Windows XP tips

Windows XP tips Part 1

Just a quick list of tips and tricks for Windows XP as I move along. Don't expect any organisation here, but if you think a tip needs expanding on, e-mail bofh@mvps.org and I'll be happy to re-visit it, or expand it into an article of it's own.

I'm mostly going to be talking about XP Professional here, for a couple of reasons; firstly because that is what I am running, and secondly, most of what I deal with tends to be along the lines of domain based networking and similar stuff, which Home can't do anyway. Again, if you want to tell me how a tip I give for XP Pro can be modified for XP Home - for example, if you know a registry hack that performs the same function in XP Home as a change to something in Group Policy Editor does in XP Pro, let me know and I'll post your tip, including credit of course!

Q. Why can't I join a NT 4.0 domain with Windows XP?

I've seen 3 reasons for this so far:

Firstly, are you using Windows XP Professional? Only XP Pro has support for domain based networking. If you are using XP Home you'll need to upgrade to Pro to log into a domain with XP.

XP Home users can connect to resources held by on a domain controller by supplying a domain user's username and password at the same time as trying to connect to the share they want to use. If you just want to exchange files here and there than that is probably enough.

Secondly, are you using software that could be interfering with the domain login process? I've seen some software that isn't totally XP compatible, such as antivirus scanners which were designed for Windows 2000, which install without an error but throw up odd errors in the system where you'd least expect it. I've seen this sort of problem block domain logins more than once.

Thirdly, some people have reported that making the following change to their local security settings/policy has helped:

Open the start menu, click Run and type in gpedit.msc then hit enter. The Group Policy Editor MMC snap-in will open. Open Computer Configuration, then expand Windows Settings, Security Settings and finally, Local Policies. Click on Security Options.

Scroll down the list of options that appears in the right hand screen until you find Domain member: Digitally encrypt or sign secure channel data (always) and double click it. In the dialogue box that appears, change the setting from Enabled to Disabled and click ok. Close the Group Policy Editor and reboot.

Q. How do I stop the Quality of Service (QOS) systems reserving Internet connection bandwidth.

For those that don't know, the quality of service additions to TCP/IP reserve a portion (20%) of all your network connection's bandwidth. This isn't as bad as it sounds at first - let me explain: Quality of Service is designed to provide applications that need guaranteed transmission of data with the ability to reserve space on a network for themselves - examples of applications that need this could be video or internet telephone systems.

If you are not running any services that need to use QOS then the space "reserved" for QOS is not used. In the event you are running a service that can take advantage of QOS, it can reserve a percentage of your bandwidth if it needs it. If nothing needs QOS then the bandwidth that would otherwise be reserved for QOS apps is available to all things that want it.

Despite what various places might claim, turning this figure down or off will not make your network games run faster on a normal home connection, nor will it speed up general internet surfing. For the average user, playing with this setting will not do anything to make your system run faster or "better". Having said all that, if you still want to change the setting here is how to do it.

Open the start menu, click Run and type in gpedit.msc then hit enter. The Group Policy Editor MMC snap-in will open. Open Computer Configuration, then expand Administrative Templates, QoS Packet Scheduler.

Double click Limit reservable bandwidth and select "Enabled" and then set your bandwidth limit as desired, say 1% instead of the default 20%. Don't leave it on disabled, because the disabled setting doesn't mean "disable QoS" it means "Disable custom setting of QoS values". Got that? So disabling it doesn't disable the setting, it disables your ability to change the setting. If you have a headache and need to lie down now, I won't blame you. Similarly, the "not configured" setting means "Leave this as whatever is set on the computer already", and what is set on the computer already is the default setting of "20%". Confused yet?

Q. Arrrrrrrrgh that's crazy! I think I've gone mad.

You think you've got problems? I've been dealing with this sort of nonsense since Windows 2000 was released. If you think this is bad now, just try it with active directory group policy objects on top.

Q. My system seems a bit sluggish with lots of disk activity and suchlike.

You've probably got System Restore enabled. System restore can be a good idea, but it can also affect performance. Your call as to whether or not you disable it or not, but if you want to, here's how.

Open the start menu, click Control Panel then Performance and Maintenance and finally system. From the system properties window select the system restore tab. Tick Turn off System Restore on all drives and click OK.

Q. How do I lock down things like the start menu and desktop in XP.

Assuming you are talking about standalone systems, or at least, local policies rather than global ones (global policies is a whole other article, heck people have written books about doing this on a network, here are some tips for locking a system down.

Format the system disk, and probably any others you use for data too, with NTFS - this allows you to set permissions on files and folders to control who has access, and what they can do.

To stop a user making simple changes to the desktop and start menu, you can remove their NTFS permission to write to these areas, simply leaving them with the right to read from these areas. Open your documents and settings folder, then the folder for that username, then you will be able to see the folders in question. This method does work, quite well actually for simple home use, to protect inadvertent changing around of options on a "guest" account, but is not suitable for "serious" system lock downs.

For that, we need to return to our old friend gpedit.msc. Open gpedit.msc (read the notes in the sections above if you don't know how).  Expand user configuration and take a look at administrative templates. Expand the settings and get a feel for how things work, read a few explanations, etc, before being tempted to play. If you examine the desktop and start menu and taskbar objects, you'll see plenty you can do to lock users out. Note that these settings apply to all users, including administrators, when applied to the local security policy. Be very careful.

Q. Help! I can't find....

Scandisk?

• Scandisk has been replaced by the Windows NT CheckDisk routine. You can use it by either opening my computer, right clicking a drive, selecting properties, tools, check now or you can open a command prompt (Start Menu, Run, type CMD and hit enter) and then type CHKDSK C: /f and hit enter- where C: is the letter of the drive you wish to check - and follow the instructions on screen.

Defrag?

• Start Menu, Control Panel, Performance and Maintenance, and click "Rearrange items on your hard disk to make programs run faster".

Where to view, and format, hard disk partitions, change drive letters, do god alone knows what to my CD-Rom drive letter, blah blah?

• Start Menu, Control Panel, Performance and Maintenance, Administrative Tools, Disk Management.
• WARNING! Be careful in this screen. The system will warn you if it thinks you are about to do something stupid, and will even do it's utmost to prevent you from doing something very stupid, but ultimately if you keep telling it that yes you really do want to format that disk drive with your last 8 years of thesis work on it despite all the warnings, then it will assume that is what you really wanted to do. So double check what you are about to do if you are playing around in here. They included a help file for a reason, you know.

Where to find the event viewer, which I hear contains lots of helpful error messages when my system screws up, which geeks like you need to help me fix my system?

• Start Menu, Control Panel, Performance and Maintenance, Administrative Tools, Event Viewer. And don't call me a geek.

How to stop, start, and disable various services - for example, can you tell me how to disable that universal plug and play stuff?

• Sure. Go to Start Menu, Control Panel, Performance and Maintenance, Administrative Tools, Services.
• In this example we're disabling UPnP so scroll down to the Universal Plug and Play Service, and double click it's name. Notice the buttons to start, stop, pause, and resume the service? Ok, to disable a service, click the "startup type" box, and select "disabled". Stop the service from the buttons we just talked about it it's still running, and click ok.
• Scroll back up the list until you find SSDP Discovery Service and stop and disable that in the same way we talked about stopping and disabling the UPnP service. Once this service is stopped too, job done.

But the FBI said I only had to switch off the UPnP service. What's all this about SSDP?

• The SSDP discovery service is part of Universal Plug and Play. It also needs to be disabled if you wish to disable universal plug and play. You can take their advice over mine if you prefer, I really don't care, I get paid the same for writing this either way. But have you ever considered there's a reason why I write tips about how to use Windows, and the FBI catches bad guys, instead of the other way around?

Top