The Barnes & Noble Review
Windows XP Professional is gradually finding its way into more companies -- and Windows XP support skills are becoming ever more crucial. IT pros who would've once taken Microsoft's Windows 2000 MCSE core exam are signing up for the Windows XP Exam 70-270 instead. To pass it, they'll have to master tools and features they've had little experience with -- especially if they're at companies where earlier versions of Windows still dominate.
There only one way to compensate: Prepare for your exam even more carefully. MCSE Windows XP Professional ExamCram 2 (Exam 70-270) will jump-start your XP Professional preparation -- or support your last-minute prep, making sure you're really, really ready.
The authors begin with concise, to-the-point coverage of installing Windows XP Professional -- a topic that's very well represented on the MCSE exam. They review XP's upgrade paths (more limited than Windows 2000), and present a pre-upgrade checklist (checking hardware and software compatibility, ensuring that application update packs are available if necessary, and so forth).
Next, they walk through using Microsoft's tools for streamlining installation of multiple PCs (for example, creating unattended answer files and uniqueness database files with Setup Manager; building Windows XP images with Sysprep; working with Microsoft's Remote Installation Services. There's coverage of troubleshooting failed installations, slipstreaming service packs, and more.
You'll also learn how to use Microsoft's improved tools for migrating user settings from earlier versions of Windows, including the User State Migration Tool and the Files and Settings Transfer Wizard. Whether you're upgrading one PC or a hundred, these are tools you need to be comfortable with.
Next, the authors turn to establishing, configuring, and managing resources in Windows XP Professional. You'll learn how to work with shared folders (and create them from the MMC Shared Folders snap-in); troubleshoot permissions and access problems; and manage and secure XP's IIS 5.1 web server. There's also a quick overview of Windows XP printing -- including a look at the Internet Printing Protocol, which enables users print over the Internet.
There's a full chapter on setting up, managing, and troubleshooting security accounts and policies: everything from Fast User Switching (disabled in domain environments) to group policies and Microsoft's new Resultant Set of Policy (RSoP) tool.
Next, the authors turn to managing user and desktop settings: user profiles and logon scripts; roaming; offline files and share points; customizing the desktop and Control Panel options; and the very handy MSCONFIG.EXE utility (which was available in Windows 98/Me but sorely missed in Windows 2000).
You'll find chapters on configuring and troubleshooting hardware; managing disk drives and volumes (including compression and encryption); networking and TCP/IP; remote access services; and more. There's also a solid walkthrough of Windows XP Professional's system monitoring, performance optimization, and recovery features -- including detailed coverage of Safe Mode, advanced startup options, and the Recovery Console.
This book's best feature is its sample exam questions, many of which offer realistic (and very challenging) scenarios.
A user wants to create a new shared folder on an NTFS drive, but can't find security or share permissions: why? And how do you fix it? You want to configure remote users' laptops to shut down if they can't log security events: how? You created a ZAP file for a legacy 16-bit application; now you want to assign it to everyone in the Marketing organizational unit, via group policies and Active Directory: how? You need to combine two Class C address ranges into one: how?
If you can answer questions like these, you can be pretty confident you're ready for whatever Microsoft's going to throw at you.
This is no massive tome: it's 450 distilled, downsized pages you can carry with you anywhere, the most time-efficient Windows XP Professional exam review guide we've seen so far. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
Read an Excerpt
Terms you'll need to understand:
Simple file sharing
Offline files/client-side caching
NT File System (NTFS)
Built-in security principals
Access control list (ACL)
Access control entry (ACE)
Taking ownership of objects
Internet Information Server (IIS)
Internet Printing Protocol (IPP)
Techniques you'll need to master:
Creating network shares
Configuring share permissions
Configuring options for offline files
Setting basic and advanced NTFS permissions
Viewing effective permissions
Learning how to turn on auditing
Installing and managing Internet Information Server
Connecting to printers over the Internet
Why do we have computer networks anyway? Well, they empower us to collaborate
on projects and share information with others, whether they're around the
corner or across the globe. If you're working on a Windows XP Professional
system that is connected to a network, you can share one or more of that
system's folders with other computers and users on that network. Drive
volumes and folders are not automatically shared for all users in Windows XP
Professional. Members of the Administrators group and the Power Users group,
discussed later in this chapter, are the only users who retain the rights to
create shared network folders.
Managing Access to Shared Folders
Windows XP Professional implements a new feature called Simple File Sharing,
which is enabled by default when the computer is stand-alone or a member of a
network workgroup. Simple File Sharing is disabled when the computer is a member
of a Windows domain. Simple File Sharing creates a Shared Documents folder,
inside of which it creates two subfolders, Shared Pictures and Shared Music.
Remote users who access a shared folder over the network always authenticate as
the Guest user account when Simple File Sharing is enabled. The Properties sheet
for a shared folder under Simple File Sharing configures both share permissions
and NTFS permissions (if the shared folder is stored on an NTFS volume)
simultaneouslyyou are not allowed to configure the two permissions
separately. For example, you cannot make a shared folder private, under Simple
File Sharing, unless the folder resides on an NTFS volume.
To turn off Simple File Sharing for a stand-alone system, or for a computer
that is a member of a workgroup, perform the following steps:
Open a window in either My Computer or Windows Explorer.
Click Tools|Folder Options from the menu.
Click the View tab.
Clear the Use Simple File Sharing (Recommended) checkbox under the
Advanced Settings section.
The Shared Documents, Shared Pictures, and Shared Music folders are not
available if the Windows XP Professional computer is a member of a Windows
Creating Shared Folders from My Computer or Windows Explorer
To share a folder with the network with Simple File Sharing disabled, you can
use My Computer or Windows Explorer and follow these steps:
Open a window in either My Computer or Windows Explorer.
Right-click the folder that you want to share and then select Sharing And
Security from the pop-up menu.
Click the Share This Folder button.
Type in a Share Name or accept the default name. Windows XP uses the
actual folder name as the default Share Name.
Type in a Comment, if you desire. Comments appear in the Browse list when
users search for network resources. Comments can help users to locate the proper
Specify the User Limit: Maximum Allowed or Allow This Number Of Users.
Windows XP Professional permits a maximum of 10 concurrent network connections
per share. Specify the Allow This Number Of Users option only if you need to
limit the number of concurrent users for this share to fewer than 10.
Click OK to create the shared folder. The folder now becomes available to
others on your network.
To remove a network share, right-click the shared folder and choose the
Sharing And Securiy option. Click the Do Not Share This Folder option button and
click OK. The folder will no longer be shared with the network.
The Security tab of an NTFS folder's properties dialog box is not
displayed when Simple File Sharing is enabled and the computer is not a member
of a Windows domain. To display the Security tab so that you can view and work
with NTFS permissions for folders and files, open a window in My Computer or
Windows Explorer and select Tools|Folder Options. Click the View tab and clear
the checkbox entitled Use Simple File Sharing (Recommended).
Creating Shared Folders from the Shared Folders MMC Snap-in
To share a folder with the network with Simple File Sharing disabled, you may
use the Shared Folders MMC snap-in from a custom console, or you can use the
Shared Folders snap-in as part of the Computer Management Console by following
Right-click the My Computer icon and select Manage, or open an empty
Microsoft Management Console window and add the Shared Folders snap-in for the
Expand the Shared Folders node and click Shares.
Right-click the Shares subnode and select New File Share.
Type the path and folder name in the Folder To Share box, or click Browse
to locate it.
Type a name for the share in the Share Name box, and optionally, type in
a Share Description.
Select one of the basic share permissions listed, or click Customize
Share And Folder Permissions to define your own share permissions. The default
selection is All Users Have Full Control. Remember, these are share permissions
that apply only to users accessing this share remotely over the networknot
NTFS security permissions!
Click Finish and then click Yes or No when prompted to create another
Generally, if you are working with shared folders residing on NTFS volumes,
it is a good idea to leave all share permissions at their default setting:
EveryoneFull Control. Use NTFS security permissions to specify access
control levels for both users and groups. By having only one set of permissions
to manage, security access levels are less confusing, and you avoid possible
conflicts with share permissions. In addition, NTFS security permissions apply
to both remote network users and local users, so users cannot circumvent
security permissions by logging on to the local computer.
To remove a shared folder from the Shared Folders snap-in, simply right-click
the shared folder and select Stop Sharing. Click Yes and the folder will no
longer be shared on the network.
Using Automatically Generated Hidden Shares
Windows XP Professional automatically creates shared folders by default each
and every time the computer is started. These default shares are often referred
to as hidden or administrative shares because a dollar sign ($) is appended to
their share names, which prevents the shared folder from being displayed on the
network Browse list; users cannot easily discover that these shares exist. When
users browse through the My Network Places window, for example, they cannot see
that such hidden shares even exist; Microsoft Windows Networking does not allow
hidden shares to be displayed. The default hidden network shares include the
C$, D$, E$, and so onOne share gets created for the root of
each available hard drive volume on the system.
ADMIN$This shares the %systemroot% folder with the network
(for example, C:\Windows).
IPC$This share is used for interprocess communications
(IPCs). IPCs support communications between objects on different computers over
a network by manipulating the low-level details of network transport protocols.
IPCs enable the use of distributed application programs that combine multiple
processes working together to accomplish a single task.
print$This share holds the printer drivers for the printers
installed on the local machine. When a remote computer connects to a printer
over the network, the appropriate printer driver is downloaded to the remote
Although you can temporarily disable hidden shares, you cannot delete them
without modifying the Registry (which is not recommended), because they get
re-created each time the computer restarts. You can connect to a hidden share,
but only if you provide a user account with administrative privileges along with
the appropriate password for that user account. Administrators can create their
own custom administrative (hidden) shares simply by adding a dollar sign to the
share name of any shared folder. Administrators can view all the hidden shares
that exist on a Windows XP Professional system from the Shared Folders MMC
Connecting to Shared Resources on a Windows Network
Users and network administrators have several options available to them for
connecting to shared network resources. These options include the following:
Type in a Universal Naming Convention (UNC) path from the
Start|Run dialog box in the format \\servername\sharename.
Navigate to the share from the My Network Places window.
Employ the net use command from a command prompt window.
If you want to connect to a shared folder named "samples" that
resides on a Windows computer named SALES7, click Start|Run, type
"\\SALES7\samples", and click OK. At this point, you are connected to
that shared resource, provided that you possess the proper user ID, password,
and security permissions needed to access the shared folder.
Connecting to Network Resources with the My Network Places Window
You can connect to a network share from My Network Places. To use the My
Network Places window, perform the following steps:
Click Start|My Network Places.
In the right-hand Network Tasks section, click the Add A Network Place
link, which reveals the Add Network Place Wizard.
Click Next, click Choose Another Network Location, and then click Next
Enter the Internet Or Network Address, or click Browse to locate the network
share by viewing the available network resources. You can connect to one
of the following types of resources:
A shared folder using the following syntax: \\server\share
A Web folder using the following syntax: http://webserver/share
An FTP site using the following syntax: ftp://ftp.domain.name
Click Next to enter a name for the network place or accept the default
Click Next again to view a summary of the Network Place that you are adding.
Click Finish to establish the connection to the shared folder, provided
that you have the proper permissions. A list of network resources to which
you have already connected is then displayed within the My Network Places
For Command-Line Junkies: The Net Share and Net Use Commands
You can create and delete shared folders from the command line instead of
using the GUI. Windows XP offers several Net commands that you use from the
command line. You can view all of the available Net commands by typing "Net
/?" at a command prompt window. To create a new shared folder, you simply
type "Net Share share_name=x:\folder_name", where share_name
represents the name you want to assign to the shared folder, x: represents the
drive letter where the folder resides, and folder_name represents the actual
name of the folder. For help with the various options and syntax of the Net
Share command, type "Net Share /?" at the command prompt.
You also have the option of connecting to network shares via the Net Use
command. For help with the various options and syntax of the Net Use command,
type "net use /?" at the command prompt. To connect to a remote
resource from the command line, follow these steps:
Open a command prompt window (click Start|All
Programs|Accessories|Command Prompt, or click Start|Run, type CMD, and click
At the command prompt, type "net use X: \\servername\sharename"
and press Enter, where X: is a drive letter that you designate (for example, net
use M: \\sales7\samples). If you possess the appropriate permissions for that
network share, you should see the message The Command Completed Successfully
displayed in your command prompt window.
Controlling Access to Shared Folders
When you, as a network administrator, grant access to shared resources over
the network, the shared data files become very vulnerable to unintentional, as
well as intentional destruction or deletion by others. This is why network
administrators must be vigilant in controlling data access security permissions.
If access permissions to shared folders are too lenient, shared data may become
compromised. On the other hand, if access permissions are set too stringently,
the users who need to access and manipulate the data may not be able to do their
jobs. Managing access control for shared resources can be quite challenging.
Shared Folder Properties: Configuring Client-Side Caching (Offline
By right-clicking a shared folder and selecting Sharing, you can modify some
of the shared folder's properties. You can specify whether network users
can cache shared data files on their local workstations. To configure offline
access settings for the shared folder, click the Caching button to display the
Cache Settings dialog box. The default is to allow caching of files whenever you
create a new shared folder. To disable this feature, you must clear the Allow
Caching Of Files In This Shared Folder checkbox in the Cache Settings dialog
box. If you allow caching of files for a shared folder, you must choose from
three options in the Caching Settings dialog box:
Automatic Caching Of DocumentsThis option relies on the
workstation and server computers to automatically download and make available
offline any opened files from the shared folder. Older copies of files are
automatically deleted to make room for newer and more recently accessed files.
To ensure proper file sharing, the server version of the file is always
Automatic Caching Of Programs And DocumentsThis setting is
recommended for folders that contain read-only data, or for application programs
that have been configured to be run from the network. This option is not
designed for sharing data files, and file sharing in this mode is not
guaranteed. Older copies of files are automatically deleted to make room for
newer and more recently accessed files.
Manual Caching Of DocumentsThis is the default caching
setting. This setting requires network users to manually specify any files that
they want available when working offline. This setting is recommended for
folders that contain user documents. To ensure proper file sharing, the server
version of the file is always opened.
Click OK in the Caching Settings dialog box after making any configuration
changes for offline access to the shared folder.
The default cache size is configured as 10 percent of the client computer's
available disk space. You can change this setting by selecting Tools|Folder
Options from the menu bar of any My Computer or Windows Explorer window. The
Offline Files tab of the Folder Options dialog box displays the system's
offline files settings, as shown in Figure
Figure 3.1 The Offline Files tab
of the Folder Options dialog box.
The Offline Files feature is also known as Client-Side Caching (CSC). The
default location on Windows XP computers for storage of offline files is
%systemroot%\CSC (for example, C:\Windows\CSC). You can use the Cachemov.exe
tool from the Windows 2000 Professional Resource Kit, or the Windows 2000 Server
Resource Kit to relocate the CSC folder onto a different drive volume. The
Cachemov.exe utility moves the CSC folder to the root of the drive volume that
is specified. After the CSC folder has been moved from its default location, all
subsequent moves place it in the root of the drive volumeCachemov.exe
never returns the folder to its original default location.
Shared Folder Permissions
In addition to the Caching button, located at the bottom of the Sharing tab
of a shared folder's Properties dialog box, is the Permissions button. The
caption next to this button reads To Set Permissions For Users Who Access This
Folder Over The Network, Click Permissions. However, these "share"
permissions are intended solely for backward-compatibility purposes; you should
actually avoid changing the default settings on share permissions
(Everyone:Allow Full Control) unless a share resides on a file allocation table
(FAT) or FAT32 drive volume, which provides no file system security. In most
circumstances, you should store all data and applications on NT File System
(NTFS) drive volumes. In fact, as a general rule, you should format (or convert)
all system drive volumes as NTFS. With the availability of third-party tools, as
well as the native Windows XP Recovery Console, which permit command-line access
to NTFS drives (even if the system won't boot), it's difficult to
argue against NTFS for all drives in Windows XP.
Microsoft has positioned the NTFS file system as the preferred file system
for Windows XP by making features such as security permissions, auditing, data
compression, data encryption, reparse points, multiple named data streams, and
Volume Shadow Copy Technology available only on NTFS drive volumes.
Network share permissions have their roots back in the days of Windows for
Workgroups 3.11, before Windows NT and NTFS. Share permissions provided a way
for administrators to control access to files for network users. Only three
permissions are available: Full Control, Change, and Read. These three
permissions can be explicitly allowed or denied. The default is Allow Full
Control for the Everyone group. For shared folders that reside on FAT or FAT32
drives, share permissions do offer some degree of access control for network
users. However, they provide no security for local access! Share permissions
apply only to access over the network; these permissions have absolutely nothing
to do with the underlying file system, which is why NTFS permissions are
preferred. If you have a mixture of share permissions and NTFS permissions on
the same folder, troubleshooting access control issues becomes more
difficultuse either share permissions or NTFS permissions, not both.