Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details Windows XP Advanced Stuff - 3rd Session - 10 & 12 February, 2004 Developed by Ann Kennedy; slight modifications by John Sonderegger 1. Differences between Home and Professional editions - besides $$$$ 2. AntiVirus Programs 3. Spyware 4. Pop-Up Blockers 5. Trojan Removal Software 6. NTFS vs. FAT32 7. Files and Settings Transfer Wizard 8. Task Manager 9. Administrative Tools 10. Command Prompt - Reincarnation of DOS! 11. Networks 12. Wireless Security 13. Network File Sharing in XP Professional 14. Broadband Optimizer 15. Back Up Files 16. How to Make an Automatic System Recovery Backup 17. Restore 18. Encrypting and Recovering Encrypted Data 19. Firewire or IEEE 1394 - External Devices 1. Differences between Home and Professional editions - besides $$$$ When Windows XP was new, it was thought that no one would need "security" who was a home user. Each interactive user in SP Home is assumed to be a member of the Owners local group, which is the Windows XP equivalent of the Windows 2000/2003 Administrator account. Each person who logs on to a Home Edition machine has full control. The Power Users, Backup Operators and others are missing from Home Edition, and a new group, call Restricted Users, is added. Hidden administrative shares C$, etc. are also unavailable in Home Edition. Remote Desktop. XP Home can act as the client in a Remote Desktop session; only Pro can be the server. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details Multi-processor support. Windows XP Pro supports up to two microprocessors, while Home Edition supports only one. Automated System Recovery (ASR). In a controversial move, Microsoft has removed the Backup utility from the default Windows XP Home, though it is available as an optional installation if you can find it on the CD-ROM (hint: it's in the /valueadd folder). The reason for this is the integration of Microsoft's new Automated System Recovery tool into Backup. In Pro, ASR will help recover a system from a catastrophic error, such as one that renders the system unbootable. ASR-enabled backups are triggerable from XP setup, allowing you to return your system to its previous state, even if the hard drive dies and has to be replaced. While there is a Backup utility available for Home Edition, you cannot use ASR. FAX - Home Edition has no integrated fax functionality out of the box, though it is an option you can install from the XP Home CD. Internet Information Services/Personal Web Server. Home Edition does not include the IIS web server software found in Pro. Encrypting File System. Windows XP Pro supports the Encrypting File System which allows you to encrypt individual files or folders for local security (EFS is not enabled over a network). File-level access control. Any user with Administrator privileges can limit access to certain network resources, such as servers, directories and files, using access control lists. Only Windows XP Pro supports file-level access control, mostly because this feature is typically implemented through Group Policy Objects which are also not available in Home Edition. In networking, the following features are not included in Home: IP Security SNMP Simple TCP/IP services Network Monitor 2. Anti-Virus Programs A virus is a program or code that can copy itself and infect various parts of your computer software, such as programs, parts of your operating system, or a document. Most viruses just attach themselves to a file or sector on your computer and then copy themselves from file to file or sector to sector. However, some also damage your computer and files. A virus may contain a "payload", which inflicts extra damage on your computer. The payload can delete files from your computer, or lower your security settings, inviting further attacks. A worm is a program that makes copies of itself; it can copy itself from one disk drive to another, for example, or by using e-mail or some other transport mechanism. Worms are different from viruses in that they copy themselves from system to system. A worm could do damage and compromise the security of your computer. A worm can also contain a payload, acting like a virus. To protect your computer against these threats, it is strongly recommended that you run an anti-virus program on your computer. These programs scan e-mail and other files for viruses, worms, and Trojan horses. If a malicious program is found, the anti-virus program either quarantines the virus or deletes it entirely, before it damages your computer and files. Companies that manufacture antivirus programs may also provide regular updates for viruses. When your antivirus software is updated, information about new viruses is added to a list of viruses to Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details check for, protecting you from new attacks. It is recommended that you check for updates on a frequent basis because new viruses, worms, and Trojan horses are identified every day. Most antivirus programs have an automatic update capability. The program regularly checks for updated virus definitions and downloads them to your computer automatically. If the anti-virus program you are using requires a subscription, it is strongly recommended that you keep the subscription current to receive regular updates. If your virus definitions are out-of-date, this could leave your computer unprotected from new threats. The Computer Club uses Norton. McAfee (http://us.mcafee.com), F-Secure (http://f-secure.com) and F-Prot (http://f-prot.com) are three other well-respected products. Virus protection programs are generally charging in the neighborhood of $30 per year for a continual supply of recently discovered new virus profiles which are used to scan your files. John prefers F-Prot because they offer a site license for $30/yr (covers all the Windows computers in your house). 3. Spyware Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee. In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. The cookie is a well-known mechanism for storing information about an Internet user on their own computer. However, the existence of cookies and their use is generally not concealed from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site stores information about you in a cookie that you don't know about, the cookie mechanism could be considered a form of spyware. DoubleClick, a leading banner ad serving company, changed its plans to combine cookie information with database information from other sources to target ad campaigns directly to individuals without their permission. DoubleClick's current policy is not to collect "personally-identifiable" information about a user without their explicit permission or "opt-in." Aureate Media, which distributes free software on the Web in exchange for the right to gather user information, is another company that has been criticized for not plainly indicating what data it gathers and for making it difficult to remove its programming. Spyware is part of an overall public concern about privacy on the Internet. These instructions apply to browser hijack victims as well as anyone trying to get rid of a stubborn piece of spyware. The instructions are basically the same for each circumstance. The first thing you should do if your browser has been hijacked is to read the Hijacked article. 99% of all hijacks can be fixed by following the instructions in that article. We have a lot of experience here dealing with these things, and everything we've learned here that can be printed is there. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details http://www.spywareinfo.com/articles/hijacked/#removal For the brand new hijacks that are not covered by Spybot, Ad-aware and the rest, these people can walk you through getting it fixed and getting the files responsible targeted by these programs. Anyone who is willing to pay the annual fee to PestPatrol, can acquire a piece of software which removes all spyware each time it is run and can be updated with the latest spyware definitions. 4. Pop-Up Blockers Popup Killer is the name of free software designed to stop unwanted popup window ads as you surf the internet. On the internet today the number of annoying pop-up ads has literally exploded. You open one window and another one comes popping up, you close this new window and you just find yet another ad window popping up with only one purpose: To destroy your surfing experience and irritate you. Sometimes you even have to restart your computer and it makes you wonder if you have to buy a new computer to continue to enjoy the internet. Luckily, there is software on the market today that kills and stops popup ads. Different pop-up killers and stoppers have been tried in an attempt to find out which are the best ones on the market today. Some of the software tested simply takes too much control of your surfing: will not let you open new browser windows and will not let you follow links that open in a new window. If the popup window blocker takes to much control you will soon find this just as irritating as without any software installed. There is a selection of free popup blockers at www.webattack.com. Alternatively, the latest versions of Netscape, Mozilla, and Mozilla Firebird browsers have built-in popup blocking. Do a search in google or yahoo to locate the URLs. 5. Trojan Removal Software A Trojan horse is designed to trick you into thinking it is something you want, but which performs malicious acts when it runs. It is typically received through downloads from the Internet. Trojan horses do not spread by themselves, like viruses and worms can. Most virus protection programs only detect a limited number of Trojan horses. A Trojan horse is a program that infects your computer and allows a hacker to take control of your machine behind your back. A trojan infection can allow total remote access to your computer by a third party. Unlike virus and worms, trojans do not replicate themselves. To get infected you must, one way or another, have downloaded the program onto your computer. This most commonly occurs when you download a program that pretends to be one thing while it is actually another. Hence the origin of the "Trojan" name. Many people believe they are protected from trojans by their virus scanners. Unfortunately most virus scanners have only limited trojan detection capabilities. If you want serious protection you should install a specialized anti-trojan program in addition to your anti-virus scanner. Personnel at Tech Support Alert identified 42 currently available trojan remover programs. After a lot of culling and testing they ended up with only 6 recommended products and these are listed below. These reviews were originally carried out in mid 2002 but were totally redone in August 2003. All these products listed below, offer good protection against trojans and have powerful trojan removal capabilities. All would make valuable adjuncts to your anti-virus program and firewall in providing your PC with maximum protection against a hostile attack. There are recommendations on the products that impressed the most, but we suggest you read the Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details reviews and make your own decision. Without doubt, the best product is the one that best suits YOUR needs. Outstanding Anti-trojan Programs TDS-3 is the Editors Choice: Best for experienced users. If you want the highest level of protection against trojans that is currently available, then you need TDS3. However be prepared to pay for its extraordinary level of security in terms of product complexity and resource usage. TDS-3 is a reassuring product for experienced users but a daunting one for many others. Trojan Hunter is also an Editors Choice: Best for most users. Trojan Hunter's sophisticated multifaceted detection capabilities allow it to detect insidious modern trojans with an ease that is only bettered by TDS-3. Unlike TDS-3, it has an excellent user interface which means that it can be used even by inexperienced users. Add to that the fact that it's fast, technically sophisticated and is very well supported and you have a winning combination. "TDS-3 without the angst." Pest Patrol This program does a lot more than detect and remove trojans; it will also detect spyware, adware and a variety of other undesirable pests. Since we last looked at this product in 2002, it has improved markedly and is now an attractive option for those seeking broad spectrum detection rather than the highest level of protection. However if you want to detect the tools used to create trojans as opposed to the trojans themselves, then PestPatrol is easily the best product of those we reviewed. Used in this role, it is a valuable tool for IT departments for scrutinizing end users' PCs. Tauscan is a competent product with an excellent user interface. It would be well suited to the user who wants to combine good protection with ease of use. BoClean A simple to use, resource efficient monitor that offers first rate protection against trojans. However the lack of a disk file scanner means that this product is missing a vital additional layer of protection. For those prepared to trade convenience for ultimate protection, BoClean is still an attractive option. The Cleaner is an easy to use program with reasonable detection capabilities though well below that offered by TDS-3 or Trojan Hunter. It's slow scan speed may be also be a problem for some users and we have concerns too, about how regularly and effectively its trojan database is currently being updated. 6. NTFS vs. FAT32 The single most important disk decision you have to make on a Windows XP system is which file system to choose for each drive or volume. On a clean install, you face this choice during Windows Setup. On an upgrade from Windows 98 or Windows ME, Setup lets you choose whether to convert the file system used on your existing drive. And you face the issue all over again if you repartition an existing drive or add a second (or third or fourth) drive to an existing system. Windows 95,98/Me cannot recognize NTFS volumes. On multi-boot systems, it is essential that you use FAT32 for any local drives that you want to access when you boot the system using Windows 95, Windows 98 or Window Me. Note that this restriction does not apply to network access. Assuming you've set up sharing properly, other network users can access your shared folders from computers running any other version of Windows, regardless of the local disk format. By design, an NTFS volume can recover from disk errors more readily than an otherwise identical FAT32 drive. NTFS uses log files to keep track of all disk activity, and in the event of a system Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details crash, Windows XP can use this journal to repair file system errors automatically when the system is restarted. On partitions greater than 8GB in size, NTFS volumes manage space more efficiently than FAT32. The maximum partition size for a FAT32 drive created by Windows XP is 32 FB. Using NTFS you can create a single volume of up to 16 terabytes. If you want to prepare a disk with a FAT32 partition greater than 32 GB in size, boot from a startup disk prepared by Windows 98 or Windows Me and use Fdisk to create the partition before restarting Windows XP. For those interested in XP-Linux multi-boot systems, recent versions of linux will resize NTFS disks, and can "see" the files. John normally brings a notebook with XP professional and Mandrake Linux to show this. Have him use linux and play music from the XP NTFS C: drive. 7. Files and Settings Transfer Wizard This program is started by clicking on Start -> All Programs -> Accessories -> SystemTools -> Files and Settings Transfer Wizard. The program will tell you which applications must be installed from CD before you run the wizard on the "new" machine. Although this utility was designed to move all of your application data and settings from an old machine to a new one, it makes a surprisingly effective backup tool as well. It allows you to choose which settings and files you want to back up. You will find that this utility allows you to use removable media, which the Backup program does not. To back up your Favorite bookmarks, email files and address book, first you wish to indicate that this is the "old" computer; that you want to use a floppy disk or Other (removable media); then put a tick mark in "Let Me Select A Custom List of Files" and both Files and Settings; Internet Explorer, Outlook Express and My Documents and click on Add a File Type (file type wab) to copy your Address Book. If you have other files that are important to you, they can be added. To restore these files if you need to, put the CD in the drive, run the wizard and tell it that this is the "new" computer. 8. Task Manager - One of XP's Real Strengths If you click on a blank part of the taskbar at the bottom of the screen, you will bring up a menu for modifying toolbars, changing windows (cascading or tiling), locking the task bar and starting the Task Manager. If you press Control + Alt + Delete, you will get a menu that includes running the Task Manager. The task manager lets you see what processes are running, see both the CPU and network performance, and control or kill off programs. This is very valuable when you have a program which is frozen and won't shut down. You can also kill a program by selecting its tab on the task bar and pressing Alt + F4. No matter how you choose to eliminate a program which is not running (or responding), you may have to do it several times before the stubborn piece of software exits the system. If the entire machine freezes, however, hold down the power button for a slow count of six and reboot after another slow count of six. Brief discussion of processes, performance, networking, and users will occur in class; emphasis on showing what it does and discussing why you might use these tabs/features. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details 8.5 Discuss http://www.theeldergeek.com/ and http://www.blackviper.com/ [look at the XP Super Tweaks (found by selecting OS Guides and then scrolling down or clicking on XP Home), but KEEP system restore, just limit the size of the disk that it can use] etc. 9. Administrative Tools Microsoft Management Console (MMC) is an application that hosts administrative tools. It acts as host for one or modules called 'snap-ins.' The combination of MMC with one or more snap-ins is called an MMC console. Popular snap-ins are Computer Management, Device Manager, Disk Defragmenter, Disk Management (to manage partitions and volumes), the Event Viewer and Performance Logs and Alerts. Beware Services: Anyone who touches Services without a complete understanding of the internals of a Windows operating system would be well advised to perform a complete system backup before so much as looking at the list of services. Altering services improperly (read carelessly) will cause the operating system to become inoperable and cause a "disaster recovery" to be necessary. 10. Command Prompt - Reincarnation of DOS! To get to the command prompt, choose Start -> All Programs -> Accessories -> Command Prompt. Or, you can select Start -> Run ->; and type cmd into the window. You can open as many Command Prompt windows as you like. You might want to open two to see two directories in side-by-side windows. To close a window, type exit at the command prompt. You can run external MS-DOS commands, batch files and other executables, but Cmd includes a few additional internal commands. For a complete list of commands that can be used with Cmd, type Cmd into the Help and Support window. They are numerous, and will warm the heart of every DOS afficionado. 11. Networks 1. Ethernet/Fast Ethernet The original ethernet (10 base T) can transfer data at speeds up to 10 megabits per second. Fast ethernet (100 base T) can transfer data at 100 megabits per second. You can mix and match different speeds on different devices, and you do need ethernet cards, wires and plugs. If you have one computer to connect to the internet, you can use one cable from the ethernet card to the back of your internet modem. If you connect multiple computers through that modem, you need to connect the modem to a "router" or "hub", and connect each computer to that router. 2. Phone-Line Networks that comply with the Home Phone-line Networking Alliance standard closely resemble Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details ethernet networks and operate at ethernet speeds of roughly 10 megabits per second. Home PNA networks don't require a central connection point such as a hub; instead, they employ a daisy chain topology in which all network adapters communicate by plugging into existing telephone jacks and transmitting data on the same wires that carry telephone and fax signals. Further reading can be found at 222.homepna.org. 3. Power-line Power-line is much the same by using your existing 110 volt power lines that run through your house. Each of these require special hardware for your computer. Power-line is also very dangerous because of blackouts or brownouts caused mainly by storms and power fluctuations. 4. Firewire Please notice that each device connected to your machine with a firewire also called IEEE 1394) cable is displayed in the Network Connections box where you may configure its TCP/IP address much as you do any computer connected to your network. 5. Bluetooth Bluetooth is a wireless protocol and requires only a Bluetooth adapter for your computer. Bluetooth does not need an access point but the drawback is its short range of only about 30 ft and a much slower transfer rate. Bluetooth is expected to take over infrared ports but not quite replace other wireless technologies that offer a larger range. 6. Wireless In a wireless network you may have one or many "access points," also referred to as "hotspots." An access point is the term used for a router with wireless capabilities. It is connected (with cables) to an internet access modem. Either the entire network is wireless, or you can purchase a router to connect with both ethernet and wireless. The three major types of wireless are described below. 802.11a broadcasts on the 5 GHz frequency and can reach maximum speeds of 54 Mbps. 802.11b broadcasts on the 2.4 Ghz frequency and can reach maximum speeds of 11 Mbps. Any device operating in the 2.4 Ghz spectrum may cause network interference with a 802.11b wireless device. Some devices that may prove troublesome include 2.4 Ghz cordless phones, microwave ovens, adjacent public hot spots and neighboring 802.11b LANs. 802.11g is an alternative to 802.11a. It uses the 802.11b frequency and has the higher speed of 802.11a (54 Mbps). 12. Wireless Security Any terms that you don't understand will be explained in the reference manual included with your wireless router and at its manufacturer's web site. To add basic security to your system, you can and should configure Wireless Equivalent Privacy (WEP) on your network. WEP protects authorized users of a wireless network from eavesdroppers by encrypting the data flow between the networked computer and the access point. The WEP key is established first for the wireless router, and from there to the network cards. Basic security consists of the following steps by the network administrator: Change the default SSID (Service Set Identifier) and make it unique. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details Disable SSID broadcast and connect manually instead. Change the default password for the Administrator account. Enable MAC Address filtering. Every piece of hardware on every system in your network has an internal hardware address called a MAC address. If you allow each computer's MAC address individually, then a MAC address from a computer not in your list will be barred from access. Change the SSID periodically. Enable WEP 128-bit Encryption if this doesn't reduce your network performance unacceptably. Encryption comes in 64bit and 128bit key varieties. All your nodes must be at the same encryption level with the same key to operate. 40bit and 64bit encryption is the same thing; its just a matter of how the manufacturer decided to label the product. Often 128bit cards can often be placed in 40/64bit mode. Use the highest level of encryption possible. Use a "Shared" key. Use multiple WEP keys. Change the WEP encryption keys periodically. 13. Network File Sharing in XP Professional Because Windows XP Home Edition supports only Simple File Sharing, some of these remarks will be useful only to users of Windows XP Professional. There is "simple file sharing" and "classic sharing." With simple file sharing, sharing folders and printers is easy, but your configuration options are limited. Sharing a folder in this model requires selecting a single check box, and then Windows sets appropriate shared resource permissions and NTFS file permissions. But a share created this way is available to *all* network users. You cannot selectively set permissions for different user. With Simple File Sharing Windows uses the Guest account for all network logons. With Classic sharing, you can set varying permissions for individual users or groups, allowing full control to some, read-only access to some and locking out all others altogether. If you used share-level access in earlier Windows operating systems, Windows requested a password when a user tried to use shared resources. Windows did not try to determine who the user was, so anyone who had the password also had access. XP always uses user-level access control which means each shared resource allows access only by specified user accounts. To gain access to a shared resource over the network, a user must log on using an account that has access to the share. You cannot set a password for a particular folder or printer in Windows XP. All access is controlled by permissions granted to specified users. Classic sharing allows you to control who can access each resource and what permissions they have, but classic sharing is not available in Windows XP Home. By sharing a folder you enable other users to access the folder and its files directly from their own desktop. After a folder has been shared, the share is available to network users no matter who is logged on to your computer or even when nobody is logged on. Sharing is disabled on a clean installation of Windows XP. All computers that share with each other need to have the same workgroup name. In Home to enable simple file sharing go to the View tab in Folder Options. The last item in the box will be to enable or disable simple file sharing. Set up a user account for each person who needs access to the computer's shared resources. For each user, if you use the same user name and password on each computer on the network, users won't have to log on to each machine individually. Logging on to their local machine allows them to access all the resources for which they have permission. For each account you create, the user name and password must be identical on all other computers. Accounts that you intend to use for network access to shared folders must have a password. Except for the Guest account, Windows security prohibits network access by accounts with a blank password. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details To open a shared folder on another computer, double click its icon in My Network Places. If My Network Places doesn't contain a shortcut to the folder you want, click View Workgroup Computers or Microsoft Windows Network to navigate to it. If you have the proper permissions, this displays the folder's content in Windows Explorer. In Windows 98 or Windows Me, when a folder is shared, it can be protected with a password for read-only access, or full access, both or neither. Any network user can open any shared folder simply by double-clicking its icon in Windows Explorer. If the password for your user account matches the password assigned to the folder, the folder opens immediately. If not, Windows asks you to provide the password in a dialog box. Mapping a network folder makes it appear to Windows as though the folder is part of your own computer. Windows assigns the mapped folder a drive letter, making the folder appear like an additional hard drive. Because a mapped folder becomes a virtual drive on your local computer, an icon for the folder appears in the My Computer folder, right alongside your local drives. If you change your mind about mapping a network folder, simply right-click the folder's icon and choose Disconnect. To make a printer which is installed on your computer available over the network, open the Printers and Faxes folder (in the Control Panel or on your Start menu), right-click on the printer name and choose Properties. Simply click the Sharing tab, select Share This Printer, and provide a share name. To provide access for Windows 98 or Me users, click the Sharing tab in the printer's properties dialog box. Click Additional Drivers and then select each of the client types you want to support. When one of these clients connects to the printer for the first time, Windows automatically sets up the printer on the client system. 14. Broadband Optimizer This is not meant to be a Tylenol-inspiring, technical documentation, but merely a basic guide to understanding how you can best use this great tool (DRTCP). DRTCP: How do I use it, and what are all these settings? DRTCP works with Win95/98/98se/ME/2K/XP. DRTCP is not a patch, but a shortcut (GUI interface) into your registry. It does not enter anything by itself. You can down-load DRTCP here: <A HREF="http://www.dslreports.com/drtcp"> http://www.dslreports.com/drtcp</A> The following paragraphs are, more or less, a full explanation for what Dr. TCP does. The information is included here for those who want to seriously tune their broadband speed, but otherwise just skip down past all of the text in italics to the last paragraph; run the program and forget it. TCP Receive Window: This is where you set RWIN (RcvWindow). RWIN is the single most important tweak. Raising Rwin from default (8760 for Win95/98/98SE/NT and 17520 for WinME/2K/XP), can greatly improve download speeds. Why? Here is my kindergarten analogy: Default RWIN for broadband, is like having a tiny straw in a thick milk shake, only so much can get through the straw (line), so fast. By putting a larger straw (higher RWIN) in that same thick shake, you allow more shake (data) to come through faster, to a point that is. After which, there is no more improvement, and shake (data) can start spilling all over (packet loss). So the key is, to find an RWIN that fits your line just right. This is blank before changing Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details from default. The formula for finding your "ideal" RWIN, is to take your latency (average ping time in ms x 1.5), multiply that by your advertised (download) speed, and divide that by 8. Note: If setting RWIN below 8192, try using even multiples of MSS. Windows Scaling: 65535 is the highest RWIN you can use without Windows Scaling being turned on. So simply put, Scaling is needed to enter any number higher than 65535. However, you must also have the updated vtcp.386 patch (WinME/2K/XP does not need a patch). Relax though, most users do not need to go higher than 65535. Windows Scaling "Defaults" to off (same as No). Time Stamping: The need for this seems to be in question, at least with RWIN under 65535. If you have a line where latency varies a lot, or a "long fat pipe" (for example, pure satellite connection), then Time stamping should be beneficial, so experiment with it. Time Stamping "Defaults" to off (same as No). Selective Acks: This improves throughput (speed) on lines that tend to lose packets, by re-transmitting only packets that were lost, if any. "Defaults" to on (same as Yes) in Win98/98SE/ME/2K/XP and is N/A in Win95/NT. Path MTU Discovery: This automatically sets your MTU (maximum transmission unit) to what type of line you have (dial-up (576), broadband 1492-1500). This is the size of packets that you can receive. The highest MTU that one can have is 1500. For users with PPPoE connection software, 1492 and lower. Without PPPoE, it should default to 1500. "Defaults" to on (same as Yes) in Win98/98SE/ME/XP, and is N/A in Win95. Black Hole Detection: This discovers routers on the WEB that cause MTU Discovery to work sub-optimally. "Defaults" to off (same as No) in Win95/98/98SE/ME/2K/XP. Max. Duplicate ACKs: This allows for faster re-transmission of packets (information), when packet loss is encountered. "Defaults" to blank, where blank stands for 3 in Win98/98SE/ME, 2 in WinNT/2K/XP, and is N/A in Win95. TTL: Time To Live is the amount of hops (servers) that a transmission of packets will take before all packets are lost. If you were receiving packets from 20 hops away, and TTL was set to 19 or less, all packets would be lost before they reach you. Not a speed tweak. "Defaults" to blank, where blank stands for 32 in Win95, 128 in Win98/98SE/ME/2K/XP. Adapter settings: This is where you set your MTU. Use the drop-down menu to find your NIC (Ethernet card). If you do not know which adapter you should set, please ask. Do not set them all the same. (Note: If your MTU is 1500 by default, it will be blank in DRTCP. Also: Only physical NIC's supported for XP, no dial-up adapters. Note: DRTCP defaults to showing the dial-up adapter. This has nothing to do with the other settings. It does not matter which adapter is visible when setting anything except MTU. Also: Upon reboot the dial-up adapter will be showing, regardless of which adapters MTU was set. ICS Settings: Internet MTU is set when Internet Connection Sharing (a Microsoft program) is enabled and being used on your PC. This is where 2 or more PCs share the same Internet connection, though only one can surf at a time. ICS MTU should match that of the PC. This is grayed out if ICS is not being used (not ready for Win2K/XP). Great, so what should you set all of these to? Most users can leave all of them at Default except for Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details RWIN (surprise!), as this has been determined to be best, most of the time, thus being "Default". After making any changes, click Save, then Exit, then reboot (restart) your PC. Use the Tab button on your keyboard to move about DRTCP. If you do not reboot, the settings will not "take". 15. Back Up Files Windows XP includes an enhanced version of the powerful Backup utility. If you're running Home, you won't find it. To install Backup Utility, you need your Windows XP Home Edition CD. Use Windows Explorer to open the Valueadd\Msft\Ntbackup folder, and then double-click Ntbackup.msi If your computer came with only a "system recovery" CD instead of a full Windows CD, finding Ntbackup.msi is not as easy. Look on the CD that was furnished and on any additional hard disk partitions set up on your computer. Some manufacturers provide the Windows files more or less intact, whereas others embed them in compressed disk image files. Compaq systems with Windows XP Home pre-installed, for example, have Windows files stored with Drive Image files on drive D. If you happen to have the disk imaging program that was used to create the disk image files, you can extract the Windows files you need. Most Windows users will choose the much simpler option of saving backup sets to a file, either on a second local drive, on a shared network folder on a hard disk, or on a high capacity removable storage medium such as a Zip drive. The Windows XP Backup Utility does not support backing up directly to CD recorders. However, if you plan your backups carefully, you can accomplish the same goal in a two-step process. Back up to a file first, and then copy that backup file to a CD-R or CD-RW. If you need to restore data from your backup set, you can do so directly from the CD. For this procedure to work, you must ensure that you have enough free disk space to hold your backup files. You also have to plan your backups so that the resulting backup files will fit on a single CD, because the Backup Utility won't prompt you for multiple CDs as it will with other removable media such as Zip drives. This might mean grouping your backup sets into two or more groups, each under 650 MB in size. There are several backup types. A normal backup backs up all selected files and clears their archive attributes so that subsequent differential or incremental backups copy only those files that have changed since their normal backup. An incremental backup copies selected files that have changed since the most recent normal or incremental backup and clears these files' archive attributes. In case of data loss, you would restore the normal backup and each succeeding incremental backup. A differential backup copies selected files that have changed since the most recent normal or incremental backup but does not clear the files' archive attributes. Subsequent differential backups continue to copy all files that have changed since the most recent normal or incremental backup. If you perform a full backup on Monday and a differential backup on each succeeding day of the week, you could restore your data by using the full backup and the most recent differential backup. A copy backup copies all selected files but does not clear archive attributes. A daily backup copies all selected files that have changed on the current day without clearing the files' archive attributes. 16. How to Make an Automatic System Recovery Backup Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details This feature is not available on systems running Windows XP Home, which does not allow you to restore from it. ASR works only if you prepare a complete backup in advance. Creating an ASR backup set saves the complete contents of your system drive to the backup media. ASR saves information about your current arrangement of disk partitions, system files and detected hardware, on a floppy disk. The combination can quickly and effectively restore your system configuration; however, it does not back up or restore data on drives other than the system volume. For that task, use the Backup Utility in Wizard mode and choose the option to back up everything on the computer. Save the backup media and the recovery disk in a safe place. In the event of a catastrophic failure of your system partition, you can boot using the Windows CD, press F2 to run Automated System Recovery when prompted by Windows Setup, and then follow the prompts to restore your system. ASR will reformat your hard disk before it restores. If you have multiple partitions on your system disk, they will be gone when ASR has completed its work, and you will have a single partition. 17. Restore Not every Windows crash is a catastrophe. If you install a new piece of hardware or update a video driver and your system hangs at a blank screen when you restart, you can safely bet that the new device or driver is to blame. 1. Safe Mode. You may be able to reach the desktop by using one of three Safe Mode options available at startup. From Safe Mode, you can change computer settings, uninstall a program or driver that you suspect is causing your problems, or use the System Restore utility to roll back your configuration. 2. Last Known Good Configuration. This option is available from the Advanced Options menu or by pressing F8 at startup. It lets you quickly reverse changes made to the registry since you last successfully started Windows. 3. System Restore. This system recovery tool is the next best thing to a time machine. If you can start Windows in Safe Mode or normally, you may be able to use System Restore to undo the configuration change that's causing the problem. 4. Recovery Console. If you are unable to boot into Safe Mode, this self-contained command-line environment is your last best hope. You can start from the Windows CD and choose the Repair option to start the Recovery Console. From the command line, you may be able to replace a corrupted file, delete a misbehaving driver file, or stop a service that's interfering with startup. Although the Recovery Console prompt looks identical to the Windows XP command interpreter (Cmd.exe), it's not the same. After logging on to the Recovery Console, your actions are severely limited. 5. Reinstallation. When all else fails, you may be able to repair serious problems by reinstalling Windows XP over your existing installation. With the right preparation (and a little luck), you can repair system files without disturbing your settings and preferences. 18. Encrypting and Recovering Encrypted Data The Encrypting File System (EFS) encodes your files on an NTFS volume so that, even if someone Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details is able to obtain the file, they can't read it. The files are readable only when you log on to the computer using your user account (which presumably you have protected with a strong password). In fact, even someone else logging on to your computer won't have access to your encrypted files, which provides protection on systems that are shared by more than one user. The encryption is so secure that if you lose the key to decrypt your data, the information is effectively lost. By default, Windows XP provides no "back door" if your private key is lost. You can innocently lose your key in a number of ways. Inadvertently deleting the encryption certificate which contains the key. Reinstalling Windows from scratch which will create new security identifiers (SIDs) for each user. The data cannot be decrypted from a different SID. Export and protect the private keys for recovery accounts and then remove them from the computer. If you encrypt files, be sure to set up a recovery agent. Back up both your personal certificate and the recovery agent's certificate. To prevent someone from simply logging on as Administrator and viewing another user's encrypted files, you can export and remove the recovery agent's private key. Keep the key in a secure location. Without it you can't use the recovery agent. Back up your Certificates and the recovery agent's Certificate. Always encrypt folders, not files. When a folder is encrypted, all files created in that folder are encrypted. 19. Firewire or IEEE 1394 - External Devices IEEE 1394: The "Digital Convergence Bridge"IEEE 1394 is a high-speed serial bus alternatively known as "FireWire"* and "i.Link"*. 1394 has been broadly adopted by the consumer electronics (CE) industry as the single bus to unify communications between their emerging all-digital CE devices. One of its key characteristics is that it can deliver "isochronous" data, which means "guaranteed delivery," critical for audio/video data types. The small 1394 connectors and serial cables are "consumer friendly." And 1394's protocols support plug-and-play operation. Today, 1394 is nearly universal on consumer digital camcorders, in both miniDV and Digital8 formats, offering a way to connect to PCs for digital video editing with no loss in image quality. Tomorrow, expect to see 1394 interfaces on all the advanced digital products coming from the consumer electronics industry. For example, the Open cable* specification from U.S.-based Cable Labs* requires 1394 on all new digital set top boxes. Sony's PlayStation2* has a 1394 port. Expect to see 1394 inputs on future digital television sets, satellite and cable set top boxes, and digital video recorders. Where Wireless 1394 can play an important role is in bridging the PC to clusters of interconnected 1394 devices, which can be in another room in the house. Three example applications are sourcing video or audio stream from a PC, providing internet content and connectivity to a 1394 cluster, and provide command, control and configuration capabilities to the cluster. In the first, the PC could provide entertainment to someone in another room in the house. In the second, the PC could provide an avenue for 1394 enabled devices to access the Internet. Telewebbing is an increasingly popular activity of watching TV while simultaneously interacting with synchronized Internet content. USB 1.1, and its high-speed successor, USB 2.0, are serial buses with some technical similarities to 1394. However, 1394 and USB address different market applications - they are complementary buses in the PC. USB has been designed to provide a low-cost, plug-and-play way of connecting computer peripherals to a PC. USB is integral to the PC industry's Ease of Use Initiative, both because it is itself a consumer-friendly interface and because it has the performance capabilities to allow the removal of "user vicious" legacy interfaces, including the serial port, the parallel port, the game port, PS2, and so on. USB 1.1 is a capability that is universal on PCs today, and USB 2.0 will Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details follow that path. In parallel with the rise of USB in the computer industry, the consumer electronics industry has rallied around 1394 as the way to interconnect next-generation digital CE devices. The devices comprising an entire home theater could be connected with only a single 1394 cable between each device, eliminating the "rat's nest" of wires characteristic of today's home entertainment systems. Some CE companies view 1394 as potentially enabling a "home A/V network" for transporting rich content anywhere in a home. IEEE 1394 Capabilities The IEEE 1394 standard defines a high speed serial interface that can be used to connect peripheral devices, for example, printers, scanners, and cameras, to your computer. Some common features of the IEEE 1394 standard are: A simple plug and socket connection. This connection is visually similar to universal serial bus (USB) connections, although USB and IEEE 1394 are not compatible. The capacity to have up to 63 devices connected serially (in series) to a single port. Data transfer speeds of up to the rate of 400 megabytes (MB) per second. (The maximum speed is presently 200 MB per second.) Thin wire cable. Hot plug and play capability. (You do not need to turn off a computer to connect and use a peripheral device.) The ability to chain devices together in a number of different ways without terminators or complicated setup requirement. The ability for IEEE 1394-compliant devices to connect together without the use of a computer (for example, when you are dubbing video tapes). Asynchronous communication for batch or packet data transfer and storage. Isochronous communication for real-time voice and video transmission, and any other program that is better-suited for streaming data transfer. Devices as far apart as 4.5 meters (nearly 15 feet) can be connected. Windows XP has built-in IEEE 1394 support. To use all the capabilities of the IEEE 1394 standard, your computer must have an IEEE 1394 adapter installed. If your computer has a FireWire adapter, the adaptor is IEEE 1394 compatible. Some of the capabilities of a Windows XP-based computer with the IEEE 1394 standard are: Instant network connectivity by plugging two or more computers together (no additional hardware or software required). End-to-end throughput of over 50 bps with plenty of digital bandwidth remaining for demanding audio-visual programs. Transmission Control Protocol/Internet Protocol (TCP/IP) over IEEE 1394. This feature makes it very easy to share a single Internet connection when you connect one computer to the Internet and then connect more computers to the first computer. The Windows XP built-in Internet Connection Sharing feature provides the necessary software support. The ability to use IEEE 1394 drivers for peripheral devices. These drivers are provided by the manufacturers of the devices. Windows XP comes with full support with IEEE 1394; you are not required to install any software. If you need to install an adapter, simply plug it in to an available adapter slot, and Windows XP completes the installation. Easy PDF Copyright © 1998,2004 Visage Software This document was created with FREE version of Easy PDF.Please visit http://www.visagesoft.com for more details Network Bridge Speed of wireless bandwidth over 802.11a is not adequate to support the high-speed DV data transfers from a 1394 digital camcorder, today's single most popular usage for 1394. DV can peak at 50 Mbps. Furthermore, even if Wireless 1394 could support DV data rates on the host side, a hardware-1394 to Wireless-1394 radio would still be required on the camcorder side, certainly a far more expensive proposition than a host-based hardware solution and a cable. Network Bridge simplifies the setup and configuration of small networks that consist of mixed network media types, such as Ethernet, home phone-line network adapter (HPNA), wireless, and IEEE 1394 devices. Each media type is its own network segment. You can create a single subnet for the entire home or small office network by using Network Bridge across mixed media segments. Network Bridge offers increased flexibility by allowing a mixture of media types and by automating the difficult configurations that are normally associated with mixed media networks. When the Network Setup Wizard is run, it detects if there are multiple network adapters installed in the computer. It then asks if you want to create the Network Bridge. Network adapters that are connected to the Internet, such as an Ethernet adapter connected to an external DSL or cable modem, should not be added to the Network Bridge. Although USB and IEEE 1394 are similar technologies, you cannot interchange USB connections with IEEE 1394 connections. Only Ethernet, IEEE1394 adapters, or Ethernet compatible adapters such as Wireless and home phone-line adapters (HPNA), can be part of the network bridge.