Windows XP

Download Report

Transcript Windows XP 

ITM 301
Windows XP
and
Windows Vista
April 3, 2013
ITM 301 - Illinois Institute of Technology
1
April 3, 2013
ITM 301 - Illinois Institute of Technology
2
April 3, 2013
ITM 301 - Illinois Institute of Technology
3


Yes – People!
Employers in 2013 and beyond want many
more skills for the same or less amount of
money!
April 3, 2013
ITM 301 - Illinois Institute of Technology
4
Project Management
Business Analyst
Security Specialist
System Administrator
Scripter
Business Analyst
1997
Security Specialist
Network Administration
Network Administration
Scripter
Scripter
System Administration
System Administration
Database Administration
Database Administration
Programming
Programming
April 3, 2013
2007
System Administrator
Programmer
Security Guru
Database Administrator
Network Administrator
A Total of $595,000 !
Programmer
Scripter
Security Guru
ITM 301 - Illinois Institute
of Technology
Project Manager
Business Analyst
Each of these functions
used to represent one
highly skilled IT
professional… And at the
top of their career, each
was making about
$85,000 / year
Database Administrator
Network Administrator
Business Analyst
5
Project Management
Business Analyst
Security Specialist
2007
Employers
want…
Business Analyst
Planet Earth
S
All these
Skills in One
Person!
1997
Security Specialist
Network Administration
Network Administration
Scripter
Scripter
System Administration
System Administration
Database Administration
Database Administration
Programming
Programming
April 3, 2013
The job market
now expects all
of these
functions to be
done by one
highly skilled IT
professional
for about
$85,000 / year
System Administrator
$85,000 !
A Total of $595,000 !
Programmer
ITM 301 - Illinois Institute of Technology
Scripter
Superman
Security Guru
Note: $85,000 in
2007 USD =
$62,000 in 1997
USD
Each of these functions
used to represent one
highly skilled IT
professional… And at the
top of their career, each
was making about
$85,000 / year
Database Administrator
Network Administrator
Business Analyst
6
Source: http://www.cioinsight.com/slideshow/0,1206,l=&s=&a=217671,00.asp
April 3, 2013
ITM 301 - Illinois Institute of Technology
7
TechRepublic Article by Erik Eckel
Certification
Full Title
Vendor
Comments
MCITP: EA Windows
Server 2008
MCITP: Enterprise
Administrator on
Windows Server 2008
Microsoft
WFS
MCTS
Microsoft Certified
Technology Specialist
Microsoft
WFS Adding an MCTS
certification in
Exchange, SharePoint,
Virtualization,
Windows Client, or
Windows Server will
strengthen a resume
VCP
VMware Certified
Professional
VMWare
CCNA
Cisco Certified
Network Associate
Cisco
CSSA
Certified SonicWALL
Security Administrator
Dell
April 3, 2013
ITM 301 - Illinois Institute of Technology
8
TechRepublic Article by Erik Eckel
Certification
Full Title
Vendor
Comments
PMP
Project
Management
Professional
PMI
WFS
CISSP
Certified
Information System
Security
Professional
(ISC)2
WFS
ACSP
Apple Certified
Support
Professional
Apple
Network+ / A+
Network+ / A+
CompTIA
Healthcare IT
Technician
Healthcare IT
Technician
CompTIA
April 3, 2013
ITM 301 - Illinois Institute of Technology
WFS
9












Seasoned Technical Project Manager with 10+ years of experience.
Ideally a PM who has done Web Development (Coding) in the past
Candidate should have heavy experience managing web projects (web applications and
web services), preferably in an IBM WebSphere J2EE environment
Experience managing infrastructure projects which include the following technical and
operational areas: Application/Web Servers (WAS), Network (DMZ, VPN, MPLS),
Firewalls.
Candidate will be the primary interface to the business and operational units of the
organization, so excellent communication and inter-personal skills are critical
Proven ability to lead, manage facilitate, negotiate, and problem solve with people from
different backgrounds and mindsets
Be flexible and available in providing operational support 24x7
Infrastructure Project Management Experience
A PM coming from a Software Development Background is highly preferred
Be able to handle multiple tracks of work and manage the day-to-day and off-hour
operations and support of the project and team
Able to function well in a fast-paced environment
Strong analytical skills
(This is a position for 3 months at $65 to $70 / hour max.)
April 3, 2013
ITM 301 - Illinois Institute of Technology
10
April 3, 2013
ITM 301 - Illinois Institute of Technology
11
April 3, 2013
ITM 301 - Illinois Institute of Technology
12
The IT career field treats Stagnated
IT workers the same way it treats
old Computers: It gets rid of them.
So keep busy honing your skills and
adding new skills outside of the work
place!
April 3, 2013
ITM 301 - Illinois Institute of Technology
13
I've missed more than 9000 shots in
my career. I've lost almost 300 games.
26 times, I've been trusted to take the
game winning shot and missed. I've
failed over and over and over again in
my life. And that is why I succeed.
-Michael Jordan, No. 23
Winner of 6 NBA Championships
Chicago Bulls Legend
April 3, 2013
ITM 301 - Illinois Institute of Technology
14






Windows 3.1
Windows NT
Windows 95
Windows 2000
Windows 7
Mac OS
ITM 301 - Illinois
Institute
April
3, 2013
of Technology
16
Windows 3.1
April 3, 2013
ITM 301 - Illinois Institute of Technology
17
Windows NT / 2000 / 2003 / 2008
April 3, 2013
ITM 301 - Illinois Institute of Technology
18
Windows NT / 2000 / 2003 / 2008
Hardware Abstraction Layer (HAL)
April 3, 2013
ITM 301 - Illinois Institute of Technology
19
Windows NT
April 3, 2013
ITM 301 - Illinois Institute of Technology
20
Windows NT
CPU
April 3, 2013
ITM 301 - Illinois Institute of Technology
21
Windows 95
April 3, 2013
ITM 301 - Illinois Institute of Technology
22
Windows XP
April 3, 2013
ITM 301 - Illinois Institute of Technology
23
Windows 2000 / 2003
April 3, 2013
ITM 301 - Illinois Institute of Technology
24
Windows 2008
April 3, 2013
ITM 301 - Illinois Institute of Technology
25
Windows 2008
April 3, 2013
ITM 301 - Illinois Institute of Technology
26
Windows 2008 Application Architecture
Source: http://www.lhotka.net/weblog/UpdatedWin8DevPlatformDiagram.aspx
April 3, 2013
ITM 301 - Illinois Institute of Technology
27
Mac OS Architecture
April 3, 2013
ITM 301 - Illinois Institute of Technology
28
April 3, 2013
ITM 301 - Illinois Institute of Technology
29



Windows Desktop Roadmap
Windows XP Overview
Enhanced User Experiences
April 3, 2013
ITM 301 - Illinois Institute of Technology
31
Windows 2000
for business
Reliable
 High system uptime
 Resilient to application failures
 Dynamic system configuration
Manageable
 Centralized management
 Desktop management
 Easy to deploy
Best for new devices
Digital Media
 Digital photos
 Digital music
 Digital video
PC Health
 Support automation
 Centralized help center
 System safeguards
Home Networking
 Laptops
 Networking
 Peripherals
 Home Networking Wizard
 Simple connectivity between PC’s,
Internet enable your business
 Web application services
 Internet scalability
 Secure
April 3, 2013
Windows Millennium
Edition for home
peripherals & intelligent devices
Internet Experience
 Faster browsing,easier printing
 Online product support
 Enhanced communication
ITM 301 - Illinois Institute of Technology
33
Client
Home
PCs
Business
PCs
32 and 64 bit
Windows XP Servers
Servers
Embedded
Released 2000

Whistler
Datacenter

Advanced

Small Business

Standard

Embedded




Reliable foundation you can count on
Security and Privacy to safeguard your information
New, easier and more efficient visual design
Highly responsive for handling multiple demanding
tasks at once
April 3, 2013
ITM 301 - Illinois Institute of Technology
36
Rock Solid Foundation
 Built on the Windows Engine
 Full 32-bit architecture, protected memory model

Improved Code Protection
 Read only data structures for key kernel components and
device drivers

Enhanced Device Driver Verifier
 Rigorous testing to ensure the highest quality for device
drivers

Reduced Reboot Scenarios
 Eliminates most scenarios that forced end users to reboot
in Windows NT 4.0 and Windows 9x.
April 3, 2013
ITM 301 - Illinois Institute of Technology
37
Great Platform for Applications
 Windows Installer
 Integrated service to manage software installation, removal, and repair

Side by Side DLL Support
 Allows applications to execute their own versions of key DLL’s

Windows File Protection
 Automatically protects key system files from being overwritten

Enhanced Software Restriction Policies
 Allows an administrator to block application execution
April 3, 2013
ITM 301 - Illinois Institute of Technology
38
Standards Based Security
 Kerberos
 Provides standards based security

IPSec
 Allows for the secure transmission of data over public and private networks
Protecting Local Data
 Encrypting File System
 Encrypt data to protect against unauthorized access, now supports offline
folders and multiple users

Smart Card Support
 Offers additional security, now supports terminal services
Online Security
 Internet Connection Firewall
 Protect Small Business and home networks from network based
attacks
April 3, 2013
ITM 301 - Illinois Institute of Technology
39
Fresh Visual Design
 Friendly and Welcoming

 Designed to allow users to get the most out of their PC
Task Focused
 Common tasks are clearly presented to allow users to get more done quicker
Adaptive User Environment
 Smarter Start Menu

 Displays the most frequently used apps
Taskbar Grouping
 Multiple windows from the same app are consolidated into a single task bar

button
Notification Area Cleanup
 Unused notification area icons are hidden away
Comprehensive Feature Integration
 CD Burning

 Easily burn CD-R and CD-RW’s from within Explorer
Compressed File Support
 Create and extract compresed file folders (e.g. .zip files)
April 3, 2013
ITM 301 - Illinois Institute of Technology
40

Pre-emptive Multi-tasking Architecture
 Allows multiple applications to run simultaneously, while
preserving system responsiveness

Scalable Memory and Processing Support
 Supports up to 2 processors and 4 GB of RAM

Fastest Windows Yet
 Boots faster, runs applications quicker, and resumes from
hibernate/standby more rapidly than previous versions of
Windows
April 3, 2013
ITM 301 - Illinois Institute of Technology
41
Address Deployment Issues

Application Compatibility
 Out of the box support for hundreds of apps
 Compatibility modes for apps without native support
 New fixes delivered via Windows Update or Windows Setup with
Dynamic Update

Device Compatibility
 Increased device coverage from Windows 2000
 Windows XP Runs all properly written Windows 2000 drivers
 Improved Windows logo program
 Updates delivered via Windows Update and Windows Setup with
Dynamic Update
April 3, 2013
ITM 301 - Illinois Institute of Technology
42
Enhance Deployment Options

State Migration (User & Admin interfaces)
 User State Migration Tool (business tool) is a command line tool for

migrating data and application settings. Easily customized by editing
text based .inf files
 Files and Settings Transfer Wizard (consumer tool) is gui based, and
aimed at consumers.
SysPrep
 Now allows for updated drivers to be picked up at install time, as well

as per machine customizations. Also features audit capabilities
RIS




Selective display of OS image choices
Greater hardware independence & ease of use
Security & scalability enhancements
Interoperability with Windows 2000
April 3, 2013
ITM 301 - Illinois Institute of Technology
43
Help Manage OS Lifecycle

Windows Setup w/ Dynamic Update
 Windows XP will prompt to download os updates at install time

Automatic Updates
 Windows XP can download fixes in the background then install when
the update is received
 Downloads are throttled and can be restarted mid-stream
 Feature can be turned off

Windows Update Improvements
 Updates application fixes, os updates, and device drivers
 Integrated with Automatic Updates
 Will have features to bring inside corp firewalls
April 3, 2013
ITM 301 - Illinois Institute of Technology
44
Enhanced Support Infrastructure
 Help and Support Services
 Provides one place to receive support information, can be extended via

3rd parties to include their support content
Remote Assistance
 Offers the ability to securely remote control another Windows XP
machine for troubleshooting or user education.
Improved Centralized Management
 More Group Policy Settings
 Windows XP offers hundreds of new group policy settings, and is fully

interoperable with existing Windows 2000 group policy
Resultant Set of Policy (RSoP)
 Allows administrators to see the effect of Group Policy on a targeted
user or computer.
April 3, 2013
ITM 301 - Illinois Institute of Technology
45
More Recovery Options
 Automated System Recovery
 Works in conjunction with backup utilities to help
recover from catastrophic failure or non-boot state

Recovery console & Last Known Good Config
 Reverts registry & key drivers during the OS boot
process

Safe mode
 Undoes harmful system configuration or settings
changes (not data)
April 3, 2013
ITM 301 - Illinois Institute of Technology
46



Best Platform for Mobile Workers
Universal Communications Tool
Enhanced Support Scenarios
April 3, 2013
ITM 301 - Illinois Institute of Technology
48
Great features for mobile workers
 Remote Desktop
 Based on the RDP protocol, Remote Desktop allows a user to remotely
view and use their Windows XP Professional desktop.
 Credential Manager
 Provides seamless management of user credentials to ease access to
network resources
 Offline Folders
 Files and folders on NT, Windows 2000, and “Whistler” servers can be
cached on the local workstation, making them available when
disconnected from the network
 Synchronization Manager
 Handles the replication and management of files and folders that were
changed while offline
April 3, 2013
ITM 301 - Illinois Institute of Technology
49
Best Mobile Platform
 Plug and Play
 Full support for plug and play including hot docking, hot insertion and
removal, and device management

Power Management
 Improved power management allows laptops to run longer

ClearType
 Dramatically Increases screen readability

DualView
 Allows two monitors to be driven off a single display adapter. Great for
laptops.
April 3, 2013
ITM 301 - Illinois Institute of Technology
50
Effortless Networks
 Zero Config Wireless Networking
 Wireless users can move easily between wireless networks without manually

reconfiguring their machines
Alternate Network Configurations
 An alternate set of IP parameters can be specified to be used when DHCP is
unavailable
Easier Network Configurations
 Network Setup Wizard
 Step by step guide to configure ICS, Internet Connection Firewall, and

device sharing
Network Bridging
 Allows the briding of different networking technologies (i.e. wireless

and 10BaseT Ethernet)
Internet Connection Sharing
 Multiple PC’s can share a single Internet connection
April 3, 2013
ITM 301 - Illinois Institute of Technology
51

A Complete Communications and
Collaboration Platform
 Integrated Voice, Video, and Text communications
 Collaborate with Application Sharing
 Send and Receive Files
April 3, 2013
ITM 301 - Illinois Institute of Technology
52
Self Help Options
 Help and Support Center
 Allows customers to search local and Internet-based help information.
Can be customized by OEM’s

Device Driver Rollback
 Easily reinstall previous versions of device drivers

System Restore
 Quickly returns system to a known state if problems arise
Assisted Support
 Remote Assistance
 Based on RDP Protocol
 SDK Allows For ISV / Corporate Extensibility
 Send Requests Over E-Mail or Instant Messaging
April 3, 2013
ITM 301 - Illinois Institute of Technology
53




Reliable foundation you can count on
Security and Privacy to safeguard your information
New, easier and more efficient visual design
Highly responsive for handling multiple demanding
tasks at once
April 3, 2013
ITM 301 - Illinois Institute of Technology
54
How Do I Get Code?
 MSDN
 TechNet
 Windows XP Preview Program
Where Do I Get More Information?
http://www.microsoft.com/windowsxp
April 3, 2013
ITM 301 - Illinois Institute of Technology
55
April 3, 2013
ITM 301 - Illinois Institute of Technology
56





Beta 2 - Released 3/01
RC 1 – June
RC 2 – July
RTM – August
Available – 10/25/01
April 3, 2013
ITM 301 - Illinois Institute of Technology
57




Business Networking

 Domain join
Management
 Group & Local Policy
 Roaming profiles
 SMS Support


 Encrypting file system
 File-level access control
 “C2” evaluation
64-bit edition
Program differences
 Personal not available via
Enterprise Deployment
 Multi-language support
 Sysprep and RIS support
Power User
 Remote Desktop
 Multi-processor support
Security

volume licensing
 Personal not available via
Premiere support
 Content (Res Kits, Technet, MS
Press Books, etc.)
Behavioral Differences
 No friendly logon in a domain
 No Fast User Switching in a
domain
April 3, 2013
ITM 301 - Illinois Institute of Technology
58

Target customers
 High-end workstation users – engineering design,
CAD/CAM, graphics, modeling/visualization



Support for 32-bit apps
EFI & GPT support
Kernel & driver ports required
April 3, 2013
ITM 301 - Illinois Institute of Technology
59

Depends on age & complexity of system
 Application and device support

Best experience on a new PC
 Optimal configuration, performance
 Full Windows XP Experience

Upgrading to Windows XP
 Windows 98, Windows 98SE, Windows Millennium Edition,
Windows NT 4.0 Workstation, Windows 2000 Professional
 Dynamic Update and Windows Update
 Uninstall for Win9x Users

System Requirements
 Currently same as Windows 2000 Professional
April 3, 2013
ITM 301 - Illinois Institute of Technology
60

Standards Support
 100% support for DOM & CSS level 1 & P3P draft recommendations

Privacy
 Set personal standards for web sites & easily view compliance

Integrated Media Playback
 Without launching extra windows

Improved image browsing & acquisition
 Automatic image resizing & 1-click save, print, e-mail

Integrated Contacts & Instant Messenger
 MSN IM, Outlook or Outlook Express contacts
 Initiate IM, e-mail, NetMeeting etc

Enhanced administration through the IEAK
 Control over all new features & Resultant Set of Policy reporting
April 3, 2013
ITM 301 - Illinois Institute of Technology
61
Windows 2000 Professional provides core
fundamentals of Windows XP Professional TODAY!
 If planning to deploy, currently deploying, or already
deployed

 You Made The Right Choice!
 Look for cases where XP can solve business needs
 Bring Windows XP Pro in on new desktops

If Not Deploying / Evaluating Windows 2000
Professional
 Start Evaluating Windows XP
April 3, 2013
ITM 301 - Illinois Institute of Technology
62




To address application/hardware compatibility issues
To enable knowledge workers to access their machine from
anywhere (field offices, subsidiaries, home, etc.)
For Laptop users; for improved battery, performance
improvements, and device support (ie. Wireless networking)
To enable a remote support infrastructure
April 3, 2013
ITM 301 - Illinois Institute of Technology
63
WIN133




Examining the structure of the Windows
2000/XP OS
Processes and Threads
The programmer’s perspective on how XP
works
How programs work in XP
April 3, 2013
ITM 301 - Illinois Institute of Technology
65
What does “Architecture” mean?
What does it mean in computers?

XP’s Key Design Items:
 Layered design
 Abstraction
 Object-oriented
 Client/Server
April 3, 2013
ITM 301 - Illinois Institute of Technology
67

Windows XP is built in Layers…
 User mode – layer closest to the person
▪ Applications that you run (Word, Netscape)
▪ Support programs for applications - the Windows XP Subsystems
 Kernel mode – layer closest to hardware
▪ Programs that help software running on our system use the
computer’s hardware
▪ Device drivers (software interfaces to hardware)
April 3, 2013
ITM 301 - Illinois Institute of Technology
68



It all begins with your hardware
Windows XP was designed to work on almost any type of
hardware.
Instead of writing a different version of XP for every
hardware platform, MS created HAL
 The Hardware Abstraction Layer is a piece of software that sits
between XP and your hardware.
 XP doesn’t actually know anything about your hardware. It leaves
that up to HAL.
 Whenever XP needs to do something with your hardware it asks HAL
how to do it.
April 3, 2013
ITM 301 - Illinois Institute of Technology
69


On top of HAL sits the XP Kernel
Kernel mode programs are “Trusted” programs that
get to do privileged activities with the computer’s
hardware (CPU, RAM, etc.)
 Components provided (mostly) by MS
 Manufacturers of hardware devices also provide device
driver software
▪ This software must pass a rigorous test
April 3, 2013
ITM 301 - Illinois Institute of Technology
70




At the heart of the kernel is the Microkernel
The Microkernel is very small
On its own it can’t do much
But it is important because it provides
building-blocks for all the Executive Services
running in the Kernel
April 3, 2013
ITM 301 - Illinois Institute of Technology
71
Provides services for applications
(e.g., draws the GUI on the screen,
checks security rights, performs
disk I/O)
 Relies on the Microkernel to do
everything
 Together, the Microkernel and
Executive Services make-up the
Windows XP Kernel

April 3, 2013
ITM 301 - Illinois Institute of Technology
Executive
Microkernel
Services
72

User mode
 Environment subsystem components are
provided by Microsoft. These subsystems…
▪ Allow users to run their applications
▪ Provide important services to all applications,
including client, server, and security services
 Applications
▪ Browser, e-mail client, word processor, etc.
April 3, 2013
ITM 301 - Illinois Institute of Technology
73
Win 32-bit
App
Win 32-bit
App
Win 32-bit
App
Win 32-bit
App
Win32
Subsytem
(Win32 API)
User Mode
Kernel Mode
Executive Services
I/O
Manager
Security
Reference
Monitor
IPC
Manager
Virtual
Memory
Manager
Process
Manager
Plug and
Play
Manager
Power
Manager
Object Manager
File
Systems
Device Drivers
Microkernel
Window
Manager
and GDI
Graphics
Device
Drivers
Hardware Abstraction Layer (HAL)
Computer Hardware
April 3, 2013
ITM 301 - Illinois Institute of Technology
74

Windows XP’s architecture is the key to its:
 Reliability
 Scalability (Professional, Server, Advanced Server,
Datacenter Server)
 Security
 Portable (runs on Intel AND other platforms)

Windows Me, 9x, and 3.x do not have this
type of architecture
April 3, 2013
ITM 301 - Illinois Institute of Technology
75

Let’s start by defining some terms…
 Program
 Process
 Thread
April 3, 2013
ITM 301 - Illinois Institute of Technology
76

Program
 Also known as an application
 It is…
 The software stored on disk or other media
 Here we mean the program “Microsoft Word” (i.e.,
the one you could buy)
April 3, 2013
ITM 301 - Illinois Institute of Technology
77

Process
 A program that has been loaded from long-term
storage (e.g., hard drive) into memory by the OS
and is being run
 It includes…
▪ System resources it needs to run (e.g., RAM, etc.)
▪ One or more threads
April 3, 2013
ITM 301 - Illinois Institute of Technology
78

Up through Windows 7
April 3, 2013
ITM 301 - Illinois Institute of Technology
79

Thread
 A component (or part) of a process
 Or, a single unit of executable code
 The C programs you are writing in IPC are an
example of a single threaded program
▪ Larger programs tend to use multiple threads.
April 3, 2013
ITM 301 - Illinois Institute of Technology
80

Up through Windows 7
April 3, 2013
ITM 301 - Illinois Institute of Technology
81
April 3, 2013
ITM 301 - Illinois Institute of Technology
82
April 3, 2013
ITM 301 - Illinois Institute of Technology
83
April 3, 2013
ITM 301 - Illinois Institute of Technology
84

Thread examples (again…)
 Text editing, spell check, printing

Each thread can be executed independently
of each other
April 3, 2013
ITM 301 - Illinois Institute of Technology
85

Program
 Microsoft Office 2000
▪ Stored in C:\Program Files\Microsoft Office

Process
 WINWORD.EXE (loaded in memory)

Thread(s)
 Text editing, spell check, printing, etc.
April 3, 2013
ITM 301 - Illinois Institute of Technology
86
Answer: APIs and Libraries

Let’s define some more terms:
 API (Application Programming Interface)
 Library
 DLL (Dynamic Link Library)
April 3, 2013
ITM 301 - Illinois Institute of Technology
88

Application Programming Interface

A set of pre-made programming functionality and tools for
building software applications.

APIs make it easier to develop programs by providing all the
building blocks a programmer needs to create complex
programs.
April 3, 2013
ITM 301 - Illinois Institute of Technology
89
subject
verb
object
A
B
C
D
E
apple
apple
apple
F
G
H
I
J
K
L
M
N
O
Cat
Cat
Cat
P
Q
R
S
T
U
V
W
X
Y
Z
Alphabet
All words
must have
one vowel
Rules for
Making Words
Capitalization
Newspaper
punctuation
rules
Web
Page
woman
woman
woman
is
isis
Words
Grammar
Microkernel
April 3, 2013
Native API
(Low-level
API)
Novel
Executive
Services
ITM 301 - Illinois Institute of Technology
Win32 API
(High-level API)
Writing
32-bit
Windows
Applications
90

Windows XP comes with 2 main APIs:
 Win32 API which allows programmers to build 32-bit Windows
programs in User Mode.
 Native API which helps programs and services in User Mode do things
in the kernel. Programmer’s don’t use this much, but the Win32 API
does.

Because all programmers use these APIs, users get programs
that look and feel like each other.

The Windows APIs are stored in libraries
April 3, 2013
ITM 301 - Illinois Institute of Technology
91
Win 32-bit
App
Win 32-bit
App
Win 32-bit
App
Win 32-bit
App
Win32
Subsytem
(Win32 API)
User Mode
Kernel Mode
Executive Services
I/O
Manager
Security
Reference
Monitor
IPC
Manager
Virtual
Memory
Manager
Process
Manager
Plug and
Play
Manager
Power
Manager
Object Manager
File
Systems
Device Drivers
Microkernel
Window
Manager
and GDI
Graphics
Device
Drivers
Hardware Abstraction Layer (HAL)
Computer Hardware
April 3, 2013
ITM 301 - Illinois Institute of Technology
92
April 3, 2013
ITM 301 - Illinois Institute of Technology
93
kernel32.dll
shlwapi.dll
comctl32.dll
Notepad.exe
kernel32.dll
shell32.dll
comdlg32.dll
ntdll.dll
user32.dll
177 other
libraries
gdi32.dll
April 3, 2013
ITM 301 - Illinois Institute of Technology
94


XP’s architecture is the key to its stability, security, and
scalability
The OS is built in layers, with each layer providing services to
the one above it
 The 2 most important layers are Kernel Mode and User Mode


Few programs are allowed to access hardware directly-which provides stability
Programmers/Programs access low-level functionality via
APIs stored in DLL files
April 3, 2013
ITM 301 - Illinois Institute of Technology
95

As a user:
 Pay attention to DLL files on your computer. Don’t delete them
unless you know what they are.
▪ Many are shared for reasons we discussed earlier
 Watch which DLLs get installed to your system and where they go.

As a developer:
 As you go on as a programmer you’ll hear a lot more about APIs and
maybe even write some of your own.
 If you go on to become a Windows developer, you’ll want to consider
learning the Win32 API
April 3, 2013
ITM 301 - Illinois Institute of Technology
96
Ch 1: What's New in Windows XP



Windows XP Home
Basic Networking, Low Security
Windows XP Professional
 Includes everything in Windows XP Home
Edition
 Plus features for corporate network users and
power users
April 3, 2013
ITM 301 - Illinois Institute of Technology
98

Media Center Edition, Tablet PC Edition,
and 64-Bit Edition
 Built on Windows XP Professional
 Designed for use with specific hardware devices
April 3, 2013
ITM 301 - Illinois Institute of Technology
99





Bug fixes and updated drivers
security enhancements, including Windows
Internet Explorer now blocks pop-up
windows and some downloads.
Wireless network wizard
Windows Update runs automatically by
default
April 3, 2013
ITM 301 - Illinois Institute of Technology
100





Simple File Sharing is a completely new
security model that controls access to
Shared resources on networks.
Fast User Switching
Remote Desktop feature (Professional
edition only)
The System Restore and Driver Rollback
April 3, 2013
ITM 301 - Illinois Institute of Technology
101



Windows XP users will face viruses and
worms
The security enhancements in Service Pack
2 help, but do not really solve this problem
Think about security all the time; it will be a
large part of your job
April 3, 2013
ITM 301 - Illinois Institute of Technology
102





Budget-priced version
Pre-installed on home and small business
PCs
Cannot connect to corporate networks
(domains)
Minimal security options
Only allows a single CPU and a single video
display.
April 3, 2013
ITM 301 - Illinois Institute of Technology
103



Includes everything in Home Edition
All the networking and security
components required to join a Windows
domain run by Windows 2000 Server or
Windows Server 2003
Allows high-performance hardware, such
as a dual-processor motherboard
April 3, 2013
ITM 301 - Illinois Institute of Technology
104

Sold only with Tablet PCs
 Notebook computers with custom screens you
write on with a digital pen

Includes all capabilities of Windows XP
Professional
April 3, 2013
ITM 301 - Illinois Institute of Technology
105


Sold only with special hardware
Supports TV, movies, and music
April 3, 2013
ITM 301 - Illinois Institute of Technology
106


For 64-bit processors such as Intel’s Itanium
Not popular yet
April 3, 2013
ITM 301 - Illinois Institute of Technology
107

System Properties
 Start, Control Panel,
System or
 Windows Logo + Break
April 3, 2013
ITM 301 - Illinois Institute of Technology
108




Released in Fall 2002
Program updates, bug fixes, security
patches, and drivers
Support for USB 2, the latest version of
Universal Serial Bus
Set Program Access And Defaults option in
Add Or Remove Programs
 Before SP1, Microsoft components often
opened by default even after you installed
components from
another company
April 3, 2013
ITM 301 - Illinois Institute of Technology
109


Released in summer 2004
Includes SP1, new bug fixes, more drivers
 Security Center
 Windows Firewall
 Automatic Updates
 Internet Explorer enhancements
 Wireless Networking
April 3, 2013
ITM 301 - Illinois Institute of Technology
110

Link Ch1b on my
Web Page
(samsclass.info)
April 3, 2013
ITM 301 - Illinois Institute of Technology
111
Installing and Configuring Windows XP
 Old programs written for Windows 95, Windows
98, or Windows Me may not run properly under
Windows XP
 Old hardware may not have XP drivers

Windows XP Upgrade Advisor
 Choose it after inserting the Windows XP CD, or
 d:\i386\winnt32-checkupgradeonly
 at a command prompt.
April 3, 2013
ITM 301 - Illinois Institute of Technology
113
April 3, 2013
ITM 301 - Illinois Institute of Technology
114



When you upgrade over an existing
Windows version, Setup offers to check for
dynamic updates.
That loads service packs, updated drivers
for hardware detected on your system, and
upgrade packs for programs you’re
currently running
Use it – it's a good feature
April 3, 2013
ITM 301 - Illinois Institute of Technology
115


Applications that use Windows 2000 Pro
should work with Windows XP
Applications written for Windows 98 or
Windows ME are more likely to cause
problems
 The Windows Catalog
(http://www.microsoft.com/windows/catalog) is
regularly updated, and it includes links to
additional information and updated drivers.
April 3, 2013
ITM 301 - Illinois Institute of Technology
116

Hardware Requirements (bare minimum)
 233 MHz processor from the
 Intel Pentium/Celeron family or the AMD
K6/Athlon/Duron family
 64 MB of RAM (128 recommended)
 1.5 GB of available disk space
 Video adapter capable of Super VGA (800 × 600)
resolution
April 3, 2013
ITM 301 - Illinois Institute of Technology
117






Gather network details
IP address and subnet mask
The name of your workgroup or domain
Check hardware and software compatibility
Back up your data files and system setting
Disable antivirus software and other
system utilities
April 3, 2013
ITM 301 - Illinois Institute of Technology
118



Clean install
Upgrade
Side-by-side (multiboot) installation
April 3, 2013
ITM 301 - Illinois Institute of Technology
119

Clean install
 Erase a partition and install XP on it
 Stable and simple, the most common method
April 3, 2013
ITM 301 - Illinois Institute of Technology
120

Upgrade Paths
 You can upgrade to Windows XP Home Edition
or Professional from Windows 98 or Windows
Me
 You can also upgrade to Windows XP
Professional from Windows NT Workstation 4
(Service Pack 6), Windows 2000 Professional, or
Windows XP Home Edition

See link Ch 2a on my Web page: samsclass.info
April 3, 2013
ITM 301 - Illinois Institute of Technology
121
Upgrading preserves installed software and
settings, but often creates an unstable system
 After the upgrade:

 Reset passwords for migrated user accounts
 Run the Network Setup Wizard
 Check that all essential programs and devices work
properly
 Consider upgrading your system drive to NTFS
 Save your Administrator password
April 3, 2013
ITM 301 - Illinois Institute of Technology
122

Side-by-side (multiboot) installation
 Install Windows XP on a separate partition
 Choose the
OS each time
you start up
 Install the
OS versions
in
chronological
order
April 3, 2013
ITM 301 - Illinois Institute of Technology
123

If, during setup, some peripherals don’t
work properly:
 Update your system BIOS
 To find out whether an update is available,
check with the manufacturer of your computer
or its motherboard
 For BIOS info, see link Ch 2s

Use the BIOS setup program to select the
“non–Plug and Play operating system”
option
April 3, 2013
ITM 301 - Illinois Institute of Technology
124

1. File copy
 Puts Windows Setup files to a folder on hard
disk (not performed for CD installations)
April 3, 2013
ITM 301 - Illinois Institute of Technology
125

2. Text mode setup
 Select (and if necessary, create and format) the
partition you want to use for the Windows XP
system files.
April 3, 2013
ITM 301 - Illinois Institute of Technology
126

3. GUI mode setup
 Regional settings, product key, computer
name, and administrator password.

4. Windows Welcome
 Create user accounts and activate Windows
April 3, 2013
ITM 301 - Illinois Institute of Technology
127

Boot from the Windows XP CD
 If your system doesn’t allow booting from a CD,
download the Windows XP setup disk file from
www.microsoft.com/downloads and use it to
create a set of bootable floppy disks or
 Start your computer from a Windows 98/Me
emergency boot disk; then use the CD or
installation files copied to another partition
April 3, 2013
ITM 301 - Illinois Institute of Technology
128


On a clean install, C:\Windows (or the other
drive you chose)
On an upgrade, Setup uses the current
%WinDir% — C:\Winnt or C:\Windows
April 3, 2013
ITM 301 - Illinois Institute of Technology
129

On most machines, the whole C drive is one
big partition with Windows XP,
applications, and the user's data sharing it
 It's a good practice to put Windows and
applications on one partition and the user's
data on a second one
 For multiboot systems like the ones in S214,
there are separate partitions for each operating
system
April 3, 2013
ITM 301 - Illinois Institute of Technology
130

Setuperr.log in the %SystemRoot% folder
(normally C:\Windows)
 Lists any errors and warnings that occurred
during setup
 For more information, run Winnt32.exe with the
/Debug switch

There are several other logs (see page 25)
April 3, 2013
ITM 301 - Illinois Institute of Technology
131

Do not install two or more versions of
Windows on a single partition, because
 The two systems share the same registry
 Executable files and dynamic link libraries for
are different for Win 95/98/Me and Win
NT/2000/XP
 A program won’t work properly in at least one
Windows version
April 3, 2013
ITM 301 - Illinois Institute of Technology
132
 Program preferences, options, and settings
you’ve chosen in one operating system don’t
show up when you use the other operating
system
 If you uninstall an application, it will still appear
in the other OS, but it won't work
April 3, 2013
ITM 301 - Illinois Institute of Technology
133

/checkupgradeonly
 Runs the Upgrade Advisor without installing Windows
XP

/cmdcons
 Adds the Recovery Console to the Windows XP startup
menu

/udf:ID[,UDB_file]
 Identifies a Uniqueness Database (UDB) file for
Automated Installation

/unattend[:answer_file]
 Used for unattended Setup
April 3, 2013
ITM 301 - Illinois Institute of Technology
134

Within 30 days of installing Windows XP,
you must activate the software
 by Internet or phone

Activation is not registration
 The activation process is completely
anonymous

A message will pop up reminding you to
activate, or you can click Start, All
Programs, Accessories, System Tools,
Activate Windows
April 3, 2013
ITM 301 - Illinois Institute of Technology
135




You’re allowed to reinstall Windows an
unlimited number of times on the same
hardware.
Multiple hardware upgrades may require
you to reactivate Windows
Copies of Windows XP sold with new
computers may be exempt from WPA
Volume License Installations are also
exempt from WPA requirements
April 3, 2013
ITM 301 - Illinois Institute of Technology
136

Unattended setup
 Uses a batch file
and a script (called
an answer file)


Sysprep
Remote
Installation
Services (RIS)
April 3, 2013
ITM 301 - Illinois Institute of Technology
137

Disk imaging (also called cloning or sysprep
setup)
 Set up Windows on a sample computer
 Run the System Preparation utility
(Sysprep.exe), which removes the Security
identifier (SID)
 Then use a disk cloning program such as
Symantec Ghost to copy the entire partition to
a new computer
 When it starts up, it runs a Mini-Setup program
April 3, 2013
ITM 301 - Illinois Institute of Technology
138

Automatically installs Windows XP from
Windows 2000 Servers or Windows 2003
Servers
 Requires Active Directory, DNS, and DHCP,
which are only commonly used on large
company networks
April 3, 2013
ITM 301 - Illinois Institute of Technology
139
In the \Support\Tools\Deploy.cab file
on the Windows XP CD
 Setupmgr.exe

 Setup Manager Wizard used for creating
answer files

Sysprep.exe
 Used for creating and deploying disk
images (don't run it on a computer that is
being used)

Demonstration of Setup Manager
April 3, 2013
ITM 301 - Illinois Institute of Technology
140


Your Windows XP CD probably does not
include the latest Service Packs
Slipstreaming lets you incorporate a service
pack into the installation file so new
installations made from the modified files
include the service pack
April 3, 2013
ITM 301 - Illinois Institute of Technology
141

If you upgrade to Windows XP
 Your data and programs should survive Setup
intact

If you do a clean install, or get a new
computer, you can move your settings with
FAST or USMT
April 3, 2013
ITM 301 - Illinois Institute of Technology
142

Files And Settings
Transfer Wizard (FAST)
 Moves one user account
at a time
 Start, All Programs, Accessories,
System Tools

User State Migration
Tool (USMT)
 Can only be used on
domain, can move many
accounts
 See link Ch 2m
April 3, 2013
ITM 301 - Illinois Institute of Technology
143

Moves the data using either
 A direct connection with a cable between two
computers
 By saving your settings to a file

Saves:
 Desktop settings,
 Internet settings
 E-mail
 Application settings
ITM 301 - Illinois Institute of Technology
 Files and folders
April 3, 2013
144


Helpful for persons with vision, hearing, or
mobility impairments.
Start, All Programs, Accessories,
Accessibility
 Magnifier
▪ Enlarges part of the screen
 Narrator
▪ Reads text aloud
 On-Screen Keyboard
▪ Lets you type with
pointing
April 3, 2013
ITM 301a
- Illinois
Institute ofdevice
Technology
145

Allows Java applets to run in a browser
 Java applets are used on many Web sites
 Because of a longstanding legal dispute
between Microsoft and Sun, the Microsoft Java
Virtual Machine was removed from Windows XP
Service Pack 1a and later

The best thing is to get the machine from
Sun
 See links Ch 2t, Ch 2u, and Ch 2v on my Web
page
April 3, 2013
ITM 301 - Illinois Institute of Technology
146


Start, right-click My
Computer, Properties,
Advanced
In the Startup And
Recovery section, click
Settings
April 3, 2013
ITM 301 - Illinois Institute of Technology
147

Or edit Boot.ini directly (be careful – errors
can stop your machine from booting up)
April 3, 2013
ITM 301 - Illinois Institute of Technology
148

POST
 Power-On Self Test

MBR
 BIOS then reads the master boot record (MBR)—the
first sector on the first hard disk—and transfers control
to the code in the MBR

Boot Sector
 The MBR reads the boot sector—the first sector of the
system partition—which starts Ntldr, the bootstrap
loader for Windows XP
April 3, 2013
ITM 301 - Illinois Institute of Technology
149

System Partition
 Must contain Ntldr, Ntdetect.com and Boot.ini.
Ntldr reads the Boot.ini file, and displays the
boot menu.
▪ Error in the book on page 73: these files are in the
system partition, not the active partition. See link
Ch 2v on my Web page
April 3, 2013
ITM 301 - Illinois Institute of Technology
150

Ntdetect.com
 After you select Windows XP from the boot
menu, Ntldr runs Ntdetect.com to gather
information about the currently installed
hardware.

Boot.ini
 Ntldr then uses the Advanced RISC Computing
(ARC) path specified in Boot.ini to find the boot
partition—the one where Windows XP is
installed.
April 3, 2013
ITM 301 - Illinois Institute of Technology
151

Kernel
 The Windows XP kernel is in two files:
Ntoskrnl.exe and Hal.dll. Both files must be
located in the %SystemRoot%\System32 folder
(in the boot partition)
April 3, 2013
ITM 301 - Illinois Institute of Technology
152

Registry
 Ntldr then loads the registry, hardware profile,
and device drivers.

Log On
 Ntoskrnl.exe takes over and starts
Winlogon.exe, which in turn starts Lsass.exe
(Local Security Administration), the program
that allows you to log on with your user name
and password.
April 3, 2013
ITM 301 - Illinois Institute of Technology
153

Because this file is set with the hidden and
system attributes, it doesn’t ordinarily
appear in Windows Explorer; to edit it, use
either of these techniques:
 Start, Run, enter c:\boot.ini.
 Open System in Control Panel, click the
Advanced tab, click the Settings button under
Startup And Recovery, and click the Edit button
in the System Startup section.
April 3, 2013
ITM 301 - Illinois Institute of Technology
154

The Recovery Console is a no-frills
command-line environment that you can
use to recover from serious startup
problems. It looks like DOS.
April 3, 2013
ITM 301 - Illinois Institute of Technology
155

You can run the Recovery Console by
booting directly from the Windows XP CD,
or add it as a startup option on your boot
menu.
April 3, 2013
ITM 301 - Illinois Institute of Technology
156

To add Recovery Console as a startup
option on your boot menu.
 Insert the Windows XP CD into your drive.
 At a command prompt, type
d:\i386\winnt32.exe /cmdcons (replacing d
with the letter of your CD drive)
 This does not work on machines that were
upgraded to Service Pack 2
▪ See Link Ch 2w on my Web page
April 3, 2013
ITM 301 - Illinois Institute of Technology
157
April 3, 2013
ITM 301 - Illinois Institute of Technology
158
A Whistle-Stop Tour for ITSS
Wednesday 8th November 2006
Tony Brett
Head of IT Support Staff Services
Oxford University Computing Services


Opinions are my own and not necessarily
those of OUCS or the University of
Oxford
I am in no way endorsing this or any
other product in this presentation
 You must interpret my comments yourself

DO NOT USE A RELEASE CANDIDATE IN
A PRODUCTION ENVIRONMENT!
ITM 301 - Illinois
Institute of Technology
160
April 3,
2013




Product Lineup
System requirements
Installation
Networking
 Wired, Wireless, File sharing, VPN


Printing
Software
 IE7
 Anti-virus
 HFS


ITM 301 - Illinois
Institute of Technology
Major changes
Activation and licensing (Bridget Lewis)
161
April 3,
2013


Vista Business
Vista Enterprise
 more security and hardware encryption
 UNIX subsystem for UNIX apps (SUA)

Vista Home Basic






Doesn’t include Aero
Less searching
No DVD burning
No Tablet Support
Vista Home Premium
Vista Ultimate
 Has everything in all the others
 “Top of the range”

All available in 32- or 64-bit editions
http://www.microsoft.com/windowsvista/getready/editions/default.mspx
ITM 301 - Illinois
Institute of Technology
162
April 3,
2013

Basic
 Modern 800MHz processor
 512MB RAM
 DirectX 9 Graphics

“Premium ready”
 1 GHz x86 or x64 processor
 1GB RAM
 DirectX 9, WDDM, 128 MB graphics RAM, Pixel Shader 2.0, 32 bits
per pixel
 DVD-ROM
 Audio
 Internet Access
ITM 301 - Illinois
Institute of Technology
163
April 3,
2013


http://www.microsoft.com/windowsvista/
Using RC1
 Register to download and receive licence key
 Burn DVD from Microsoft ISO file

Dell Laptop
 I used Celeron 2.2GHz, 768MB RAM
 Display driver installed without intervention once encouraged

Also used new HP machine meeting “Premium Ready” spec.
 3.2GHz Pentium Core Duo. 1GB RAM
 All installed automatically


Install used about 7GB on machines I used
Note Startup Repair Tool
ITM 301 - Illinois
Institute of Technology
164
April 3,
2013


Updates available for RC1!
Now part of Control Panel
ITM 301 - Illinois
Institute of Technology
165
April 3,
2013

Provides some security when
making system changes
 Eg installing/uninstalling software


ITM 301 - Illinois
Institute of Technology
Asks non-admins for Administrator
Password
Beware – Administrator Password
not set on initial install
166
April 3,
2013

ITM 301 - Illinois
Institute of Technology
Network and Sharing Center (sic)
167
April 3,
2013

From network and sharing center
 Choose “manage network connections”
 Right-click items for properties
ITM 301 - Illinois
Institute of Technology
168
April 3,
2013

ITM 301 - Illinois
Institute of Technology
Also from network and sharing center
169
April 3,
2013


How to
connect:
Vista has
drivers for USB
and PCMCIA
Adapters from
OUCS shop
ITM 301 - Illinois
Institute of Technology
170
April 3,
2013


Similar to
XP Pro
Changed
“Use
simple file
sharing”
ITM 301 - Illinois
Institute of Technology
171
April 3,
2013

Latest version is 4.8.01.0300 for XP and below (not 98).
 But it does not work with Vista…

4.8.01.0590-k9-BETA
 provided as-is and unsupported for testing on Vista RCs
 recommended that this client only be used for testing purposes in a lab
environment
 Known Issues
▪ unable to enable logging subsystem when firewall is enabled
▪ VPN Client does not support Start Before Logon
▪ unable to install client under uac in vista 5384. (Workaround: Run setup
from vpnclient_setup.exe)
▪ UN-Install warns that VPN Service still running
▪ Logging windows does not display log until the log file is touched.
ITM 301 - Illinois
Institute of Technology
172
April 3,
2013

Via
“Connect
to” or
Control
Panel
ITM 301 - Illinois
Institute of Technology
173
April 3,
2013



But of course we treat TCP/IP printers using
LPR as local printers, just like in XP
Vista has lots of drivers built-in
HP Universal Printing Driver appears not to
work at the moment
 Crashes Explorer

Standard HP drivers seem OK
 Not HP Printing System though
ITM 301 - Illinois
Institute of Technology
174
April 3,
2013

IE7 comes as standard
 Note no support from Oracle yet
 For OSS and Financials


Firefox 2.0 appears to be OK
No TSM backup client support yet
 There is a beta client scheduled for November
 OUCS will test it
 Client is scheduled GA for end of January 2007.

Only some AV products currently available for Vista
 http://go.microsoft.com/fwlink/?LinkId=69433


ITM 301 - Illinois
Institute of Technology
Microsoft is offering Windows Live OneCare
There are others including F-Secure and AVG
175
April 3,
2013





Will provide support for Vista with Sophos Anti-Virus v 6.5.
When released, Sophos Anti-Virus for Windows
2000/XP/2003/Vista, version 6.5, will be updated automatically
from the current version 6.0.x. No action needed.
Plan is to release Sophos Anti-Virus, version 6.5 within a couple of
weeks of the official release of Vista, which Microsoft plan for
November 2006. The Vista release date may change, subject to
code changes and extensions made by Microsoft.
Support for Vista planned in the next major versions of Enterprise
Console, Sophos Control Center and Sophos Client Firewall.
No support for Vista in the current versions of Enterprise Console,
Sophos Control Center and Sophos Client Firewall on Vista.
http://www.sophos.com/support/knowledgebase/article/6071.html
ITM 301 - Illinois
Institute of Technology
176
April 3,
2013

Taskbar /Start
Menu
 No huge changes
but look and feel a
bit different
 Similar
customisations
 Adds window
previews
 “Run…” has moved
ITM 301 - Illinois
into “accessories”
Institute of Technology
177
April 3,
2013

Control of
 Websites
 Use times
 Game
ratings
 Specific
Programs
ITM 301 - Illinois
Institute of Technology
178
April 3,
2013

Much richer tools
 Especially disk management and event viewer
ITM 301 - Illinois
Institute of Technology
179
April 3,
2013
3D effects
Transparent
Windows
 Easy Windows key +
Tab app switching
 Requires a
reasonable spec
machine
 Spec measured by
Windows Experience
Index
 Our PC Scores 3


ITM 301 - Illinois
Institute of Technology
180
April 3,
2013




ITM 301 - Illinois
Institute of Technology
Replaces “Add/Remove Programs”
Allows viewing of updates
Access to digital locker and
Marketplace
Control Windows “features”
181
April 3,
2013





Direct descendant
of Outlook Express 6
Reads NNTP news
Good junk mail
features
Protects from
Phishing
Windows Calendar
ITM 301 - Illinois
Institute of Technology
182
April 3,
2013

Allows modifications to:
 File associations, Autoplay, Default Programs
ITM 301 - Illinois
Institute of Technology
183
April 3,
2013




This is similar to Mac OS X Dashboard
Gadgets rather than Widgets
Good for watching RSS feeds
Many widgets available
ITM 301 - Illinois
Institute of Technology
184
April 3,
2013


Looks more like OS X
File overwrite now offers to rename
ITM 301 - Illinois
Institute of Technology
185
April 3,
2013


ITM 301 - Illinois
Institute of Technology
Alt-PrintScreen on Acid!
Allows Screen, Window, Rectangle or
Freeform image-grabbing
186
April 3,
2013

ITM 301 - Illinois
Institute of Technology
No time to play with this yet –
anyone?
187
April 3,
2013

Over to Bridget…
ITM 301 - Illinois
Institute of Technology
188
April 3,
2013
By: Chris Reber
April 22, 2008






Vista Security Overview
User Account Control
Authentication
Firewall Enhancement
Windows Service Hardening
Data Protection
April 3, 2013
ITM 301 - Illinois Institute of Technology
190






Windows Vista is hailed as the most secure Windows
version yet.
Microsoft utilized a secure developmental lifecycle
to create the system.
They hardened the services and added
enhancements for 64-bit computing.
There are new User, Network, and Application
Security Options.
New Data Protection Options.
Added security options in IE7.
April 3, 2013
ITM 301 - Illinois Institute of Technology
191


Allows users to be productive and change
common settings while running as a standard
user, without requiring administrative
privileges.
Prevents users from making potentially
dangerous changes to their computers,
without limiting their ability to run
applications.
April 3, 2013
ITM 301 - Illinois Institute of Technology
192


Includes new authentication architecture that
is easier for third-party developers to extend.
This will lead to a wider choice of smart cards,
fingerprint scanners, and other forms of
strong authentication.
April 3, 2013
ITM 301 - Illinois Institute of Technology
193

The new outbound filtering in the firewall
provides administrative control over peer-topeer sharing applications and other similar
applications that businesses want to restrict.
April 3, 2013
ITM 301 - Illinois Institute of Technology
194



Limits the damage attackers can do in the
unlikely event that they are able to
successfully compromise a service.
Increased to Six Service Accounts.
The risk of attackers making permanent
changes to the Windows Vista client or
attacking other computers on the network is
reduced.
April 3, 2013
ITM 301 - Illinois Institute of Technology
195


BitLocker
Helps prevent unauthorized access to data on
lost or stolen computers by combining two
major data-protection procedures.
 Encrypting the entire Windows operating system
volume on the hard disk.
 Verifying the integrity of early boot components
and boot configuration data.
April 3, 2013
ITM 301 - Illinois Institute of Technology
196

Two NTFS-formatted volumes:
 A "boot volume" with a minimum size of 1.5GB,
where the OS boots from.
 And the "system volume" which contains the
operating system.


Trusted Platform Module (TPM v1.2).
Trusted Computing Group (TCG)-compliant
BIOS for use with TPM.
April 3, 2013
ITM 301 - Illinois Institute of Technology
197



April 3, 2013
Transparent Operation Mode
User Authentication Mode
USB Key Mode
ITM 301 - Illinois Institute of Technology
198


This mode exploits the capabilities of the
TPM 1.2 hardware to provide for a
transparent user experience.
The user logs onto Windows Vista as normal.
 The key used for the disk encryption is sealed
(encrypted) by the TPM chip and will only be
released to the OS loader code if the early boot
files appear to be unmodified.
April 3, 2013
ITM 301 - Illinois Institute of Technology
199


This mode requires that the user provide
some authentication to the pre-boot
environment in order to be able to boot the
OS.
Two authentication modes are supported:
 a pre-boot PIN entered by the user
 or a USB key.
April 3, 2013
ITM 301 - Illinois Institute of Technology
200


The user must insert a USB device that
contains a startup key into the computer to
be able to boot the protected OS.
Note that this mode requires that the BIOS
on the protected machine supports the
reading of USB devices in the pre-OS
environment.
April 3, 2013
ITM 301 - Illinois Institute of Technology
201

The following combination of the modes are
supported:
 TPM
 TPM + PIN
 TPM + PIN + USB Key
 TPM + USB Key
 USB Key
April 3, 2013
ITM 301 - Illinois Institute of Technology
202
April 3, 2013
ITM 301 - Illinois Institute of Technology
203
April 3, 2013
ITM 301 - Illinois Institute of Technology
204
April 3, 2013
ITM 301 - Illinois Institute of Technology
205


AES-CBC + Elephant Diffuser
There are four separate operations in each
encryption. The plaintext is exclusive-orred
(xorred) with a sector key, then run through
two (unkeyed) diffusers, and finally encrypted
with AES in CBC mode.
April 3, 2013
ITM 301 - Illinois Institute of Technology
206
April 3, 2013
ITM 301 - Illinois Institute of Technology
207
Where E () is the AES encryption function,
Ksec is the 128 or 256-bit key for this
component.
 e() is the encoding function used in the AESCBC layer, and e‘ (s) is the same as e(s) except
that the last byte of the result has the value
128.
 The sector key Ks is repeated as many times
as necessary to get a key the size of the block,
and the result is xorred into the plaintext.

April 3, 2013
ITM 301 - Illinois Institute of Technology
208

April 3, 2013
The value i is a loop counter that goes around
the data array Acycles = 5 times. (Remember
that all indices are modulo n, so the wraparound is automatic.) The addition is modulo
232, <<< is the rotate-left operator, and R(a) :=
[9; 0; 13; 0] is an array of 4 constants that
specify the rotation amounts.
ITM 301 - Illinois Institute of Technology
209

April 3, 2013
Diffuser B is very similar to Diffuser A,
however, the R (b) := [0; 10; 0; 25] and the
Bcycles is only 3.
ITM 301 - Illinois Institute of Technology
210
The AES key KAES is either 128 bits or 256 bits,
depending on the selected version. The block
size is a always a multiple of 16 bytes, so no
padding is necessary.
 E () is the AES encryption function, and e() is
an encoding function that maps each sector
number s into a unique 16-byte value.
 Note that IVs depends on the key and the
sector number, but not on the data.

April 3, 2013
ITM 301 - Illinois Institute of Technology
211
April 3, 2013
ITM 301 - Illinois Institute of Technology
212


Bitlocker only available on Windows Vista
Ultimate, Enterprise and Server 2008.
Vista can only encrypt the system volume,
further capability to be added with SP1.
April 3, 2013
ITM 301 - Illinois Institute of Technology
213



No Back Door for Law Enforcement
When operating in “Transparent Operation
Mode” or “User Authentication Mode” the
system is vulnerable to “Cold Boot Attacks”
When in "USB Key"-only mode a piece of
software could read and record the key for
later use to exploit the machine.
April 3, 2013
ITM 301 - Illinois Institute of Technology
214







Vista Security Overview
User Account Control
Authentication
Firewall Enhancement
Windows Service Hardening
Data Protection
Questions
April 3, 2013
ITM 301 - Illinois Institute of Technology
215
April 3, 2013
ITM 301 - Illinois Institute of Technology
216

http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

http://207.46.196.114/windowsserver2008/en/library/2d130e11a796-43b7-98ed-d389cad285f51033.mspx?mfr=true

http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption

“AES-CBC + Elephant diffuser A Disk Encryption Algorithm for
Windows Vista”, Niels Ferguson, Microsoft, August 2006

“Security Enhancements in Windows Vista”, Microsoft Corp, May
2007.
http://www.microsoft.com/presspass/newsroom/security/VistaSecurity.m
spx
April 3, 2013
ITM 301 - Illinois Institute of Technology
217
How will it effect IT Professionals and their networks?
Presented by: Ed Horley
[email protected]
Date: November 2005

Why IPv6?

Market forces pushing IPv6 adoption

Shortcomings and challenges of IPv4

Coexistence with IPv4

IPv6 Addressing Overview
April 3, 2013
ITM 301 - Illinois Institute of Technology
219

IPv6 in Windows Vista

IPv6 deployment options

Impact on IT Professionals

Resource Links

Question and Answers
April 3, 2013
ITM 301 - Illinois Institute of Technology
220

Mobility
 Mobile Operators using 3GPP UMTS / Internet Multimedia
Services (IMS)
 Nokia, Motorola and others making use of mobile IPv6 in
their devices
 Ad-hoc networks – think police, fire and emergency
services – push to talk requirements
April 3, 2013
ITM 301 - Illinois Institute of Technology
221

Security
 Unlike IPv4, IPv6 has IPSec directly integrated into it
 Any IPv6 communication can automatically do
authentication, message integrity and encryption or any
combination of those
 Every host on an IPv6 network could, in theory, validate
exactly who they are communicating with
April 3, 2013
ITM 301 - Illinois Institute of Technology
222

Addressing
 Address depletion for large network providers - think
mobile operators, governments, universities
 Diverse address options
 Imagine 4.29 * 1020 IP addresses per every square inch of
the earth, including the water
April 3, 2013
ITM 301 - Illinois Institute of Technology
223

What is unique about IPv6?
 Enables next generation network-based
applications without additional expense or
expertise using migration technologies
 Does not require wholesale network
infrastructure replacement
 Does not require IPv4 networks to run IPv6
infrastructure or routing protocols
 Global Addressing Pool is HUGE
ITM 38
301 - Illinois Institute of Technology
(IPv6 has 3.4 * 10
addresses)
April 3, 2013
224

What is unique about IPv6?
 Eliminates the need for NAT
 Eliminates the need for private address space (RFC1918)
 Scales much better then IPv4
 IPSec is built in for secure host-to-host communication
 Mobile IPv6 is built in and does not require server side
routing or gateway services
April 3, 2013
ITM 301 - Illinois Institute of Technology
225

Converged next generation networks that are doing
Voice, Video and VPN services

Peer-to-peer networks and n-tier computing

Next generation ASP’s
April 3, 2013
ITM 301 - Illinois Institute of Technology
226

Mobile Internet Services - Internet Multimedia Services
(IMS)

End to end security requirements

Auto configuration for home and mobile devices
April 3, 2013
ITM 301 - Illinois Institute of Technology
227

Rapid adoption of IPv6 in Japan, Korea, Taiwan, India and
other Asian and Pacific Rim countries – the US is lagging
in IPv6

It is a US Government Department of Defense
requirement by 2008!

Major technology companies like Cisco, Microsoft, Sun,
Linux, BSD, Nokia are universally supporting IPv6 in their
products
April 3, 2013
ITM 301 - Illinois Institute of Technology
228

Some current limitation of IPv4 include:
 Network Address Translation deployments in:
▪ Enterprises and some Service Providers
▪ SOHO and Home
▪ WiFi hotspot locations
 Mixed use of Public and Private IP Address Space
 Network based firewalls that prevent end-to-end
session establishment
April 3, 2013
ITM 301 - Illinois Institute of Technology
229

Mobility is increasing in use and popularity but it is not
supported in the infrastructure as a seamless solution

Security solutions are point solutions or appliances that
do not addresses the shortcomings of the protocol
April 3, 2013
ITM 301 - Illinois Institute of Technology
230

There is NO requirement to change any infrastructure to
support IPv6 in your existing IPv4 network – they can
coexist without issue

Windows Vista will automatically use the appropriate IPv6
technology based on the network it discovers
April 3, 2013
ITM 301 - Illinois Institute of Technology
231

Migration technologies allowing IPv6 to run on IPv4:
 ISATAP (tunneling transition technology)
 6to4 (tunneling transition technology)
 Teredo (NAT traversal technology)
April 3, 2013
ITM 301 - Illinois Institute of Technology
232

Migration from IPv4 to IPv6 will take some time! That’s
OK!

Windows Vista can run with BOTH IPv6 and IPv4
addressing at the same time

Windows Vista runs IPv4 better then Windows XP or
Windows Server 2003 due to new Dual IP layer
architecture
April 3, 2013
ITM 301 - Illinois Institute of Technology
233

IP Addresses are in hex format not decimal

A sample IPv6 address:
 fe80::5efe:c0a8:ed01 (link local address)

Hosts can have multiple IPv6 addresses depending on
their requirements
April 3, 2013
ITM 301 - Illinois Institute of Technology
234

IPv4 and IPv6 are side by side at the IP layer but have a
universal TCP/UDP Transport layer above

IPv6 will be used by default by Vista – this is a good thing

If you do not want to have IPv6 running on your network
(explicitly turned off IPv6 that is) you will have to run
some netsh commands to turn it off 1
April 3, 2013
ITM 301 - Illinois Institute of Technology
235

Windows Vista supports both managed and unmanaged
deployments

Applications that are IPv6 aware will make use of the
protocol automatically

The new firewall and IPSec management tools for Vista all
support IPv6 natively
April 3, 2013
ITM 301 - Illinois Institute of Technology
236

Native IPv6:
 IPv6 native routing protocols are already supported by
most vendors (Cisco, Juniper, and others) – BGP, OSPF,
RIPng, IS-IS
 Most are providing software upgrades to support native
IPv6 deployments on existing hardware (Cisco IOS 12.3+
mainline code has IPv6 support)
 Native deployment will become more desirable as more
applications make use of IPv6
April 3, 2013
ITM 301 - Illinois Institute of Technology
237

Problems:
 Most ISP’s are not providing native IPv6 transport
▪ In the US – Hurricane Electric, Cable and Wireless, MCI
and others
 Most firewalls are not currently supporting IPv6 natively
April 3, 2013
ITM 301 - Illinois Institute of Technology
238

It is a standard: IETF RFC 4214

Intrasite Automatic Tunnel Addressing Protocol

ISATAP is a tunneling technology

Allows communication across an IPv4 intranet by
tunneling IPv6 inside IPv4 packets
April 3, 2013
ITM 301 - Illinois Institute of Technology
239

Designed to allow companies to run IPv6 internally

Does NOT require any native IPv6 routers or routing
protocols on the network

Makes use of a single ISATAP router (Cisco router or
Windows Server 2003 host) to specify a 64-bit prefix
April 3, 2013
ITM 301 - Illinois Institute of Technology
240

Makes use of a DNS entry to determine where the ISATAP
router is located to get the prefix

Can act as a router for IPv6 tunnels (6to4) and native IPv6
hosts

ISATAP address configuration looks like:
 <64-bit prefix>:0:5efe:w.x.y.z
 w.x.y.z is a public or private IPv4 address assigned to the
host
April 3, 2013
ITM 301 - Illinois Institute of Technology
241

IPv6 addresses consist of a site prefix + the IPv4 address

Example: 3ffe:ffff:1234:5678::/64 is the prefix

IPv4 address is: 192.168.2..1

IPV6 address is: 3ffe:ffff:1234:5678::5efe:192.168.2.1
April 3, 2013
ITM 301 - Illinois Institute of Technology
242

It is a standard: IETF RFC 3056

6to4 is a tunneling technology

Allows communication across the IPv4 Internet by
tunneling IPv6 inside IPv4 packets
April 3, 2013
ITM 301 - Illinois Institute of Technology
243

6to4 addresses include IPv4 address information
 The prefix for 6to4 begins with 2002
 the remainder of the address is a colon separated
hexadecimal notation of the IPv4 address
 Formatted like: 2002:wwxx:yyzz::wwxx:yyzz
 wwxx:yyzz is the public IP in hex format

If there is a public IP address, Windows auto configures a
6to4 address using that public IP
April 3, 2013
ITM 301 - Illinois Institute of Technology
244



Queries by default 6to4.ipv6.microsoft.com to obtain an
IPv4 address of a 6to4 relay server/router
It can also use the well known anycast IPv4 address of
192.88.99.1 to obtain the closest 6to4 relay server/router
So an example IPv4 address would look like:
 IPv4 address: 207.213.246.1 is represented as cfd5:f601
(convert decimal to hex)
 Its 6to4 address: 2002: cfd5:f601 ::cfd5:f601
April 3, 2013
ITM 301 - Illinois Institute of Technology
245
IPv6 Packet
IPv6 Header
Extension
Headers
Upper Layer
Protocol Data Unit
IPv4 Header IPv6 Header
Extension
Headers
Upper Layer
Protocol Data Unit
Encapsulation
For ISATAP and
6to4
IPv4 Packet
IPv4 header Protocol field set to 41
April 3, 2013
ITM 301 - Illinois Institute of Technology
246

Teredo provides IPv4 NAT traversal capabilities by
tunneling IPv6 over the top of IPv4 using UDP

Teredo provides IPv6 connectivity when behind an
Internet IPv4 NAT device

Is designed to be a universal method for NAT traversal for
most types of NAT used

Public Teredo prefix is not yet defined by IANA
April 3, 2013
ITM 301 - Illinois Institute of Technology
247

Allows for exciting new services to be developed

The promise of Ad-hoc networking is a reality with IPv6

The ability to have true mobile IP, regardless of gateway
or when moving from wired to wireless
April 3, 2013
ITM 301 - Illinois Institute of Technology
248

The next generation in network computing
 Moving from client/server to:
▪ n-tier computing and
▪ peer-to-peer computing

Change in Enterprise practices

Changes in IDS, Firewall, HIPS, NIPS, Proxy services,
Packet Analysis, Security and IPSec Postures and Policies
April 3, 2013
ITM 301 - Illinois Institute of Technology
249

Can I test with IPv6 now before Vista comes out?
YES!

Use Windows XP Pro SP2 or Windows Server 2003 to try
out IPv6 on your network

What do I need to do?
Simply load the IPv6 stack and you ready to go!
April 3, 2013
ITM 301 - Illinois Institute of Technology
250
April 3, 2013
ITM 301 - Illinois Institute of Technology
251

To configure IPv6 you need to make use of the netsh
command
April 3, 2013
ITM 301 - Illinois Institute of Technology
252

Microsoft:
- Cable Guy Article netsh commands to turn off IPv6:
▪ http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx
 Cable Guy Articles about IPv6:
▪
▪
▪
▪
▪
▪
▪
April 3, 2013
http://www.microsoft.com/technet/community/columns/cableguy/cg0701.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0902.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg1002.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0403.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0304.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0904.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0305.mspx
ITM 301 - Illinois Institute of Technology
253

Cisco:
 IPv6 Reference Links:
▪ http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
▪ http://www.cisco.com/en/US/products/ps6553/prod_presentation_list.html

IETF:
 IPv6 Working Group:
▪ http://www.ietf.org/html.charters/ipv6-charter.html
April 3, 2013
ITM 301 - Illinois Institute of Technology
254

General references:
 IPv6 Forum
▪ http://www.ipv6forum.com/
 North American IPv6 Task Force
▪ http://www.nav6tf.org/
 California IPv6 Task Force
▪ http://www.cav6tf.org/
 Merit Networks Network Research and
Technology
▪ http://www.merit.edu/nrd/projects/ipv6.html
 The NLANR Active Measurement Project
▪ http://watt.nlanr.net/IPv6/
 Moonv6
▪ http://www.moonv6.org/
 Internet Society
April 3, 2013
▪ http://www.isoc.org/
ITM 301 - Illinois Institute of Technology
255
April 3, 2013
ITM 301 - Illinois Institute of Technology
256
April 3, 2013
Ed Horley
[email protected]
Blog:
www.howfunky.com
ITM 301 - Illinois Institute of Technology
257
Ed Horley is a Sr. Network Engineer for j2 Global Communications,
better known as eFax. Ed currently designs, supports and
maintains j2's international and domestic collocation sites along
with j2's core data center IP infrastructure. He is experienced in ecommerce web content delivery, large scale e-mail delivery,
firewalls, IPSec VPN's, and specializes in routing, switching and
DNS issues.
Ed is a former Cisco Certified Network Professional (CCNP), a current
Microsoft Certified Professional (MCP) and a current Microsoft Most
Valuable Professional (MVP). He graduated from the University of
the Pacific in 1992 with a BS in Civil Engineering.
When he is not playing on network gear you can find him out on the
lacrosse field as an Umpire for Women's Lacrosse. He is currently
married to his wonderful wife Krys and has two children, Briana and
Aisha. He livesITM
and
works in Walnut Creek, CA.
April 3, 2013
301 - Illinois Institute of Technology
258

On IIT Blackboard - Download and Review Lecture 10 Materials

Download and do Exercise.

Download the Networking Encyclopedia.
April 3, 2013
ITM 301 - Illinois Institute of Technology
259
April 3, 2013
ITM 301 - Illinois Institute of Technology
261
April 3, 2013
ITM 301 - Illinois Institute of Technology
262
April 3, 2013
ITM 301 - Illinois Institute of Technology
263
April 3, 2013
ITM 301 - Illinois Institute of Technology
264
April 3, 2013
ITM 301 - Illinois Institute of Technology
265
April 3, 2013
ITM 301 - Illinois Institute of Technology
266
April 3, 2013
ITM 301 - Illinois Institute of Technology
267
April 3, 2013
ITM 301 - Illinois Institute of Technology
268
April 3, 2013
ITM 301 - Illinois Institute of Technology
269
April 3, 2013
ITM 301 - Illinois Institute of Technology
270
April 3, 2013
ITM 301 - Illinois Institute of Technology
271
April 3, 2013
ITM 301 - Illinois Institute of Technology
272
April 3, 2013
ITM 301 - Illinois Institute of Technology
273
April 3, 2013
ITM 301 - Illinois Institute of Technology
274
April 3, 2013
ITM 301 - Illinois Institute of Technology
275
April 3, 2013
ITM 301 - Illinois Institute of Technology
276
April 3, 2013
ITM 301 - Illinois Institute of Technology
277
April 3, 2013
ITM 301 - Illinois Institute of Technology
278
April 3, 2013
ITM 301 - Illinois Institute of Technology
279
April 3, 2013
ITM 301 - Illinois Institute of Technology
280
April 3, 2013
ITM 301 - Illinois Institute of Technology
281
April 3, 2013
ITM 301 - Illinois Institute of Technology
282
April 3, 2013
ITM 301 - Illinois Institute of Technology
283
April 3, 2013
ITM 301 - Illinois Institute of Technology
284