The System Administrator Notebook

System Maintenance Tasks on Windows XP

Page Contents

Activating Windows XP

Top Bottom
  • antipiracy feature (one copy of XP can be installed on one PC only)
  • must be done within 30 days by internet or phone
  • after 30 day grace period, users can log on to PC, but can do nothing until product activated
  • automatic and instantaneous
  • allowed to reinstall on same hardware
  • once registered the CD can not be used to install to another PC
  • ID created from CD product ID and hardware ID
  • encrypted file serves as fingerprint (wpa.dbl and wpa.bak): includes video, hdd, ide, CD, nic, CPU, RAM
  • if you replace 4/10 components within 120 days, the activation mechanism may assume you've cloned the setup to another machine
  • OEM software may be exempt from WPA
  • volume licensing media exempt from WPA
  • restore wpa.dbl to bypass activation
  • restore wpa.bak to restore system to previous activated state
  • Msinfo32 display activation status if product not activated, and an 'Activate' icon appears in the notification area

Files and Settings transfer Wizard

Top Bottom
  1. Save settings from any 32-bit windows
  2. restore to XP
  3. Direct connection, serial or Ethernet or save settings to a file
  4. Do administrator account first, to capture file associations, then do additional accounts one-by-one
  5. migrates user-specific settings (visual settings, folder and taskbar options; accessibility options; phone, modem and network connections; network printers and drives)
  6. internet settings: favourites and cookies
  7. email: collects account settings, messages and contacts from Outlook
  8. application settings: registry settings and preference files. Used once application is re-installed. List of applications is stored in %systemroot%\system32\usmt\migapp.inf
  9. Files and Folders: my docs and my pics, shared documents plus a list of extensions is used to determine what other files are copied
  10. Prefer folders to file types
  11. Can be used with custom settings to backup your PC

Migration Process:

  1. Programs: Accessories: System Tools: Files and Settings Transfer Wizard on new computer (or %systemroot%\system32\usmt\migwiz from command prompt).
  2. Choose 'New Computer' option
  3. Choose 'I will use the wizard from the XP CD'
  4. At old computer, insert XP CD(use wizard disk on old PC if it has no CDROM). Choose 'Additional Tasks: Transfer Files' from Welcome Screen. Choose 'Old Computer' option. Or run fastwiz.exe from XP CD in support\tools
  5. Choose transfer method
  6. Choose between files only, settings only, files and settings. The list will vary according to the transfer method
  7. Password generated on new computer to prevent files from being stolen
  8. to restore files to new computer from file, start transfer wizard and select 'I don't need a wizard disk'. Specify location and continue

Automatic Updates

Top Bottom

three options:

  1. auto download, notify install
  2. notify both
  3. disable

View updates in Help Centre, windows updates link. Restore declined updates available via sysdm.cpl: Automatic Updates

Accessibility Options

Top Bottom
  1. magnifier (can follow mouse and keystrokes)
  2. narrator (text-to-speech utility)
  3. on screen keyboard (used with mouse or joystick)
  4. accessibility wizard (used to select text size, display settings, choose deaf or blind, scroll bar size, icon size, display colour, mouse cursor, SoundSentry or ShowSounds, StickyKeys, FilterKeys (or BounceKeys), ToggleKeys, and MouseKeys)
  5. Utility Manager (Win+U) to control magnifier, narrator and OSK prior to login

AddRemove Components

Top Bottom

Windows installs a standard set of components.

Default Install:

  • Accessories
  • Indexing Service
  • IE
  • MSN Explorer
  • Update Root Certificates

Not Installed:

  • Fax Services
  • IIS
  • Management and Monitoring Tools
  • Message Queuing
  • Networking Services
  • Other Network and Print Services

Other hidden components can be revealed in Add/Remove by editing; %SystemRoot%\inf\sysoc.inf

System Restore

Top Bottom

System Restore (found in sysdm.cpl)

  1. Drive space used: default 12%
  2. default location: \system volume information\
  3. each restore point in a separate folder: '_restoreGUID'
  4. restore folders are accessible to system account only
  5. drives to be monitored. Data only files should be excluded
  6. by default excludes 'my Docs' and '%systemroot%\downloaded program files'
  7. specify other excluded areas by regedit: HKLM\System\CurrentControlSet\BackupRestore\FilesNotToBackup. Doesn't take affect until you set next restore point
  8. Shuts down if space on any drive <200MB. Doesn't automatically restart. Restart via sysdm.cpl

Startup Options

Top Bottom

Startup Options, controlled via sysdm or boot.ini:

  • start time: -1, wait forever; 0, don't display; 1-99 seconds
  • /fastdetect: don't detect serial mice
  • /noguiboot: eliminate windows splash screen
  • /sos: display driver load and hardware detect
  • /safeboot

install the command console using the XP CD

Startup Process:

  1. PC performs POST
  2. POST for each adapter with own BIOS
  3. BIOS reads MBR (first sector on first hard disk) and transfers control to code in MBR
  4. MBR reads boot sector (first sector of active partition) which contains code that starts NTLDR
  5. NTLDR switches system to protected mode with paging enabled, starts the filesystem, reads boot.ini and displays menu . NTLDR,, boot.ini, bootsect.dos (dual boot only), ntbootdd.sys (SCSI only) must all be in root of active partition
  6. Selecting NT causes NTLDR to run to gather info about installed hardware
  7. NTLDR then uses ARC (Advanced RISC Computing) path to find the boot partition and loads the core: Ntoskrnl.exe and Hal.dll (from %systemroot%\system32)
  8. NTLDR continues reading the registry, selecting hardware profile and control set and loading device drivers
  9. ntoskrnl takes over and starts winlogon.exe, which in turn starts lsass.exe (local security administration) which displays welcome/logon screen

Removing Recovery Console (if installed)

  1. edit boot.ini
  2. delete cmdcons folder
  3. delete cmdldr from root directory

Help and Support

Top Bottom

Help and Support Centre: consists of around 10,000 individual topics from 200 chm (compiled html) files. Uses two related modules:

  1. service - helpsvc.exe and
  2. executable: helpctr.exe

If help centre stops working, kill all helpctr processes and restart helpsvc. Searches provide results by:

  • suggested topic: match to keywords in help files
  • full-text matches: content matching
  • MS KnowledgeBase

Use quotes to find a particular phrase. Search supports Boolean operators. Or click index button to search index. Customisation options for help centrer:

  • change help centrer options
  • change search options
  • install and share help: install help files from XP Home and 2003

Graphical Help on Commands: “%systemroot%\pchealth\helpctr\binaries\helpctr /url ms-its:%systemroot%\Help\ntcmds.chm::/ntcmds.htm”

  1. net (user | localgroups)
  2. driverquery /v /fo csv > drvlist.csv (produces list of drivers)
  3. command (switch to 16-bit console)
  4. osk (on screen keyboard)
  5. schtasks – allows you to configure scheduled tasks on local and remote computers (you can also schedule tasks on remote machines via network neighbourhood)

Remote Assistance

Top Bottom

Remote Assistance: uses XP Terminal Services to share desktop: both users must be present and agree connection. Remote Assistance available on both Home and Pro, but RDP only on Pro. To use Remote Assistance:

  1. both must be using XP
  2. both must have active internet connection
  3. neither can be blocked by Firewall
  4. novice sends invite
  5. expert accepts opening read-only view
  6. expert and novice can use chat screen
  7. expert requests to take control
  8. novice accepts request
  9. novice can kill connection at any time by pressing escape

The RA ticket (.msrincident) uses XML to define parameters of connection. Uses port 3389. ICF automatically opens this port when request sent. If using private address behind NAT device, things get complicated:

  1. ICS listens for remote assistance on 5001 and forwards to 3389
  2. UPnP-compatible hardware router should work
  3. non-UPnP probably won't
  4. Dynamic IP addresses are also problematic

With windows messenger, list of contacts appear in remote assistance pane. Once connected they don't need a password as they get authenticated with passport. Request can also be sent to contacts in address book, with option to set password and expiry date. Invitation can be saved to a file. Remote Assistance can be dis/enabled via sysdm.cpl

Installing Software

Top Bottom

edit sysoc.inf to see all programs that can be added\removed

Windows File Protection detects attempts to replace a protected system file (files installed by the Windows setup program). Windows checks the digital signature on the file. If the file is not the correct version, it is replaced with one from the dllcache folder, or from the XP CD, or you'll be prompted for the location. Activity of Windows File Protection is logged to event log. sfc command can be used to scan and verify the versions of all system files:

sfc switches:

/scannow (scans immediately)

/scanonce (scans once)

/scanboot (scans on each reboot)

/revert (returns to default operation)

/purgecache (purges WFP cache and does an immediate scan)


Use file signature verification options (block, ignore, warn) to control behaviour.

Some legacy applications work after an upgrade but refuse to install on a clean install. Changes mainly in area of compatibility. Software using VxDs won't run. Limited user can install only if:

  1. files are copied to user profile
  2. registry settings affect HKCU

Power users should be able to install most apps, unless they write to crucial parts of registry or filesystem. Set a restore point before installing a dodgy program. On corporate networks, the Add/Remove programs tab also lists applications that have been assigned or ed. Assigned programs are automatically installed when a user selects the program from the programs menu, or by opening a document with associated extension.

16-bit programs

  1. run in a subsystem, a virtual machine that mimics 386 enhanced mode
  2. most 16-bit programs do not support long file names. XP maintains links, to preserve long file names when a 16-bit program saves a file
  3. 16-bit programs are restricted to using a single thread. 16-bit calls must be translated for the 32-bit OS (thunking) which adds to execution time
  4. 16-bit applications require 16-bit device drivers which are not supported in XP. Application must provide 32-bit drivers to work.
  5. 16-bit dlls cannot be used by 32-bit apps and vice versa. If you have Word6 documents with macros that access certain dlls, they won't work with Word2000's dlls.
  6. 16-bit apps don't have a version tab
  7. 16-bit applications appear in Task Manager under NTVDM.exe and WOW.exe (windows on windows)
  8. Multiple 16-bit apps share a common memory space: a crash in one will crash all. Programs can be run in a separate memory space
  9. is the 16-bit version of cmd.exe
  10. %systemroot%\_default.pif is the default pif file
  11. _default.bat is the batch file that runs each time an MSDOS program starts
  12. Custom pifs appear in the same directory as the program
  13. autoexec.nt and config.nt control virtual machine setup. Custom versions can be entered in programs pif

The properties tab of an executable contains a compatibility mode option. Compatibility options try to fool a program into thinking its running on an earlier version of windows. Application Compatibility Wizard found in Accessories or properties of program shortcut: basic purpose to configure support for downlevel applications. Application compatibility tool uses four databases to filter application code before it reaches the operating system.

If properties displays a version tab, then its a 32-bit program

Run As: 'runas /user:username cmd' or right-click program and select 'run as'. A handful of programs are started by Windows, and do not therefore support runas.

MSI contain all the files required to install a package and can be deployed using Group Policy(softwaresettings\softwareinstallation). In AD Users and Computers, assign or publish a package to users (you can not publish software to computers) by creating a new group Policy for domain or OU and configure software installation (add new package, use unc path). MSI should be stored in a network share.


Top Bottom

chkdsk - without switches: read only, report only. Available switches:

  • /f fix errors
  • /v verbose
  • /r recover info from bad sectors
  • /i check index entries only
  • /c skips checking cycles within the folder structure
  • /x forces the volume to dismount, invalidates all open filehandles

Autochk.exe runs automatically when you schedule a disk check at startup.

chkntfs.exe /x d: cancel a scheduled check at startup

NTFS volumes keep a journal of all disk activities. A registry bit can be set to indicate that the file system is 'dirty' (contains data that was not properly read/written). If this dirty bit is set, then XP will run chkdsk automatically on restart.


Top Bottom

Defragmentation: Formatting a disk divides it into sectors, each of which contains space for 512 bytes of data. Filesystems combine sectors into groups or clusters, the smallest unit of space available for holding a data. A 10GB NTFS partition uses 4KB clusters, thus a 20GB file will require 2,500 clusters. Fragmentation occurs when a file is spread across non-contiguous clusters.

defrag d:

  • /a (analyze and display analysis report)
  • /v (display complete report, defrag and analysis)
  • /f (force defragmentation)

Defragmentation requires 15% free space for full defragmentation. A dirty disk cannot be defragmented: run chkdsk first. Defrag does not touch the recycle bin: empty it first. Nor will it defrag bootsect.dos, safeboot.fs, safeboot.csv, safeboot.rsv, hiberfil.sys, memory.dmp or pagefile.sys. Defrag may require several runs to fully defrag a large file. Will not defrag open files either.

Disk Cleanup

Top Bottom

Disk Cleanup: when windows is running low on disk space, a warning is displayed in the notification area. Double click the warning icon to start the disk cleanup wizard. Wizard will not delete files from %temp% that are less than a week old. The more options tab take you to either Add/Remove programs or will allow you to remove all but the last system restore point.


  • /d driveletter
  • /sageset:n where n is an arbitrary number between 1 and 65535, used to create a registry key to save cleanmgr settings
  • /sagerun:n run saved settings

MSC Commands

Top Bottom
  1. lusrmgr.msc
  2. devmgmt.msc
  3. compmgmt.msc
  4. secpol.msc (security policy)
  5. gpedit.msc (local computer/group policy)
  6. certmgr.msc (certificates)
  7. ciadv.msc (indexing service)
  8. dfrg.msc
  9. diskmgmt.msc
  10. eventvwr.msc
  11. fsmgmt.msc (shared folders)
  12. ntmsmgr.msc (removable storage)
  13. ntmsoprq.msc (removable storage operator requests)
  14. perfmon.msc
  15. rsop.msc (resultant set of policy)
  16. services.msc
  17. wmimgmt

CPL Commands

Top Bottom
  1. odbccp32.cpl (try odbcad32.exe instead)
  2. ncpa.cpl
  3. access.cpl (accessibility)
  4. hdwwiz.cpl (add/detect hardware wiz)
  5. appwiz.cpl (add remove software)
  6. sysdm.cpl (system properties)
  7. timedate.cpl (date and time properties)
  8. desk.cpl (display properties)
  9. rundll32.exe shell32.dll,Options_RunDLL 1 (taskbar and start menu)
  10. joy.cpl (configure joystick)
  11. inetcpl.cpl (configure ie properties)
  12. mmsys.cpl (multimedia properties)
  13. main.cpl (mouse properties)
  14. intl.cpl (internationalisation)
  15. telephon.cpl (phone and modem options)
  16. powercfg.cpl (power options)
  17. irprops.cpl (wireless connections)
  18. nusrmgr.cpl (user accounts)

Control Commands

Top Bottom
  1. control printers (open printers folder)
  2. control scannercamera (scanners and cameras)
  3. control schedtasks
  4. control netconnections (try ncpa.cpl instead)
  5. control speech (speech properties)
  6. control main.cpl,@1,1 (keyboard properties)
  7. control admintools (administrative tools folder)
  8. control folders (folder options)
  9. control fonts (open fonts folder)
  10. control (userpasswords | userpasswords2)