Welcomed to our very first Windows xp Maintains Class. In this Class your can know how to Maintains MicroSoft Windows XP.
Let’s Get Started:
Lesson 1: Explaining Windows XP
This lesson introduces the various editions of Windows XP, including Windows XP Pro-
fessional, Windows XP Home Edition, Windows XP Tablet PC Edition, Windows XP
Home Media Edition, and Windows XP 64-Bit Edition.
After this lesson, you will be able to:
Identify the available editions of Windows XP. ¦
Explain the differences between Windows XP editions. ¦
Estimated lesson time: 10 minutes
Available Windows XP Editions
There are a number of different editions of Windows XP, each of which is designed for
different users and computing devices. The following editions are part of the Windows
family:
Windows XP Professional Edition
¦
Windows XP Home Edition
¦
Windows XP Media Center Edition
¦
Windows XP Tablet PC Edition
¦
Windows XP 64-Bit Edition
¦
Windows XP Professional Edition
Windows XP Professional Edition is intended for computers that are part of a corporate
network, for the majority of computers on small networks, and for home users who
need certain advanced capabilities. Windows XP Professional sets the standard for
desktop performance, security, and reliability.
Windows XP Professional is also the focus of both this book and Exam 70-270: Install-
ing, Configuring, and Administering Microsoft Windows XP Professional .
Windows XP Home Edition
Windows XP Home Edition, which is intended for home users, simplifies many aspects
of networking and file management so that home users have a cleaner experience. In
particular, Windows XP Home Edition has the following limitations compared with
Windows XP Professional:
Computers running Windows XP Home Edition cannot join a domain.
Windows XP Home Edition does not support the use of NTFS or print permissions.
¦
Instead, Windows XP Home Edition supports only Simple File Sharing. You will
learn more about NTFS permissions in Chapter 8, “Securing Resources with NTFS
Permissions.” You will learn more about print permissions in Chapter 12, “Manag-
ing Printers and Documents.”
Windows XP Home Edition does not support the use of dynamic disks, which you
¦
will learn about in Chapter 10, “Managing Data Storage.”
Windows XP Home Edition does not support the Encrypting File System (EFS),
¦
which you will learn about in Chapter 10.
Windows XP Home Edition supports only one processor, whereas Windows XP
¦
Professional supports two processors.
Windows XP Home Edition does not include Internet Information Services.
¦
Windows XP Home Edition does not include Remote Desktop.
¦
Windows XP Home Edition does not provide Remote Installation Services (RIS)
¦
support (which you will learn about in Chapter 3, “Deploying Windows XP Pro-
fessional”).
Windows XP Media Center Edition
The Windows XP Media Center Edition 2004 operating system is available only on new
Media Center PCs—computers with special hardware features that enable users to con-
nect the computer as an integral part of a home entertainment system. Because of its
special requirements, Media Center PCs running Windows XP Media Center Edition are
available only from Microsoft PC manufacturer partners.
See Also For more information about Windows XP Media Center Edition, visit http://
www.microsoft.com/windowsxp/mediacenter/ .
Windows XP Tablet PC Edition
The Windows XP Tablet PC Edition operating system expands on Windows XP Profes-
sional, providing all the features and performance of Windows XP Professional, while
also providing additional capabilities designed to take advantage of a touch-screen
interface: pen input, handwriting recognition, and speech recognition.
Windows XP Tablet PC Edition offers users the efficiency and dependability of Win-
dows XP Professional. For developers, it offers a rich platform for creating new appli-
cations or extending their current applications to take advantage of Tablet PC
handwriting and speech capabilities.
See Also For more information about Windows XP Tablet PC Edition, visit http://
www.microsoft.com/windowsxp/tabletpc/ .
Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition, which provides support for the 64-bit computing
platforms, is designed to meet the demands of advanced technical workstation users
who require large amounts of memory and floating point performance in areas such as
mechanical design and analysis, 3D animation, video editing and composition, and sci-
entific and high-performance computing applications. One of the key differences
between the 64-bit and 32-bit platforms is that the 64-bit platform supports consider-
ably more system memory—up to 16 GB of physical RAM.
See Also For more information about Windows XP 64-Bit Edition, visit http://
www.microsoft.com/windowsxp/64bit/ .
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. Windows XP _________ Edition and Windows XP __________ Edition are avail-
able only on supported hardware devices and are not available as stand-alone
products. Fill in the blanks.
2. Which features supported in Windows XP Professional are not supported in Win-
dows XP Home Edition?
Lesson 2: Identifying Major Features of Windows XP
Service Pack 2
As part of a major effort to increase the security of desktop computers, in 2004,
Microsoft is releasing an update to Windows XP named Windows XP Service Pack 2 .
As with all Windows service packs, Windows XP Service Pack 2 includes all of the crit-
ical updates released for Windows XP to date. In addition, Service Pack 2 includes a
large number of new enhancements to Windows XP—enhancements aimed at increas-
ing the default level of security for the operating system.
In addition to a new Security Center that provides at-a-glance security status for a
computer, Service Pack 2 provides enhancements to the built-in software firewall in
Windows XP (now named Microsoft Windows Firewall), to the Automatic Updates fea-
ture, and to Microsoft Internet Explorer.
After this lesson, you will be able to
Determine whether Service Pack 2 is installed on a computer running Windows XP ¦
Professional.
Identify the major enhancements included in Windows XP Service Pack 2. ¦
Estimated lesson time: 20 minutes
How to Determine Whether Service Pack 2 Is Installed
Aside from simply looking for new enhancements to the interface (such as the Security
Center), you can determine whether Service Pack 2 (or any Service Pack, for that mat-
ter) is installed in one of two ways:
From the Start menu, right-click My Computer and click Properties. The General
¦
tab of the System Properties dialog box (in the System section) allows you to
know which version of Windows and which Service Pack is installed.
From the Start menu, click Run. In the Run dialog box, type winver.exe and click
¦
OK. The About Windows dialog box shows you the exact version of Windows
(including Service Pack), down to the build number.
Note This section presents an overview of the most important and obvious features of Win-
dows XP Service Pack 2. The procedures and discussions in this book assume that you have
Windows XP Service Pack 2 installed. You can learn more about Windows XP Service Pack 2
at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx .
You can download and install Service Pack 2 from the Windows Update site at
http://www.windowsupdate.com .
Lesson 2 Identifying Major Features of Windows XP Service Pack 2 1-9
Major Enhancements Included in Windows XP Service Pack 2
The major enhancements in Windows XP Service Pack 2 include Security Center, Auto-
matic Updates, Windows Firewall, and Internet Explorer. This section describes these
enhancements in detail.
Security Center
Security Center is an entirely new feature provided by Windows XP Service Pack 2. The
Security Center service runs as a background process in Windows XP and routinely
checks the status of the following components:
Windows Firewall Security Center detects whether Windows Firewall is enabled
or disabled. Security Center can also detect the presence of some third-party soft-
ware firewall products.
Automatic Updates Security Center detects the current Automatic Updates setting
in Windows XP. If Automatic Updates is turned off or not set to the recommended
settings, the Security Center provides appropriate recommendations.
Virus Protection Security Center detects the presence of antivirus software from
many third-party organizations. If the information is available, the Security Center
service also determines whether the software is up-to-date and whether real-time
scanning is turned on.
When Security Center is running, its presence is indicated by an icon in the notification
area on the Windows taskbar, as shown in Figure 1-1. When Security Center detects an
important security condition (such as improper settings), it displays a pop-up notice in
the notification area.
Figure 1-1 The Security Center icon in the notification area provides access to the Security Center F0 1 U S 0 1
window and aler ts the user to security conditions.
You can also double-click the Security Center icon in the notification area to open the
main Security Center window, shown in Figure 1-2. The Security Center window pro-
vides the following information:
Resources where you can learn more about security-related issues.
¦
An indication of whether Windows Firewall is enabled or disabled, as well as a
¦
shortcut for opening the Windows Firewall dialog box.
1-10 Chapter 1 Introduction to Windows XP Professional
The current configuration for Automatic Updates, as well as a link for changing
¦
Automatic Updates settings.
The current status of antivirus software installed on the computer. For some anti-
¦
virus products, Security Center can also determine whether the antivirus software
is up-to-date.
Additional shortcuts for opening the Internet Options and System dialog boxes.
¦
Figure 1-2 The Security Center window provides a central interface for managing security on a com- F0 1 U S 0 2 . bm p
puter running Windows XP.
Note If you are running firewall or antivirus software that is not detected by Security Center,
Security Center presents options for bypassing alerts for that component. If you see a Recom-
mendations button, you can use it to open a window that allows you to disable alerts or
research any appropriate third-party products.
Automatic Updates
Software updates help keep computers protected from new vulnerabilities that are dis-
covered (and new threats that are created) after the initial shipping of an operating sys-
tem. Updates are crucial to keeping computers secure and functioning properly.
Updates provided by Microsoft provide solutions to known issues, including patches
for security vulnerabilities, and updates to the operating system and some applications.
Windows XP features an automatic updating service named Automatic Updates that
can download and apply updates automatically in the background. Automatic Updates
Lesson 2 Identifying Major Features of Windows XP Service Pack 2 1-11
connects periodically to Windows Update on the Internet (or possibly to a Windows
Update Services server on a corporate network). When Automatic Updates discovers
new updates that apply to the computer, it can be configured to install all updates
automatically (the preferred method) or to notify the computer’s administrator (or
other users configured to receive notifications) that an update is available.
Windows XP Service Pack 2 provides several enhancements to the Automatic Updates
feature, including the following:
The latest version of Automatic Updates offers expanded support for Microsoft
¦
products, including Microsoft Office.
Previous versions of Automatic Updates could download only critical updates.
¦
Now Automatic Updates can download updates in the following categories: secu-
rity updates, critical updates, update roll-ups, and service packs.
Automatic Updates now prioritizes the download of available updates based on
¦
the importance and size of the updates. For example, if a large service pack is
being downloaded, and a smaller security update is released to address an exploit,
that security update will be downloaded more quickly than the service pack.
Automatic Updates is now more automated. The need for users to accept End-
¦
User License Agreements (EULAs) has been eliminated. Also, the user now has a
choice of whether to restart the computer following the installation of updates that
might require a restart. Updates that do require a restart can now be consolidated
into a single installation so that only one restart is required.
Real World A New Windows Update Site
A forthcoming update to the online Windows Update Web site will provide many
of the same features that Automatic Updates provides to users of Windows XP
Service Pack 2 who choose not to use Automatic Updates. These features include
the ability to download updates for Microsoft applications in addition to operating
system updates, to perform express installations that require minimal user input,
and to research updates more easily.
The Windows Update site offers a more hands-on approach to updating Windows than
Automatic Updates. If a user resists using the Automatic Updates feature, teach the user
to frequently visit the Windows Update site and perform an Express Install that scans
for, downloads, and then installs critical and security updates.
Windows Firewall
A firewall protects a computer from attacks originating outside the computer (specifi-
cally, the Internet) by blocking all incoming network traffic except that which you spe-
1-12 Chapter 1 Introduction to Windows XP Professional
cifically configure the firewall to allow through. Any computer connected directly to
any network—whether it is a stand-alone computer, a computer that provides Internet
Connection Sharing (ICS) services for other computers on a network, or even a com-
puter that is already on a network protected by perimeter firewalls—should have a fire-
wall enabled.
Previous versions of Windows XP include a software-based firewall named Internet
Connection Firewall (ICF). After installing Windows XP Service Pack 2, this firewall is
replaced by Windows Firewall. Windows Firewall is a stateful, host-based firewall that
drops all incoming traffic that does not meet one of the following conditions:
Solicited traffic (valid traffic that is sent in response to a request by the computer)
¦
is allowed through the firewall.
Excepted traffic (valid traffic that you have specifically configured the firewall to
¦
accept) is allowed through the firewall.
In addition to its new name, Windows Firewall also boasts a number of enhancements,
including the following:
Enabled by default Windows Firewall is now enabled by default on all network
connections. This includes LAN (wired and wireless), dial-up, and virtual private
network (VPN) connections that exist when Windows XP Service Pack 2 is
installed. When a new connection is created, Windows Firewall is also enabled by
default.
Global settings In Windows XP (prior to installing Windows XP Service Pack 2), ICF
settings must be configured individually for each connection. After installing Win-
dows XP Service Pack 2, Windows Firewall provides an interface for configuring
global settings that apply to all the connections of the computer. When you
change a global Windows Firewall setting, the change is applied to all the connec-
tions on which Windows Firewall is enabled. Of course, you can still apply con-
figurations to individual connections as well.
New interface In previous versions, ICF is enabled by selecting a single check box
on the Advanced tab of the Properties dialog box for a connection. A Settings but-
ton opens a separate dialog box, in which you can configure services, logging,
and Internet Control Message Protocol (ICMP) allowances. In Windows XP Service
Pack 2, the check box on the Advanced tab has been replaced with a Settings but-
ton that launches the new Windows Firewall Control Panel applet, which consol-
idates global and connection-specific settings, service, and ICMP allowances and
log settings in a single updated interface.
Prevent excepted traffic In previous versions, ICF is either enabled or disabled.
When enabled, solicited traffic and excepted traffic are allowed. When disabled,
all traffic is allowed. In Windows XP Service Pack 2, Windows Firewall supports a
Lesson 2 Identifying Major Features of Windows XP Service Pack 2 1-13
new feature that allows you to keep Windows Firewall enabled and also not allow
any exceptions; only solicited traffic is allowed. This new feature is intended to
create an even more secure environment when connecting to the Internet in a
public location or other unsecured location.
Startup security In previous versions, ICF becomes active on connections only
when the ICF/ICS service is started successfully. This means that when a computer
is started, there is a delay between when the computer is active on the network
and when the connections are protected with ICF. In Windows XP Service Pack 2,
a startup Windows Firewall policy performs stateful packet filtering during startup,
so that the computer can perform basic network tasks (such as contacting
Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]
servers) and still be protected.
!
Exam Tip Remember that the new Windows Firewall policy performs packet filtering during
Windows startup, meaning that connections are protected from the moment they become
active on the network.
Traffic source restrictions In previous versions, you could not apply firewall rules
based on Internet Protocol (IP) addresses. In Windows XP Service Pack 2, you can
configure Windows Firewall so that firewall rules apply to IP addresses (or IP
address ranges), meaning that only traffic from computers with valid IP addresses
is allowed through the firewall.
Create exceptions using application file names In previous versions, you config-
ure permitted traffic by specifying the Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP) ports used by a service or application. In Windows
XP Service Pack 2, you can also configure permitted traffic by specifying the file
name of the application. When the application runs, Windows Firewall monitors
the ports on which the application listens and automatically adds them to the list
of allowed incoming traffic.
Internet Explorer
Windows XP Service Pack 2 introduces a number of new security features to Internet
Explorer 6. As with the rest of the enhancements introduced with Windows XP Service
Pack 2, most of the updates to Internet Explorer are intended to provide better security.
Internet Explorer enhancements provided by Windows XP Service Pack 2 include the
following:
Information bar The Internet Explorer Information bar in Windows XP Service
Pack 2 replaces many of the common dialog boxes that prompt users for informa-
tion and provides a common area for displaying information. Notifications such as
blocked ActiveX installs, blocked pop-up windows, and downloads all appear in
1-14 Chapter 1 Introduction to Windows XP Professional
the Information bar, which appears below the toolbars and above the main brows-
ing window. Either clicking or right-clicking on the Information bar brings up a
menu that relates to the notification that is presented. A new custom security zone
setting allows users to change the settings of the Information bar for each security
zone, including the ability to disable the Information bar and return to using sep-
arate dialog boxes.
Pop-up blocker When Windows XP Service Pack 2 is installed, Internet Explorer
provides a pop-up blocker for blocking pop-up windows. Internet Explorer dis-
plays a notification in the Information bar when a pop-up is blocked. Clicking the
information bar allows you to show the blocked pop-up, allow all pop-ups on the
current site, and configure other settings.
File download prompt With Windows XP Service Pack 2 installed, Internet
Explorer presents a new dialog box when a user downloads a file, as shown in
Figure 1-3. The new dialog box displays publisher information for the file (if avail-
able) and a section with information on the risks of downloading the file.
F0 1 U S 0 3 . e ps
Figure 1-3 The Internet Explorer File Download dialog box provides more file information.
Add-on management With Windows XP Service Pack 2 installed, Internet Explorer
prompts users when add-on software tries to install itself into Internet Explorer.
Users can also view and control the list of add-ons that can be loaded by Internet
Explorer. Internet Explorer also attempts to detect crashes in Internet Explorer that
are related to add-ons. If an add-on is identified, this information is presented to
the user; the user can then disable the add-ons to prevent future crashes.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
Lesson 2 Identifying Major Features of Windows XP Service Pack 2 1-15
1. After Windows XP Service Pack 2 is installed, Internet Explorer combines many of
the common dialog boxes that prompt users for information into a common area
named the _______________. Fill in the blank.
2. Which of the following is true of Windows Firewall? Choose all that apply.
a. Windows Firewall is enabled by default.
b. Windows Firewall is disabled by default.
c. Windows Firewall must be configured individually for each connection.
d. Windows Firewall protects a network connection as soon as the connection is
active on the network.
Lesson Summary
You can determine whether Service Pack 2 is installed by viewing the General tab
¦
of the System Properties dialog box or by typing winver.exe in the Run dialog
box to open the About Windows dialog box.
Windows XP Service Pack 2 includes four major enhancements:
¦
Security Center, an entirely new feature, provides real-time status and alerts
for Windows Firewall, Automatic Updates, and some antivirus software.
Enhancements to Automatic Updates allow it to download updates for more
Microsoft products, download all types of updates, and prioritize update
importance.
Enhancements to Windows Firewall enable the firewall for each connection
by default, allow the inspection of traffic from the moment the connection
becomes active, and let you make global configuration settings for all connec-
tions.
Enhancements to Internet Explorer include a new Information bar that con-
solidates many user prompts, a pop-up blocker, and better add-on man-
agement.
1-16 Chapter 1 Introduction to Windows XP Professional
Lesson 3: Identifying Key Characteristics of Workgroups
and Domains
Windows XP Professional supports two types of network environments in which users
can share common resources, regardless of network size. A workgroup consists of a
number of peer-based computers, with each maintaining its own security. A domain
consists of servers that maintain centralized security and directory structures and work-
stations that participate in those structures.
After this lesson, you will be able to
Identify the key characteristics of workgroups and explain how they work. ¦
Identify the key characteristics of domains and explain how they work. ¦
Estimated lesson time: 15 minutes
How Workgroups Work
A Windows XP Professional workgroup is a logical grouping of networked computers
that share resources, such as files and printers. A workgroup is also called a peer-to-
peer network because all computers in the workgroup can share resources as equals
(peers) without requiring a dedicated server.
Each computer in the workgroup maintains a local security database, which is a list of user
accounts and resource security information for the computer on which it resides. Using a
local security database on each workstation decentralizes the administration of user
accounts and resource security in a workgroup. Figure 1-4 shows a local security database.
Windows Server
2003
Windows XP
Professional
Local security
database
Local security
database
Windows XP
Professional
Windows Server Local security
2003 database
Local security
database
Figure 1-4 A Windows XP Professional workgroup is also called a peer-to-peer network. F0 1 U S 0 4 . e ps
Lesson 3 Identifying Characteristics of Workgroups and Domains 1-17
Note A workgroup can contain computers running a ser ver operating system, such as Win-
dows Server 2003, as long as the server is not configured as a domain controller (in other
words, as long as no domain is present). In a workgroup, a computer running Windows Server
2003 is called a stand-alone server.
Because workgroups have decentralized administration and security, the following are
true:
A user must have a user account on a local computer if that user wants to log on
¦
to that computer locally (that is, by sitting down at that computer).
Any changes to user accounts, such as changing a user’s password or adding a
¦
new user account, must be made on each computer in the workgroup. If you for-
get to add a new user account to one of the computers in your workgroup, the
new user cannot log on to that computer and cannot access resources on it.
Workgroups provide the following advantages:
Workgroups do not require a domain controller to hold centralized security infor-
¦
mation, making workgroups much simpler to configure and manage.
Workgroups are simple to design and implement. Workgroups do not require the
¦
extensive planning and administration that a domain requires.
Workgroups provide a convenient networking environment for a limited number
¦
of computers in close proximity. However, a workgroup becomes impractical in
environments with more than 10 computers.
How Domains Work
A domain is a logical grouping of network computers that share a central directory
database. (See Figure 1-5.) A directory database contains user accounts and security
information for the domain. This database, which is known as the directory, is the data-
base portion of Active Directory service—the Windows 2003 directory service.
In a domain, the directory resides on computers that are configured as domain control-
lers. A domain controller is a server that manages all security-related aspects of user
and domain interactions, centralizing security and administration.
!
Exam Tip You can designate only a computer r unning Microsoft Windows 2000 Server or
Windows Server 2003 as a domain controller. If all computers on the network are running
Windows XP Professional, the only type of network available is a workgroup.
1-18 Chapter 1 Introduction to Windows XP Professional
Domain Domain
Replication
controller controller
Active Active
Directory Directory
Member
server
Client Client
computer computer
Figure 1-5 A Windows 2003 domain relies on Active Director y to provide user authentication. F0 1 U S 0 5 . e ps
A domain does not refer to a single location or specific type of network configuration.
The computers in a domain can share physical proximity on a small LAN or they can
be located in different corners of the world. They can communicate over any number
of physical connections, including dial-up connections, Integrated Services Digital Net-
work (ISDN) circuits, Ethernet networks, token ring connections, frame relay networks,
satellite links, and leased lines.
The benefits of a domain include the following:
Centralized administration because all user information is stored in the Active
¦
Directory database. This centralization allows users to manage only a single user
name and password, and enables domain administrators to control which users
can access resources on any computer that is a member of the domain.
A single logon process for users to gain access to network resources (such as file,
¦
print, and application resources) for which they have permissions. In other words,
you can log on to one computer and use resources on another computer in the
network as long as you have appropriate permissions to access the resource.
Scalability, so that you can create very large networks with hundreds or thousands
¦
of computers.
A typical Windows 2003 domain includes the following types of computers:
Domain controllers running Windows Server 2003 Each domain controller
stores and maintains a copy of Active Directory. In a domain, you create a user
account in Active Directory only once. When a user logs on to a computer in the
domain, a domain controller authenticates the user by checking the directory for
the user name, password, and logon restrictions. When there are multiple domain
controllers in a domain, they periodically replicate their directory information so
Lesson 3 Identifying Characteristics of Workgroups and Domains 1-19
that each domain controller has a copy of Active Directory. Domain controllers do
not maintain a local user database.
Member servers running Windows Server 2003 A member server is a server
that is a member of a domain, but is not configured as a domain controller. A
member server does not store directory information and cannot authenticate users.
Member servers provide shared resources such as shared folders or printers.
Client computers running Windows XP Professional or Windows 2000
Professional Client computers run a user’s desktop environment and allow the
user to gain access to resources in the domain.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. Which of the following statements about a Windows XP Professional workgroup
are correct? Choose all that apply.
a. A workgroup is also called a peer-to-peer network.
b. A workgroup is a logical grouping of network computers that share a central
directory database.
c. A workgroup is practical in environments with up to 100 computers.
d. A workgroup can contain computers running Windows Server 2003 as long as
the server is not configured as a domain controller.
2. What is a domain controller?
3. A directory database contains user accounts and security information for the
domain and is known as the __________________. This directory database is the
database portion of ______________________________, which is the Windows
2000 directory service. Fill in the blanks.
4. A(n) ____________ provides a single logon for users to gain access to network
resources that they have permission to access—such as file, print, and application
resources. Fill in the blank.
1-20 Chapter 1 Introduction to Windows XP Professional
Lesson Summary
To explain how workgroups work, you must know the following things:
¦
A Windows XP Professional workgroup is a logical grouping of networked
computers that share resources such as files and printers.
A workgroup is referred to as a peer-to-peer network because all computers
in the workgroup can share resources as equals (peers) without a dedicated
server.
Each computer in the workgroup maintains a local security database, which is
a list of user accounts and resource security information for the computer on
which it resides.
To explain how domains work, you must know the following things:
¦
A domain is a logical grouping of network computers that share a central
directory database containing user accounts and security information for the
domain.
This central directory database, known as the directory, is the database por-
tion of Active Directory service, which is the Windows 2003 directory service.
The computers in a domain can share physical proximity on a small LAN or
can be distributed worldwide, communicating over any number of physical
connections.
You can designate a computer running Windows Server 2003 as a domain
controller. If all computers on the network are running Windows XP Profes-
sional, the only type of network available is a workgroup.
Lesson 4 Logging On and Off Windows XP Professional 1-21
Lesson 4: Logging On and Off Windows XP Professional
This lesson explains the Welcome screen and the Enter Password dialog box, which are
the two options that you use to log on to Windows XP Professional. It also explains
how Windows XP Professional authenticates a user during the logon process. This
mandatory authentication process ensures that only valid users can gain access to
resources and data on a computer or the network.
After this lesson, you will be able to
Log on locally to the computer running Windows XP Professional. ¦
Identify how Windows XP Professional authenticates a user when the user logs on to a ¦
local computer or to a domain.
Create and use a password reset disk to recover a forgotten password. ¦
Run programs using different credentials than the cur rently logged-on user. ¦
Use Fast Logon Optimization. ¦
Log off or turn off a computer that is running Windows XP Professional. ¦
Identify the features of the Windows Security dialog box. ¦
Estimated lesson time: 15 minutes
How to Log On Locally to the Computer Running Windows XP
Professional
Windows XP Professional offers two options for logging on locally: the Welcome
screen and the Log On To Windows dialog box.
The Welcome Screen
By default, if a computer is a member of a workgroup, Windows XP Professional uses
the Welcome screen to allow users to log on locally, as shown in Figure 1-6. To log on,
click the icon for the user account you want to use. If the account requires a password,
you are prompted to enter it. If the account is not password-protected, you are logged
on to the computer. You can also use C +A +D at the Welcome screen to get TRL LT ELETE
the Log On To Windows dialog box. This dialog box enables you to log on to the
Administrator account, which is not displayed on the Welcome screen when other user
accounts have been created. To use C +A +D , you must enter the sequence TRL LT ELETE
twice to get the logon prompt.
1-22 Chapter 1 Introduction to Windows XP Professional
Figure 1-6 The Welcome screen is used by default on computers in workgroups. F0 1 U S 0 6 . e ps
See Also For more information about creating user accounts during installation, see Chap-
ter 2, “Installing Windows XP Professional.” For more information about setting up user
accounts (including turning on and off the Welcome screen), see Chapter 7, “Setting Up and
Managing User Accounts.”
A user can log on locally to either of the following:
A computer that is a member of a workgroup
¦
A computer that is a member of a domain but is not a domain controller
¦
Note Because domain controllers do not maintain a local security database, local user
accounts are not available on domain controllers. Therefore, a user cannot log on locally to a
domain controller.
The User Accounts program in the Control Panel includes a Change The Way Users Log
On Or Off task, which allows you to configure Windows XP Professional to use the Log
On To Windows dialog box instead of the Welcome screen.
The Log On To Windows Dialog Box
To use the Log On To Windows dialog box (shown in Figure 1-7) to log on locally to
a computer running Windows XP Professional, you must supply a valid user name; if
the user name is password-protected, you must also supply the password. Windows
Lesson 4 Logging On and Off Windows XP Professional 1-23
XP Professional authenticates the user’s identity during the logon process. Only valid
users can access resources and data on a computer or a network. Windows XP Profes-
sional authenticates users who log on locally to the computer at which they are seated;
a domain controller authenticates users who log on to a domain.
Figure 1-7 Use the Log On To Windows dialog box in domains or as an alternative to the Welcome F0 1 U S 0 7 . e ps
screen.
When a user starts a computer running Windows XP Professional that is configured to
use the Log On To Windows dialog box, an Options button also appears. Table 1-1
describes the options in the Log On To Windows dialog box for a computer that is part
of a domain.
Log On To Windows Dialog Box Options Table 1-1
Option Description
User Name A unique user logon name that is assigned by an administrator. To log on
to a domain with the user name, the user must have an account that
resides in the directory.
Password The password that is assigned to the user account. Users must enter a
password to prove their identity. Passwords are case sensitive. For secu-
rity purposes, the password appears on the screen as asterisks (*). To pre-
vent unauthorized access to resources and data, users must keep
passwords secret.
Log On To Allows the user to choose to log on to the local computer or to log on to
the domain.
Log On Using Permits a user to connect to a domain server by using dial-up networking.
Dial-Up Connection Dial-up networking allows a user to log on and perform work from a
remote location.
Shutdown Closes all files, saves all operating system data, and prepares the com-
puter so that a user can safely turn it off.
Options Toggles on and off between the Log On To option and the Log On Using
Dial-Up Connection option. The Options button appears only if the com-
puter is a member of a domain.
1-24 Chapter 1 Introduction to Windows XP Professional
Note If your computer is not part of a domain, the Log On To option is not available.
Windows XP Professional Authentication Process
To gain access to a computer running Windows XP Professional or to any resource on
that computer (whether the computer is configured to use the Welcome screen or the
Log On To Windows dialog box), you must provide a user name and possibly a pass-
word. (You will learn more about using passwords effectively in Chapter 7.)
The way Windows XP Professional authenticates a user depends on whether the user
is logging on to a domain or logging on locally to a computer (see Figure 1-8).
Logs on 1
Local
security
database
2
3
Access
token
Logging on
locally
Figure 1-8 Windows XP Professional grants an access token based on user credentials during the F0 1 U S 0 8 . e ps
authentication process.
The steps in the authentication process are as follows:
1. The user logs on by providing logon credentials—typically user name and pass-
word—and Windows XP Professional forwards this information to the security
subsystem of that local computer.
2. Windows XP Professional compares the logon credentials with the user informa-
tion in the local security database, which resides in the security subsystem of the
local computer.
3. If the credentials are valid, Windows XP Professional creates an access token for
the user, which is the user’s identification for that local computer. The access
token contains the user’s security settings, which allow the user to gain access to
the appropriate resources on that computer and to perform specific system tasks.
Note In addition to the logon process, any time a user makes a connection to a computer,
that computer authenticates the user and returns an access token. This authentication pro-
cess is invisible to the user.
Lesson 4 Logging On and Off Windows XP Professional 1-25
If a user logs on to a domain, Windows XP Professional contacts a domain controller
in the domain. The domain controller compares the logon credentials with the user
information that is stored in Active Directory. If the credentials are valid, the domain
controller creates an access token for the user. The security settings contained in the
access token allow the user to gain access to the appropriate resources in the domain.
How to Use a Password Reset Disk
A password reset disk allows a user to recover a user account when the user forgets
his or her password. You create a password reset disk using the Forgotten Password
Wizard, which you can start in the following ways:
If your computer is a member of a domain, press C +A +D to open the TRL LT ELETE ¦
Windows Security dialog box. Click Change Password, and then click Backup to
start the wizard.
If your computer is in a workgroup, and you are using a computer administrator
¦
account, open the User Accounts tool in Control Panel, click your account name,
and then click Prevent A Forgotten Password.
If your computer is in a workgroup, and you are using a limited account, open the
¦
User Accounts tool in Control Panel, and in the Relate Tasks section on the left
side of the window, click Prevent A Forgotten Password.
No matter which way you start the Forgotten Password Wizard, the wizard walks you
through the steps necessary to create a password reset disk. You can store your pass-
word reset key on any removable disk, including floppy (in which case you will need
one, blank, formatted 1.44 MB floppy disk) and universal serial bus (USB) flash drives.
War ning You can have only one password reset disk at a time. If you create a new disk,
any previous disk becomes invalid.
If you forget your logon password, you can use a password reset disk in one of the fol-
lowing ways:
If your computer is a member of a domain, simply try to log on to Windows by
¦
using an invalid password. In the Logon Failed dialog box that appears, click
Reset to start the Password Reset Wizard, which will walk you through the
recovery process.
If your computer is a member of a workgroup, on the Windows XP logon
¦
screen, click the user name that you want to use to make the Type Your Pass-
word box appear. Press E or click the right arrow button. In the pop-up NTER
error message that appears, click Use Your Password Reset Disk to start the
Password Reset Wizard.
1-26 Chapter 1 Introduction to Windows XP Professional
How to Run Programs with Different User Credentials
Windows XP Professional allows you to run programs using user credentials that are
different from the currently logged-on user. Using different credentials is useful if you
are troubleshooting a user’s computer and do not want to log off and log back on
using administrative permissions just to perform a troubleshooting task or run a partic-
ular program. Using this method is also more secure than logging on to a user’s com-
puter with administrative credentials.
Running a program with different credentials in Windows XP Professional relies on a
built-in service named the Secondary Logon service . This service must be running
(and it is by default on computers running Windows XP) to run a program with alter-
nate credentials.
To determine whether the Secondary Logon service is running (and enable the service
if it is not running), follow these steps:
1. Log on to the computer as Administrator or as a user with administrative permis-
sions.
2. From the Start menu, click Control Panel.
3. In the Control Panel window, click Performance and Maintenance.
4. In the Performance and Maintenance window, click Administrative Tools.
5. In the Administrative Tools window, double-click Services.
6. In the Services window, locate the Secondary Logon service on the list of Services.
7. If the status for the Secondary Logon service is listed as Started, the service is
enabled, and you can close the Services window. If the status is listed as Manual
or Disabled, right-click the Secondary Logon service and click Properties.
8. On the General tab of the Secondary Logon Properties dialog box, on the Startup
type drop-down list, click Automatic.
9. In the Service Status section, click Start.
10. Click OK to close the Secondary Logon Properties dialog box, and then close the
Services window.
If the Secondary Logon service is running, you can run a program using different user
credentials than the currently logged-on user. On the Start menu, right-click the short-
cut for the program you want to run. On the shortcut menu, click Run As. In the Run
As dialog box that opens, you can run the program as the current user, or you can
enter an alternative user name and password. Microsoft recommends logging on with
a limited user account and using this technique to run applications that require admin-
istrative privileges.
Lesson 4 Logging On and Off Windows XP Professional 1-27
The Purpose of Fast Logon Optimization
Windows XP Professional includes a feature named Fast Logon Optimization. Enabled
by default, this feature allows existing users to log on by using cached credentials
instead of waiting for the network to become fully initialized before allowing logon.
This features enables faster logons from the user perspective. Group Policy and other
settings are applied in the background after logon and after the network is initialized.
Fast Logon Optimization is always turned off in the following situations:
The first time a user logs on to a computer
¦
When a user logs on using a roaming profile, a home directory, or a user logon
¦
script (you will learn more in Chapter 7)
How to Log Off Windows XP Professional
To log off a computer running Windows XP Professional, click Start and then click Log
Off. Notice that the Start menu, shown in Figure 1-9, also allows you to turn off the
computer.
Figure 1-9 The Start menu provides a way to log off Windows XP Professional. F0 1 U S 0 9 . e ps
Features of the Windows Security Dialog Box
The Windows Security dialog box provides information such as the user account cur-
rently logged on, and the domain or computer to which the user is logged on. This
1-28 Chapter 1 Introduction to Windows XP Professional
information is important for users with multiple user accounts, such as a user who has
a regular user account as well as a user account with administrative privileges.
If a computer running Windows XP Professional is joined to a domain (or if the Wel-
come screen is disabled even when the computer is a member of a workgroup), you
can access the Windows Security dialog box by pressing C +A +D at any time TRL LT ELETE
while Windows is running. If the Welcome screen is enabled, pressing
C +A +D activates Task Manager instead. Figure 1-10 shows the Windows TRL LT ELETE
Security dialog box, and Table 1-2 describes the Windows Security dialog box options.
Figure 1-10 Use the Windows Security dialog box for many security activities. F0 1 U S 1 0 . e ps
The Windows Security Dialog Box Options Table 1-2
Option Description
Lock Computer Allows users to secure the computer without logging off. All programs
remain running. Users should lock their computers when they leave for a
short time. The user who locks the computer can unlock it by pressing
C +A +D and entering the valid password. An administrator can TRL LT ELETE
also unlock a locked computer. This process logs off the current user.
Whether the Windows Security dialog box is available or not, you can also
press W K +L to immediately lock the computer. INDOWS EY
Log Off Allows a user to log off as the current user and close all running pro-
grams, but leaves Windows XP Professional running. You can also log off
Windows by choosing Log Off from the Start menu.
Shut Down Allows a user to close all files, save all operating system data, and prepare
the computer so that it can be safely turned off. You can also log off Win-
dows by choosing Turn Off Computer from the Start menu.
Change Password Allows a user to change his or her user account password. The user must
know the current password to create a new one. This is the only way
users can change their own passwords. Administrators can also change
the password.
Lesson 4 Logging On and Off Windows XP Professional 1-29
The Windows Security Dialog Box Options Table 1-2
Option Description
Task Manager Provides a list of the programs that are running and a summary of overall
central processing unit (CPU) and memory usage, as well as a quick view
of how each program, program component, or system process is using the
CPU and memory resources. Users can also use Task Manager to switch
between programs and to stop a program that is not responding. You can
also access Task Manager by right-clicking any open space on the taskbar
and clicking Task Manager.
Cancel Closes the Windows Security dialog box.
Practice: Creating a Password Reset Disk
In this practice, you will create a password reset disk. Complete either Exercise 1 or
Exercise 2. If you are working on a computer that is a member of a domain, use the
steps in Exercise 1 to create the disk. If you are working on a computer that is a mem-
ber of a workgroup, use the steps in Exercise 2 to create the disk. For either exercise,
you will need a blank, formatted, 1.44-MB floppy disk.
Exercise 1: Creating a Password Reset Disk on a Computer That Is a Member of a
Domain
1. Log on as the user for whom you are creating a password reset disk.
2. Press C +A +D . TRL LT ELETE
3. In the Windows Security dialog box, click Change Password.
4. In the Change Password dialog box, click Backup.
5. On the Welcome page of the Forgotten Password Wizard, click Next.
6. On the Create A Password Reset Disk page, make sure that the correct floppy
drive is selected; ensure that a blank, formatted, 1.44-MB floppy disk is inserted in
the drive; and then click Next.
7. On the Current User Account Password page, type the current password for the
account, and then click Next.
8. After Windows writes the key information to the disk, click Next.
9. Click Finish. Remove the disk, label it, and store it in a secure location. If an
attacker gains access to this disk, he can log on to your computer without a pass-
word.
1-30 Chapter 1 Introduction to Windows XP Professional
Exercise 2: Creating a Password Reset Disk on a Computer That Is a Member of a
Workgroup
1. Log on as the user for whom you are creating a password reset disk.
2. From the Start menu, click Control Panel.
3. In the Control Panel window, click User Accounts.
4. In the User Accounts window, click the account you want to use if you are logged
on as an Administrator. Otherwise, continue to the next step.
5. In the Related Tasks section, click Prevent A Forgotten Password.
6. On the Welcome page of the Forgotten Password Wizard, click Next.
7. On the Create A Password Reset Disk page, make sure that the correct floppy
drive is selected; ensure that a blank, formatted, 1.44 MB floppy disk is inserted in
the drive; and then click Next.
8. On the Current User Account Password page, type the current password for the
account, and then click Next.
9. After Windows writes the key information to the disk, click Next.
10. Click Finish. Remove the disk and label it.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. What can you do when you log on locally to a computer, and what determines
what you can do when you log on locally to a computer?
Lesson 4 Logging On and Off Windows XP Professional 1-31
2. What is the main difference in the authentication process for logging on locally to
a computer and logging on to a domain?
3. Which of the following computers can a user log on to locally? Choose all that
apply.
a. A computer running Windows XP Professional that is in a workgroup
b. A computer running Windows XP Professional that is in a domain
c. A computer running Windows Server 2003 that is configured as a domain
controller
d. A computer running Windows Server 2003 that is a member server in a
domain
4. Which of the following statements about the Windows Security dialog box are cor-
rect? Choose all that apply.
a. You can access it by pressing C +A +D . TRL LT ELETE
b. The dialog box tells you how long the current user has been logged on.
c. The dialog box allows you to log off the computer or domain.
d. The dialog box allows a user with administrative permissions to change other
users’ passwords.
Lesson Summary
By default, Windows XP Professional uses the Welcome screen to allow users to
¦
log on locally to the computer. You can configure Windows XP Professional to use
the Log On To Windows dialog box instead of the Welcome screen. When a user
logs on, she can log on to the local computer; if the computer is a member of a
domain, the user can log on to the domain.
When a user logs on locally, the local computer does the authentication. When a
¦
user logs on to a domain, a domain controller must do the authentication. In a
workgroup environment, an access token is the user’s identification for that local
computer, and it contains the user’s security settings. These security settings allow
the user to gain access to the appropriate resources on that computer and to per-
form specific system tasks.
1-32 Chapter 1 Introduction to Windows XP Professional
An administrator or a user can create a password reset disk for a user that allows
¦
the user to recover a forgotten password and log on to Windows XP Professional.
Instead of logging on as Administrator, you can specify administrative credentials
¦
when you run a program no matter what user account you are logged on with.
This provides a way to run programs that requires administrative rights without
the risks associated with logging on using an Administrator account.
Fast Logon Optimization allows existing users to log on by using cached creden-
¦
tials instead of waiting for the network to become fully initialized before allowing
logon. This features enables faster logons from the user perspective.
You can log off Windows XP (and should whenever you leave your computer for
¦
an extended period) by using the Log Off command on the Start menu.
The Windows Security dialog box allows you to lock your computer, change your
¦
password, log off your computer, shut down your computer, and access Task
Manager.
Case Scenario Exercises
Read the following two scenarios and answer the associated questions. You can use
the scenarios to help determine whether you have learned enough to move on to the
next chapter. If you have difficulty completing this work, review the material in this
chapter before beginning the next chapter. You can find answers to these questions in
the “Questions and Answers” section at the end of this chapter.
Scenario 1.1
You are working as an administrator who supports users by telephone. One of your
users says that she has recently installed Windows XP Professional on her home com-
puter, which she uses to connect to her company’s corporate network. She is used to
having to press C +A +D to log on to Windows, but instead her new computer TRL LT ELETE
shows a Welcome screen with her user name listed. She would feel more comfortable
using the Log On To Windows dialog box instead of the Welcome screen. How should
you configure the computer?
Troubleshooting Lab 1-33
Scenario 1.2
You are an administrator for a corporate network that runs a Windows Server 2003–
based domain. All client workstations run Windows XP Professional. A user complains
to you that when he logs on to his computer, his desktop does not look right and he
cannot access any network resources. What do you suspect might be the problem?
Troubleshooting Lab
Using what you have learned in this chapter, provide the following information about
your own computer:
What edition of Windows XP are you running?
¦
Which Service Pack, if any, is applied to your installation of Windows XP? What
¦
tools can you use to determine which one you have?
Is your computer a member of a workgroup or a domain? What is the name of the
¦
workgroup or domain?
If your computer is a member of a domain, can you also log on to your computer
¦
locally?
Chapter Summary
The Windows XP family includes Windows XP Professional Edition, Windows XP
¦
Home Edition, Windows XP Media Center Edition, Windows XP Tablet PC Edition,
and Windows XP 64-Bit Edition. Features provided in Windows XP Professional
that are not provided in Windows XP Home Edition include dynamic disks,
Remote Desktop, NTFS and print permissions, EFS, domain membership, dual
processors, and IIS.
You can determine whether Service Pack 2 is installed by viewing the General tab
¦
of the System Properties dialog box or by typing winver.exe in the Run dialog
box to open the About Windows dialog box. Enhancements provided by Service
Pack 2 include:
Security Center provides real-time status and alerts for Windows Firewall,
Automatic Updates, and some antivirus software.
Enhancements to Automatic Updates allow it to download updates for more
Microsoft products, download all types of updates, and prioritize update
importance.
1-34 Chapter 1 Introduction to Windows XP Professional
Enhancements to Windows Firewall enable the firewall for each connection
by default, allow the inspection of traffic from the moment the connection
becomes active, and let you make global configuration settings for all connec-
tions.
Enhancements to Internet Explorer include a new Information bar that con-
solidates many user prompts, a pop-up blocker, and better add-on manage-
ment.
A computer running Windows XP Professional can be a member of two types of
¦
networks: a workgroup or a domain. You can designate a computer running Win-
dows Server 2003 as a domain controller. If all computers on the network are run-
ning Windows XP Professional, the only type of network available is a workgroup.
Features of workgroups and domains include:
A Windows XP Professional workgroup is a logical grouping of networked
computers that share resources such as files and printers. A workgroup is
referred to as a peer-to-peer network because all computers in the work-
group can share resources as equals (peers) without a dedicated server. Each
computer in the workgroup maintains a local security database, which is a list
of user accounts and resource security information for the computer on
which it resides.
A domain is a logical grouping of network computers that share a central
directory database containing user accounts and security information for the
domain. This central directory database is known as the directory; it is the
database portion of Active Directory service, which is the Windows 2003
directory service. The computers in a domain can share physical proximity on
a small LAN or can be distributed worldwide, communicating over any num-
ber of physical connections.
By default, Windows XP Professional uses the Welcome screen to allow users to
¦
log on locally to the computer. You can configure Windows XP Professional to use
the Log On To Windows dialog box instead of the Welcome screen. When a user
logs on, he can log on to the local computer; if the computer is a member of a
domain, the user can log on to the domain.
When a user logs on locally, the local computer does the authentication.
When a user logs on to a domain, a domain controller must do the authenti-
cation.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Exam Highlights 1-35
Key Points
The new Windows Firewall policy performs packet filtering during Windows
¦
startup, meaning that connections are protected from the moment they become
active on the network.
You can designate only a computer running Microsoft Windows 2000 Server or
¦
Windows Server 2003 as a domain controller. If all computers on the network are
running Windows XP Professional, the only type of network available is a work-
group.
Key Terms
access token An object that describes the security context for a user. When a user
logs on, Windows verifies the user’s credentials. After the user is authenticated,
Windows assigns an access token that defines the user’s rights and permissions.
Active Directory A directory structure that allows any object on a network to be
tracked and located. Active Directory is the directory service used in Windows
2000 Server and Windows Server 2003. Active Directory provides the foundation
for Windows-based distributed networks.
Automatic Updates A Windows service that scans for, downloads, and installs avail-
able updates for Windows XP and other Microsoft programs.
domain A group of computers that consists of servers that maintain centralized secu-
rity and directory structures, and workstations that participate in those structures.
domain controller A server in an Active Directory domain that stores a copy of the
Active Directory database and runs the Active Directory service.
member server A server that is a member of an Active Directory domain but is not
a domain controller.
password reset disk A disk that allows a user to recover a user account when the
user forgets her password.
Secondary Logon service A service that allows a user to run a program (by using
the Run As command) with credentials different from the currently logged-on
user.
Security Center A software interface that provides at-a-glance security status for a
computer, including information on Windows Firewall, Automatic Updates, and
antivirus software.
stand-alone server A computer running Windows Server 2003 or Windows 2000
Server that is a member of a workgroup.
Windows Firewall A software-based firewall built in to Windows XP Service Pack
2 that replaces the ICF built into Windows XP prior to Service Pack 2.
1-36 Chapter 1 Introduction to Windows XP Professional
Windows XP Service Pack 2 An update that includes all the critical updates
released for Windows XP to date. In addition, Service Pack 2 includes a large num-
ber of new enhancements to Windows XP—enhancements aimed at increasing
the default level of security for the operating system.
workgroup A group of computers that consists of a number of peer-based comput-
ers, each of which maintains its own security.
Questions and Answers 1-37
Questions and Answers
Lesson 1 Review
1. Windows XP _________ Edition and Windows XP __________ Edition are avail-
Page
able only on supported hardware devices and are not available as stand-alone 1-6
products. Fill in the blanks.
Tablet PC and Media Center
2. Which features supported in Windows XP Professional are not supported in Win-
dows XP Home Edition?
Features provided in Windows XP Professional that are not provided in Windows XP Home Edi-
tion include dynamic disks, Remote Desktop, NTFS and print permissions, EFS, domain mem-
bership, dual processors, and IIS.
Lesson 2 Review
1. After Windows XP Service Pack 2 is installed, Internet Explorer combines many of
Page
the common dialog boxes that prompt users for information into a common area 1-14
named the _______________. Fill in the blanks.
Information bar
2. Which of the following is true of Windows Firewall? Choose all that apply.
a. Windows Firewall is enabled by default.
b. Windows Firewall is disabled by default.
c. Windows Firewall must be configured individually for each connection.
d. Windows Firewall protects a network connection as soon as the connection is
active on the network.
A and D are correct. Windows Firewall is enabled by default and begins protecting a network
connection as soon as the connection is active on the network. B is not correct because Win-
dows Firewall is enabled by default. C is not correct because you can configure global settings
for Windows Firewall that affect all connections (although you can configure connections indi-
vidually if you want to).
Lesson 3 Review
1. Which of the following statements about a Windows XP Professional workgroup
Page
are correct? Choose all that apply. 1-19
a. A workgroup is also called a peer-to-peer network.
b. A workgroup is a logical grouping of network computers that share a central
directory database.
1-38 Chapter 1 Introduction to Windows XP Professional
c. A workgroup is practical in environments with up to 100 computers.
d. A workgroup can contain computers running Windows Server 2003 as long as
the server is not configured as a domain controller.
A and D are correct. A is correct because in a workgroup, computers act as equals (or peers),
and the arrangement is also called a peer-to-peer network. D is correct because computers r un-
ning a server product might be par t of a wor kgroup (such computers are called stand-alone
servers) as long as no server is acting as a domain controller. B is not correct because each
computer in a workgroup maintains its own security database instead of relying on a central-
ized security database. C is not correct because a workgroup begins to become impractical
with more than 10 workstations—not 100 workstations.
2. What is a domain controller?
A domain controller is a computer running Windows 2000 Server that is configured as a domain
controller so that it can manage all security-related aspects of user and domain interactions.
3. A directory database contains user accounts and security information for the
domain and is known as the __________________. This directory database is the
database portion of ______________________________, which is the Windows
2000 directory service. Fill in the blanks.
directory, Active Director y service
4. A(n) ____________ provides a single logon for users to gain access to network
resources that they have permission to access—such as file, print, and application
resources. Fill in the blanks.
domain
Lesson 4 Review
1. What can you do when you log on locally to a computer, and what determines
Page
what you can do when you log on locally to a computer? 1-30
When you log on locally to a computer, you can access the appropriate resources on that com-
puter and you can perform specific system tasks. What you can do when logged on locally to a
computer is determined by the access token assigned to the user account you used to log on.
The access token is your identification for that local computer; it contains your security set-
tings. These security settings allow you to access specific resources on that computer and to
perform specific system tasks.
2. What is the main difference in the authentication process for logging on locally to
a computer and logging on to a domain?
When you log on locally to a computer, its security subsystem uses the local security database
to authenticate the user name and password you entered. When you log on to a domain, a
domain controller uses the directory to authenticate the user name and password you entered.
Questions and Answers 1-39
3. Which of the following computers can a user log on to locally? Choose all that
apply.
a. A computer running Windows XP Professional that is in a workgroup
b. A computer running Windows XP Professional that is in a domain
c. A computer running Windows Server 2003 that is configured as a domain
controller
d. A computer running Windows Server 2003 that is a member server in a
domain
A, B, and D are correct. C is not correct because domain controllers do not maintain a local
security database, so you cannot log on locally to a domain controller.
4. Which of the following statements about the Windows Security dialog box are cor-
rect? Choose all that apply.
a. You can access it by pressing C +A +D . TRL LT ELETE
b. The dialog box tells you how long the current user has been logged on.
c. The dialog box allows you to log off the computer or domain.
d. The dialog box allows a user with administrative permissions to change other
users’ passwords.
A and C are correct. B is not correct because the Windows Security dialog box does not tell you
how long you have been logged on. D is not correct because the Windows Security dialog box
does not allow you to change other users’ passwords.
Case Scenario Exercises: Scenario 1.1
You are working as an administrator who supports users by telephone. One of your
Page
users says that she has recently installed Windows XP Professional on her home com- 1-32
puter, which she uses to connect to her company’s corporate network. She is used to
having to press C +A +D to log on to Windows, but instead her new computer TRL LT ELETE
shows a Welcome screen with her user name listed. She would feel more comfortable
using the Log On To Windows dialog box instead of the Welcome screen. How should
you configure the computer?
In the Windows Control Panel, you should open the User Accounts tool. In the User
Accounts window, you should click Change The Way Users Log On Or Off, and then
clear the Use The Welcome Screen check box.
1-40 Chapter 1 Introduction to Windows XP Professional
Case Scenario Exercises: Scenario 1.2
You are an administrator for a corporate network that runs a Windows Server 2003–
Page
based domain. All client workstations run Windows XP Professional. A user complains 1-33
to you that when he logs on to his computer, his desktop does not look right and he
cannot access any network resources. What do you suspect might be the problem?
Most likely, the user is logging on to the workstation locally instead of logging on to
the domain.
The End of First Class
