Monday, September 6, 2010

Description About Computer Management


Event Viewer:
In Windows XP, an event is any significant occurrence in the system or in a program that requires users to be notified, or an entry added to a log. The Event Log Service records application, security, and system events in Event Viewer. With the event logs in Event Viewer, you can obtain information about your hardware, software, and system components, and monitor security events on a local or remote computer. Event logs can help you identify and diagnose the source of current system problems, or help you predict potential system problems.

Event Log Types

A Windows XP-based computer records events in the following three logs:
  • Application log

    The application log contains events logged by programs. For example, a database program may record a file error in the application log. Events that are written to the application log are determined by the developers of the software program.
  • Security log

    The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. You must be logged on as Administrator or as a member of the Administrators group in order to turn on, use, and specify which events are recorded in the security log.
  • System log

    The system log contains events logged by Windows XP system components. For example, if a driver fails to load during startup, an event is recorded in the system log. Windows XP predetermines the events that are logged by system components.

How to View Event Logs

To open Event Viewer, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, click Event Viewer.

    The Application, Security, and System logs are displayed in the Event Viewer window.

How to View Event Details

To view the details of an event, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
  3. In the details pane, double-click the event that you want to view.

    The Event Properties dialog box containing header information and a description of the event is displayed.

    To copy the details of the event, click the Copy button, then open a new document in the program in which you want to paste the event (for example, Microsoft Word), and then click Paste on the Edit menu.

    To view the description of the previous or next event, click the UP ARROW or DOWN ARROW.

How to Interpret an Event

Each log entry is classified by type, and contains header information, and a description of the event.

Event Header

The event header contains the following information about the event:
  • Date

    The date the event occurred.
  • Time

    The time the event occurred.
  • User

    The user name of the user that was logged on when the event occurred.
  • Computer

    The name of the computer where the event occurred.
  • Event ID

    An event number that identifies the event type. The Event ID can be used by product support representatives to help understand what occurred in the system.
  • Source

    The source of the event. This can be the name of a program, a system component, or an individual component of a large program.
  • Type

    The type of event. This can be one of the following five types: Error, Warning, Information, Success Audit, or Failure Audit.
  • Category

    A classification of the event by the event source. This is primarily used in the security log.

Event Types

The description of each event that is logged depends on the type of event. Each event in a log can be classified into one of the following types:
  • Information

    An event that describes the successful operation of a task, such as an application, driver, or service. For example, an Information event is logged when a network driver loads successfully.
  • Warning

    An event that is not necessarily significant, however, may indicate the possible occurrence of a future problem. For example, a Warning message is logged when disk space starts to run low.
  • Error

    An event that describes a significant problem, such as the failure of a critical task. Error events may involve data loss or loss of functionality. For example, an Error event is logged if a service fails to load during startup.
  • Success Audit (Security log)

    An event that describes the successful completion of an audited security event. For example, a Success Audit event is logged when a user logs on to the computer.
  • Failure Audit (Security log)

    An event that describes an audited security event that did not complete successfully. For example, a Failure Audit may be logged when a user cannot access a network drive.

How to Find Events in a Log

The default view of event logs is to list all its entries. If you want to find a specific event, or view a subset of events, you can either search the log, or you can apply a filter to the log data.

How to Search for a Specific Log Event

To search for a specific log event, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
  3. On the View menu, click Find.
  4. Specify the options for the event that you want to view in the Find dialog box, and then click Find Next.
The event that matches your search criteria is highlighted in the details pane. Click Find Next to locate the next occurrence of an event as defined by your search criteria.

How to Filter Log Events

To filter log events, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
  3. On the View menu, click Filter.
  4. Click the Filter tab (if it is not already selected).
  5. Specify the filter options that you want, and then click OK.
Only events that match your filter criteria are displayed in the details pane.

To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults.

How to Manage Log Contents

By default, the initial maximum of size of a log is set to 512 KB, and when this size is reached, new events overwrite older events as needed. Depending on your requirements, you can change these settings, or clear a log of its contents.

How to Set Log Size and Overwrite Options

To specify log size and overwrite options, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, expand Event Viewer, and then right-click the log in which you want to set size and overwrite options.
  3. Under Log size, type the size that you want in the Maximum log size box.
  4. Under When maximum log size is reached, click the overwrite option that you want.
  5. If you want to clear the log contents, click Clear Log.
  6. Click OK.

How to Archive a Log

If you want to save your log data, you can archive event logs in any of the following formats:
  • Log-file format (.evt)
  • Text-file format (.txt)
  • Comma-delimited text-file format (.csv)
To archive a log, follow these steps:
  1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
  2. In the console tree, expand Event Viewer, and then right-click the log in which you want to archive, and then click Save Log File As.
  3. Specify a file name and location where you want to save the file. In the Save as type box, click the format that you want, and then click Save.
The log file is saved in the format that you specified.


Shared Folders
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:
  • How to turn Simple File Sharing on and off.
  • How to manage and configure levels of access to shares and files.
  • Guidelines for file sharing in Windows XP.
  • How to troubleshoot file sharing problems.
Windows XP Home Edition-based computers always have Simple File Sharing enabled.
For information about how to configure file sharing in Windows Vista, visit the following Microsoft Web site:

On a Windows XP-based computer, you can share files among both local and remote users. Local users log on to your computer directly through their own accounts or through a Guest account. Remote users connect to your computer over the network and access the files that are shared on your computer.

You can access the Simple File Sharing UI by viewing a folder's properties. Through the Simple File Sharing UI, you can configure both share and NTFS file system permissions at the folder level. These permissions apply to the folder, all the files in that folder, subfolders, and all the files in the subfolders. Files and folders that are created in or copied to a folder inherit the permissions that are defined for their parent folder. This article describes how to configure access to your files, depending on permission levels. Some information that this article contains about these permission levels is not documented in the operating system files or in the Help file.

MORE INFORMATION

Note If you are not comfortable with the information that is presented in this s...


With file sharing in Windows XP, you can configure five levels of permissions. You can configure Levels 1, 2, 4, and 5 by using the Simple File Sharing UI. To do this, right-click the folder, and then click Sharing and Security to open the Simple File Sharing UI. To configure Level 3, copy a file or a folder into the "Shared Documents" folder under "My Computer." This configuration does not change when you turn on or turn off Simple File Sharing. Level 1 is the most private and secure setting, while Level 5 is the most public and the most changeable (nonsecure) setting.

Turning on and turning off Simple File Sharing

Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.

If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.

To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
  1. Double-click My Computer on the desktop.
  2. On the Tools menu, click Folder Options.
  3. Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)
To view a video about how to turn Simple File Sharing on or off, click the Play button (
Collapse this imageExpand this image
) on the following Windows Media Player viewer:


Note To view this video, you must have Microsoft Windows Media Player 7.0 or a later version on your computer.


Managing levels of access to shares and to files

You can use Simple File Sharing to configure five levels of access to shares and files:
  • Level 1: My Documents (Private)
  • Level 2: My Documents (Default)
  • Level 3: Files in shared documents available to local users
  • Level 4: Shared Files on the Network (Readable by Everyone)
  • Level 5: Shared Files on the Network (Readable and Writable by Everyone)
Notes
  • By default, files that are stored in "My Documents" are at Level 2.
  • Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
  • Levels 4 and 5 folders are available to users who log on locally and remote users from the network.
The following table describes the permissions:
Collapse this table Expand this table
Access Level
Everyone (NTFS/File)
Owner
System
Administrators
Everyone (Share)
Level 1
Not available
Full Control
Full Control
Not available
Not available
Level 2
Not available
Full Control
Full Control
Full Control
Not available
Level 3
Read
Full Control
Full Control
Full Control
Not available
Level 4
Read
Full Control
Full Control
Full Control
Read
Level 5
Change
Full Control
Full Control
Full Control
Full Control

Level 1: My Documents (Private)

The owner of the file or folder has read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. All subfolders that are contained in a folder that is marked as private remain private unless you change the parent folder permissions.

If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private.

Note The option to make a folder private (Level 1) is available only to a user account in its own My Documents folder.

To configure a folder and all the files in it to Level 1, follow these steps:
  1. Right-click the folder, and then click Sharing and Security.
  2. Select the Make this Folder Private check box, and then click OK.
Local NTFS Permissions:
  • Owner: Full Control
  • System: Full Control
Network Share Permissions:
  • Not Shared

Level 2 (Default): My Documents (Default)

The owner of the file or folder and local Computer Administrators have read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. This is the default setting for all the folders and files in each user's My Documents folder.

To configure a folder and all the files in it to Level 2, follow these steps:
  1. Right-click the folder, and then click Sharing and Security.
  2. Make sure that both the Make this Folder Private and the Share this folder on the network check boxes are cleared, and then click OK.
Local NTFS Permissions:
  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control
Network Share Permissions:
  • Not Shared

Level 3: Files in shared documents available to local users

Files are shared with users who log on to the computer locally. Local Computer Administrators can read, write, and delete the files in the Shared Documents folder. Restricted Users can only read the files in the Shared Documents folder. In Windows XP Professional, Power Users may also read, write, or delete any files in the Shared Documents Folder. The Power Users group is available only in Windows XP Professional. Remote users cannot access folders or files at Level 3. To allow remote users to access files, you must share them out on the network (Level 4 or 5).

To configure a file or a folder and all the files in it to Level 3, start Microsoft Windows Explorer, and then copy or move the file or folder to the Shared Documents folder under My Computer.

Local NTFS Permissions:
  • Owner: Full Control
  • Administrators: Full Control
  • Power Users: Change
  • Restricted Users: Read
  • System: Full Control
Network Share Permissions:
  • Not Shared

Level 4: Shared on the Network (Read-Only)

Files are shared for everyone to read on the network. All local users, including the Guest account, can read the files. But they cannot modify the contents. Any user can read and change your files.

To configure a folder and all the files in it to Level 4, follow these steps:
  1. Right-click the folder, and then click Sharing and Security.
  2. Click to select the Share this folder on the network check box
  3. Click to clear the Allow network users to change my files check box, and then click OK.
Local NTFS Permissions:
  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control
  • Everyone: Read
Network Share Permissions:
  • Everyone: Read

Level 5: Shared on the network (Read and Write)

This level is the most available and least secure access level. Any user (local or remote) can read, write, change, or delete a file in a folder shared at this access level. We recommend that this level be used only for a closed network that has a firewall configured. All local users including the Guest account can also read and modify the files.

To configure a folder and all the files in it to Level 5, follow these steps:
  1. Right-click the folder, and then click Sharing and Security
  2. Click to select the Share this folder on the network check box, and then click OK.
Local NTFS Permissions:
  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control
  • Everyone: Change
Network Share Permissions:
  • Everyone: Full Control
Note All NTFS permissions that refer to Everyone include the Guest account.

All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.

If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then allow network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the subfolders. The other files and folders in the Shared Documents folder remain configured at Level 3.

Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each shared folder. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.

Guidelines

We recommend that you only share folders on the network that remote users on other computers must access. We recommend that you do not share the root of the system drive. When you do this, your computer is more vulnerable to malicious remote users. The Sharing tab of the drive's Properties dialog box contains a warning when you try to share a root folder (for example, C:\). To continue, you must click the If you understand the risk but still want to share the root of the drive, click here link. Only computer administrators can share the root of the drive.

Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are available only if the CD-ROM is in the CD drive. Any CD-ROM that is in the CD drive is available to all users on the network.

A file's permission may differ from the parent folder if one of the following conditions is true:
  • You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
  • You use a script to move the file into the folder from a folder on the same drive that has different permissions.
  • You run Cacls.exe at a command prompt or a script to change file permissions.
  • Files existed on the hard disk before you installed Windows XP.
  • You changed a file's permissions while Simple File Sharing was turned off on Windows XP Professional.
Note NTFS permissions are not maintained on file move operations when you use Windows Explorer with Simple File Sharing turned on.

If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Discretionary Access Control List (DACL) of the files or folders are affected by the Simple File Sharing interface:
  • Owner
  • Administrators
  • Everyone
  • System

Advanced troubleshooting for configuring file sharing in Windows XP

Note This section is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, ask someone for help or contact support. For information about how to contact support, see the Microsoft Help and Support contact information Web site:

Expected upgrade behavior

A Windows 2000 Professional-based or a Windows NT 4.0-based computer that is joined to a domain or a workgroup that is upgraded to Windows XP Professional maintains its domain or workgroup membership respectively and has the classic file sharing and security UI turned on. NTFS and share permissions are not changed with the upgrade.

By default, if you upgrade a computer that is running Microsoft Windows 98, Windows 98 Second Edition, or Windows Millennium Edition that has "per share" sharing permissions to Windows XP, Simple File Sharing is always turned on. Shares that have passwords assigned to them are removed, and shares that have blank passwords remain shared after the upgrade.

If you upgrade a computer that is running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition to Windows XP Professional and that computer is logged on to a domain, if that computer has share level access turned on and joins the domain while the Setup program is running, the computer starts with Simple File Sharing turned off.
By default, a Windows 98, Windows 98 Second Edition, or Windows Millennium Edition-based computer that is upgraded to Windows XP Home has Simple File Sharing turned on.

Known issues

For remote users to access files from the network (Levels 4 and 5), the Internet Connection Firewall (ICF) must be disabled on the network interface that the remote users connect through.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
When Simple File Sharing is turned on, remote administration and remote registry editing does not work as expected from a remote computer, and connections to administrative shares (such as C$) do not work because all remote users authenticate as Guest. Guest accounts do not have administrative rights. When Simple File Sharing is turned on, if you configure specific user ACEs, remote users are not affected when Simple File Sharing is turned on because all remote users authenticate as Guest when Simple File Sharing is turned on.

Remote users may receive an "Access Denied" message on a share that they had connected to successfully before. This behavior occurs after the hard disk is converted to NTFS. This behavior occurs on Windows XP-based computers that have Simple File Sharing turned on that were upgraded from Windows 98, Windows 98 Second Edition, or Windows Millennium Edition. This behavior occurs because the default permissions of a hard disk that is converted to NTFS do not contain the Everyone group. The Everyone group is required for remote users who are using the Guest account to access the files To reset the permissions, stop sharing, and reshare the affected folders.

Behavior that is affected when Simple File Sharing is turned on

  • The Simple File Sharing UI in the properties of a folder configures both share and file permissions.
  • Remote users always authenticate as the Guest account.

    For more information, click the following article number to view the article in the Microsoft Knowledge Base:
  • Windows Explorer does not keep permissions on files that are moved in the same NTFS drive. The permissions are always inherited from the parent folder.
  • On Windows XP Professional-based computers that have Simple File Sharing turned on and Windows XP Home Edition-based computers, the Shared Folders (Fsmgmt.msc) and Computer Management (Compmgmt.msc) tools reflect a simpler sharing and security UI.
  • In the Computer Management and Shared Folders consoles, the New File Share command is unavailable when you right-click the Shares icon. Also, if you right-click any listed share, the Properties and Stop Share commands are unavailable.

Behavior that is not caused by turning on Simple File Sharing

  • In Windows XP Home Edition, the Computer Management snap-in does not display the Local Users and Groups node. The Local Users and Groups snap-in cannot be added to a custom snap-in. This behavior is a limitation of Windows XP Home Edition. It is not caused by Simple File Sharing.
  • If you turn off the Guest account in the User Accounts Control Panel tool, only the guest's ability to log on locally is affected. The account is not disabled.
  • Remote users cannot authenticate by using an account that has a blank password. This authentication is configured separately.
  • Windows XP Home Edition cannot join a domain. It can only be configured as a member of a workgroup.

    For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Local Users and Groups:

Local Users and Groups is a tool you can use to manage local users and groups. It is available on the following operating systems:
 Windows 2000 Professional
Windows XP Professional
Member servers running Windows 2000 Server
A local user or group is an account that can be granted permissions and rights from your computer. Domain or global users and groups are managed by your network administrator. You can add local users, global users, and global groups to local groups. However, you cannot add local users and groups to global groups
Local Users and Groups is an important security feature because you can limit the ability of users and groups to perform certain actions by assigning them rights and permissions. A right authorizes a user to perform certain actions on a computer, such as backing up files and folders or shutting down a computer. A permission is a rule associated with an object (usually a file, folder, or printer) and it regulates which users can have access to the object and in what manner.
Local Users and Groups is not available on domain controllers. Use Active Directory Users and Computers to manage global users and groups.
For more information, see:
 Working with MMC console files
Groups overview
Users overview
Create a new user account
Create a new local group
Default security settings

Performance Logs and Alerts:
Performance Logs and Alerts overview
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Performance Logs and Alerts overview

With Performance Logs and Alerts you can collect performance data automatically from local or remote computers. You can view logged counter data using System Monitor or export the data to spreadsheet programs or databases for analysis and report generation. The following list explains the capabilities of Performance Logs and Alerts:
  • New in the Microsoft® Windows Server 2003 family is the ability to run log collections under different accounts. For example, if you need to log data from a remote computer that requires administrative credentials, you can specify an account with the necessary credentials.
  • Also new in the Windows Server 2003 family are two new security groups that help you to ensure that only trusted users can access and manipulate sensitive performance data. These are the Performance Log Users group and the Performance Monitor Users group.
  • The Windows Server 2003 family supports log files greater than 1 GB in size, and with its new log-file format, you can append performance data to an existing log file.
  • Performance Logs and Alerts collects data in a comma-separated or tab-separated format for easy import to spreadsheet programs. A binary log-file format is also provided for circular logging or for logging instances such as threads or processes that may begin after the log starts collecting data. (Circular logging is the process of continuously logging data to a single file, overwriting previous data with new data.)
  • You can also collect data in an SQL database format. This option defines the name of an existing SQL database and log set within the database where the performance data will be read or written. This file format is useful when collecting and analyzing performance data at an enterprise level rather than on a per-computer basis. Logging data directly to a SQL database is supported through open database connectivity (ODBC).
  • Counter data collected by Performance Logs and Alerts can be viewed during collection as well as after collection has stopped.
  • Because logging runs as a service, data collection occurs regardless of whether any user is logged on to the computer being monitored.
  • You can define start and stop times, file names, file sizes, and other parameters for automatic log generation.
  • You can manage multiple logging sessions from a single console window.
  • You can set an alert on a counter, thereby defining that a message be sent, a program be run, an entry made to the application event log, or a log be started when the selected counter's value exceeds or falls below a specified setting.
Similar to System Monitor, Performance Logs and Alerts supports defining performance objects, performance counters, and performance object instances. It also supports setting sampling intervals for monitoring data about hardware resources and system services. Performance Logs and Alerts also offers other options related to recording performance data:
  • Start and stop logging either manually on demand or automatically based on a user-defined schedule.
  • Configure additional settings for automatic logging, such as automatic file renaming, and set parameters for stopping and starting a log file based on the elapsed time or the file size.
  • Create trace logs. Using the default Windows Server 2003 family data provider or another application provider, trace logs record detailed system application events when certain activities, such as a disk I/O operation or a page fault, occurs. When the event occurs, your operating system logs the system data to a file specified by the Performance Logs and Alerts service. This differs from the operation of counter logs; when counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather than waiting for a specific event. A parsing tool is required to interpret the trace log output. Developers can create such a tool using application programming interfaces (APIs) provided in the MSDN Library on the Microsoft Web site.
  • You can also produce trace analysis reports from trace log output files using the Tracerpt tool. Use this tool to process kernel, Active Directory, and other transactional based trace event logs, and to generate trace analysis reports and .csv files from binary logs.
  • Define a program that runs when a log is stopped.
  • If you want to export log data to Microsoft Excel, the Performance Logs and Alerts service must be stopped because Microsoft Excel requires exclusive access to the log file. Most other programs are not known to require this exclusive access; therefore, in general you can work with data from a log file while the service is collecting data to that file.

Device Manager

Screenshot of the Device Manager tool under  Windows Vista.

Screenshot of the Device Manager tool under Windows Server 2003 showing hardware components organized under categories.
The Device Manager is a Control Panel applet in Microsoft Windows operating systems. It allows users to view and control the hardware attached to the computer. When a piece of hardware is not working, the offending hardware is highlighted for the user to deal with. The list of hardware can be sorted by various criteria.
For each device, users can:
  • Supply device drivers for the hardware
  • Enable or disable devices
  • Tell Windows to ignore malfunctioning devices
  • View other technical properties
Device Manager was introduced with Windows 95 and later added to Windows 2000 by Ruben Ashimbanga. In NT-based versions, it is included as a Microsoft Management Console snap-in.


Storage types and partition styles

Windows XP Professional and offer two types of disk storage: basic disk and dynamic disk.

Basic disks

A basic disk is a physical disk that contains primary partitions, extended partitions, or logical drives. You can perform the following tasks only on a basic disk:
 Create and delete primary and extended partitions
Create and delete logical drives within an extended partition.
Format a partition and mark it as active
Check disk properties, such as capacity, available free space, and current status.
View volume and partition properties such as size, drive letter assignment, label, type, and file system.
Establish drive letter assignments for volumes or partitions, optical storage devices (for example CD-ROM), and removable drives.
Establish disk sharing and security arrangements for volumes and partitions formatted with NTFS.
Convert a basic disk to dynamic.
For more information about converting a disk from basic to dynamic, see Converting a basic disk to dynamic
For more information about basic disks and volumes, see Basic disks and volumes

Dynamic disks

Dynamic disks provide features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes), and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes). All volumes on dynamic disks are known as dynamic volumes. You can perform the following tasks only on a dynamic disk:
 Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.
Extend a simple or spanned volume.
Remove a mirror from a mirrored volume or split the volume into two volumes.
Repair mirrored or RAID-5 volumes.
Reactivate a missing or offline disk.
Check disk properties, such as capacity, available free space, and current status.
View volume and partition properties such as size, drive letter assignment, label, type, and file system.
Establish drive letter assignments for volumes or partitions, optical storage devices (for example CD-ROM), and removable drives.
Establish disk sharing and security arrangements for volumes and partitions formatted with NTFS.
Change a dynamic disk to basic.
For more information about dynamic disks and volumes, see Dynamic disks and volumes

Partition styles

Partition style refers to the method that Windows XP and use to organize partitions on the disk. All x86-based computers use the partition style known as master boot record (MBR) MBR contains a partition table that describes where the partitions are located on the disk. Because MBR is the only partition style available on x86-based computers, you do not need to choose this style; it is used automatically.
Itanium-based computers running Windows XP 64-Bit Edition, Whistler Advanced Server for Intel Itanium systems, or Whistler Datacenter Server for Intel Itanium systems use a new partition style called GUID partition table (GPT) There are some differences between GPT and MBR partition styles, but most disk-related tasks are unchanged. Basic disks and dynamic disks work the same way as in Windows 2000, and these storage types are available on disks that use either partition style. For more information about GPT disks, see GUID partition table (GPT)
Computers running Windows XP 64-Bit Edition, Whistler Advanced Server for Intel Itanium systems, or Whistler Datacenter Server for Intel Itanium systems require a GPT disk that contains an Extensible Firmware Interface (EFI) System partition and the files necessary to start the computer. You can also install MBR disks on Itanium-based systems, but you cannot start a system from them. For more information about EFI and EFI System partitions, see Extensible Firmware Interface
In order to more easily differentiate between disks that use the MBR and GPT partition styles, Disk Management labels disks that use the master boot record partition style as MBR disks, while disks that use the GUID partition table partition style are labeled GPT disks.
The following table depicts storage types and partition styles in Windows XP and :
Operating system
Storage types
Partition styles
Basic volumes
Dynamic simple, spanned, and stripped volumes
Dynamic mirrored and RAID-5 volumes


Windows XP Home Edition
X




Windows XP Professional
X
X



Whistler
X
X



Whistler Advanced Server
X
X



Whistler Server
X
X



Windows XP 64-Bit Edition
X
X



Whistler Advanced Server for Intel Itanium systems
X
X



Whistler Datacenter Server for Intel Itanium systems
X
X







Removable Storage
The data storage and management features in the Windows Server 2003 operating system provide you with various ways to manage and store data. With Removable Storage, a primary component of this feature set, you can track your removable storage media (tapes and optical disks) and manage the hardware libraries, such as changers and jukeboxes, which contain them.
With Removable Storage, you can:
  • Label, catalog, and track media.
  • Control library drives, slots, and doors.
  • Perform drive-cleaning operations.
Removable Storage works together with your data-management applications such as Backup. You use data-management applications to manage the actual data stored on the media. Removable Storage makes it possible for multiple applications to share the same storage media resources, which can reduce your costs. It also provides a common interface for managing those resources, so that you can manage your storage media more efficiently.
Removable Storage organizes all the media in your libraries into different media pools. A media pool is a logical collection of removable media that have the same management policies. Media pools are used by applications to control access to specific tapes or discs within libraries that are managed by Removable Storage. Removable Storage also moves media between media pools in order to provide the amount of data storage that your applications require
You cannot use Removable Storage to manage volumes, such as for media siding or striping. Also, you cannot use Removable Storage to manage files, such as for data backup or disk-extender operations. These services are performed by data-management applications such as Backup or Remote Storage. Remote Storage is not available on computers running Windows XP Professional; Windows Server 2003, Web Edition; or Windows Server 2003, Standard Edition.
You must run all your data-management applications on the same computer that connects to your library. Removable Storage does not support multiple data-management applications running on different computers that are connected to the same library.
Removable Storage is configured to start automatically when you start your computer. It is possible to change the service so that you can start it manually, but this is highly discouraged. Disabling the service causes several applications that are included in Windows Server 2003 (such as Backup and Remote Storage) to become inoperative.

Common Scenarios for Removable Storage

Removable Storage is commonly used in the following scenarios:
  • Managing stand-alone drive libraries
  • Managing automated libraries
Managing stand-alone drive libraries
In this scenario, you use Removable Storage to manage multiple single-drive libraries, such as CD-ROM or DVD-ROM drives.
In its simplest form, a library consists of data-storage media and the device that is used to read from and write to the media – for example, tape and a stand-alone tape drive. The group of libraries and associated media that you manage with a Removable Storage installation is called a Removable Storage system.
The main benefit to using Removable Storage is its efficiency: it is much easier to manage multiple libraries with a single tool, the Removable Management MMC snap-in, on behalf of different data-management applications, than it is to individually manage the same libraries with different sets of tools from those applications.
A further benefit of Removable Storage is that it organizes all the media in your libraries into different media pools, and also moves media between media pools in order to provide the appropriate amount of data storage your applications require.
Managing automated libraries
In this scenario, you use Removable Storage to manage one or more automated libraries.
Automated libraries are automated units that hold multiple tapes or disks, and some have multiple drives. These libraries are sometimes called changers or jukeboxes, and commonly use robotic subsystems to move media stored in the library’s storage slots.
You can also use Removable Storage to manage a combination of single-drive and automated libraries.
The benefits are the same as the ones described in the previous scenario.
Administrative Interface
The Removable Storage Microsoft Management Console (MMC) snap-in is an administrative interface that you can use to manage both stand-alone drive libraries and automated libraries.
Using the Removable Storage snap-in, you can:
  • Create media pools and set media pool properties.
  • Insert and eject media in an automated library.
  • Mount and dismount media.
  • Clean tape drives.
  • View the state of media and libraries.
  • Enable and disable drives and libraries.
  • Perform library inventories
  • Set security permissions for users.
  • Complete or refuse operator requests
  • Cancel work queue items.

Removable Storage Dependencies on or Interactions with Other Technologies

Removable Storage depends on, or interacts with, the following technologies:
  • Microsoft Management Console (MMC)
  • Backup (or similar, non-Microsoft data-management programs)
  • Win32 tape and disk management application programming interfaces (APIs)
  • The registry
  • Event Viewer
  • Group Policy
  • Media libraries

Removable Storage Logical Diagram

The first part of the following figure shows the inherent complexity in using multiple applications to manage multiple devices (each containing a different media-type) without the aid of Removable Storage.
The second part shows how you can reduce this complexity by using Removable Storage as the common interface for managing multiple devices.
Removable Storage Logical Diagram
Removable Storage Logical Diagram


This article describes how to assign, to change, or to remove drive letters on a drive, a partition, or a volume by using the Disk Management snap-in in Microsoft Windows XP.

The Disk Management snap-in is an administrative tool for managing hard disks and the volumes or partitions that they contain. Use the Disk Management snap-in when you want to add, to change, or to remove drive letters on drives, on partitions, or on volumes on your computer's hard disks, CD-ROM drives, and other removable media devices.

Your computer can use up to 26 drive letters, from A through Z. Use drive letters C through Z for hard disk drives. Drive letters A and B are reserved for floppy disk drives. However, if your computer does not have a floppy disk drive, you can assign these letters to removable drives.

Before you modify drive-letter assignments, note the following items:
  • Changing the drive letter of the system volume or the boot volume is not a built-in feature of the Disk Management snap-in.
  • Many MS-DOS-based and Microsoft Windows-based programs refer to specific drive letters for environmental or other variables. If you modify the drive letter, these programs may not function correctly.

How to assign a drive letter

To assign a drive letter to a drive, a partition, or a volume, follow these steps:
  1. Log on as Administrator or as a member of the Administrators group.
  2. Click Start, click Control Panel, and then click Performance and Maintenance.

    Note If you do not see Performance and Maintenance, go to step 3. Performance and Maintenance appears in Control Panel only if you use Category view. If you use Classic view, Performance and Maintenance does not appear.
  3. Click Administrative Tools, double-click Computer Management, and then click Disk Management in the left pane.
  4. Right-click the drive, the partition, the logical drive, or the volume that you want to assign a drive letter to, and then click Change Drive Letter and Paths.
  5. Click Add.
  6. Click Assign the following drive letter if it is not already selected, and then either accept the default drive letter or click the drive letter that you want to use.
  7. Click OK.
The drive letter is assigned to the drive, to the partition, or to the volume that you specified, and then that drive letter appears in the appropriate drive, partition, or volume in the Disk Management tool.

How to change a drive letter

To change an existing drive letter on a drive, on a partition, or on a volume, follow these steps:
  1. Log on as Administrator or as a member of the Administrators group.
  2. Click Start, click Control Panel, and then click Performance and Maintenance.
  3. Click Administrative Tools, double-click Computer Management, and then click Disk Management in the left pane.
  4. Right-click the drive, the partition, the logical drive, or the volume that you want to assign a drive letter to, and then click Change Drive Letter and Paths.
  5. Click Change.
  6. Click Assign the following drive letter if it is not already selected, click the drive letter that you want to use, and then click OK.
  7. Click Yes when you are prompted to confirm the drive letter change.
The drive letter of the drive, the partition, or the volume that you specified is changed, and the new drive letter appears in the appropriate drive, partition, or volume in the Disk Management tool.

How to remove a drive letter

To remove an existing drive letter on a drive, on a partition, or on a volume, follow these steps:
  1. Log on as Administrator or as a member of the Administrators group.
  2. Click Start, click Control Panel, and then click Performance and Maintenance.
  3. Click Administrative Tools, double-click Computer Management, and then click Disk Management in the left pane.
  4. Right-click the drive, the partition, the logical drive, or the volume that you want to assign a drive letter to, and then click Change Drive Letter and Paths.
  5. Click Remove.
  6. Click Yes when you are prompted to confirm the removal.
The drive letter is removed from the drive, from the partition, or from the volume that you specified.

Troubleshooting

  • When you try to change an existing drive letter, you receive the following error message:
The volume volume_label drive_letter is currently in use.
If you continue, the new drive letter will be assigned; but you can still use the old drive letter to access the volume until you restart your computer. The old drive letter will not be available for assignment until you restart.

Warning: Changing the drive letter of a volume could cause programs to no longer run.
This error message may appear if there are files that are in use on the drive, on the partition, or on the volume. These files may be in use by you or by other people on the network. To resolve this issue, use one of the following methods:
    • Click No when you receive the error message. Quit all the programs that are using the files on the volume, and then change the drive letter. To do this, right-click the volume, click Change Drive Letter and Paths, and then click Change.
    • Click Yes to continue with the drive letter change.
  • When you try to remove an existing drive letter, you receive the following error message:
The volume volume_label drive_letter is currently in use.
If you continue, the drive letter will be freed; however, it will still be available for use until you restart your computer.

Warning: Changing the drive letter of a volume could cause programs to no longer run.
This error message may appear if there are files that are in use on the drive, the partition, or the volume. These files may be in use by you or by other people on the network. To resolve this issue, use one of the following methods:
    • Click No when you receive the error message. Quit all the programs that are using the files on the volume, and then remove the drive letter. To do this, right-click the volume, click Change Drive Letter and Paths, and then click Remove.
    • Click Yes to remove the drive letter the next time that you start your computer.


Disk Defragmenter

Disk Defragmenter

A component of Microsoft Windows
Disk Defragmenter in Windows 7
Details




Disk Defragmenter is a computer program included in Microsoft Windows designed to increase access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique commonly known as  decrementing.  The purpose is to optimize the time it takes to read and write files to/from the disk by minimizing head travel time and maximizing the transfer rate. As of Windows XP, Disk Defragmenter is also used to improve system startup times.
:
Disk Management:

This step-by-step article describes how to use the Windows XP Disk Management snap-in to configure a basic disk and prepare it for use. This article also describes how to create and delete partitions, and how to format volumes with the FAT, FAT32, or NTFS file systems.









MORE INFORMATION

Basic disks and volumes Basic disk storage supports partition-oriented disks. A...

Basic disks and volumes

Basic disk storage supports partition-oriented disks. A basic disk is a physical disk that contains primary partitions, extended partitions, or logical drives. Partitions and logical drives on basic disks are also known as basic volumes. You can create up to four primary partitions, or three primary partitions and one extended partition, that contain logical drives.

If you are running Windows XP Professional and one or more of the following operating systems on the same computer, you must use basic volumes, because these operating systems cannot access data that is stored on dynamic volumes:
  • Windows XP Home Edition
  • Microsoft Windows NT 4.0 or earlier
  • Microsoft Windows Millennium Edition (Me)
  • Microsoft Windows 98
  • Microsoft Windows 95
  • MS-DOS

How to use Disk Management

To start Disk Management:
  1. Log on as administrator or as a member of the Administrators group.
  2. Click Start, click Run, type compmgmt.msc, and then click OK.
  3. In the console tree, click Disk Management. The Disk Management window appears. Your disks and volumes appear in a graphical view and list view. To customize how you view your disks and volumes in the upper and lower panes of the window, point to Top or Bottom on the View menu, and then click the view that you want to use.
NOTE: Microsoft recommends that you create a full back up of your disk contents before you make any changes to your disks or volumes.

How to create a new partition or a new logical drive

To create a new partition or logical drive on a basic disk:
  1. In the Disk Management window, complete one of the following procedures, and then continue to step 2:
    • To create a new partition, right-click unallocated space on the basic disk where you want to create the partition, and then click New Partition.
    • To create a new logical drive in an extended partition, right-click free space on an extended partition where you want to create the logical drive, and then click New Logical Drive.
  2. In the New Partition Wizard, click Next.
  3. Click the type of partition that you want to create (either Primary partition, Extended partition, or Logical drive), and then click Next.
  4. Specify the size of the partition in the Partition size in MB box, and then click Next.
  5. Decide whether to manually assign a drive letter, let the system automatically enumerate the drive, or do not assign a drive letter to the new partition or logical drive, and then click Next.
  6. Specify the formatting options you want to use by using one of the following procedures:
    • If you do not want to format the partition, click Do not format this partition, and then click Next.
    • If you want to format the partition, click Format this partition with the following settings, and then complete the following procedure in the Format dialog box:
a.       Type a name for the volume in the Volume label box. This is an optional step.
b.      Click the file system that you want to use in the File system box.

You can change the disk allocation unit size, and then specify whether to perform a quick format, or enable file and folder compression on NTFS volumes.
Click Next.
  1.  
  1. Confirm that the options that selected are correct, and then click Finish.
The new partition or logical drive is created and appears in the appropriate basic disk in the Disk Management window. If you chose to format the volume in step 6, the format process now starts.

How to format a basic volume

To format a partition, logical drive or basic volume:
  1. In the Disk Management window, right-click the partition or logical drive that you want to format (or reformat), and then click Format.
  2. In the Format dialog box, type a name for the volume in the Volume label box. This is an optional step.
  3. Click the file system that you want to use in the File system box. If you want, you can also change the disk allocation unit size, specify whether you want to perform a quick format, or enable file and folder compression on NTFS volumes.
  4. Click OK.
  5. Click OK when you are prompted to format the volume. The format process starts.

How to view the properties of a basic volume

To view the properties of a partition or logical drive:
  1. In the Disk Management window, right-click the partition or logical drive that you want, and then click Properties.
  2. Click the appropriate tab to view the appropriate property.

How to delete a partition or a logical drive

To delete a partition or logical drive:
  1. In the Disk Management window, right-click the partition or logical drive that you want to delete, and then click Delete Partition or Delete Logical Drive.
  2. Click Yes when you are prompted to delete the partition or logical drive. The partition or logical drive is deleted.
Important
  • When you delete a partition or a logical drive, all the data on that partition or logical drive, and the partition or the logical drive, are deleted.
  • You cannot delete the system partition, boot partition, or a partition that contains the active paging (swap) file.
  • You cannot delete an extended partition unless the extended partition is empty. All logical drives in the extended partition must be deleted before you can delete the extended partition.

Troubleshooting

Disk Management displays status descriptions in graphical view and under the Status column of list view to inform you of the current status of the disk or volume. Use these status descriptions to help you detect and troubleshoot disk and volume failures. The following is a partial list of disk and volume status descriptions:
  • Online
    This is the normal disk status when the disk is accessible and functioning correctly.
  • Healthy
    This is the normal volume status when the volume is accessible and functioning correctly.
  • Unreadable
    The disk is inaccessible because of possible hardware failure, corruption, or I/O errors.

    To troubleshoot this issue, restart the computer or rescan the disk to try and return the disk to Online status. To rescan the disk, open Computer Management, and then click Disk Management. On the Action menu, click Rescan Disks.
For a complete list of disk and volume status descriptions and troubleshooting procedures, see Disk Management Help. In the Disk Management snap-in or Computer Management window, click Help on the Action menu.






Services :
list of all the standard services [update: SP 2 defaults are shown in Green]
ServiceName
Service (Key)
Process
Description
Default Status & notes
Alerter
Alerter
Services.exe

[HKLM\SYSTEM\
CurrentControlSet\
Services\Alerter\Parameters]

[HKLM\SYSTEM\
CurrentControlSet
\Services\SysmonLog\Log Queries\<alertname>]
Distribute administrative alerts to specific users or machines.

e.g. Performance Monitor thresholds are distributed as alerts.

Requires the Messenger and Workstation services to be started.
Manual.
May be disabled if the alerts are not needed.
Application Layer Gateway Service
ALG
alg.exe
Support for Internet Connection Sharing and the Internet Connection Firewall
Manual
Application Management
appmgt
Services.exe or svchost.exe
Installation services (Add/Remove Programs) - Assign, Publish, and Remove.
Manual
Automatic Updates
wuaUserv
svchost.exe -k wugroup
Enable the download and installation of critical Windows updates.
Automatic.
If the service is stopped, the operating system can be manually updated at the Windows Update Web site.
Background Intelligent Transfer Service
BITS
svchost.exe -k BITSgroup
Transfer files using idle network bandwidth, maintain file transfers through network disconnections and computer restarts.
Automatic
switch to manual if you have problems - Q314862
Clipbook Server
Clipsrv
Clipsrv.exe
Provides support for the Clipbook Viewer, which allows the clipboard of the source machine to be accessed remotely.
Disabled
COM+ Event System
Event System
svchost.exe -k netsvcs
Automatic distribution of events to subscribing COM components.
Manual
Computer Browser
Browser
Services.exe
Collects the names of NetBIOS resources on the network, creating a list so that it can participate as a master browser or basic browser (one that takes part in browser elections).

This maintained list of resources (computers) is displayed in Network Neighborhood and Server Manager. If disabled you can still map drives, but can't browse the whole network.
Automatic.

If the machine is not connected to a LAN (stand-alone), or will not participate as a master browser or take part in elections, then feel free to change the status to manual (or disabled)

This does not equate to disabling TCP/IP so internet browsing is still possible.
Cryptographic Services
CryptSvc
svchost.exe
Management of Certification Authority certificates. Driver Catalog Database, Protected Root and Key certificate Services.
Automatic
DCOM Server Process Launcher
DcomLaunch
svchost.exe
Launch DCOM services
Automatic
DHCP Client
Dhcp
Services.exe or svchost.exe
Manage network configuration by registering and updating IP addresses and DNS names.
Automatic
On a stand-alone machine: Disable
Distributed Link Tracking Client
TrkWks
Services.exe or svchost.exe
Send notification of files moving between NTFS volumes in a network domain.
Automatic
Can be set to manual if you dont need this function.
Distributed Transaction Coordinator
msdtc
MSDTC.exe
Coordinate transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
Manual
Can be set to Disabled if you dont need this function.
DNS Client
Dnscache
Services.exe
Resolves and caches Domain Name System (DNS) names.
Automatic
Directory Replicator (Server only)
Replicator
Lmrepl.exe
Replicate specified files & folders between computers.
The host is the export server, and the target machines are called import computers.
Replication is configured under Server in the Control Panel.
Automatic

Domain Controllers need this to replicate the Netlogon share.
Error Reporting Service
Ersvc
svchost.exe
Report errors back to Microsoft in Redmond.
Automatic
If you never want to report system crash info. to Microsoft set this to disabled.
EventLog
EventLog
Services.exe
Record System, Security, and Application Events.

Viewed with the MMC Event Viewer (eventvwr.exe in NT).
Automatic
Fast User Switching Compatibility
FastUserSwitching Compatibility
svchost.exe
Enable multiple users to login to the same PC simultaneously.
Manual
Fax Service
Fax
faxsvc.exe
Send and receive faxes
Automatic or Manual
Help and Support
helpsvc
svchost.exe
Help and Support Center
Automatic.
If stopped the help system will stop working.
Human Interface Device Access
HidServ
svchost.exe
Support for extra keyboard 'hot buttons' and other multimedia input devices.
Disabled
HTTP SSL
HTTPFilter
svchost.exe
Support for HTTPS (Secure Socket Layer) websites such as banking and e-commerce.
Manual
IMAPI CD-Burning COM Service
ImapiService
imapi.exe
CD-Rom Burning
Manual
If you have problems changing to Automatic may help.
Indexing Service
cisvc
cisvc.exe
Index the contents and properties of files on local and remote computers.
[ RESOURCE HOG ]
Manual
For improved performance Disable or
Uninstall thru C.Panel add/remove
IPSEC Policy Agent
PolicyAgent
lsass.exe
Manage IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Automatic
May be changed to Manual if IPSec is not needed.
License Logging Service (Server)
LicenseService
Llssrv.exe
License tracking on a server or DC (Domain Controller).
If disabled then licensing status alerts will not be generated.
Logical Disk Manager
Dmserver
services.exe or svchost.exe
Required by the MMC Disk Management plug-in.
Automatic
Logical Disk Manager Administrative Service
Dmadmin
dmadmin.exe /com
Administrative service for disk management requests
Manual
Message Queuing

mqsvc.exe
Message Queuing

Message Queuing Triggers

mqtgsvc.exe
Message Queuing

MS Software Shadow Copy Provider Service
swprv
dllhost.exe
Microsoft Backup Utility
Manual
Disable if you never use Shadow Copy features.
Messenger
Messenger
Services.exe
Process the receipt or delivery of pop-up messages sent via NET SEND.
Not related to Windows Messenger
Disabled
vulnerability once used to send pop-up spam.
Network Connections
Netman
svchost.exe -k netsvcs
Manage objects in the Network and Dial-Up Connections folder (LAN and remote connections.)
Manual
Net Logon
Netlogon
Lsass.exe
(Local Security Authority Subsystem)
Network Authentication: maintains a synced domain directory database between the PDC and BDC(s), handles authentication of respective accounts on the DCs, and authenticates domain accounts on networked machines.
Automatic
For stand-alone machines never connected to a domain set to Manual.
NetMeeting Remote Desktop Sharing
Nmnsrvc
mnmsrvc.exe
Allows authorized people to remotely access your Windows desktop using NetMeeting.
Manual.
A good idea to Disable unless you plan to allow remote connections.
Network DDE
NetDDE
Netdde.exe
Support the network transport of DDE (Dynamic Data Exchange) connections.
Requires Network DDE DSDM to be started. See Clipbook service
Disabled
Network DDE DSDM
NetDDEdsdm
Netdde.exe
Manage shared DDE conversations (from shares like: \\computername\ndde$).
See Clipbook service
Disabled
NLA - Network Location Awareness
nla
svchost.exe
Part of Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF)
Manual
Network Provisioning Service
xmlprov
svchost.exe
Manage XML configuration files on a domain basis
Manual
NT LM Security Support Provider
NtLmSsp
Services.exe
Extends NT security to Remote Procedure Call (RPC) programs using various transports other than named pipes.
RPC activity is quite common, and most RPC apps don't use named pipes.
Manual
Performance Logs and Alerts (XP)

Alerts and Performance Logs (Win 2K)
sysmonLog
smlogsvc.exe
Configure performance logs and alerts.
Manual. May be disabled if the alerts are not needed.
Plug and Play
PlugPlay
Services.exe
Plug and Play.
Do not disable this service.
Automatic
Universal Plug and Play Host
UPNPhost
svchost.exe
Device Host detect and configure external UPnP devices.
UPnP<>PnP
 Manual
Portable Media Serial Number Service
WmdmPmSN
svchost.exe
Retrieves the serial number of any portable media player connected to this computer.
Manual
Disable if you never use DRM music devices.
Print Spooler or Spooler
Spooler
Spoolsv.exe
(Spoolss.exe in NT4)
The NT printing subsystem.
Automatic - If you print documents.

If no printing is ever done set to manual (or disabled)

Restarting this service will cancel all pending print jobs.
Protected Storage
ProtectedStorage
Pstores.exe
Encrypt and store secure info: SSL certificates, passwords for Outlook, Outlook Express, Profile Assistant, MS Wallet, and digitally signed S/MIME keys.
Automatic.
QoS RSVP
rsvp
rsvp.exe -s
Provide network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Manual
Remote Access Auto Connection Manager
or
Remote Access AutoDial Manager
Rasauto
svchost.exe -k netsvcs
Activates automatic dial-up when a URL link is clicked.

Required for some but not all RAS, ADSL or Cable connections.
Manual
May be disabled if the machine has no internet access.
Remote Access Connection Manager
Rasman
svchost.exe -k netsvcs
Required for most but not all RAS, ADSL or Cable connections.
Manual.
Required for Internet Connection Sharing or accessing remote servers via RAS.
Remote Desktop Help Session Manager
RDSessMgr
sessmgr.exe
Remote Desktop Help Session Manager.
Manual
May be disabled if RDP is never used.
Remote Procedure Call (RPC) Service
or
Remote Procedure Call (RPC)
RpcSs
svchost -k rpcss
This RPC subsystem is crucial to the operations of any RPC activities taking place on a system (e.g. DCOM)
Automatic

Do not disable

Many essential services are dependent on RPC.
Remote Procedure Call (RPC) Locator
RpcLocator
Locator.exe
Maintain the RPC name server database, requires the RPC service (below) to be started. Database of available server applications.
Manual.
Remote Registry Service (XP Pro only)
RemoteRegistry
regsvc.exe
Allow remote registry manipulation.
Automatic
A good idea to disable this, unless you have some reason to allow remote registry editing.
Removable Storage
Ntmssvc
svchost.exe -k netsvcs
Manage removable media, drives, and libraries.
Manual.
RIP Listener
(XP - option)


Listen for RIP announcements from routers and modify the routing table accordingly.
To use the RIP Listener service, your adjacent routers must support the RIP v1 protocol. You'll find the RIP Listener service under Add/Remove Windows Components - Networking Services.
Routing and Remote Access
RemoteAccess
svchost.exe -k netsvcs
Allow incoming connections via dial in or VPN. (WAN Routing)
Disabled
Secondary Logon (Win XP)
RunAs (Win 2K)
secLogon
services.exe or svchost.exe
Enables starting processes under alternate credentials.
Automatic
You may want to stop this service if you never use RunAs
Security Accounts Manager (Win 2K)
SamSs
lsass.exe
Stores security information for local user accounts.
Automatic
Security Center
wscsvc
svchost.exe
Monitor system security settings and configurations.
Automatic
You may want to disable this if firewall and virus updates are controlled via other means.
Server
LanmanServer
Services.exe
Support for peer-to peer file sharing, print sharing, and named pipe sharing via SMB services.
Automatic
May be disabled if you dont host file or print shares. (Admin$ shares)
Shell Hardware Detection
ShellHWDetection
svchost.exe
CD Autoplay
Automatic.
Smart Card
ScardSrv
SCardSvr.exe
Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
Manual
If you never use smart cards, Disable
Smart Card Helper
ScardDrv
SCardSvr.exe
legacy smart card readers
Removed in XP SP2
SNMP Service
Snmp
snmp.exe
Agents that monitor the activity in network devices and report to the network console workstation.
Automatic (if installed)
SSDP Discovery Service
SSDPSRV
svchost.exe
Simple Service Discovery Protocol.
Enables discovery of UPnP devices on your home network
Manual
May be disabled if as is likely you dont have any UPnP devices)
System Event Notification
SENS
svchost.exe -k netsvcs
Track system events such as Windows logon, network, and power events.
Notifiy COM+ Event System subscribers of these events.
Automatic.
System Restore Service
srservice
svchost.exe
Creates system snap shots.
[ RESOURCE HOG ]
Automatic

If the machine's configuration has been cloned/backed up - turn off System Restore in Control Panel, System.
Task Scheduler or Schedule
Schedule
atsvc.exe or mstask.exe
This service is required to schedule background tasks (run at a specific date & time)

Under NT it's a Resource Hog.
Under XP it's used by some auto-tuning operations.
Automatic
TCP/IP NetBIOS Helper
or
TCP/IP NetBIOS Helper Service
lmHosts
Services.exe
Support for name resolution in a Windows 2000 domain. (Netbios/Wins)
An alternative to DNS lookup.
Automatic
If not required may be set to manual.
Telephony
TapiSrv
Tapisrv.exe
Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections. e.g unimodem modems.
Manual
Telnet
(Win 2K)
TlntSvr
tlntsvr.exe
Allows a remote user to log on to the system and run console programs using the command line.
Disabled
Very insecure, presents a security risk when running.
Terminal Services
TermService
svchost.exe
Required for Fast User Switching, Remote Desktop and Remote Assistance
Manual
If not required may be Disabled
Themes
Themes
svchost.exe
XP Active Desktop Themes, and quick launch toolbars
[ RESOURCE HOG ]
Automatic
Set to Manual or Disabled if you dont like themes.
UPS or Uninterruptible Power Supply
UPS
Ups.exe
Support for an Uninteruptable Power Supply (UPS) physically connected to the machine.
Manual
Not every UPS will need or use this service.
Universal Plug and Play Host
UPNPhost
svchost.exe
Device Host detect and configure external UPnP devices.
UPnP<>PnP
Manual
Upload Manager
uploadmgr
svchost.exe
Upload Manager.
Removed in XP SP2
Volume Shadow Copy
VSS
vssvc.exe
MS Backup - A volume shadow copy is a picture of the volume at a particular moment in time. That means a computer can be backed up while files are open and applications running.
Manual
If not required may be disabled
see MS Software Shadow Copy Provider Service
WebClient
WebClient
svchost.exe
Allow access to web-resident disk storage from an ISP. WebDAV "internet disks" such as Apple's iDisk.
Automatic
If not required may be disabled
Windows Audio
AudioSrv
svchost.exe
Sound Driver
Note that disabling the sound driver won't stop sounds from playing - you just won't hear them.
Automatic
If no sound card fitted then disable.
Windows Firewall (XP SP2)
Internet Connection Firewall (XP)
Internet Connection Sharing (Win 2K)
SharedAccess
svchost.exe -k netsvcs
Network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
Automatic.
For better protection consider adding a third party firewall.
Windows Image Acquisition
stisvc
svchost.exe
Required for some but not all cameras, scanners, and digital video cameras.
Manual
Windows Installer
MSIServer
MsiExec.exe /V
Install, repair and remove software according to instructions contained in .MSI files.
Manual
Windows Management Instrumentation
WinMgmt
C:\WINNT\System32
\WBEM\WinMgmt.exe
WMI provides system management information.
Automatic
Windows Management Instrumentation Driver Extensions
Wmi
svchost.exe
Provides systems management information to and from drivers.
Manual
Windows Time
W32time
services.exe
Update the computer clock by reference to an internet time source or a time server.
Automatic
Wireless Zero Configuration
WZCSVC
svchost.exe
Configure wireless network devices (802.11a/b/g).
Automatic
disable if you don't have any wireless devices.
WMI Performance Adapter
WmiApSrv
wmiapsrv.exe
Collect performance library information.
Manual
Workstation
lanmanworkstation
Services.exe
Communications and network connections.
Services dependent on this being started: Alerter, Messenger, and Net Logon.
Automatic
It is inadvisable to disable a service without being aware of the consequences, always start by setting the service to manual, reboot and test for any problems.
A service set to manual may be automatically restarted if another service is dependent on it.
A service set to disabled will not restart even if it's required to boot the machine!
Stopping or disabling a service will generally save a small amount of memory and will reduce the number of software interrupts (cpu message queue.) The main reason for tinkering with services is to harden the system against security vulnerabilities. Disable everything that you don't need or use - then any future problems with those services cannot affect the machine.
To document all the services currently installed:
SC QUERY state= all |findstr "DISPLAY_NAME STATE" >my_services.csv
Some XP services communicate and send data directly to Microsoft, this is not generally something to lose sleep over. Managing the running of these services may be a consideration if confidentiality/anonymity is highly important to you.
Removing a service completely
To delete a service, you may be tempted to hack the registry settings under (HKLM/SYSTEM/CurrentControlSet/Services) this is not a reliable or recommended method, far better is to use the SC command:
SC delete NameofServiceTodelete
Enable or Disable Ports
Many services and applications rely on the use of a specific PORT - to determine if a particular port is enabled for use, review the list of Service names and port numbers held in the "services" file ('windows\system32\drivers\etc\services')
Installing a good firewall is the easiest way to manage this.
"The service we render to others is really the rent we pay for our room on this earth. It is obvious that man is himself a traveler; that the purpose of this world is not 'to have and to hold' but 'to give and serve.' There can be no other meaning." - Sir Wilfred T. Grenfell

Windows XP Command Line Syntax

   Parameters    Command Line Parameters  %1  %~f1 
   Variables     Create/read environment variables
   Redirection   Spooling output to a file, piping input
   AND/OR Logic  Conditional Execution (If-Then-Else)
   Loops         Loops and Subroutines
   functions     How to package blocks of code
   Services     List of Windows XP Services
 
Evaluating expressions
   Using brackets to Group and expand expressions
   Delayed Expansion Manage <xml> and <html> text
   SET /A        Environment variable arithmetic
   VarSubstring  Extract part of a variable (substring)
   VarSearch     Search & replace part of a variable
   Escape chars, delimiters and quotes
   Wildcards     Match multiple files
 
Batch Files 
   DateMath      Add or subtract days from any date
   GetDate.cmd   Get todays date (any region, any OS)
   GetTime.cmd   Get the time now 
   GetGMT.cmd    Time adjusted to Greenwich Mean Time
   datetime.vbs  Get Date, Time and daylight savings 
   deQuote       Remove quotes from a string
   DelOlder.cmd  Delete files more than n days old
   StampMe.cmd   Rename a file with the date/time
   Which.cmd     Display full path to any command
   DragDrop.cmd  Drag and drop onto a batch script
 
Reference/How to
   RUN commands   Start-Run Snap-Ins and Control panel applets
   Slow Browsing  Speed up network browsing
   Printing       Printer connections and print drivers
   Qchange        Script to change Printer connections
   Desktop Heap   Memory configuration
   Permissions    Local vs Global workgroups
   Long Filenames NTFS filename issues
   WorkGroups     Built-In Users and Security Groups
   autoexec       Run commands at startup
   Recovery       The Recovery Console
   WinXP Registry   User interface settings

WMI Control overview

Windows Management Instrumentation (WMI) Control is a tool that enables you to configure WMI settings on a remote computer or local computer. Using the WMI Control, you can manage the following tasks remotely.

Authorize users or groups and set permission levels

You can enable an individual user, group, or namespace to access network objects and perform WMI tasks and services. For example, you can enable a group to manage WMI's Common Information Model (CIM) objects on their local computers.

Configure error logging

You can turn error logging on or off and, if turned on, set it to report errors only (the default) or all actions (verbose). Error logging can help you troubleshoot WMI problems. You can also define a maximum size for log files and their folder location.

Back up the repository

You can configure the WMI Control to back up your repository on a regular schedule, or you can do it manually at any time. The repository is the database of objects that you can access through WMI. You can also restore a previous version of the repository.

Change the default namespace for scripting

You can change the default namespace that is targeted in WMI scripts.

Indexing Service

Using Indexing Service

Indexing Service creates indexes of the contents and properties of documents on your local hard drive and on shared network drives. You can also control the information included in the indexes. Indexing Service is designed to run continuously and requires little, if any, maintenance.

To open Indexing Service

1.
 Open Computer Management (Local)
2.
 In the console tree, double-click Services and Applications.
3.
 Double-click Indexing Service.

Note
 To open Computer Management, click Start, and then click Control Panel. Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.
For information about using Indexing Service, on the Action menu in Computer Management, click Help.

Note If you are not comfortable with the information that is presented in this section, ask someone for help or contact support. For information about how to contact support, see the Microsoft Help and Support contact information Web site:
http://support.microsoft.com/contactus (http://support.microsoft.com/contactus)

Posted by Uzzal at 12:51 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)