Boot.ini

enter a value of -1 to change menu to notimeout

use: /sos switch to see drivers load

/noguiboot to remove splash screen

install the command console using the XP CD

Commands

Graphical Help on Commands: “%systemroot%\pchealth\helpctr\binaries\helpctr /url ms-its:%systemroot%\Help\ntcmds.chm::/ntcmds.htm”

1. net (user | localgroups)
2. driverquery /v /fo csv > drvlist.csv (produces list of drivers)
3. command (switch to 16-bit console)
4. osk (on screen keyboard)
5. schtasks – allows you to configure scheduled tasks on local and remote computers (you can also schedule tasks on remote machines via network neighbourhood)

Programs

1. msconfig.exe
2. msinfo32.exe

Add\Remove Programs

edit sysoc.inf to see all programs that can be added\removed

Simple File Sharing

turn this off using “folder options...view

Program Versions

If properties displays a version tab, then its 32-bit

Compatibility Mode

the properties tab of an executable contains a compatibility mode option

Show Desktop

create the file desktop.scf with the following then drop it where you need it :

[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop

Show Windows Version

hkcu\controlpanel\dektop\paintdesktopversion = 1

Emergency Shutdown

Ctrl+Alt_Del, then hold the control key as you click shutdown

Setup Manager

setupmgr.exe available from the support tools on the XP CD

Special Identities

Everyone – Eveyone but anonymous logins

Creator Owner – Creator or owner

Authenticated User – Anyone who logs on with username and password except Guest

Interactive User – Any one who logs on locally including remote desktop connections

Network – Any user that logs on over the network

Default Permissions

See Q244600

Copy vs Move

Copying (same drive) – file inherits permissions from destination, you become owner

Move (same drive) – file keeps its permissions, you become owner

Move (different drive) – same as copy

Network Diagnostics

use network diagnostics from tools menu in msinfo32.exe

Shutdown

-i display gui

-l logoff

-s shutdown

-r restart

-a abort

-m \\computername

-t xx timeout

-c “comment”

-f force

MSC Commands

1. lusrmgr.msc
2. devmgmt.msc
3. compmgmt.msc
4. secpol.msc (security policy)
5. gpedit.msc (local computer/group policy)
6. certmgr.msc (certificates)
7. ciadv.msc (indexing service)
8. dfrg.msc
9. diskmgmt.msc
10. eventvwr.msc
11. fsmgmt.msc (shared folders)
12. ntmsmgr.msc (removable storage)
13. ntmsoprq.msc (removable storage operator requests)
14. perfmon.msc
15. rsop.msc (resultant set of policy)
16. services.msc
17. wmimgmt

CPL Commands

1. odbccp32.cpl (try odbcad32.exe instead)
2. ncpa.cpl
3. access.cpl (accessibility)
4. hdwwiz.cpl (add/detect hardware wiz)
5. appwiz.cpl (add remove software)
6. sysdm.cpl (system properties)
7. timedate.cpl (date and time properties)
8. desk.cpl (display properties)
9. rundll32.exe shell32.dll,Options_RunDLL 1 (taskbar and start menu)
10. joy.cpl (configure joystick)
11. inetcpl.cpl (configure ie properties)
12. mmsys.cpl (multimedia properties)
13. main.cpl (mouse properties)
14. intl.cpl (internationalisation)
15. telephon.cpl (phone and modem options)
16. powercfg.cpl (power options)
17. irprops.cpl (wireless connections)
18. nusrmgr.cpl (user accounts)

Control Commands

1. control printers (open printers folder)
2. control scannercamera (scanners and cameras)
3. control schedtasks
4. control netconnections (try ncpa.cpl instead)
5. control speech (speech properties)
6. control main.cpl,@1,1 (keyboard properties)
7. control admintools (administrative tools folder)
8. control folders (folder options)
9. control fonts (open fonts folder)
10. control (userpasswords | userpasswords2)

Installing Programs

Limited Users will only be able to install if the program:

1. copies files to the users profile
2. updates entries in HKCU
3. installs shortcuts to current users logon

Right-click a programs icon to set compatibility mode.

The hardware tab in sysdm.cpl allows you to alter unsigned driver prompts

Most Win2K drivers will work on XP

Installing Hardware

Install driver software before plugging in hardware – driver files and inf files get copied to your system, and XP will then install hardware when its plugged in

Memory

Commit-Charge: (total) total of physical and virtual memory in use

(limit) total the OS makes available to applications

Physical Memory (total) amount of RAM installed

(available) total RAM windows makes available to apps before swapping

(system cache) total amount of RAM used to cache recently accessed data and programs

Kernel Memory (total) amount of RAM used by kernel

(paged) amount of kernel mapped to pages

(non-paged) amount of kernel that must remain in RAM

If (Total Commit Charge) > (Total Physical Memory) Then (Paging Occurs)

If (Peak Commit Charge) > (Total Physical Memory) then (Paging Will Have Been Occurring)

If you have excessive amounts of physical memory, windows caches recently accessed data for faster performance

Task Manager

End task on the Programs Tab, is the same as close a program via its menus: End Task on the Process Tab will immeadiately try to zap the program.

Monitoring IO Read/Writes can tell you which programs are causing disk thrashing

Start

Change default priority of a program at startup:

Start (/low | /normal | /high | /realtime | /abovenormal | /belownormal) “programname”

Startup Locations

1. Startup folders
2. Run Key ( HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\Run, RunOnce, RunOnceEx)
3. Schedtasks
4. Win.ini (Load= and Run= )
5. Group Policy (admin templates system\logon and windows settings\scripts for both computer and user)

Power-Saving

Standy – suspends to memory – draws some power to retain memory image.

Hibernation – suspends to disk – no power consumption required

Indexing Service

Turned on and off via search companion

Tune performance via ciadv.msc

Encrypting File System

Disable EFS using a DWORD value of 1 at HKLM\Software\WindowsNT\CurrentVersion\EFS or via group policies.

You can't encrypt compressed files – windows will uncompress them if you choose to encrypt

You can't encrypt files with the system attribute, in a roaming profile or files in %SYTEMROOT%. Encrypted files can still be deleted by oter users. Copying an encrypted file to a volume that does not support EFS (eg NT4 or a FAT partition) will cause the file to lose its encryption. Backups do not remove encryption.

EFS using your public key to create a file encryption key (FEK). Encrypted files can only be decrypted using your personal encryption certificate (PEC) and private key (PK), which is only available on your login. If you copy encrypted files to another computer, you'll need to copy your PEC and PK also. PEC and PK are stored in your roaming profile. These should be backed up! Best to encrypt folders – this way new files in folder are automatically encrypted. To allow others to access the file, right-click, properties, advanced. You'll only be able to select users who already have an EFS key installed on that computer.

Data Recovery Agents

Cipher is the command-line encryption tool. Type “cipher /r:filename” to create a data recovery agent certificate. The generated .pfx and .cer files allow anyone to become a data recovery agent. Logon as the account you want to be the data recovery agent and using certmgr.msc import the certificate, typing the password that was used to protect the files. In secpol.msc, choose local security settings\public key policies\EFS, then choose add data recovery agent and browse to the .cer file. To prevent this user from decrypting the files, export and remove the private key using certmgr.msc. The recovery agent will then need the private key to view encrypted files. All users should backup their PEC using internet explorer, and Administrators should backup the recovery agent certificate using secpol.

Clear Pagefile at Shutdown

hklm\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown = 1

Offline files Next.....