or try installing a higher version of the program. Like in my case the Winamp 2.7 Player on my computer crashed frequently when I played Solitaire. There was no link!! I reinstalled Winamp 2.7 but still the problem continued. Finally a installed Winamp 5.0 and the problem never occurred again. Invalid Page Faults are the easiest to diagnose. The module name is the only hope that we have to prevent the problem from recreating itself. The best way to get rid of such IPF errors is to re-install the component or file mentioned by the error message. If the error message is being displayed by more than a single application, then it probably means that there is something wrong with a Windows components rather than the application itself. Or if you perform a specific task with the application then it is certain that the problem lies with the application dll or library handling the routine. Windows Errors are not that difficult to understand. Most errors can be fixed by using troubleshooting, a little common sense and a whole lot of patience. Keep your system Updated at all times, scan your computer regularly with an Updated Antivirus, empty the Temporary Internet Folders and the %Temp% Folders of your account as well as the others.
Page | 264
A Beginners Approach to Windows
CHAPTER XIV
‘Flavors’ of Windows This chapter will basically provide an insight into the different versions of Windows that were released along with a brief description of their working. This chapter also includes a concise explanation on the MS DOS version of OS that formed as the basis of the Windows series. After this chapter the reader should be able to: Compare different flavors of Windows and understand the general working of each. Compare advantages of the different versions.
Note: The descriptions penned down in the following pages are brief in its context and the reader is
informed that any further accounts are beyond the scope of the book.
Page | 265
A Beginners Approach to Windows We have seen the working and methods of getting the most out of your OS in the last few chapters. Windows has gone through revolutionary changes during its initial stages of development. Initially when operating systems became commercially viable there were very few OSs which could provide multiple functionalities and still run services in the background. The following pages will enable its readers to see the basic differences between the different versions released by Microsoft.
XIV.1: MS-DOS to Windows XP SP2 Microsoft introduced its Operating System series by launching MS DOS (Microsoft Disk Operating System) which gave the user the abilities to create simple files and store data into preformatted file systems. Although there were many variations in the series, we shall only see those OSs that paved the way for some drastic changes. Although not a part of the Microsoft Windows series, MSDOS 6.22 has been included since DOS formed the basic foundation of the Windows series upto Windows 98 (Windows ME, Windows 2000 & Windows XP run their shell, explorer.exe, independently without any DOS support). >> MS-DOS 6.22 MS-DOS 6.22 was the last stand alone command line OS designed by Microsoft for the Personal Computer and is generally considered to be one of the most versatile and reliable DOS type OS ever released by Microsoft. It was not exactly Windows but future editions of Windows resided on its integral and promising structure. It had numerous safety features including a primitive type of Antivirus and a system backup utility, alongwith other enhancements designed to provide the safest possible computing environment of any MS-DOS version. MS-DOS 6.22 could run on virtually any PC platform with just 1 MB of RAM. MS-DOS 6.22 did not have setup disks as CDs but its setup had to be run from 1.44 MB floppy diskettes. The installation space required for this version of MS-DOS was around 6 MB and the usage of a mouse was optional. It was completely command based and did not support any GUI features. The display text was Mono, i.e. it did not require the usage of any display adapter as such. Below are few of the most noticeable features of this DOS version: DriveSpace and DoubleGaurd: DriveSpace was a well known file compression application that
came bundled with MS-DOS versions and later versions of Windows (3.1 & 9x). DriveSpace integrated disk compression with the OS and supported the hard disk as well as floppy disks. DriveSpace included DoubleGaurd safety checking which protected data by verifying data integrity before writing it physically to the disks. Scandisk: Scandisk not only detected but also diagnosed and repaired instances of bad sectors, clusters and verified disk errors on uncompressed normal drives and on DriveSpace compressed disks. Scandisk could repair file system errors and physical disk errors. File System errors include cross linked chains and lost clusters. MS-DOS Scandisk was restricted to FAT16. Backup: A small utility that was shipped with MS-DOS 6.22 and which took the backup of your crucial system files. MS-DOS 6.22 carried a version of Backup for DOS and Windows 3.1x as well. Defrag: This utility allowed the user to reorganize files on the hard disk, thus freeing up some unused space and allowing faster file access. SmartDrive: The SmartDrive program included with MS-DOS 6.22 speeded up the computer by using a disk cache that stored information being read from the computer‘s hard disk.
>> Windows 1.0 The first in the Windows series of operating systems, Windows 1.0 was released in November 1985, with the intention of providing multi-tasking capabilities in a GUI environment for end users. But unlike later versions, Windows 1.0 offered limited multitasking of existing MS-DOS programs and concentrated on creating a stable Application Programming Interface (API) for native programs for the future. Page | 266
A Beginners Approach to Windows
Windows 1.0 was often regarded as a "front-end to the MS-DOS operating system" rather than a full-fledged operating system, a description which was also applied to subsequent versions of Windows. Windows 1.0 allowed users to interact with the hardware by running itself over DOS. However unlike other shells available at the time, the Windows 1.0 shell known as MS-DOS Executive had its own memory management system and allowed a software based approach towards memory sharing called ‗virtual memory‘. Windows 1.0 with its feature of non-overlapping windows allowed users to switch over to other open windows without closing the present working window. Instead of over lapping, the windows were kept tiled. Only dialog boxes could appear over other windows. Windows 1.0 executables even though having the same extension and file header did not contain the ability to print "This program must be run under Windows" or similar message and exit when the program was run outside of Windows. Instead, the file header was created in such a way as to make DOS reject the executable with a "program too large to fit in memory" error message.
>> Windows 2.0, Windows 2.0 which was released in 1987 allowed for windows to overlap each other, as contrasted with Windows 1.0, which could only display multiple windows on screen by tiling them. The "Minimize" and "Maximize" feature of Windows was introduced with this version, as was a more sophisticated keyboard-shortcut mechanism in which shortcut keys were identified by underlining the character that, in combination with the "Alt" key, would cause them to be selected. File management tasks were still managed by use of the MS-DOS Executive program introduced in Windows 1.0, which was more list-driven than icon-oriented. The first Windows versions of Microsoft Word and Microsoft Excel ran on Windows 2.0. A year later, Windows/286 2.1 and Windows/386 2.1 were released, which could take advantage of the specific features of the Intel 80286 and Intel 80386 processors. Windows/286 Windows /286 was shipped with the ‗himem.sys‘ DOS driver which took care of the High Memory Area (HMA) specification of the Intel 80286 processor which allowed Windows 2.0 to expand its memory for programs. Windows/386 Windows/386 introduced a kernel over which the GUI and applications would run as virtual tasks of the 80386 processor. It allowed several MS-DOS programs to run in parallel virtual machines, rather than always suspending background applications to clear enogh memory for new programs. There was no disk-based virtual memory, so multiple DOS programs had to fit inside the available physical memory.
>> Windows 3.1 Windows 3.1 was a major change in the series of Non GUI based OSs. Windows 3.1 needed MSDOS version 3.1 or later to run over it. Windows 3.1 could run in two modes The ―386 enhanced mode‖ required a PC with a 386 processor (or higher) and 640 K of conventional memory plus 1024 K of extended memory, 8 MB of free hard disk space (10 MB recommended), and a floppy drive. The ―standard mode‖ asked for a PC with a 286 processor (or higher) and 640 K of conventional memory plus 256 of extended memory, 6 MB of free disk space (9 MB recommended), and a floppy dive.
Page | 267
A Beginners Approach to Windows Windows 3.1 for the first time used a display adapter to display its GUI interface. Windows 3.1 by itself did not boot but the user could access the Windows GUI interface by booting into the usual DOS prompt and typing ―win‖ at the prompt. To boot directly to Windows 3.1 the user needed to edit the Autoexec.bat file and appending it with ―win‖. Windows 3.1 also allowed users to start an application alongwith itself through the prompt, for example the following command would start Windows and start notepad as well: win c:\windows\notepad.exe If an MS-DOS application had to be run in Windows then one of the two modes had to be specified for the application, for example if game.exe is a DOS based application then the following command would start Windows in its standard mode and run game.exe too: win c:\windows\alcatraz\game.exe Windows 3.1 also had a program called ―File Manager‖ that did most of the file arranging and displaying them in folders and columns. This primitive form of Explorer helped the user to manage drives, directories and files. You could open different instances of ―File Manager‖ and then drag & drop files and folders from one drive to another to copy or move those files. To expand directories the user had to double click on them. Opening another instance was as easy as going to the ‗Window‘ menu and clicking on the New Window option. The ―File Manager‖ gave options to rename, delete and create directories and files. It also had a search facility that supported wildcards (* or ?) and you could also work with the files that appeared in the Search Results window in the same way you could work with files in the directory window. Windows 3.1 also came with Character Map, an application still found in Windows XP. This application allowed the user to insert special characters not found on the keyboard into your application like Excel. These characters included symbols like ®, ©, α, β, θ, λ etc. The Run dialog box could be accessed from the File menu of ―File Manager‖ and had the same use as present day Run command. Windows 3.1 also supported OLE i.e. Object Linking and Embedding and had an improved startup configuration.
>> Windows 95 Microsoft released Windows 95 in August 1995 as a major relief over Windows 3.1. Windows 95 was designed to offer the most out of the hardware of those years and was superior in performance. It took advantage of new and developing PC technologies like power management and plug and play of hardware accessories. Besides being able to run most of Windows 3.1 and MS DOS programs, Windows 95 was coupled with a hoard of useful programs and other improved features like Add/Remove Programs, Internet Dial up connection and support for long file names. Below are some of the most noticeable features of Windows 95: Active right mouse button: The right-click of a mouse would open a context menu full of useful
options. Clicking on any folder or file would enable a user to perform common tasks easily like renaming etc. Dial Up Networking: This feature allowed users to access online resources by connecting to their respective ISPs by dialing their ISPs number via a modem. This feature also allowed users to connect between two local computers. Windows Explorer: The primitive File Manager was replaced by Windows Explorer, a file so important, an entire chapter has been dedicated to study it. Explorer, in Windows 95, was basically used to manage, search and sort files and folders in to proper locations. Management and browsing of files, drives and directories becomes easier with Windows Explorer.
Page | 268
A Beginners Approach to Windows Shortcuts: Windows 95 provided additional ease in browsing by the use of shortcuts. Shortcuts
are basically links created for easy access to important or frequently used files. For example, consider a file called game.exe lying in the ―D:\Value\Data\Strings\Gamedata\bin‖ folder. Instead of going all the way to ―bin‖ to execute game.exe, a shortcut is created to it and placed on the desktop for easy access. To create a shortcut to a file click on the file whose shortcut has to be made and then press the Alt and Shift keys on the keyboard and drag the file to a location where you want the file‘s shortcut to be placed. MultiTasking: Windows 95 for the first time offered improved multitasking capabilities by sharing memory resources with 2 or more applications and allowing them to run simultaneously without any system interruptions. Taskbar: The taskbar was a great relief for Windows 3.1 users. The taskbar shows all open Windows and holds all minimized Windows and application. The user uses the taskbar to switch between applications. The Taskbar also holds the Start button. The start menu is explained I detail later. Plug & Play: This feature allowed users to plug in any hardware and the Add Hardware program would detect and search for drivers automatically and prompt you for an installation disk or location if it cannot find any drivers automatically. Windows 95 truly revolutionized computing as Windows users knew, the new GUI interface, the wallpapers, the screensavers, the Taskbar etc provided Microsoft the required fuel to push their dream of perfection with quality a step further and Windows 98 was launched in June 1998.
>> Windows 98 Windows 95 had many holes and bugs and hardware issues that were resolved with the coming of the one of the most stable OSs ever – Windows 98. Windows 98 was built over Windows 95 by adding several changes to obtain a full fledged 32 bit OS. Windows 98 promised many new and improved changes including faster system shutdown, networking, hardware support, System file checker, Media Player and lots more… Even after the release of a Windows version called Windows Millennium Edition (Windows ME), Windows 98 still continues to find itself on the desktop of common users and office workers. The scenario changed after Microsoft released Windows XP, but that‘s another story….. The most notable features of Windows 98 that allowed it to stand out are given below. The readers are informed here that these are not the only features of Windows 98, but several others exist but the ones that are important from the view of a normal home computer user are explained below: Disk Defragmenter: Whenever a file is updated or stored, Windows tends to store the file in the
largest continuous space available which may be different sectors for the entire file. This causes the computer to perform slowly since every time the file is opened the computer has to search and assemble the entire file again and again. Defragmenting is the process by which parts of files are written to contiguous (or alternate) sectors so that access and retrieval time of the computer is reduced. A Disk Defragmenter in short helps in improving the performance of your computer. System File Checker: This was something new in Windows. The System File Checker allowed the
user to verify whether the Windows system files (*.ocx, *.dll, *.vxd, *.exe, *.inf and so on) have been modified or corrupted. This was a relief for those people who feared reinstallation of Windows, you had to just run ‗sfc‘ at the run prompt and insert the Windows 98 CD when asked for, the System File Checker utility would then copy the needed files to the respective system folders and the user could heave a sigh of relief. Improved Dial up Networking: The dial up networking feature included with Windows 98 had the
additional characteristics like dial up scripting support and multilink channel aggregation (MCA) that allowed users to attain higher transfer speed by combination of all available dial up lines. Page | 269
A Beginners Approach to Windows
Windows Media Player: Windows 98 came with an updated version of Windows Media Player that
supported several audio, video and combined media formats like *.mpeg, *.mpg, *.avi, *.dat, *.mp3, *.wav and *.mid. New versions of Windows Media Player are available for download at the Microsoft Website. Internet Connection Sharing: This feature of Windows 98 SE allowed users to connect two or
more computers to the internet through the same line. This was made possible by making the computer connected directly to the internet as a gateway to the other computers on the LAN. Dr. Watson: Windows 98 came with an application called Dr. Watson (its refined version
drwtsn32.exe is found on XP systems) which intercepted program crashes and general protection faults and logged errors into a log file which could later be evaluated to give a complete description of the state of the system when the fault occurred. Multiple Display Support: Windows 98 for the first time enabled users to connect multiple monitors
to the same machine. Improved Control Panel: The control panel of Windows 98 allowed users to do several tasks like
searching for hardware, uninstalling programs and installing networks without any difficulty. System Configuration Utility: The Windows 95 ‗sysedit‘ or system editor was surpassed by
‗msconfig‘ of Windows 98 which allowed users to modify their startup and enable or disable individual items in AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and SYSTEM.INI. Users could easily select type of startup (Normal, selective or diagnostic). Disabling unwanted applications from starting up was as easy as removing a tick mark from the startup tab under this utility. System Information Tool: This utility provided detailed information on the system resources which
included information right from the OS Name to IRQ‘s of different devices. The File menu had an export command to export information to a text file which you could specify. The Tools menu provided easy access to several commonly used troubleshooting applications like Dr. Watson and Direct X Diagnostics. Windows System Update: This feature allowed users to automatically download and install
patches and updates. A web based service would scan your system for the hardware and software installed and either notify the user or continue downloading and installing new drivers and system files.
>> Windows Me Windows 98 was succeeded by Windows Me which included very few upgrades like Internet Explorer 5.5. It also bundled Windows Media Player 7 and included the new Movie Maker software, which provided basic video editing and was designed to be easy for home users. No Real Mode DOS: Windows Me did not include real mode MS-DOS. Windows 95 & Windows 98
had to load DOS and then the GUI interface was loaded. Windows Me came with this exception, the GUI shell (explorer.exe) was loaded without any DOS support. However, the changes to Windows Me were minor, with access to real mode DOS simply restricted, so some applications (such as older disk utilities) that required real mode would not run in Windows Me. System Restore: Windows Me introduced the "System Restore" feature that allowed the user to
create restore points to get their system back to point were it was working. If the installation of an application or a driver adversely affected the system, the user could undo the install and return the system to a previously-working state.
Page | 270
A Beginners Approach to Windows Improved Networking: The Network Setup wizard in Windows Me gave detailed step by step
procedures to configure a home peer to peer network and customizing printers, file and Internet sharing was made even simpler. The wizard even allowed the creation of a floppy disk that could be used to install the Windows Me network components and software on other computers that you want to include in the same network, even if the other computers were using Windows 95/98. The new TCP/IP networking stack under Windows Me allowed more than six instances of the protocols to be used by programs without the need of disabling or uninstalling any other feature or component.
>> Windows 2000 Windows 2000 (also known as Windows NT 5.0) is one of the most stable Operating Systems ever released which was designed to work with a uniprocessor or symmetric multiprocessor 32 bit Intel x86 computers. It is a part of the Windows NT series of operating systems and was released on February 17, 2000. The Windows NT series dates back to July 1993 when two versions of Windows NT 3.1 (Workstation & Advanced Server) were released. Windows 2000 or Windows NT 5.0 comes in four versions: Professional, Server, Advanced Server and Datacenter Server. Windows 2000 is very secure and with its NTFS file system and user accounts data management and protection has become a reality. Windows 2000 has dual mode architecture. The kernel mode provides unrestricted access to system resources and facilitates the user mode, which is heavily restricted and designed for most common applications. The system files are kept in %systemroot%\system32\ folder in case of Windows 2000 and higher. The Windows folder (%systemroot%) is named as ‗Winnt‘. Windows 2000 does not have msconfig and has two variants of the registry editor: regedit.exe and regedt32.exe (a full fledged 32 bit model with SAM and Security keys expandable) Advanced User Management: Windows 2000 allows the creation of users who could have access
to all the system resources called the Administrators and the limited account holders who would have limited permissions. Administrators can control almost everything on a given Windows 2000 system by using something called as Policies. Administrators can levy many restrictions on any user specific or an entire group. Administrators have full access to system resources including hardware installation, program installation/uninstallation, registry editing, scheduling tasks and creating and deleting users and so on. Hardware Wizard: Windows 2000 has a hardware wizard which has a simple interface for dealing
with many hardware problems. Users can install, configure, remove, troubleshoot and upgrade devices using this simplified hardware wizard. Improved Start Menu: The start menu in case of Windows 2000 needs special mention due to its
uniqueness. Windows 2000 keeps a note of programs and applications accessed through Start | Programs. After 6 sessions the start menu is altered to show the recently used items and the remaining items remain hidden in the collapsible Programs menu and can be accessed by clicking on the small double arrows displayed. Windows Explorer: The Explorer in Windows 2000 has many improvements, some of which
include an enhanced Folder Options applet which could be accessed through Tools option in the Menu bar unlike Windows 98 which had Folder Options under View. Crucial system files are ‗superhidden‘ and can be accessed by removing a tick mark in the Folder Options (explained in detail later). Managing file associations and customizing folders is easier in the case of Windows 2000. The Open/Save dialog boxes have common folders like My Computer & My Documents, on the left for quick and easy navigation. Search has been integrated into Explorer and can be accessed from any explorer window by clicking on the search button in the Standard Button Toolbar.
Page | 271
A Beginners Approach to Windows
>> Windows XP Codenamed „Whistler‟ during its development, Windows XP was publicly released on October 25 2001. The most common editions of Windows XP are the Windows XP Home Edition, which is targeted at home users, and the Windows XP Professional Edition which comes with a few better improvements for business and power users. The word XP comes from „Experience‟. Windows XP still follows the Windows NT version number being version 5.1 after Windows 2000 being 5.0. Windows XP also has several features exclusive only to server and workstation oriented Windows NT family, which include greater stability and efficiency due to its pure 32 bit kernel. Microsoft has customized Windows XP for different markets; Windows XP Media Center Edition for special Media Center PCs (Television and Radio broadcast receivers), Windows XP Tablet PC Edition for special laptops and notebooks (cannot be bought separately), Windows XP Embedded for set-top boxes, ATMs and medical devices, Windows XP Professional x64 Edition for computers with 64-bit processors, and Windows XP Starter Edition a low priced edition for users who want a feel of the new OS and is available only in Asia and South America. The windows folder is named as ‗Windows‘, unlike ‗Winnt‘ of Windows 2000, to make the OS more user friendly (perhaps). Windows XP has many notable improvements over previous versions of Windows. The following pages will mention just a few of them. Improved User Interface: Windows XP features a new task based Graphical User Interface (GUI).
The Start Menu and Search have been retouched to give a splendid looking pleasant interface. Along with visual effects like: A transparent blue selection rectangle in Explorer A watermark-like graphic on folder icons, indicating the type of information stored in the folder. Drop shadows for icon labels on the desktop Task-based sidebars in Explorer windows The ability to group the taskbar buttons of the windows of one application into one button The ability to lock the taskbar and other toolbars to prevent accidental changes The highlighting of recently-added programs on the Start menu Animation of Windows when minimising and maximising Fading and sliding of menus into view and lots more….. Windows XP gives the ultimate in visual styles too. Luna is the visual style that comes enabled by default. Many third party softwares allow creation of desktop visual themes and styles for XP. The Windows 2000 "classic" interface can be used instead if preferred or to conserve memory. User logon is a completely revised environment in case of Windows XP. Unlike the normal boring username and password box of Windows 2000 and in some Windows 98 machines, XP users have to click on their username and then enter a password if required. This improved interactivity can be overridden by disabling The Welcome Screen in the User Accounts panel to get back a Windows 2000 kind of logon environment. Windows Explorer: Search is integrated with Windows Explorer and has animated characters that
make the task of searching for files a pleasant chore. Readily available options include searching for Pictures, Music & Videos. Search also allows searching of superhidden system files. You can also change the animated characters and disable indexing (makes searching slower). Explorer recognizes contents of folders and displays common tasks in the left hand pane of the Window. For eg: If a folder contains video files, then common tasks will contain ‗Play all‘ which enables direct playing of all (compatible) video files in Windows Media Player. Common Tasks also contain links to ‗useful‘ places which includes ‗My Computer‘, a properties box which displays File Properties of any selected file. Explorer also has options to view Pictures as Thumbnails right on the Standard Buttons Bar. CD Burning being integrated into Explorer, easy compilation of CDs has become very easy. Since Internet Explorer & the Windows Explorer come merged, navigation Page | 272
A Beginners Approach to Windows to folders or websites can be done through any of the two. The Windows Explorer of XP also allows users to give customized icons to individual folders. Windows XP creates special folders for its users. These folders include the My Pictures, My Music, My Videos, and My Documents etc. Explorer recognizes the specialty of these folders and changes the File and Folders Tasks to incorporate another list of shortcut commands to suit the folder. For example in the My Music folder, you will get a ‗Shop for Music Online‘ shortcut which gives you a direct path to access and download legal music. These folders are usually found in you‘re my Documents folder on the desktop. Microsoft encourages users to keep data here for quick access, but this ‗My Documents‘ folder could well be the worst place to keep your data. See the Explorer & The Windows Interface chapter for in depth explanation. The right click context menu of ‗Send To‘ can also be changed by adjusting the contents of the Send To folder of a user in the same way as the New menu can be changed by a little tweaking. Windows XP keeps user profiles and related stuff at %systemroot%\Documents and Settings\. To see the contents of your profile folder go to start > run and type %homepath%. Explorer hides system files and other important files by default, thus when you go to your Windows folder you may get ―These files are hidden‖ type of message. To view these files just click on the ―Show the contents of this folder‖ link. Explorer hides the paging file and System Volume Information and other system folders in such a way that even after removing the check mark against the ‗Show hidden files and folders‘ option in Folder Options you are still unable to see these files. This is because Windows XP ‗superhides‘ these files. These files and folders are then accessible by removing the check mark against the ‗Hide Protected Operating System files (Recommended)‘ option in Folder Options in control panel. Explorer also allows customizing of display properties of files by changing available options. This can be done by selecting ‗Choose Details‘ under ‗View‘ menu of any open Explorer window. The right click context menu of Windows XP‘s Explorer has several enhancements over its predecessors. It recognizes the file type and displays a menu accordingly. For example if a picture file (*.bmp, *.jpg etc….) is selected and the context menu viewed, it will generally have a Preview option and an Edit option which will open the file in Windows Picture & Fax Viewer & Paint respectively (these options can be changed). If there exists a file whose extension is unknown to Windows, then Explorer allows the user to open the file using an application which the user thinks will work or automatically searches the web for the application that created the file. Explorer also allows users to see what the contents of a folder are without opening it. Just moving your mouse over the folder or selecting the folder with your arrow keys, shows you the size of the folder and its contents in tooltip kind of style. The Standard Buttons Bar can be customized to contain more buttons like ‗Stop‘, ‗Refresh‘, ‗Map Drive‘, ‗Disconnect‘, ‗Favorites‘, ‗History‘, ‗Fullscreen‘, ‗Move To‘, ‗Copy To‘, ‗Delete‘, ‗Undo‘, ‗Properties‘, ‗Cut‘, ‗Copy‘, ‗Paste‘ and ‗Folder Options‘. Explorer also sorts all files and displays them accordingly. The right click context menu has an option to arrange icons by Name, Size, Type and Date modified. The changes done to one folder can be made universal by selecting the ‗Apply to all Folders‘ in Folder Options under the View tab (Start > Run > control folders) User Management & Logon: Creating of users is as simple as opening ‗Control Panel‘ | ‗User
Accounts‘ and ‗Create a New Account‘. Users can be limited or administrators, and accounts protected by passwords. Fast User Switching allows another user to log in and use the system without having to log out the previous user and quit his or her applications. However Fast User Switching requires more system resources than having a single user logged in at a time. Fast User Switching is only available for stand-alone computers and users in a workgroup. It is not available if your computer is part of a network domain. Users can be restricted from performing various tasks on a local machine. The administrator on a Windows XP Professional Edition installed system can variably use the Group Policy Editor to indirectly edit the registry and put several restrictions on a user. For those who are familiar with the Windows NT kind of User Accounts control box can run ―control userpasswords2‖ from the run command box. Under the advanced tab you get options to manage your stored passwords for websites etc. and a .NET passport wizard. Page | 273
A Beginners Approach to Windows Users are again divided into Administrators, Users, Debuggers and Guests in Windows XP. Windows XP allows the creation of a ‗Password Reset Disk‘ which can be used in case a user has forgotten his/her password. There are two methods of logging in into a Windows XP machine: The Welcome Screen is the fastest and easiest way to log on. You log on simply by clicking your Username and typing in your password (if you have one), the classic logon is the most secure way to login because it requires you to type a username and password. A custom Welcome screen can be used in place of the normal Windows Welcome Screen. The trick is to change the path to the logonui.exe file of C:\Windows\System32\ to a custom created logonui.exe file, in the registry (Already explained in the Windows Tips & Tricks chapter). To choose between the Welcome Screen or the classic logon prompt, on the main User Accounts screen select Change the way users log on or off.
Security: Built over NT, Windows XP continues to give excellent security (sometimes a bit more)
like Windows 2000. The policies that can be applied to Users can be used to restrict several actions of these users. They can be disallowed access to many places on the hard disk, including entire drives. If your data is on an NTFS drive then it can be locked out by using the ‗cacls‘ command. NTFS drives also allow data to be encrypted so that any other user may not be able to read the contents. To help maintain the integrity of Windows XP systems, critical system files are digitally signed so that any changes to these files are quickly detected. The File Signature Verification utility helps verify digital signatures of these files and informs the user for any unexpected file changes. The System File Checker has become command line based, to access SFC just run ‗cmd‘ (the 32 bit command interpreter of XP) and type ‗sfc‘ at the prompt to get help or type ‗sfc /scannow‘ to start the System File Checker. Insert the Windows XP CD when asked by the utility to copy new files to replace files which have been damaged or whose versions have been scrupulously changed by other applications. Going online is safer with Windows XP; the dial up connection has an option to be guarded by an integrated firewall. You can configure your dial-up, virtual private network (VPN), and direct connections to enforce various levels of password authentication and data encryption. Authentication methods range from unencrypted to custom. The Internet Connection Firewall (ICF) should be enabled on any computer connected to the internet through a Broadband, cable or dial up connection. Communications that originate from a source outside an ICF computer, such as the Internet, are dropped by the firewall unless an entry in the Services tab is made to allow passage. Rather than sending you notifications about activity, ICF silently discards unsolicited communications, stopping common hacking attempts such as port scanning. Such notifications could be sent frequently enough to become a distraction. Instead, ICF can create a security log to view the activity that is tracked by the firewall. The log is by default ‗C:\Windows\pfirewall.log‘ where C: is your root drive. The firewall can be configured to allow ICMP and other services or disable them completely. The usage of certificates, digital documents used for secure authentication and transfer of data over networks and the internet, by internet explorer has increased the security of data and information exchange over the internet. The entity receiving the certificate is the subject of the certificate. The issuer and signer of the certificate is the certification authority. Typically, certificates contain the following information: The signature algorithm implemented (MD5, RSA etc) The subject's public key value The subject's identifier information, such as the name and e-mail address The validity period (the length of time that the certificate is considered valid) Issuer identifier information The digital signature of the issuer, which attests to the validity of the binding between the subject‘s public key and the subject‘s identifier information.
Page | 274
A Beginners Approach to Windows A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the now-expired certificate. Certificates can be viewed by using the Crypto Shell Extensions in Windows XP. Windows XP‘s users have additional security over Windows 98 users. Logon Passwords of XP users are hashed using the RSA MD4 hashing algorithm and then they are masked using another strong algorithm which has now been released by Microsoft. Once masked, the passwords are then stored into the Windows NT registry as the SAM file which resides at ‗%systemroot%\system32\config\sam‘ on the hard disk. Any attempt to open the file gives an error. Remote Assistance & Support: Windows XP comes with Remote Assistance which permits
support staff and computer technicians to temporarily take over a remote Windows XP computer over a network to resolve common software and hardware related issues. Remote Assistance can be used over the internet too. Remote Assistance is a convenient way to connect to another computer running a compatible OS (like Windows XP) and give a detailed walkthrough of the problem. After you are connected, you will be able to view your friend's computer screen and chat together in real time about what you both see. With your friend's permission, you can even use your mouse and keyboard to work with your friend on his or her computer. Remote Desktop is available only in Windows XP Professional. It is built on Terminal Services technology (Remote Desktop Protocol), and is similar to Remote Assistance, but allows remote users to access local resources such as printers. Any Terminal Services client, a special "Remote Desktop Connection" client, or a web-based client using an ActiveX control may be used to connect to the Remote Desktop. There are several resources that users can redirect from the remote server machine to the local client, depending upon the capabilities of the client software used: File System Redirection allows users to use their local files on a remote desktop within the terminal session. Printer Redirection allows users to use their local printer within the terminal session as they would with a locally or network shared printer. Port Redirection allows applications running within the terminal session to access local serial and parallel ports directly. Audio allows users to run an audio program on the remote desktop and have the sound redirected to their local computer. Clipboard can be shared between the remote computer and the local computer. Microsoft provides excellent online support along with frequent updates and security patches to keep your system protected at all times. These updates can be manually obtained from ‗http://windowsupdate.microsoft.com/‘ or Windows XP can be configured to silently download and apply updates without interfering with the users work. A major update released by Microsoft for Windows XP was Windows XP Service Pack 2 (there is a section dedicated to this update just a few pages ahead) which had several new patches and security addons. The Microsoft Knowledge Base, which is one of the most comprehensive online libraries on Microsoft Products gives detailed solutions to most customer related queries, be it Windows TCP/IP stack or common software uninstallation errors. The range of help offered is so wide that your guess is as good as mine. Microsoft has painstakingly compiled all its resources with the view of providing quality customer care through its web based help portal. The Help and Support Center that comes along with Windows XP provides excellent insights into the most usual problems faced by users when using a machine with Windows XP installed. Microsoft Help and Support Center is a comprehensive resource for practical tutorials, and demonstrations to help its users use Microsoft Windows XP. The Search feature provides excellent results, combined with the Index, or table of contents, all Windows Help resources, including those that are on the Internet can be viewed and accessed. In addition to the Help resources, you can access various Windows important and ‗life‘ saving utilities. Using Windows Help and Support Center, you can: Let a friend help you over the Internet by using Remote Assistance.
Page | 275
A Beginners Approach to Windows
Keep your computer up-to-date with the latest downloads from Windows Update. Use tools such as System Information to manage and maintain your computer. Find if your hardware and software are compatible with Windows XP. Use System Restore to get your computer to a previous functional state. Use troubleshooters to resolve common hardware and software issues. Get help online from a support professional by using Microsoft Online Assisted Support or from other Windows users through the Windows Newsgroups etc……
Task Manager: The Windows XP Task Manger is almost the same as that of Windows 2000,
except for the Networking and Users tab. Taskmanager can be opened by pressing Ctrl+Alt+Del, or by pressing Ctrl+Shift+Esc or by right clicking on the Taskbar and selecting Taskmanger. The Taskmanger is a handy utility which gives indepth information about any process running on your computer. You can get information like the PID (Process Identifier), the user running the process, CPU Time, Memory Usage (RAM Usage), Virtual Memory Size, I/O Reads, Thread Count etc… of a running program or process. You can select the columns by selecting Select Columns under the View menu. It displays the most commonly used performance measures for processes. You can see the status of the programs that are running and end programs that have stopped responding. You can also assess the activity of running processes using as many as fifteen parameters, and see graphs and data on CPU and memory usage. In addition, if you are connected to a network, you can view network status and see how your network is functioning. Finally, if you have more than one user connected to your computer, you can see who is connected, what they are working on, and you can send them a message. Be careful when ending a program, you will lose all unsaved data that you were working with in the program. Task Manager allows to ‗End Process Tree‘ an application, which means that the application along with any other processes that were created or started directly or indirectly by it will end. For e.g. if explorer.exe is given a ‗End Process Tree‘ while your Media Player and Internet Explorer is open then all of these applications along with startup programs and other indirect applications will end immediately. To get back the start button and your desktop back just go back to the Applications tab, click on New Task (same as Run) and type ‗explorer‘ (without the quotes…) Multimedia Enhancements: Windows XP boasts of an enhanced multimedia environment. Several
things have been improved in Windows XP to give its users the perfect experience that they can have when working with media files. The My Pictures folder in My Documents allows you to easily edit and organize photos. You can also create an online photo album or post photos to a Web site, add photos to a CD, and even order prints online. Windows Media Player is a cool program to play your audio and video files. You can perform virtually any task with music, from simply listening to a CD or Internet radio station to creating your own CDs and customized playlists. Several skins and visualizations are available which make playing and listening to music a visual treat. The Windows Movie Maker that comes bundled with Windows XP allows you to transfer files to your computer from a camcorder or digital video camera, or import external audio and video files into your work. You can collect, view, and edit video clips, and share your work by sending files in e-mail or posting them to a Web site. Power Management: Before Windows 98, power management was based on the Advanced Power
Management (APM) architecture. It was of limited use to most users and the feature was easily broken by the addition of hardware devices or software. In Windows 98, Advanced Configuration and Power Interface (ACPI ) was supported but disabled by default. Windows Me enabled ACPI by default. Windows XP's power management architecture is based on the ACPI standard. It supports multiple levels of sleep states, including critical sleep states when a mobile (or UPS connected) computer is running out of battery power, processor power control (the ability to adjust the speed of the computer's processor on-the-fly to save energy), and the ability of Windows XP to turn off the power to the screen of a laptop when the lid is closed. In addition, it also dims the screen when the laptop has low battery power. Page | 276
A Beginners Approach to Windows To change power options of your computer, goto Control Panel and open Power Options, under the Power Schemes tab select a Scheme suitable for your computer. . Hibernation: Hibernation involves Windows dumping the entire contents of the RAM to disk and then powering down. On startup it quickly reloads the data. It allows the system to be completely powered off while in hibernate mode. This requires a file the size of the installed RAM to be placed in the system's root directory, using up space even when not in hibernate mode. Hibernate mode is enabled by default and can be disabled in order to recover this disk space. To disable hibernaton open Control Panel, double click on Power Options, under the Hibernate Tab remove the Enable Hibernation check mark. Standby (Sleep) mode:
This involves Windows deactivating all nonessential hardware including the monitor, most fans, hard disks drives, and removable drives. This means that the system reactivates itself very quickly when 'woken up'. It does not allow the system to be powered down. In order to save power without user intervention a system can be configured to go to standby when idle and then hibernate if not re-activated. If hibernation is enabled, then holding the shift key down while the shutdown dialog box is open causes standby button to become the hibernate button. Windows Product Activation: Windows XP is the first Microsoft OS to use WPA or Windows
Product Activation to combat piracy. Activation requires the computer or the user to activate with Microsoft within a certain amount of time (30 days after the first run of the OS) in order to continue using the operating system. The informaton transmitted to Microsoft during activation includes a cryptographic hash of the following ten values: Display adapter name CD-ROM/ CD-RW/ DVD-ROM identification RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.) IDE adapter name Processor type SCSI adapter name Processor serial number (if applicable) Hard drive device type Hard drive volume serial number Network adapter MAC address This information is used to generate a number which, along with the CD Key and country of installation, is transmitted to Microsoft. Entering a specially crafted Volume License Key (VLK) into a copy of Windows XP Professional disables Windows Product Activation entirely. Copies of Windows XP Professional with WPA disabled through the use of a VLK are commonly referred to as "Windows XP Corporate Edition". A VLK can be entered during installation of Windows or afterwards, by invoking the Windows Product Activation Wizard. According to Microsoft, 90% of pirated installations of Windows XP use VLKs to bypass WPA. The most famous VLK being the one beginning with FCKGW, which was released with the first pirated copies of the final version of Windows XP. Activating and registering with Microsoft enables you to get faster help and resources to manage your computer more efficiently from time to time. >> Windows XP Service Pack 2 Service Pack 2 is not another operating system or so, but had to be included here because of its several advantages it has over Windows XP Service Pack 1. Major upgrades and patches are in the field of security. The main area of change is security, especially Internet security. Windows XP and its sister operating systems Windows 2000 and 2003 Server are well secured as far as protecting data and passwords go, but are full of holes when connected directly to the Internet. Page | 277
A Beginners Approach to Windows
The most visible change is that Service Pack 2 adds a Windows XP Security Center. This addition, which can be accessed through the Control Panel, gives users an easy access to the security features of XP such as the Firewall and Automatic Updates. The fully configurable firewall can now be accessed through the control panel instead of just a dumb check button in the Advanced Properties of your Internet Connection. The firewall is activated by default after the service pack is installed. More importantly, Microsoft has added screening for outbound connections to the firewall. This means that it can locate and block programs installed on your system that attempt to open ports so that other computers can connect to your system from the Internet thus preventing possible hack attacks. The new Internet Explorer Pop-up Blocker suppresses pop-up ads unless you choose to view them, and can be configured to allow specific websites to allow ads to appear. The Attachment Manager monitors and disables potentially unsafe attachments, which could contain viruses that might spread through Internet Explorer, Outlook Express, and Windows Messenger. Internet Explorer Add-On Manager allows the user to enable or disable any plugins or add-ons currently active in your Internet Explorer (Google and Yahoo! toolbars for example). Internet Explorer download Monitoring warns you about potentially harmful downloads and gives you the option to block files that could be malicious. Internet Explorer Information bar provides information about events that are happening as you browse the Web, so it is easier to know if anything is wrong with the page you are currently working with etc…… Other than security Service Pack 2 also gives Improved Wireless Support and has Windows Media Player 9 (cool) and a DirectX update to enable smooth functioning of games on your desktop.
Page | 278
A Beginners Approach to Windows
CHAPTER XV
Jargon Buster This chapter provides you the meanings of some common technical and computer related terms whose depth and meaning you were not able to grasp through the text. This chapter has been compiled with words that are used in common day computer related talks and will be useful in technical communication with your peers. After this chapter the reader should be able to: Use common computer and Internet related terms in everyday communication. Explain common concepts in computer working.
Page | 279
A Beginners Approach to Windows Technical Jargon may fill the air when you talk to some big shot of an IT related firm. You may feel left out in such talks. Here is a common list that will help you expand your line of thinking and communication. This list is compiled from various sources most of it being selected and condensed from the Microsoft Knowledge Base and the Glossary of Windows XP Home Edition Help & Support Centre.
XV.1: Definitions & Useful Terminology
Activation The process of unlocking all the features of a program by sending some encrypted unique key to the program company. This is usually incorporated to avoid piracy of the software. Windows XP uses WPA (Windows Product Activation) that allows the user to use Windows after 30 days of install for OEM machines. Active content Material that is updated frequently like news or weather reports is called active content Active partition The partition from which the computer boots. Usually C: drive on most computers running Windows. The active partition must be a primary partition on a basic disk. Active window A window that is being used or which is currently selected is called active. The operating system always applies the next keystroke or command you choose, to the active window. ActiveX Programmed interfaces that allow software to communicate with each other across networks and computers. ActiveX components can be written in various languages including C, VB and Visual C++. ActiveX controls allow users to click on buttons and tick checkboxes and make programmed interfaces easier to use by the end user. ActiveX controls are embedded into many programs for higher functionality, a fine example will be the file open dialog box that a program may have is due to an embedded ActiveX called comdlg32.ocx found in the system32 folder. Administrator Windows Administrators are the highest and the most powerful type of users on a system. An administrator is responsible for creating users, assigning passwords and permissions. Administrators can make system-wide changes to the computer, install software, and access all files on the computer. Administrators are members of the Administrators group and have full and unrestricted access to other user accounts on the computer. Allocation unit The smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. An allocation unit is also called a cluster. ASCII (American Standard Code for Information Interchange) A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. For example the number 5 is read by a standard computer as 35 or 00110101 and A is read as 41 or 01000001
Page | 280
A Beginners Approach to Windows Attribute For files, information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching. You can access the attributes of a file by giving a right-click >> properties on the file. You can also change or view the attributes of a file by using the attrib command through cmd.exe. Audio input device Any device capable of sending audio from an external source to the computer. Examples include microphones and CD ROM players. Authentication The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source of information, such as verifying a digital signature or verifying the identity of a user or computer by means of a password or digital code.
Background The Windows desktop background. Any picture file or pattern that can be applied as a Windows background is called a background picture file or simply a wallpaper. Bandwidth In analog communications, the difference between the highest and lowest frequencies in a given range. For example, an analog telephone line accommodates a bandwidth of 3,000 hertz (Hz), the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In digital communications, bandwidth is expressed in bits per second (bps). Bandwidth, when referring to digital systems, can simply be stated as the maximum amount of data that can be transferred through a given channel in a unit of time. Basic disk A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to four primary partitions, or three primary partitions and an extended partition with multiple logical drives. All standard hard disks are basic disk but can be converted to dynamic volumes. Basic input/output system (BIOS) A set of hardware implemented routines that runs and checks all hardware for connectivity, power and starts the operating system from the necessary disks or network according to the information stored in it. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. The system BIOS also supports the transfer of data among hardware devices through various data buses on the motherboard. Batch program/files A text file that contains one or more operating system commands in a sequential order and which is saved with a .cmd or a .bat extension. When you type the path and name of the file at the command prompt, Windows executes each instruction written in the file sequentially. Useful for doing repetitive tasks. Baud rate The speed at which a modem communicates with the server. Measured in bits per second (bps). Binary System A base-2 number system in which values are expressed as combinations of two digits, 0 and 1. The processor understands the language of computers in the form of binary digits. Instructions Page | 281
A Beginners Approach to Windows are passed to the devices and to the processor in the form of binary coded numbers. To convert a decimal (normal) number into binary, keep dividing by 2 till you get a remainder or zero and the remainders at each stage are kept as the number. For example: 5 is written as 0101 in 4 bit binary. Divide 5 by 2 you get 1 as remainder with 2x2 = 4, this remainder 1 is the least significant bit of our binary number. Next, you forget the remainder and divide 2 by 2 which gives you a 0 remainder, since 2x1 = 2. This zero remainder is our second digit from the right. Next you have 2x0 = 0, which gives you the remaining 1 as the remainder. This 1 is the third digit from the right. To make the number a complete nibble (a 4 bit binary number) we add a zero to the most significant position, that is to the extreme left. Thus you have 5 = 0101. To do the reverse you allot each position of the binary number with a 2 power value and then add its equivalent. The standard rule is, suppose 0101 is the binary 4 bit number, then the extreme right position carries a value of 0, then next position carries a value of 1, then 2, then 4, then 8, then 16, then 32 and so on. Hence you add its equivalent in the following manner: 1x1 + 0x2 + 1x4 + 0x8 = 1 + 4 = 5, which was our original number. Bits per second (bps) The number of bits transmitted every second, used as a measure of the speed at which a device, such as a modem, can transfer data. Boot The process of starting a computer. When first turned on (cold boot) or reset (warm boot), the computer runs the BIOS POSTs and other routine checks and then loads and starts the computer's operating system. Boot files The files needed to start an Operating System. With reference to Windows XP, ntldr and ntdetect.com. Boot partition The partition that contains the Operating System and its support files. The boot partition can be, but does not have to be the same as the system partition. Broadband connection A high-speed connection, usually pointing to Internet connectivity. Broadband includes DSL and cable modem service and are typically 256 kilobytes per second (KBps) or faster. Browser Program that decodes files from HTML format and displays them in a readable manner to the end user in the form of web pages. Some browsers allow users to read and send emails or listen to streaming audio or watch video files over the Internet. Common browsers include Internet Explorer, Opera, Netscape Navigator and Firefox. Buffer The process of collecting continuous fed information for output at once. In terms of hardware, a region of RAM reserved for use with data that is temporarily held while waiting to be transferred between two locations, such as between an application's data area and an input/output device. Bug A programming error that is left inside a program unconsciously. Bugs can be overcome by using the common ―On Error Resume Next‖ statement during programming, but it is not considered ethical. Programming bugs can sometimes be exploited by hackers to gain unauthorized access into computers. Example of a bug is when you add a number (integer) and a string (character) and try to assign this illogical computation to another integer. Another case could be when you try to divide a number by zero. Bugs usually cause the entire program to crash. The OS is not Page | 282
A Beginners Approach to Windows affected unless and until the program which has the bug is directly involved in the normal working of the OS itself. Burning The process of writing data from your computers hard disk or any other source to a CD ROM by using a specially designed device called a CD Writer or CD Burner. Bus A communication line used for data transfer among the components of a computer system. If you see the motherboard of your computer carefully you can see several lines running through the board, most of these carry data to and fro between various devices and the processor. A bus essentially allows different parts of the system to share data. Bytes A unit of data that typically holds a single character, such as a letter, a digit, or a punctuation mark. Some single characters can take up more than one byte. One byte is equal to 8 bits. For example the character ‗S‘ is ASCII 53 and hence the byte that equals the letter S is 01010011.
Cable modem A device that enables a broadband connection to the Internet by using cable television infrastructure. Access speeds vary greatly, with a maximum transfer of 10 megabits per second (Mbps). CD-R Recordable compact disc. Data can be copied to the CD on more than one occasion making them into multisession discs; however, data cannot be erased from the CD. CD-RW Rewritable compact disc. Data can be copied to the CD on more than one occasion and can be erased. Certificate A digital document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed by the issuing certification authority and can be issued for a user, a computer, or a service. Channel A path or link through which information passes between two devices.In terms of Internet terminology, a channel is a Web site designed to deliver content from the Internet to your computer, similar to subscribing to a favorite Web site. Client Any computer or program connecting to, or requesting the services of, another computer or program. Client can also refer to the software that enables the computer or program to establish the connection. Communication port A port on a computer that allows asynchronous communication of one byte at a time. A communication port is also called a serial port. You can connect various devices including printers and scanners to a serial port. Compatibility mode A feature of a computer or operating system that allows it to run programs written for a different system. Programs can be configured to run in compatibility mode of Windows 95, 2000 or NT on Page | 283
A Beginners Approach to Windows a Windows XP system. See the properties of the shortcut to the program. Programs often run slower in compatibility mode.
Default user The profile that serves as a basis for all user profiles. Every user profile begins as a copy of the default user profile. Windows XP has its default profile stored in C:\Documents & Settings\Default User\. Defragmentation The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval. Desktop The on-screen work area on which windows, icons, menus, and dialog boxes appear. This is also the first screen that a user sees when he/she logs on to a Windows system. Device Any piece of equipment that can be attached to a network or computer; for example, a computer, printer, joystick, adapter, or modem card, or any other peripheral equipment. Devices normally require a device driver to function with Windows. Device driver A program that allows a specific device, such as a modem, network adapter, or printer, to communicate with the operating system. Although a device might be installed on your system, Windows may not be able to use the device until you have installed and configured the appropriate driver. Device manager An administrative tool that you can use to manage the devices on your computer. Using Device Manager, you can view and change device properties, update device drivers, configure device settings, and uninstall devices. Right click on My Computer and select Manage >> Device manager. Dialog box A secondary window that contains buttons and various kinds of options through which you can configure certain settings or save or run some command or task. Digital video disc (DVD) A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. DVDs are often used to store full-length movies and other multimedia content that requires large amounts of storage space. DirectX An extension of the Microsoft Windows operating system that allows you to use the advanced multimedia capabilities of the hardware connected to your computer to play games and run other programs more efficiently. To configure DirectX settings, go to Start >> Run >> dxdiag. Domain A group of computers connected together primarily for administrative purposes. The domain is managed by a central domain controller that runs a database of information about the other systems on the network called the Active Directory. This database can be used to create users, groups and assign policies to the other computers on the network via the domain controller.
Page | 284
A Beginners Approach to Windows Double-byte characters A set of characters in which each character is represented by two bytes or 16 bits. Some languages, such as Japanese, Chinese, and Korean, require double-byte character sets. Download To transfer a copy of a file from a remote computer to the requesting computer by means of a modem or network. On the internet there are complete websites dedicated to downloading of software, music, movies, games and other files. Drive An area of storage that is formatted with a file system and has a drive letter. The storage can be a floppy disk, a CD, a hard disk, or another type of disk. You can view the contents of a drive by clicking its icon in My Computer. Dual boot A computer configuration that can start two different operating systems. Dynamic-link library (DLL) DLLs are files that contain extra functions or routines that are called by the main program only when needed. Many exe files carry dlls to lower their file size. For example Microsoft Word has its own dll files that contain functions to display toolbars in the main program. These dll files are installed along with the normal installation of Microsoft Word. An example that can be given here is the less heard impmail.dll that has the functions and routines to import mail in Outlook Express.
Egg Eggs are interesting programming ―mistakes‖ or bugs left on purpose in a program usually for the sake of fun. Eggs are usually not visible or seen unless a certain combination of keystrokes or some special input is given in the form of a number or string. Example of an egg in Windows is the solitaire egg. Open solitaire and press ALT + Shift + 2 on the keyboard to directly end the game. Embedded Object Information created in another program that has been pasted inside another document. When information is embedded, you can edit the information in the new document using toolbars and menus from the original program. For example, if you embed a audio file in a word document, you can play the audio by clicking on the toolbar that Word shows you when embedding is successful. Encrypting File System (EFS) The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003. (Windows XP Home doesn't include EFS) that allows transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. Unlike 3rd-Party encryption tools, EFS is fully integrated into the Windows Explorer shell, thus enabling easy encryption and decryption of files and folders. Encryption The process of disguising a message or data in such a way as to hide its actual meaning. This can be done by passing the message through an encryption algorithm that, for instance, replaces letters by their equivalent alphabetical numbers. Like A = 1, B = 2 etc, thus making the message difficult to read. The message is decrypted by passing it through a reverse algorithm. EULA End User License Agreement. This is a legal agreement between the company supplying the software and the end user containing all the legal aspects of distribution, installation and use of Page | 285
A Beginners Approach to Windows the software. The Windows EULA is displayed during installation and if you wish to read it after installation, you can open any explorer window and click on Help >> About Windows. In the dialog box that opens click on the blue End User License Agreement link to open the EULA.txt file. You can also manually read the EULA by going to Start >> Run >> eula.txt Extended characters Any of the 128 additional characters in the extended ASCII (8-bit) character set. These characters include those in several non-English languages, such as accent marks, and special symbols used for creating pictures like smileys (, ) etc. Extended partition Extended partitions are used to create multiple logical drives within themselves. Unlike primary partitions, you do not format an extended partition with a file system and then assign a drive letter to it. Instead, you create one or more logical drives within the extended partition. After you create a logical drive, you format it and assign it a drive letter. An MBR disk can have up to four primary partitions, or three primary partitions, one extended partition, and multiple logical drives. Extract Extraction is done to compressed files. When you extract a file, an uncompressed copy of the file is created in a folder you specify. The original file remains in the compressed folder. Popular compression formats include .zip, .rar and .tgz. Windows XP has inbuilt support for .zip files.
FAT A file system used by MS-DOS and other Windows-based operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. FAT32 A more efficient derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes. File extension A file extension is the text that follows the dot in a filename and which describes the contents and type of file and to some extent the application associated with it. For example Track.mp3 denotes the file to be a file of type audio or whatever.txt for that matter denotes a text file that can be opened and edited using notepad in Windows. File system In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems. File Transfer Protocol (FTP) A member protocol of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server. The ftp works through port 21. Firewall A software or hardware based program or a collection of them which prevents unauthorized access from the region defined as being outside the perimeter of a computing environment, can include the Local Area Network and/or the internet. A firewall basically prevents direct communication between network and external computers by routing communication through a dummy server outside of the network, which is called as a proxy server. The proxy server
Page | 286
A Beginners Approach to Windows determines whether it is safe to let a file pass through to the network. Most firewalls have comprehensive log files that describe communication attempts and other routing information. Flash Content Animation of text or characters or images with or without audio that are embedded into web pages for better appeal and effects. Flash is a product of Macromedia Inc. Flash is platform independent if the correct plug-in is installed. On Windows, the plug-in is found in the %systemroot%\system32\Macromed\Flash\ as Flash.ocx. Floppy Disk A reusable magnetic storage medium. The floppy disk used today is the rigid 3.5-inch disk that holds 1.44 MB. Font A graphic design that is applied to text or characters and symbols. A graphic design applied to a collection of numbers, symbols, and characters. A font describes a certain typeface, along with other qualities such as size, spacing, and pitch. Common fonts include Arial, Verdana and Tahoma Fragmentation When a file is copied from an external source to a physical disk (e.g. hard disk) the file is copied to all the free areas of the disk irrespective of the location. This causes an increase in fetching and retrieval of the file. This scattering is called file fragmentation.
Gigabyte (GB) 1,024 megabytes, though often interpreted as approximately one billion bytes. Guest An account specifically meant to provide restricted access to resources on a Windows XP computer. Guest users can login and check their mail and then logoff.
Hard disk A device, also called hard disk drive, that contains one or more inflexible platters coated with material in which data can be recorded magnetically with read/write heads. The hard disk exists in a sealed case that protects it and allows the head to fly 10 millionths to 25 millionths of an inch above the surface of a platter. Data can both be stored and accessed much more quickly than on a floppy disk. The primary storage medium for home and office computers. Hardware Any physical component of a computer that includes any peripheral equipment like printers, external modems, keyboards and mice. Hardware profile Data that describes the configuration and characteristics of specific computer equipment. This information can be used to configure computers for using peripheral devices. Different hardware profiles may be created by disabling or enabling devices. Hibernation A state in which your computer shuts down after saving everything in memory on your hard disk. When you bring your computer out of hibernation, all programs and documents that were open are restored to your desktop. Hibernation, if enabled can be accessed by pressing the Shift button during the Shutdown option display.
Page | 287
A Beginners Approach to Windows Hive A section of the registry that appears as a file on your hard disk. By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor to edit the file. Host Any Windows computer that runs a service program or any other program to which other computers on the network require access to. Some computers are specifically configured to run as servers for various client machines. Examples include telnet, web hosting and ftp servers. HTTP (Hypertext Transfer Protocol) The protocol used to transfer information on the World Wide Web. A type of HTTP address takes the form: http://www.microsoft.com. Hub A common connection point for devices in a network. Typically used to connect segments of a local area network (LAN), a hub contains multiple ports. When data arrives at one port, it is copied to the other ports so that all segments of the LAN can see the data. Hue The position of a color along the color spectrum. For example, green is between yellow and blue. This attribute can be set using Display in Control Panel. Hyperlink Colored and underlined text or a graphic that you click to go to a file, a location in a file, an HTML page on the World Wide Web, or an HTML page on an intranet. Hyperlinks can also go to newsgroups and to Gopher, Telnet, and FTP sites. HTML (Hypertext Markup Language) A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links. Most web pages that are available online are written in HTML.
Icon A small image displayed on the screen to represent an object that can be manipulated by the user. Icons serve as visual mnemonics and allow the user to control certain computer actions without having to remember commands or type them at the keyboard. You can double click an icon to open the file or folder or drive. More functions are available on the right click of the icon. IDE (Integrated Device Electronics) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate adapter card. Most home computer motherboards have 2 IDE channels on which you can connect maximum 4 IDE devices. Common IDE devices include Hard disk drives, CD ROM drives and DVD Drives. IIS (Internet Information Services) Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Page | 288
A Beginners Approach to Windows Insertion point The place where text will be inserted when typed. The insertion point usually appears as a flashing vertical bar in an application's window or in a dialog box. Install When referring to software, to add program files and folders to your hard disk and related data to your registry so that the software runs properly. Installing contrasts with upgrading, where existing program files, folders, and registry entries are updated to a more recent version. When referring to hardware, to physically connect the device to your computer, to load device drivers onto your computer, and to configure device properties and settings. Internet A worldwide network of millions of computers. If you have access to the Internet, you can retrieve information from millions of sources, including schools, governments, businesses, hospitals, shopping malls, military installations, industries, space agencies and individuals. You can connect to the internet through phone lines, direct cables or through an ISP. Internet address An address for a resource on the Internet that is used by Web browsers to locate Internet resources. An Internet address typically starts with a protocol name, followed by the name of the organization that maintains the site; the suffix identifies the kind of organization it is. For example, the address http://www.yale.edu/ provides the following information: http: This Web server uses the Hypertext Transfer Protocol. www: This site is on the World Wide Web. edu: This is an educational institution. Internet address is also called Uniform Resource Locator (URL). Interrupt A request for attention from the processor. When the processor receives an interrupt, it suspends its current operations, saves the status of its work, and transfers control to a special routine known as an interrupt handler, which contains the instructions for dealing with the particular situation that caused the interrupt. Intranet A network within an organization that uses Internet technologies and protocols, but is available only to certain people, such as employees of a company. An intranet is also called a private network. IP address A 32-bit address used to identify a node on an IP inter-network. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27) ISDN (Integrated Services Digital Network) A high-speed digital telephone service that can dramatically increase the speed at which you connect to the Internet or to your corporate LAN (local area network). ISDN can operate at 128 kilobytes per second (Kbps), which is five or more times faster than many analog modems. ISP (Internet service provider) A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password, and other connection information so users can connect their computers to the ISP's computers. An ISP typically charges a monthly or hourly connection fee.
Page | 289
A Beginners Approach to Windows
Keyboard Standard input device for computers having keys for characters and numbers along with secondary keys that provide additional functionalities. Many keyboards nowadays have around 102 keys. Kilobyte (KB) 1,024 bytes, though often interpreted as 1,000 bytes.
LAN (Local Area Network) LANs are network restricted to a specific locality but may take upto 500 computers and other devices including switches, hubs, USB devices, routers and cable modems. Linked Object An object that is inserted into a document but still exists in the source file. When information is linked, the new document is updated automatically if the information in the original document changes. If you want to edit the linked information, double-click it. The toolbars and menus from the original program will appear. If the original document is on your computer, changes that you make to the linked information will also appear in the original document. Log file A file that stores messages generated by an application, service, or operating system. These messages are used to track the operations performed. For example, Web servers maintain log files listing every request made to the server. Log files are usually plain text (ASCII) files and often have a .log extension. Logical Drive A volume that you create within an extended partition on a basic master boot record (MBR) disk. Logical drives are similar to primary partitions, except that you are limited to four primary partitions per disk, whereas you can create an unlimited number of logical drives per disk. A logical drive can be formatted and assigned a drive letter which can be then accessed from My Computer or by using the Windows Explorer. Logon The process of connecting to a computer by using a username and password. Locally, on a Windows XP system, Logon refers to the process of confirming your identity with the SAM by entering a username and password (if required) and then loading a pre-saved set of user environment for the user. Logon script Typically a batch file, a logon script runs automatically every time the user logs on. It can be used to configure a user's working environment at every logon. Long name A folder name or file name longer than the 8.3 file name standard (up to eight characters followed by a period and an extension of up to three characters) of the FAT file system. Windows XP supports long file names up to 255 characters.
Master IDE device Any device connected to an IDE channel on the motherboard and which is configured to be a master by means of jumper settings on the device. Masters have higher data transfer priority than slaves.
Page | 290
A Beginners Approach to Windows Maximize To enlarge a window to its largest size by clicking the Maximize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing X. MBR (Master Boot Record) The first sector on a hard disk, which starts the process of booting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code. Megabyte (MB) 1,048,576 bytes, though often interpreted as 1 million bytes. Minimize To reduce a window to a button on the taskbar by clicking the Minimize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing N. Modem (Modulator/Demodulator) A device that allows computer information to be transmitted and received over a telephone line. The transmitting modem translates digital computer data into analog signals that can be carried over a phone line. The receiving modem translates the analog signals back to digital form. Motherboard The main circuit board of a microcomputer. The motherboard contains the connectors for attaching additional boards. The processor, IDE channels (if any), floppy disk controllers and memory modules are connected to the motherboard. Mounted Drive A drive attached to an empty folder on an NTFS volume. Mounted drives function the same as any other drive, but are assigned a label or name instead of a drive letter. The mounted drive's name is resolved to a full file system path instead of just a drive letter. Members of the Administrators group can use Disk Management to create mounted drives or reassign drive letters. MouseKeys A keyboard feature that enables you to use the numeric keypad to move the mouse pointer and to click, double-click, and drag. MS-DOS-based program A program that is designed to run with MS-DOS and therefore may not be able to take full advantage of all Windows features. My Computer A folder that is accessible through the start menu or the desktop and which shows all the disk drives and removable media connected to your computer. You can access all other drives (C:, D:, etc) through the icons shown in My Computer. To change the settings of your computer you can go to the Control Panel which is also displayed in My Computer. My Documents A folder that provides you with a convenient place to store documents, graphics, or other files you want to access quickly. When you save a file in a program such as WordPad or Paint, the file is automatically saved in My Documents, unless you choose a different folder.
Page | 291
A Beginners Approach to Windows
Network A group of computers and other devices, such as printers and scanners, connected by a communications link, enabling all the devices to interact with each other. Networks can be small or large, permanently connected through wires or cables, or temporarily connected through phone lines or wireless transmissions. The largest network is the Internet, which is a worldwide group of networks. Network adapter A device that connects your computer to a network. This device is sometimes called an adapter card or network interface card or a LAN card. Network administrator A person responsible for planning, configuring, and managing the day-to-day operation of the network. Network administrator is also called a system administrator. Network password A password that you use to log on to a network. You can make this the same as your Windows password, so you have only one password to remember. Notification area The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete or the Windows Activation reminder or CD burning files. NTFS file system An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression. Windows 98 does not support the NTFS file system, although you get third party software like NTFSDOS which can access the NTFS file system and copy data to a FAT drive through the DOS environment. Number System Any system for representing numbers. The four number systems available are decimal, hexadecimal, octal, and binary. Decimals are from 0 to 9 and their combinations, hexadecimal counts from 0 to 9 and then A, B, C, D , E and F where F is decimal 15 and hexadecimal 10 is decimal 16. Octal counts using 8 numbers and binary counts using 1 and 0 where binary 01 is decimal 1 and 10 is decimal 2, 11 is decimal 3, 100 is 4 and 101 is decimal 5 and so on.
OLE (Object Linking & Embedding) A way to transfer and share information between applications by pasting information created in one application into a document created in another application, such as a spreadsheet or word processing file. OpenType fonts Outline fonts that are rendered from line and curve commands, and can be scaled and rotated. OpenType fonts are clear and readable in all sizes and on all output devices supported by Windows. OpenType is an extension of TrueType font technology. Page | 292
A Beginners Approach to Windows
Overflow Overflow refers to the condition when a calculation gives an unexpected result or a result that cannot be stored or computed using the present architecture. Examples include divide by zero or the infinite calculation of the product of all integers etc. Most programs are written in such a way as to prevent overflows or to hang and terminate when met with such a condition.
Packet An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data. Page Fault The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present. In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started. Page Faults Delta In Task Manager, the change in the number of page faults since the last update. Paged Pool The system-allocated virtual memory that has been charged to a process and that can be paged. Paging is the moving of infrequently-used parts of a program's working memory from RAM to another storage medium, usually the hard disk. In Task Manager, the amount of system-allocated virtual memory, in kilobytes, used by a process. Paging File A hidden file on the hard disk that Windows uses to hold parts of programs and data files that do not fit in memory. The paging file and physical memory, or RAM, comprise virtual memory. Windows moves data from the paging file to memory as needed and moves data from memory to the paging file to make room for new data. Paging file is also called a swap file. In Windows the paging file is found at the root of drives and named as pagefile.sys. Partition A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it. On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes. Password A security measure used to restrict logon names to user accounts and access to computer systems and resources. A password is a string of characters that must be provided before a logon name or an access is authorized. A password can be made up of letters, numbers, and symbols, and it is case sensitive. Peak Memory Usage In Task Manager, the peak amount of physical memory resident in a process since it started. Phishing A technique employed by crackers on the Internet to steal sensitive information like Credit card numbers, Usernames and Passwords by displaying web pages that appear genuine, thereby
Page | 293
A Beginners Approach to Windows fooling users in using their personal details which could possibly be then redirected to the special servers that collect this information. Pixel Short for picture element, one spot in a rectilinear grid of thousands of such spots that form an image produced on the screen by a computer or on paper by a printer. A pixel is the smallest element that display or print hardware and software can manipulate to create letters, numbers, or graphics. A pixel is also called a pel. Plaintext Data that is not encrypted. Sometimes also called cleartext. Plug and Play A set of specifications developed by Intel that allows a computer to automatically detect and configure a device and install the appropriate device drivers. Power scheme A group of preset power-management options. For example, you can set elapsed times for putting your computer on standby and for turning off your monitor and hard disk. You save these settings as a named power scheme. Primary disk The hard disk drive that contains the system and boot partitions used to start Windows. Primary mouse button The button you use most often for clicking and double-clicking. The primary mouse button is the left button on most mice and trackball devices, and the lower button on some trackball devices, but you can switch the function of the buttons by using the Mouse Properties dialog box in Control Panel. Print queue A print queue is a list of documents waiting to be printed on the printer. In the print queue, you can see information such as the size of the document, who sent the document, and status information for printing. Print spooler Software that accepts a document sent to a printer and then stores it on disk or in memory until the printer is ready for it. This collection of dynamic-link libraries (DLLs) receives, processes, schedules, and distributes documents for printing. The term spooler is an acronym created from simultaneous print operations on line. Printer A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers. Program A complete, self-contained set of computer instructions that you use to perform a specific task, such as word processing, accounting, or data management. Program is also called application. Program information file (PIF) A file that provides information to Windows about how best to run MS-DOS-based programs. When you start an MS-DOS-based program, Windows looks for a PIF to use with it. PIFs contain such items as the name of the file, a start-up directory, and multitasking options.
Page | 294
A Beginners Approach to Windows Protocol A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.
Quick Launch A customizable toolbar that lets you display the Windows desktop or start a program (for example, Internet Explorer) with a single click. You can add buttons to start your favorite programs from the Quick Launch location on the taskbar.
RAM (Random Access Memory) Memory that can be read from or written to by a computer or other devices. Information stored in RAM is lost when the computer is turned off. Reboot To restart a computer by reloading the operating system. This can be done by performing either a cold boot, such as turning the computer off and then back on, or a warm boot, such as turning the computer off by going to Start >> Shut Down and then clicking Restart. Recovery Console A command-line interface that provides a limited set of administrative commands that are useful for repairing a computer. Recycle Bin The place in which Windows stores deleted files. You can retrieve files you deleted in error, or you can empty the Recycle Bin to create more disk space. Registered file type File types that are tracked by the system registry and are recognized by the programs you have installed on your computer. Request for Comments (RFC) An official document of the Internet Engineering Task Force (IETF) that specifies the details for protocols included in the TCP/IP family. Remote Administration Tool (RAT) A type of program that allows users to remotely control computers across the Internet or the Local Area Network. These applications, usually based on the Client-Server Architecture, allow the remote users complete access to system resources and memory. The remote user can move the mouse cursor and install and run programs amongst others. Notable examples include BackOrifice and NetBus. Undocumented RATs are considered to be malicious. Restore Point A representation of a stored state of your computer. Restore point is created by System Restore at specific intervals and when System Restore detects the beginning of a change to your computer. Also, restore point can be created by you manually at any time. Right-Click To position the mouse over an object, and then press and release the secondary (right) mouse button. Right-clicking opens a shortcut menu that contains useful commands, which change depending on where you click.
Page | 295
A Beginners Approach to Windows ROM An acronym for Read-Only Memory, a semiconductor circuit into which code or data is permanently installed by the manufacturing process. ROM contains instructions or data that can be read but not modified. Router In a Windows environment, hardware that helps LANs and WANs achieve interoperability and connectivity, and can link LANs that have different network topologies (such as Ethernet and Token Ring). Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance. Routing The process of forwarding a packet through an internetwork from a source host to a destination host.
Saturation In color management, the purity of a color's hue, moving from gray to the pure color. Scrap A file that is created when you drag part of a document to the desktop. Screen resolution The setting that determines the amount of information that appears on your screen, measured in pixels. Low resolution, such as 640 x 480, makes items on the screen appear large, although the screen area is small. High resolution, such as 1024 x 768, makes the overall screen area large, although individual items appear small. Script A type of program consisting of a set of instructions to an application or tool program. A script usually expresses instructions by using the application's or tool's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment. Script Kiddie Inexperienced malicious hackers who use tools written by other computer programmers and hackers to launch attacks against computer systems and networks and/or deface websites. Script kiddies lack the ability to write their own programs and attempt to hack to impress friends or gain popularity in underground hacking communities. SCSI (Small Computer System Interface) A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices such as hard disks and printers, and to other computers and local area networks (LANs). Select To specify a block of data or text on screen by highlighting it or otherwise marking it, with the intent of performing some operation on it. Server In general, a computer that provides shared resources to network users. Service A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. Some examples of services are the Page | 296
A Beginners Approach to Windows Security Accounts Manager service, File Replication service, and Routing and Remote Access service. Share To make resources, such as folders and printers, available to others. Shared folder A folder on another computer that has been made available for other people to use on the network. Shared printer A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for you to use. Shared printer is also called a network printer. Shortcut A link to any item accessible on your computer or on a network, such as a program, file, folder, disk drive, Web page, printer, or another computer. You can put shortcuts in various areas, such as on the desktop, on the Start menu, or in specific folders. Slave IDE device Any device connected to an IDE channel on the motherboard and which is configured to be a slave by means of jumper settings on the device. Slaves have lower data transfer priority than masters. Snap-in A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in. Sound card Accessory expansion board for personal computers that permits recording and playing back sound. Sound file A sound file contains information that Windows uses to play sounds on your computer. Sound files have the file name extension .wav. Standby A state in which your computer consumes less power when it is idle, but remains available for immediate use. While your computer is on standby, information in computer memory is not saved on your hard disk. If there is an interruption in power, the information in memory is lost. Subnet mask A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.x.x.x. Switching hub A advanced hub that forwards packets to specific ports rather than, as in conventional hubs, broadcasting every packet to every port. In this way, the connections between ports deliver the full bandwidth available.
Page | 297
A Beginners Approach to Windows System Partition The partition that contains the boot files needed to start the Operating System (Ntldr, Boot.ini, NtDetect.com), usually the C: drive in My Computer. The system partition can be but does not have to be, the same as the boot partition. System Restore An inbuilt tool of Windows that tracks changes to your computer and creates a restore point when it detects the beginning of a change. You can use the System Restore Wizard to select a restore point to restore your computer to an earlier state when your computer was functioning the way you like. Systemroot The path where the Windows system files are located. Typically, this is C:\Windows, although you and folder name can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Window system files in any script or code. %systemroot% is an Global environment variable. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.
Tab Part of a dialog box that resembles blocks on top which when selected or clicked upon provide navigation between different sections of information in the dialog box. Task Manager A utility that provides information about programs and processes running on the computer. Using Task Manager, you can end or run programs and end processes, and display a dynamic overview of your computer's performance. Taskbar The bar that contains the Start button and appears by default at the bottom of the desktop. You can click the taskbar buttons to switch between programs. You can also hide the taskbar, move it to the sides or top of the desktop, and customize it in other ways by changing its properties. TCP/IP A set of networking protocols widely used on the Internet that provides communications across interconnected networks of computers with diverse hardware architectures and various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic. Telnet A terminal-emulation protocol that is widely used on the Internet to log on to network computers. Telnet also refers to the application that uses the Telnet protocol for users who log on from remote locations. Telnet servers usually run on port 23. Thumbnail A miniature version of an image that is often used for quick browsing through multiple images. Title Bar The horizontal bar at the top of a window that contains the name of the window. On many windows, the title bar also contains the program icon, the Maximize, Minimize, and Close buttons, and the optional ? button for context-sensitive Help. To display a menu with commands such as Restore and Move, right-click the title bar.
Page | 298
A Beginners Approach to Windows ToggleKeys A feature that sets your keyboard to beep when one of the locking keys (CAPS LOCK, NUM LOCK, or SCROLL LOCK) is turned on or off. Toolbar In a program in a graphical user interface, a row, column, or block of on-screen buttons or icons. When clicked, these buttons or icons activate certain functions, or tasks, of the program. For example, the toolbar in Microsoft Word contains buttons for, among other actions, changing text to italic or boldface, and for saving or opening a document. Users can often customize toolbars and move them around on the screen. Trojan Horse Broadly speaking a Trojan Horse is an application that impersonates as another common application in order to receive information. Trojan horses have also been used in common reference to Remote Control Tools, applications that when executed on a computer gives an attacker complete control of the remote system. Netbus, SubSeven, BackOrifice are well known Trojan Horses.
Unallocated space Available disk space that is not allocated to any volume. The type of volume that you can create on unallocated space depends on the disk type. On basic disks, you can use unallocated space to create primary or extended partitions. On dynamic disks, you can use unallocated space to create dynamic volumes. Use the Disk Management console under Computer Management to view and create Partitions. Unallocated Space can be formatted into a drive that can be used to store data. Unicode A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode character collection has multiple representation forms, including UTF-8, UTF-16, and UTF-32. Unicode Transmission Format 8 (UTF-8) A character set for protocols evolving beyond the use of ASCII. The UTF-8 protocol provides for support of extended ASCII characters and translation of UCS-2, an international 16-bit Unicode character set. UTF-8 enables a far greater range of names than can be achieved using ASCII or extended ASCII encoding for character data. Uninstall When referring to software, the act of removing program files and folders from your hard disk and removing related data from your registry so the software is no longer available. This is usually done through the Add/Remove Programs applet of Control Panel. Many programs come shipped with their own uninstallers. When referring to hardware, the act of removing the corresponding device drivers from your hard disk and physically removing the device from your computer. UPS (Uninterruptible Power Supply) A device connected between a computer and a power source to ensure that electrical flow is not interrupted. UPS devices use batteries to keep the computer running for a period of time after a power failure. UPS devices usually provide protection against power surges and brownouts as well. UPS service A service that manages an uninterruptible power supply (UPS) connected to a computer.
Page | 299
A Beginners Approach to Windows URL (Uniform Resource Locator) An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded with http://. A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm. For example http://www.geocities.com/frozencasanova/index.html. USB (Universal Serial Bus) An external bus that supports Plug and Play installation. Using USB, you can connect and disconnect devices without shutting down or restarting your computer. You can use a single USB port to connect up to 127 peripheral devices, including speakers, telephones, CD-ROM drives, joysticks, tape drives, keyboards, scanners, and cameras. A USB port is usually located on the back of your computer near the serial port or parallel port. USB port An interface on the computer that enables you to connect a Universal Serial Bus (USB) device. USB is an external bus standard that enables data transfer rates of 12 Mbps (12 million bits per second). USB ports support a plug that is approximately 7 mm x 1 mm. User A person who uses a computer. If the computer is connected to a network, a user can access the programs and files on the computer, as well as programs and files located on the network (depending on account restrictions determined by the network administrator). User account A record that consists of all the information that defines a user to Windows. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network, and accessing their resources. For Windows XP Professional and member servers, user accounts are managed with Local Users and Groups. For Windows Server domain controllers, user accounts are managed with Microsoft Active Directory Users and Computers. User name A unique name identifying a user account to Windows. An account's user name must be unique among the other group names and user names within its own domain or workgroup. User password The password stored in each user's account. Each user generally has a unique user password and must type that password when logging on or accessing a server.
Video adapter An expansion board that plugs into a personal computer to give it display capabilities. A computer's display capabilities depend on both the logical circuitry (provided in the video adapter) and the monitor. Each adapter offers several different video modes. The two basic categories of video modes are text and graphics. Within the text and graphics modes, some monitors also offer a choice of resolutions. At lower resolutions a monitor can display more colors. Most modern adapters contain memory, so that the computer's RAM is not used for storing displays. In addition, most adapters have their own graphics coprocessor for performing graphics calculations. These adapters are often called graphics accelerators. Popular examples include the NVidia GeForce and Banshee graphics accelerators. Virtual DOS Memory (VDM) VDM simulates a 16-bit environment, complete with the dynamic-link libraries (DLLs) that 16-bit programs require. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run Page | 300
A Beginners Approach to Windows simultaneously. VDM can be manually selected by using the Run in Separate Memory Space option in the Run box. Virtual memory Temporary storage used by a computer to run programs that need more memory than it has. For example, programs could have access to 4 gigabytes of virtual memory on a computer's hard drive, even if the computer has only 32 megabytes of RAM. The program data that does not currently fit in the computer's memory is saved into paging files. VPN (Virtual Private Network) The extension of a private network that includes encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet. VoIP (Voice over Internet Protocol) A method for sending voice over a LAN, a WAN, or the Internet using TCP/IP packets. Volume An area of storage on a hard disk. A volume is formatted by using a file system, such as FAT or NTFS, and has a drive letter assigned to it. You can view the contents of a volume by clicking its icon in Windows Explorer or in My Computer. A single hard disk can have multiple volumes, and volumes can also span multiple disks.
WAN (Wide Area Network) A communications network connecting geographically separated computers, printers, and other devices. A WAN allows any connected device to interact with any other on the network. Window A portion of the screen where programs and processes can be run. You can open several windows at the same time. For example, you can open your e-mail in one window, type a letter in another, copy files from a floppy disk in another window, and play a game of solitaire in another window. Windows can be closed, resized, moved, minimized to a button on the taskbar, or maximized to take up the whole screen. Wizard A tool that guides a user through the steps of a process or task by asking a series of questions or presenting options. For example, wizards might help you to start up a word processing document, install software, or create an internet connection for the first time. Workgroup A group of computers connected in a network primarily for the purpose of sharing resources and files. Unlike a domain there is no central database and each system acts as a standalone machine. Suitable for small office and home networks. World Wide Web A system for exploring the Internet by using hyperlinks. When you use a Web browser, the Web appears as a collection of text, pictures, sounds, and digital movies. Writable CD Recordable compact disc (CD-R) or rewritable compact disc (CD-RW). Data can be copied to the CD on more than one occasion. Rewritable compact discs can also be erased and new data can be written on it using a CD Writer.
Page | 301
A Beginners Approach to Windows
X86 Refers to microprocessors that have or imitiate the 32-bit Intel processor architecture. Pentium I, II, III and IV, Celeron are all examples of X86 processors.
Page | 302
A Beginners Approach to Windows
Answers to Challenges Chapter I: Challenge: Change boot sequence. Solution: This procedure may not work on your computer due to difference in motherboards and the CMOS. Please refer to your Motherboard manual on how to get into the BIOS Setup. Long cut method: When your computer starts you can press the DELETE key just after you hear the first beep or when the “Hit
Page | 303
A Beginners Approach to Windows Chapter II: Challenge 1: Create a Windows 98 Startup disk. Solution: This is an easy job. Windows 98 DOS mode can be started from a floppy disk. You will not be able to use the Graphical Interface instead you can work in the DOS mode and correct problems. To create a startup disk, insert a floppy into the floppy drive. Open My Computer and right click on the 3 ½ inch Floppy drive icon. From the right click menu select Format. In the format page that opens, put a tick mark where it says Create Startup Disk. Click on Format to obtain a bootable floppy disk. Challenge 2: Change the name of your computer, AFTER installing Windows XP completely. Solution: To change the name of your computer, Right click on My Computer and select Properties. Click on the second tab after General called „Computer Name‟. Under this tab, click on Change. Enter a new name for your computer. This name can be 15 characters long and should consist of standard characters (A-Z, numbers 0-9, and hyphen). The name should not have a full stop and should not have all its characters as numbers. Please do not use the name of any user on the computer. You may be asked to restart your computer.
Page | 304
A Beginners Approach to Windows Chapter III: Challenge 1: This is for users with a single OS; Enable the visibility of the boot.ini file at system startup. Solution: The boot.ini file may be Read Only and/or Superhidden as a system file. To remove these attributes, go to My Computer >> C: 1. If the boot.ini file is visible (which is rarely the case) Right-Click on it and select Properties. Under the General tab remove the check mark against the Read-only box. Click on OK to save attributes and exit. 2. If the boot.ini file is not visible, go to View >> Folder Options (Windows 98) or Tools >> Folder Options on the Menu Bar (right on top). Once Folder Options opens go to the second tab (View) and then scroll down to remove the check mark next to the option saying Hide Protected Operating System files. You will be presented with a warning. Click on Yes. Also select the Show hidden files and folders option and Hide extensions for known file types. Click on Ok to close the Folder Options dialog box. You should now be able to see the file. Remove the read only attribute by following the steps mentioned under 1. This challenge is meant for users with a single OS on their computers since the boot.ini file is always visible for people with multi-OS scenario. Its an easy job if you have fully understood the boot.ini file. We know that the boot.ini file is displayed only if the computer has 2 or more than 2 OSs. That means we will have to make the computer believe that there are two OSs when actually there is only one installed. To do this open the boot.ini file. On a single OS system the boot.ini file should look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect Now just copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Test for boot" and add switches like /NOGUIBOOT and /SOS. Press Ctrl + S to save the file. Close the file and restart by going to Start >> Turn Off Computer >> Restart. Should work. Please undo the changes done to C: drive (Folder Options changes) to prevent accidental deletion or modification of important system files.
Page | 305
A Beginners Approach to Windows Challenge 2: Make the Windows Calculator run at system startup for all users without using the registry. Solution: Goto C:\Documents and Settings\All Users\Start Menu\Programs\Startup where C:\ is the drive in which Windows is installed, and Right-Click anywhere in the blank space in the folder. Select New >> Shortcut from the right-click menu. Type calc.exe in the space reserved for the location of the item. Click Next and then type any name for the shortcut. Click on Finish to create the shortcut. Press F5 to refresh the Window. If the Startup folder does not exist, you can create it by selecting New >> Folder from the right-click menu and name it as Startup. Logoff or restart to see the effect. This method does not work on Windows 98 because there is no Documents and settings or All Users folder on Windows 98 systems. Challenge 3: Convert the normal start menu to the Classic Start Menu and remove „Run‟ from it. Solution: Right-click on the start button and select Properties. Select the Classic Start Menu option under the start menu tab and press Apply. To remove run from the start menu, click on Customize and remove the check mark against the Display Run option. Click on Ok to close the Customize Classic Start Menu dialog box. Press on OK to close the Taskbar and Start Menu Properties dialog box. Click on Start to see the changes.
Challenge 4: Drag and put the entire Taskbar right on top of the desktop. Solution: To do this the Taskbar should not be locked. To unlock the Taskbar, Close all open windows then right-click anywhere on the taskbar except on the Start Button. Remove the tick mark against the Lock the Taskbar. Then give a single left click on the Taskbar and without leaving the mouse button drag the Taskbar to the top of the desktop and leave the mouse button.
Page | 306
A Beginners Approach to Windows Chapter IV: Challenge 1: Change the Icons for My Computer and My Documents. Solution: Right Click on an empty space on the desktop and select Properties. Once the Display Properties dialog box opens up go to the second tab that is the Desktop tab and click on Customize Desktop. In the new Desktop Items dialog that opens, click on the My Computer icon and click on Change Icon. You can then select an icon from explorer.exe or you can Browse for an icon of your choice. A better choice would be the shell32.dll file. Just type in the location of the file which is: %SystemRoot%\system32\shell32.dll in the Look for icons in this file and press Enter and select any icon from the huge list displayed. Repeat the procedure for My Documents. You can also open Display Properties by going to Start >> Settings >> Control Panel >> Display. Challenge 2: Create a Folder called Test in your C: drive and add this folder to the Send To menu of the right click context menu of files and folders. Solution: Create an empty folder in C:\ drive by giving a right click in an empty space in the drive and selecting New >> Folder. Name the folder to Test. Now go to Start >> Run and type %homepath%\SendTo\ Once you are in the SendTo folder, create a new shortcut to the C:\Test folder by giving a right click in any empty space and selecting New >> Shortcut and type C:\Test in the location box and click on Next, name the shortcut as Test and click on OK. Now you can easily right click on any file or folder and use Send To >> Test to create a copy of the file or folder in C:\Test. Challenge 3: Search the executable that is actually running as the Security Accounts Manager service. Solution: Here there are two tasks; one is to find out what is the actual executable (.exe) that is running as the Security Accounts Manager and the second task is to locate the file on your computer. To do both, open the Services Console by going to Control Panel >> Administrative Tools >> Services or go to Start >> Run and type services.msc. In the list of services that is being displayed scroll down to locate the Security Accounts Manager service. Double click on it or right-click select Properties. Under the General tab (the first one) see what the „Path to executable‟ is. It should be C:\WINDOWS\system32\lsass.exe that means that the executable we are in search of is lsass.exe which stands for Local Security Authority Subsystem. Challenge 4: Open Task Manager and locate the Security Accounts Manager service executable and try killing it and note the error. Solution: This one is easy. Open task manager in any way you want and go to the Processes tab and search for lsass.exe in the Image Name column. Right click on it and say End Process. Windows will prompt a message saying it is unable to terminate the process because it is a critical system process. The Security Accounts Manager is responsible for authentication of users logging on and manages all accounts on a computer. There are methods to kill critical processes too but they may cause your system to behave abnormally and in the case of lsass.exe, the computer restarts. Hence it is advised not to end processes, whatever they may be, without knowing the after effects of doing this.
Page | 307
A Beginners Approach to Windows Challenge 5: The default for opening *.txt files is Notepad, change that to WordPad. Solution: Open the Folder Options dialog by going to Tools >> Folder Options of any explorer window. Go to the File Types tab and wait for some time till the list of file extensions populates. Scroll down to find the txt extension, once found click on Change to open the Open With dialog box. Scroll down to find WordPad or Windows Write, if it is not there then click on Browse and in the File name text field type \Windows\system32\write.exe click on Open, OK and OK again to close folder options. Now the next time you double click on a .txt file, it will open in WordPad. Challenge 6: Add a separate option to the right click menu of *.jpg files. The option should be Open with MSPaint and the selection of the option should open the *.jpg file in MSPaint. Solution: This one is slightly tricky. Read carefully to achieve the correct result. Open Folder Options by going to Tools >> Folder Options of any explorer window. Go to the File Types tab and wait for some time till the list of file extensions populates. Scroll down to find the jpg extension, once found click on the extension name to see details in the lower frame. Click on the Advanced button to open the Edit File Type dialog box. Click on New and type Open with MSPaint in the Action text box. Then Browse for the Paint application, you will find it in the System32 folder in C:\Windows\. Click on OK, OK and Close to close Folder Options. Now go to any .jpg file and right click to see the change. To make your option the default, you can also click on Set Default button to make MSPaint your default option to open .jpg files. Challenge 7: Create a System Restore Point with the name System Restore Test. Solution: Go to Start >> All Programs >> Accessories >> System Tools >> System Restore to start the System Restore utility. Select the option of Create a restore point and then click Next. Type System Restore Test in the field for Restore point description and click on Create to complete the challenge.
Page | 308
A Beginners Approach to Windows Chapter V: Challenge 1: Make all the drives accessible from C:\ drive through folders like D Drive, E Drive etc. Solution: Create two folders if you have two drives (other than your C: drive), called D Drive and E Drive. Then open Administrative Tools >> Computer Management. In Computer Management click on Disk Management. In the right half right click on the D Drive block displayed and select Change letter and paths… Click on Add and then in the Add Drive Letter or Path dialog click on Browse and locate the folder you had created in C: Drive. Click on Ok to mount the Drive in to the folder. Repeat the steps for the other Drives also. You will now be able to access all the drives through your C:\ drive itself. Challenge 2: Convert the AM and PM to MA and MP respectively. Solution: Open Regional and Language Options through the Control Panel. Under the Regional Options tab click on Customize. Under the Customize Regional Options, click on the Time tab. In the text field for AM Symbol select AM and type MA or whatever you want. Do not make it too long else you will not be able to see. Repeat the same with PM Symbol field too. Click on OK to save and Exit. Challenge 3: Create a user environment variable to open the Windows Product Activation wizard by using the variable ACT. Solution: Open System Properties. Go to the Advanced tab. Click on Environment Variables. Under the User variables for %username% click on New and type in the variable name as ACT. In the variable value type the following without the quotes: “c:\WINDOWS\system32\oobe\msoobe.exe /a”. Click on OK to create. Click on OK on the main dialog to save and exit. Go to Start >> Run and type %ACT% to start the activation wizard. Challenge 4: Record your voice and save it as Audio1.wav. Now make it as your Windows XP startup sound. Solution: You will have to record your voice first. To do that, go to Start >> Programs >> Accessories >> Entertainment >> Sound Recorder to start the Sound Recorder. Adjust and check your microphone. See that there is output from the speakers. After confirming all this, click on the red record button and say something in the microphone to record it. After finishing stop the recording and click on File >> Save and type the name of the file as Audio1.wav and save it in a convenient location. For the second part of this challenge open your Sounds and Audio Devices Properties. Under the Sounds tab, under the Program Events scroll down to find Start Windows. Once found select it and click on Browse to locate your recorded wav file. You can even Preview play it in the Browse dialog. Click Ok to save changes and exit. This sound is user specific hence if some other user logs on, he/she will be greeted by the original Windows startup sound.
Page | 309
A Beginners Approach to Windows Chapter VI: Challenge 1: Make Windows check your D: drive for errors at startup. Solution: Open cmd.exe and type chkdsk D: /F. If cmd.exe says that Chkdsk cannot run because the volume is in use by another process and asks you whether you would like to force a dismount first press N for No and then cmd will inform you that Chkdsk cannot run because the volume is in use by another process. Then you will be asked the question you were waiting for. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N). Press Y to say Yes and complete the challenge. Challenge 2: Start cmd.exe at system startup with the background color as blue and the foreground color as white. Solution: This one is easy if you have understood the previous chapters and the arguments of cmd.exe. Open My Computer and navigate to C: >> Documents and Settings >> All Users >> Start Menu >> Programs >> Startup. Right click and select New >> shortcut. In the create shortcut dialog type cmd.exe /T:1F. Click Next and type a name for the shortcut and click on Finish to create shortcut. Restart or logoff Windows to see the effect. Challenge 3: Create a drive in My Computer for C:\Windows. Solution: Open cmd.exe and type subst K: C:\Windows. A drive with the letter K will be created in My Computer which will give direct access to C:\Windows. Challenge 4: Redirect the Output of tree to a text file in your D: drive by name tree.txt and open it in notepad. Then open the file in cmd.exe and view the contents in both. Solution: This somewhat tricky. Since we now know that using tree at the top or somewhere close to the root of drive will cause all the several sub directories to expand and get displayed in the prompt window. A smart thing would be to use cmd and dive deep into some directory and then take a tree shot at it. Open cmd.exe and change the current working directory to C:\Windows\System32\ by typing cd /D C:\Windows\System32. Then tree and check if the output comes under the medium category range. It should…. Now type tree >> D:\tree.txt to redirect the output of tree to D:\tree.txt. Go to D: drive and open the file and check the contents. Instead of straight lines you will see that there are unrecognizable characters. Now go back to command prompt and type type D:\tree.txt, to will get to see the same output as a normal tree command. The difference in character printing comes from the fact that the notepad file that is created stores ANSI characters and the lines are drawn using Unicode characters. The values remain same and they are decoded back to lines when you use type at the command prompt.
Page | 310
A Beginners Approach to Windows Chapter VIII: Challenge 1: Add an option in the boot.ini file to start Windows in safe mode with networking. Solution: Copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two entries in the boot.ini. Your file should now look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft Windows XP Safe Mode with NW" and add the safe mode switch /SAFEBOOT: NETWORK. Press Ctrl + S to save the file. So the final structure of your boot.ini file should be soething like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition Safe Mode with Network" /safebooot: network Note that the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect may vary on your computer depending on your hard disk and location of your Windows installation, in such cases copy the line that is present in your Boot.ini file. Challenge 2: Change the time for which the Windows Advanced Recovery Menu should be visible.
Solution: The Advanced Recovery Menu is visible if your system restarts unexpectedly during the loading screen or if it hangs during startup and/or if you have done a hard restart (you pressed the restart button on the cabinet). To change the time, right click My Computer on the desktop and select Properties. From the System Properties dialog, click on the Advanced tab and then click on Settings in the Startup and Recovery frame. In the Startup and Recovery dialog that opens up, change the Time to display recovery options when needed to what ever time you want. Click on OK and again OK on the System Properties dialog to save and close settings.
Page | 311
A Beginners Approach to Windows Chapter IX: Challenge 1: Add an option called “Open Paint” on the right click of the Start Button and all folders which will open MSPaint. Solution: You have to edit the registry at two places. Open the registry editor and go to HKEY_CLASSES_ROOT\Folder\shell\. Under shell\ create a new key and name it to Open Paint. Create another key below it and name it as command. In the right hand pane, modify the value of Default to mspaint. This will cause a command called Open Paint to be visible on the right click of any folder causing mspaint to run when executed. For the Start button, go to HKEY_CLASSES_ROOT\Directory\shell\ and under shell\ create a new key and name it to Open Paint. Create another key below it and name it as command. In the right hand pane, modify the value of Default to mspaint. Should Work. Challenge 2: Change the shell to Command Prompt. When Windows starts cmd.exe should run instead of Explorer.exe as the Windows shell. Solution: Open the registry editor and navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\. In the right hand pane, find a string called Shell and change its value to cmd.exe. The next time you start your computer or if you log off and log on, cmd.exe will fire up instead of explorer.exe. Challenge 3: Clear the recent file history of Windows Media Player. Solution: For a novice this could be a little time consuming to get to the correct key, so you can employ a small trick. First open any media file in Windows Media Player, after the file opens, close Media Player. Now open the registry editor and go to Edit >> Find and enter the name of the media file in the search box. Bear one thing in mind to select the HKEY_CLASSES_ROOT key selected so that the program searches from the start. Press F3 to continue searching after an entry is found. Keep searching till the search points to a RecentFileList key. Delete the entry for your media file and note the path to the key for future usage. For advanced users, here is the key: HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList\. You can delete the entire RecentFileList key also; Windows Media Player will recreate it when a new file is opened. Challenge 4: Change the My Computer Tooltip to anything of your choice. Solution: Let us employ the same trick again. Open regedit and search for My Computer keeping the HKEY_CLASSES_ROOT key selected. Search till you have located My Computer as the Default of a string value. You will get the correct key after around two searches. The key should be HKCR\CLSID\ {20D04FE0-3AEA-1069-A2D808002B30309D}\. In the right hand pane rename InfoTip to InfoTip.old and then create a new expandable string value and name it as InfoTip. Modify its value to anything you want. Refresh the registry by pressing F5. Changes are immediate. Challenge 5: Hide all the Items on the Desktop. Solution: This can be done by simply right clicking on the desktop and going to Arrange Icons by and removing the check against the Show Desktop Icons option. The registry method is as follows; open regedit and navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and create a new DWORD value called NoDesktop and modify its value to 1. Do the same under the Local
Page | 312
A Beginners Approach to Windows machine key also i.e Windows\CurrentVersion\Policies\Explorer.
under
HKLM\Software\Microsoft\
Challenge 6: Change the Warning text that is displayed when you remove the check against the Hide protected operating system files option in Folder Options under the View tab. Solution: This is slightly tricky. Search for the string Warning and keep searching till you are in a location that has to do something with SuperHidden or Folder or Explorer or any of these terms. If you have got it right you should reach the following location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Superhidden. This entire folder key and its subkeys determine what you should see under Folder Options in explorer. In the right hand pane of the SuperHidden key rename WarningIfNotDefault to WarningIfNotDefault.old to restore the correct message back if you want. Create a new string value and name it as WarningIfNotDefault and modify its value to anything funny. Refresh the registry by pressing F5. Open Folder Options through Tools in explorer and under the View tab click on the Hide protected operating system files option and see your own customized message. Cool ain‟t it. See what self exploration can give you….. Challenge 7: Change the text in the Time Zone tab of Date & Time Properties in Control Panel. Change (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi to (GMT+05:30) Vasco, Panjim, Ponda, Margao. Solution: This one is easy, if you have understood the previous tricks. Open regedit and search for Kolkata or any of the other strings that you wish to change in the Time Zone tab of Date and Time Properties. You should reach the following location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\India Standard Time\. In the right hand pane, find and modify the string value called Display to (GMT+05:30) Vasco, Panjim, Ponda, Margao. Press F5 to refresh the registry. Open Date & Time Properties by double clicking the clock in the Taskbar and go to the Time Zones tab to see changes.
Page | 313
A Beginners Approach to Windows Chapter XI: Challenge 1: Create a folder called con in C:\. Solution: This looks like an impossible feat when you create a new folder and name it to con. You may also have tried console command – mkdir C:\con. It still didn‟t work. As I mentioned earlier in the chapter itself, con, nul and the others are reserved names for devices and you cannot by normal means create folders with their names. All right now for the solution: Open cmd.exe and type mkdir C:\con\.\. The folder will be created. Notice the interesting properties of this folder, check its size, date created and modified. Try copying data into it. Try deleting the folder or renaming it to anything else. What do you observe? To delete the folder, use cmd and the command rmdir C:\con\.\
Page | 314
A Beginners Approach to Windows
Appendix A The Standard ASCII Table This table lists the ASCII characters and their decimal, octal and hexadecimal numbers. Characters which appear as names in parentheses (e.g., (nl)) are non-printing characters. protege Char
Dec
Oct
Hex
Char
Dec
Oct
Hex
Nul (soh) (stx) (etx) (eot) (enq) (ack) (bel) (bs) (ht) (nl) (vt) (np) (cr) (so) (si) (dle) (dc1) (dc2) (dc3) (dc4) (nak) (syn) (etb) (can) (em) (sub) (esc) (fs) (gs) (rs) (us) (sp) ! " # $ |% & ' ( )
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
0000 0001 0002 0003 0004 0005 0006 0007 0010 0011 0012 0013 0014 0015 0016 0017 0020 0021 0022 0023 0024 0025 0026 0027 0030 0031 0032 0033 0034 0035 0036 0037 0040 0041 0042 0043 0044 0045 0046 0047 0050 0051
0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x20 0x21 0x22 0x23 0x24 0x25 0x26 0x27 0x28 0x29
@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
0100 0101 0102 0103 0104 0105 0106 0107 0110 0111 0112 0113 0114 0115 0116 0117 0120 0121 0122 0123 0124 0125 0126 0127 0130 0131 0132 0133 0134 0135 0136 0137 0140 0141 0142 0143 0144 0145 0146 0147 0150 0151
0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4a 0x4b 0x4c 0x4d 0x4e 0x4f 0x50 0x51 0x52 0x53 0x54 0x55 0x56 0x57 0x58 0x59 0x5a 0x5b 0x5c 0x5d 0x5e 0x5f 0x60 0x61 0x62 0x63 0x64 0x65 0x66 0x67 0x68 0x69
Page | 315
A Beginners Approach to Windows * + , . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
0052 0053 0054 0055 0056 0057 0060 0061 0062 0063 0064 0065 0066 0067 0070 0071 0072 0073 0074 0075 0076 0077
0x2a 0x2b 0x2c 0x2d 0x2e 0x2f 0x30 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x3a 0x3b 0x3c 0x3d 0x3e 0x3f
j k l m n o p q r s t u v w x y z { | } ~ (del)
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
0152 0153 0154 0155 0156 0157 0160 0161 0162 0163 0164 0165 0166 0167 0170 0171 0172 0173 0174 0175 0176 0177
0x6a 0x6b 0x6c 0x6d 0x6e 0x6f 0x70 0x71 0x72 0x73 0x74 0x75 0x76 0x77 0x78 0x79 0x7a 0x7b 0x7c 0x7d 0x7e 0x7f
To see the characters when you type in equivalent ASCII Decimal code, open Notepad, keep the ALT button pressed and type in the decimal number pertaining to the character. For example open Notepad and type 75 (from the Numpad) while keeping the ALT button pressed to get the letter K. You can also use the key combination of [ALT]+ X in Microsoft Word to convert characters to their ASCII equivalents and vice-versa.
Page | 316
A Beginners Approach to Windows
Appendix B List of Recovery Console Commands The following is a list of all the commands of the Recovery Console of Windows XP Home Edition.
Attrib Fixboot Batch Fixmbr Bootcfg Format Cd or Chdir Help Chkdsk Listsvc Cls Logon Copy Map Del or Delete Md or Mkdir Dir More or Type Disable Rd or Rmdir Diskpart Ren or Rename Enable Set Exit Systemroot Expand
Page | 317
Related Documents
A Beginner's Approach To Windows
April 2020 14
Java A Beginners Approach Good
June 2020 3
Beginners
November 2019 43
A Complexity Approach To Sustainability
May 2020 12
A Holistic Approach To Healing
April 2020 16