A Beginner’s Approach To

Riyaz Ahemed Walikar

Page | II
To my loving parents

Page | III
Computers have helped us from the day they were invented. Either in the form of a simple abacus
or the Japanese Earth Simulator, they have always played an undeniable role in the development
and betterment of mankind. Computers can be considered to be a body and a soul interacting with
each other to give our everyday results. The Soul is the computer Operating System and the Body is
the hardware. Every computer technically requires an Operating System to function. Windows is the
most widely used Operating System on this planet with over 92% of the world‘s computer familiar
people having used Windows.

Windows has been explained in layman‘s terms in this book, which makes it special. Readers are
not required to have a technical background to understand the text. It is advisable for the readers to
use the book practically. If possible keep a computer on your side when reading, so that you can
actually test an implement what you have read.

Chapter 1 deals with common hardware for common home desktops and a brief classification of
Operating Systems. The important question of Why Windows has been answered in this chapter
along with a brief overview of System BIOS.

Chapter 2 deals with File Systems and installing of Windows. Chapter 3 starts of Windows with the
Booting and Logon procedures. The Desktop, Start Button and the Taskbar have also been
explained here. Chapter 4 explains the Windows shell, Explorer, along with Windows Product
Activation. Chapter 5 explores the uses of Control Panel with most of the common applets covered.
Chapter 6 & Chapter 7 basically deal with the DOS prompt and batch file programming.

Chapter 8 explains the Windows Safe Mode, the best startup option for debugging Windows.
Chapter 9 deals with the Windows Registry, the most interesting chapter of all, this chapter gives an
in depth analysis of the Windows Registry and how it can be used to customize the looks and
performance of Windows. Chapter 10 deals with Windows security, explaining what makes the
Administrator‘s account the most dangerous account on your system, working of common viruses
and worms, NTFS Security and Windows Network security touching upon the Windows Firewall and
Share Security. Chapter 11 is another chapter to tweak your system with several tricks to keep your
system running at its best. Chapter 12 is a small chapter on the Windows common Keyboard

Chapter 13 teaches you how to deal with common system errors and OS malfunctions so that
instead of running to the repair shop you can get your hands wet. Chapter 14 has the Windows
journey highlighted through a short description of its predecessors from MSDOS 6.22 to the current
surviving edition Windows Vista. The last technical chapter as such is the Jargon Buster, a chapter
dedicated to common computer lingua and terms.

For the common reader there are challenges at the end of some chapters that are interesting and
addictive to sort out. You will be able to complete the challenges only after you read the chapter. For
lesser mortals, answers are provided at the end of the book. There are 2 appendices; first giving the
standard ASCII table, and the second has a list of Recovery Console.

Many useful hints are provided throughout the text as additional tips and aid to the reader.

The terms CMOS setup and BIOS setup have been used in the wider context. CMOS stands for
Complementary Metal Oxide Semiconductor and BIOS means Basic Input Output System. The
CMOS Setup Utility (also the BIOS Setup) can be used to configure the computer‘s boot sequence
and processor voltages amongst other things. The BIOS can be reset in cases of errors by removing
the battery or by resetting the clear CMOS jumper. Please do not try this at home if you are not well
versed with computer hardware.

Page | IV
This book is meant for Home and Office Users. Although designed and written particularly for them,
a wider circle of people can gain a sound amount of information. The book is aimed at being friendly
with the reader so that the boring task of reading and employing becomes realistic. As mentioned
earlier, use the book along with a computer so that you can immediately put into practical use
whatever you have just read.

As a note of caution the chapters are with reference to Windows XP Home Edition SP 1
(Uniprocessor) when mentioning about Toolbars and Explorer and the like unless explicitly
mentioned otherwise.

Read ahead and understand the best Operating System on this planet and try to make it better by

Page | V


1. Before beginning……. 1
Hardware that goes in 2
Operating Systems: Classification and Overview 4
Why Windows? 7
Software that goes in 7
System BIOS – A brief overview 8

2. Starting from Scratch 11
File Systems 12
Running Windows Setup 16
Installing Windows 19

3. The Basics 26
POST, Boot Keys and the Boot.ini 27
Windows Logon & Startup 30
The Desktop 35
The Start Button 35
The Taskbar 37

4. Explorer & The Windows Interface 39
Windows Product Activation (WPA) 40
The GUI Environment 42
The Right Click Context Menu 45
My Computer 49
%Homepath% & My Documents 52
Recycle Bin 55
Searching for Files 56
File Extensions & Open With 58
Windows Services 62
System Restore and Windows Update 66
The Task Manager 71

5. The Control Panel 76
Control Panel & Extensions (*.cpl) 77
Accessibility Options (access.cpl) 79
Add Hardware (hdwwiz.cpl) 81
Add/Remove Programs (appwiz.cpl) 83
Administrative Tools 86
Date & Time (timedate.cpl) 88
Display (desk.cpl) 90
Folder Options 92
Fonts (%systemroot%\fonts\) 94
Internet Options (inetcpl.cpl) 95
Network Connections (ncpa.cpl) 98
Regional and Language Options (intl.cpl) 100
Scheduled Tasks 101

Page | VI
System (sysdm.cpl) 103
Taskbar & Start Menu 108
Sounds and Audio Devices (mmsys.cpl) 109
User Accounts (nusrmgr.cpl) 111

6. DOS Prompt – The Powerful Cmd.exe 115
The DOS Prompt 116
Console Commands 118

7. Batch Files & Scripts 128
Batch Files 129
Passing Arguments 135
FOR Loops & IF Branching 136
Examples 139

8. Windows Safe Mode 142
What is the Safe Mode? 143
Safe Mode & Other Startup Options 144

9. The Windows Registry 149
Registration Databases 150
The Registry Editors - Regedit & Regedt32 151
Hives, Keys and Data Types 152
The .Reg File 154
Registry Tricks & Tweaks 155
The Reg command 174

10. Securing Windows 181
Security – An overview 182
The Administrator’s Dilemma 183
NTFS Security - The ACL Story 187
Password Policies and the Password Reset Disk 193
Malicious Code and Infections 196
Windows Network Security 208

11. Windows Tips & Tricks 215
Startup 216
Logon 221
Desktop & Wallpaper 227
Explorer 230
File & Folder Protecting Techniques 237
Eggs & Bugs 244

12. Keyboard & Program Shortcuts 247
Windows Shortcuts 248

13. Troubleshooting Common Problems 252
The Recovery Console 253
A List of Common problems 258
Windows Errors 263

14. 'Flavors' of Windows 265
MS-DOS to Windows XP SP2 266

Page | VII
15. Jargon Buster 279
Definitions & Useful Terminology 280

16. Answers to Challenges 303

17. Appendix A – The Standard ASCII Table 315

18. Appendix B – List of Recovery Console Commands 317

Page | VIII
A Beginners Approach to Windows

Before Beginning……

This chapter will basically give its readers a real idea of the vast advantages that one can avail of
by using Operating Systems like Windows. A brief classification of Operating Systems is also
included along with Hardware and Software accessories needed to say you have a computer. This
chapter is a must for a newbie. Advanced Windows users and system administrators can however
skip this chapter.

After this chapter the reader should be able to:
 Understand the common hardware that goes in the making of a home computer
 Differentiate between operating systems and classify them on the basis of usage and tasks.
 Understand why Windows is better than most other operating systems
 Summarize the basic software that constitutes a normal home desktop computer
 Understand the concept of the system BIOS and Hyper threading.

Note: All information provided in this chapter deals with the BIOS at the very basic level. Any
incorrect attempts to change values in the system BIOS manually may lead to inconsequential
damage to the system. For complete reference to the values and details of each and every single
page of the BIOS, please refer to the motherboard manual provided along with the computer or visit
the manufacturer‘s website.

Page | 1 Riyaz Ahemed Walikar
A Beginners Approach to Windows

A computer is lifeless without an operating system. A typical computer system has the usual
hardware installed that enables it to run. An Operating system communicates between the
hardware and the system user. Software is installed to make machine usage more realistic.

I.1: Hardware that goes in

A computer consists not just of the monitor, mouse and the keyboard, but several other ‗hidden‘
things that lie entirely concealed inside the big box that stands next to your monitor. This ‗box‘ is
called the cabinet (not the CPU).

Hardware basically means any physical component of a computer system, including any peripheral
device such as Input/Output devices (I/O devices) like keyboard, mouse, modems and printers. The
internal connections of all the components are completed by the motherboard which houses many
capacitors, resistors and Integrated Circuits including the CPU. Many other devices are connected
to the motherboard inside the cabinet. A standard computer has several devices connected but the
most simple and important ones are listed below along with a brief description.

Audio input device: Any device capable of recording audio or music to your computer. Examples
include Microphones and digital voice recording devices.

CD ROM Drive: A device capable of reading Compact Discs (CDs). This device is usually found on
most systems. If it can write data onto CDs than it is called a CD RW Drive. CDs are also of various
types; CD – R, CD – RW, DVD – R and DVD – RWs to name a few. All differ from their construction
and their ability to store data. Data written onto a CD – R cannot be erased but the same CD can
be used for multiple data writing sessions if it is has been originally written as a multisession disc.
Whereas CD – RWs act as huge ―floppies‖. Data written onto these discs can be erased a number
of times and new data can be written on it. A digital versatile disc (DVD) looks like a CD-ROM disc,
but it can store greater amounts of data. You need a special DVD drive to read data from a DVD.

Display Adapter: A display adapter / video card / graphics card is a device that gives a computer its
display abilities. The monitor works even if there is no graphics card but the screen resolution is not
clear and images are distorted. Different video cards support different screen resolutions which are
measured in pixels. 640 X 480, 768 X 1024, 800 X 600 and 1024 X 768 are common ones. Some
graphic cards come with in built memory for storing screen details and resolution. Some adapters
have the ability of doing graphic calculations and are sometimes referred to as Graphics

Floppy Drive: A device capable of reading and writing data to a floppy disk. A floppy disk is a
reusable magnetic storage medium. A standard floppy disk holds 1.44 MB and is 3.5 inches in size.
A floppy drive is usually allotted the drive letter A by the operating system. Hence inserting a floppy
disk into the floppy drive and opening A:\ through My Computer will show the contents of the floppy

Hard Disk: This device, also called hard disk drive, contains many flat plate-like structures coated
with a magnetic material capable of storing data. Storing and accessing of data is much faster than
on a floppy disk or a CD. All the other hardware is usually connected to the hard disk since it
contains the operating system. The data on a hard disk includes the entire operating system and all
the other files present in the C, D and other drives you see in My Computer.

Keyboard: A keyboard, as everybody knows, is the device that allows you to send typed characters
on to the screen. A standard keyboard usually consists of 102 essential keys. Some keyboards

Page | 2 Riyaz Ahemed Walikar
A Beginners Approach to Windows

have keys that have functions like shutting down the computer, opening web pages and volume

Modem (modulator/demodulator): A device that allows a computer to send and receive data through
a telephone line. A modem converts the digital data from the computer into analog signals for
transmission through a telephone cable and converts incoming data into digital form for the
computer to understand. Modems can be internal or external. An Internal modem looks like a card
and has a slot for the telephone line. An External modem on the other hand is usually in the shape
of a box with blinking lights on it. Different modems have various data transfer speeds.

Mouse: Mouse is basically a pointing device with 2 or more click buttons. The Left click is equivalent
to an Enter of the keyboard and the right click opens up a shortcut menu which changes depending
on where you click and is equivalent to the key combination of ‗Shift + F10‘. A standard mouse may
have more than 2 keys that do various odd jobs like going back one page or moving forward to
another level of a folder etc.

Network Adapter: A Network Adapter is a device that connects your computer to a network. A
Network Adapter has a slot for the network cable through which data is transferred between
computers in a LAN (Local Area Network). This device is sometimes called a network interface card

Printers: These devices print text or images on paper or other printing material when invoked with a
print command from an application. When a print command is issued, the Print Spooler accepts the
document sent to the printer to be printed and stores it into the memory till the printer is ready to

Examples: Laser Printers, Ink – jet Printers, Dot Matrix printers.
All of the above mentioned examples of printers differ in their ink and methods of printing resulting
in different resolution and texture details.

Processor: A Processor controls the operation of a computer and performs its processing. A
computer can have more than one processor. When there is only one processor, it is often referred
to as the central processing unit (CPU). The processor is often integrated on to the motherboard
and is rated according to its speed. A processor with a speed of 1.70 is enough to run a computer
sans any errors, whereas high end gaming machines ask for more.

RAM Card (Memory): This device has RAM (Random Access Memory) Integrated Circuits (ICs)
which the computer continually uses to read or write data when in an operation. Many other devices
also use the RAM to temporarily keep data during a transfer operation. RAM Cards come in various
memory sizes like 64 MB, 128 MB, 256 MB, 512 MB etc. A Computer used heavily for gaming and
other high speed operations requires a higher amount of RAM. Information stored in RAM is lost
when the power supply is disconnected. RAM Cards are sometimes also referred to as RAM Sticks
or RAM Modules.

Sound Card: Sound cards allow the user to playback sound files (Mp3s and Microsoft Wav files etc.)
through speakers or headphones. A sound card also enables voice recording through a
microphone. Sound cards are usually integrated into motherboards.

Any hardware to be duly recognized by Windows needs to have its driver installed onto the system.
Device drivers are basically files that allow a specific device to communicate with the Operating
System. Although a device might be connected to your system, Windows does not recognize its
functions and usage until and unless its drivers are loaded. Drivers of some common and essential
devices like keyboard, mouse, CD drive and Floppy drive are provided by Windows which get
installed during the installation of the Operating System. Drivers are unique for different types of

Page | 3 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Driver files usually have a *.sys extension and are usually found in the
%systemroot%\Windows\System32\Drivers\ folder in case of Windows XP.

Warning: Any incorrect manual changes done to this folder or its contents can render your computer

I.2: Operating Systems: Classification & Overview

A layman‘s definition of an Operating System (OS) is that it is a broad collection of programs and
assorted applications that allow a computer user to interact with the installed hardware.

Functions of Operating Systems:

An operating system basically controls the execution of application program and acts as an
interface between the computers hardware and its user. Operating systems have evolved
drastically over the years to reach its current pinnacle. Primitive operating systems just consisted of
a set of instructions for printing jobs and other odd works. Today‘s operating systems allow users to
play music while playing a game. Evolution has taken operating systems along with user developed
applications into a realm that virtually has no limit to the advances incurred.

The hardware and software that goes into making a computer can be viewed in the form of a tree
as shown below:
End User

Application Programs

Operating System

Computer Hardware

The user of the operating system and overlying applications is called the End User. The Application
Programs could be anything from Microsoft Word to Macromedia‘s Flash MX. Many a times utilities
or helper programs are bundled along with the operating system for example; Windows Paint,
Calculator etc. Application Programs are usually third party programs that allow users to manipulate
and use their computer resources to create useful work out of inputs given to the computer, for
example; Macromedia‘s Flash MX allows users to create content rich documents for web designing,
Adobe‘s Photoshop gives its users an easy to understand interface for editing and creating and
editing images and pictures. The operating system is the underlying agent that acts as a mediator
between the users/applications and the installed hardware.

An operating system should have the following functional capabilities to be called a useful
operating system;
>> File and data creation: An operating system provides various tools that allow a user to create
files that are specific to certain applications or may be a part of the OS itself. These tools may
include various editors to assist the user in handling various files.

Page | 4 Riyaz Ahemed Walikar
A Beginners Approach to Windows

>> Archiving: Archiving refers to the cataloging and storing of information about files that aid in the
process of file search and retrieval. This function is not a necessity and can be overlooked.

>> File Execution and Workspace Management: To run a given file, several procedures are
carried out like loading instructions and data into memory, initializing I/O devices etc. The OS takes
care of all the background tasks and gives hassle free results. The operating system allocates the
available memory to various applications and converts user input into application specific

>> Controlled Access to Files: In case of access to files an understanding of not only the
instructions parsed to I/O devices is important but also the file format on the storage medium is also
to be taken into consideration. The OS manages all the details. Furthermore, in case of multi-user
Operating Systems, the OS can provide built in data security and protection mechanisms to control
unauthorized user access to restricted files.

>> Error Detection and Response: Errors can always creep up during program execution or when
a system is running. These errors could be anything from hardware failure errors to buffer
overflows. In all cases the OS has to give some response to the error in such a way that the
integrity of the system is maintained. The response may range from ending the program that
caused the error, to retrying the operation or simply informing the user that an error has occurred.

Classification of Operating Systems: Operating systems were classified according to the
hardware features that they demanded and basic computer architecture.

(The following classifications are not the only category of classification that can be applied to OSs,
the most basic and common architectures have been taken into account. You may not see these
systems around since most of these architectures are used as research equipment.)

 Mainframe Batch Systems:
Mainframes were the first type of computer systems that arrived in the scenario. Early
computers were gigantic physically and input had to be given through cards and tape drives.
The output was taken via line printers. The user seldom interacted with the computer instead
he prepared a job consisting of the program, the data and some control information (if
required) about the nature of the job and submitted it to the computer operator. The output
consisted of the result of the program and register contents for debugging. These systems
ran just one job or application at a time and system resources were not utilized to the
maximum limits.

To speed up processing, operators batched together jobs with similar needs and ran them
through the computer as a group. The operator would sort programs into batches with similar
requirements and, as the computer became available, would run each batch.

 Mainframe Multiprogrammed Systems:
With the introduction of disks to store data, Operating Systems could now store all jobs on
the disk instead of keeping them on cards. With direct access to several jobs, the OS could
now perform job scheduling, to use resources efficiently. Since a single job cannot keep the
CPU busy at all times, multiprogramming is effective. Multiprogramming increases CPU
utilization by organizing jobs so that the CPU always has one to execute.

The Operating System keeps several jobs in memory. The OS picks one job from memory
and executes it; eventually the job may have to wait for some task, such as an I/O operation,
to complete. The OS then switches over to another job. When that job needs wait, it switches

Page | 5 Riyaz Ahemed Walikar
A Beginners Approach to Windows

over to another job. Finally the first job finishes waiting and the CPU is returned to it. Hence
as long as there is a job to execute, the CPU is never idle.
Multiprogramming is the first instance where the OS has to take decisions for the users. If
several jobs residing in the job pool (disks for eg.) are ready to be brought into memory, and
if there is not enough memory to complete the request then the OS has to choose among the
jobs available. In addition if several jobs in the memory once loaded are ready to execute
then the system must again choose one at a time. Hence multiprogrammed systems are fairly

 Mainframe Multitasking Systems:
Multiprogrammed systems allowed efficient utilization of system resources including CPU,
memory and peripheral devices, but it did not provide for user interaction with the ongoing
execution of programs and computer system. Multitasking (or Time Sharing) is an extension
to multiprogramming where the CPU executes multiple jobs by switching among them, but
the switches occur so frequently that the users can interact with each program while it is

A time shared computer system allows many users to share the computer simultaneously.
Since each action or command in a time shared system tends to be short, only a little CPU
time is needed for each user. As the system rapidly switches from one user to another, each
user is given the impression that the entire computer system is dedicated to his use, even
though it is being shared among many users.
Multitasking systems are even more complex than multiprogrammed operating systems.

 Desktops:
These are relatively new and include the ones that you and I use at homes, schools and
offices. Desktop machines are meant for performing simple calculations and for other
practically viable activities. Gaming, accounting, Word Processing, animation, web designing,
DTP, multimedia and internet browsing are some of the most common applications of
desktops. These machines have operating systems that allow the user to customize his
preferences while working on the terminal including screensavers and wallpapers. These are
methods adopted by Graphical User Interface (GUI) Operating System makers to make
computing a pleasant experience.

Desktops or Personal Computers (PCs) running any OS should have file management, file
protection and security for maximum of these types are connected online by average end
users. Windows provides the best in all fields of Desktop enhancement right from Gaming to
your Internet Browsing. Added with the tips given in Chapter 15, your computer could well be
one of the most secure computers online.

 Real Time Systems:
Another special type of Operating Systems is the real time system. A real time system is
used when rigid time restrictions have been placed on the operation of a processor or the
flow of data. Applications include systems that control scientific experiments, weather
monitoring, medical imaging systems and some industrial control systems.

A real time system has well defined fixed time constraints. Processing of data must be done
within that stipulated time else the system is useless. For example; it would be useless to
have a robotic system which process data at a rate which tells it to stop, after it has smashed
itself into a wall.

Page | 6 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Real time systems come in two flavors, hard and soft. A hard real time OS guarantees task
completion in the fixed time interval. This goal requires that all the delays in the system be
bounded, from the retrieval of stored data to the time the OS take to complete the processing
request. Usually find applications in robotics or industrial control units. A less restrictive type
of real system is a soft real time system, where a critical real time task gets priority over other
tasks, and retains that priority until complete. Most Operating systems of today have
incorporated the soft real time OS capabilities. These systems find applications where time is
not a standard constraint like in animation and multimedia, virtual reality, advanced scientific
projects like satellites and extraplanetary explorers.

I.3: Why Windows?

A very interesting question indeed and aptly asked. With the availability of several Operating
Systems that provide hoards of features ranging from internet security and hardware compatibility
to gaming architecture support and online help why go for Windows. The answer: Windows has all
the properties that are found in majority of the available Operating Systems; Combined!!. Right
from the start Microsoft has been the leader in providing quality OSs with the changing faces of
market available computer hardware. The entire Windows series right from Windows 1.0 to
Windows XP Service Pack 2 (SP2) has something or the other changed to meet various system
requirements and to make computing a pleasant task.

Windows being a GUI type of OS promises and delivers the best in home and office computing. File
management, file systems, password enforcement, OpenGL support, Direct X support, safe
browsing, and accessories for disabled users, system tools, server and client applications inbuilt
firewall (SP2), Administration and multiple user support, multitasking, Games, easy update, system
file protection, Internet connectivity, multimedia and integrated CD burning (XP) are ‗some‘ of the
several features offered by the Windows series of Operating Systems.

Ease of Installation and concise instructions for configuration make the Windows series one of the
most widely used group of Operating Systems available. Windows has many features for different
types of users including office professionals, artists, students, animators, movie editors and IT
experts. There is something for everybody when using Windows. With the release of Windows XP,
Microsoft congregated the differences between its previous versions and users in such a way that
enabled Windows XP to rule desktops worldwide.

The online help given by Microsoft is worth a mention here. Ranging from installation issues to
stack & buffer overflow error correction, Microsoft has collected everything possible under the sun
about its products that give the user a sense of confidence when using them. Hence you can
definitely say that online help is just a click away…..

I.4: Software That Goes In…

So you have bought a new computer and the dealer said something about Windows XP, Office
2003 and Microsoft Visual Studio. Well, if it has not made any sense to you let me explain;
Windows XP is the Operating System that is installed on your computer; Microsoft Office 2003 is a
rich suite of applications including MS Word, MS Excel, MS PowerPoint and Outlook Express which
allow users to create Text and Web Documents, Accounting Sheets, presentations and to check E
Mails respectively. Microsoft Visual Studio is also another suite of applications consisting of Visual
Basic, Visual C++, Visual FoxPro and Visual Interdev which are applications and compilers to
create applications and debug them.

Page | 7 Riyaz Ahemed Walikar
A Beginners Approach to Windows

In this section we shall see some of the basic and important software required by a computer to run
and to do some of the most common jobs that computers are meant to do. As you all by now should
know is that ‗software‘ is any application or group of programs that enable the user of a machine to
utilize the hardware resources to create useful work out of inputs given to the computer. The
Operating System in a way can be called as a software but the definition is not mandatory and
neither optional.

Operating System: Windows 98/NT XP, Internet Browser: Internet Explorer 6.0 (XP), Office:
Office XP/2003, Software Development & Debugging: Microsoft Visual Studio 6.0, Multimedia:
Windows Media Player & Windows Movie Maker, Library and Programming Aid: MSDN, CD
Burning: Windows Media Player & Integrated CD Burning of Windows XP, Games: Solitaire,
Pinball, Minesweeper, Hearts, FreeCell, Microsoft‘s Flight Simulator, Halo, Age of Empires,
Crimson Skies, Rise of Nations, Paint & Image Editing: Microsoft Paint (integrated) and
Microsoft Photo Editor, Online Messaging & Chatting: MSN Messenger, Email: Microsoft
Outlook Express, Web Designing & Publishing: Microsoft FrontPage, Microsoft Web Publishing

There are loads of third party software (Non – Microsoft) that can be used as an alternative to the
ones mentioned above.

Other than these you may require software, called drivers, to make your hardware run. Device
drivers are also a class of software that makes your Operating System recognize the hardware that
is installed and make use of it. For e.g.: if you are playing a song in Windows Media Player you
require speakers or headphones to listen to the output, now for the OS to recognize that there is a
sound card which will allow us to hear the music it needs drivers that have to be loaded into
memory which will allow the OS to do the necessary conversion and send the output through the

These are not the only ones out there, just go to the ‗downloads‘ section of
http://www.microsoft.com and check it out to believe what more is available.

I.5: System BIOS – A brief overview

The computers BIOS is a ‗hardware based software kind of thing‘ that records settings and
information of your computer such as date and time, the type of hardware installed and various
configuration settings. Your computer applies that information to initialize all the components when
booting up and basic functions of coordination between system components.

If the BIOS has incorrect values or if the BIOS is damaged it may cause your system to malfunction
or it may not allow your computer to boot at all. If that happens, you can enter the BIOS Setup and
manually give values (that‘s hell painstaking and confusing) or use the BIOS‘ inbuilt feature of ‗Load
Optimal Values‘ or ‗Load Best Performance Values‘ to start your computer properly. If all else fails
then open your system and on the motherboard, somewhere close to the battery is the clear CMOS
jumper (set of pins on the motherboard, it is usually specified). Use it to clear the CMOS memory
which has stored the configuration information.

Every time your computer starts, a message appears on the screen before the Operating System
loads that prompts you to ―Hit <Del> if you want to run SETUP‖ . The message may differ on
computers with different motherboards, but most of the time you can access the BIOS setup by
using either F2 or Delete. Sometimes F4, F5, F6, F8 and F10 also work; it all depends on the make
and manufacturer of your computers motherboard.

Page | 8 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Inside the Standard CMOS Setup, you can set up the computers date and time and the available
IDE devices connected to both the IDE Channels inside, on the motherboard. Usually it is the Hard
Disk Drive and the CD ROM drives. Floppy Drives have another separate channel. A computer has
two channels called Primary and Secondary IDE channels. Each of these has a Master and a
Slave. So you have a Primary Master, Primary Slave, Secondary Master and a Secondary Slave.
That means that you can connect maximum 4 devices on to the computers IDE Channels (two
primary and two secondary). The difference between a Master drive and a Slave device is the
jumper setting on the respective device. Well that is of no importance to us as of now.

The BIOS setup allows you to configure your computers booting sequence. For all those guys who
didn‘t get the ring, let me explain. The Operating System has to be loaded to start your computer.
Now the OS may be present on the Hard Disk (as is the usual case) or it may be present on a
floppy disk (OS repair or DOS based OSs) or you may have to start the computer with the CD ROM
st nd
(for OS installation purposes). Whatever the case, the BIOS checks the 1 Boot Device, 2 Boot
rd st
Device and the 3 Boot Device and loads appropriately. You can configure the BIOS so that the 1
Boot Device is the Hard Disk (usually HDD-0 if you have only one hard disk) so that your computer
boots faster. Also enable the Quick Boot option available in the BIOS under the Advanced Setup
Page. If you enable this the system starts up more quickly by eliminating some of the Power on
Test routines. You can enable or disable Hyper Threading. Windows XP supports Hyper Threading.
More on HT further ahead…

BIOS also manages Power and Plug and Play Device configuration. Alongwith these the BIOS also
takes care of the settings of peripheral devices like the modem, audio card etc. (depends on the
motherboard and peripheral make, usually relates only to onboard components).

Hyper Threading is basically the division of processor load by the processor in such a way that it
appears that there are two processors. The Intel Pentium 4 Processor (with HT Technology) has
the Hyper Threading capability. Windows XP supports HT and the effect is even felt at the user
level. You can enable or disable the HT function in the BIOS Setup under the Advanced Setup
Page. This option is available only if the BIOS detects that your processor is HT capable. Under
any other OS version other than Windows XP please disable HT.

You can actually open Device Manager and view under the processors level to see two processors.
Windows Task Manager also displays dual processor graphs under the performance tab (under
CPU Usage History). Hyper threading is effective and it creates an illusion that the computer has
actually become faster and under certain circumstances it actually does.

Page | 9 Riyaz Ahemed Walikar
A Beginners Approach to Windows


1. Change the boot sequence of your computer. You can do it in two ways either
temporarily or permanently.

Hint: In one method you will be changing the boot option for one boot only and in the other
(using the BIOS) you will be changing it for present as well as future boots as well.

Page | 10 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Starting from Scratch

So let‘s get to the real thing. This chapter is both for beginners as well as experienced users who
are interested in knowing what file systems are, installing and running Windows, System folders
and the like. Knowing some basic concepts about Windows right from installation will be an
advantage while troubleshooting common problems. Installation and setup description have been
described for Windows XP Home Edition and Windows 98, other Windows versions may differ

After this chapter the reader should be able to:
 Explain what are file systems are and differences between FAT16, FAT32 & NTFS.
 Run setup and Install Windows 98 and Windows XP on any given machine with requisite

Note: The reader can skip the sub topic on File Systems and get started with Running Windows
Setup and can return back after installation of Windows is complete.
The descriptions penned down in the following pages are brief in its context and the reader is
informed that any further accounts are beyond the scope of the book.

Page | 11 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The case always remains that to get deeper into anything you need to resolve the surface.
Understanding and troubleshooting Windows is not a difficult thing if the ground basics are clear.
Installation issues have always haunted common users, which often lead novice Windows users to
format the system and reinstall the entire OS losing precious data and time. A brief introduction to
file systems and the boot process will benefit us in the long run. Installing Windows is also a simple
process if done carefully. Let‘s begin with File Systems.

II.1: File Systems

The overall structure, in which files are organized, named and stored is basically what the concept
of file systems is all about. Operating Systems, in general, need a defined disk structure and
metadata to identify the location of files and data on your hard disk. The operating system itself
requires that the disk structure should be readable and efficient (in its own terms) so that it can
install itself and later perform read and write tasks on files stored onto the hard disk. You always
format a computer‘s hard disk with a File System. File systems can be of different types; they could
be either disk based or network based. Every OS supports only certain kinds of File Systems. The
following table will give some of the most common File Systems around and the ones that are
important in context with this book.

File System Company / Creator Original OS
FS Bell Labs Unix
FAT12 Seattle Computer Products DOS
FAT16 Microsoft DOS
HFS Apple Mac OS
FAT32 Microsoft Windows 9x
HPFS IBM & Microsoft. OS/2
UFS2 Kirk McKusick FreeBSD
ext2 Rémy Card Linux
ext3 Stephen Tweedie, Linux
Reiser4 Namesys Linux
NTFS Microsoft, Gary Kimura, Tom Miller Windows NT
NSS Novell Netware
ODS5 Digital Equipment Corporation VMS

Table 2.1File Systems
Windows recognizes only the ones developed by Microsoft (too obvious?). MSDOS ran on FAT12
and FAT16. FAT32 supports almost all Windows versions and NTFS supports only Windows NT
systems (includes XP, 2000 and 2003).
For those readers who have not understood the expansion of the above mentioned File System
names this should help clear the cobwebs in your heads:

FS > File System
FAT12 > File Allocation Table 12
FAT16 > File Allocation Table 16
HFS > Hierarchical File System
FAT32 > File Allocation Table 32
HPFS > High Performance File System
UFS2 > UNIX File System 2
ext2 > Extension 2
ext3 > Extension 3

Page | 12 Riyaz Ahemed Walikar
A Beginners Approach to Windows

NTFS > New Technology File System
NSS > Novell Storage Services
ODS5 > On-Disk Structure (Files – 11)

There are several other File Systems but you should not be concerned about them being a novice
Windows user. The field of interest for the readers of this book should primarily be the FAT and
NTFS file systems which support Windows. Let us begin with FAT in general:

File Allocation Table: A partition is divided up into identically sized clusters which are small blocks
of contnuous space on the hard disk. Cluster sizes vary depending on the type of FAT file system
being used and the size of the partition. Typically cluster sizes lie somewhere between 2KB and
32KB. Each file may occupy one or more of these clusters depending on its size. However these
cluster chains are not necessarily stored adjacently on the disk's surface but are often instead
fragmented throughout the partition. Reading or writing of other files to the disk then slows down
the computer. Each version of the FAT file system uses a different size for FAT entries. The size is
indicated by the name, for example the FAT16 file system uses 16 bits for each entry while the
FAT32 file system uses 32 bits. This difference means that the File Allocation Table of a FAT32
system can map a greater number of clusters than FAT16, allowing for larger partition sizes with
FAT32. This also allows for more efficient use of space than FAT16, because on the same hard
drive a FAT32 table can address smaller clusters which means less wasted space. The FAT file
systems (FAT16 & FAT32) is the primary file system for consumer versions of Microsoft Windows
upto and including Windows Me. The FAT file system is comparatively less complicated then the
other optional file systems a PC can be formatted to. It is still a popular format for floppy disks and
is supported by virtually all existing operating systems for Personal Computers. The FAT kind of file
system comes in two main flavours (the others have lost their taste…), FAT16 and FAT32 (FAT12
is a dead topic and pursuing it any further is a futile attempt). There are many differences between
the two in terms of maximum file size and maximum volume (partition) size among others.

FAT16: Introduced in July 1988 for MS DOS 4.0 systems, FAT16 formatted partitions‘ sizes were
limited by the 8-bit signed count of sectors per cluster, which could reach a maximum ‗power-of-
two‘ value of 64, giving 32 KB clusters with the usual 512 bytes per sector, hence fixing the
‗definitive‘ limit for FAT16 partition size at 2 gigabytes. Maximum number of files that could be
stored on FAT16 partition was approximately 65520. FAT16 supported long filenames and the
maximum filename size was 255 characters. Names of files could be any Unicode character except
'NUL‘. The maximum size that a file could take on was 4 GiB. One of the few feautres not found in
later FAT versions (FAT32 to be specific) was that data could be compressed using utilities shipped
with Windows like DoubleSpace and DriveSpace. FAT16 also supported some kind of primary

FAT16 was not at all worth it when it came to data retrieval from the hard disk and was extremely
slow in performance standards. Severe internal fragmentation of files and the absurd volume size
limit caused Microsoft to think of an alternative. FAT32 was released as an option sometime in
August 1996.

FAT32: FAT32 finally overcame the volume size limit of FAT16 by introducing 32 bit cluster
numbers, of which 28 bits are currently used. Theoretically this should support a total of
approximately 268435438 (<2 ) clusters, allowing for drive sizes to reach 2 terabytes. However
due to limitations in Microsoft Windows‘ Scandisk utility, the file system is not allowed to grow
beyond 4177920 (<2 ) clusters, placing the maximum volume limit at approximately 124.55
Gigabytes (GB). Windows 2000 and Windows XP can both create FAT32 partitions with maximum
size at 32 GB, whereas both operating Systems can read much larger volumes created by third
party software. FAT32 was introduced with Windows 95. FAT32 supported file attributes such as
Read-only, hidden, system, archive and volume name. FAT32 also recorded dates that were
needed for file info like that modified, accessed and created. Unlike FAT16, FAT32 did not have

Page | 13 Riyaz Ahemed Walikar
A Beginners Approach to Windows

any transparent encryption or compression abilities. The maximum file size that a file can attain is 4
GB minus 1 byte (2 – 1 bytes). For most power administrators and professionals this has become
the biggest limitation of FAT32, since games, video capturing and editing applications and the
system swap file (virtual memory paging file) can easily exceed this limit.

It has a serious drawback in that when files are deleted and new files written to the media, the files
can become scattered over the entire media making reading and writing a slow process. De-
fragmentation is one solution to this, but is often a lengthy process in itself and has to be repeated
regularly to keep the FAT file system clean. As FAT is an ideal file system for small drives like
floppy disks, FAT is likely to stay for a long time. It is also used on other removable storage of sizes
smaller than the practical limits of NTFS, such as flash memory cards for digital cameras and USB
pen drives. The FAT32 formatting support in Windows 2000 and XP is limited to drives of about 30
gigabytes, this effectively forces users of modern hard drives to either use NTFS or to format the
drive using other tools outside Windows.

For most purposes, the NTFS file system that was developed for the Windows NT line is superior to
FAT from the points of view of efficiency, performance and reliability; its main drawback is the very
limited support by non-Microsoft OSs.

NTFS: NTFS or New Technology File System is the standard file system of Windows NT and its
descendants Windows 2000, Windows XP and Windows Server 2003. NTFS was released in July
1993 with Windows NT 3.1. NTFS has five versions: v1.0, v1.1 and v1.2 found in NT 3.51 and NT
4, v3.0 found in Windows 2000 and v3.1 found in Windows XP and Windows Server 2003. These
versions are sometimes referred to as v4.0, v5.0 and v5.1, after the version of Windows they ship
with. Previous versions of Windows (Windows 95, 98 and ME) cannot read data from a NTFS drive.
With a dual boot scenario with XP (NTFS) and 98 (FAT32), Windows 98 will not be able to read or
write data to the NTFS formatted drive. Although there are third party utilities available to do the

NTFS replaced Microsoft's previous FAT file system, used in MS-DOS and early versions of
Windows. NTFS has several improvements over FAT such as improved support for metadata and
the use of advanced data structures to improve performance, reliability and disk space utilization
plus additional extensions such as security through the use of Access Control Lists (ACLs).

NTFS disk is theoretically divided into two parts. The first 12% of the NTFS disk is assigned to so-
called MFT area - the space which MFT metafile grows into. Any data recording into this area is
impossible. The MFT-area is always kept empty so that the most important service file (MFT)
should not be fragmented at growth. The rest 88% of the disks represent usual space for files
storage. MFT which stands for Master File Table is the most important file on NTFS. It is the
common table of files and is situated in the MFT area and is the centralized directory of all
remaining disk files and itself. All disk files are mentioned in MFT. All information about a file except
data itself is stored in this place: a file name, its size, separate fragments position on the disk, etc. If
one MFT record is not enough for information, then several records are used.

Let us see some properties of the NTFS file system that allow it to stand out. NTFS 5.0 was the
third version of NTFS to be introduced to the Windows world by Microsoft. It included several new
features: alternate data streams, quotas, sparse file support, reparse points, distributed link tracking
and the Encrypting File System (EFS).
 Quotas
File system quotas were introduced in NTFS 5.0. They allow the administrator of a computer
that runs a version of Windows that supports NTFS to set a threshold of disk space that users
may utilise. It also allows administrators to keep a track of how much disk space each user is
using. An administrator may specify a certain level of disk space that a user may use before

Page | 14 Riyaz Ahemed Walikar
A Beginners Approach to Windows

they receive a warning, and then deny access to the user once they hit their upper limit of
 Volume mount points
This allows additional file systems to be mounted without requiring a separate drive letter (like
C: or D:) for each. Using this you can mount (put a shortcut kind of thing) into another drive.
 File compression
NTFS can compress files using a variant of the LZ77 algorithm (also used in the popular ZIP
file format).
 Encrypting File System (EFS)
Provides strong and user-transparent encryption of any file or folder on an NTFS volume.
EFS works in conjunction with the EFS service, Microsoft's CryptoAPI and the EFS File
System Run-Time Library (FSRTL).
EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption
Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt
and decrypt large amounts of data than if an asymmetric key cipher is used. The symmetric
key that is used to encrypt the file is then encrypted with a public key that is associated with
the user who encrypted the file, and this encrypted data is stored in an alternate data stream
of the encrypted file. To decrypt the file, the file system uses the private key of the user to
decrypt the symmetric key that is stored in the file header. It then uses the symmetric key to
decrypt the file. Because this is done at the file system level, it is transparent to the user.
Also, in case of a user losing access to their key, support for recovery agents that can
unencrypt files has been built in to the EFS system.
 Volume Shadow Copy (VSC)
Efficiently keeps historical versions of files and folders on NTFS volumes by copying old,
newly-overwritten data to shadow copy (copy-on-write). The old file data is overlaid on the
new when the user requests a revert to an earlier version. On heavily loaded systems,
Microsoft recommends setting up a shadow copy volume on separate disk to reduce the I/O
load on the main volume.
 Alternate Data Streams (ADS)
ADS allows files to be associated with more than one data stream. For example, a file such
as oops.txt can have a ADS with the name of oops.txt:data.txt (format filename:ads) that can
only be accessed by knowing the ADS name or by specialized directory browsing programs.
ADS streams are not detectable in the original file's size but are deleted if the original file (i.e.
text.txt) is deleted. While ADS is a useful feature for file retrieval and dispatch, it can also
easily eat up hard disk space if not detected or forgotten. Later on we shall see how ADS can
be utilized to hide data (any damn data) without anybody seeing it.. It‘s a pretty neat trick...

The NTFS file system has very few limitations and these are restricted to stuff like File names and
ADS. The following file names can not be created on a NTFS drive due to the system's use of
various components. A hard drive conversion to NTFS requires that the following names not be in
use since the normal delete commands do not work as expected on these file names:
con (single word, regardless of file extension) used by Windows like a file but really a data stream.
So you can‘t have a con.txt or something like that on your disk.
com0 - com9 (including all single digits, regardless of file extension) virtual communication ports.
lpt0 - lpt9 (including all single digits, regardless of file extension) since they are used for printer
nulI (regardless of file extension)
prn (regardless of file extension)
aux (regardless of file extension)

Also when a multi-stream file is copied to non-NTFS volumes, only the main stream is copied and
the lost data is not re-gained by re-copying the file to a NTFS drive.

Page | 15 Riyaz Ahemed Walikar
A Beginners Approach to Windows

II.2: Running Windows Setup

Installing Windows is a job easier done then said if done correctly. Windows setup gives a detailed
step by step guide to installation. This section of the chapter will take you on a comprehensive
installation simulation and thus help you in setting up a Windows desktop in no time.

I have included the installation of Windows 98 and Windows XP only, since these are the two most
asked for Operating Systems when it comes to either a fresh install or an upgrade. Installation of
Windows 98 (in this book) will be through a bootable disk (clean install) and it will be done through
the command prompt (command line based setup). Windows XP can be installed in two ways,
either an upgrade from another Windows version or a fresh install. There are many things that have
to be taken care of when installing Windows. We shall approach one by one of these as they
become relevant. Let us start with Windows 98.

Windows 98: Installation of Windows 98 requires very few constraints to be met. System
preparation for a fresh install of Windows 98 is what we are going to see in this section. This
section assumes that your computer is completely blank with no data at all on it and you are going
to start the Windows 98 install on a blank hard disk. If this is not the case, i.e if there is some other
OS on your computer like Windows XP or something, you may have to format your system. Check
which of the following 2 principles is the one which you are directly concerned with. The following 2
principles also need a view for a Windows XP install.
1. If you have some other OS on your computer (either Non-Microsoft or Microsoft): Scan your
computer with a good antivirus to clean and delete any possible virus threats residing in your
other drives. Viruses like the ‗Service manager‘ (of the Passma family) infect *.exe files that
means that even after you have formatted your root drive(C:\ ) the infection may reside as an
infected .exe in the other drives and may soon spread it over to your new installation of
Windows 98 in C:\ drive. Prevention is seriously better than cure.
2. If no other OS is present or there is absolutely no data on your computer or if you intend
formatting all drives and create new partitions and file systems: Then it shouldn‘t be a big deal.
Just continue with the instructions in this chapter and you will have a Windows 98 system up
and running in no time.

Windows 98 has to be installed in the first drive (C:\) on your computer. As a precautionary
measure Microsoft advises users not to install 2 OSs on the same drive. If you want to install
Windows XP or any other OS higher than Windows 98 along with Windows 98, install Windows 98
first and then go ahead with the installation of the other OS as documented in some other drive.
You may have to make changes to the boot.ini file if you can‘t boot to one or the other OS after
having two OSs on one computer. Having two (or more) Operating systems on one computer and
having the ability to boot into either one (or any) at the users discretion at startup is called a dual
(or multi) boot scenario.

Windows 98 does not support the NTFS file system. So if your computer has NTFS drives you will
not be able to access the data on these drives when working in Windows 98. To be on the safer
side just convert these drives to FAT32 by using any of the numerous tools available online.
Windows setup allows you to format these drives to FAT32 drives but you will lose the data on

 Read the setup.txt file located in the Win98 folder on the Windows 98 Second Edition
CD for issues that may affect particular computer configurations.

Hardware Requirements:

Page | 16 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Windows 98 has few hardware requirements that have to be met for the OS to run without any
errors. The mentioned hardware and accessories are just the line, anything higher than the below
mentioned hardware will help the system run faster and with lesser hassles for the system installer.

Processor: 66 megahertz (MHz) or higher microprocessor
RAM: 128 megabytes (MB) recommended (24 MB minimum)
Hard Disk Space: Minimum 400 MB free
Monitor: VGA monitor
Keyboard: Standard keyboard
Mouse: Standard PS/2 Mouse or compatible pointing device
CD ROM Drive: CD-ROM or DVD Drive

Get the latest Windows 98 drivers for any scanners, modems, or peripheral devices attached to
your computer. You can consult the hardware‘s documentation or visit the manufacturer's Web site
for this information. Most of the time the drivers will be available on the same floppy disk or CD
ROM that originally came bundled with the device; except that, if the manufacturer was intelligent
enough (pun intended), they will be available in different folders named by the OS name.

Windows XP: Windows XP can be installed as an upgrade or a fresh install can be
performed if you have a clean hard disk or if you wish to erase all memories of your previous
Operating System. We shall see both the cases as common procedures of Windows XP

Hardware Requirements:
Windows XP has some certain hardware requirements that have to be met for a complete and
working install of the OS. Before actually beginning the installation, make sure your computer‘s
hardware components meet the minimum requirements. Microsoft has determined a minimum
requirement catalog for Windows XP (given below) but anything higher than the below mentioned
accessories is an aid to smooth functioning.

Processor: 233 megahertz (MHz) Pentium or higher microprocessor (or equivalent)
RAM: 128 megabytes (MB) recommended (64 MB minimum; 4(GB) maximum)
Hard Disk Space: 1.5 GB of free space on your hard disk
Monitor: VGA monitor
Keyboard: Standard keyboard
Mouse: Standard PS/2 Mouse or compatible pointing device
CD ROM Drive: CD-ROM or DVD Drive

The Windows XP Setup Wizard automatically checks your hardware and software and reports any
potential conflicts. To ensure a safe and proper installation check if your hardware is compatible
with Windows XP. Microsoft has released a Hardware Compatibility List (HCL) for Windows XP
systems which is a list of all hardware and drivers that are ‗XP compatible‘.

You can view the Hardware Compatibility List (HCL) at the Microsoft Web site:
If your hardware is not listed then get an updated driver for your hardware through the
manufacturer‘s website.

Usually the case is that Windows plays safe with your hardware and issues harmless and
seemingly important hardware installation notifications saying that the driver that you are trying to
install has not been digitally signed by Microsoft or some similar crap. ‗Stop Installation‘ is the
recommended option according to Microsoft, but being a Windows user now, you should learn to
play with fire and give it a go. I would prefer the ‗Continue Anyway‘ option that comes in the dialog

Page | 17 Riyaz Ahemed Walikar
A Beginners Approach to Windows

box, if your hardware has been obtained from trustworthy manufacturers. All this is the later part of
the soup that is still cooking.

Backing Up:
If you're upgrading from an earlier version of Windows, you should back up your current files. If you
wish to do a clean install too you can back up your data following the same procedure as for an
upgrade. You can back up files to a disk, a tape drive, or another computer on your network.

If the C: contains any important data (especially My Documents) etc. just copy the files and
folders etc to a non OS drive (other than C: or the drive you plan to install the OS). The C: drive
may have to be formatted for installation or some files may be overwritten during installation. If you
do not have more than one partition, that is if your computer just has C: drive than it is advisable to
create another partition to store data. Extra drives always come in handy. PowerQuest‘s Partition
Magic is a very good third party software that allows users to create and resize partitions or if you
are comfortable with the Microsoft‘s fdisk then its good.

Upgrade or Fresh Install?
An upgrade to Windows XP is definitely advised if you're already using an earlier version of
Windows that supports upgrading and if you want to keep your current files and preferences.
During an upgrade, the Windows XP Setup Wizard replaces existing Windows files but preserves
your existing settings and applications. Some applications might not be compatible with Windows
XP and therefore might not function properly after an upgrade. You can upgrade to Windows XP
from the following operating systems:
* Windows 98 (all versions)
* Windows Millennium Edition
* Windows NT 4.0 Workstation (Service Pack 6 and later)
* Windows 2000 Professional (including service packs)

If your computer is currently running an unsupported operating system, you must install a new
copy. The wizard installs Windows XP in a new folder. After the installation is complete, you will
have to reinstall applications and reset your preferences.

If you want to modify the way the wizard installs Windows XP, click Advanced Options, and then
perform any of the following tasks:
* Change the default location of the setup files.
* Store system files in a folder other than the default folder (\Windows).
* Copy the installation files from the CD to the hard disk.
* Select the partition on which to install Windows XP Professional.

Unless you're an advanced user (or if you know one), you should use the default settings.

A clean install is a must if your hard disk is blank (it‘s obvious… what are you going to upgrade from
otherwise?) or if your current OS does not support an upgrade.

A clean or fresh install can be done by selecting the fresh Install option in the Windows XP Setup
wizard but the most common and safest method is to do it through a ‗bootable disk‘ i.e. the
Windows XP CD should be inserted at system startup and the computers CMOS should be
configured in such a way that the system boots from the CD first.

There are three other methods of Installing Windows XP, the Unattended Installation, the
Sysprep and by the Remote Installation Services.

Page | 18 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Windows Unattended Installation - Unattended installations use setup scripts to answer installation
questions like the Computername, Organisation, Serial Key, Regional Settings etc. and to automate
the Setup process. This simplifies the installation of the operating system.

Sysprep Install (System Preparation Tool) - This is a timesaving way to install Windows XP on
multiple computers that use identical or similar hardware configurations. Sysprep uses an image of
the i386 folder that contains all the Windows files to install on multiple computers.

Remote Installation Services (RIS) - Enables you to perform a clean installation of Windows XP on
multiple computers throughout a network. This requires a computer running the Remote Installation
Service. RIS relies on the Pre-Boot Execution Technology (PXE). In this systems that do not have
an Operating System are made to boot with their Network Adapter as their first boot device and
which then connects to a RIS Server and the installation proceeds through the network.

II.3: Installing Windows

Installation of Windows 98 has been explained through a bootable disk (i.e. clean install of
Windows 98), and that of Windows XP has been explained in both the possible ways, i.e. as a
clean install as well as an upgrade to Windows 98. Let us start with Windows 98 first.

Windows 98:
The chances of any Windows user using an OS as old as Windows 95 is very slim and hence the
question of upgrading to Windows 98 from previous versions is left out of this book. We shall only
see the clean install of Windows 98 in this section. One thing to be kept in mind is that Windows 98
always installs in the C:\ (the first drive on the hard disk). This part of the chapter assumes that you
have NOTHING on your computer and all the hard disk is completely blank. If there is data on
the computer take a back up to floppy disks or CD RWs or to an external drive. When you select to
remove all files in setup (read on to understand) your entire hard disk is erased and all partitions
deleted, formatted and converted to one single FAT partition The C: drive. Hence if you have any
important files on your computer please take a back up on to some external device.
 Start your computer and just press the Delete button of your keyboard to open your
computers CMOS setup. (The key may vary on your computer but the most common keys
include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Here you have to configure your BIOS
to boot from the CD ROM drive first. This option is usually available under the ‗Advanced
Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s
manual if you don‘t want to take a risk.
 Then insert the Windows 98 CD and exit the CMOS setup. When asked to save changes
say Y for yes and exit the setup. Your computer should restart and if the CD is a bootable
Windows 98 CD you should get a screen saying ‗Press any key to boot from CD….‘ or
something similar, press Enter to start the Setup.
 You will see the first screen that has 2 options Boot from Hard Disk and Boot from CD
ROM. Select the second option and press Enter.
 The next screen has three options, Start Windows 98 setup from CD ROM, Start computer
with CD ROM support and Start computer without CD ROM support. Select the first
option. There is a timer anyways; it will default to the first option.
 After you press Enter, Windows Setup will load all drivers and files needed to detect hard
disk drives, floppy drives and additional hardware.
 Now starts the actual setup. This screen will be a blue screen on which you will have three
options; press Enter to setup Windows, for help press F1 and to quit press F3. Press Enter
to continue installation.

Page | 19 Riyaz Ahemed Walikar
A Beginners Approach to Windows

 The next screen in most of the cases will contain 2 options. One option will ask you to
remove files and the other will tell you to keep the files. These options are usually prompted
if your computer contains a NON-MS DOS OS, something like Windows XP or OS/2. Since
you will be installing everything new. Select Remove Files. Your computer will then restart.
 After your computer restarts if you are prompted again to boot from the CD, press Enter.
Follow the same steps as mentioned above till a stage where setup will format the hard
 After the format a screen saying Setup is preparing to install Windows will come up after
which Setup will perform a routine check on your system. To continue press Enter. To quit
setup press Escape which I assume nobody would want to do at this stage. Anyways, when
you press Enter, setup runs scandisk, a small yet powerful utility that checks your hard disk
for bad sectors and damaged sections. Press Continue on the box that pops up.
 After setup collects some information needed for setup to run completely, setup will ask you
for the location to install the Windows 98 system files. By default it is the C:\Windows
folder. Select it and click on next.
 In the next page select the install type to be Typical which will install the most common
Windows components. Click on next.
 Now the setup will ask for some information like your Name and Company. Enter the
relevant info and continue.
 Now select your current location from the drop down list. If your country does not appear
in the list, select the one closest to you.
 After this Windows will start copying files and you can sit back and read the informative text
that is continuously being displayed on the right hand side of the screen.
 After the file copying phase, Windows will restart. Boot from the hard disk now. You will be
greeted with a boot screen saying Windows 98 Getting ready to start Windows for the
first time.
 Windows will now prompt you to create a user, just enter your username and press Enter
 Windows will now ask you to agree to a License Agreement. Read it and select I Agree
and continue.
 Now comes an important part. Enter your 25 character product key which you will find on
the Certificate of Authenticity (CoA) label. Click next after you have entered your valid
serial key.
 Click Finish on the dialog box. Windows will then initialize its driver database.
 After that Windows will detect Non Plug & Play hardware. Usually after this Windows
 After your computer restarts completely, Windows will ask you to set the current time and
date through the Date & Time Properties.
 Windows will then compile components of the Control Panel and Start Menu, followed by
Windows Help. MS-DOS program settings for 16 bit applications will be configured
alongwith the entire system.
 After the system settings are updated, the computer restarts.
 That‘s it. Windows now starts normally, except that you may have to install drivers for your
sound, video and printer hardware for them to work. To install drivers for your hardware just
insert the driver medium (like a CD-ROM or floppy diskette) when asked for them and click
on Next. The Add Hardware Wizard will do the rest.
 Windows is now installed completely. Click on the Start Button to start exploring or you
can take a visual tour by taking the windows tour.

Windows XP:
As mentioned before Windows XP can be installed in two ways; as an upgrade to Windows 98 (or
ME, NT 4.0 and 2000) and as a fresh install. The installation of Windows XP Home Edition has

Page | 20 Riyaz Ahemed Walikar
A Beginners Approach to Windows

been taken up in the Clean Install part and the Installation of Windows XP Professional Edition has
been taken up when upgrading from Windows 98. As you will see there isn‘t much difference in
both the installation procedures.

Clean Install of Windows XP is perhaps the best method to install if you have a clean hard disk or
an Operating system with another file system (like Linux on an ext2 partition). Windows XP setup
can be started by booting the computer from the Windows XP CD-ROM. The BIOS has to be
configured so that the computer can be started with the help of the CD instead of the hard disk.

 Press the Delete button of your keyboard to open your computers CMOS setup just after
you power on your computer. (The key may vary on your computer but the most common
keys include F1, F2, F4, F5, F6, F8, F10, Esc and delete). Configure your BIOS to boot
from the CD ROM drive first. This option is usually available under the ‗Advanced
Configuration‘ menu. It may vary with your motherboard‘s CMOS. Check the motherboard‘s
manual if you don‘t want to take a risk.
 Then insert the CD and exit the CMOS setup. When asked to save changes say Y for yes
and exit the setup. Your computer should restart and if the CD is a bootable Windows XP
CD you should get a screen saying ‗Press any key to boot from CD….‘ Do as the screen
tells you press Enter or any key for that matter.
 Windows XP setup starts by loading all important files needed for installation including the
drivers needed to recognize the NTFS and FAT32 file system.
 The first screen displays 3 options one that says Press ENTER to setup Windows, to repair
system using recovery console press R and Quit Setup press F3. If you see this screen
carefully, right down you will see all the operations that can be run on this page in short
texts. Now press Enter.

 Recovery Console is covered in the chapter on Troubleshooting Common Problems.
Do not worry about it now.

 You will get to see one of the most concisely and cleverly written Licenses on this planet on
this page. If you have the patience read all of it, by pressing the Page Down and Page Up
keys (I personally advise you read it, it clearly draws the line between multiple installations
on different computers using the same disk. It can save you from a lot of legal hassles.)
This type of license is called a EULA (End User License Agreement). You can read it
anytime later by clicking on Help >> About Windows from any explorer window and then by
clicking on the highlighted End User License Agreement link. Anyways press F8, after
reading, as directed at the bottom of the screen to Agree to the license.
 Setup information is loaded from a file called setupp.ini.
 Then you get to see a page showing all the drives on your computer. This page will
determine where your Windows XP will be installed. Select the drive that you want to use
for Windows XP installation and press Enter. Since this is a clean install, it is indeed
effective to select C: drive.
 Then will follow a format warning page that will ask you to make sure that the drive selected
by you is really the drive or not. Press C to continue.
 Then comes the format page. On this page you get to select what type of format you would
like to perform on the drive selected. These options include formatting using the NTFS type
of file system and formatting using the FAT32 type of file system. The quick format option
for these file systems are also available but using the complete format (without the quick)
option is more effective. There is an option to leave file system intact but that‘s up to the
users to make a decision. Formatting drives using the NTFS file system has its own
advantages. Select an option and press Enter.
 After you select the necessary format option, Setup formats the selected drive appropriately
and then the actual installation starts.

Page | 21 Riyaz Ahemed Walikar
A Beginners Approach to Windows

 Setup then creates a list of files to be copied. It then starts copying these files to the
installation folder.
 Setup will then ask you to restart the computer. This is done automatically in 15 seconds or
can be done manually by pressing Enter at the screen.
 You may get the message to boot from your CD again (‗Press any key to boot from CD….‘).
Do not boot from your CD now. Continue with the start of Windows. Setup will now
continue in its Graphical mode. You will see a message on screen saying ‗Setup will
complete in approximately 39 minutes‘). Sit back and read the informative text that is
continuously being displayed on the right hand side of the screen.
 After another 3 minutes or so Windows will start installing devices. Your screen may flicker
and the installation may seem to have frozen, but it is natural and there is nothing to panic
 Now comes your role. Setup will now prompt a Regional & Language Options Dialog
Box. Here you can install files for East Asian Languages & files for Complex Script and
Right to Left Languages. After you done the necessary customization click OK and then
click on Next.
 In the next page that comes, Enter your name (anything except Administrator and Guest)
and Organization. Click on Next.
 Setup will now ask for your unique 25 character product key. This key is provided on the
Certificate of Authenticity (CoA label) that comes with the original Windows XP CD. Enter
the key with care and click Next when done.
 The next page asks you to give your computer a name. This name can be 15 characters
long and should consist of standard characters (A-Z, numbers 0-9, and hyphen). The name
should not have a full stop and should not have all its characters as numbers. Click Next.
 Adjust your computers Date & Time Settings on the screen that comes up. The date and
time rarely need to be changed, but the Time Zone almost always requires a change to
match your zone.
 Now you can again sit back and read some more of the informative stuff that comes on the
screen. Setup installs Network Components.
 Setup will then install Start Menu items.
 In the final phases of installation Windows XP setup will ‗register components‘. This is just
the updating of the Windows registry with the new files that have been copied, especially
the .dll, .ocx, and .tlb files. These are important Library and System files that keep the
system running properly, any changes to the location of any of the .dll or other library files
on your system can render it useless.
 In the last stage of Windows Setup, any temporary files are removed and Settings are
 The computer should now restart. Once the computer starts, Windows will attempt to adjust
screen resolution. (Size of icons and the size of screen etc).
 You will then be greeted by the Welcome screen. Since there are no users created during
install, Windows XP Home Edition creates a password less administrator account called
 You can take a quick tour of Windows XP when prompted, or later by clicking Start >>
Programs >> Accessories >> Tour Windows XP.
 You may have to install drivers for your video and sound card among other devices that
you may have. To see which devices on your computer require devices, click on Start >>
Control Panel. Once Control Panel opens, double click Administrative Tools. Under
Administrative Tools open Computer Management.
 In Computer Management (in the left hand side column) select Device Manager. The right
hand side of the window will then show you the devices connected to your computer. The
devices having a yellow icon are the ones that need drivers. Install them accordingly.
 You are now ready to use on of the best Operating Systems ever on this Planet!!!!

Page | 22 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Let us see the Upgrade method of Installing Windows XP Professional through a Windows 98

 Start your computer. After Windows 98 starts completely, scan your computer with an
antivirus with the latest updates to detect and remove any virus threats that may hamper
installation. This procedure is very important since your drives may contain a virus or any
other malicious program which may corrupt Windows XP later when it is installed.
 After scanning and after you are sure that there are no viruses on your computer, insert the
Windows XP CD in to your CD ROM Drive.
 The Windows XP CD has autorun capability hence setup will run automatically. If it does
not due to some reason, then open My Computer, open your CD-Rom Drive and double-
click Setup.exe to start setup.
 In the first page that comes up select the type of installation as Upgrade. Click Next
 Setup will then display the End User License Agreement (EULA). Select I accept this
agreement and press Next.
 You will be now asked for your product key. Enter your 25 character product key on this
page. You will find the product key on the Certificate of Authenticity (CoA). Press Next.
 Windows setup will now offer to compile an upgrade report. Setup collects information
about installed programs and check known compatibility issues with your computers
hardware with its database. Select any one of the three or select the last option No Report
if you are confident that your computer‘s hardware or installed software will not affect
Windows XP in any malicious way.
 The Next Page shows the Update Options dialog. If you are connected to the internet then I
recommended you go online and download the latest updates.
 If not click on No, Skip this & Continue
 If you had selected to show the Upgrade Report then here you will get to see the report.
Click on Continue or save the file by clicking on Save As.
 Windows will now copy files needed for installation.
 After this phase the computer will generally restart.
 Now if you get the message To boot from the CD ROM drive at system startup, ignore it,
since this is the upgrade to Windows XP is entirely a graphical (not involving the command
prompt) procedure.
 You will now be shown the boot.ini file, a Windows file explained in the chapters to come,
edited so that you can either continue installation or cancel Windows XP Setup. By default
after some time Windows XP installation will continue. You can even press Enter to the
option saying Microsoft Windows XP Setup.
 Your computer will now continue with the installation of Windows XP in a minimal graphics
mode. The screen may look sick here, but don‘t worry, it will return to normal after some
 Setup will then start Installing Windows. You can sit back and relax, reading the informative
text that scrolls by on the screen on the right hand side. Windows will install devices and
the network components. After that Windows will start copying files to the system
 Windows will then install Start Menu Items and perform registration of system components
with the registry.
 In the Finalizing Installation Phase of Windows XP, setup will upgrade program and system
settings from Windows 98 to that of Windows XP. It will then save settings and delete any
temporary files created during installation.
 You will now be prompted to create users and enter an Administrator password. Don‘t try to
create a user with a name that is also the Computer name. Keep the Administrator
password blank if you are not on a network so that you can easily login with the
Administrator account and you will not have to fumble around searching for the password.

Page | 23 Riyaz Ahemed Walikar
A Beginners Approach to Windows

 Your computer may require sound, video and modem drivers along with other additional
hardware drivers. See the documentation provided by the manufacturer on how to install
device drivers for the specific hardware and for specific Operating Systems. To see which
devices on your computer require devices, click on Start >> Control Panel. Once Control
Panel opens, double click Administrative Tools. Under Administrative Tools open
Computer Management.
 In Computer Management (in the left hand side column) select Device Manager. The right
hand side of the window will then show you the devices connected to your computer. The
devices having a yellow icon are the ones that need drivers. Install them accordingly.
 You can install drivers from here by right clicking on each device that has a yellow icon and
then selecting Upgrade Driver. The Hardware Upgrade Wizard starts, put in the
motherboard CD which usually contains the drivers for sound and video, click on Next with
the Install the Software Automatically Option.

Windows XP can be easily customized according to user preferences. For easier memory
management and for a substantial increase in computing create more drievs by partitioning and
distributing space, so that paging files be created onto these drives. There is another advantage of
having more than one drive; you can save your data on the other drives if you are reinstalling
Windows XP.

Page | 24 Riyaz Ahemed Walikar
A Beginners Approach to Windows


1. Create a Windows 98 Startup disk through My Computer.

2. Change the name of your computer, AFTER installing Windows XP completely.

Page | 25 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The Basics
This chapter will give the reader an insight into the normal startup of a normal Windows XP system.
Alongwith that some the Start button, its functional abilities and the Taskbar, which form the
Windows Desktop, is also covered. This chapter points to Windows XP Home Edition unless
otherwise mentioned specifically.

After this chapter the reader should be able to:
 Explain the importance of the boot.ini file and list all the boot keys.
 Understand the Windows Logon and customize it.
 Explain the various components of the Windows Desktop.
 Customize the Windows Desktop.

Note 1: The reader can skip the topic on POST, Boot Keys and Boot.ini and move on straight to
The Desktop section and then come back if the interest arises to the Boot.ini.

Note 2: If you have bought a new computer then it may so happen that your desktop and Start
Menu may look different from the descriptions and illustrations in this book because your computer
manufacturer may already have customized Windows XP.

Page | 26 Riyaz Ahemed Walikar
A Beginners Approach to Windows

After going through the Windows Install it is theoretically necessary to know the events that occur
during the Windows Boot including the Windows Logon Screen and Post Logon Events. Starting
from the BIOS POST to the desktop, this chapter takes you on a journey through the normal and
complete startup of a common PC. A description of the Windows Desktop and its components is
also given. In depth explanation is in the next chapter.

III.1: POST, Boot Keys and the Boot.ini
The first thing that the BIOS does when it starts the computer is the Power On Self Test, or POST
for short. The POST has nothing to do with Windows or any other Operating System cause no
Operating System is loaded at this early stage. It is a BIOS built-in diagnostic program that checks
all the important hardware to ensure that everything is present and functioning properly, before the
BIOS begins the actual boot. These important hardware basically contain the Processor, the
system buses (small connecting wires that carry information), the video card and all the devices
needed by the target OS for its computing environment. It later continues with additional tests like
memory testing and RAM enumeration including other conventional tests that you may see on
screen before the Operating System starts.

POST runs quickly and you may not even notice it has occurred except for the time when your
computer develops a serious internal hardware problem (like damaged RAM Modules etc.). At this
stage you may get to hear a series of beeps emanating from the computer. These beeps are meant
to give you a fair idea of what the internal problem is. Most motherboards have a set of POST Error
Beep codes. Like for example, my computer has a Mercury Intel 845GLM-L motherboard and a set
of two beeps denotes that the system has started without any problems. Different BIOSs have
different error codes. Some computers start without giving any beep. Whatever the case may be,
POST error codes help system servicemen to analyze the problem and rectify it accordingly.
Normal beeps can be disabled completely by changing the computer sound jumper (pin) on the

Boot Keys are the keys that allow you to interrupt a normal boot process and give control to the
user to select some hitherto unknown system options. You may have observed at system startup
that if you press the F8 key a list of new options is displayed on the screen. As explained in the
previous chapter, you can press the Del key to enter the system BIOS and you can interrupt the
booting sequence by pressing Esc and selecting a new boot device (Of course if the Try Other Boot
Devices option in the BIOS is enabled your computer will definitely boot even if no proper bootable
image is found on the device you selected by interrupting the normal sequence). There are no well
defined boot keys as such, but the most common ones that are usually found on any system are
Esc,F1, F2, F3, F4, F5, F6, F7, F8, F10, F12 and Del. The function of the keys may differ on your
computer but commonly these keys are used to boot from a floppy disk, go to the BIOS, interrupt
the boot sequence to select boot device, display advanced options for Windows like the boot into
Safe Mode, use Last Known Good Configuration etc., bypass CD ROM boot check etc.

The Boot.ini is perhaps the most important file that allows you to start Windows (.ini files are
initialization files). The Boot.ini file always resides in the first drive (i.e C:\) no matter what and
where the Operating System is (except for non Microsoft OSs like Linux etc. these OSs carry their
own Boot loaders and are normally executed before the Boot.ini file).

Normally you will not be able to see the contents of the Boot.ini file at Windows startup if you have
just one Operating System installed.

A typical Boot.ini file looks like this:

[boot loader]

Page | 27 Riyaz Ahemed Walikar
A Beginners Approach to Windows

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

Like all other .ini file the boot.ini file can be opened in notepad and viewed or edited for reference.
To open the boot.ini file on your computer go to Start >> Run and type “\boot.ini” without the
quotes. The file usually has Read-Only and Superhidden attributes. You may not be able to change
the contents and Save the file.
There is another safer method of looking at the boot.ini file. Go to Start >> Run and type
“msconfig” without the quotes to open the System Configuration Utility (Not found on 2000). The
fourth tab is the boot.ini file. Here you can change the boot parameters, add switches, change
timeout, check boot paths etc. Windows will request a restart after you say OK. Restart the
computer to see the changes.

 If your computer has its Operating system on some other drive other than
the C: drive you may not be able to open the boot.ini file with “\boot.ini”
instead replace the “\” with “C:\” without the quotes.

Hence boot.ini has the necessary information to tell the computer the location of the Operating
System. If you have multiple Operating Systems, then your file may look like this:

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Edition"
Let us dissect the file and view each line in contemporary fashion.
[boot loader] >> This line tells the computer that the boot.ini file is a Boot Loader for the
Operating System. After this verification is done the computer jumps to the timeout section
timeout=30 >> This line tells the computer to wait for 30 seconds (time is as specified)
while displaying the Operating System menu.
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> This line tells the
computer to start the computer with \Windows folder located at the first partition (partition(1)) in the
first hard disk (disk(0)) which is a IDE device (multi(0)) on the primary IDE Channel (rdisk(0)). This
is the default option and will be used if no Operating System is selected by the user.
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"
/fastdetect >> This line tells the computer to boot into the first partition (C:\) when
selected. The name of the Operating System is Microsoft Windows XP Home Edition. The
/fastdetect part is called a switch which causes the computer to start the said Operating System in
several different ways for different switches.
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional
Edition" /fastdetect /bootlog >> For computers having more than one OS, you come
across another line which looks something like the above. This line indicates that the OS is located
in the second partition (typically D:\)

Common Switches: Switches are like arguments given to the boot.ini file to start the selected OS
with certain selected features. The list of switches is huge and needs an in depth understanding of
memory, video, graphics, drivers and what not. The following is a selected list.

Page | 28 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Causes Windows to use the standard VGA display driver over custom display drivers.

Causes Windows to write a detailed log of the boot to the file %SystemRoot%\Ntbtlog.txt

Causes Windows XP to display a custom Boot Screen created by a user. Detailed procedure of
creating a custom Boot Screen is given in the Windows Tips & Tricks Chapter.

The default boot option for Windows. Windows Plug and Play device drivers perform detection of
parallel and serial devices like keyboards and mice at startup but this is not required when booting
Windows. Thus, specifying /FASTDETECT causes NTDETECT to skip parallel and serial device

Causes the system to boot as if the Last Known Good Configuration Option was chosen. This
option has its advantages that the user can automatically boot to a previously saved good
configuration in case of a system crash and if the system hangs on a normal start.

Limits Windows to ignore (not use) physical memory beyond the amount indicated. The number is
interpreted in megabytes.
Example: /MAXMEM=64 would limit the system to use the first 64 MB of physical memory even if
more were present. Useful in investigations of memory related system crashes.

Causes Windows to hide the boot screen. The VGA video driver responsible for displaying the
bitmap (picture of Windows starting) is not initialized. Use in conjunction with /BOOTLOGO or

Specifies the number of processors that can be used on a multiprocessor system. Example:
/NUMPROC=2 on a system with 3 processors will cause Windows to use two out of the three

Causes Windows to use only one CPU on a multiprocessor system. Same as /NUMPROC=1.

Causes Windows to boot into safe mode. An unnecessary switch in fact since Ntldr (Windows NT
Loader) specifies it when booting into Safe Mode using the F8 key just after the second beep on a
normal computer or during the time when the boot.ini file is being displayed. Following the colon
users must specify either one of the three additional switches; MINIMAL, NETWORK or
DSREPAIR. The MINIMAL and NETWORK flags correspond to safe boot with no network and safe
boot with network support, respectively. The DSREPAIR (Directory Services Repair) switch causes
Windows to boot into a mode in which it restores the Active Directory service from a backup
medium you present.

Causes Windows to display the device drivers that are loaded at system startup. The system
version number (including the build number), amount of physical memory, and number of
processors is also displayed. This switch should be used with the /NOGUIBOOT switch. This switch

Page | 29 Riyaz Ahemed Walikar
A Beginners Approach to Windows

is very helpful if your system stops responding during startup. Especially if the loading bar on the
Windows Boot Screen freezes you can at least boot into safe mode change the boot.ini file by
adding a /SOS switch and boot normally to see where it freezes.

Incorrect changes to the boot.ini may prevent you from booting into your computer. In that case
boot from a floppy (Windows 98) or start the computer with the Windows CD (Windows XP) and
copy the backup file into the C: drive. For Windows XP you cannot copy the file to C: drive (If your
OS is in C: drive). But you can create another boot.ini file through the recovery console. Detailed
explanation is provided in the Troubleshooting Common Problems chapter under The Recovery
Console section.

III.2: Windows Logon & Startup
The boot process of Windows 98 is outlined below followed by the booting of Windows XP system.
The study of the boot process (also called bootstrapping) is very essential as far as Windows
Troubleshooting is concerned.

The Boot process of Windows 98 goes through the following important stages:
o The hardware mode
o Real mode
o Protected Mode
o OS & desktop Initialization

After the POST an Interrupt to run the boot sequence is issued. An interrupt is like the branching
out of the flow of a program to complete another task and then returning execution to the main
program from where the interrupt was issued. The interrupt in this case is called INT 19h. Here the
first boot device is checked and if there is no OS present then you will see a ―DISK BOOT
FAILURE, INSERT SYSTEM DISK AND PRESS ENTER‖. The information to search for the first
boot device is taken from the BIOS settings. Then the control is moved over to the MBR from which
the Partition Information is read. The Initial Program Loader (IPL) searches the boot.ini and loads
the OS into memory. Here the hardware mode ends.

The Real mode is when real mode or 16 bit Windows components are loaded into memory. The
physical memory gets divided into the Base Memory (640 KB) for real mode components, the
Expanded Memory (If base isn‟t enough) and the Extended Memory for 32 bit applications. Files
that are put into the Base memory are IO.SYS, MSDOS.SYS, CONFIG.SYS, COMMAND.COM and
AUTOEXEC.BAT. This is typically the starting scenario for a DOS machine.

Base Memory Expanded Memory Extended Memory

Windows 98 can read 32 bit applications using a file called HIMEM.SYS which is used to read
programs from the extended memory. If the base memory gets overcrowded with applications then
the Base Memory is expanded and a file called EMM386.EXE is used to access applications in it.

After memory segregation is done, IO.SYS is loaded which is responsible for probing the hardware,
it also displays the C:\logo.sys file which contains the bitmap image of the startup. Next the
MSDOS.SYS, which is also called the kernel of DOS, is loaded into memory. It is responsible for
the loading of the drivers and managing applications interactivity with the hardware. Then
CONFIG.SYS is put into memory which loads hardware configuration. COMMAND.COM, the

Page | 30 Riyaz Ahemed Walikar
A Beginners Approach to Windows

command line interface of Windows 98 is loaded and then Autoexec.bat is parsed. This ends the
Real Mode.

The Protected Mode loads the Windows files, by using WIN.COM and by using the system.ini and
registry settings. The OS and Desktop Initialization phase of bootstrapping loads several important
files needed for the Graphical User Environment to function properly. These include the
KERNEL386.EXE (The kernel for Windows 98), KRNL32.DLL (Its API), GDI.EXE (Graphics Device
Interface), GDI32.dll (Its API), USER.EXE (User Configuration) and the USER32.DLL (Its API).
Finally Explorer.exe is executed and the desktop is shown.

Windows XP boot differs in several aspects. The Windows XP booting scenario consists of the
following stages:
 Pre-Boot Sequence
 Boot Sequence
 Kernel Loading
 Logon Sequence

The Pre-Boot Sequence is the POST and the INT 19h boot loading. The Boot Sequence is very
important and some important decisions are taken here. NTLDR is the most important file required
to boot. This file transfers execution to other files when it finishes loading all the files under its
environment. The NTLDR first accesses the file system on the boot drive (typically C:\), then if
hyberfil.sys is found, and if it contains a previous hibernation image then the contents of
hyberfil.sys are loaded into memory and the system resumes off where it left off. If no image is
found then the boot.ini is read and the boot menu displayed. Once Windows XP is selected, NTLDR
runs ntdetect.com, which gathers information about the computer's hardware. Then all the
information collected by ntdetect.com is passed to ntoskrnl.exe by NTLDR, which is then loaded
into memory. Ntoskrnl.exe is the kernel of Windows XP and is responsible for various system
services such as hardware virtualization, process and memory management, etc. There is actually
another file that exists. This file called ntkrnlpa.exe is for processors that support Physical
Address Extension (PAE). PAE is a feature of processors that allows for upto 64 GB of physical
memory to be used in 32-bit systems!! The kernel pair names differ on systems with different
number of processors. If you are one a computer with a single processor then these files are
Ntoskrnl.exe and Ntkrnlpa.exe. For a multiprocessor system they are Ntkrnlmp.exe and
Ntkrpamp.exe. Both these files are located in the system32 folder in the Windows directory.

In the Kernel loading phase, ntoskrnl.exe calls Hal.dll. This file provides and handles the interaction
of software and hardware via the Hardware Abstraction Layer (HAL). HAL is an abstraction layer,
implemented in the Windows OS, between the physical hardware and Windows XP. The kernel
forms the link between users and the computer, over which the entire OS runs and the HAL allows
Windows to recognize all hardware, including the buses, processors and memory modules, hence if
the HAL is damaged or is missing, Windows will not start. Then the Session Manager Subsystem
(SMSS.exe) is loaded into memory. SMSS.exe performs several critical operations, such as the
creation of environment variables, starting Client/Server Runtime Subsystem (CSRSS.exe). It
stays in memory even after the system has started up completely to handle the creation of logon
sessions via Winlogon. The CSRSS.exe provides functionality for applications to interact with the
Windows API functions in the various system DLLs.

 DLLs or Dynamic Link Library files that are used by Executable files for additional
processing. These files store additional definitions, functions called API for Application
Programming Interface and information that is required by the main executable to run

Page | 31 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The Logon Sequence occurs with the help of several Windows Components. A file called the
LSASS.exe (Local Security Authority Subsystem) is loaded into memory which is responsible
for enforcing the security policy on the system. It also verifies users logging on to the computer and
creates security tokens or user information relating to access permission and rights. The Graphical
Identification and Authentication is implemented in Windows XP via a file aptly called msgina.dll. It
is also responsible for displaying the "Security Options" dialog when the user is logged on, which
provides options to shut down, log off, change the password, start the Task Manager, and lock the
workstation, when the user presses Ctrl+Alt+Delete. Along with msgina.dll and winlogon.exe the
Windows Login Screen, which is actually a file called logonui.exe, is displayed.

After the loading of drivers is completed, Windows searches for user profiles and loads them into
memory. This is done by winlogon.exe which stays in the memory even after Windows starts
entirely. User enumeration is slightly tricky, read carefully to understand the method. Windows XP
Home Edition creates a password-less Administrator account during installation and another
default password-less account called the Owner. The story is somewhat different with Windows XP
Professional Edition, which creates an Administrator account but asks you to give a password
during installation. Along with it, it also allows you to create accounts before logging in. After
creating users, you can easily login using these accounts. There exists another default created
account called the Guest account on both types of XP which is explained later.

Welcome Screen - Print Screen 3.1

The Welcome screen is perhaps one of the most innovative ways of logging into a Windows XP
box. This interactive method allows you to login using just a single click of your mouse (of course if
there is no password). By default, Windows XP Home Edition logs into the Owner‘s account. The
login screen is displayed only if there are 2 or more active users on a computer or if your account

Page | 32 Riyaz Ahemed Walikar
A Beginners Approach to Windows

has a password or if Auto Login is disabled. The Administrator account is hidden by default.
Whatever the case may be, to wait at the login screen create another user, or give your account a
password, or turn on the Guest account or logoff once you login or unhide the Administrator
account… Read the chapter on the Windows registry for the hack.

 To change the way users log on and off and to change user attributes and to
create new users, go to Start >> Control Panel >> User Accounts, and follow
the onscreen instructions.

This screen is displayed by a system file called logonui.exe that is generally found in the system32
folder in the Windows directory. This screen too can be changed by changing the address of the
logonui.exe file to a custom logonui.exe file in the registry. More of this in the Windows Tips &
Tricks chapter under the Logon section. If your computer has been configured to shutdown without
logon, then you will see a Shutdown button in the lower left side of the screen. Just click on your
user name (enter a password if you have one) and you will be logged in into your account. During
the welcome display you will hear an audio file being played. This audio file is a Microsoft WAV file
that is played from the C:\Windows\Media\ folder. The file is named as Windows XP Startup.wav.
Similarly during shutdown a file called Windows XP Shutdown.wav is played. There is a method
by which each individual user can play his or her custom audio file during system startup and
shutdown, the normal conditions being that the files should be in the Microsoft WAV format. During
the play of this audio file and the Welcome message, Windows loads the user‘s folder settings and
start menu items, the customized user desktop and startup programs. The folder and icon settings
along with the specific users registry settings are stored in the C:\Windows\Documents and
Settings\$Username$\ where $Username$ implies the logged on user name.

Startup programs are those applications which run at Windows startup without the user‘s
intervention. These programs write their address into the registry in such a place that Windows
starts these programs as soon as you logon. An example of this type of program could be an
Antivirus or the MSN Messenger. These programs do not usually harm your computer‘s normal
working unless they belong to the category of viruses. But to conserve memory and to prevent any
program related system crash, it is better to have minimum number of startup programs.

There are basically four places where a startup program could possibly write its address. These
places are common for both Windows 98 and Windows XP. The first 2 places are in the system
registry and the other 2 are on the hard disk.

The first registry location is:

The second registry location is:

There usually exist three more locations under the CurrentVersion key for both HKLM and HKCU
called RunOnce, RunOnceEx and RunServices. Entries under these keys are usually one time
executing programs and system services. There are some very smart viruses out there that write
their address as an argument to the system shell (explorer.exe), which is obviously dangerous
since the virus is executed even in safe mode. Always make sure the value of Shell at the following
location is Explorer.exe

\HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon

Page | 33 Riyaz Ahemed Walikar
A Beginners Approach to Windows

 HKCU stands for HKEY_CURRENT_USER and HKLM stands for
HKEY_LOCAL_MACHINE. The address under HKCU‟s Run will cause the program
pointed by the address to run at startup of the user for which the program was
installed. The address under HKLM‟s Run will cause the program pointed by the
address to run at startup of ALL Users irrespective of who installed it.

The other 2 places you will find startup programs addresses are in the WIN.INI file and in a folder
called Startup in the Start Menu.

First let us see the WIN.INI file. The WIN.INI file resides in the Windows directory and is a very
important Windows system file when it comes to 16 bit applications. 16 bit applications are those
which run on processors which are of 16 bit or higher. Windows XP and Windows NT are full
fledged 32 bit systems whereas Windows 95 is a 16 bit Operating System. The WIN.INI and
SYSTEM.INI files used to keep user related and system wide settings in older Operating Systems
that are now primarily taken over by the registry.

The popular game Prince (the DOS Version) is a 16 bit application whereas most applications on
today‘s computers are 32 bit like Macromedia Dreamweaver MX which is a web designing and
editing tool.

Windows XP requires WIN.INI to store the settings of 16 bit applications. To open the WIN.INI file
go to C:\Windows\ and double click on the WIN.INI file. The WIN.INI file may have several sections
run at startup by writing their location in the WIN.INI file under the section called LOAD. If you are
extra cautious like me, then there is another method of editing the WIN.INI file without messing
anything up. Go to Start >> Run and type msconfig. After the System Configuration Utility opens
up, click on the third tab which is the WIN.INI file assorted into sections. Just remove the tick
against load (if it is there) to remove the given program from startup. Click on OK and restart if you
wish to.

Finally, a folder called Startup is responsible for startup programs. Since this is just like any other
folder (except for its special location), programs themselves can be put in this folder or their
address can be copied into it in the form of a shortcut. Every User has his own Startup folder
located in C:\Documents and Settings\$Username$\Start Menu\Programs\ where $Username$
has to be replaced by the name of the user. There is a common Startup folder whose contents will
always run no matter who the user at startup. This common All Users folder is located at
C:\Documents and Settings\All Users\Start Menu\Programs\.

Frequently visit these locations to see and delete entries that you find out of the order.

 Many viruses and other harmful programs usually run at startup. These
locations will provide you with the culprits. Caution has to be taken though;
you may end up removing a „good‟ program from startup.

Many a times you may find your system to be running more slowly then expected. Often it is due to
unwanted programs running at startup like the Windows Messenger and Windows Update even
when you are not connected to the net. You can change or delete these programs from startup at
your will.

After your system starts completely, the boot configuration and system startup configuration is
stored in the registry to be used as the Last Known Good Configuration. This same setup will be

Page | 34 Riyaz Ahemed Walikar
A Beginners Approach to Windows

loaded if your system does not start and you select the Last Known Good Configuration option at
System startup by pressing F8.

III.3: The Desktop
The screen that you see once Windows starts completely is called the Desktop. The desktop
consists of the background picture called the wallpaper, the desktop icons and the taskbar along
with the start button. The Windows Desktop can be customized and changed according to the
mood and style of the user. The Windows desktop acts as the starting point for your Windows
Exploration. The Start button and the taskbar have been taken up separately to give a better
understanding of individual components.

To change the wallpaper, do the following;
 Right click on a blank area on your desktop.
 Select Properties to open the Display Properties dialog box. Click on the Desktop tab.
Select the wallpaper you want from the list or to search for your own wallpaper click on
 Click on OK to apply and exit.

To change the screen resolution, do the following;
 Right click on a blank area on your desktop.
 Select Properties to open the Display Properties dialog box. Click on the Settings tab.
 Select the Screen Resolution and the Color Quality. For best clarity and optimal picture,
select screen resolution as 1024 by 768 pixels and color quality as 32 bit.
 Click on apply.
 If you can see the new screen click OK else if your screen goes blank with an Out of
Frequency message then WAIT FOR 15 SECONDS, to restore the screen.

Each user on a Windows XP system have their own desktop and icon settings. Initially when the
user first logs on or when a new user is created, the desktop looks very much the same with the
same green meadows wallpaper, but these and the other settings can be changed by the
respective user.

The Windows XP desktop usually has only the Recycle Bin when you first start your computer after
Windows XP installation. The Recycle Bin as the name suggests is a place where the deleted files
are kept. You can later retrieve files from it and restore the files to the original place from where it
was deleted or empty the Recycle Bin to delete contents permanently. Periodically you should
empty contents of the Recycle Bin.

III.4: The Start Button
Click here to begin!! This button gives you access to almost everything on your computer. Right
from the Control Panel to the Windows Media Player you can do almost everything and go almost
anywhere. If you still don‘t know what I am talking about (Duh...) the Start Button is the small green
button on the left down corner of your computer‘s desktop. This button (labeled start) is your
beginning point for any activity.

If you move your mouse over the start button you will see a yellow box appearing next to the mouse
pointer saying Click here to begin. This box is called a tool tip. Tool tips are concise information
about Windows files and components which pop up here and there to give relevant information
about the component over which the mouse was moved or is currently standing.

Page | 35 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Click the start button to see an assorted collection of items. Coming from the top to the bottom and
from left to right you will see the following components.
 Username: Your name and the picture of your choice always appear at the top of the start
 Internet & E-Mail: These are applications that are permanently found on the start menu
allow you to access the internet and check your e mails. By default the web browser and
the e mail client on a Windows XP computer are Internet Explorer and Outlook Express
 Recent programs: Here you will find six of the most recently used applications. This part
of the start menu changes as you use your computer.
 All Programs: You can click here to see all the programs installed on your computer.
Periodic reminders are also shown here if any new program has been installed.
 Common Folders: This part of the start menu (the right hand side) consists of locations on
the computer where you can save documents, picture and music files in their own folders.
Generally you will find My Documents, My Pictures, My Music and My Computer here. An
expected folder not listed here is the My Videos. All these folders (My Pictures, My Music
and My Videos) are found in My Documents.
 Control Panel: When you click on this, you will be taken to the Control Panel, a place
where you can change and modify several system settings. The Control Panel is such an
important place that an entire chapter has been dedicated to it.
 Help & Support: The Windows XP Help Center is one of the best collections of support
and troubleshooting issues ever written. You will find everything here, literally everything,
including advanced issues like Server Configurations. Just open help & Support and type
‗Walkthroughs‘ to see a plethora of collected virtual animated stuff that will help you sort
through common issues.
 Search: Search, as the name suggests, is used to locate files on your hard disk. You can
use both advanced as well as simple search.
 Run: A helpful component of Windows that allows us to run any program or open any
folder or file by just typing the path and pressing Enter or OK. Some programs run without
giving the full path if their folder is in the system path.
 Log Off: Click logoff to complete your Windows session and return to the Welcome screen.
You can even use the Switch user button to let someone else use the computer. By doing
this you will be brought back to the Welcome screen but your programs will not be closed.
You don‘t have to close your applications to switch users. Running too many applications
can slow down your computer. To quickly Switch User, press the Start button and L.
 Turn off Computer: Click here to turn off the computer, restart or put the computer in
stand-by mode to conserve power. If your computer supports Hibernation, then you can
hibernate your PC by pressing Shift at the shutdown menu. The Stand-By button should
turn into a Hibernate button.

 On Hibernating, Windows XP dumps the entire contents of the memory on to
the hard disk and switches of the computer. When you start again this hard
disk data is loaded back into memory and you can resume your work as you
had left it. This data is kept in a file called Hiberfil.sys in your root drive.

The start menu can also be accessed from the keyboard by pressing Ctrl + Esc. This key
combination will pop up the start menu; you can then navigate using the arrow keys on your
keyboard. Most keyboards nowadays also have a Windows key on the keyboard between the Alt
and Ctrl keys. To change the components and to customize the start menu, Right Click on the Start
button and select Properties.

Page | 36 Riyaz Ahemed Walikar
A Beginners Approach to Windows

III.5: The Taskbar
Another major component is the Taskbar, which forms the lower blue portion of the desktop. The
Taskbar‘s job is to show open programs and directories and to collect minimized applications. The
taskbar has 4 major parts. The first one is the start button; the second is the Toolbar section the
most common of which is the Quick Launch; the third one is the tasks section which shows open
windows and minimized applications and the last is called the system tray.

The start button has been taken up in the previous section, coming to the Toolbars; there are a
number of them. These may be added by external programs like the Google Desktop or are
Windows customized like the Windows Media Player and the Address bar. To see the entire list,
Right Click on the taskbar, select Toolbars. Quick Launch is the most common among them all. You
can have more than two Toolbars on the Taskbar. You can even create your own customized
Toolbar. The Quick Launch Toolbar consists of frequently used applications like the Windows
Media Player and can be opened with a single click. You can add your own programs and folder
shortcuts to the Quick Launch for easy one click access.

The third section is the tasks section. Here you will see minimized windows and open applications
with their titles. The Windows XP Taskbar has a special feature that it makes each open program to
collect and group open windows if several windows accumulate on the taskbar. You have to then
just click on the taskbar then to switch between files within the program.

The last section of the taskbar is the system tray, which displays the system time and other
important notifications. The System Tray is called the Notification Area in Windows XP. Here
important information like Windows Product Activation, CD Burning info and Windows Product
updates etc. is often displayed. Sometimes background running applications also have their system
tray icon over here and you can access many of the application‘s commands by using the right click
of your mouse on that particular programs icon.

To adjust the system date and to customize the system tray, right click anywhere in the system tray
and select an option.

The Taskbar can be dragged and moved around to any of the four sides of the Explorer Window.
First make sure though that It‘s not locked. Right click the taskbar and uncheck Lock the Taskbar

Assume that several windows are open at once and the taskbar is filled with windows and then you
want to access a file on the desktop, how do you go about minimizing all open windows? The
answer lies in the right-click menu of the taskbar (except over the start button). If you see carefully
there is an option called Show the Desktop. This command causes all open windows to be
minimized to the taskbar irrespective of whether they have a minimize button or not. Cool ain‘t it?

 Try pressing the Windows Logo Key + D. This key combination also
minimizes all open windows so does the key combination of the Windows Logo
Key + M.

You can also Cascade windows behind one another and Tile windows vertically and horizontally
from this right click menu of the taskbar. To customize the taskbar, right click on the taskbar and
select properties.

We shall take up the Windows Interface, Explorer in detail in the next chapter.

Page | 37 Riyaz Ahemed Walikar
A Beginners Approach to Windows

1. This is for users with a single OS; Enable the visibility of the boot.ini file at system startup.

2. Make the Windows Calculator run at system startup for all users without using the

3. Convert the normal start menu to the Classic Start Menu and remove „Run‟ from it.

4. Drag and put the entire Taskbar right on top of the desktop.

Page | 38 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Explorer & the Windows Interface

This chapter explains all the important concepts related to the Windows interface, including disk
drives, services, file extensions, system restore and task management. The concept Windows
Product Activation is also taken at a basic level. Searching for files and understanding the
importance and disadvantages of using the default My Documents folder is also explained.

After this chapter the reader should be able to:
 Explain activation and activate his/her copy of Windows through the internet.
 Explain the various components of the Windows Explorer.
 Identify various applications by looking at file extensions.
 Explain basic Windows services.
 Use system restore to correct problems
 Use the task manager to end unwanted tasks and processes.

Note: Readers can skip the Windows Product Activation section and move ahead. This section had
to be included here expecting that after the installation of Windows, Windows users may need
some amount of aid since Windows prompts users to ―Activate Windows‖ by giving periodic
reminders in the system tray.

Page | 39 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The desktop, the start button, the taskbar, the icons, the folders and everything else on the
computer that users can interactively work around with is run through Explorer. Every operating
system has something called as a shell. Older Operating Systems had Command Prompt as the
shell. Windows 3.1 had the File Manager. Now we have the Explorer. The shell of Windows is
called as Explorer which is an executable file in the C:\Windows\ folder called explorer.exe. Every
instruction that is given to the computer is first interpreted by Explorer and gives the resultant output
after getting the job done by several other exes and dlls. Like suppose you would want to see the
contents of a CD, then you would normally go to My Computer and click on the CD Drive icon. All
this is through explorer. In the pages to come we shall some of the most important concepts of this
important system file called explorer.exe.

IV.1: Windows Product Activation (WPA)

Microsoft has introduced a revolutionary technology in Windows XP to combat the growing menace
of piracy. Windows XP asks for something called as Activation after installation. Activation requires
the user to activate with Microsoft within a certain amount of time (30 days after the first run of the
OS) in order to continue using the operating system. The informaton transmitted to Microsoft during
activation includes a cryptographic hash of the following ten values:
 Display adapter name
 CD-ROM/ CD-RW/ DVD-ROM identification
 RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.)
 IDE adapter name
 Processor type
 SCSI adapter name
 Processor serial number (if applicable)
 Hard drive device type
 Hard drive volume serial number
 Network adapter MAC address (if present)

This information is used to generate a number which, along with the CD Key and country of
installation, is transmitted to Microsoft.

Activating and registering with Microsoft enables you to get faster help and resources to manage
your computer more efficiently from time to time.

Activation is extremely easy and useful. Activation is compulsory wheras Registeration is optional.
Due to activation you cannot install the same copy of Windows XP on two different computers.

After you complete installing Windows XP, and start the computer for the first time, you will see a
reminder in the system tray that tells you to Activate Windows. You can use Windows for a period
of 30 days after which your computer will be locked at logon. After the 30 day period if you click on
your username then explorer is not started, instead the WPA wizard opens up and asks you to
Activate or Remind later. If you select Remind later then you are logged off. The only 2 ways in
which you can reach to your desktop is by either Activating or through safe mode. But through safe
mode Windows starts with the lowest configuration so you can‘t use your audio or video devices
and several other devices. So activation is the best option. Going through the advantages of using
Windows XP over other Operating Systems, activation and using the original source shouldn‘t be a
big drawback.

To activate Windows start the Windows activation wizard either by clicking on the reminder or by
going to Start >> Programs >> Accessories >> System Tools >> Activate Windows. The wizard

Page | 40 Riyaz Ahemed Walikar
A Beginners Approach to Windows

is an executable found in the C:\Windows\System32\oobe\ directory called msoobe.exe run with
an argument of /a.

 „msoobe‟ in „C:\Windows\system32\oobe\msoobe.exe‟ stands for Microsoft Out of
box Experience. The „/a‟ argument is given to the exe to start the Activation wizard.

Hence another method of starting the wizard would be to go to Start >> Run and type
C:\Windows\system32\oobe\msoobe.exe /a as shown.

There are 2 methods of activating Windows, in the first method you can activate through the
internet; it‘s hardly a 20 second job. In the second method you are prompted to call a Windows
representative to whom you are supposed to dictate out a Windows XP generated number to which
in return the Windows representative will give a number in return which you are supposed to enter
in the Wizard. We shall see both the methods in detail now.

Activation through Internet: The fastest and the best method. First connect to the Internet. To
connect to the internet see the section on Network Connections in the Control Panel chapter. Start
the WPA wizard and select the first option which says ‗Yes, let‟s activate Windows over the internet
now.‘ Click on Next. In the next page that opens you will be asked if you would like to register with
Microsoft along with Activating Windows. As mentioned earlier registration is optional and is not
required to activate Windows.

 Registering your copy of Windows is actually advantageous if you frequently go
online. Microsoft notifies it‟s registered users of product updates, new products, events
and special offers.

If you select the first option to register and activate Windows, Windows will ask you to fill out a form
where you have to mention your name and address along with your country. You can skip this page
if you are not interested by clicking on skip or press Next to continue.
Windows will now check for internet connectivity and you will have activated Windows in no time.

Activation through phone: This is a slower method and can be used by users who do not have an
internet connection. Anyways start the WPA wizard and select the second option which says ‗Yes I
want to telephone a customer service representative to activate Windows.‘ This method involves 4
steps. Windows will generate a new installation ID as mentioned earlier form specific hardware
components which will be used during activation.
Step 1: You have to select your current location. This is so that the computer can search and
display a telephone number for you to call.
Step 2: A telephone number is provided depending on the location you just selected. Call on this
number to talk to a customer service representative.
Step 3: The customer service personnel will ask you for the Installation ID which can be seen down
here that consists of 54 numbers arranged in 9 blocks of 6 digits each. If the customer service
representative asks you to change your product key only then click on the Change Product Key
else leave it as it is.
Step 4: After you tell the customer service representative the installation ID, he will dictate out a 42
digit number which has to be entered in the 7 blocks numbered A, B, C, D, E, F and G with 6
numbers in each. After entering the number into the blocks click on Next to complete activation.

You have to activate Windows during the 30 day period, else you will be logged off if you wish to
activate later. You cannot use Windows after this period except through safe mode.

Page | 41 Riyaz Ahemed Walikar
A Beginners Approach to Windows

IV.2: The GUI Environment

The Windows Graphical User Interface (GUI) environment is a result of its shell that is due to
Explorer. The Windows Explorer has many useful features but to understand each one of them we
need to understand some of the basic concepts of this powerful yet simple program. In this section
we shall see some of the basic components of a standard explorer window (for e.g. My Computer).
Whenever you open any folder, there are some very common ‗parts‘ of the window that are present
in most other explorer windows. Except for a few shell folders (system folders) most other windows
and folders have the same basic structure.

Let us take the example of My Computer. It is a shell folder. Normally My Computer will have the
following toolbars, menus and components:

The Title Bar: This is the topmost bar, usually blue in color. This bar shows the name of the open
window preceded by the icon of the folder (Print Screen 4.1a). This bar also contains the Minimize,
Restore or Maximize and the close button. The Minimize button is the first from the left and is
denoted by a minus (-) sign. The restore button is visible when the current window is maximized
else the maximize button is visible in the same place. The restore button is a small ‗dual window
placed behind one another‘ kind of thing. The maximize button is a square window. The close
button is an X which is the button to the extreme right (Print Screen 4.1b). Minimizing is to reduce
the current open window to

Title Bar - Print Screen 4.1a

Title Bar - Print Screen 4.1b

the taskbar. Maximize is to fill the screen with the open window and Restore is to put the window to
the original size the way it was opened (or resized or positioned). If a window is restored you can
resize the window to suit your need. Move your mouse over the edge of the window till the normally
single sided arrow key turns into a double sided arrow. You can then click and drag to resize. You
can also double-click on this bar to toggle between maximize and restore modes (if supported). You
may have noticed the small icon on the extreme left on the title bar, well this icon allows you to
maximize, minimize, close, restore or move the current window. Just click on it and you will be
presented with a menu.

The Menu bar: This is the second bar from top to bottom. This bar contains common menu options
like File, Edit, View, Favorites, Tools and Help.

File contains options like Open, Delete, Search, Explore, Rename, Send to, New and Properties. If
you have installed third party softwares like WinZip and Winamp then their options are also found in
the File menu. (Print Screen 4.2) If no item is selected then the File menu contains just Close and
New. The file menu changes for different types of files. In My Computer you will not get options of
Delete and New because there is nothing in My Computer that you can delete.

Edit contains options like Undo, Cut, Copy, Paste, Paste Shortcut, Copy to Folder, Move to Folder,
Select All and Invert Selection. Most of these options have their keyboard shortcuts mentioned and
these shortcuts are universal, that is they work in most applications including Microsoft Word and
MS Visual Studio. Undo (Undo your last action) – Ctrl + Z, Cut – Ctrl + X, Copy – Ctrl + C, Paste –

Page | 42 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Ctrl + V, Select All (selects all objects in the folder or file) – Ctrl + A. The Invert Selection is used to
invert the current selection.

File Menu - Print Screen 4.2

View contains options to enable or disable the viewing of other toolbars in the page. It also contains
options to change the current viewing of file and folder icons. You can change the current view to
thumbnails, icons, list tiles and details. The most informative of these being the details view. You
also get to arrange icons according to their name, size, type etc. Under View itself you have the
option of choosing details for the current folder. You can select several attributes to be shown in
Arrange Icons by option by going to Choose Details. You also have the Go To option which takes
you to recently visited places or up one level. Finally there is the Refresh option to refresh the
contents of the current folder.

Favorites menu allows you to customize the current folder to be easily accessible by adding it to the
Favorites list. You can also navigate to common web pages over the internet like MSN and hotmail.

Tools menu usually has just four options, Map Network Drive, Disconnect Network Drive,
Synchronize and Folder Options. Map Network Drive allows you to assign a drive letter to a shared
network folder from some other computer on the network so that you can access it through My
Computer. Disconnect Network Drive disconnects the connected network drive and Synchronize
allows you to update your offline web pages from a network resource. Folder Options is a very
important and integral part of explorer. Using this tiny component you can change folder settings
and file extension properties. You can change the applications with which a file opens currently. For
example we know that .txt files open with notepad, using folder options we can change it to another
application. It is explained in detail in the Control Panel Chapter. The Folder Options dialog is
available under View in Windows 98.
You can use the Help menu to open Help & Support Center for any help about Windows and its
components. There is also an internet shortcut to find out if your current copy of Windows is legal or
not. Then there is the About Windows dialog box that gives you information about the current

Page | 43 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Windows installation including available memory to the OS. You can also read the EULA by clicking
on the EULA link.

The Standard Toolbar: This bar is the one below the menu bar. If this bar is not visible then go to
View >> Toolbars >> Standard Buttons to enable this toolbar. The most common buttons you will
see on this bar are the Back, Forward, Up, Search, Folders and Views. To add more buttons right
click on the bar and select Customize. This bar is like a shortcut to View, Edit and File menu but
with graphical images. Instead of going all the way to Edit >> Copy you can just click on the copy
button on the standard toolbar. The Copy button does not exist on the bar by default. Go to View >>
Toolbars >> Customize and add it.

The Standard Toolbar - Print Screen 4.3

Another thing that is important on this bar is the Folders option. When you click on this button what
you see is the typical explorer window that was seen in Windows 98. The left hand side of the
window separates out in a tree like format and the right hand side displays the contents of the folder
selected on the left hand side. You can use this Window to drag items from one folder to another in
the left hand side. To move objects from one folder to another, press the Alt + Shift keys and drag
the file or folder from the right hand side to another folder on the left hand side folder. To copy
objects, press the Ctrl key or simply drag the file or folder from the right hand side to another folder
on the left hand side tree. To create a shortcut of the item in another folder, press the Ctrl + Shift
keys while dragging the item.

The Status bar: The status bar is the down most bar in an explorer window. If this bar is not visible
then go to View and select the Status bar option (second in line) to enable this toolbar. This bar
shows information about the current folder and its contents.

The Status Bar - Print Screen 4.4

The Address Bar: This bar shows the current location and can be used to open any file or folder in
the computer by typing the path of the folder or file over here and pressing the Go button. If you
cannot see the address bar, right click on the standard toolbar and select the address bar option;
OR go to View >> Toolbars >> Address Bar. You can even select a location to go from the drop
down menu of the address bar.

Address Bar - Print Screen 4.5

 Explorer windows just like Internet Explorer windows can be viewed in Fullscreen.
To toggle between Fullscreen press F11 on the keyboard.

Now leaving the topic of toolbars, let us see something more elaborate and interesting that comes
with the Explorer of Windows XP. Also called as Common Tasks, this is a novel concept employed
by Windows. Explorer recognizes contents of folders and displays common tasks in the left hand
pane of the Window. For e.g.: If a folder contains video files, then common tasks will contain ‗Play
all‘ which enables direct playing of all (compatible) video files in Windows Media Player. Common
Tasks also contain links to ‗useful‘ places which includes ‗My Computer‘, a details box which

Page | 44 Riyaz Ahemed Walikar
A Beginners Approach to Windows

displays File Properties of any selected file. Using the Common Tasks you can copy or move files &
folders; rename and delete files etc.
If the common tasks pane is not visible then go to Tools >> Folder Options, under the General Tab
select the Show common tasks in folders option. Click on Apply and OK. This setting is universal,
that is, it will be applied to all folders on the computer.

 The Enter key on the keyboard is also called as a Carriage Return.

IV.3: The Right Click Context Menu

One of the several things that simplify computing in Windows is perhaps the Right Click menu
which can be used on almost anything in Windows. The right click menu contains many options that
otherwise you would have to search under File and Edit or in the common tasks pane. You can
even add your own options in the right-click menu either through the Windows registry or through
Folder Options under Tools. The right click has many options depending on where and on what it is
clicked. Some options like Open and Delete may remain constant no matter where the right click is
used; any other special option is taken up below as and when they come into picture. Doing a right
click over any object or place is the same as selecting the object and pressing Shift+ F10.
Let us see some of the most common places the right click is most likely to be used:
My Computer: The right click menu of My Computer has Open, Explore, Search, Manage, Map
Network Drive, Disconnect Network Drive, Create Shortcut, Delete, Rename and Properties.
Search opens up Windows Search for File and Folders also accessible through the Start Menu.
Manage opens Computer Management, one of the most important utilities in the Windows XP
package that allows you to configure everything from disk drives to connected devices to running
services. Create Shortcut creates a shortcut of My Computer on the desktop. Delete allows you to
delete the My Computer Icon from the desktop. You cannot delete My Computer practically but you
can hide it as just that this option does. To restore the icon back you have to go to Display
Properties in Control Panel, under the Display Tab click on Customize. Renaming the My Computer
to anything you like (standard names – no \ / : * ? ― < > | etc) is made easy by using the rename
option. The Properties option of My Computer opens the System Properties dialog box which
shows system information like OS version and available memory. Here you can also change the
name of your computer and adjust memory settings.

 When ever you right click over any item, the option that you see in bold black is the
action that is performed when you double – click on that item and often it is the Open

Desktop: The right click menu of the desktop is quite unique compared to others. Here you will get
the option to Arrange Icons according to Name, Size, Type and Date Modified. If you see carefully
there is an Option to Show Desktop Items. You can hide desktop icons by deselecting this option.
Cool isn‘t it? You can also auto arrange icons on the desktop if they are strewn around a lot. You
can run the Desktop Clean Wizard from here. The Desktop Clean Wizard is a small utility that
allows you to delete unused icons from the desktop to make the desktop clutter free. Along with the
Arrange Icons options there is a screen Refresh option which is the same as pressing F5 on the
keyboard. If your Graphics Card driver supports right click contextual menus then you may also see
graphic related options typical to the installed graphic adapter. Another important option that you
usually get to see is the New option. This option allows users to create a new file, folder or shortcut
just by clicking on New and selecting the appropriate type. The Properties option of desktop opens
the Display Properties dialog box, which other wise can also be opened from the Control Panel.

Page | 45 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Start Button: The right click menu of the Windows Start Button has options like Open, Explore,
Properties, Open All Users and Explore All Users. When you click on Open, C:\Documents and
Settings\$Username$\Start Menu\ is opened, where $Username$ is your username. Start Button
Properties opens up the Taskbar & Start Menu Properties where you can customize the look of the
start menu. Open All Users opens C:\Documents and Settings\All Users\Start Menu\ folder and you
can create or edit shortcuts here.

System Tray: The system tray‘s right click menu has the Toolbars option, Adjust Date/Time,
Customize Notifications, Cascade Windows, Tile Windows Horizontally, Tile Windows vertically,
Show the Desktop, Task Manager, Lock the Taskbar and Properties. You can disable or enable the
Quick Launch through the Toolbars option. You can also open the Task Manager from here.
Customize Notifications will help you to change the display option for information or icons displayed
in the system tray. It is the same as selecting Properties and then clicking on Customize from the
Taskbar & Start Menu Properties dialog. Show the Desktop option minimizes all open windows
irrespective of whether they have a minimize button or not. You can also Cascade windows behind
one another and Tile windows vertically and horizontally from this right click menu of the taskbar.
To customize the taskbar, right click on the taskbar and select properties.

Quick Launch: Most of the options are the same as that of the system tray or taskbar in general
except one. If you carefully right click on the Quick Launch without moving over any other icon then
you get an option to Open Folder which takes you to a folder whose path is C:\Documents and
Settings\$Username$\Application Data\Microsoft\Internet Explorer\Quick Launch which proves that
Internet Explorer and the Windows Explorer are closely related to such an extent that IE configures
many Explorer settings.

Recycle Bin: This is an interesting system folder. The right click menu of the Windows Recycle Bin
has usually just 4 options: Open, Explore, Empty Recycle Bin and Properties. Practically there is no
method to get rid of the recycle bin except through a modification in the system registry. The Open
and Explore options open the recycle bin to display contents. Empty Recycle Bin erases all deleted
files from the bin. A confirmation is asked before deleting since these files will be irrecoverable after
being erased from the Bin. The Properties option will open the Recycle Bin Properties. Here you
can specify the size of the Recycle Bin. By default it is 10 % the drive size but this amount can be
varied. You can conserve disk space by reducing the size of the recycle bin but if a file you are
deleting has a file size larger than the allotted space of the recycle bin, then the file is deleted
directly without being put into the Recycle Bin. Here you can select a Global option to have the
Recycle Bin to manage its size by taking the indicated size of each drive or you can configure each
drive independently. You can also direct the Recycle Bin to delete the item directly without sending
to recycle bin and you can also enable or disable the showing of a confirmation message before
going ahead with the deletion.

Folders: When you right click over any folder, the most common options are already available but
an extra option that you will find is the Sharing and Security option. By clicking on this option and by
setting options in the resultant dialog box that opens you can share a folder over the network for
easy access. The Send To option allows you to copy the folder onto a floppy drive, a CD Drive (if it
is a writer), Desktop as a shortcut and to My Documents. The Properties option of a folder has a
Customize tab along with the General and Sharing tabs. Under the General tab you get to see the
Type, Location, Size, Size on Disk, Contains, Created and the Attributes like Read Only or Hidden
etc. Setting the attribute to Hidden will cause the Folder to get hidden and you will be able to see it
only if the Show Hidden Files & Folders option is enabled under the View tab in Folder Options. The
Customize tab helps you to customize the look and feel of the selected folder. You can describe the
folder as a Music, Video or Picture folder by selecting the appropriate option under the Use this
folder type as a template drop down box. If you wish to be reminded about the contents of the
current folder then you can Choose Picture to be seen when the folder is seen with the Thumbnail

Page | 46 Riyaz Ahemed Walikar
A Beginners Approach to Windows

view. You can even change the icon of the folder to any icon of your choice. You can select an icon
from the %SystemRoot%\system32\Shell32.dll file or from any .exe, .dll or .ico file by clicking on

Files: The right click menu of most recognized files is the same except for the Open and Edit (if it
exists) options. When you click on Open the file opens with its default application. Like suppose you
have .txt file then it will open with notepad by default. But if you wish to open that file with WordPad
or Microsoft Word then you have to press Shift and then give a right click on the file. Then select
the Open With… option that enables you to select another application for the current file extension.
If a file with an unrecognized file extension exists then double clicking or selecting open from the
right click context menu will cause Windows to pop up a box saying that it cannot open the file but
you can go online and check out what application supports that file extension; or if you know what
program the file will run with select the second option and you will be presented with a dialog from
which you can select the program. If in the future you want file with that extension to always open in
the program that you just selected then select the Always use the selected program to open this
kind of file checkbox and press OK.
In the Properties box of files you usually get to see the Type of File, Name of the Program that it
opens with, location, size, dates on which the file was created, modified and accessed. You can
change the default program with which the file opens by clicking on Change. The number of
informative tabs in the file properties box may differ with different files.
File and Folder renaming both follow the same law. You cannot use \ / : * ? “ < > | or . because
these characters are meant to be reserved for the OS.

In Folder: This section of the chapter basically points to the menu that is generated when you right
click in a blank area in the folder. The right click menu changes with the type of the folder. For
example, if the folder has been specified as a picture folder then the view and Arrange Icons by
options have extra folder specific options like view as Filmstrip and Arrange icons by the date on
which the pictures were taken. You can even customize the folder by selecting the Customize this
folder option from the menu. You can even see the properties of the folder by selecting properties
from the context menu.

On Drives: When you use the right click on a hard disk drive you get an option never seen before
called Format which erases the data on that particular disk and prepares it for new usage. You can
format using any of the 3 available file systems (NTFS, FAT32, FAT).

Page | 47 Riyaz Ahemed Walikar
A Beginners Approach to Windows

CD Rom Right Click Context Menu - Print Screen 4.6

You cannot format an active drive like the one that has your operating system or the other drives
until and unless there is absolutely no file from that drive that is being used by the OS. Another
option available is the copy command which copies the entire contents of the present drive to the
location you say paste on (of course the destination drive should have that amount of memory to
hold the contents of an entire drive). The Properties option of disk drives opens the drive properties
dialog which gives information on the disk usage and free space remaining on disk in the form of a
pie chart. The file system is also mentioned. You can run the disk cleanup which cleans the drive of
unwanted temporary files and recycle bin files alongwith catalogs. If supported, you can also
compress the drive to save disk space. Under the Tools tab you can check the current drive for
errors and defragment if you wish to. CD ROM & Removable Drives get an additional option called
eject which pops the CD Tray out or ejects the hardware which will no longer be detected by
Windows till the next boot or when the device is removed and reattached. You cannot format CD
Roms, but you can erase Rewritable discs.

Internet Explorer icon on Desktop: This had to be included here because of its unique properties.
The Internet Explorer (IE) icon of the desktop usually has just 5 options in its right click menu. The
first one being Open Home Page which opens the browser and takes you to the home page to
which the browser was set the default being
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome. You can change this to any
site you want to by going to the Properties options. The next option in the menu is the Create
Shortcut which creates a shortcut to Internet Explorer on the desktop. Delete causes the IE icon
from the desktop to be hidden and like the My Computer icon you can enable it back again by going
to Display Properties. The next is Rename which as the name suggests allows you to rename the
IE icon. The last being properties opens the Internet Properties, also accessible through the Tools
menu in IE as Internet Options. The Internet Properties allows you to change several options
including management of history folder, adjust privacy settings and enable or disable Java logging.

Page | 48 Riyaz Ahemed Walikar
A Beginners Approach to Windows

 To see the properties of any item just press the Alt key and double click over it or
press Alt + Enter after selecting that item.

Most options in the right click of any item can be accessed by their shortcut key. You can make out
the shortcut key by looking at the underlined letter in the option name. If you right click using your
mouse you may not be able to see the underlined line, but you can always use the combination of
Shift + F10 to see the key. For example click on any folder using you mouse; give a single click to
just select the folder. Then press Shift + F10 to pop up the right click menu. If you see carefully the
letter r is underlined in the option of Properties. Now press r on the keyboard to open the properties
of that folder, its as easy as that.

One thing that is quite interesting on the classic desktop of Windows XP is that no matter what and
how many icons are there on the desktop, no matter what filenames they have; whenever you right
click on the desktop and say Arrange Icons by Name, Size, Type or date Modified some icons
refuse to follow the command. These include the My Documents, My Computer, My Network
Places, Recycle Bin and Internet Explorer in that order. Try dragging these icons elsewhere on the
desktop and then rearrange icons on the desktop through the right click and see for yourself.

IV.4: My Computer

All the drives and folders on your computer can be accessed from one place with ease. The My
Computer system folder can be reached through the Start Menu if your Windows XP has the default
Start Menu; otherwise you will typically find it on your desktop.

 A funny way of opening My Computer is by going to Start >> Run and by typing
three or more than three DOTS (…). The maximum is 227 dots. Works on Windows XP.

First to make My Computer more understandable through this text do the following:
o Open My Computer in any way you like and maximize the screen.
o Right click in any blank area of My Computer and select View >> Tiles
o Next, right click again and select Arrange Icons By >> Type
o Then finally right click again and select Arrange Icons By >> Show in Groups

My Computer shows all the disk and floppy drives connected to the computer. Alongwith these
items you will most probably see the My Documents folder of the other users too. This is true if you
are an administrator on your computer. The Control Panel is also visible in My Computer. If it‘s not
visible you can still access the Control Panel from My Computer by clicking on Change a Setting in
the System Tasks in the Common Tasks pane. If you are still not satisfied and would like to see the
Control Panel over here then go to Tools >> Folder Options. In the Folder Options dialog that opens
go to the second tab (View Tab) and scroll down in the Advanced Settings section and check the
option that says Show Control Panel in My Computer.

If you have opened My Computer through the desktop or through run then the Forward and Back
buttons are grayed out. But you can always use the Up button to go to the Desktop.

The Common Tasks pane of My Computer has three sections, the topmost section is the System
Tasks, the second sections is the Other Places and the last one is the Details.
By default the System Tasks has 3 options and 4 options when a CD-ROM drive is selected. The
first one is View System Information, which is the same as a Right Click >> Properties of My
Computer, which shows the System Properties dialog. The second option is the Add or Remove
Programs, which opens up the Add or Remove Programs window from which you can install and

Page | 49 Riyaz Ahemed Walikar
A Beginners Approach to Windows

uninstall programs. The third option is the Change a Setting, which opens up the Control Panel.
There is a fourth option too, but only visible when you select a CD-ROM or any other ejectable
drive. This option called Eject this disk causes the CD ROM Drive tray to come out so that you can
insert a CD or replace the existing one. You can also eject a CD or DVD Drive by giving a right click
over it and selecting eject from the context menu.

The Other Places section contains links to places like My Network Places, My Documents, Shared
Documents and Control Panel. You can navigate to these locations simply by clicking on these

The Details section shows information about items that are selected like if a disk drive (C:\ Drive for
example) is selected then this section will contain details like name of drive (disk label), File
System, Free Space and Total Space of the selected disk drive.

You can rename only the disk drives in My Computer. You cannot rename the Documents folder of
other users. These folders are shortcuts to the My Documents folder of the other users on your

One feature of Explorer is that when you insert a CD into the CD-ROM drive, then Windows
automatically reads the data and opens up the appropriate program or asks you for some action.
For example if you have inserted an mp3 music CD then Windows will automatically ask you to pick
an action or if the default is set to open Windows Media Player then the player will open up and
start playing. You can change these and other Auto Play settings by going to properties of the CD-
ROM drive in My Computer.

The My Computer icon from the desktop can be hidden by a Right–Click delete. As mentioned
earlier, this does not delete My Computer but actually hides it. To restore My Computer, go to
display Properties and under the Desktop tab click on Customize Desktop. Put a check mark
against My Computer and say OK.

You can format a standard floppy disk in two ways, either through the Command Prompt or through
Explorer, that is, through My Computer. To format a floppy disk or to create a Startup Disk, Right–
Click on the floppy icon and select Format. From the Format dialog box select whether to enable
quick format or not and then click start. To create Startup Disk put a check against the Create an
MS-DOS Startup disk option and click on Start. Startup disks can be used to start your computer in
MS-DOS if your computer is giving problems and then you will be able to at least copy important
data to your other drives then format and reinstall the OS in the same drive. The Windows XP
startup disk is not of much help since XP has the Windows Recovery Console., but for Windows 98
it‘s a different story.

Page | 50 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Floppy Format - Print Screen 4.7

 Assume you have opened C:\> and minimized it and then later you have opened D:\> drive; now to copy a file
from one place to another you can press Ctrl and click and drag the file to the minimized window and wait till
the window maximizes and then drop the item in that open window. Same is true for the desktop, if you have
many windows open, you can drag the file over to a blank spot on the taskbar and wait for all open windows
to minimize automatically upon which you can then drop the item on the desktop.

If you try dragging an entire drive or any other item onto some other item then you will notice that
no copy of the item is made instead a shortcut is created pointing to the item in My Computer. If
Windows cannot create a shortcut at some place due to some reason then it will ask you if you wish
to place the shortcut on the desktop or not. Like in My Computer itself, if you try dragging a hard
disk drive to the Floppy Drive Icon then (if there is no floppy in the drive) Windows will inform you
that the shortcut cannot be created and whether you would like to place the shortcut on the

Windows XP has integrated CD Burning into explorer, a technology until now never seen in any
Microsoft OS. If you have a CD-RW Drive, that is, a drive that can burn CDs, then you can copy
data to the CD Drive by merely giving a Right-Click on the file or folder and selecting Send To >>
CD-RW Drive. Once you have sent all data to the drive, go to My Computer and double click on the
CD-RW Drive icon to open it and select Write these files to CD from the common tasks pane on the
left hand side. You will be presented with a Wizard that guides you through the writing process. By
default the drive writes at the maximum speed that the CD can take. If you want to adjust the speed
of the drive while writing a CD then open My Computer, Right-Click on the CD-RW Drive icon and
select Properties. Under the Recording tab select the recording speed that the drive should employ
to write CDs. Until the CD is written Windows stores the temporary files on the hard disk whose

Page | 51 Riyaz Ahemed Walikar
A Beginners Approach to Windows

location is given by C:\Documents and Settings\$Username$\Local Settings\Application
Data\Microsoft\CD Burning\.The $Username$ is replaced by the current logged on user‘s

 CD Burning refers to the procedure of writing data on to CDs using specialized
software and a drive that can essentially write data from the computer on to the CD

The CD Writing Wizard- Print Screen 4.8

IV.5: %Homepath% & My Documents

A standard home computer may have many Users and therefore it becomes essential that each
user may have his or her separate folder with customized looks. The term %Homepath% is
actually the name given to the current user‘s special system folder. Every user has his own special
folder that is created when the user was created on the computer. This folder is the C:\Documents
and Settings\$Username$\ folder that is found in the %Homedrive% (C:\ drive in this case). You
can use these terms as shortcuts to open their respective folders. Just go to Start >> Run and type
%Homepath% and press Enter to see your folder.

 The %homepath% folder can also be opened by going to Start >> Run and typing a
single dot (.) OR a double inverted comma (“). Works for Windows XP.

Page | 52 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Let us take a standard example of Administrator. His %homepath% will be C:\Documents and
Settings\Administrator. This folder has all the settings of the current logged on user (the
Administrator in this case). When newly created a standard %homepath% has the following items:
 Application Data H
 Local Settings H
 Templates H
 PrintHood H
 SendTo H
 NetHood H
 Ntuser.dat.LOG H F
 Ntuser.dat H F
 My Recent Documents H
 Ntuser.ini H S F
 Desktop
 Start Menu
 Favorites
 Cookies
 Windows
 Administrator‘s Documents

The H and S signify Hidden and System attributes of the files and folders. The F is shown here to
signify that it is a file. You may not be able to see all of the above mentioned files and folders. To
see all the above mentioned files and folders, go to Tools >> Folder Options and under the View
tab select the option that says Show hidden files and folders, further scroll down and remove the
check mark that says Hide protected system files (Recommended). Windows will warn you that it
ain‘t good but you continue and click on Yes. Although not necessary for the beginner, we shall now
see the basic importance of some of these files and folders. What should be more relevant to the
beginner is the last folder in the list i.e. the My Documents folder (current user is Administrator).

Application Data: This folder contains standard file settings for different applications. For example
if you have Adobe‘s Photoshop 6.0 installed and you have used it at least once then this folder may
contain user specific brushes and color settings etc. This folder may also contain a folder called
Microsoft under which you will get the user specific settings for various Microsoft Applications like
Word, Excel and Internet Explorer. The Quick Launch that you find on the taskbar is actually a
folder whose location is C:\Documents and Settings \Administrator\Application
Data\Microsoft\Internet Explorer\Quick Launch. Programs may not work correctly if these sub
folders are moved or altered.

Local Settings: Local Settings has 4 important folders 2 of which can neither be shared nor
customized. One is the History folder that contains Internet Explorer (IE) History and Temporary
Internet Files which stores files that are downloaded temporarily on to the system, like for example
if you visit http://www.microsoft.com then all images and flash animation files are downloaded and
kept in this folder and then displayed in IE so that if you come back to a certain page back again
then the page reloads faster. The other 2 folders are Application Data and Temp. Application Data
here also does almost the same thing except a few changes here and there. One important thing to
notice is the CD Burning folder that Windows uses while burning CDs. The Temp folder is a (as the
name suggests) temporary folder that is used by setup files and running applications to create
temporary copies of opened files. The contents of these files are periodically deleted by the
applications themselves. This folder also holds the Error Report that the Error Reporter talks about.
If that did not make sense then let me explain; Windows XP has an inbuilt error reporting tool that
takes a snapshot of the system when an error occurs and prompts you to send the error report to
Microsoft so that they can help you rectify the problem. This error report is kept in folders having
weird names like dir.000.tmp and the like. The Temp folder can also be accessed from the desktop
by going to Start >> Run and typing %Temp% in the text box. You can safely delete the contents of

Page | 53 Riyaz Ahemed Walikar
A Beginners Approach to Windows

the Temp and Temporary Internet Files periodically to conserve hard disk space. It is actually good
practice to delete the contents of the Temp folder since they may contain harmful files downloaded
accidentally from the web.

Templates: This folder contains the templates that are used when creating new files by
applications. Like for example if you select File >> New in Microsoft Word then the file that is
created is a copy of the file winword.doc until it is saved. A Template is basically a master copy of
a file which applications use to create child documents out of.

SendTo: This contains some of the items that are seen in the right-click menu of most files and
folders. You can add your own shortcuts here and see the result in the right-click menu.

Ntuser.dat.log: This file alongwith Ntuser.dat is used by Windows and it contains user specific
information like User settings of the Desktop and application permissions. More on this in the
Registry Chapter.

My Recent Documents: This folder contains the shortcuts to the documents opened in the current
session. You can see these files in the Classic Start Menu under the Documents option. Along with
files opened, this folder also contains the shortcuts to folders opened but you cannot see the folders
in the start menu.

Desktop: This folder contains the desktop icons, files and folders of the current user. Along with the
icons from the Desktop folder of All Users, your current desktop is displayed.

Start Menu: This folder contains all the icons and folders from the Start Menu of the current user.
This along with the Start Menu of All Users, your current Start Menu is displayed.

Favorites: This folder contains the links and the Links folder that are displayed in the Favorites
Menu in the Menu Bar of any Explorer Window.

Cookies: This folder contains cookies downloaded from the internet. Cookies are small helper files
that enable a website to recognize the current visitor and display certain logged on user specific
information on their webpage. For example assume that you are surfing a shopping website and
you want to buy a camera and you even book it and the next time you go online after may be 3
days and you log in to the website. The website then shows that you have booked a camera. This
information is stored in small files called cookies which are stored by the website on to your
computer. Cookies are practically harmless but if you are still concerned about security you can
disable them completely through the Internet Options dialog.

Administrator’s Documents: This folder contains files and folders personal to the user. This same
folder is also seen on the Desktop and in the Start Menu. Each user has his/her own personal
folder with sub folders already customized by Windows to store Music & Video files. A standard My
Documents folder contains pre-customized folders like My Music, My Pictures and My Videos.

The My Documents folder is usually found on the desktop if you are using the Classic Start Menu
else it will be there in the Start Menu. You can have it in both the places in fact. Just right click the
My Documents icon in the Start Menu and select the Show on Desktop option.

If you wish to make your My Documents folder inaccessible to the other users of your computer
then you can do it by making your folders private. This is not applicable everywhere but limited to
only C:\Documents and Settings\$Username$ and sub folders, where $Username$ is your
username on the computer and C: drive is the root drive on which Windows is installed. To make a
folder private, Right-Click on the folder and select Properties; after which under the Sharing tab, put

Page | 54 Riyaz Ahemed Walikar
A Beginners Approach to Windows

a check mark against the Make this folder private option. Another thing to notice about the My
Documents folder is that it does not have the Customize tab in its Properties.

One thing that makes no sense is the fact that Microsoft advises their OS users to store all their
files in their My Documents folder. You may have seen during Windows Installation that setup
splashes information on the screen telling you to store files and other data in My Documents. Even
when you want to save a file in Notepad, MS Word, MS Excel or any of the several other
applications that allow you to create and edit files, you may have noticed that the default folder that
is opened to save is the My Documents folder. Also when you want to open a file from the File >>
Open menu of the application, often it is the My Documents folder that opens up for you to select a
file. The reason that it does not make any sense is because of the simple reason that the My
Documents folder lies in the %systemroot% drive. Now you may wonder what is wrong with it. Well
your %systemroot%, usually the C:\ drive, contains the Operating System and it may so happen
that your computer may get infected with a virus or any malicious program and it is a fact that most
viruses infect system files and that means that the possibility of you reinstalling Windows cannot be
ruled out. There are viruses out there that can literally wipe out boot sectors. So if someday your
computer refuses to start, giving an error that Ntdll.dll could not be found or Error Loading
Operating System and there is no other way other than formatting your drive, creating a new boot
sector or a Master Boot Record and reinstalling Windows what will you do to save your files?

The best workaround to the above problem is that you can create two or more than two partitions
and name one as Data and the other as Multimedia and so on and save crucial data on to these
drives. In that way, even if something happens to your computer and you have to reinstall Windows
you can still pray that your data is almost safe. You can make something foolproof, but you
can‟t make something damn foolproof. If your data matters to you more than your life, then
please take a backup on to an external device and regularly scan your computer using an updated

IV.6: Recycle Bin

The Recycle Bin is like a dustbin in which you throw away unwanted stuff from folders. Whenever
you right-click and select delete, the file or folder is stored in the Recycle Bin until it is ready to be
thrown out permanently. Files and folders can also be deleted by pressing the Delete key on the
keyboard. Normally when you delete a file or folder, Windows asks you to confirm the deletion by
popping a confirmation message. This message can be bypassed by changing the properties of the
Recycle Bin.

You will under normal circumstances you will always find the Recycle Bin on the Windows Desktop.
When you first run Windows, Recycle Bin is the lone component that you will see sitting on the
desktop in the right hand corner down. Recycle bin is an effective solution for unwanted files that
keep piling up. You can periodically delete files that you do not need and if the need arises restore
them from the Recycle Bin. You can even configure Windows to delete files permanently out
without storing them in the Recycle Bin. Although this is not advised, you can still do it.

 To delete items permanently without sending them to the Recycle Bin you can press
Shift + Delete.

You can adjust the Recycle Bin to store files upto a certain size and delete the remaining. To adjust
these and other settings, right-click on the Recycle Bin icon and select Properties to open the
Recycle Bin Properties dialog box. Here you will see „n‟ tabs where n-1 is the number of drives on
your computer. One tab which is extra under the Recycle Bin Properties is the Global tab. If the
Use one setting for all drives option is selected under this tab then all other options are disabled

Page | 55 Riyaz Ahemed Walikar
A Beginners Approach to Windows

under the other tabs. Keeping this option selected you can then adjust the maximum size of the
Recycle Bin in terms of percentage. This is a common setting for all drives. Let us take an example
to understand this option more clearly. Assume that you have a computer with a 40 GB hard disk.
Your computer has 4 drives of 10 GB each. Now your computer‘s current Recycle Bin setting allows
you to store files which will not take more than 10 percent of the drives. That means that you cannot
store more than around 100 MB of deleted files in the Recycle Bin.

 All data on a computer is stored in the form of binary numbers so that the processor and other devices can
understand it. Binary format is a form of storing data using just two numbers: 1 and 0. The word „Hello‟ may
be stored as 110010101000100110. These digits are converted to high (1) and low (0) forms of voltage by
semiconductor devices and transistors seen on the motherboard and inside the processor. A high voltage
(around 6 volts) is interpreted as a 1 and a low voltage (around 2 volts) is interpreted as a 0 by the processor
and other hardware.

 A group of 4 digits is called a nibble. 2 nibbles make a bit. 8 bits make a byte. 1024 bytes make 1 Kilobyte
(KB). 1024 kilobytes make 1 Megabyte (MB). 1024 megabytes make 1 Gigabyte (GB) and most computers
today have 40 to 80 GB hard disks. When saying 40 & 80 GB disks, the size is literally not so. 40 GB comes
out to 38162 MB (37.26 GB) practically.

If you attempt to delete a file whose size is larger than the limited size then the file is deleted
directly. Windows asks you before deleting though.

If you notice carefully there is an option to delete files directly without sending them to the Recycle
Bin. You can even prevent Windows from displaying a confirmation box when you delete an item by
de-selecting the Display delete confirmation dialog. Click on OK to save changes.

If you open the Recycle Bin, you will see that the common tasks pane has a section called Recycle
Bin Tasks which contains just 2 options. One is to Empty the Recycle Bin. This will delete all files
from the Recycle Bin forever. You can restore all items from the Recycle Bin to their original
locations by selecting the Restore all items option from the Recycle Bin Tasks section of the
common tasks pane. You cannot open a file or folder when in Recycle Bin. If you right click over
any item you will see that the default action that is performed is to show the properties dialog of the
item. If you want to see the contents of a file or folder you have to either restore the item to its
original location or you can cut the item and paste it in any folder and then open it. The properties
dialog of the items in the Recycle Bin may not show you the exact location instead you may be
shown only the folder. Like for example if you have a file in D:\Games\Section 13\data\system\
called soldier.tfp and if you delete it and then you see the properties of the soldier.tfp file in Recycle
Bin, you may be shown that the Origin of the file is ‗system and now you will have to wonder where
the file will go if you restore it because there could be several folders with the name system,
Windows itself has a folder called system which stores all system files in Windows 98 and mouse
and keyboard drivers in Windows XP. A way of knowing the location of a file is to see the tooltip
that Windows displays when you move your mouse over the file in Recycle Bin.

You can change the icon of the Recycle Bin (full and empty) by opening Display Properties and
selecting Customize Desktop under the Desktop tab.

IV.7: Searching for Files

Most computers have on an average 25000 files; these include your Windows system files and your
personal data. Some people have large collections of music and video files on their computer
whereas some people like me like to collect desktop wallpapers and other pictures. I have a
whooping 11,674 pictures on my hard disk. In these cases you may want to get a certain file and

Page | 56 Riyaz Ahemed Walikar
A Beginners Approach to Windows

you just can‘t remember the locations or you may know the location but you don‘t know the file. I
have met people who have forgotten where they had kept their entire mp3 collection, overnight!!

Windows Search comes to the rescue on these accounts. Older versions of Windows also had a
Search option but it wasn‘t all that user friendly. Windows XP has a search that you would love to
use. Windows XP‘s integrated explorer search allows you to search for any kind of file from any
folder on your PC. Open any folder, My Computer for instance, and just click on Search on the
standard toolbar (there is a magnifying glass next to it, you can‘t miss it) to open the search pane
on the left hand side of the screen. Windows XP search is pretty much self explanatory. In the
search pane click on the Pictures, Music, or Video option to search for any or all of them. You can
even use advanced search options and search with a filename. If you don‘t know the name of the
file but you know that it began with nat then you can use wildcard characters like the asterisk (*).
Just type nat* and click on search. Windows will search all files that begin with nat and which are
pictures or music files or videos depending on the option selected. You can even search for
Documents which include MS Word, MS Excel, MS PowerPoint and other Office applications. You
can specify the time when it was modified to search faster.

These are not the only file types you can search. Use the All files and folders option to search for
files of any extension by just putting the extension of the files preceded by an asterisk. For
example, if I want to search for a video file whose name contains the letters ‗per‗and whose
extension was something like .av, (assume I can‘t get the remaining letters), I can still search and
get positive results. I have to just open search and click on the All files and folders option. In the
first text box, All or part of the filename, I have to type *per*.av* and click on search. This will cause
Windows to search all files which have the letters per and whose extension begins with av. I may
get a search result with my file Superman.avi somewhere in the D:\ drive.

You can use this Windows search tool to search for computers on your network or you can use it to
search for people in your address book which you may have configured for Outlook Express (it‘s a
mail client). Help and Support centre is also accessible from here. You can then use Help and
Support for your other searches. You can even search the Internet through the Windows search!!

You can customize many things in Search. Just click on Change preferences. You can turn off the
animated character that is visible and active below or you can switch him for another character.
More characters are available when you install MS Ofiice. Indexing service is an interesting
concept; when you select the Yes, enable Indexing Service option, Windows automatically
categorizes and indexes files and folders throughout your computer and keeps the records of each
and every folder on your computer so that searching takes place more faster and effectively.

If you are well versed with file extensions and file names you can try using the Advanced Search
Mode as default. Click on Change files and folders search behavior and select Advanced. Click OK
to save changes. You can also disable Search from showing informative balloon tips. Suppose you
have searched for a file called mother.jpg, which by its extension we know that it is a picture file,
now turning AutoComplete off will prevent Windows from showing the last few entries that were
made during the search and you will have to type the name all over again. With Auto Complete on,
you have to just type in the first one or two characters and the previously searched words beginning
with the same characters are displayed.

After a search when the searched files are being displayed you can right click on any of the files
and select Open Containing folder to see the other files in that directory. After finishing a search
you can even save your search as a *.fnd file. To save your search, just right-click anywhere in a
blank space in the search window and select Save Search. Type a name for the file and click on

Page | 57 Riyaz Ahemed Walikar
A Beginners Approach to Windows

One of the things that most people don‘t know is that you can make the animated character do
several tricks that it is programmed to do. Just give a single click on it and select Do a trick from the
menu that comes up. I personally like Merlin and his cooking of green magic potion trick.

Search can be run from any folder by clicking on search from the standard toolbar, but remember to
change the Look In section of the search to the folder of your choice because Windows will search
for files only in that folder through which search was opened. The other way of opening the Search
window is through the Start button. Click on Start >> Search >> For files or folders.

IV.8: File Extensions & Open With

Windows and similarly all applications recognize files by something called as file extensions. File
extensions are nothing but the part that comes after the dot (.) in a filename. Windows recognizes
almost all file extensions except those for which no programs are installed. Windows explorer itself
being a .exe file is an executable file because of its .exe extension. Windows will not recognize that
.doc is a MS Word document unless and until Office is installed and MS Word is present.

Windows by default hides file extension of known file types. This can be quite disastrous since
there are viruses that have icons of picture files and have long and attractive filenames so that the
innocent computer user may fall prey to the program. Since extensions are hidden by default an
unsuspecting user might open the virus (since it‘s an exe, it will run) thinking that it is a picture file.
To show file extensions open any folder and go to Tools >> Folder Options to open the Folder
Options dialog box. If there is no Option for Folder Options then it will be disabled through the
registry, jump to the chapter on Windows Registry, enable Folder Options and come back here.
Under the View tab of the Folder Options dialog, scroll down and deselect the option that says Hide
extensions for known file types. One file that does not show its file extension even after removing
this check and that is the shortcut file. Windows shortcut files have an extension of *.lnk (link when
extended) All the program shortcuts in the start menu and the desktop have an extension of .lnk.
Windows programmers were aware of the fact that there could be deceiving viruses out there so to
prevent infections out of stupid actions this option was built. But if even shortcuts would show their
extensions then the entire desktop, start menu, search and all the other places where shortcuts are
used would look all crappy. Also any accidental changes to these shortcuts would prevent some
programs form running properly.

Below is a list of some common file extensions that you would probably see on a normal computer
along with a brief description and the name of the application(s) that can be commonly used to
open and handles such file extensions.

Extension Description Application

*.ADP Microsoft Access Project File MS Access

*.AIF AIFF Audio file QuickTime Media Player

*.ANI Cursor Files. The Windows mouse cursor etc.. Windows

*.ASF Audio/Video file Windows Media Player

*.AVI Audio Video Interleaved file. An AVI clip is a Windows Media Player
series of bitmap frames like a movie.

Page | 58 Riyaz Ahemed Walikar
A Beginners Approach to Windows

*.BAT Batch Files. DOS commands script file. Very Windows (run as an
helpful in running common tasks. executable)

*.BMP Bitmap Image MS Paint/Adobe Photoshop

*.CAB Cabinet files. Mostly used by setup files Windows
during installation of a program. Data is stored
in these files and copied to the system from

*.CAT Catalog files. Security & Program Crypto Shell Extensions
descriptions. ‗rundll32.exe cryptext.dll‘

*.CER Security Certificate files. Validates program Crypto Shell Extensions
and system interaction. ‗rundll32.exe cryptext.dll‘

*.CHM Compiled HTML help file. Files containing hh.exe
help and information about a program.

*.COM Command prompt or MS – DOS applications. MS-DOS / Windows
Found in abundance on older systems.

*.CPL Control Panel Extension files. Components of Windows / Control Panel
the Control Panel which are run with

*.DAT Data files. VCD movies and program Windows Media Player
information formats. (VCD)/Associated program

*.DB Database files. Common eg is the Thumbs.db Windows
file found in Windows XP.

*.DBF Database files. Tables of version I, II, III & IV Microsoft Access

*.DIB Image files. Paint

*.DLL Dynamic Link Library files. One of the most Windows / Application for which
important extensions in Windows. Used by developed
almost all applications to call Windows
functions and procedures or run self
developed procedures. E.g All Windows Icons
and tool tips are stored in shell32.dll file.

*.DOC Word Document MS Word

*.DOCHTML Word HTML Document MS Word

*.DOT Document Template file MS Word

*.DRV Device Driver. Allows the hardware to interact Windows
with the OS.

*.EXE Executable file Windows

Page | 59 Riyaz Ahemed Walikar
A Beginners Approach to Windows

*.FLA Flash Document. Flash animation and effects Macromedia Flash
are done through this file.

*.FON Font File. Contains fonts to be used by fontview.exe

*.GIF Image file. Two or more frames can be added MS Paint / Adobe Photoshop
to make a single gif image which will then give
an animated look. Used in buttons on
websites and on banners.

*.GZ Compressed file. Used as an archive. Winzip

*.HLP Help files. Contain help and information about winhlp32.exe
program they come along with.

*.HTML HyperText Markup Language files. Webpages Internet Explorer / MS
basically. Frontpage / MS Word

*.ICO Icon files. MS Paint

*. INF Setup information files. Any Text Editor
(e.g. Notepad)

*. INI Program Initialization files. Contain program Any Text Editor
configuration settings. (e.g. Notepad)

*. JPEG/JPG Image file. Clear images and a reduced file MS Paint / Adobe Photoshop
size. Much smaller than *.bmp files.

*.KEY Registration entries. Contains information Windows /
specific to the system registry. Information Edit - Any Text Editor
can be added to the registry by right-click (e.g. Notepad)
Merge or double click.

*.LOG System or program log files. Contain Any Text Editor
information about what happened in the past (e.g. Notepad)
when the program was running.

*.M3U Media list. Used by media applications to Winamp /
store path and filenames of media files which Any Text Editor
are to be being played. (e.g. Notepad)

*.MID/MIDI MIDI audio file. Not music exactly but a series Winamp/Windows Media
of tones that appear in a tune. Mobile Player.
ringtones and Old Video game music are

*.MMM Multimedia Movie Clip Windows Media Player

*.MOV QuickTime Movie QuickTime Player

*.MP2 Audio file. Stands for Windows Media Player /
MPEG Layer 2 Winamp / Any other Audio

Page | 60 Riyaz Ahemed Walikar
A Beginners Approach to Windows


*.MP3 Audio file Windows Media Player /
MPEG Layer 3 Winamp / Any other Audio

*.MPE/MPEG Multimedia file. Movie file in most cases. Windows Media Player /
Motion Pictures Experts Group. Winamp / Any other Multimedia

*.MPG Movie File Windows Media Player /
Winamp / Any other Multimedia

*.MSC Microsoft Management Console file. Child MMC.exe
files for Main console running.

*. MSI Windows Installer. Setup.exe kind of file msiexec.exe
except that it uses the Windows Installer that
comes with Windows, all information still
being in the MSI file.

*.NFO MSInfo file. System Information and other Opens with msinfo32.exe
general and detailed info showing file.

*.OCX Activex Controls. Used by applications to Windows / Other Applications
create objects that are used in normal system

*.PCX Image File MS Paint / Adobe Photoshop

*.PNG Image File MS Paint / Adobe Photoshop

*.POT PowerPoint Template MS PowerPoint

*. PPS PowerPoint Slideshow MS PowerPoint

*.PPT PowerPoint Presentation file MS PowerPoint

*.RAM Real Media Player‘s multimedia file Real Player

*.REG Registration entries. Contains information Windows /
specific to the system registry. Information Edit - Any Text Editor
can be added to the registry by right-click (e.g. Notepad)
Merge or double click.

*.RM Real Media Player‘s multimedia file Real Player

*.RTF Rich Text format. An old popular format for MS Word / Wordpad
storing text documents.

*.SCR ScreenSaver Windows (run as an

Page | 61 Riyaz Ahemed Walikar
A Beginners Approach to Windows

*.SWF Shockwave Flash Movie. Animated movie Flash Player.
created using Flash or any flash supported

*.TLB Type Library files. Windows / Applications
referring to them.

*.TXT Text files. Any Text Editor
(e.g. Notepad)

*.WAV Windows Audio Video file. Common format for Winamp / Windows Media
playing music on Windows. Huge size though Player / Windows
if codecs are not used.

*.WMA Windows Media File Windows Media Player

*.WMV Windows Media Video. Video File; very Windows Media Player 9
difficult to edit and add effects. Very few
players offer support. Clear but huge file size.

*.XLS Excel Worksheet MS Excel

*.ZIP Zipped Compressed archive file. Used to WinZip / Windows Compressed
store several files and folders in a single file Zip Folders.
as compressed archive.

We can change file associations through folder options to cause files to be opened by other
applications. For example if mp3 files on your computer open with Windows Media Player, then you
can change that to Winamp by changing the file association to Winamp. Open Folder Options go to
File Types, search for the mp3 extension and click on Change to select a program and click OK.

IV.9: Windows Services

Windows has several programs running called Services in the background that are continuously
using the processing power of the computer to complete Windows requests and user generated
actions. Along with inbuilt and essential Windows services you may also find many other third party
applications. Basically every action that is performed by Windows depends or is used by a service.

To see a complete list of services on your computer go to Control Panel >> Administrative Tools
>> Services or go to Start >> Run and type services.msc. The list is a Microsoft Management
Console snap-in (*.msc). Services can be configured with one of three settings, disabled, manual
and automatic. Automatic services will be started every time Windows is loaded, while manual
services must be started by the user through the Management Console snap-in or through an
executable file or command. Disabled services are those that cannot be run. Generally speaking,
manipulating most of these system services can in fact cause your system to stop responding the
way you want it to. Many of these services are critical to the functioning of the Windows Operating
system. There are certain exceptions though and you can always disable or stop these services
from the services console window. Even some third party services may run as a service and
hamper with the normal functioning of your system. It is also common for most services to have
dependencies, that is, they depend or are depended upon by other services and their termination or
start may cause other services to behave unexpectedly.

Page | 62 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Below is a list of common and important Windows services that you may find on a Windows XP
system. You can change the status of any of these services by selecting properties from the right
click menu. These services and settings are taken from a Windows XP Home Edition computer, the
service and startup type may differ on your computer. The most important services are usually
‗Automatic‘ like the Remote Procedure Call Service and the Application Layer Gateway Service.

Service Name Description Startup Type

Alerter Notifies users of administrative alerts Manual

Application Layer Provides support for Internet Connection Sharing Automatic
Gateway and the Internet Connection Firewall

Application Management Provides software installation services such as Manual
Assign, Publish, and Remove. (Add/Remove

Automatic Updates Enables the download and Installation of Windows Automatic

Background Intelligent Uses idle network bandwidth to transfer data. Automatic
Transfer Service

ClipBook Provides support to the ClipBook Viewer that Manual
allows remote computers to access the copied or
cut items on the local computer.

Computer Browser Maintains an updated list of computers on the Automatic
network and supplies this list to computers
designated as browsers.

Cryptographic Services Management of Certificates and the File Signature Automatic

DHCP Client Manage network configuration by registering and Automatic
updating IP addresses and DNS names.

Distributed Link Tracking Maintains a link of NTFS files moving in a Automatic
Client computer or between two computers in a network.

DNS Client Resolves and caches Domain Name System Automatic
(DNS) names.

Error Reporting Service Allows error reporting for services and Automatic / Manual /
applications. Disabled

Event Log Record System, Security, and Application Events. Automatic
Viewed with the MMC Event Viewer
(eventvwr.exe in NT).

Fast User Switching Enable multiple users to login to the same PC Automatic
Compatibility simultaneously. One user can switch user and
the other user can login.

Page | 63 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Help and Support Provides the interface for XP‘s Help and Support Automatic

Human Interface Device Provides support for extra keyboard buttons and Manual / Disabled
Access some other multimedia devices.

IMAPI CD-Burning COM Enables Windows XP CD Writing property. Automatic

Indexing Service Indexes contents and properties of files on local Manual / Disabled
and remote computers

Internet Connection Provides network address translation, addressing, Automatic
Firewall (ICF) name resolution and/or intrusion prevention
/ services for a home or small office network.
Internet Connection
Sharing (ICS)

Logical Disk Manager Detects and monitors new hard disk drives and Automatic
sends disk volume information to Logical Disk
Manager Administrative Service for configuration.

Logical Disk Manager Configures hard disk drives and volumes. The Manual
Administrative Service service only runs for configuration processes and
then stops.

Messenger Transmits net send and Alerter service messages Manual
between clients and servers.
This service is not related to Windows Messenger

Net Logon Network Authentication: Supports pass-through Automatic
authentication of account logon events for
computers in a domain.

NetMeeting Remote Allows authorized people to remotely access your Manual
Desktop Sharing Windows desktop using NetMeeting.

Network Connections Manages objects in the Network and Dial-Up Manual
Connections folder, in which you can view both
local area network and remote connections.

Network DDE Support the network transport of DDE (Dynamic Manual / Disabled
Data Exchange) connections.

Network DDE DSDM Manages Dynamic Data Exchange (DDE) network Manual / Disabled
shares. If this service is stopped, DDE network
shares will be unavailable.

Network Location Collects and stores network configuration and Automatic / Manual
Awareness (NLA) location information, and notifies applications
when this information changes.

Plug and Play Enables a computer to recognize and adapt to Automatic
hardware changes with little or no user input.

Page | 64 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Stopping or disabling this service will result in
system instability.

Print Spooler Loads files to memory for later printing. Automatic / Manual

Protected Storage Provides secure storage for sensitive data like Automatic
Outlook Express passwords etc.

Remote Access Auto Creates a connection to a remote network Manual
Connection Manager whenever a program references a remote

Remote Access Creates a network connection. Used to create Manual
Connection Manager Dial-ups and other RAS connections.

Remote Desktop Help Manages and controls Remote Assistance. If this Manual
Session Manager service is stopped, Remote Assistance will be

Remote Procedure Call The most important service. Provides the endpoint Automatic
(RPC) mapper to all RPC activities including user logon (You cannot change the
and server manager. If RPC terminates, the status on some
system usually restarts. machines)

Remote Procedure Call Manages the RPC name service database. Manual
(RPC) Locator

Removable Storage Manages removable media, drives etc. Manual

Secondary Logon Enables starting processes under alternate Automatic / Manual

Security Accounts Stores security information for local user Automatic
Manager accounts. (You cannot change the
status on some

Server Support for file sharing, print sharing Automatic

System Event Notification Track system events such as Windows logon, Automatic
network, and power events.

System Restore Service Performs system restore functions. Automatic

Task Scheduler Enables a user to configure and schedule Automatic
automated tasks on this computer.

TCP/IP NetBIOS Helper Support for name resolution via a lookup of the Automatic / Manual
LMHosts file.

Themes XP Active Desktop Themes, and quick launch Manual / Disabled

Windows Audio Manages audio devices for Windows-based Automatic

Page | 65 Riyaz Ahemed Walikar
A Beginners Approach to Windows

programs. If this service is stopped, audio devices
and effects will not function properly.

Windows Installer Installs, repairs and removes software according Automatic
to instructions contained in .MSI files.

Windows Management Provides a common interface and object model to Automatic
Instrumentation access management information about operating
system, devices, applications and services. If this
service is stopped, most Windows-based software
will not function properly.

Windows Time Maintains date and time synchronization on all Automatic
clients and servers in the network.

WMI Performance Collect performance library information. Manual

Workstation Creates and maintains client network connections Automatic
to remote servers. If this service is stopped, these
connections will be unavailable.

When you install any antivirus software, the program may run as a service. To see all the running
services (Microsoft or Non Microsoft), go to Start >> Run and type msconfig to open the System
Configuration Utility. Select the fifth tab to see the services page. Check the Hide all Microsoft
Services check box to see all Non Microsoft Services. You can even enable all or disable all
services here. Please do not enable all services because this will slow down your computers
performance considerably. You will have to restart your computer to see the changes.

The best option is to open the Services.msc snap in and convert all services startup type to
manual. Then restart your system normally. You will notice that the computer starts miserably
slowly at this time. Once your computer starts completely, do some normal computing that you
would do in everyday life, listen to music, play a game, open MSWord, Excel, Install & run
programs, open My Documents, connect to the net, browse a few sites, download some files etc.
This is to enable Windows to select which service is important for your daily computing. After you
have finished with your routine, open Services.msc again and now see which services have started,
turn them to Automatic and you can now be sure that Memory & Resource Management has been
taken care of.

IV.10: System Restore & Windows Update

System Restore, an integral component of Windows saves us a lot of trouble by allowing us to
jump back to a previous working state of Windows. By the name itself you should get an idea of
what this does. System Restore is a component of Windows XP that you can use to restore your
computer to a previous state, if a problem occurs, without losing your personal data files (such as
Microsoft Word documents, browsing history, drawings, favorites, or e-mail). System Restore
monitors changes to the system and some application files, and it automatically creates easily
identified restore points. These restore points allow you to revert the system to a previous time.
They are created daily and at the time of significant system events (such as when an application or
driver is installed). You can also create and name your own restore points at any time. System
Restore is completely reversible. That is you can change back to your current computer‘s

Page | 66 Riyaz Ahemed Walikar
A Beginners Approach to Windows

configuration even after you have restored. System Restore is automatically installed and
configured on Windows XP if your computer has at least 200MB of free disk space after Windows
XP is installed.

This complicated looking property of Windows XP is fairly simple to understand. Windows XP
creates folders called System Volume Information which is present in every drive that is being
monitored. Like suppose you have your D:\ drive, there will be a System Volume Information folder,
if your drive is being monitored by System Restore, and usually it will be inaccessible. Firstly
because you may not be able to see it and secondly even if you manage to see it, you may not be
able to open it because this folder is usually protected by a Control Access List (detailed later). To
see the System Volume Information folder go to Tools >> Folder Options. In the Folder Options
dialog that opens up click on the View Tab and scroll down and remove the check against the
option that says Hide Protected Operating System files (Recommended). You will be prompted with
a warning, click on OK and proceed to any drive and check out for yourself.

The System Volume Information folder contains sub-folders whose names begin with RPX$$ where
the $$ stand for a number that is generated when the restore point is created. These folders contain
all the information required to restore the computer back to a previous working condition. System
Restore when invoked as an application to create or restore ‗Restore Points‘ then a file called
rstrui.exe, which is found in %Systemroot%\system32\Restore\ is run.

Let us take an example; assume that you've obtained a new and powerful game called Section 13
from a friend and you wish to try it out but are feeling out of mind since the game is not exactly
compatible with Windows XP (assume, there‘s absolutely no way that can happen though) and your
hardware. You do not want to reinstall your OS if something goes wrong and you also want to try
out the game. Then run System Restore and create a restore point. You can start System Restore
by going to Start >> All Programs >> Accessories >> System Tools >> System Restore. The
System Restore welcome screen displays 2 options, which you can select to perform the desired
function. First we shall see how to create a restore point. Select the second option that says ‗Create
a restore point‘ and press Next. Type a name for your restore point, Anything that will help you
remember what you created this restore point for. Something like ‗Before Installing Section 13‘ will
do. Remember that once created, a restore point cannot be changed. Click on Create and Windows
will create a custom restore point for you. The current system time and date are automatically
added to your restore point. After the restore point is created you will be presented with a page that
will give you the details of time and date when it was created. For now click on Close.

Page | 67 Riyaz Ahemed Walikar
A Beginners Approach to Windows

System Restore (Creating a Restore Point) - Print Screen 4.9

In case the game works its well and fine, but if it doesn‘t and your Windows XP does not start
properly then you can start the computer in Safe Mode and restore your computer to the working
state by selecting the restore point named ‗Before Installing Section 13‘. The best method to do this
is through the Safe Mode. To start your computer in safe mode, press the F8 key when your
computer starts. If you enable the visibility of the boot.ini file (see the previous chapter‘s challenges)
then it shouldn‘t be a big deal. Once started go to Start >> Run and type
\windows\system32\restore\rstrui.exe. To restore you computer to a previous state, select the
first option that says ‗Restore my computer to an earlier time‘ and press Next. In the Select a
Restore Point page, select a date from which you want to restore. The dates that are only in bold
contain restore points. Select the date on which you installed the game and select the name that
you had given to the point from the right hand pane. Click Next. The next page is the last page for
you to change your mind, else click on Next to start restoration. Close all open applications and files
and folders. During restoration Windows shuts down and after all the settings and files are restored
Windows restarts with the new restored mode.

If in case you are not happy with your restoration you can either reverse it back or select another
restoration point from the System Restore window.

Page | 68 Riyaz Ahemed Walikar
A Beginners Approach to Windows

System Restore (Changing Drive Space Settings) - Print Screen 4.10

OK now that you have understood the basics of System Restore, lets see how you can change the
allotted space of System Restore files. As explained Windows stores these files in RPX folders in a
folder called System Volume Information which is present on the drive on which System Restore is
enabled. By default Windows enables it on all drives with a space usage of 12% of the total drive
space. To change System Restore settings, right click on My Computer >> Properties and then
click on the System Restore tab. You can turn off System Restore on all drives directly by clicking
on the lone check box on this page or change individual drive settings by selecting a drive and the
pressing the Settings button. You can adjust the amount of space to be used by System Restore to
save files which are to be restored if the need arises. Lowering the amount of space means less
number of restore points can be saved.

 Please turn off System Restore on all drives when running a virus scan, since the
System Restore folders „System Volume Information’ may contain a copy of the virus
and it is a known fact that Windows does not allow any software to see what‟s inside
these folders even if they are antivirus softwares. After the virus scan enable System

Windows Update is another time saving and customer friendly component of Windows. Windows
is a web based software update service for Microsoft Windows Operating Systems. It offers a
location for downloading critical system component updates, service packs, security fixes, patches
and free upgrades to selected Windows components. Additionally, it automatically detects the
user's hardware and provides driver updates when available, and can offer beta versions of some

Page | 69 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Microsoft programs. You require Internet Explorer to use Windows update if you are checking and
downloading manually. Windows XP‘s Service Pack 2 was a part of Windows Update 5 which was
released some time in late 2004.

Windows provides an inbuilt component that manages updates when you are connected. You can
configure Windows Update to download and install updates as and when they are obatined or to
ask you after downloading them or to ask you before downloading any updates. Windows connects
to http://windowsupdate.microsoft.com/ which is the centre for all patches and updates. The
Windows component that manages all downloads is %SystemRoot%\system32\wupdmgr.exe
which checks for connectivity and displays periodic information about update status. Windows
update can run in the background without interfering with your work and inform you when the
downloads are complete. To change these or other update settings, right click on My Computer
>> Properties and then click on the Automatic Updates tab. The Automatic selection is the
default one but you can change that to any of the other options available. You can even disable
Automatic Updates but that is not recommended. If all the options are grayed out (disabled) then
the Windows Update Service is probably not running. Open Services and start the Automatic
Updates service.

Keep your edition of Windows updated in all cases to prevent any flaws or bugs to be exploited by
malicious programmers. Prevention is seriously better than cure.

Windows Updates - Print Screen 4.11

Page | 70 Riyaz Ahemed Walikar
A Beginners Approach to Windows

IV.11: The Task Manager

Perhaps the most diagnostic and important tool not seen in Windows 98 but found in Windows
2000 and Windows XP is the Task Manager. This small yet powerful utility allows you to check
where all your computer‘s memory is being used, debug processes, end unwanted programs,
check for unknown applications, check virtual memory accesses, see kernel times, see network
usage and traffic, disconnect and check users logged on and a hell lot of things more.

You may be able to see application windows and open files lined up on the taskbar, but they are not
all that are running. If you notice that your computer is not giving the performance that it used to
give and your computer‘s hard disk light keeps flashing even if you are not doing anything, you can
use the Task Manager to catch hold of the culprit. On older systems, like Windows 98 & 95, when
you press the (universal) combination of [Ctrl] + [Alt] + [Del] a list of programs is displayed that are
running on the computer and that‘s it. There is no other information shown. You can end programs
from here, but when you try to end explorer, Windows pops up the shut down computer dialog box.
Even then you can click on Cancel on the shutdown dialog box to restart explorer with the desktop
refreshed but what is the use of this dumb box if it does not show anything more than running

The Windows Task Manager- Print Screen 4.12

Page | 71 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The Task Manager of Windows XP can be opened by pressing the [Ctrl] + [Alt] + [Del] key
combination or you can right click on an empty area on the taskbar and select Task Manager or you
can also press the Ctrl + Shift + Esc keys. The Windows XP task manager is found in two forms,
one as an executable file called taskmgr.exe and the other as a MS-DOS application (*.com)
called taskmgr.com, both are found in the system32 folder in %systemroot% (usually
C:\Windows). Anyways just open task manager and see the various functionalities for yourself. If
you double click the task manager interface when it is open under the Performance tab then the
task manager switches to expanded mode. In this mode you cannot see the tabs or the menu.
Double click again to return to normal. The task manager usually has 5 tabs (on Windows 2000 the
Users tab is missing because multiple logins is not supported) which are Applications, Processes,
Performance, Networking and Users. Since each tab is of special importance therefore we shall
see each of the tabs individually:

Applications: This is the first tab that task manager has and is the default one that is selected
(Task manager remembers what tab was being viewed the last time it was run and displays the
same tab on its next run). In this tab you can see all the Programs that are running on your
computer. This tab just shows programs that are visible on the taskbar or which have been
minimized to the system tray. You can End a particular task by right clicking over it and selecting
End Task. If you wish to see which *.exe the program actually is then right click on the icon of the
program in task manager and select Go to Process. You will be immediately taken to the second
tab, the Processes tab, which will have your selected process as the real executable that was
running. For example open your computers C:\ drive through My Computer and then open Task
Manager and then under the Applications tab right click on the C:\ drive icon and select Go to
Process and you will be taken to the next tab and explorer.exe will be highlighted. As we already
know C:\ drive runs through explorer.exe (the Windows shell) and this tiny little experiment is big
proof. The best view that can be availed in this tab to see applications is the Details view. To
change the current view, click on View in the Menu bar and select Details. Using this view you can
see if an application is actually running or is Not Responding. You can then easily end programs
that are not responding by just a right click.

Processes: This tab shows all the processes running on your computer. If your computer is being
used by more than one person that is if you have used Switch User functionality of Windows XP
then you can see what process the other user was using in his session by checking the box that
says Show processes from all users. You can scrutinize a particular process by using almost 25
parameters that can be selected from the View menu. Go to View and click on Select Columns. In
the dialog that opens up select the column that you would like to see in task manager. For now
select PID, CPU Usage, Memory Usage, Peak Memory Usage, Username and Virtual Memory
Size. Click on OK and see the columns that have come up in task manager. You can click on any
column name to arrange the respective column‘s data in ascending or descending order. Every
process has an Image Name which makes the first column. The PID is an integer value assigned to
every process that runs on your computer and it uniquely identifies every process with the
processor. User Name is well the name of the user that started the process. You may notice that
even if your User Name is Neo or something like that there will be processes running with user
names like System, Local Service, Network Service etc. These services are started by Windows
and are required by Windows to run properly. Most of these processes are Windows Services like
for example, alg.exe is the Application Layer Gateway service. CPU Usage is the one of the two
things that can be used to work out memory and resource hogging processes. This column shows
the percentage of CPU power that a particular process uses. You may notice that most processes
may show a 00 percent CPU usage; these processes use the CPU infrequently or may uses and
complete the task so quickly that the percent increase and decrease is visible as zero. If you
arrange the CPU Usage column, the process called System Idle Process should have the majority
(almost 99% when system is idle) CPU Usage. This is not exactly a process but a sign of system
idleness and the higher the CPU Usage for this so called process, the more of the processor‘s
power is available for use. The next column is the Memory Usage column. This is the other factor

Page | 72 Riyaz Ahemed Walikar
A Beginners Approach to Windows

that allows us to find resource hoggers. Arranging processes according to their memory usage will
cause us to see which process is using the major chunk of it. This memory is your computer‘s RAM
(I have 128 MB on my machine) and it is shown here in Kilobytes or $$$$$ K. If you do not
recognize the process you can right click and select End Process or you can select End Process
Tree to end child processes too. Child processes are processes that are started by a certain
process or use some part of a main process frequently. Like suppose MSN messenger is running
and if you end process tree explorer.exe then even MSN messenger gets killed since it was
started using the explorer interface. If you want to restart a process then you can go to File >> New
Task and type the name of the process or browse for it. For example if you have killed explorer and
the desktop icons and the task bar have vanished then you can type explorer and press Enter to
start the Windows shell again. Peak Memory Usage shows the maximum memory that a process
used after it was started. VM Size is the column showing Virtual Memory usage by a process.
Virtual Memory is free space on your computer‘s hard drive that is allotted into a file called the
Paging File or Page File and is used like physical memory (See the Tips & Tricks Chapter for more)
by the Operating System. There are several other parameters you can use to judge a process like
Thread Count, Base Priority, Handle Count etc. See the Help Menu for in depth explanation.

Performance: This tab shows the CPU usage and Page file usage in terms of graphs. Besides
being informative, this tab also shows the amount of memory used by the Windows kernel and how
much is used by running applications. The Windows kernel is the main Windows engine that runs
and allows hardware and software to interact. This kernel loads during system startup and stays in
main memory. To see kernel usage of memory, go to View >> Show Kernel Times; the memory
usage of the Windows Kernel will be shown in red. If your computer has two processors than you
will see two graphs here (excluding the Page File graph) or if your computer has the Intel P4
processor with HT technology and if Hyper threading has been enabled in the BIOS then too you
can see two graphs here. The other graph that is also found here is the Page File Usage History
Graph. This graph shows the usage of Virtual memory and amount of paging file used.

Networking: This tab shows network information like the usage of network from which you can
obtain an idea of the amount of data that is being sent over the network. You can examine a
connection using almost 25 various parameters. Select View >> Select Columns to adjust the
columns that appear on this page. You can also see the Network Adapter History by going to View
>> Network Adapter History and you can select the Bytes sent (Red), Bytes received (Yellow) and
the total number of Bytes (Green) to be shown on this page. If you are copying files over the
network or are playing games on the network then you can easily diagnose the data that is being
sent in and out.

Users: The last tab in the Task Manager, not found in Windows 2000, also has some very
important functions. This tab shows all the users that are connected to the current computer.
Suppose your friend wants to use your computer for some time and you do not wish to close your
documents then you can easily Switch User and let your friend login in some other account
(assume that he has a account on your compute), then if your friend opens Task Manager and goes
to the Users tab, he or she will be able to see that you are connected. He or she can then Log you
off or connect you back. Logging you off will cause your open account to be closed, you may or
may not be prompted to save your work depending on the application it was. Connecting you will
cause your friend to enter the Switch User phase and you can again use your computer as you had
left it (your friend has not logged off, that means he is still connected). You can even send the other
user a console message that he or she will see when he or she logs on.

The Windows XP task manager also allows you to put your computer to Stand By mode, or
Hibernate, or Turn off, or Restart, or Log Off, or Switch Users all at the command of a single click.
To do any of the above go to Shutdown on the Menu bar.

Page | 73 Riyaz Ahemed Walikar
A Beginners Approach to Windows

Another interesting thing that you can do with task manager is that you can select Options >> Hide
when Minimized. This causes the task manger to get minimized to the system tray when ever you
minimize it. This feature allows you to open the task manager quickly in situations where heavy
processing will be done and you fear the application that you may want to open may hang causing
Windows to give a hard restart. In such cases Task Manager will open up more quickly since it just
has to come to the foreground and then you can use it to close unresponsive programs. Whenever
you open task manager a small graph kind of icon comes in the system tray which shows the CPU
usage by applications. You can move your mouse pointer over it to see the amount of CPU usage
through a tool tip that pops up.

This was the general Windows Interface, now its tuning time. Lets see the Control Panel in the next

Page | 74 Riyaz Ahemed Walikar
A Beginners Approach to Windows


1. Change the Icons for My Computer and My Documents.

2. Create a Folder called Test in your C: drive and add this folder to the Send To menu of
the right click context menu of files and folders.

3. Search the executable that is actually running as the Security Accounts Manager service.

4. Open Task Manager and locate the Security Accounts Manager service executable and try
killing it and note the error.

5. The default for opening *.txt files is Notepad, change that to WordPad.

6. Add a separate option to the right click menu of *.jpg files. The option should be Open
with MSPaint and the selection of the option should open the *.jpg file in MSPaint.

7. Create a System Restore Point with the name System Restore Test.

Page | 75 Riyaz Ahemed Walikar
A Beginners Approach to Windows

The Control Panel

This chapter offers an understanding of the Windows Control Panel and its components. The most
important and default components of the Control Panel have been explained. Most of the matter
contained in this chapter will also be found strewn around in the entire book but they have to be
reported here as a base since the Control Panel is the centre for all user configurable procedures.

After this chapter the reader should be able to:
 List all the Control Panel extensions found on a Windows XP system.
 Uninstall unnecessary programs
 Install fonts.
 Clear Internet History and Temporary files.
 Create an Internet connection.
 Make a home network.
 Change display settings and virtual memory settings for better performance of games and
 Apply Logon and Logoff sounds amongst other Windows sounds.
 Create Users and customize them.
 Use the Control Panel to tweak and configure XP for better and customized performance.

Note: This chapter has been written with Windows XP as the base. The descriptions may appear to
be different for your version of Windows.

Page | 76
A Beginners Approach to Windows

The Windows Control Panel is the centre for all system configurations, though not all but almost
everything in Windows can be configured here. This includes the sound, video, services, virtual
memory, date and time, installed hardware, disk drives, installed applications, users, network
connections, fonts and a hell lot more. The control panel itself is a .exe called control.exe located
in %systemroot%\system32\ on Windows XP systems. To open the Control Panel go to Start >>
Settings >> Control Panel or My Computer >> Control Panel either from the main window or from
the Common tasks pane. Control Panel can also be opened by going to Start >> Run and by typing

V.1: Control Panel & Extensions (*.cpl)

The Windows Control Panel like any other exe has its own files, just like WinWord (Microsoft Word)
has support for .doc files or for that matter Microsoft Visual basic (vb6.exe) has support for .vbp and
.frm files. All the components that you see in the Control Panel, called applets, are actually files
with a .cpl extension found in the system32 folder. Other then the usual .cpl files, the Control Panel
also supports some extended components like the Windows Fonts Folder, Folder Options,
Scheduled Tasks and Administrative Tools amongst others. After you install Windows the standard
Control Panel components that you usually see are the following:

 Accessibility Options (access.cpl)
 Add Hardware (hdwwiz.cpl)
 Add/Remove Programs (appwiz.cpl)
 Administrative Tools
 Date & Time (timedate.cpl)
 Display (desk.cpl)
 Folder Options
 Fonts (%systemroot%\fonts\)
 Internet Options (inetcpl.cpl)
 Network Connections (ncpa.cpl)
 Regional and Language Options (intl.cpl)
 Scheduled Tasks
 System (sysdm.cpl)
 Taskbar & Start Menu
 Sounds and Audio Devices (mmsys.cpl)
 User Accounts (nusrmgr.cpl)

Although you may see more this is the standard list. After installation of modem devices and
graphic cards or other devices you may see more items. These individual items may differ on
different computer depending on the hardware and software installed; hence these are excluded in
the current chapter. The Control Panel on your computer may look completely or slightly different
from the descriptions penned down but that is because of the Windows XP styling and nothing else.

The Control Panel can be displayed in two ways: Classic View & Category View. The components
and procedures (including all dialog boxes and actions) remain the same but the methodology
involved in opening the actual component itself differs. Just to make it clear let us take an example;
open Control Panel; now if its in Category View (it will be written in bold: Pick a category) click on
Appearance and Themes. In the new page that opens click on Display under the „or pick Control
Panel icon‟ section. This will open up the Display Properties dialog box. Else if it is in Classic View,
double click on Display to open Display Properties. What finally opened was the same thing, only
the way of opening it was different. The reason that the Classic View has been taken up here
instead of the Category View, which is much more efficient, is that the Windows 98 Control Panel
has a design similar to the Windows XP Control Panel in Classic View. You can easily switch over
to the Category View in Windows XP by selecting Switch to Category View in the common tasks

Page | 77
A Beginners Approach to Windows

 If the Common Tasks pane is not visible then go to Control Panel >> Folder Options.
In the Folder Options dialog that opens up, under the General tab select „Show common
tasks in folders‟ option. Click on OK to save changes. This setting is universal; it will
affect all folders in explorer and its good.

There are several advantages of using the Category View of the Control Panel. First of all it allows
you to open certain specific locations extremely easily. For example if a newbie is told to change
the wallpaper, the person will wonder where to go. Even if he manages to open Display Properties,
he will have to again click on the desktop tab. This has been simplified in the Category View. You
know that the wallpaper has something to do with the Appearance of your computer so you have to
click on Appearance and Themes and then select Change the desktop background from the Pick
a task… section. See the Common tasks for more interesting and useful places. The second and
perhaps a bigger advantage is that the Category View allows you to start Troubleshooters for
certain specific topics like Display or Sound etc. You can run a troubleshooter just by the click of a

 Troubleshooters are specially designed step by step problem solvers that Microsoft has designed for its
Windows Users. You may face a problem with your computer hardware or software; then you can easily run a
troubleshooter for the specific problem and correct it. To see all the available troubleshooting items go to
Start >> Help & Support and type List of Troubleshooters in the search field and press Enter to search.
Click on the searched result under the Suggested Topics section

The Classic View has its advantage that you can see each individual component and if you have
the exploring nature then you can easily explore and do a lot of changes to your system. This
chapter describes, as already mentioned, the Control Panel in its raw form, the Classic View. Let us
see each component individually now.

Page | 78
A Beginners Approach to Windows

V.2: Accessibility Options (access.cpl)

Windows was designed to be used by almost everybody. Using the Accessibility Options you can
adjust your computer settings for vision, hearing and mobility. The Accessibility Options dialog has
5 tabs namely Keyboard, Sound, Display, Mouse and General. The Accessibility Options is
meant to improve computing for all users by changing various available features of Windows like
the keyboard and mouse. We shall see each of these tabs with due consideration.

Accessibility Options- Print Screen 5.1

Keyboard: Here you can change keyboard settings for specific kinds of users. This page allows
you to modify key settings to be used by people who have difficulty pressing two keys
simultaneously and for those people who type the same character several time continuously. There
are three different types of methods or ‗key types‘ involved, StickyKeys, FilterKeys and ToggleKeys.
StickyKeys are meant for people who have difficulty pressing two keys simultaneously. Selecting
this option causes the modifier keys (Ctrl, Alt and Shift) and the Windows logo key to remain
pressed until another of those keys is pressed. For example if you are playing a game which
requires you to walk through a jungle (assume) and the keys to make the character walk are Ctrl +
W. Now you may find it difficult to walk and jump or shoot at the same time. Then you can use
sticky keys to keep Ctrl key stuck to the keyboard and just press the W key to walk. The shortcut to
enable StickyKeys is by pressing the Shift key 5 times. You can also have Windows produce a
sound when StickyKeys are activated. You can change these and other settings by clicking on

Turning on FilterKeys will cause the keyboard to ignore repeated or brief keystrokes. Select the
checkbox and press Apply to enable FilterKeys. The default is 1 second. For example to type the
word astalavista it will take 11 seconds because each character will come on screen after keeping

Page | 79
A Beginners Approach to Windows

the respective key pressed for 1 second. You can also adjust the keyboard repeat rate, which is
the rate at which a key is repeated when you hold it down. These and other settings can be
adjusted by pressing Settings. The shortcut to enable FilterKeys is to hold down the right Shift for
8 seconds.

Turning on ToggleKeys will cause a high-pitched sound to emanate from the computer whenever
the CAPS LOCK, NUM LOCK or SCROLL LOCK keys are pressed and a low pitched beep to be
sounded whenever any of these keys are put off. The concept of ToggleKeys comes in handy if you
are not sure of your typing, like me, and keep on pressing the CAPS LOCK key again and again
instead of pressing ‗a‘. With the beep you can immediately be made aware that these keys are
pressed. For those who are not interested in the sounds can always have a look at the keyboard
‗lights‘ to get ready info. The shortcut to enable ToggleKeys is to hold down the NUM LOCK key
for 5 seconds. You can enable or disable this shortcut under Settings of the ToggleKeys frame.

Some programs have additional help for keyboard usage. This help is usually not visible but can be
enabled by selecting the Show extra keyboard help in programs option.

Sound: This tab has an interesting component called the SoundSentry. Turning on the
SoundSentry causes Windows to flash part of the screen whenever the computer produces a beep.
You can specify which part of the screen to be flashed when a beep is made. The available options
are the current active window‘s title bar, the entire active window or the entire desktop or screen. To
see the effect, enable ToggleKeys and then enable SoundSentry and select to flash the desktop.
Click on Apply to save settings and then press the CAPS LOCK key to see the effect. You can also
use ShowSounds to instruct programs that usually convey information only through sounds to also
provide all information visually, such as display of informative text and icons.

Display: The options in this tab can change the current display into one with very high contrast for
users with disability in reading. The contrast scheme can be changed by pressing Settings and
selecting another scheme from the drop down combo box. The shortcut to switch to high contrast
mode is left Alt + left Shift + Print Screen.

You can also change the cursor blink rate and the cursor width. Move the sliders to see the effect.
Click on Apply to save settings. The best place to see the effect is the Run command box. Go to
Start >> Run for this purpose.

Mouse: Under the Mouse tab you get to enable something called as MouseKeys which enables
you to use the NumPad keys to move the mouse pointer, click, drag and double click items just like
you would be using the mouse. The shortcut to enable MouseKeys is left Alt + left Shift + NUM
LOCK combination. You can change the pointer speed and specify its Top speed and acceleration.
Keep the arrow keys pressed to accelerate and Insert key (on the NumPad) to click and Delete key
to click activate. Press Settings to change these and other options.

General: This tab has options for general application of the entire Accessibility Options dialog. You
can turn of the accessibility features if they are idle for about 5 minutes or so. You can change the
time according to your settings from 5 minutes to 30 minutes. You can also configure your
computer to produce a sound when turning a feature on or off. You can also ask a warning
message to be given when turning a feature on. There is something called as SerialKeys which
allows you to attach special input devices to the computer‘s serial port. These devices, also called
augmentative communication devices, are for people who are unable to use the standard keyboard
and mouse. There is also a frame called Administrative options which allow you to apply all
accessibility options of the current user to the logon desktop which means that all users who will be
logging in will be able to use these features. You can also make the current accessibility options the
default template for new users. This means that whenever a new user will be created these
accessibility options will be pre-selected for that user too. These settings can only applied by an
Administrator or a person of the Administrator‘s group. Always press OK to save and exit.

Page | 80
A Beginners Approach to Windows

You can also open the Accessibility Options directly without going to Control Panel. Just go to Start
>> Run and type control access.cpl. Though just typing access.cpl at the Run prompt will open
the Accessibility Options on Windows XP it may not work on other Windows versions.

V.3: Add Hardware (hdwwiz.cpl)

Whenever you reinstall your operating system or attach a new device to your computer you may
(almost always) require to install drivers or support software for the device to work properly. Many
devices are of Plug and Play type like Removable USB drives (commonly known as pen drives)
which usually do not require drivers, Windows provides built in support to these devices. Device
drivers are usually supplied along with the device by the manufacturer. Like for example your
computer may have an internal modem whose drivers are usually shipped in a disk (usually a CD or
a floppy disk), you can then use this disk along with the Add Hardware wizard to install the device

The first screen will give you a warning kind of thing saying that if the hardware came with an
installation disk then use it instead of using this wizard. This is actually a confusing statement since
Windows checks the CD also (later in the Wizard) to see if it contains the drivers for the hardware
which is actually safe because these CDs usually contain drivers for other hardware or may contain
drivers for several OS versions which will confuse you more than ever.

Add Hardware Wizard- Print Screen 5.2

Click Next to continue, Windows will now search for all the hardware connected to your computer
(installed as well as those lacking drivers). If you have connected the device to your computer and
switched it on (like an external modem etc.) then the Add Hardware wizard will prompt you with
another new wizard whose sole purpose will be to install drivers for this new device. This new
dedicated Wizard called the Found New Hardware Wizard will search for your hardware‘s drivers
automatically or through a specific location. If an installation disk (like the CD ROM or floppy disk)
came along with the hardware then insert it into the computer now. The best option is to use the
recommended setting i.e. to install the software automatically. Just select it, press ‗Next‘ and relax.
If the installation disk has the necessary files then you will see a file copy progress dialog. An
important thing to be mentioned here is that Windows checks the files that are being copied and

Page | 81
A Beginners Approach to Windows

you may be warned that the product has not undergone testing to verify its compatibility with
Windows XP. If the manufacturer has provided you the installation disk assuring you that it contains
drivers for the hardware on an XP system then you can take a risk and continue installing or if you
do not wish to take a chance then you can Stop Installation. The Warning is displayed because
Microsoft has not tested the hardware you are installing, since there are so many different varieties
of hardware available and in locations spread across the globe that it becomes difficult for even
Microsoft to test and certify all of them. Microsoft has a Hardware Compatibility List that shows all
the hardware that can be used on a Windows XP system without any problems. The list is
displayed at their website.

If you have managed to get the drivers from the net or have copied the files to your system or you
know the exact location on the disk (which folder and all that) then you can always use the
‗Advanced‘ option to install from a list or specific location. Click ‗Next‘ to proceed. The next page
gives you 2 options, either you can ask Windows to search for the best drivers in the locations
specified or prevent Windows from searching the driver assuring it that you will choose the driver to
install. We shall see both these options. The first one and by default selected is Search for the
best driver in these locations. If you know the location of the driver files then you can check the
Include this location in the search: option and Browse for the location. A funny thing is that you
can‘t select a location which does not have an *.inf file that is, if you search your computer through
the Browse for folder dialog for a folder, you cannot press OK until a folder with an *.inf file is not
found. That‘s advantageous in one way, you will at least land in the correct folder since *.inf files as
you know contain setup information without which the drivers cannot be installed.

 The entire computer‟s hardware and other software‟s *.inf files are kept in
%systemroot%\inf\ folder. Hence incase you uninstall any of your computer‟s device in
the future you can always search for the inf in this folder. The folder is usually not
available through the Browse for folder dialog because its attributes are Superhidden,
but you can type the whole path in the space provided.

If you select the second option of Don‟t search. I will choose the driver to install, you will be
shown a list of all hardware connected to your computer. Select the type of device that you are
installing and click Next. Windows does not guarantee you will find your driver here or the driver
you find in this list will be the best for your hardware but it maintains a list of all drivers that have
been used on the system and displays them accordingly. If your device manufacturer is not listed
then click on Have Disk, select the drive of the installation disk and click on OK. If you don‘t have
the installation disk, then select a driver from the menu and click on Next.

You may have to restart the computer to for the hardware to be made available to Windows. See
the reminder balloons that pop up in the system tray for handy information. If for some reason the
device had a problem like if the device could not start etc. then you will be prompted to start a
troubleshooter but in most cases the troubleshooter is started automatically if a problem is

This was the description of the Found New Hardware Wizard, the sub part of the main Add
Hardware Wizard. If your device is not Plug and Play compliant then you can still add the hardware
by using this wizard. Just click next on the first page and when the wizard asks you whether you
have connected the device to the computer or not select that you have connected it and continue.
You will see a list of all hardware on your computer. Here you can troubleshoot any devices that are
giving problems (marked with a yellow exclamation) or add a new device by going to the bottom of
the list and selecting Add a new hardware device. You can then search and install the hardware
automatically or select it from a list.

If all has gone according to the description then your device should be functioning normally. In case
you do not have the drivers for your hardware then you can always search the net.

Page | 82
A Beginners Approach to Windows

You can also start the Add Hardware wizard without going to Control Panel. Just go to Start >> Run
and type control hdwwiz.cpl.

V.4: Add/Remove Programs (appwiz.cpl))

When any program is installed, Windows keeps a record of the program in the registry and displays
the list of all the programs in the Add/Remove Programs Control Panel applet. This component of
the Control Panel has taken a complete turnover from its Windows 98 counterpart.

The Add/Remove Programs has four sections Change or Remove Programs, Add New
Programs, Add/Remove Windows Components and Set Program Access and Defaults. We
shall see each of these components individually.

Add/Remove Programs - Print Screen 5.3

The most frequent and important use of the Add/Remove Programs is, as the name suggests, is to
Add or Remove installed programs. Adding of programs through this applet is not recommended
since setup files don‘t always have the name setup.exe and some other exe may be executed in
the procedure. Anyways that‘s for later, coming back to the removing or uninstallation of
programs, as it is technically known, is an important procedure since some programs may occupy
large amounts of space on your hard disk and you may be hardly using them. For example you may
install a game that takes almost 800 MBs of your precious hard disk. Its useless keeping the game
on your computer after you have finished the game. You could always use the 800 MBs for
something more useful. It is always better to uninstall an item if you have the original installation
files on a CD or your hard disk. And just like installation of the game or any item is done through an
interface (usually the setup.exe file), its uninsatallation too deserves a proper ceremony. That was
for the lighter part but the actual reason why we have to uninstall stuff and not just delete them is
as follows. Any game or program uses menus and dialog boxes and/or the graphics hardware

Page | 83
A Beginners Approach to Windows

options in Windows. Now, Windows provides menus and dialogs through its files like comctl32.ocx
etc and program specific configuration and data is found in its associated dll and ocx files. These
files may be copied to the system32 folder during the installation of the program and registered into
the Windows registry that they are there and so and so program uses them. If you delete the
program folder, you will leave the extra dll and ocx files in the system32 folder and their (now)
redundant information in the registry. This may cause crossover linkages between files and may
also slow down Windows registry access speed in the long run. To avoid this programs have to be
properly uninstalled and not deleted.

When you open Add/Remove Programs, the default page that is shown is the Change or Remove
Programs. This is your main page and you will be able to see a list of all the installed programs on
your computer.

 You can actually uninstall a program in two ways. One is through the Add/Remove
Programs menu and the other is through the programs uninstaller itself. To access the
programs‟ uninstaller, click on Start >> Programs and navigate to the program you wish
to uninstall. If you are lucky (because some programs don‟t have uninstallers and rely
on Windows to do it for them) then you will see an uninstaller in the menu. Click on it to
start the uninstaller or if it is not there then use Add/Remove Programs.

You can sort this list according to the Name, Size, Frequency of Use and Date last used. Sort using
Size and check the largest program which you have installed on your computer. To uninstall a
program click on Remove to start the corresponding uninstaller. Sometimes some programs allow
you to do a fresh install by replacing the original program. If there is a Change button next to the
Remove button you can use it to change the original program. Windows also allows you to go to the
Software programmers‘ company website and search for additional information and product
updates. You can do this by clicking on the Click here for support information (if it is there) to go to
product support websites. On thing to note while uninstalling any program is that Windows might
encounter files that are shared between multiple programs (.dll or .ocx files) and will prompt if more
than program is using it. Majority of the times keep the files, else other programs may stop
responding normally.

The next page that Add/Remove Programs can show you is the Add New Programs which allows
you to install programs. This is not a recommended procedure as already mentioned because not
all install (setup) programs have their names as setup.exe and can be misleading since other exe
files are also displayed and can be executed. Anyways to open the Add New Programs page click
on the menu in the left hand side of the page. Here you get two options; one is to add a program
from an installation disk like floppy or CD and the other is to add new Windows features, device
drivers and system updates from the internet. This is the same as using Windows Update from the
Start Menu.

When you click on the CD or Floppy button on this page, a program installation wizard opens up
which searches for executables with the name setup.exe, install.exe, uninstall.exe or names
which are derivatives of the above. If it does not find any setup files it will inform you of the same
and then gives you an option of searching for the executable manually by clicking on Browse.

Page | 84
A Beginners Approach to Windows

Windows Component Wizard - Print Screen 5.4

The next in line is the Add/Remove Windows Components (Print Screen 5.4) which allows you to
add or remove some of the components in Windows XP. When you click on this button you will see
that the Windows setup starts up and displays you the current list of all installed Windows
components. You can then add or remove components by checking on the respective check boxes.
Some of the Windows components that can be installed or uninstalled in this manner are
Accessories like calculator, paint and character map alongwith Windows games, Internet Explorer,
MSN Messenger, Internet Management services and lots more. To see sub sections or further
information and instructions click on Details where available. You can also start the ‗Add/Remove
Windows Components‘ wizard by going to Start >> Run and by typing sysocmgr.exe /i:sysoc.inf.
Where sysocmgr.exe stands for System Optional Component Manager and is an executable found
in the System32 folder and sysoc.inf is the setup information file found in %systemroot%\inf and
contains windows installation information for its several components.

The last option accessible through the Add/Remove Programs interface is the Set Program
Access and Defaults. This is an interesting settings page and many a people are unaware that it
actually exists. This page allows you to configure most commonly used applications to suit your
needs. You basically have three choices; Microsoft Windows, Non Microsoft and Custom. Each of
these choices allow you to select your defaults for common and everyday usage programs. Like if
you select Microsoft Windows, your default Web Browser will be set to Internet Explorer, Email
Program will be Outlook Express, Media Player will be the Windows Media Player, Messaging
Program will be MSN Messenger and Java Virtual Machine will be set to the Microsoft Virtual
Machine. Likewise if you select Non-Microsoft your computer‘s settings will be changed that using
Non-Microsoft components. The best option is to select custom and select individual components
yourself. Click on the small double arrow on the extreme right of the choice name to expand
individual items. Click on OK to save settings.

You can also start the Add/Remove Programs applet without going to Control Panel. Just go to
Start >> Run and type control appwiz.cpl.

Page | 85
A Beginners Approach to Windows

V.5: Administrative Tools

Administrative Tools as the name suggests is available only to administrators and novice users are
cautioned against changing any settings as these may reflect on the overall performance of your
system. The Administrative Tools differ slightly when spoken in context with Windows 2000 and
Windows XP. Administrative Tools is a collection of around 7 items, the number varies with different
computers and different configurations. 4 of them, the most important and equally interesting to the
beginner, are explained in this section. They include Computer Management, Performance, Event
Viewer and Services. Out of these Event Viewer and Services can be accessed through the
Computer Management console and hence will be covered under it.

Computer Management can also be accessed by giving a right click on My Computer and selecting
Manage. The Computer Management console window has two parts; the left hand side has an
explorer kind of view and you can select items on the left to display their contents on the right. The
first item that you see on top is System Tools which has 4 subsections. Under the Event Viewer
section you can read informative logs for Applications, System and Security. For example if you
have an application that crashes frequently then you can check out the Event Viewer >>
Applications log for details. The System logs contain general as well as error details for all Windows
based services and general applications. The Application logs contain information pertaining to
applications and error causing programs. Like for example we know that all programs require dll
files to run (the dll files may be Microsoft or Non-Microsoft in origin) and if a program crashes
frequently then you will be able to see what dll or module caused the error and you can take
necessary measures like reinstalling of the application or reinstalling just the dll. The Security logs
have no much information for beginners but advanced users can grasp hordes of information from
them. These logs show something called as Security Audits. Whenever you start your computer,
each and every program or service that starts gives an OK signal to the OS asserting that it has
successfully started under a specific username alongwith other information about its logon. This is
called an Audit. Security Logs contain both Success Audits as well as Service Failure Audits.

Shared folders show you the shares, sessions and open files that are being used by network
resources or by users logged on to the network. These folders are visible even though your
computer may not be on the network.

Next in line usually is the Performance Logs and Alerts section which gives you advanced system
performance information. In the Counter Logs page you will see logs of System Performance which
can also be read manually by going to %systemdrive%\perflogs\System_Overview.log. You can
also read Trace Logs and System Alerts in this section.

The Device Manager snap in comes next. One of the most important components of the Microsoft
Management Console, the Device Manager shows all the hardware that is attached to your
computer. The Device Manager contents are structured in a tree like format. Right on top you will
see your computer name with all the other hardware connected to it below. You can click on the
individual plus signs to expand each component. If a device does not have drivers installed, you will
see a question mark as the device icon. If a device has problems starting then you will see an
exclamation mark next to the device icon. Usually devices do not start or function improperly if there
are no free resources for it to function. Disabled devices are usually marked with a small red cross.
You can right click on any device or your computer name and select Scan for hardware changes so
that Windows searches for additional devices and refreshes the current list. By default devices are
shown by type. You can change this View to devices by connection or resources by type and
resources by connection. Click on View on the Menu bar to change options. Just double click on a
device or right click and select properties to view the properties page of a device. You can start a
troubleshooter for a device if it is having problems or update drivers from its Properties page or
from the right click menu.

Page | 86
A Beginners Approach to Windows

 If a device is having problems starting then first try uninstalling the device from the
system. This can be done through the Right Click menu of the devices or through the
Properties page and then scan for any hardware changes. If the problem still persists
then try uninstalling devices that have their resources close to that of the current
device. This has to be done with utmost care since you may uninstall some other
important device. This could lead to your system to malfunction.

The next section in the Computer Management hierarchy is the Storage section which has disk and
storage related components. The first in line is the Removable Storage which displays Media
libraries and ejectable drives so that Media files can be loaded to be played on your system.

Windows Disk Defragmenter- Print Screen 5.5

The next and another very important part of Computer Management in general is the Disk
Defragmenter (Print Screen 5.5). As explained earlier whenever you copy files to your hard disk
from external devices or when you execute an instruction, data is continuously being written to and
from the hard disk. This is done in a very haphazard manner on the small scale. Windows tends to
store the file in the largest continuous space available which may be different sectors for the entire
file. This causes the computer to perform slowly since every time the file is opened Windows has to
search and assemble the entire file again and again. Defragmenting is the process by which parts
of files are written to contiguous (or alternate) sectors so that access and retrieval time of the
computer is reduced. When you click on the Disk Defragmenter icon, Windows will display all the
volumes (partitions) on your hard disk. They will have the same label names as that shown in My
Computer. You can select to Analyze your drive or Defragment it. Actually Analyzing is
recommended since Windows will carry out analysis of all files on the selected drive and show you
a report of which files are the most strewn around and whether you should actually defrag your
volume or not. Do not run or open any applications when Disk Defragmenter is running
because any Input Output request to the hard disk is treated as a new start by the Disk
Defragmenter and you will find it resetting itself after every few minutes. Disk
Defragmentation can take some time since lots of data has to be moved and rearranged (it all

Page | 87
A Beginners Approach to Windows

depends on the amount of data on your hard disk) but what you get is a faster and more reliable
computer after waiting it out patiently.

Next we have the Disk Management section. This part of Computer Management allows easy
configuration of disk drives connected to the computer. You can even mount entire partitions into a
folder on some other drive. The Logical Disk Manager Service provides information about all online
as well as offline disks. Online disks are those in which data can be written or which is physically
present like your hard disks. You can even change drive letters and mount partitions as NTFS
folders into other drives or folders. For example suppose your computer has 3 NTFS drives (C:\, D:\
and E:\). You can mount the D: and E: drives into your C: Drive so that they are accessible from C:
itself. You don‘t have to go to My Computer to open these individual drives. Just right click on the
drive that you want to mount and select Change Drive Letter and Paths and then click on Add. To
change a drive letter click on Change. Windows cannot change or remove the drive letter of the
system drive. You can also change the view of the Disk Management Snap in to suit your needs.
Click on View on the menu bar and select the Top and Bottom sections. To change the color and
pattern of display select Settings from the View menu.

The next and last section is the Services and Applications section which shows all the services
installed and configured on the computer and which also allows you to control Indexed directory
settings. We have already seen in the previous chapter how indexing service helps us to search
faster, but is slightly memory consuming. Here you can easily add or delete existing drives and
folders that are indexed. Many people are unaware of the powerful ―infile‖ searcher of Windows.
This is not a separate program but a query that is parsed to the Indexing Service. Click on Query
the Catalog >> and in the Search text box enter the character you wish to locate through the
indexed records. Make sure the Indexing Service has started for the query to work. Let us take an
example to make this clear. Suppose you have a file in your D:\ drive and which has the word social
in it. By in it I mean in it, like a text file with the words Man is a social animal. The file may be of any
Office Application or a normal text, *.ini, *.inf. or webpage. Querying usually returns results which
are sorted by Rank in ascending or descending order whatever the Results may be.

Administrative Tools provide solutions to customize internal Windows settings and adjust devices
etc. Please use the Administrative Tools carefully.

Since Administrative Tools is a folder dragged as a snap in by the Management Console. Hence it
is not possible to use something like control Admintools.cpl since AdminTools is not a control panel
extension. But you can use the same line to open Administrative Tools. Go to Start >> Run and
type control AdminTools without any extension. The Control Panel calls Explorer to show the
Administrative Tools folder through Control Panel when this command is executed.

V.6: Date & Time (timedate.cpl)

Windows allows you to change the system time and your current time zone through this small
applet. Open the Date and Time Properties box from the Control Panel to change the current month
and year. It allows you to change the date, month and year along with the time. Any changes here
will also be reflected in the system BIOS. Click on a date on the date chart that is displayed. Click
on the month combo box to select a month and enter the current year manually or click on the up-
down arrow keys to change year. Click on Apply to save settings. Windows can set the year from
1980 to 2099.

Page | 88
A Beginners Approach to Windows

Date & Time Properties - Print Screen 5.6

Every individual machine on this planet comes under a certain Time Zone just like everything else.
To set your current time zone according to GMT standards click on the second tab i.e. the Time
Zone tab. Select your location from the drop down list. If your location is not listed then select a
location which is closest to yours‘. Click on Apply to save changes.

The third tab called Internet Time is of practically no use for home users. Windows allows users to
synchronize your computer‘s time with that of an internet time server through this tab. Select a time
server and press Update Now. Of course, synchronization will only occur if you are connected to
the internet and hence this serves little or practically no function for the common home user. It
shouldn‘t bother you anyways; you can always look at the clock hanging on your room wall for
reference. But when it comes to offices and industries, synchronizing time with servers becomes
important for businesses to work properly with clients all around the globe.

If you have installed Windows yourself then you may recollect that you had done date and time
settings when installing Windows along with Time Zone configuration. All these settings can be
changed here.

Sometimes it may so happen that some programs may crash unexplainably or may say that the
program cannot be run since it has expired. In such cases open the Date and Time Properties
dialog and check for the year for usually this is the culprit. In many cases the system's BIOS
changes the year to something Windows cannot recognize. Like once when I had my computer‘s
BIOS reset, the year that Windows was following was 385210, which is quite absurd!! These
problems may arise if you have replaced your computer‘s CMOS battery or if you have reset your

You can also open Date and Time by double-clicking the clock on the taskbar or by giving a right
click in the system tray and selecting Adjust Date/Time. Also you could go to Start >> Run and type

Page | 89
A Beginners Approach to Windows

V.7: Display (desk.cpl)

Windows allows you to change and customize desktop related settings specific to each user. This
means that each user on a Windows XP or Windows 2000 can have their personal theme,
wallpaper, screensaver and their own appearance for buttons and toolbars. Open the Display
Properties applet through the Control Panel or right click in an empty space on the desktop and
select Properties. The Display Properties dialog usually has 5 tabs named Theme, Desktop, Screen
Saver, Appearance and Settings. ―Usually‖ because sometimes it happens that some unwanted
registry changes by programs may cause one or more tabs to be invisible (Read more in the
chapter on The Windows Registry). Whatever the case the full fledged Display Properties displays
5 tabs, each one of which has been covered in depth below.

Display Properties - Print Screen 5.6

To change the way Windows looks, click on the Themes tab. Although it is by opened by default
when you start Display Properties, if it is not then you can always click on the tab. A Theme is
defined as a collection of background wallpaper, desktop settings, icons, sounds and start menu
customization. You can create individual themes by changing various settings on your computer
through the Display Properties dialog and then save it as a theme through the Themes tab. By
default when you install Windows, it gives you just two themes. One is the Luna theme (Windows
XP desktop) and the second one is the Windows Classic theme (Windows 2000 desktop). You can
save your current desktop and visual settings by clicking on Save As and by typing a name for the
theme. After saving the theme, it will be visible in the theme drop down list. You can even go online
and search for themes by clicking on ‗More themes online‘. The features that are saved as part of
your custom theme are your Desktop background wallpaper, its position (Tiled, Stretched etc.),
color, icons, screensaver, Windows & buttons, color scheme, font size, pointer schemes or
individual pointers, sound schemes and individual program events. Most of the above settings can
be done through the Display Properties dialog. For the Sound and Mouse Pointer settings read on.
You can even delete themes that you don‘t require. You cannot delete the themes that came
installed with Windows.

Page | 90
A Beginners Approach to Windows

The next tab is the Desktop tab which allows you to change the current wallpaper and desktop
icons. To select wallpaper just select one from the several shown in the Background wallpaper
select box. This space shows you wallpaper from the current users My Pictures folder and from the
%systemroot%\Web\Wallpaper folder. It is not necessary that you apply wallpapers that are found
in these two directories only. You can use the Browse button to search for a wallpaper and then
click on Apply to apply the wallpaper. In the preview pane if the selected picture does not appear
appealing to you then you can change the Position of the picture to stretch, centre or tiled.
Stretching will cause the wallpaper to fill the screen and tiling will cause the picture to get repeated
over and over again and again over the entire desktop. You can change the icons of My Computer,
Recycle Bin, My Documents and My Network Places. You can also enable or disable desktop icons
from being visible by clicking on Customize Desktop. You can even run the desktop clean wizard
which helps you in removing desktop icons which have not been used for a long time. You can
even display a web page on your desktop through the Web tab under the Desktop Items dialog.

The Screen Saver tab allows you to select a screen saver and have it activated after a certain time
of user inactivity. A Screen Saver is basically a program with a .scr extension that should be run if
you are not going to use your computer for sometime and will not be shutting down. Screen Savers
are usually pleasant designs or moving images that are shown on your screen by covering it fully.
Screen Savers are to prevent ―Screen Burning‖. We all know that the computer‘s monitor is made of
a picture tube just like a Television. If left inactive for some time with the same image displayed on
the screen, the image kind of gets electrically ―stuck‖ to the screen. If you shutdown your PC after
such prolonged gap of inactivity, you may be able to see a ghost image on the screen even after
you shutdown which will slowly disappear. Frequent occurrences of such cases can damage your
computer‘s monitor. Anyways, coming back to the Screen Saver tab, you can select a screen saver
from the drop down menu. Select a screen saver to display a miniature preview in the small monitor
in the tab. To see a fullscreen preview of the Screen Saver click on the preview button and don‘t
move the mouse. You can specify how much time you want the screen saver to wait before it pops
up when system is inactive. On Windows XP systems you can have the screen saver to display the
Welcome Screen by checking the option available. Another option could be to put your computer in
a low power state when idle. You can have Windows turn off your monitor or your hard disks or you
can cause your system to standby or hibernate (if available) after a specified period of time. Select
a time unit from the drop down menu for any of the available options or select pre-customized
Power Schemes. You can even save your customized Power Scheme for future use. It is advised
not to turn off your hard disks if you are using a Desktop Computer (PC) and when using AC Power

The Appearance tab allows you to change literally every visible option in the Windows Interface.
You can change windows, buttons, message boxes, text, title bar captions, font size of captions,
scrollbars, tooltips and icons. To change the color scheme that Windows is currently using click on
Color Scheme and select one from the drop down menu. Check out the Maple color scheme, it‘s
cool. Click on Advanced to change individual settings. Click on Apply to see the effects. You can
even save the then new look of Windows as a Theme by going back to the Themes tab and
selecting Save As. If you want to change back to the previous look of your Windows system you
can go to the Themes tab and select Windows Classic or Windows XP depending on your taste or
change back each and every setting manually back from the ―Advanced Appearance‖ dialog of the
Appearance tab. You can even select effects like Tool Tip fading and hiding of Keyboard Navigation
buttons until Alt is pressed. Try them out to see the changes.

The last tab is the Settings tab. This tab may vary on different computer due to difference of video
cards. This section of Display Properties allows you to change the screen resolution and, if allowed
by the graphics adapter, to change the gamma (brightness) of the screen. Your graphics adapter
name along with the Monitor support will be displayed here. You can change the screen resolution
by varying the slider towards more or less. You will see a small preview in the Preview Monitor. My
Video Adapter supports just 2 modes, 800 X 600 and 1024 X 768 pixels. The modes will vary on
different machines. Click on Apply to change the resolution. Your screen will go blank and a
Windows message box will pop up which will ask you if you would like to keep the configured

Page | 91
A Beginners Approach to Windows

Monitor and Desktop settings. If you like the new desktop look, then click on Yes, else to revert
back click on No. By default Windows will revert back to its original settings if no button is clicked
within 15 seconds. Keep the Color Quality at Highest 32 bit mode for better visuals. Click on
Advanced (if available) to change the Monitor and Graphic Card settings. In case of any problems
click on Troubleshoot to start the Windows Troubleshooter which will help you in resolving you any
issues with the graphics adapter or the monitor.

 It may so happen that after you click on “APPPLY” to change the screen resolution,
the screen will go blank and the monitor switches off or displays an out of frequency
error. Do not panic in such a case and do not press anything on the keyboard because
Windows reverts back to the original settings if no button is pressed after 15 seconds.
Even after 15 seconds if the monitor does not turn on try pressing the monitor power on
button on the monitor. If still the problem persists than start the computer in VGA
mode. Read the chapter on Troubleshooting Common Problems to know more.

Display Properties can also be opened by going to Start >> Run and typing desk.cpl followed by

V.8: Folder Options

Folder Options allows us to configure the look of folders and files in general. When you open Folder
Options you will see that it has 4 tabs. The first called General allows you to change options specific
to folders and view in general. The General tab has three frames. The Tasks frame allows you to
enable or disable Common Tasks in folders. Common Tasks is the panel in explorer that is
displayed in the left hand section of every folder opened. You can show common tasks or use
Windows Classic folders. The second frame of Browse folders allows you to change the way folders
open. You can have folders open in the same explorer window or cause folders to open in
individual windows. The first setting is recommended since the second option consumes more
memory. To understand the third frame you have to know what hyperlinks are. When you have to
go to another location in a browser window you may get the option of clicking on text or a custom
image or something that links the current page and the one that you are trying to view. In this frame
you get to make all folder and desktop items act as hyperlinks. That means that a single click will
cause the item to get activated. Like suppose you have a folder on the desktop which will open with
a single click. This is advantageous for people who find double clicking tiresome. On the whole
single clicking shouldn‘t be used for one common security reason. Viruses or some other malware
may get executed by mistake. The Default option is to double click on a item to open it.

The second tab is the View tab. This tab has options that allow you to display files and folders on
your computer or network. The Folder Views frame has two buttons. One is a grayed out button that
says “Apply to All Folders”. It is grayed out because ―Folder Options‖ has been opened through
Control Panel; if opened through any other explorer window, this button is normal. This button
causes the current folders settings to be applied to each and every folder on your computer. Like
suppose you are in D:\ drive and your current folder settings are that the icons should be arranged
in a list and Auto arrange is selected, then if you say Apply to All Folders then these settings will be
applied to all the folders on your computer. “Reset All Folders” will cause all settings of all folders to
default to the normal Windows Installation. These settings do not include the toolbar configuration.

 To open Folder Options through any normal Explorer window (My Documents for
example) go to Tools >> Folder Options, on the Menu Bar.

The Advanced settings options allow you to change a whole lot of things in the normal display and
working of files and folders. Let us see all of them one by one. Under File and Folders, the first
option causes Windows to search the network (if available) periodically to see if there are any

Page | 92
A Beginners Approach to Windows

printers or shared folders. If your computer is not a part of a network then you can disable this
option. The second option allows you to see file size information of folders when you move your
mouse over a folder. You may have noticed that a tooltip emerges which shows you the folder
contents and approximate size of the folder when you move your mouse over it. Removing the
check mark disables this option. The next option is to Display simple folder view in Explorer‘s
Folders list. This option causes Windows Explorer (WinKey + E) to automatically display a folders
contents as well as it subfolders when it is selected. The next option in line allows you to see
contents of system folders like your %systemroot%, %homepath% and Program Files. These
folders contain files required by Windows to run and work properly hence these folders and files are
hidden by default. The next option allows you to display the full path in the address bar and the
option after that causes Windows to display the full path in the title bar. The Do not cache
thumbnails options disables the automatic storage of file thumbnails into a cache file called
Thumbs.db. Windows can reuse the cache file to display folder contents if a certain folders View
settings are kept to Thumbnails. If disabled, folders having thumbnail view will take slightly more
time to open.

Under Hidden files and folders, there are just 2 options, show hidden files and folders and do not
show hidden files and folders. These options allow you to hide or unhide files and folders having the
hidden attribute. To see attributes of a file or folder, right click on the item and select Properties. As
far as possible select the show hidden files and folders options, it is safer that way. This along with
the next option disabled will allow you to identify and delete malicious programs and viruses. As we
have already seen that there are several file extensions on a given computer. Windows to improve
character and screen visuals hides known file extensions b default. This can be a serious security
threat, since there are viruses out there that have the icon of a MS Word file and are .exe in
extension. Now if the .exe part is hidden, how will you know that it is virus? Although when you
select the file, common tasks and the status bar display sufficient information to tell you that the file
you have selected is of type application, but majority of people hardly see here and may be tempted
to open the file and read its contents, barely knowing that they will be executing a virus. Next option
hides protected Operating System files. This is a recommended option and should be adhered to in
most of the cases. A hidden system file has the attributes of hidden, system and read-only
(usually). The ―Launch folder windows in a separate process‖ option causes Windows to open
separate folders in separate memory space. Although this causes system stability to increase, this
option is heavy on system performance.

Under the Managing pairs of Web pages and folders section, you have options to select the
behavior of web pages. Whenever you have a web page, you have an associated folder with it that
contains all the extra code, images and button files etc. In this section you can allow Windows to
manage the pair as a single file, or view and manage them as 2 complete individual entities.

Finally there are options to make Windows remember each folder‘s view settings, make Windows
restore previous folders that were open when you shut down or logged off, show Control Panel in
My Computer, to show encrypted or compressed NTFS files in color (usually dark blue) and the
option to show a pop up description of folder and desktop items.

The next tab is the File Types which show all the file extension supported and their respective
programs with which they open. This has been covered in the previous chapter, please take note.

The last in line is Offline Files which allows you to work with files and folders stored on your
network even when you are disconnected. This is made possible by creating a synchronized cache
on to your local computer from all the network computers shared resources. You can update your
Offline Files when logging on and while logging off. You can even configure Windows to show a
reminder balloon (in the system tray) when computers on the network go offline. The interval
between such reminders can also be changed. Encryption of offline data is also supported.

Page | 93
A Beginners Approach to Windows

Folder Options (Offline Files) - Print Screen 5.8

You can also select the amount of Hard Disk space to use (your system drive space) to store the
Offline files. Click View Files to see the offline content. Under the Advanced options, you get to
configure Windows to notify you when a system on the network goes offline.

Offline files will be enabled only when Fast User Switching is disabled. More on this ahead.

V.9: Fonts (%systemroot%\fonts)

A Font is basically a handwriting style that is user created and used by Windows and many other
applications to change the style and formatting of a document.

Fonts is a special folder that contains font files that the system continuously uses to read fonts and
display them in various application like the Welcome screen and so on. The font‘s folder is found in
the C:\Windows\ directory. Fonts can have various extensions and icons depending on the type of
file. The general types of font usually found are True Type and Open Type. True Type fonts have a
double ―T‖ written on the icon and those of open type have a O written on them. TrueType fonts are
device-independent fonts that are stored as outlines. They can be sized to any height, and they can
be printed exactly as they appear on the screen. On the other hand Open Type Fonts are clear and
readable in all sizes and on all output devices supported by Windows. Open Type is an extension of
TrueType font technology.

Raster fonts are designed with a specific size and resolution for a specific printer and cannot be
scaled or rotated. If a printer does not support raster fonts, it will not print them. The five raster fonts
are Courier, MS Sans Serif, MS Serif, Small, and Symbol. Raster fonts are also called bit-mapped

You can always double click and open a font file to see the writing style. You cannot copy any font
out of this folder, to copy fonts out, copy the entire Fonts folder into some other location and then
try copying.

To install a new font on to your computer, just copy the font into the Fonts folder, the font will be
installed. If a conflicting name or font is found then the font will not install saying that the font is
already present and to uninstall the previous font if you want to install the new one. Another method

Page | 94
A Beginners Approach to Windows

of installing a font is to click on File >> Install New Font from the menu bar. Browse for the font
through the search dialog and click on OK to install font. To uninstall a font, right click and delete
the font. Another thing that you may notice is that the Folder Options when selected through the
font‘s folder does not show the file type tab. Instead a True Type Fonts tab is displayed which
allows you to select only True Type Fonts to display in programs.

The font‘s folder can also be opened by going to Start >> Run and typing Fonts, without .cpl or
anything since the fonts folder is an integrated explorer folder.

V.10: Internet Options (inetcpl.cpl)

A whole lot of Internet settings can be tweaked and changed through the Internet Options. You can
open the Internet Options dialog from Internet Explorer too. Open Internet Explorer and click on
Tools >> Internet Options on the menu bar. Internet Options is also the dialog of Internet Explorer,
which means that it can also be opened by the Right Click >> Properties option on the Internet
Explorer icon on the desktop. There is a slight difference when you open Internet Options from the
Control Panel and from the Internet Explorer‘s Tools menu. The difference is so small that you will
hardly notice it: when you open Internet Options from the Control Panel, it is named as Internet
Properties and when opened from Internet Explorer or from the right-click >> Properties of Internet
Explorer desktop icon, then it is named as Internet Options. Both are the same, just the difference
in the caption of the dialog. It is unexpected though….

Internet Properties - Print Screen 5.9

Internet Options has seven tabs normally. Each of these tabs can customize your Internet surfing
and to a certain extent even your normal Windows working since Internet Explorer and the
Windows Explorer are integrated at some levels. Let us now see the tabs of Internet Options in

Page | 95
A Beginners Approach to Windows

The first tab is the General tab that allows you to configure some common Internet Options like the
start page and the time for which Windows should keep pages in History. You can also customize
the way a web page looks, from this tab. From top to bottom; you have three frames. The home
page is the address of a website or location that the browser (Internet Explorer) searches and
displays when it is opened. Whenever you open the browser through the desktop shortcut or
otherwise it will by default go to the page mentioned in the Address field of this tab. You have the
option of selecting the default webpage by clicking on Use Default which makes
‗http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome‘ the default webpage. You
can even keep the page to a blank by clicking on Use Blank, which sets the address field to
‗about:blank‘. Custom addresses are also allowed. For example if you want Google to be the home
page whenever you open Internet Explorer then you can type in www.google.co.in in the Address

Every time you view a webpage it so happens that the website copies files like images and sounds
or animations into a Temporary Internet folder on your hard disk. This is done for faster loading of
pages, since opening a file from you local machine is faster than opening it from a machine which is
distanced in terms of network traffic. These temporary internet files contain an interesting and
controversial group of files called cookies. Cookies are files created and maintained specifically for
certain users to study their browsing habits. Lie suppose you login to a shopping website to buy a
digital camera, this website will save a file on to the hard disk of your computer with information of
your interest in digital electronics. Now suppose you login after a few days into the same website,
the website searches and locates its cookie and then displays items that match your interest. If you
are afraid that your privacy is at risk then you can delete cookies in the temporary internet folder by
pressing the Delete Cookies button. Over a large period of time, the size of temporary files can
become alarming. It is hence a healthy practice to delete the contents of temporary folders once in
a while. Click on Delete Files to empty the contents of the temporary folder. Select the Delete all
offline content option to delete locally stored web pages. To customize settings for temporary files
click on Settings. Here you can specify how frequently you want Internet Explorer to check for
newer file versions. You can even specify the maximum folder size that the temporary folder can
have. Keep it as low as possible (1 MB). Here you will also be able to see the location of your
temporary Internet folder which usually is %systemdrive%\Documents and
Settings\%Username%\Local Settings\Temporary Internet Files\. You can change this location to
another folder by clicking on Move Folder…. To view the contents of the temporary folder click on
View Files…. To view Downloaded objects like executables and .msi scripts click on View
Objects....which will open %systemroot%\Downloaded Program Files\ which is the default folder to
store downloaded program folders. These folders will contain files even though you may not have
downloaded them yourself. Many applications get updated once you connect to the Internet, these
files are essential for the proper running of the applications that had downloaded them.

Next in line is the History folder setting. The history folder contains links to pages or locations you
have visited, for quick access. You can view the contents of your history folder by opening any
Windows Explorer window or Internet Explorer window and pressing the key combination of ―Ctrl +
H‖ which will open up a toolbar to the left of the screen through which you can view the contents of
your history. You will be surprised to see the amount of data that can be retrieved from the history
folders. You can even read your mails and online surfed data from the history folder. You can clear
History manually by clicking on Clear History or by setting a count in the Days to keep pages in
history: option. Keep this setting at 1 day. You can even keep it at zero but it can create problems
with searching of history files.

To change the color of the background or text (links – visited and unvisited) click on Colors… Here
you can change the color of links that have been visited and even give hover color. Text fonts can
also be changed irrespective of the font in which the webpage was originally written by clicking on
Fonts… Some websites offer documents in multiple languages. You can specify these under the
Language Preference dialog which can be opened by clicking on Languages… You can even
override a webpage‘s setting of font styles, font size and color by selecting the respective options
through the Accessibility… button. Click on Apply to save changes.

Page | 96
A Beginners Approach to Windows

The next tab in line is the Security tab. This tab allows you to distinguish between websites on the
basis of content. Web sites are divided into 4 zones. The first is the Internet zone, the second is the
Local Intranet, the third is the Trusted sites and the last is the Restricted sites. You can add
websites of your choice to any of the zones by clicking on Sites when a zone of your choice is
selected. You can set the security level for these zones by moving the slider or by selecting custom
options through the Custom Level button. The custom level options are usually meant for
Administrators and individual descriptions are beyond the scope of this text. Individual configuration
of each and every website you visit can be quite time consuming and tiring.

The third tab is the Privacy tab. This allows you to set your online privacy settings, by customizing
cookie configuration. Keep the setting on Medium by moving the slider up or down. You can even
override automatic cookie handling by selecting the options available under the Advanced button.
Keep the settings on Prompt for secure reasons. Internet Explorer will ask you for an appropriate
option if a cookie is encountered. Individual cookie configuration for websites can also be done
through the Edit button which will allow you to add websites of your choice whose cookies you want
to enable or disable.

The next tab, called Content, is provided for advanced Internet users. This tab allows you to
configure the Content Advisor. Click on Enable to open the Content Advisor configuration page.
Here you can select rating levels that can be viewed on your computer. Categories include
Language, Nudity, Sex and Violence. These categories have rating levels on the internet. You can
prevent these sites from opening by specifying the level that has to be shown. There is also a tab
here that allows you to set a website as an Approved Site thus overriding any settings of the
Content Advisor. Under the general tab of the Content Advisor you can allow users to see sites that
have no ratings or/and allow a supervisor or the Content Advisor configuration personnel to enter a
password to be able to see these websites. You can create a Content Advisor password by clicking
on Create Password… You can even add Rating Systems by clicking on Rating Systems, the
default installed is the RSACi. Under the Advanced tab of the Content Advisor, you can select a
ratings bureau if some rating systems require to check or update their current rating levels.

The Certificates frame allows users to change Certificate properties and details. Certificates are
documents that contain information of how data should be encrypted while being transferred from
one computer to another and they allow the Operating System to decode contents and give
authorization users. You can Import your own certificates and customize options. It would be
advisable that being a newbie, please do not change any options under the Certificates and
Publishers buttons.

Some websites require you to complete forms etc. Like for example suppose you want to create a
new e-mail ID on the net, then you are required to fill in some details like your Name, Address, age,
date of birth etc. which can be quite tiresome if you have many forms to be filled. You can use the
Auto Complete option of Internet Explorer that automatically fills the details for you. You can create
a Profile through the My Profile… button.

The Connections tab shows you the Virtual Private Network (VPN) connections and the Internet
Connections (including Dial-Up and Broadband). To setup an Internet Connection click on Setup to
start the New Connection wizard (covered in detail later). You can also add other network
connections like VPN, ISDN or/and Direct Computer Serial connections. Click on Settings… if you
wish to add a proxy server to the connections. You can even change your Local Area Network
Settings (although not most of it) through the LAN Settings… button.

The Programs tab allows you to specify which program Windows automatically uses for each
Internet service. If you have MS Office with MS FrontPage installed then you can set the HTML
Editor to Microsoft FrontPage, E-Mail to Outlook Express, Newsgroup to Outlook Express, Internet
call to NetMeeting, Calendar to Microsoft Outlook and Contact list to Address Book. You can reset
all your changes including the start page to the Internet Explorer defaults by clicking on the Reset

Page | 97
A Beginners Approach to Windows

Web Settings…. If you have more than one web browser installed on your computer then you can
make Internet Explorer check to see whether it is the default browser or not. Click on Apply to save

The last tab, rightfully called Advanced, allows you to change the entire settings of Internet
Explorer. It is advised not to mess around with these settings unless you know what you are doing.
Click on Restore Defaults to load default values and options. Explaining every option under this tab
is beyond the scope of this text. Click on Apply and OK to save and Exit the Internet Options dialog

Internet Options can also be opened by going to Start >> Run and by typing inetcpl.cpl followed by
a carriage return.

V.11: Network Connections (ncpa.cpl)

The Network Connections control panel applet is a full fledged explorer window in itself. Whenever
you open the Network Connection icon in Control Panel, the file ncpa.cpl is run which opens the
Network Connections interface in an Explorer window. Enable the common tasks if not visible by
going to Folder Options and selecting Show common tasks in folders in the Tasks frame of the
General tab. Click on OK to save and exit settings.

The Network Connections window allows you to configure your computer connections, be they dial-
up or your home network. All connections are listed here. We shall see how a dial – up connection
is to be created followed by the setting up of home network.

To create a dial up connection to connect to the internet through your phone:
 click on Create a new connection or go to File >> New Connection
 In the wizard that opens, click on Next
 Select the Connect to the Internet option (topmost) and click on Next.
 Select the Set up my connection manually option and click on Next.
 In this page select the type of connection that you want to have. We will assume a dial up
connection using a dial up modem, for which you will have to select the first option saying
Connect using a dial up modem and click on Next.
 In this page type the ISP name, if you want, and click on Next. The name you type here will
be the name of the connection you are creating.
 Here can enter the phone number of the server. Please take care to enter the number
correctly. You may have to type in the area code or ―1‖ to make it work correctly. A simple
technique to see if the number is a valid ISP number is to dial the number manually through
your landline phone and if you hear garbage or weird modem noises on the other end, you
can bet on it that it is valid.
 In the next page, type in your Username and Password. Confirm your ISP password by
typing it again. You can select options to make this the default Internet Connection, to use
this same Username & Password for anybody who wants to connect and to turn on the
Internet Connection Firewall for this connection.
 The last page allows you to create a desktop shortcut to this connection. Select the check
box and click on Finish.

To connect to the Internet just double click on the desktop icon of Dial up Connection and type in
the Username, Password and the Phone Number if you had not typed it in during setup and click on
Dial. You will be connected to the net in no time.

Before we begin the procedure to make a home network we have to understand what the
components of a simple network are. A network is basically the connection of two or more
computers in such a way that they can share printers, files and an internet connection. Networks

Page | 98
A Beginners Approach to Windows

are usually used to share files and printers but they can also be used to play LAN games and
control usage. A LAN or Local Area Network refers to the network made by computers in the same
physical geographic location. To make a network of two or more computers you require computers
with network cards, a hub or switch and network cables with connectors. A modem is required only
if you wish to share your Internet Connection on the network.

 A hub connects multiple computers at a central location. A hub is typically used
when connecting two or more computers to an Ethernet network. Hub is a broadcast
device, means it broadcasts data to all computers on the network and it is the duty of
the destination computer to accept data and all others to drop data that they are not
intended to receive. Switches on the other hand are unicast devices that send data
directly to the destination computer.

After obtaining all of the above hardware, start the Network Setup by clicking on File >> Network
Setup Wizard or by selecting Setup a home or a small office network from the common tasks pane.

Once the wizard starts follow the following steps:
 In the wizard that opens, click on Next
 Check if you have installed the network cards and attached the hubs/switches and the
cables appropriately. Connect to the Internet from the machine which has a modem, to
make it the Internet Connection Sharing (ICS) host. During setup, the wizard will determine
the ICS host if it is connected to the net. Click on Next.
 Select the statement that best describes your computer. If your computer connects directly
to the Internet and the other computers also connect directly to the internet then select the
first option. If your computer is a standalone machine which connects directly to the Internet
and there is no Network present then select the second option or if your computer belongs
to a network that does not have a network connection yet, select the third option. You can
view examples of each description by clicking on View an example. Click on Next to
 The next page asks you to give a Computer name. Your computer will have a name but it
may not appeal to you. You can change the name of your computer and if you wish give a
description of it. Some ISPs require that you have a specific computer name, and if that is
the case, leave the computer name as it is. Click on Next.
 Here you have to give a name to your network. The default is MSHOME. You can have a
more familiar name like HOME or OFFICE or MILITARY etc. One thing to bear in mind is
that all the computers on the network should have the same workgroup name. Click on
Next to continue.
 The next page will show you all the settings that will be applied if you click on Next, after
confirming all of them, click on Next.
 The wizard will then apply all settings and create a network. You have to then run the
wizard on the other computers which you want to include in the network. If you intend
connecting a Windows 98 machine then run the wizard through the Windows XP CD ROM
from its startup screen.

Network Connections also allows you to change the settings of a connection. You can do this by
selecting Change settings of this connection from the common tasks menu. You can also right click
on an item and select properties to change settings of an object. Network can also be repaired by
selecting the repair option from the File menu or the right click context menu.

Two terminal Networks will work like this, but if your network has more terminals then you will have
to assign IP Addresses. Open Properties of your Local Area Connection and select Internet
Protocol(TCP/IP) and click Properties. Select Use the following IP Address type the IP Adress in
decimal form for the current machine (eg: The Computer which connects to the
net directly will be your Gateway. Keep the DNS fields blank for now. Click on OK. Repeat the
procedure for the other computers, use consecutive IP addresses for ease of recollection.

Page | 99
A Beginners Approach to Windows

Use ping to check if the other computer whose IP is is on the
network. If you get a 32 byte reply packet then your good. Replace with the other
computer‘s IP Address that you would want to test.

Network Connections can also be opened by going to Start >> Run and by typing ncpa.cpl and

V.12: Regional and Language Options (intl.cpl)

The Regional and Language Options dialog allows users to change the Language and select a
location for providing services like weather report and news. Most of these settings are configured
during the installation of Windows. The Regional and Language Options also allows you to set
number, currency and time formats. The Regional and Language Options has three tabs each of
which has been covered below.

Regional & Language Options - Print Screen 5.10

The first tab is the Regional Options tab. Here you can modify the way numbers, currency, time and
date are displayed on your computer. You can select a standard of display from the drop down list
or click on Customize to change these items manually. The Customize Regional Options available
through the Customize button has four tabs each of which allow you to set numbers, currency, time
and date formats. The Numbers tab allows you to change the decimal symbol (.), digit grouping
symbol (,), negative sign symbol (-), list separator, measurement system and lots more. You can
change any of the options to anything valid. Click on Apply to save settings. The Currency tab
allows you to format currency related options. In this tab you can change the currency symbol from
$ to Rs., set the format for positive and negative currency, change the decimal symbol for currency
and change the way digits are grouped amongst other options available. The Time tab allows you
to customize the way you see your system clock in the notification area (system tray). The standard
format is ―hh:mm:ss tt‖ where hh = hours, mm = minutes, ss = seconds and tt = AM or PM. You can

Page | 100
A Beginners Approach to Windows

change the time format to anything that is available and allowed by the dialog. You can change the
time separator from ―:‖ to anything you like. The AM and PM symbols can also be changed in a
similar way. The time format notation is explained in the same tab for easier understanding. The
Date tab allows you to configure the date formats (both long and short) and the year setting. A short
date is something like ―2/11/2006‖ and a long date is something like ―Saturday, February 11, 2006‖.
You can make Windows interpret a two digit year to be a year between 1930 and 2029 or any 100
year span of your choice.

The second tab, called Languages, allows you to install support for East Asian languages and
complex scripts that include right to left languages (including Thai). You can select the boxes and
click on OK or Apply for the installation to start. The complex scripts (the first option) take upto 10
MB of space on your disk and consist of language support for Arabic, Armenian, Georgian, Hebrew,
Indic, Thai and Vietnamese. The East Asian Languages consist of Chinese, Japanese and Korean
and require upto 230 MB of additional space on your hard disk. You will be prompted to insert the
Windows Installation CD when you click on OK or Apply. To change or view the languages and
methods you can use to enter text, click Details, which will open up the Text Services and Input
Languages dialog box. Here you can add Non standard keyboard layout by clicking on Add. For
example you can add a Hindi Keyboard or Tamil for that matter and use the language bar (it pops
up on the desktop right on top or on the taskbar next to the system tray) to switch between the
English keyboard and others that you have installed. Click on Language Bar to select the Show the
Language bar on the desktop option. You can even give shortcuts to the switching between
keyboards through the Key Settings button. Under the Advanced tab you can turn on advanced text
services in programs like notepad and others which do not normally support speech and
handwriting recognition or other advanced input services. You can even turn off advanced text
services, it is not recommended though for East Asian language users since it closes the Language
Bar and keyboard layout switching becomes a mess.

The last tab is the Advanced tab. It is advised that you leave this page as it is. This page allows you
to change the system setting to allow non-Unicode programs (programs that can read and use
ANSI characters. These are very old programs, compiled using native compilers). Select a
language to match the language version of the Non-Unicode programs you want to use. This
enables the program to display menu and other options correctly and in a readable format. You can
even add or remove code page conversion tables by selecting or deselecting the appropriate check
box. By adding the correct code page conversion tables, Windows is able to interpret the letters and
other characters used in that program and convert them to and from Unicode characters.

 Examples of Unicode characters are ╬, ╥, ☻, ♥, ♣, ♣ which can be written in notepad
by using an ASCII equivalent. Open notepad by going to Start >> Run >> notepad. Hold
down the Alt key and type 1230 on the NUMPAD and then release the Alt key to give ╬.
Try other combinations for other characters.

In this tab you also have the option of applying all the settings to the current user account and apply
it even to the default user profile that will be used if a new user is being created. Any new users
created after you apply this setting will automatically have the settings selected by you through this
page. You may have to restart your computer. Click on OK to save all settings and Exit.

The Regional and Languages Options dialog can also be opened by going to Start >> Run and by
typing intl.cpl followed by an Enter.

V.13: Scheduled Tasks

The Scheduled Tasks of Windows allows you to schedule a task for Windows to run at a convenient
time as required by the user. You can schedule antivirus scans, disk defragmentation task, drive
checking tasks etc. at a time you feel suitable.

Page | 101
A Beginners Approach to Windows

To create a new job, double click the Add Scheduled Task icon to start the Scheduled Task Wizard.
 The Wizard will search all the available programs on your computer and display them in the
programs box. If your required program is not listed then click on Browse to manually locate
 After you have located the program or when you select an application from the list, click on
Next. Type a name for the task, this name can be the same as that of the program. You
now have to select the time when you would want the job to be performed. You have
options to perform the task Daily, Weekly, Monthly, One time only, When your computer
starts or When you log on. Each of these options has a different setting once you click on
next. These settings can be easily configured and therefore I‘ll leave these settings to you.
 Click on Next once you have done the necessary time and date or account and password
settings. You can now finish the wizard by clicking on Finish and you can simultaneously
call for the properties of the task by selecting the option to open advanced properties for
that task when you click on Finish.

The properties dialog of a scheduled task has three tabs. The first tab called Task allows you to
change the location of the executable (you can change the executable itself by clicking on Browse).
You can even specify the Username in the Run as text field and Password (click on Set password)
for the task if not done so previously. You can enable or disable this task by removing the check
mark against the Enabled option. The second tab is the Schedule tab which allows you to change
what you had specified in the wizard. Here you can modify the schedule task to occur at a different
time. You can even have multiple schedules for a single task. Click on the Show multiple schedules
option to enable multiple schedule setting. The third tab is the Settings tab which allows you to
configure the aftermath of task completion, like you can delete the task once it is completed and if it
is not scheduled to run again. You can even stop the task if it runs continuously for a certain period
of time which you can specify. You can also make the computer start the task if the computer has
been idle for some time which again you can specify. You can also make Windows stop the task if
the computer ceases to be idle. It is advised not to start any scheduled task if the computer is
running on batteries. Hence select the options that point to this (namely the first and the second).
The third option here is to make the computer come out of Stand-By mode to run this task.

Another important item to mention here is the Advanced option on the menu bar. It has got options
that allow you to configure Scheduled Tasks in general. You can stop using task scheduler or
pause its running. You can even make it notify you of missed tasks due to system power down or
anything else for that matter. You also have something known as the AT Service Account
configuration which deals with the AT command of Command Prompt. Setting the option to System
Account causes the AT command to be used as a system wide component, else you can restrict its
usage by giving an account who is capable of using it. The AT command schedules commands and
programs to run on a computer at a specified time and date through the Command Prompt. The
Schedule service must be running to use the AT command. You can also read the log file that is
continuously being updated to see where and what the errors were if any and to study the normal
functioning of the program. You can open the log file by going to Advanced >> View Log on the
menu bar. The log file is found in %systemroot% by the name of SchedLgU.txt.

The right click in the Scheduled Tasks folder gives only one New option, a New scheduled task
whose selection will cause the Wizard to run.

The Scheduled Tasks option accessible through the Control Panel is actually a folder in
%systemroot% called Tasks and hence you can also open Scheduled Tasks without going to the
Control Panel by going to Start >> Run and by typing Tasks followed by an Enter.

Page | 102
A Beginners Approach to Windows

V.14: System (sysdm.cpl)

A very Important component of the Control Panel, System Properties allows you to change
Windows settings that are related to memory and the system in general. It also displays important
information about your system, like processor type and speed and total physical memory available
on your system. You can also find information about hardware and device properties, as well as
configure hardware profiles and report system and program errors to Microsoft when they occur.

 Another way of opening System Properties is to press the “Start + Pause Break” key

System Properties - Print Screen 5.11

System Properties has 7 tabs arranged in a 4 and 3 tab fashion. Each of these tabs have their own
distinct functionality. Whenever you open System Properties, the first tab that is by default selected
is the General tab. Here you will be shown system related information like the name of the
Operating System, alongwith its version and name of the Service Pack (if any). This is followed by
the information of the registered owner of the computer. This is the same information that you had
entered during installation of Windows. Here you will see your name, company and a 20 character
serial key that may look something like XXXXX-OEM-XXXXXXX-XXXXX. The OEM part of it tells you
that your copy of Windows installed is an OEM product. OEM stands for Original Equipment
Manufacturers and includes companies that manufacture computers. The next part of the
information displayed on this page is the system information. Here you will see the type and speed
of your processor. An example is; Intel(R) Pentium(R) 4 CPU 2.00GHz where Intel(R) Pentium(R) 4
CPU is the name of your processor and 2.00 GHz is the speed of the processor. The speed shown
here may actually be slightly less then what your computer‘s manufacturer told you or the speed
that is written in the computers manual. This can be due to the voltage changes in the processor

Page | 103
A Beginners Approach to Windows

configuration or due to incorrect reading by the OS. This is also the case with the RAM count. Here
you will also see the amount of RAM installed on your computer. Although the standard RAM cards
available are 128, 256, 512 or 1GB, it may so happen that Windows may not display the exact size
here. This is because some computers use a portion of the Physical RAM as VRAM (Video RAM),
and this amount is subtracted from the actual size. Sometimes it may so happen that there will be
bitmap image on display next to the System information section and your computer manufacturer‘s
name is also visible in the Computer section of this tab. This is a simple trick that is used by OEM
companies to make publicity about their presence. Read the chapter on Tips & Tricks to add your
own image and information here.

The second tab is the Computer Name tab which allows you to modify your computer‘s name. Here
you will be able to see the current name of your computer and also the name of the Workgroup.
The information saved or modified through this page is used by Windows to identify that particular
machine on a network. To change the name of your computer, click on Change and under
Computer name, type a new name for the computer, and then click OK. You can even change the
name of your workgroup for that matter. To see the NetBIOS name and to specify a Primary DNS
(Domain Name System) suffix, click on More… If you are not on a network leave this field and the
Workgroup field as it is. Click on Apply to save changes. You may have to restart your computer for
the changes to take effect.

The next tab, called Hardware, deals with the attached system hardware and peripheral devices on
your computer. You can start the Add Hardware Wizard by clicking on the Add Hardware Wizard
button. The Device Manager frame allows you to start the Device Manager snap-in and change
Driver signing settings. Windows device drivers and operating system files have been digitally
signed by Microsoft to ensure their quality. A Microsoft digital signature is your assurance that a
particular file has met a certain level of testing, and that the file has not been altered or overwritten
by another program's installation process. Many devices that require driver files for them to work
properly have their drivers tested and digitally signed by Microsoft. Software for hardware products
with the Designed for Microsoft Windows XP logo has a digital signature from Microsoft,
indicating that the product was tested for compatibility with Windows and has not been altered since
testing. During hardware installation, Windows might detect software that has not passed Windows
Logo testing to verify its compatibility with Windows XP. In such cases you can have Windows take
a predefined action. To change these actions click on the Driver Signing button, to open the Driver
Signing Options dialog. Under File signature verification, click on Ignore to allow all device drivers
to be installed on this computer, regardless of whether they have a digital signature, Warn to
display a warning message whenever an installation program attempts to install a device driver
without a digital signature. This is the default behavior for Windows or click on Block to prevent an
installation program from installing device drivers without a digital signature. If you are the
Administrator then you can have the current action as the system default. Just check the
Administrator option and click on OK to save changes.

Before we see what the Hardware Profiles button does, let us first try to understand what a
Hardware Profile actually is. A hardware profile is a set of instructions that tells Windows which
devices to start when you start your computer or which settings to use for each device. When you
first install Windows, a hardware profile called Profile 1 (for laptops, the profiles are Docked Profile
or Undocked Profile) is created. By default, every device that is installed on your computer at the
time you install Windows is enabled in the Profile 1 hardware profile. The profile named Profile 1
(Current) provides a model for you to create new hardware profiles. It will not appear in the list of
available hardware profiles shown during startup.

If there is more than one hardware profile on your computer, you can designate a default profile that
will be used every time you start your computer. You can also have Windows ask you which profile
to use every time you start your computer. Once you create a hardware profile, you can use Device
Manager to disable and enable devices that are in the profile. When you disable a device in a
hardware profile, the device drivers for the device are not loaded when you start your computer.

Page | 104
A Beginners Approach to Windows

Click on the Hardware Profiles button to open the Hardware Profiles dialog. To create a customized
profile, click on Copy and then type name for the profile. You can customize your new profile by
enabling or disabling devices for that profile in Device Manager. You can also make the computer
to wait until a profile is selected or make the computer select the first profile in the list in 30 seconds
(can be changed).

The next tab is the Advanced tab which allows you to configure virtual memory, user profiles and
startup and recovery options. You to be an Administrator to make changes in this tab. To change
performance related settings click on Settings in the Performance frame. In the Performance
Options dialog under the Visual Effects tab, select the settings you want to use for the appearance
and performance of Windows. By default Windows XP has the ―Let Windows choose what‘s best for
my computer‖ option selected. You can change that and adjust your Windows XP settings for better
performance or better appearance. You can even have a custom option and select individual
options from those listed. Click on Apply to see the changes. Under the Advanced tab you can
specify whether your processor priority should be towards the performance of Programs or
Background services. Similar is the case with memory usage on your computer; you can specify
whether Programs should have the edge or the system cache. If your computer is a Server (normal
PCs are called Workstations) then you can have Processor Scheduling and Memory usage to
Background services and System cache respectively.

Right down you will see the total paging file size on your computer for all drives. Click on Change to
modify Virtual Memory settings. To create a page file on a drive, just select the drive, select the
option saying System managed size and click Set. Click on OK to save changes. You may have to
restart your computer for the changes to take effect.

 When your computer is running low on RAM and more is needed immediately,
Windows uses hard drive space to simulate system RAM. This is known as virtual
memory, and is the space is called the paging file. The default size of the virtual memory
pagefile (named pagefile.sys) created during installation is 1.5 times the amount of RAM
on your computer. The more the paging files and sizes the faster your computer
becomes. The paging file is normally a superhidden system file in the root of the drive.

To change or modify User Profiles click on Settings under the User Profiles frame. A user profile
defines customized desktop environments, such as individual display, and network and printer
connections settings. You can delete or copy profiles through the User Profiles dialog that opens up
through the Settings button. Here you can see all the profiles that are present on your computer
along with their size, type, status and last modified date. The size shown is inclusive of the My
Documents folder and hence may be alarmingly large for your account. There are basically three
types of profiles: a local user profile, which is created the first time you log on to a computer and is
stored on the computer's local hard disk. Any changes made to your local user profile are specific
to the computer on which the changes are made. Then there is the roaming user profile, which is
created by your system administrator and is stored on a server. This profile is available every time
you log on to any computer on the network. Any changes made to your roaming user profile will be
updated on the server. Finally, there is the mandatory user profile, which is a roaming profile that
can be used to specify particular settings for individuals or an entire group of users. Only system
administrators can make changes to mandatory user profiles.

To change startup and recovery options click on Settings in the Startup and Recovery frame. The
Startup and Recovery dialog allows you to change the Default Operating system; incase of
computers with multiple OSs. You can also change the time for which you want the boot.ini to be
displayed with all the Operating Systems. In case of auto restarts or a hard reboot a recovery
options page is shown at startup just after the display of the boot.ini file. You can specify the time
for which this page should be shown by changing the time in the field provided. To manually edit

Page | 105
A Beginners Approach to Windows

the startup options through the boot.ini file, click on Edit to open the boot.ini file in notepad. This
method of manually editing is not advised though.

 An easier and safer method to edit the boot.ini file is through msconfig. Go to Start
>> Run and type msconfig followed by a carriage return. The fourth tab is the BOOT.INI
tab through which you can safely modify startup options.

You can even specify what Windows should do in case of system failure. Windows can be
configured to do the following when a severe error (called a Stop error or fatal system error or the
Blue Screen Error) occurs:
 Write an event to the system log
 Alert administrators
 Dump system memory to a file that advanced users can use for debugging.
 Automatically restart the computer.
The dump of system memory to a log file can be valuable for debugging the cause of the Stop
error. If you contact your technical support representatives about the error, they might ask for the
log file. Note that Windows writes the log file to the same file name (Memory.dmp, by default) each
time a Stop error occurs. To preserve log files, you should rename the log file with a unique name
after the computer restarts. You can select the type of information you want Windows to record
when the system stops unexpectedly under Write debugging information. There are three possible
 Small Memory Dump records the smallest amount of information that will help identify the
problem. This option requires a paging file of at least 2 MB on the boot volume of your
computer and specifies that Windows will create a new file each time the system stops
unexpectedly. A history of these files is stored in the directory listed under Small Dump
 Kernel Memory Dump records only kernel memory, which speeds up the process of
recording information in a log when the system stops unexpectedly. Depending on the
amount of RAM in your computer, you must have 50 MB to 800 MB available for the paging
file on the boot volume. The file is stored in the directory listed under Dump File.
 Complete Memory Dump records the entire contents of system memory (RAM) when the
system stops unexpectedly. If you choose this option you must have a paging file on the
boot volume large enough to hold all of the physical RAM plus one megabyte (MB). The file
is stored in the directory listed under Dump File.

To change Environment Variables for users and system, click on the Environment Variables button.
Environment variables are strings that contain information such as drive, path, or file name. They
control the behavior of various programs. For example, the TEMP environment variable specifies
the location in which programs place temporary files. Any user can add, modify, or remove a user
environment variable. However, only an administrator can add, modify, or remove a system
environment variable.

 You can go to Start >> Run and type any of the environment variable to see funny
error messages or to open the folder or file if it exists. The format is “%variable%” with
the quotes if the value is of more than one word. For example

You can create a unique shortcut to any folder or program on your computer through a variable.
Like for example assume you have a folder that you want to open in your D: drive. Assume the
name and location of the folder to be D:\Project Works\Books\A Beginner's Approach to
Windows\Chapters\Completed\. Now instead of going to My Computer and all the way in, you can
create an environment variable with the name d or anything you like and the value to be ―D:\Project
Works\Books\A Beginner's Approach to Windows\Chapters\Completed\‖ with the inverted commas

Page | 106
A Beginners Approach to Windows

so that you don‘t have to type them in the run box. Now say OK to create and test it by going to
Start >> Run and by typing %d% followed by Enter. If everything went correctly, it should work.

Program Error Report - Print Screen 5.11

When a system error occurs, the computer displays a blue screen containing error codes, and all
computer operations stop. When an illegal operation or other error occurs in a program (such as
Microsoft Word), that causes a program error, the program stops working. You can report system
and program errors to Microsoft. This reporting system allows Microsoft to track and address
operating system, Windows component, and program errors. You can configure error reporting to
send only specified information. For example, if you only want to report system errors, you can
specify that reports be generated only for the operating system. The same is true for Windows
components, such as Windows Explorer, Paint, or Internet Explorer; and for programs, such as
Microsoft Word, installed on your computer.

When an error occurs, a dialog box will be displayed, prompting you to indicate whether or not you
want to report the problem (Print Screen 5.11). When you choose to report the problem, technical
information about the problem is collected and then sent to Microsoft over the Internet. If a similar
problem has been reported by other people, and more information is available, a link to that
information will be provided.

The next tab in line is the System Restore tab, which allows you to configure System Restore
settings on all the drives present on your computer. To change the amount of space that should be
used to keep System Restore files, click on Settings after selecting a drive from the scroll menu.
Move the slider to set space that has to be used. Decreasing the space may reduce the number of
System Restore points that can be created. You can even turn off System Restore on all drives or
on selected drives only. To turn off System Restore on all drives, select the Turn off System
Restore on all drives option whereas to turn off System Restore for individual drives, select the
drive and click on Settings. In the drive settings dialog, select the Turn off System Restore on this
drive option and click on OK. You cannot turn off System Restore on your system drive without
turning it off on all drives. If you turn off System Restore, all existing restore points will be deleted
and you will not be able to track or undo changes to your computer.

The next tab is the Automatic Updates. Here you can specify whether you want to use the Windows
updater or not. With Automatic Updates, Windows routinely checks for updates that can help
protect your computer against the latest viruses and other security threats. These high-priority
updates are available through the Windows Update Web site and include security updates, critical
updates, or service packs.

When you turn on Automatic Updates, you don't have to search for updates online or worry that
critical fixes might be missing. Windows automatically downloads and installs them for you, using a

Page | 107
A Beginners Approach to Windows

schedule that you determine. If you prefer to download and install updates yourself, you can also
set up Automatic Updates to notify you whenever any high-priority updates become available. Here
you can also turn off Automatic Updates which is not advisable though since your computer will
remain vulnerable to malicious programs and hackers. You can manually check for updates on the
Windows update website by clicking on the Windows Update Website link. Windows updates are
taken from http://windowsupdate.microsoft.com/

The last tab of System Properties is called Remote, which allows you to configure options for
Remote Assistance. To allow Remote Assistance connections select the Allow Remote Assistance
invitations to …… option. Click on the Remote Assistance link to open Help and Support Center
with information on Remote Assistance. You can set the maximum amount of time invitations to be
open from your computer by clicking on Advanced. Remote Assistance enables a person in another
location to connect to your computer from another computer running a compatible operating
system, such as Microsoft Windows XP, and walk you through your solution. After the person is
connected, he or she will be able to view your computer screen and chat online with you in real time
about what you both see. With your permission, he or she can even use his or her mouse and
keyboard to work with you on your computer. If you are working on a corporate or local area
network, firewalls might stop you from using Remote Assistance. In this case, check with your
network administrator before using Remote Assistance.

You can also open System Properties by going to Start >> Run and by typing sysdm.cpl followed
by a carriage return or by giving an right click on My Computer and selecting Properties.

V.15: Taskbar & Start Menu

The Taskbar and Start Menu properties dialog is used to change settings of the Windows start
menu and the taskbar. It can also be opened by selecting properties from the right click menu of the
Taskbar or Start button. You can change the display of the start menu, hide the clock, customize
the notification area and a lot more things.

The Taskbar and Start Menu properties dialog has two tabs. The first one called the Taskbar has
options to configure the taskbar in general. You can change the Taskbar appearance by selecting
or deselecting the options available here. You can Lock the taskbar at its current position on the
desktop so that it cannot be moved and automatically also lock any toolbar present on the taskbar
like the Quick Launch etc so that it cannot be changed. You can also Auto-hide the taskbar. To
redisplay the taskbar, point to the area of the screen where the taskbar is located. You can also
Keep the taskbar on top of other windows so that it is always visible when you maximize program
windows. If the Auto-hide taskbar option is selected and you want to be sure that your taskbar will
be visible whenever you point to it, select the Keep the taskbar on top of other windows checkbox.
Similar program documents can be grouped by selecting the Group similar taskbar buttons. This
will cause taskbar buttons opened by the same program to be displayed in the same location of the
taskbar. The Windows XP taskbar has the additional property that if many windows are opened by
the same program and if space is unavailable on the taskbar then it collects all common program
windows into a group button. Clicking on this group button allows you to access any document you
want. You can even close all documents by just giving a right-click Close Group on the taskbar
button. You can hide the Quick Launch by removing the check against the Show Quick Launch
option. The clock in the Notification Area (system tray) can be removed by de-selecting the Show
the clock option in the Notification area frame. You can even hide unused icons in the notification
area. To customize each icon in the notification are click on Customize. In the Customize
Notifications dialog that opens you can select Behavior of individual items and set them to Hide
when inactive, Always hide or Always show. Click on Apply to save changes.

Page | 108
A Beginners Approach to Windows

Taskbar and Start Menu Properties - Print Screen 5.12

The second tab is the Start Menu tab which allows you to change the way the Start menu appears
or behaves. You can select the type of Start menu you want to have, you have the option of
selecting the Windows XP Start menu or the Classic Start menu. Select a start menu type and click
on customize to modify it. The Windows XP Start menu can be customized by having large icons or
small ones for programs. You can even change the number of recently used programs that are
displayed in the Start menu (the default is 6). You can even clear the list to start afresh. Clearing
items does not delete the original program. Under the Advanced tab of the Customize dialog you
can enable or disable start menu items and clear recent documents. You can make Windows
highlight newly installed programs by selecting the Highlight newly installed programs option.

The Classic Start Menu can be customized by selecting it and clicking on Customize. You can Add
shortcuts to programs or files on your machine. You can even remove currently installed Start Menu
program folders. Just click on remove, select a start menu folder from the list and click on Remove.
Clicking on Advanced will open up the Start Menu folder in explorer view. The Start menu folder is
actually the %Homepath%\Start Menu folder which is specific for every user that logs on. Using
the Advanced button you can add individual folders, shortcuts or files to the Start menu. You can
sort the contents of the Start menu by clicking on Sort. This rearranges the items on the Programs
list in the Start menu so that they are displayed in the default order. You can even clear the recent
Documents cache by clicking on Clear. Clearing does not delete the documents that have been
cleared. You can have Administrative Tools, Run and Favorites to be displayed in the Start menu
by selecting the appropriate option from the Advanced Start menu options box. Click on Apply to
save changes. Click on OK to save changes & exit.

V.16: Sounds and Audio Devices (mmsys.cpl)

The Sounds and Audio Devices properties dialog allows you to change system sound and audio
properties of your audio hardware. Many settings under this dialog are specific to the hardware
installed on your computer. The common ones are covered below. Using the Sounds and Audio

Page | 109
A Beginners Approach to Windows

Devices properties dialog of Control Panel, you can configure the system volume, adjust vocals,
specify Startup and Shutdown music, change audio recording hardware and configure other audio

The Sounds and Audio Devices Properties dialog has 5 tabs. The first tab called Volume has
options to configure the systems volume in general. Here you will see a slider that controls the
Device volume. You can even Mute the volume on your computer here. Select the Place volume
icon in the taskbar option to place the volume control icon in the system tray. You can use it to
control volume for different devices on the system including the microphone, CD player, the Line In
and the SW Synthesizer. Click on Advanced in the Device volume frame to see the volume control
that will be accessible through the system tray. Next you have Speaker settings; click on Speaker
Volume to adjust the volume levels for the speakers attached to your computer. Click on Advanced
to select speakers, adjust audio playback features and apply sound effects to your audio playback.
Under the Advanced Audio Properties available through the Advanced button, select a speaker
setup that best matches your PCs speaker configuration. Under the Performance tab of the
Advanced Audio Properties, keep the Hardware acceleration and Sample rate conversion quality to
Full and Best respectively. If you are having problems with your computer‘s audio hardware (hissing
noise or pinging of the speakers) then lower these two parameters. This has to be done only for
error correction purposes. Click on Apply to save changes.

 An audio file on the basic level can be of two types; one called stereo and the other
called mono. Stereo files have audio in both the channels (left and right) with or without
different volumes whereas mono files just have a single channel.

Sounds and Audio Properties - Print Screen 5.13

The next tab is the Sounds tab which allows you to apply sound schemes to Windows events. A
sound scheme is a set of sounds applied to events in Windows and programs. Here you can select
an existing scheme and save or delete modified schemes. To change sounds for a certain Windows
event, select it from the event list and then select a sound from the Sounds drop down menu. You
can even Browse for a *.wav file of your choice. You can use the small play button located between
the Browse button and the drop down menu to play and listen to the audio file selected. All the

Page | 110
A Beginners Approach to Windows

audio files mentioned in the drop down list are found in the %systemroot%\Media folder. If you want
to select a *.wav file of your choice see that you don‘t select a file whose size is larger than around
2.7 MB and whose duration is not more than 60 seconds.

The third tab, called the Audio tab, allows you to select the Default devices for audio playback,
audio recording and MIDI music playback. You can select each of these hardware from the drop
down list which displays all available hardware of the selected type. Click on Advanced to display
advanced audio properties for devices listed. Clicking on Volume will open up volume controls
which can be adjusted to obtain optimal audio output from your hardware. MIDI stands for Musical
Instrument Digital Interface and is audio in frame format. MIDI files do not have channels or
synthesizable audio information but consists of sounds that are produced by computer hardware
like beeps of various frequencies. Video games (like Mario) used MIDI files as audio.

The fourth tab is the Voice tab that allows you to configure your audio device for Voice playback
and Voice recording. These two options are very much the same as those that were configured in
the previous page for Sound playback and Sound recording respectively. Additional here is the
option to Test hardware your audio devices. Click on it to start the Sound Hardware Test Wizard.

The last tab, called Hardware, shows all the audio hardware and compression and decompression
(codecs) software connected to the computer and functioning. If you are having problems with your
computer‘s sound hardware, click on the Troubleshoot button to start a Windows troubleshooter.
Click on Properties to see the properties of the item selected in the list. Click on Apply to save
settings and click on OK to save & exit.

V.17: User Accounts (nusrmgr.cpl)

The Control Panel User Accounts is used to change, add or modify users on a given Windows XP
system. User Accounts provides an easy to use interface to create and modify users. When you
start User Accounts, you are greeted with the General Tasks page (although not specified
anywhere) where you can pick listed tasks like Change an account, Create a new account or you
can Change the way users log on or off. When you click on Change an account, you will be
displayed all the accounts that exist on your computer; you can then click on the corresponding
username to change details. Click on Create a new account to create a new account. Type a name
for the account. Take care that the name cannot be the name of your computer and it cannot be
"Guest‖ or ―Administrator‖ or that of a user already present. This name will appear on the Welcome
Screen and on the Start menu. Click on Next after you type the name. You will be then asked if you
would want this account to be an Administrator account or a Limited account. Administrators have
full and complete control over a computer. On the other hand, Limited users have several
restrictions. You can change the way users log on or off by clicking on the link with precisely the
same name. Using the Welcome Screen is the best and most interactive way of logging in to a
Windows XP system. You can also enable Fast User Switching which allows you to use the Switch
User button on the logoff menu (Start >> Log off %Username% >> Switch User). This option allows
you to login into some other account without logging off from your own.

 You can optionally press the Start button + L (Win Key + L) to switch User.

Unselect the Use the Welcome screen option to use the Windows 2000 style of logging in. This can
be considered an option in cases where security is a factor, since using this option does not show
all the users of the machine and logging in becomes difficult unless and until you know the
username which has to be typed in the Username field. Click on Apply options to save changes.

Page | 111
A Beginners Approach to Windows

User Accounts - Print Screen 5.14

To change individual properties for users or to assign passwords or memberships, click on the
Username whose properties you want to change. You can then change your name, create a
password, change the display picture, change your account type or setup your account to use a
.NET Passport. You cannot rename your account to that of another existing user or Guest or
Administrator, nor can you rename your account to your computer name. You can create a
password as well as a password hint so that you don‘t forget the password and simultaneously
nobody else knows about it. Good passwords should contain both letters as well as numbers and
should be at least 10 characters in length. Remember that if you are using a password hint, it is
visible to everyone who uses the computer. So keep a hint which nobody else other than you
should link it with the password. After you have created a password you will be asked whether you
would want to make your files and folders private. Selecting Yes, Make Private will cause the entire
%Homepath% folders and subfolders to be locked to users with limited accounts. This means that
they will not be able to gain access to your Desktop, My Documents or any other %Homepath%
folder. You can change the display picture to a variety of images available by default or you can
even select your own by clicking on Browse for more pictures. Click on Change Picture to save
settings. You can even open the Themes tab of Display Properties from here by clicking on Change
the computer theme from the Related Tasks pane on the left. If there exist more than 2
administrators on a computer (the main Administrator account is hidden by default and is visible
only when you start your computer through Safe Mode) then you can change any other account to
a Limited from an Administrator or vice versa. Click on Change Account Type to commit any
changes. The last option allows you to add a .NET Passport to your Windows XP user account.
Follow the on screen instructions in the Wizard to have your .NET Passport up and functional in no
time. You should be connected to the internet to complete this task. User Accounts also shows you
the passwords that are stored on for Network Resources and websites. Click on Manage my
network passwords to change or modify entries. Just select an entry and click on Properties.

Page | 112
A Beginners Approach to Windows

You can turn on the Guest account by selecting the Guest account under Change an account and
then select Turn on the Guest Account. You cannot give a password to the Guest account nor can
you rename it.

Sometimes it may so happen that you may forget your password and there is no hint. To prevent
such occurrences, you can create a Password reset disk using the Forgotten Password Wizard.
You can then change your password at the login screen itself using the Password reset floppy.
Deleting your own account is a small trick employing the fact that there should be at least one user
who is an Administrator. Just login through the other account and delete your account. The same is
the case with deleting your any account. Windows will ask you whether you would want to keep his
or her files.

The Control Panel, as mentioned earlier, is an executable in the system32 folder of Windows.
Whenever you open a Control Panel item its respective .cpl is run as an argument to the control.exe
and from here some other Windows process like rundll32.exe or explorer take over and completes
the request. For example, when you open Internet Options through Control Panel, what Windows
receives is ―control.exe inetcpl.cpl‖ after which rundll32.exe is called by Control.exe and the Internet
Properties is displayed. Rundll32.exe is an executable in the system32 folder that runs dll files as if
they were executables. We know that many of the processes and applications that are found
running or can be run are either in the .exe, .scr, .bat, .com, .cmd or .vbs format. Dlls were known to
us as Dynamic Link Libraries containing functions and additional data that is required by the
executable. Some dll can be run like an executable which is done by the rundll32.exe program.
There are some inbuilt arguments in control.exe which when passed to the main program will open
the respective item. Below is a list of some of them. You can type the entire thing in the run box and
check for yourself:

 Control scannercamera --- opens the scanners and cameras explorer window.
 Control folders --- opens folder options.
 Control netconnections --- opens the Network Connections explorer window.
 Control schedtasks --- opens scheduled tasks window.
 Control admintools --- opens Administrative Tools.
 Control fonts --- opens fonts explorer window.
 Control printers --- opens printers window.
 Control userpasswords2 --- this opens the hidden User accounts of Windows XP. This is
the Windows 2000 User Accounts dialog.
 Control userpasswords --- opens up the Windows XP User Accounts.
 Control telephony --- opens the Phone & Modem options (if available)
 Control keyboard --- opens up keyboard properties.
 Control mouse --- opens up mouse properties.
 Control international --- opens Regional and Language options.
 Control ports --- opens up System Properties with the Computer name tab selected.
 Control date/time --- opens the Date/Time properties.
 Control color --- opens up Display Properties with the Screensaver tab selected.
 Control desktop --- opens up the display properties with the Themes (default) tab selected.

For example go to Start >> Run and type ―control admintools‖ without the quotes to open the
Administrative Tools.

Try out the various Control Panel Applets to obtain a fully customized Windows XP machine.

Page | 113
A Beginners Approach to Windows


1. Make all the drives accessible from C:\ drive through folders like D Drive, E Drive etc.

2. Convert the AM and PM to MA and MP respectively.

3. Create an environment variable (user) to open the Windows Product Activation wizard by
using the variable ACT.

4. Record your voice and save it as Audio1.wav. Now make it as your Windows XP startup

Page | 114
A Beginners Approach to Windows

DOS Prompt – The Powerful Cmd.exe

In this chapter you will learn about some of the most common commands of the Windows DOS
prompt. We shall concentrate more on the more efficient cmd of Windows NT systems.

After this chapter the reader should be able to:
 Explain the Windows command prompt and its usage.
 Differentiate between command.com and cmd.exe.
 Use the various commands of cmd to perform various everyday tasks.

Page | 115
A Beginners Approach to Windows

Windows on its own can handle most of its input output requests and other normal functions, but
some processes like disk checking during startup and some older programs require the command
prompt to run. Especially programs written in C or C++ were made specific to older Operating
systems. In older versions of Windows, the DOS (Disk Operating System) was loaded first and then
explorer (the Windows shell) was called over it. In Windows XP and Windows 2000 systems, the
command prompt processor can be launched over on top of NT for a console session. The terms
cmd.exe and DOS will be used interchangeably unless exclusively specified.

VI.1: The DOS Prompt

The term DOS prompt is broadly referred to both cmd.exe as well as command.com. Cmd.exe is
a file found in %systemroot%\system32 folder same is the case for command.com. In Windows 98
systems, command.com is found in C:\Windows\system folder.Windows 98 does not have cmd.exe.
While older Windows versions started the DOS environment first and then started the Windows
explorer shell, the same is not the case for Windows XP and 2000 systems. Windows XP has been
built with an independent mode of access for the command.com and other 16 bit files.

Cmd.exe is a full blown 32 bit command interpreter of Windows. To start cmd.exe, go to Start >>
Run and type cmd and press enter. This variant of the command interpreter has many advantages
over its ancestor command.com. We shall see some of them in the pages to come. Windows XP
and 2000 run 32 bit programs with ease. Cmd.exe runs most programs if executed through it. Some
older programs may have to be run in compatibility mode and thus would require command.com.
Command.com is called by cmd.exe as and when required. Another useful feature of cmd.exe is
the ability to complete paths or program locations using the Tab button. If for example you press
the Tab button at the cmd prompt when your current working directory is C:\Windows then you will
be presented with the folder names or file names present in that folder. This feature saves your
typing energy…. Not just that path completion enables you to correctly use folder or file names if
they are more than 8 characters in length or if they have a space in them. Longer file or folder
names can be used by including a double inverted comma (―) before and after the path. For
example if you are currently in C: drive and you wish to access you‘re My Documents folder through
Documents and Settings then you can type:

C:\>cd "Documents and Settings\Neo\My Documents"

You don‘t even have to type the whole thing, just type the first one or two letters of Documents and
Settings (Doc for example) and press TAB, the path will be completed. Then add a slash (\) and
press TAB again, repeat till you reach your destination.

The same would not work for command.com. Another big advantage of using cmd.exe over
command.com is that you can copy text from the prompt to any text editor by right clicking on the
prompt screen and selecting mark which enables the copier of the window, then select the text that
you want to copy as you would in a normal text file and press Enter to copy or select it from the
right click menu of the Title bar through Edit. Command.com also provides the copy and paste
option but it is restricted under Windows XP and 2000 and it is available only through the Title bar
and not through the screen. In command.com filenames are terminated after the sixth character
and are replaced by a ~1. Long filenames are not supported by command.com For example if you
were to change in to the Documents and Settings directory in C: drive the command would be:

C:\>cd Docume~1

Instead of:

C:\>cd ―Documents and Settings‖

Page | 116
A Beginners Approach to Windows

This can cause a lot of problems in programs that rely on path and address locations for

Another advantage of cmd.exe is that it hardly relies on ntvdm.exe unlike command.com which
calls ntvdm.exe to generate the DOS environment. The problem with this is that if a program
unexpectedly goes into an infinite loop or hangs due to some error then ntvdm.exe uses almost 99
percent of your CPU strength thus almost freezing entire Windows. Ending this mess is a mess in
itself since it brings up the End Task dialog instead of closing like cmd.exe which can be closed by
using the close button on the Title bar.

Some keyboard shortcuts specified by Doskey that enable faster usage of the cmd.exe are:
 UP and DOWN ARROWS recall commands
 ESC clears command line
 F7 displays command history
 ALT+F7 clears command history
 F8 searches command history
 F9 selects a command by number

Cmd.exe and command.com parse a command in almost a similar fashion. Whenever a command
is entered at the prompt by us followed by a carriage return, cmd.exe and command.com check to
see if it is internal or an external command and then the execution takes place. Internal commands
are inbuilt into DOS. Commands like copy, dir, del and cls are inbuilt into DOS. There are some
commands which are actually programs that are kept in the Windows directory and which can be
run from the prompt as a command. Commands like format, scandisk, telnet and net are external
commands. So whenever we give a DOS command, either internal or external cmd.exe executes it
by first checking if it is internal. If no internal command matches then it checks to see if it is an
external command and then it executes it. If none is the case then an error is displayed. If an
external program matches the name of an internal command, DOS does not even bother to check if
it exists or not and always executes the internal command.

Cmd.exe - Print Screen 6.1

The DOS environment has several commands; in fact any program can be regarded as a command
to cmd.exe. We shall see some of the internal commands of cmd.exe and some commonly used
external commands like format etc. in the following pages.

Page | 117
A Beginners Approach to Windows

VI.2: Console Commands

As mentioned earlier, commands are divided into internal and external. But we shall make no
differentiation here since only those commands have been explained which will be helpful in the
next chapter and which are easy for the novice user to grasp. To get a full list and to see the
overview of cmd.exe go to Start >> Run and type the following:

hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm

You will get a list of many common commands supported by DOS if you type Help at the prompt.
More information can be obtained for a single command by typing the command name followed by
a /?. The following list has been edited and expanded to give it a more meaningful read. Some
commands may be missing here but you may find them in the cmd help list. To start cmd.exe or
command.com, go to Start >> Run and type cmd or command and press enter.

Displays or modifies file extension associations. You can use this command to change or add
new file extensions and the default program to associate with it. Standard usage is of the form
assoc [.xxx = [fileType]], where xxx is a new or existing file extension. When used without any
parameters, the command displays all the extensions registered on the current computer. You
can also use the assoc command to view individual file associations like assoc .jpg. For
example, to register a new file extension .mp8 which let us assume is a music file and we would
want Winamp to open it then assoc .mp8=Winamp.File will do. To check it type assoc .mp8.

Displays or changes file attributes. Attributes of a file or folder include hidden, read-only, system
and archive. For example if you have a folder named Test in your C:\ drive and you wish to hide
and set it to read only plus you wish to remove the archive attribute and disable system attribute
then attrib +R +H –S –A C:\Test will do. Here +R, +H specify that read only and hidden attributes
should be set and the –S and –A arguments specify that the folder should not be archived nor
should it be a system folder. Remember a hidden & system attributed file becomes a superhidden

Sets or clears extended CTRL+C checking. The break command is used extensively in batch files
to give user control wherein the user will see a message prompting him to Press any key to
continue…The user can stop the batch file execution by pressing Ctrl + C. This is a standard
key combination to halt a command execution. Like for example if you type dir at the prompt
when you are in the system32 folder the list that scrolls by is huge and if you wish to break out of
it then you can press Ctrl + C.

Displays or modifies Access Control Lists (ACLs) of files. This is an external command, a
program that you will find in the system32 directory called cacls.exe. Works only on NTFS drives.
Access lists is a special feature of NTFS drives that prevents users from accessing folders or files
even when they are visible right on the desktop. Users will get an Access is denied error. Usage
is simple, assume you have a folder in your D: drive called Test in which all your important
documents are present. Then to deny access to this folder you can type at the prompt cacls
D:\Test /d everyone. This command modifies the ACL of the folder to deny access to the user
group everyone. To grant access to everyone use cacls D:\Test /g everyone:F. The F
parameter specifies that the group everyone should be given full access. The other parameters
available are N for None, R for Read only, W for Write permissions and C for change permissions
(same as W). The group everyone can be also replaced by a specific user or a localgroup. To see
the users or groups on your computer, type net users or net localgroup at the command

Page | 118
A Beginners Approach to Windows

Remember that access lists differ for different OSs hence a folder locked in Windows XP Home
Edition may not open in Windows XP Professional Edition. Even sometimes the reverse cacls
does not work and you will get an Access is denied message when attempting to Unlock a folder
locked by cacls. You can create another folder inside D:\Test and then use cacls on D:\Test. This
will allow you to access your data inside the newly created folder inside D:\Test by typing the full
path in the address bar of any explorer window or in the Run box and since only you will be
knowing the full path, your data is still safe.

Calls one batch program from another. Particularly useful in batch file programming. General
syntax is call [full batch file path] [arguments if any]. After execution of the other batch file
control is passed back to the original file from which the call command was given. Call can also
be used to run a program since all programs are treated as external commands. So you could
also have something like call C:\Windows\explorer.exe which will open My Documents in
explorer view.

Displays the name of or changes the current directory. Most common of all commands, this
command is used to change the current working directory to the one specified after the cd
command. Usage is cd [directory name] if the directory is a sub folder of the current directory.
You have to use the full path including the drive letter if the directory is somewhere else. Assume
your current working directory is C:\Windows and you want to change to
D:\Projects\Books\Chapters then you will have to type the full path along with cd; cd
D:\Projects\Books\Chapters will change your directory to D:\Projects\Books\Chapters. The
asterisk wildcard is supported to some extent. Like if you have two directories in D: drive called
Best and Test then you can change your current working directory from D:\ drive to Test by
typing cd Te*. DOS will change the directory to the first available directory satisfying Te* (Test in
this case). If you want to change back to the parent directory then you can use cd .. to change
back. To change back to the drive root use cd \. Long file names with spaces have to be
enclosed in quotes (if extensions are disabled). For example if you are working in C:\ drive and
you wish to change to the Start menu folder of All users then type:
cd “Documents and Settings\All Users\Start Menu\‖
If you are working in D:\drive and if you wish to change to the above folder then this command
may not work, you will have to specify cd to change even the drive by passing a /D parameter
along with the full path including the drive letter in inverted commas.
cd /D “C:\Documents and Settings\All Users\Start Menu\”. To enable command prompt
extensions type cmd.exe /E:ON in the run box.

Displays or sets the active code page number. chcp [xxx] where xxx specifies a code page
number. Type chcp without a parameter to display the active code page number.

Checks a disk and displays a status report. Chkdsk is an external command found as a program
in system32 folder as chkdsk.exe. Syntax of usage is
chkdsk [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/L:size]]
where volume specifies the drive letter (followed by a colon e.g. C:), filename: specifies the files
to check for fragmentation (FAT/FAT32 drives only), /F fixes errors on the disk, /V displays the full
path and name of every file on the disk (FAT/FAT32 drives only) whereas on NTFS drives
displays cleanup messages if any, /R locates bad sectors and recovers readable information
(implies /F), /L:size changes the log file size to the specified number of kilobytes, if size is not
specified, chkdsk displays current size (NTFS only), /X forces the volume to dismount first if
necessary. All opened handles to the volume would then be invalid (implies /F).

Page | 119
A Beginners Approach to Windows

Displays or modifies the checking of disk at boot time. Using this command you can specify the
drive to be checked at the next boot. Use chkntfs /C [drive name with colon] to make Windows
check if the drive is dirty. If the drive is found to be dirty then chkdsk is called and it checks the
drive. To restore default no check values type chkntfs /D at the prompt. To see current status of
a drive type chkntfs [drive name with colon].

Clears the screen. Type cls and press enter.

Starts a new instance of the Windows command interpreter. You can start cmd.exe with several
parameters. Syntax is
cmd [/A | /U] [/Q] [/T:bf] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [[/C | /K] string]
where /C carries out the command specified by string and then terminates, /K carries out the
command specified by string but remains active, /Q turns echo off, /A causes the output of
internal commands to a pipe or file to be ANSI, /U causes the output of internal commands to a
pipe or file to be Unicode, /T:bf sets the background/foreground colors (see the color command
below), /E:ON enable command extensions, /E:OFF disable command extensions, /F:ON enable
file and directory name completion characters using the Tab key, /F:OFF disable file and directory
name completion characters

Sets the default console foreground and background colors. color [BF]. BF specifies the color
code. B for background and F for the foreground text. These codes are hex digits that can be any
of the following values:

0 = Black 8 = Gray
1 = Blue 9 = Light Blue
2 = Green A = Light Green
3 = Aqua B = Light Aqua
4 = Red C = Light Red
5 = Purple D = Light Purple
6 = Yellow E = Light Yellow
7 = White F = Bright White
If no argument is given, this command restores the color to what it was when cmd.exe started.
This value either comes from the current console window, the /T command line switch or from the
DefaultColor registry value. You cannot give the foreground and background to have the same
color. For example: color 4F produces red on bright white.

Compares the contents of two files or sets of files. The general syntax is
comp [file1] [file2] [/D] [/A] [/L] [/N=number] [/C]
where file1 specifies location and name of first file to compare, file2 specifies location and name
of second file to compare, /D displays differences in decimal format, /A displays differences in
ASCII characters, /L displays line numbers for differences, /N=number compares only the first
specified number of lines in each file, /C disregards case of ASCII letters when comparing files.
Wildcards are supported for filenames.

Displays or alters the compression of files on NTFS partitions. The general syntax is:
compact [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename [...]]
where /C compresses the specified files. Directories will be marked so that files added afterward
will be compressed. /U uncompresses the specified files. Directories will be marked so that files
added afterward will not be compressed. /S performs the specified operation on files in the given
directory and all subdirectories. Default "dir" is the current directory. /A displays files with the

Page | 120
A Beginners Approach to Windows

hidden or system attributes. These files are omitted by default. /I continues performing the
specified operation even after errors have occurred. By default, compact stops when an error is
encountered. /F forces the compress operation on all specified files, even those which are
already compressed. Already-compressed files are skipped by default. /Q reports only the most
essential information. Filename specifies a file or directory. When executed without parameters,
compact displays the compression state of the current directory and any files it contains.

Converts FAT volumes to NTFS. You cannot convert the current drive. If you wish to convert
your D: drive from FAT32 to NTFS then convert D:\ /FS:NTFS /X will do. Here D:\ is the name of
the drive you wish to convert, FS:NTFS tells DOS to convert the file system on D: drive to NTFS.
The /X parameter forces the volume to dismount first if necessary. All opened handles to the
volume would then be invalid.

Copies one or more files to another location. The common syntax is copy [source file]
[destination] /Y. Copy will prompt if a file exists with the same name as that being copied in the
destination directory. By using the /Y parameter, Windows will overwrite without asking the user.

Displays or sets the date. When used without any parameters, date shows the current day and
date in the format Sun 03/12/2006 which is day MM/DD/YYYY. It will also prompt you to enter a
new date, which you can ignore by pressing an enter. If command extensions are enabled then
you can use date /T to just display date.

Deletes one or more files. The common syntax is
del [/P] [/F] [/S] [/Q] names
erase [/P] [/F] [/S] [/Q] names
where names specifies a list of one or more files or directories. Wildcards may be used to delete
multiple files. If a directory is specified, all files within the directory will be deleted. /P prompts for
confirmation before deleting each file. /F force deleting of read-only files. /S delete specified files
from all subdirectories. /Q quiet mode, do not ask if ok to delete on global wildcard. For example if
you wish to delete the contents of multiple folders like D:\Test, D:\Test2, D:\Test3 and so on
containing read only files without asking you then del /F /Q D:\Tes* will do the job.

Displays a list of files and subdirectories in a directory. Common syntax is:
dir [drive:][path][filename] [/B] [/C] [/D] [/L] [/P] [/Q] [/S] [/W] [/X] [/4]
where [drive:][path][filename] specifies drive, directory, and/or files to list. /B uses bare format
(no heading information or summary). /C display the thousand separator in file sizes. This is the
default. Use /-C to disable display of separator. /D same as wide but files are list sorted by
column. /L uses lowercase file and folder names to be displayed. /P pauses after each screenful
of information, practically useful if you are in a system32 like directory and you have given a dir
command. /Q display the owner of the file, shows all the users who have access to the file or
folder. /S displays files in specified directory and all subdirectories. /W uses wide list format to
display directory contents. /X this displays the short names generated for non-8.3 file names. The
format is that of /N with the short name inserted before the long name. If no short name is
present, blanks are displayed in its place. Used for compatibility between command.com and
cmd.exe. /4 displays four-digit years. Wildcards are also supported. That is if you want to see the
listing of only those files that have the characters est in them then you can use *est* in the
filename. For example if you want to see the directory listing of C:\Windows system32\ of files or
folders having de in their names, in wide format with short names (DOS ~1 style) along with full
directory listing without any extra information and pause after every screen pass then dir
C:\Windows\system32\*de* /p /w /x /b will do.

Page | 121
A Beginners Approach to Windows

Compares the contents of two floppy disks. This command is used to compre the contents of two
floppy drives only. You should have two floppy drives installed on your computer and the syntax
is: diskcomp [drive1: [drive2:]].

Copies the contents of one floppy disk to another. The general syntax of this command is
diskcopy [drive1: [drive2:]] [/V]. Here /V verifies that the information is copied correctly. The
two floppy disks must be the same type. That is if drive1 is 1.44 MB 3 ½ inch drive then drive 2
should also meet the same specification.

Displays messages, or turns command echoing on or off. Echo is extensively used in batch files
to display messages on the command prompt screen. Using echo without any parameters
displays the current status of the echo command whether it is off or on. You can even set the
state of the echo command by using echo ON or echo OFF at the prompt. To display Hello on
the screen type echo Hello. If the message constitutes spaces then enclose the entire message
in quotes.

Quits cmd.exe program (command interpreter). Closes the program an returns control to
Searches for a text string in a file or files. Useful when searching for text in binary text files. The
syntax of the find command is:
find [/V] [/C] [/N] [/I] "string" [[drive:][path]filename[ ...]]
where /V displays all lines NOT containing the specified string. /C displays only the count of lines
containing the string. /N displays line numbers with the displayed lines. /I ignores the case of
characters when searching for the string. "string" specifies the text string to find.
[drive:][path]filename specifies a file or files to search.

Formats a disk for use with Windows. The most commonly used parameter and syntax of the
format command is:
format volume [/FS:file-system] [/V:label] [/Q] [/C] [/X]
where volume specifies the drive letter followed by a colon. /FS:filesystem specifies the type of
the file system (FAT, FAT32, or NTFS). /V:label specifies the volume label. /Q performs a quick
format. /C files created on the new volume will be compressed by default (NTFS only). /X forces
the volume to dismount first if necessary. All opened handles to the volume would no longer be
valid. To quick format a floppy with a New label type format a: /q /v:New.

Provides Help information for Windows commands. To see more information about any other
command type help [command name] or command name followed by a /?. For example to see
the help for the echo command type echo /?.

Creates, changes, or deletes the volume label of a disk. Use the label command to change the
label of the current drive by typing label [label name]. For some other drive type label [drive:]
[label name]. Using label without parameters causes cmd to display current drive label and
prompts you if you would like to enter a new volume label.

Creates a directory. The general syntax is mkdir [drive:]path and md [drive:]path. If the
intermediate path does not exist and if command extensions are enabled, then mkdir creates the

Page | 122
A Beginners Approach to Windows

intermediate folders required. For example if you wish to create a folder in
D:\Project\Books\Chapters\Complete called Final and if the none of the folders exist (Project,
Books, Chapters and Complete) then these are automatically created by mkdir.

Displays output one screen at a time. This command can be used to read files. The most
commonly used arguments are more /S /C /Tx [drive:][path]filemname where, /S causes
multiple blank lines to be squeezed into a single line. /C clears the screen before showing the
output. /Tx causes tabs to be expanded to x spaces. The default is 8 spaces. The
[drive:][path]filemname is the full path of the file that has to be read. You can even open
executables although the garbage will be incomprehensible.

Moves one or more files from one directory to another directory. The general syntax is move /Y
[full path of file1][full path of file2][….] [destination path]. The /Y argument disables
prompting of confirmation if there is a destination file that will be overwritten. If you are moving
just one file then you can even rename it after moving it to the destination folder by giving a
filename after the destination argument.

Displays or sets a search path for executable files. Whenever you type an executable program
name at the prompt, cmd.exe searches some default locations for the file. Common locations
include %systemroot%, %systemroot\system32\ etc. You can add more locations to this list by
using the path command. The common syntax is
path [[drive:]path; [[drive:]path2; [[drive:]path3; %path%
Type path ; to clear all search-path settings and direct cmd.exe to search only in the current
directory. Including %path% in the new path setting causes the old path to be updated to the new
setting. Type path without parameters to display the current path.

Suspends processing of a batch program and displays the message Press any key to continue

Prints a text file. The general syntax is print [/D:device] [[drive:][path]filename[...]] where
/D:device specifies a print device.

Changes the Windows command prompt. The syntax is prompt [text]. The text could be
anything of normal characters and/or of the following special codes.
$A & (Ampersand)
$B | (pipe)
$C ( (Left parenthesis)
$D Current date
$E Escape code (ASCII code 27)
$F ) (Right parenthesis)
$G > (greater-than sign)
$H Backspace (erases previous character)
$L < (less-than sign)
$N Current drive
$P Current drive and path
$Q = (equal sign)
$S (space)
$T Current time
$V Windows XP version number
$_ Carriage return and linefeed

Page | 123
A Beginners Approach to Windows

$$ $ (dollar sign)
For example if you wish to convert the normal D:\> prompt of cmd to something unique then try
prompt $D [%username%]$G. Since my username is Cipher this command gave me a prompt
that showed Sun 03/12/2006 Cipher>. Play around with it to find more.

Removes or deletes a directory. The syntax is simple:
rmdir [/S] [/Q] [drive:]path
rd [/S] [/Q] [drive:]path
where /S removes all directories and files in the specified directory in addition to the directory
itself. Used to remove a directory tree. /Q quiet mode, do not ask if ok to remove a directory tree
with /S.

Recovers readable information from a bad or defective disk. This command is mostly used to
recover information from bad floppy disks. General syntax is recover [drive:][path]filename.
Data cannot be recovered if your partitions are active or are being used by Windows.

Records comments (remarks) in batch files. General syntax is rem [comment]. The comment is
not displayed when preceded by the rem command. Analogous to // or /*comment*/ of C and

Renames a file or files. The syntax is same for both the commands:
rename [drive:][path]filename1 filename2
ren [drive:][path]filename1 filename2
where filename1 is the file you wish to rename and filename2 is the new name that you wish to
give. The new filename should be complete with extensions (if any). Note that you cannot specify
a new drive or path for your destination file.

Starts a separate window to run a specified program or command. Start without any argument
starts another instance of cmd.exe.
start ["title"] [path] [/MIN] [/MAX] [/SEPARATE | /SHARED] [/LOW | /NORMAL | /HIGH |
where, path is starting directory, MIN start window minimized, MAX start window maximized,
SEPARATE start 16-bit Windows program in separate memory space, SHARED start 16-bit
Windows program in shared memory space, LOW start application in the IDLE priority class,
NORMAL start application in the NORMAL priority class, HIGH start application in the HIGH
priority class, REALTIME start application in the REALTIME priority class, ABOVENORMAL start
application in the ABOVENORMAL priority class, BELOWNORMAL start application in the
BELOWNORMAL priority class, WAIT start application and wait for it to terminate,
command/program specifies application or batch file to run. If it is an internal cmd command or
a batch file then the command processor is run with the /K switch to cmd.exe. This means that
the window will remain after the command has been run. If it is not an internal cmd command or
batch file then it is a program and will run as either a windowed application or a console
application. Parameters these are the parameters passed to the command/program.

Associates a path with a drive letter. This command creates a drive in My Computer for the folder
specified. The syntax is subst [virtual drive letter:] [[drive:]\path] where, virtual drive letter is
an unassigned drive letter in My Computer and drive:\path is the folder whose image you want to
make in the virtual drive letter. Practically useful if you have a folder deep nested inside like
D:\Project Works\Books\A Beginner's Approach to Windows\Chapters\Completed\. You can

Page | 124
A Beginners Approach to Windows

then create a drive pointing to this folder by typing subst K: D:\Project Works\Books\A
Beginner's Approach to Windows\ Chapters\Completed\. To delete an existing virtual drive
type subst [virtual drive letter:] /D. To see all existing virtual drives type subst without any

Displays or sets the time. When used without any parameters, time shows the current time in the
format 18:39:29.39 which is HH:MM:SS:milliseconds. It will also prompt you to enter a new
time, which you can ignore by pressing an enter. If command extensions are enabled then you
can use time /T to just display the time in the format 06:41 PM.

Sets the window title for the command prompt window. General syntax is title [string] where,
string specifies the title for the command prompt window.

Graphically displays the directory structure of a drive or path in the form of a tree. This command
can be used with two arguments. The general syntax is tree [drive:][path] [/F] [/A] where, /F
display the names of the files in each folder. /A use ASCII text instead of extended characters. To
see the tree structure of the current directory and sub directories just type tree without any path or

Displays the contents of a text file. General usage is type [drive:][path]filename.

Displays the Windows version. Type ver without any parameters to view your Windows version.

Tells Windows whether to verify that your files are written correctly to a disk. Type verify without
a parameter to display the current VERIFY setting. Verify can be turned on or off by giving verify
ON | OFF at the prompt.

Displays the disk volume label and serial number, if they exist. The syntax is vol [drive:]

Copies files and directory trees. Xcopy stands for extended copy mode of cmd.exe. The general
syntax of usage is:
xcopy source [destination] [/A | /M] [/D[:mm-dd-yy]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L]
[/G] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z]
where, source specifies the file(s) to copy, destination specifies the location and/or name of new
files, /A copies only files with the archive attribute set, doesn't change the attribute. /M copies
only files with the archive attribute set, turns off the archive attribute. /D:mm-dd-yy copies files
changed on or after the specified date. If no date is given, copies only those files whose source
time is newer than the destination time. /P prompts you before creating each destination file. /S
copies directories and subdirectories except empty ones. /E copies directories and subdirectories,
including empty ones. /V verifies each new file. /W prompts you to press a key before copying. /C
continues copying even if errors occur. /I if destination does not exist and copying more than one
file, assumes that destination must be a directory. /Q does not display file names while copying.
/F displays full source and destination file names while copying. /L displays files that would be
copied. /G allows the copying of encrypted files to destination that does not support encryption. /H
copies hidden and system files also. /R overwrites read-only files. /T creates directory structure,
but does not copy files. Does not include empty directories or subdirectories. /T /E includes empty
directories and subdirectories. /U copies only files that already exist in destination. /K copies

Page | 125
A Beginners Approach to Windows

attributes. Normal Xcopy will reset read-only attributes. /N copies using the generated short
names. /O copies file ownership and ACL information. /X copies file audit settings (implies /O). /Y
suppresses prompting to confirm you want to overwrite an existing destination file. /-Y causes
prompting to confirm you want to overwrite an existing destination file. /Z copies networked files in
restartable mode.

If for example you wish to copy hidden read only database files to another directory which has
similar files with the same name then you can use xcopy D:\Databases\*.dbf “D:\New
Databases\Databases\Extras\” /C /O /Y /R /H

One thing known to very few Windows users is the ability of a cmd.exe command output to be
redirected to another command or to a file on the hard disk. This is practically useful if you want the
directory listing of some folder that has got several sub folders inside and you wish to take a print of
this. The operator used is called the output redirection operator given by >. For example if you
wish to take a print of the output of dir C:\Windows\system32\ then you can redirect the directory
listing from the screen to a text file like this: dir > D:\dirlist.txt. Then you can open the file and read
for yourself. If the file dirlist.txt exist then the contents are overwritten, if it does not exist then it is
created. There is also a double output redirection operator ( >> ) that enables output of a
command to be appended to an existing file instead of overwriting it as is the case with the single
output redirection operator. Thus you can have dir D:\Projects\ >> dirlist.txt which will append the
output of the directory listing of D:\Projects to dirlist.txt.

Just like we have output redirection operators for redirecting output, we also have a input
redirection operator ( < ) to redirect input. For example the format command requires users to
press ENTER to start the format, ENTER again for no label and N to say No to format another
floppy. All this can be combined in a text file. Let us call it abc.txt. The contents of this file should
be two Enters and an N. The file should look like this:

Input Redirection - Print Screen 6.2

Don‘t press enter after N, just save the file in a convenient location. Then you can start cmd.exe
and type format a:/q < abc.txt. Remember, your current working directory should be the same as
the folder where your abc.txt file is saved. So it would be more convenient to store the file at the
root of your drive. Any drive would do. You‘ll love it this way…..

Piping is an interesting concept. Piping combines both the input and output redirection operators
and is used to redirect the output of a command to another command. An excellent example would

echo y | del *.tmp

This command will cause y to be echoed to the screen but will be piped to the del command which
prompts for a yes (Y) or no (N) when using without the /Q argument. Thus this command will delete
all temporary files in the current working directory without asking the user.

Page | 126
A Beginners Approach to Windows


1. Make Windows check your D: drive for errors at startup.

2. Start cmd.exe at system startup with the background color as blue and the foreground
color as white.

3. Create a drive in My Computer for C:\Windows.

4. Redirect the Output of tree to a text file in your D: drive by name tree.txt and open it in
notepad. Then open the file in cmd.exe and view the contents in both.

Page | 127
A Beginners Approach to Windows

Batch Files & Scripts

In this chapter we shall see the importance and usage of batch file scripting. Although not directly
related to the Windows GUI environment, batch files can be used to perform several day to day
things in a quick and untiring manner. You should read the previous chapter on DOS commands to
take full advantage of this chapter.

After this chapter the reader should be able to:
 Understand the importance of batch files.
 Write simple batch programs using common DOS commands.
 Write complicated loops using FOR and IF and other conditional statements.
 Redirect program output to files on the disk or to other batch programs.
 Write several programs that will ease your Windows usage.

Page | 128
A Beginners Approach to Windows

Programming has become a hobby for many computer users. Industries worldwide are searching
for programmers who can cut through the worst logical problems and provide simple solutions. Let
us take a step into this reality. For those who are still in the Neolithic Age, let me explain what
programming actually is. Many a times problems crop up that require an automated solution since
providing manual interference every time becomes mundane and time consuming. For example
suppose, a company pays its employees on the 2 of every month. Now salaries are derived on
the basis of employee work hours, post and other company policies. If the company is huge then
calculating each of the 5000 odd employee salaries could well require another department in the
company. To automate the entire process, a computer program could be written that could take the
employee number (for ease of input), post and other policies depending on the company as input
and print out the pay check out on paper for each and every employee.

Many users will wonder as to how Windows by itself can be used for programming. Well as we saw
in the last chapter, cmd.exe provides several commands that can be used to create a powerful
environment to write and execute simple scripts and batch programs. This chapter will cover the art
of programming with batch files. It‘s fun more than serious study. After this chapter you should be
able to write your own innovative and time saving programs.

Take note that the term scripts and programs are used exchangingly in the context limited to
batch files and batch programming. This chapter should mark your starting step into the
programming world.

VII.1: Batch Files

Like every programming language has support for their environment specific files, same is the case
with batch files. Files with a .c and .cpp are source code files of C and C++ respectively and same
is the case with .pl files which are extensions of Perl script source code files. Programming with
batch files is not hardcore programming as seen with other languages. Other languages allow you
to create variables, create and destroy memory references, allocate memory dynamically and
manipulate the system. But same is not the case with batch files. Batch files just contain cmd.exe
commands that are executed line by line through cmd.exe. Batch files generally are of two types.
One type has the normal .bat extension and the other has the .cmd extension. Batch files can be
run just as any other executable file that is by double clicking on them. Whenever a batch file is run,
Windows checks for the extension of the file and then calls cmd.exe to execute the commands
contained within the file. Cmd.exe opens the file, reads the first line and then closes the file and if
the line is a valid command, cmd.exe then executes the command and, updates the cmd.exe
address pointer to the second line, opens the file, reads and closes the file, executes the command,
and this procedure is repeated till end of file is reached or a exit statement is met on the way.

All valid cmd.exe commands can be used in batch files. This includes all external, internal and
program commands. You can run other batch files from within one batch file by using call or start
commands. Note that batch files are considered to be internal DOS commands.

 While creating a batch file, keep in mind that the batch file name is not the same as
another cmd command. For example if you have a batch file with the name of dir.bat
and if you try to execute it at the prompt, then cmd.exe will give the directory listing of
the directory instead of running the batch file. To run the batch file in such a case you
will have to type the entire file name at the prompt i.e. C:\> dir.bat which of course is

So how do I create a batch file in the first place? Since batch files are just text files containing
cmd.exe commands with a .bat extension, you can create them using any text editor. The best
option however is notepad. So open notepad by going to Start >> Run >> notepad. No matter what

Page | 129
A Beginners Approach to Windows

you type, just remember to give the file a .bat extension. This can be done in notepad in the Save
dialog box. In notepad go to File >> Save. In the file name box, type a name for the batch file with a
.bat extension and in the Save as type, select All files from the drop down list and then click on
Save to save the file. It is worth noting that batch files can be run from the command prompt or from
the Run dialog box through Start.

Let us create our first simple batch file which will open your D: drive. Open notepad and type the
following and save it with a .bat extension. Name it as something like d.bat.

chdir D:
explorer d:

Let us study this file line by line. The first line tells DOS to change the current working directory
from whatever it was to D: drive. This is unnecessary since explorer can be run from anywhere.
Anyways, the second line tells cmd.exe to launch explorer with D: drive as an argument. Explorer
can be run without its .exe extension; this is automatically added by cmd. The next line tells cmd to
clear the DOS screen and the final line exits the prompt. The basic motive of the batch file was to
open D: drive in explorer. All other lines can be dropped and your batch file could as well look
something like this:

explorer D:

It would still work. One thing you may have become aware of is that, you should be in the same
directory as the batch file to execute it. The task of changing to the directory containing the batch
files can become very boring. An alternative (and the best practice) would be to save all batch files
in a single folder, something like C:\Batch would do. Then you can direct cmd and Windows to look
for the batch file in the directory by default. This can be done by adding the folder C:\Batch to the
system variable Path. Open System Properties and under the Advanced tab click on Environment
Variables. In the Environment Variables dialog, search for the System Variable called Path. Select
it and click on Edit. Add the name of the folder whose contents you want Windows and cmd to run
without entering the whole path or changing current directories, preceded by a ―;‖. So finally the
path variable should contain the following


This will run the batch file from anywhere. You just have to type the name of the batch file at the
prompt or at run. The best place for executing a batch file is through the command prompt because
the prompt will show the output of the batch file and stay on the screen, otherwise the case with the
Run style of batch file execution is that the command prompt will be visible till execution and then
close irrespective of whether an exit command was included in the batch file. Open command
prompt and just type d and press Enter. Explorer should open the D: drive. Another useful batch file
would be the one having the exit command. Open notepad and type exit and save the file as a
batch file with the name q.bat. Save it in the directory whose address is mentioned in the Path
variable. Now whenever you wish to exit the command prompt just type q instead of exit.

Let us see some of the most widely and commonly used commands in batch files. Most of the DOS
commands that we saw in the previous chapter have not been included to avoid redundancy.

The REM command
The Remark command is used to enter comments in your batch file. If you have created a big
batch file with lots of complicated loops and commands then by using the REM command you can
make any user understand what the code does, if the user is reading the code. Whatever is typed
after the REM command is not even displayed on screen. Hence you can have as many lines of

Page | 130
A Beginners Approach to Windows

explanation in the batch file without them being displayed on screen. The only thing that you have
to bear in mind is not to add many remarks, since this will cause the program execution to slow
down. Another thing is that REM commands are usually used for batch files that are large. You
should, as a programmer‘s practice, not add REM for small programs.

The REM command is analogous to the /* comment */ of C, // of C++ and „ of Visual Basic.

Example: REM This is an example to change the current drive to D: drive
REM that cleared the screen
REM that changes the drive
REM Closes cmd.exe and returns control to shell.

If the REM command still displays the comments on screen then you can precede the REM
command by an @ symbol which will prevent the command from displaying on the screen, yet get
executed. So the program may have to look like the following snippet for it to work properly.
@REM This is an example to change the current drive to D: drive
@REM that clears the screen
@REM that changes the drive
@REM Closes cmd.exe and returns control to shell.

The Echo command
The Echo command is used to display comments on the screen or to give user an idea what the
batch file is doing. You may argue that you can remove the REM command and just keep the
comments, but cmd.exe will interpret them as commands and give an error saying that the
comment, whatever it may be, is not an internal or external command in DOS. The echo command
is what printf is to C and cout is to C++. Any thing written after the echo command will cause it to
be displayed on the screen. It is true that batch programs display all commands they are executing
but sometimes they are not enough and it is better to also insert ECHO commands, which give a
better description of what is presently being done.

Example: @REM Program to copy mp3 files from D: drive to C: drive.
Echo Program to copy mp3 files from D:\Music to C:\Music
Echo Copyright © 2005-06
xcopy D:\Music\*.mp3 C:\Music /Y /I
Echo All files have been successfully copied
Echo Thank you for using this program.

Execute this file and see the output. The file is saved in the root of D: drive and has been named


D:\>Echo Program to copy mp3 files from D:\Music to C:\Music
Program to copy mp3 files from D:\Music to C:\Music

D:\>Echo Copyright © 2005-06
Copyright © 2005-06

Page | 131
A Beginners Approach to Windows

D:\>xcopy D:\Music\*.mp3 C:\Music /Y /I
3 File(s) copied

D:\>Echo All files have been successfully copied
All files have been successfully copied

D:\>Echo No file was overwritten.

D:\>Echo Thank you for using this program.
Thank you for using this program.

Here Echo has to be set off before beginning with the program so that the Echo command itself is
not displayed but instead whatever it has to display should be shown on screen. So just type Echo
off at the beginning of the batch file to prevent echo from being displayed. Furthermore to prevent
Echo Off itself from being displayed, use the @ symbol to suppress output but still continue
execution. So your final program should look something like this.

@Echo off
@REM Program to copy mp3 files from D: drive to C: drive
Echo Program to copy mp3 files from D:\Music to C:\Music
Echo Copyright © 2005-06
xcopy D:\Music\*.mp3 C:\Music /Y /I
Echo All files have been successfully copied
Echo Thank you for using this program.

The output for this program will be:

Program to copy mp3 files from D:\Music to C:\Music
Copyright © 2005-06
3 File(s) copied
All files have been successfully copied
Thank you for using this program.

Now that looks neat. For those who are wondering what arguments were passed to xcopy; the /Y
was to suppress the confirmation whether to overwrite and the /I was to force xcopy to believe that
C:\Music is a directory and not an extensionless file.

To display a blank line in the output you can use a blank line in the batch file which is equivalent to
an Enter or you can use the Echo command with a dot (Echo.)

The Pause command
The Pause command is used to halt program execution for an indefinite period until and unless
an user intervenes and presses a key on the keyboard. The program can be terminated at pause
command by pressing Ctrl + C or Ctrl + Break. The Pause command in short gives the user time

Page | 132
A Beginners Approach to Windows

to react and cancel the batch program if he wishes to. You can also use the Break command to do
the same thing.

Example: @Echo Off
@REM Example of Pause command.
Echo Alert!!
Echo This will delete all temporary files from your temp folder.
Echo Press Ctrl + C to stop execution
Del %temp%\*.*
Echo Files have been deleted. Thank you for using our service.

When you execute this file at the prompt and press Ctrl + C, you will get the following output. The
file is saved in the root of D: drive and has been named tempdel:


This will delete all temporary files from your temp folder.
Press Ctrl + C to stop execution
Press any key to continue . . .
Terminate batch job (Y/N)? y


In the other case if you press Enter or any other key then the output changes accordingly:

This will delete all temporary files from your temp folder.
Press Ctrl + C to stop execution
Press any key to continue . . .
Files have been deleted. Thank you for using our service.


The Call and Start command
The Call and Start command basically do the same thing, calling of external programs or other
batch files from within one batch file. The syntax is call %name_of_file%. The file could be another
executable or a batch file in the same directory or in a directory recognized in the path variable.
The start syntax is somewhat confusing; start “” “%name_of_file” arg. A blank ―‖ is necessary
otherwise you cannot pass arguments if any to the program. See this example for further

Example: @echo off
@rem example of Call and start
Echo This program will call explorer to open D: drive.
Call explorer D:
Echo This program will also start another session of cmd.exe with colors
Start "" "cmd.exe" /T:AF

Page | 133
A Beginners Approach to Windows

In this code the blank quotes (―‖) after the start command allow cmd.exe to accept the /T:0E
argument that colors the new cmd with yellow and black. As already mentioned we can call another
batch file also from within a batch file. Let us try calling mp3copier from the previous section
through this file. The code will change accordingly.

@echo off
@rem example of Call and start
Echo This program will call the batch file mp3copier.bat.
Call mp3copier
Echo This program will also start another session of cmd.exe with colors
Start "" "cmd.exe" /T:AF

There is absolutely no need of giving the .bat extension for mp3copier, since cmd.exe checks to
see if there is an internal command, external command or any program from a directory defined in
the path variable. Mp3copier.bat executes and returns control to the original batch file.

The GoTo command
The GoTo command is used for branching purposes. Using the GoTo command we can jump to
another section of the batch file and then continue execution in that part and then if we want to
return back use another goto statement and jump back to the location from where you had jumped.
The Goto command is always used with a label. This label is the location where the control is
transferred as soon as the Goto command with that specific label is encountered. Labels are
always written beginning with a colon : and then the label. Hence the general syntax is GoTo Label
where label is defined somewhere later in the program.

Example: @echo off
@rem example of Goto
Echo This program will call explorer and then use GoTo to jump to another
location then return back using another Goto and finally exit.
Call explorer D:
Goto local
Call sol
Call spider
Echo control has reached here after jumping.
Del %temp%\*.* /Q
Echo Press Ctrl + C to end batch file completely.
Goto back

This code is pretty much self explanatory, but anyways let me make it simpler. Explorer is called
without any arguments causing My Documents to open. And then the GoTo statement is
encountered which causes the program execution to transfer to the label local which has been
declared just after the exit command. This causes all files from the temporary folder to be deleted
upon pressing of any key. If you press Ctrl + C here then the program is terminated completely
without going to the Goto back statement. When you continue, the program execution gets
transferred to the back label declared below the GoTo local statement which continues program
execution and opens Solitaire and Spider Solitaire and finally exits the cmd.exe prompt.

Page | 134
A Beginners Approach to Windows

There is no uppercase or lowercase specifications in cmd.exe as far as commands are considered.
This means that GoTo is the same as goto, GOTO, goto or Goto.

VII.2: Passing Arguments

An Argument, as we have seen for several programs, is additional information that allows us to
manipulate the program itself. The best example that I can come up with is Explorer.exe. When run
without any arguments, explorer opens up My Documents, but you can always pass one of your
drive letters with a colon to open the respective drive or any folder for that matter on your hard disk.
We can also create batch files that can take in external parameters and use them in their execution.
In many scripts and programming languages we find that the % character is used to obtain external
parameters. Even in the Windows registry, as you will see later, the % character has been used to
pass the name of a file or location as an argument. The same applies to cmd.exe. It can read up to
9 external arguments passed from a batch file to the executing command. To make it more clear let
us see an example.

@Echo off
Echo %1 %2

Save this file as d.bat or something simple like that and then at the prompt type the two arguments
that the batch file is supposed to take.

D:\>d Hello World

This will print Hello World on the screen. %1 is replaced by Hello and %2 by World. If the number
of arguments passed to the batch files exceeds then what is needed by the batch file then the
remaining arguments are just dropped. If a file takes arguments and if none is passed then the
command at which the argument was due to be used will give an error or will complete in a way not
anticipated. The following batch file will make it clear.

@Echo off
Format %1: /q

This batch file when run with an argument of A will ask you to insert a new disk in drive A (floppy
drive) to quick format it. Now if no argument is specified then the program will give an Invalid Drive
Specification error.

D:\>d A
Insert new disk for drive A:
and press ENTER when ready...

Now if no argument is passed, the output changes to:

Invalid drive specification.

There is a command called Shift that is shown in the help of cmd.exe but was not explained in the
previous chapter for a very honest reason. To know the working of shift you have to understand
what arguments are and how they are used to give batch files information; which is what you have
achieved in this chapter. Shift is used to shift the position of replaceable parameters in batch files.
Now suppose you wish to pass more than 9 arguments to a batch file (I wouldn‘t understand why
though) then you can use the same argument character (%1) as many number of times as you
want by shifting the value. An example should make it clear. Let us modify the previous Hello world
program to make it clear. Note the argument characters in the program.

Page | 135
A Beginners Approach to Windows

@Echo off
Echo %1
Echo %1

At the prompt type the two arguments that the batch file is supposed to take.

D:\>d Hello World

This will print Hello World on two lines by using the same argument character that is %1. The thing
that cmd.exe does here is that Hello is printed out and then it is shifted to %2, since %2 is not
present, Hello is dropped completely and World is moved into %1.

D:\>d Hello World


Thus using the shift command in a batch file you can pass as any number of arguments as you
want and still run the program. The only thing to bear in mind is the execution time of the batch
program may reduce due to generic calculation of arguments passed and mutual transfer amongst
variable characters, so as far as possible try using not more than 9 arguments.

VII.3: FOR Loops & IF Branching

If you want to perform a certain set of instructions over and over again without having to write them
every time you want to perform them, you can use the FOR loop. The syntax of the FOR loop is
slightly confusing and I will try to make it as clear as possible.

The syntax is:
FOR %%Variable IN (set) DO command
The Variable is a single character except 0-9 and set are the values that are assigned to the
variable and command is the command that cmd.exe has to execute whenever a value from set is
assigned to the variable. An example will make this clear.

@Echo off
FOR %%P IN (C:\, D:\, D:\Music\) DO DIR %%P

This command will cause the values in the set to be copied to %P, one by one and execute the Dir
Command with the value in %P. The two %% are to be used since cmd.exe deletes one instance of
the %. If you are using the ‗for loop‘ in the prompt (not through a batch file) then you can use a
single %. Anyways, coming back to this program, this FOR loop will cause dir to display the
directory listing of C: drive, then the directory listing of D: drive and then of the D:\Music folder.

Another example of the FOR loop is given below:

@Echo off
FOR %%A IN (*.mp3, *.xls, *.txt, *.jpg) DO XCOPY D:\Data\%%A C:\Test\ /I /Y

This FOR loop will first copy all the mp3 files from the D:\Data\ folder to C:\Test overwriting any
previously present files of the same name. Then when all mp3 files have been copied, the for loop

Page | 136
A Beginners Approach to Windows

copies *.xls into %A and then xcopy copies all the Excel files present in the folder to C:\Test, then
the for loop gets updated and then copies text files and finally all picture files into the C:\Test folder.

The FOR loop can be made more intelligent by allowing the user to pass external arguments and
using these arguments in the set of the FOR loop. An example is shown below:

@Echo off
Echo This program takes three arguments from the user and the uses the FOR loop to
copy the files specified by the argument.
Echo The user has specified the following three extensions to copy: %1 %2 %3
FOR %%S IN (%%1, %%2, %%3) DO XCOPY D:\Data\%%S C:\Test\ /I /Y

Save the file with a simple name, something like ext.bat will do. At the prompt type the following

D:\>ext *.bmp *.mp3 *.doc

The arguments when used within a FOR loop should also have two % for compatibility. The above
command at the prompt will cause all *.bmp files from the D:\Data\ directory to the C:\Test\ directory
then the FOR loop will copy all mp3 files and then finally all word documents are copied. The /I
switch for xcopy causes xcopy to assume C:\Test is a directory and the /Y as you‘ll know
suppresses confirmation whether to overwrite existing files.

Sometimes it may so happen that you want to check some condition is true or false or some value
and then proceed with the next line of execution. In this situation, the IF branching method comes
as a life saver. Using an IF statement you can cause the execution to be transferred to anywhere in
the program or continue as it is. The general working of an IF statement is:

If (condition = TRUE)
do this command
exit loop (or do anything else)
do this
exit loop (or do anything else)

The IF condition can be used for checking the values of a variable and then proceed accordingly.
Along with the normal comparing of variable (strings), the IF command can also be used to check
for the existence of files.

An important use of the IF statement is in the checking of file existence or availability. The IF
statement can be written in a way that will allow the program to check if a particular file exists and
then perform the next execution accordingly. The general syntax of this command is

IF [NOT] EXIST filename command

We can check for the availability of a file and then perform a command. An example will make it

IF EXIST C:\Windows\Explorer.exe Echo The Windows shell exists.

Page | 137
A Beginners Approach to Windows

When executed, this IF statement will check if the file Explorer.exe exists and then echo ―The
Windows shell exists‖ on to the screen. If on some weird unnatural Windows computer this file did
not exist then this command would not display anything. You can then combine an Else with the IF
statement to complete the logic in the code. Remember that the IF and Else have to be on the
same line and the command part has to be enclosed in brackets. Let us modify the above example
itself and check the result. Better still let us write a batch file with the complete source code.

@echo off
IF EXIST C:\Windows\Explorer.exe (Echo The Windows shell exists) ELSE (Echo No

Now when you run this batch file at the prompt, the program will output ―The Windows Shell exists‖.
Modify the code and change the explorer.exe to something like xplorer.exe and then run the batch
file, you will get ―No shell‖ as the program output.

The syntax also has a NOT EXIST extension that is just the opposite of EXIST and can be used to
run a command if the condition becomes false.

We saw methods of checking for files, but what about folders? The IF command can also be used
to check if folders exist or not. Windows considers that every folder has a default file that gives the
address of the folder. This file is named as a . (dot). Thus if you modify the IF EXIST command to
include the path of the folder with its dot file then the IF statement can be used to check for
existence of the folder. An example will make it more clear.

@echo off
IF EXIST C:\Windows\. (Echo Folder Exists) ELSE (Echo No Such folder)

The IF statement can also be combined with the GOTO command or for that matter any command.
GOTO allows you to transfer control of instructions in a way defined by the user. The IF statement
could check for the existence of files or folders and then jump to a sub routine kind of thing that will
consist of instructions that have to be executed if the conditions are met. Another example here:

@echo off
IF EXIST C:\Music\Cher-Believe.mp3 (GOTO FOUND) ELSE (Echo No Such file)
xcopy G:\Cher\Cher-Believe.mp3 C:\Music\ /I
del %temp%\*.tmp
Echo The Song exists
Echo Now the program will exit

The above program is very much self explanatory but anyways I‘ll do my work. The program checks
if the file C:\Music\Cher-Believe.mp3 exists or not, if it does not exist then the program echoes that
there is no such file and then copies the same file from the CD ROM drive (assuming G: drive) to
your C:\Music folder. Then the batch program deletes all temporary files from the temporary folder
and then exits. On the other hand if the file exists then the execution is transferred to the label
:FOUND and then execution continues from the label onwards. Prompt then echoes that the song
exists and then exits after giving you a chance to see the output.

The other use of the IF statement is to compare two strings, either passed as an argument or
internal commands. The syntax is

Page | 138
A Beginners Approach to Windows

IF [NOT] string1 == string2 command

Most of the time this statement is used to compare arguments passed to the batch file and then
execute a set of commands by using straight commands or the GOTO label method. An example
will make it clearer. Create a batch file with the following and which takes one argument. Call the
file disk.bat or something like that.

@echo off
IF %1 == dfg (GOTO DEFRAG) ELSE (Echo Invalid Argument)
defrag C: -a

Run the batch file with either of the two parameters i.e. chk or dfg.

D:\>disk dfg

This will cause the program to compare the argument with chk (which is false) and then with dfg
(which is true) which causes the program execution to jump to the :DEFRAG label. Here the
program calls defrag.exe to analyse the C: drive (-a argument to defrag.exe) and then waits for you
to see the output and the exits upon any keystroke. The same is the case if the chk argument is
passed which causes the program execution to jump to :DISKCHECK label and then execute
chkdsk for the current drive and then wait and exit. If no argument or anything other than chk and
dfg are passed then the program gives an Invalid Argument error and then exits.

VII.4: Examples

We have seen many commands that can be employed to write several simple programs to ease
everyday Windows tasks. Let us see some examples in the following section.

Program to start an application depending on the argument passed:
The following batch file takes in one argument which is a number which corresponds to an
application in the program.

@echo off
Echo Game Selection Program
Echo 1. Solitaire
Echo 2. Spider Solitaire

Page | 139
A Beginners Approach to Windows


This program may sometimes give an ―GOTO was unexpected here‖ error. But that depends on the
OS that you have. Pass 1 as an argument to start Solitaire and 2 to start Spider solitaire.

Program to check what OS you have installed:
This is a very generic example. In that sense this program will check for some files found only on
typical OSs. For example regedt32.exe is not found on Windows 98 and so. This program will
check and work for three Operating Systems, Windows XP, Windows 2000 and Windows 98.

@echo off
IF EXIST %systemroot%\system32\regedt32.exe (GOTO NT) ELSE GOTO NONNT
IF EXIST %systemdrive%\Winnt\. (Echo Windows 2000) ELSE Echo Windows XP
IF NOT EXIST %systemrooot%\system32\. Echo Windows 98

This program first checks to see if regedt32 is there in the system32 folder, if it is there (which is the
case with all NT systems) then control is transferred to the instruction after the :NT label. Then the
program checks if the %systemroot% directory is Windows or Winnt, upon which an output is given
that it is Windows XP or Windows 2000 respectively. If in the first case regedt32 was not found then
we can be sure that it is not Windows XP or Windows 2000, but to perform one more check the
program checks to see if the system32 folder is present (which is absent in Windows 98) and then
echoes a message saying the system is Windows 98 if it is not found.

Program to copy files specified by user:
This is a modification of a program already included somewhere above. This program will copy files
of extension type passed as arguments to the following batch file.

@echo off
REM to copy 2 types of files.
Mkdir D:\Backup
xcopy C:\Data\%1 D:\Backup\ /I /Y
xcopy C:\Data\%1 D:\Backup\ /I /Y
echo File Copying Complete

This program is pretty much self explanatory. Pass two file extensions as arguments. This program
creates a directory called Backup in D: drive. And then copies the files or all files that have been
passed with wildcards (*.mp3) into this newly created directory.

Page | 140
A Beginners Approach to Windows

Program to check if a file exists and then run applications:
This program uses the IF exist statement to check for file existence and then runs a program
associated with it. The programs may or may not have a relation with the file that exists.

@echo off
IF EXIST D:\Test.mp3 (GOTO FOUND) ELSE regedit
shutdown –s –t 60

This program will shutdown the computer if Test.mp3 exists, if it does not then the Registry Editor is
started. You can include other programs instead of the ones that I have specified.

Program to erase all traces of your computer usage:
The following batch file will erase all your computer usage history at the next login. To work at every
login you have to place this file at system startup either through startup Program Files or through
the registry.

@echo off
del %temp%\*.* /Q
del Recent /Q
Echo All Files deleted
Echo Nobody knows what you did.

Two locations have been utilized the Recent documents and the temporary folder. You can modify
the code accordingly to erase Internet History too.

Use Batch File Programming judiciously or you may end up deleting unexpected files through
wildcards or something. Batch File Programming will hopefully form your base for other extended
programming languages like C, C++, Java & Visual Basic. Understanding the logic is more
important than the construct. If you figure out the logic, you can well write a program in any number
of ways you want. Logic and Programming Language Syntax should someday enable you to write
your own OS …

Page | 141
A Beginners Approach to Windows

Windows Safe Mode

In this chapter we shall see the importance of the Windows Safe Mode. The Administrator account
which is usually available only through Safe Mode will be used for most of the corrections that have
to be done. Different Safe Modes have also been covered, which include Safe Mode with command
prompt and Safe Mode with Networking.

After this chapter the reader should be able to:
 Start the computer in Safe Mode.
 Use System Restore through Safe Mode to correct problems.

Page | 142
A Beginners Approach to Windows

The Windows Safe Mode has been in Windows right through Windows 95 and provides a secure
and safe environment to correct Windows problems. Using Safe Mode you can remove viruses,
correct hardware problems, resolve conflicting software issues, use system restore to rollback your
system to another time and do a lot more. The Safe Mode of Windows 98 and Windows XP differ
on several levels. Both the variants are explained in the text to follow. In general the Windows Safe
Mode is used to diagnose and correct several common hardware as well as software issues. Before
formatting your system out of frustration try the Safe Mode while following this chapter.

VIII.1: What is the Safe Mode?

A very good question by a newbie. The existence of a Safe Environment in Windows is just a vague
idea by many users and the question of why would they want to use the Safe Mode is another story
altogether. If you are unable to start your computer, or if your computer crashes frequently or if your
computer has suddenly become very slow or if your display, sound or any other hardware is giving
problems then you can rely on Safe Mode and use it to get your PC on the tracks once again. The
basic idea of Safe Mode is to start Windows with the least device drivers needed to start the
computer without any hang-ups. Windows disables startup programs and nonessential services to
create an environment useful for troubleshooting and diagnosing problems. Windows starts a
minimal set of drivers that the operating system needs to function.

Explaining it technically, Windows XP can start the Safe Mode in three configurations, one is the
normal Safe Mode, the second one is the Safe Mode with command prompt (cmd.exe) as the shell
and the last one is the Safe Mode with Networking. There is no much difference in the startup of
these three types though. Windows starts the computer with minimal hardware drivers and software
that is necessary to make the computer start. Hence you will not be able to hear any audio or see
any videos properly. Your printer will not work nor will your several other devices that work when
Windows starts normally.

To start Windows in Safe Mode, do one of the following:
 Press F8 on the Operating System select menu.
 If this menu can‘t be seen (single OS systems) then press F8 just after the BIOS post. This
is the time when your computer gives a beep and the lights on your keyboard glow on and
off for a fraction of a second.

If your computer failed to start successfully in an attempt previously made then you will get the
recovery options screen which has an option to start Windows in Safe Mode. You can still start
Windows normally by selecting the option from this menu. Windows always keeps a record of the
most recent successful restore point. This record can be used to boot your PC by selecting the Last
Known Good Configuration option.

The essential drivers and system services enabled in safe mode include the following:
 Drivers for serial or PS/2 mouse devices, standard keyboards, hard disks, CD-ROM drives,
and standard VGA devices. Your system BIOS must support universal serial bus (USB)
mouse and USB keyboard devices in order for you to use these input devices in safe mode.
You can enable or disable USB devices through the BIOS as and when the need arises
 System services for the Event Log, Plug and Play, remote procedure calls (RPCs), and
Logical Disk Manager.

Windows 98 starts Safe Mode in its own way, since there are no well defined users on a Windows
98 system it starts in the default user‘s configuration. The autoexec.bat and config.sys files are not
run. Also the system.ini file is not parsed, instead a file called system.cb is created and used which
loads the drivers needed for Windows 98 to communicate with the various parts of the computer.
The Windows desktop loads up in 16 colors and at a resolution of 640 x 480 with the words "Safe
Mode" in each corner. Windows 98 Safe Mode starts up automatically if a successful boot could not

Page | 143
A Beginners Approach to Windows

be completed unlike Windows XP where you have to select Safe Mode from the options listed at

If Windows XP boots properly through the Safe Mode then you can be sure that the problem was
caused by one of the drivers or programs that were being loaded during normal system startup. If
you had installed any new hardware or software after which your Windows started giving problems,
then you can use the Safe Mode to uninstall or disable hardware through the Device Manager.

As we have already seen, Windows XP creates an Administrator account during installation which
is usually not available if you have any other account enabled. The Administrator account can be
accessed through the Safe Mode as it becomes visible and you can select it from the Logon
screen. Although this account will have the same functionality as a normal administrator account on
your computer, you can still use it as an alternative if your account itself is having a problem or your
%userprofile% folder and files within have gone haywire. You can then login using this account and
delete your account and create a fresh account for yourself. Remember to copy all your
important files and folders from the My Documents folder and paste them somewhere else.

VIII.2: Safe Mode & Other Startup Options

When you press F8 at system startup you will be greeted by the Windows Advanced Options menu
which allows you to start your computer in Safe Mode, Enable Boot Logging, Enable VGA mode,
Debugging mode and the Last Known Good Configuration. The general description of each of these
modes is included here:

Safe Mode: Loads the minimum set of device drivers and system services required to start
Windows. User specific startup programs do not run.

Safe Mode with Networking: Starts Windows XP with minimal drivers and services required for
network connectivity. Safe mode with networking enables logging on to the network, logon scripts,
security, and Group Policy settings. Nonessential services and startup programs not related to
networking do not run.

Safe Mode with Command Prompt: Exactly same as the normal Safe Mode except that the
Windows shell, explorer.exe, is not started, instead the application listed under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot in the registry as an
AlternateShell, is started. Usually it is cmd.exe. You can change it to anything you require, though I
wouldn‘t understand why such a need would ever arise. In case you wanted to start the GUI
environment of Windows, you can simply type explorer.exe at the command prompt and start

Enable Boot Logging: An interesting and option which allows you to start Windows normally while
simultaneously recording startup information like loaded drivers etc. This option creates a log file
(Ntbtlog.txt) in the %systemroot% folder, which contains the file names and status of all drivers
loaded into memory during startup. This option is the same as starting your computer with the
/BOOTLOG switch in the boot.ini file.

Enable VGA Mode: A very important option if your graphics card or monitor is giving problems.
This option starts the computer in standard VGA mode by using the current video driver. This option
helps you recover from distorted video displays caused by using incorrect settings for the display
adapter or monitor. This option can be used to correct problems like the common Out of frequency
error of monitors.

Last Known Good Configuration: Starts the computer with the registry and driver configuration in
use that had allowed the computer to start successfully the last time it was up and running.

Page | 144
A Beginners Approach to Windows

Debugging Mode: Starts Windows in Kernel Debugger Mode, which allows you to use a kernel
debugger or an external kernel dump reader for troubleshooting and system analysis.

Start Windows normally: Starts Windows in normal mode.

Reboot: Restarts the computer.

Whenever you start the computer in safe mode (whichever combination), Windows will ask you
whether you want to use the System Restore functionality to restore your system to a more stable
time. System Restore in safe mode usually solves most of the problems that a Windows user can
normally face. You cannot create System Restore points under safe mode.

Often the only way to correctly remove certain persistent virus and spyware programs is to run your
system in safe mode. Many forms of malicious software will protect or reinstall themselves
constantly if they are allowed to start in the first place. These programs will situate themselves in
one of the many autorun locations in the Windows XP registry and file structure, so when Windows
is started normally, so is the offending software, running as a process in the background. When you
start the PC in safe mode, these autorun locations are not used, and no software is started
automatically. This can allow virus and spyware removal programs the opportunity they need to
correctly and completely remove the malicious software. If you are having virus or spyware
problems on your PC, you should always run antivirus and anti-spyware programs in safe mode to
ensure that they have maximum effect.

Device Driver RollBack & Uninstall - Print Screen 8.1

If you have installed any new device like a modem or a printer etc and now you cannot boot or your
system restarts frequently or shows you the blue stop screen, then you can start your PC in safe
mode and disable these devices. To do this first start your PC in safe mode then right click on ‗My
Computer‘ select ‗Manage‘. In the Computer Management console select ‗Device Manager‘. In the
right hand pane right click on the device that you have just installed and select Disable from the
context menu. Now restart your PC through the Start menu. The next time you start your PC,
Windows will skip the particular device during startup. Do not disable devices that are essential for
the system to work properly. The same is true if you have updated the hardware drivers and now

Page | 145
A Beginners Approach to Windows

the system refuses to start normally. Then you can start your computer in Safe Mode and then
attempt a roll-back of the driver. Roll-back means that Windows will uninstall the current driver and
then reinstall the older driver automatically. To do this start your computer in safe mode, right click
on My Computer and select manage. Open Device Manager through the Computer Management
console. In the right hand pane, right click on the device for which you have installed new drivers
and select Properties. Under the driver tab of the Properties dialog of the device click on Roll Back
Driver. If there are no drivers backed up by Windows then it will ask you whether you want to start
the Windows troubleshooter. You can select Yes and follow the onscreen instructions to correct any
possible device conflict (Print Screen 8.1).

If your PC boots normally into Safe Mode but does not boot normal Windows, then most likely than
not, you are having a software issue. The cause could either be hardware driver or a program that
you have installed (or which has got installed without your knowledge). To determine what is
causing the failure, examine carefully the way the crash or hang occurs. If the system crashes
before the Windows Interface appears (before the Logon Screen) then it is most likely a hardware
driver related issue. If the system becomes extremely slow or crashes after you logon, then most
likely that you have a startup program that is the nuisance.

If you are not sure which driver is causing the hang or crash, you can use the Windows XP built-in
File Signature Checker to check for files that don‘t have a digital signature. If you do have a driver
issue, it's likely to be because that particular driver has not been properly tested with Windows XP.
Start your computer in safe mode and then go to Start >> Run and type sigverif to start the File
Signature Verifier (Print Screen 8.2). Under Advanced select the Look for other files that are not
digitally signed option and the file type as *.sys from the drop down menu. Once you have located
the unsigned drivers, create a folder in C: drive called Backup or something similar and then locate
the drivers from the addresses provided by the File Signature Verifier. Once you have located a
driver, cut and paste it into the back up folder and then restart your computer in normal mode. You
will get error messages saying that at least one driver or service failed to start or something similar
to it; ignore them and check whether the problem you were experiencing has gone or it still persists.
You can try all the drivers in this way and when the problem goes away you can be sure that it was
due to the file that you last moved. Don‟t try this method with video drivers. For video drivers
start your computer by selecting the Enable VGA mode option at startup.

File Signature Verification - Print Screen 8.2

Page | 146
A Beginners Approach to Windows

If the problem is due to a software or program that you had recently installed, then you can start
your PC in safe mode and then use the System Configuration Utility to check and remove any
malicious applications at system startup. These programs could include, corrupt firewalls, viruses,
spywares and/or other adware. Go to Start >> Run and type msconfig to start the System
Configuration Utility (Print Screen 8.3). Go to the Startup tab which shows all the applications that
run at system startup. Deselect all and then select one of them and press OK to save changes and
exit. Restart the system to start in normal Windows (not safe mode) and see if the problem persists.
If it does then it was the program that you had selected to run at startup that was the culprit. You
can then uninstall it through safe mode or delete it if it was standalone (like a virus or something). If
the problem disappears then deselect the one that was selected and then select some other
application and try starting in normal mode. Do this till the problem reappears and then take
necessary action. Better still, run an updated antivirus to check if there are any viruses running at

System Configuration Utility- Print Screen 8.3

Use these techniques only if all else fails because these methods take a hell lot of time. Use
System Restore otherwise to revert you system to a stable phase. Windows XP‘s system restore
creates restore points even when you are not aware of it. Like when you install a big program or
install a new hardware device or driver. You can use any of those restore points to start your
system successfully.

Page | 147
A Beginners Approach to Windows


1. Add an option in the boot.ini file to start Windows in Safe Mode with Networking.

2. Change the time for which the Windows Advanced Recovery Menu should be visible.

Page | 148
A Beginners Approach to Windows

The Windows Registry

Understanding the Windows Registry for a proper understanding of the Operating System is
necessary. This chapter will explain the structure of the Windows Registry and also highlight some
of the common tricks that an administrator can employ to tweak his system.

After this chapter the reader should be able to:
 Understand the importance of the Windows Registry
 Explain usage of regedit & regedt32 for registry editing
 Explain what are hives, keys and different types of values that the registry can take.
 Employ common registry tweaks for optimal system performance.
 Use the reg.exe command to access the registry

Warning: Incorrect editing of the registry may severely damage your system. Backup any important
data to a Non OS drive (usually other than C:\ drive) before making any changes to the registry.

Page | 149
A Beginners Approach to Windows

The Windows Registry is a comprehensive database containing information about a computers
configuration. It contains information that is continually accessed by Windows during operation and
during running of applications. The registry basically contains information about the installed
programs, settings for folders and desktop features, user profiles, hardware connections and driver

IX.1: Registration Databases

The method of storing the Windows registry differs in case of Windows 95/98/Me and Windows
XP/NT by the various files that they use.

The Windows 95/98/Me registration database:
In case of Windows 95/98/Me, the registry is found in the following five files with Hidden & Read
Only attributes for general protection.
 System.Dat: stores common hardware and software settings of the system.
 User.Dat: stores settings for specific users including software settings. If there is more than one
user, then multiple user profiles enable each user to have a separate USER.DAT file, located in
 System.Da0 And User.Da0: Backups of System.dat & User.dat created by Windows after a
successful boot. Found only on Windows 95 systems.
 Classes.Dat: stores data contained in the HKEY_CLASSES_ROOT Hive key, found only on
Windows ME systems.
 Policy.Pol: Provides additional information specific to the network. This is a optional file that
comes into existence when network policies are defined in the HKEY_LOCAL_MACHINE and or
HKEY_CURRENT_USER policies key.

Windows 98/ME‘s automatic Registry backup is enabled by the command
C:\Windows\Scanregw.exe /autorun found as a String Value called "ScanRegistry" under the registry
key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run

Windows 98 and Me back up the registry into compressed CAB files in the %WinDir%\Sysbckup. A
maximum of 99 different backup copies can be stored; a new one is created with every successful
boot every new day. They are named from rb000.cab, rb001.cab … up to rb099.cab. Check the
date stamp to determine the newest backup set.

The Windows XP registration database:
When it comes to Windows XP, the registry is slightly different. Windows XP stores its registry in
these six files located in the %SystemRoot%\System32\Config folder (default is C:\Winnt\
System32\Config or C:\Windows\System32\Config depending on whether your system is Windows
NT or XP respectively):
 Default: stores the HKEY_USERS\.Default key.
 Sam: stores the HKEY_LOCAL_MACHINE\Sam key.
 Security: stores the HKEY_LOCAL_MACHINE\Security key.
 Software: stores the HKEY_LOCAL_MACHINE\Software key.
 System: stores the HKEY_LOCAL_MACHINE\System key and the HKEY_CURRENT_CONFIG
Hive key.
 Ntuser.Dat, located in the %SystemRoot%\Profiles\ %UserName% folder, stores the

Windows XP/NT keeps the original copy of the above files in C:\Windows\repair. These files are the
first copy of their type that were created when the OS was installed.

Page | 150
A Beginners Approach to Windows

IX.2: The Registry Editors – Regedit & Regedt32

Most data from the MS-DOS configuration files—autoexec.bat and config.sys, and from the
Windows system initialization files—control.ini, system.ini, win.ini, etc, is now contained in the
registry, together with most of the other system settings. Most Win32 (32-bit) specific applications
store their initialization and configuration data into the registry instead of into INI files. The Registry
is stored in a binary data executable format.

The Registry editor is an advanced tool for viewing and editing the Windows registry. The registry is
arranged in the form of an explorer like tree with keys and sub keys when seen through a registry
editor. The registry editor enables you to modify keys and values. There are two types of registry
editors in Windows XP. The Regedit & Regedt32 do the same thing except for a few changes here
and there. Regedt32 allows users to create and modify the extended string values
REG_EXPAND_SZ & REG_MULTI_SZ. On Windows 2000 systems, regedt32 allowed you to set
permissions to individual keys and sub keys and also it couldn‘t import or export registration files
(*.reg). In Windows XP and Windows Server 2003 regedt32.exe is just an application that launches

Regedt32 on Windows 2000 - Print Screen 9.1

Windows 98 does not have the Regedt32 version of the registry editor. The downside of using the
inbuilt Windows registry editors i.e. Regedit & regedt32 do not warn you if the key that you are
modifying causes any harm or not. Using third party registry editors may overcome this limitation
but on the whole you should be familiar with all the keys to do any system wide changes.

To open the registry editor, click Start, click Run, type regedit, or regedt32 and then click OK. The
registry looks like the Windows Explorer in design. The left pane consists of keys which can be
expanded into sub keys. The right pane shows different data types.

Regedit is found as an executable file in %Systemroot% (usually C:\Windows\) named as
regedit.exe and regedt32.exe is found in the system32 folder in %Systemroot%\

The entire Windows Registry can also be backed up as a .reg file by running Regedit > File >

Page | 151
A Beginners Approach to Windows

The Registry Editor - Print Screen 9.2

Microsoft Windows 98 automatically creates a backup copy of the registry every time Windows
starts, in addition to this you can manually create a backup using the Registry Checker utility by
running SCANREGW.EXE from Start >> Run. Scanregw,exe is not found in Windows XP.

On Windows XP selecting the Last Known Good Configuration during startup causes Windows to
start with the last copy that allowed it to boot properly the last time.

IX.3: Hives, Keys & Data Types

The Registry consists of two basic components:

1. Key & Sub Keys: Folder or a directory that you can see in the left hand pane of the registry
editor. They organize the registry data in a hierarchical format. Keys can contain sub keys and
values. Each key or subkeys name is predefined by the system or created by users or Win32 (32-
bit) programs, and can contain spaces and most alphanumeric characters. The Windows 95/98/Me
registry contains six root keys under ‗My Computer‘ (see further below) and several sub keys below
each root (parent) key.

2. Value: Value or data is stored as individual settings for different Win32 programs or for the
system. These are the entities you see on the right hand pane of the registry editor. Some of these
may not be available in regedit or may differ with Operating Systems.
The following are the most common data types stored in the registry:
 REG_DWORD [DWORD Value]: Double WORD data of 4 bytes (32 bits) in length, in 3
numeric formats: decimal (base of 10), hexadecimal (base of 16) or binary (base of 2).
 REG_BINARY [Binary Value]: data of any length, in two numeric formats: binary (base of 2) or
hexadecimal (base of 16).

Page | 152
A Beginners Approach to Windows

 REG_SZ [String Value]: data of any length, in three Unicode or ANSI formats: simple
text/ASCII (string), expanded (%string%) or extended (multi-string).
 REG_EXPAND_SZ [Expanded String Value]: in system variable (%string%) format, stores
environment variables within strings, accessed by substituting variables with actual system
path names.
 REG_MULTI_SZ [Multiple String Value]: in extended multi-string format, stores multiple strings
into a single Registry entry.

Other data types not available through the standard registry editors include:
 REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
 REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
 REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
 REG_NONE - No defined value type.
 REG_QWORD - A 64-bit number.
 REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
 REG_RESOURCE_LIST - A device-driver resource list.

When you run the Registry Editor, you‘ll see the following expandable Registry subtrees, each
marked with a plus (+) sign, under the "My Computer" heading (main node). To further expand each
subtree and view all underlying branches (subkeys), click on the plus (+) signs of the five main Hive
keys below.

Typical layout of the Windows 95/98/Me/NT/XP registry

[+] My Computer

-[+] HKEY_CLASSES_ROOT (HKCR): Software settings, CLSID folder data, program template
data, drag-n-drop, shortcut settings and sub keys for every defined file association, also found at

-[+] HKEY_CURRENT_USER (HKCU): Settings related to current user. Configuration settings
include desktop related stuff and software configurations alongwith policies.
-[+] AppEvents: Assigned system and applications sound events settings.
-[+] Control Panel: Control Panel settings
-[+] Identitites: Created and used by MS Outlook Express 4/5 and its Address Book.
-[+] Keyboard: Current keyboard layout.
-[+] Printers: Information about printer related settings.
-[+] Network: Network connection settings.
-[+] RemoteAccess: Current logon location settings, if using Dial-Up Networking.
SessionInformation: Program Count, keeps track of the number of open applications visible on the
-[+] Software: Software configuration settings for the currently logged on user, sorted by vendor or

-[+] HKEY_LOCAL_MACHINE (HKLM): User independent hardware and software machine
specific information. The most important key in the registry: bus type, startup programs, device
drivers, CLSID folder data, keyboard layout etc.
-[+] Drivers: Used by the Device Manager to keep track of active loaded drivers for hardware
peripherals like plug-n-play devices, PC cards, PCMCIA etc.
-[+] Hardware: Detailed information about all the devices connected to your computer in a format
only the OS understands.
-[+] Network: Information and settings about network(s) the user is currently logged on to.

Page | 153
A Beginners Approach to Windows

-[+] Security: Network security information and settings.
-[+] SOFTWARE: Software-specific information and settings sorted by developer. Has the
Microsoft\Windows\ key which has most of the machine specific settings like installed programs etc.
-[+] System: Contains details about the Operating System and related settings,
CurrentControlSet\Enum\ for hardware profiles and individual description.

-[+] HKEY_USERS (HKU): Information about desktop and user specific settings for each user who
logs on to the same Windows 9x/Me system. Each user has a separate subkey here. If there is only
one user, the only subkey is ".Default".

-[+] HKEY_CURRENT_CONFIG (HKCC): Information about the current hardware profile used by
the local computer at startup, pointing to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current.

-[+] HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with
the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added
and removed from the system.

IX.4: The .Reg File

It sometimes can be timesaving to enter values into the registry without having to navigate to some
deep key. Here‘s where Windows gives you the option of adding keys and data to the registry using
text files having the .reg extension. You can even delete keys by just double clicking and accepting
the confirmation dialog that comes up.

You can export the entire registry to text files or import data from them. To export a key goto File >>
Export and save the key with a filename. For example lets take the
HKEY_CURRENT_USR\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer key.
Exporting this key on my computer gave me the following:

Windows Registry Editor Version 5.00


This format is for Windows XP computers because the Registry Editor version is 5.00. On Windows
98 systems however the same .reg file would look like the following:



The format is quite simple, REGEDIT4 indicates the file type and version,
indicates the key the values are from, "NoDriveTypeAutoRun"=dword:00000091" and
"ClearRecentDocsonExit"=dword:00000001 are the values themselves, the portion after the "="
will vary depending on the type of value they are; DWORD, String or Binary.

Page | 154
A Beginners Approach to Windows

So by simply editing this file to make the changes you want, it can then be easily distributed and all
that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings
to be added to the system Registry.

Deleting keys or values using a REG file:
As mentioned earlier, it is also possible to delete keys and values using REG files. To delete a key
start by using the same format as the the REG file above, but place a "-" symbol in front of the key
name you want to delete inside the square bracket. For example to delete the
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] key the reg file would
look like this (under Windows 98):



To delete individual values instead of a minus sign in front of the whole key, place it after the equal
sign of the value. For example, to delete a value "YPager" the file would look like:



This feature can be used constructively if used with intelligence. It may so happen that data may be
entered into the registry that could possibly corrupt it, or values may be deleted unknowingly, in any
case Windows would be at risk. It is always essential to make a backup of the Windows Registry in
case of any untoward incident. Editing the registry requires excellent skill and workmanship, one
mistake and your Windows is gone, but no mistakes and your Windows lives much longer.

It happens that after prolonged usage of Windows, adding & removing programs, adding and
configuring hardware, desktop settings and other Windows Configuration, that the registry tends to
be filled with unreferenced garbage data that has no relevance to any program currently on your
system. To clean the registry, Microsoft gives a small program called Regclean, you can download
it from the several locations on the internet. Regclean checks the registry for unwanted,
unreferenced values and creates a .reg file with all garbage values. If you can‘t you can add back
the values to the registry by double-clicking on the reg file, else just delete it. RegClean is really
efficient and since it‘s a Microsoft product, u shouldn't have second thoughts.

IX.5: Registry Tricks & Tweaks

Editing the registry can make or break a system. The following is a list of some of the most famous
Windows registry tricks and values that ought to give your computer a general boost and show you
how to play around with your system. Some keys and values may not be present on your registry
but can easily be created by right clicking and selecting from the context menu. It may so happen
that the tricks mentioned here may not work immediately, in such cases a logoff or restart is
recommended. Always refresh the registry by pressing F5 before exiting.

The tricks are provided as is and the guarantee that they may work solely lies on the OS version.
Incorrect registry editing can hamper system working and in some cases can cause you to reinstall
Windows. Remember, you can assign specific key permissions for different users. If you have
created policies for users, you can lock out specific keys of the registry using Permissions from the
Edit menu, or you can even lock out the entire registry by disabling access. Read on.

Page | 155
A Beginners Approach to Windows

As mentioned previously, the registry editor can be run by going to Start >> Run >> Regedit


>> Disable Tool Tips
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Edit: Modify or create a new DWORD value in the right hand pane of the window, "ShowInfoTip"
and set the Value to 0. To restore set the Value to 1. This edit excludes the Start Button.
Comments: Use this to disable the tool tips that pop up when you move your mouse over folders
and files or buttons. This edit does not prevent the ‗Click here to begin‘ tool tip on the start button
from popping up.

>> Disable Status Messages during Boot, Logon, Logoff, Shutdown
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Edit: Create a new Dword value. Name the new value ―DisableStatusMessages‖. Double click
the new value and set it to 1.
Comments: This prevents status messages from showing up like the Windows is shutting down
and the like. Includes all status messages of startup, logon and shutdown.

>> Disable Balloon Tips
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
Edit: Create a new DWORD value, "EnableBalloonTips" and set the Value to 0. To restore set
the Value to 1.
Comments: Use this to get rid of the (for me) annoying ‗balloon tips‘ that pop up in the system
tray reminding you that of something or the other.

>> Disable/Enable Boot Defrag
Edit: Select ―Enable‖ from the list on the right. Right click on it and select Modify. Change the
value to Y to enable and N to disable.
Comments: This causes Windows boot files to be defragged and places them in contiguous
sectors, thus makes them available for quicker launch at the next boot.

>> Disable Error Reporting
Edit: Modify or Create a new Dword Value, ―DoReport‖, 1 = Send Reports, 0 = Don't Send.
Comments: This disables Windows from asking you whether you want to send error reports
whenever an error occurs.

>> Disable Crash Control Auto Reboot
Edit: Create or modify Dword value, "AutoReboot" set the Value to 1. To disable set the value
back to 0.
Comments: Changing this option to 1 causes the computer to automatically restart when a stop
error occurs which would otherwise stop at the Blue Screen. This will not allow you to see what
caused the exception since the blue screen lists the error code.

Page | 156
A Beginners Approach to Windows

>> Disable Low Disk Space Message
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
Edit: Modify Dword value, ―NoLowDiskSpaceChecks‖ and set the value to 1. Logoff or Reboot
your machine.
Comments: Windows will not bother you with annoying low disk space messages.

>> Disable Search Assistant.
Edit: In the right pane, look for or create a string value called: ―UseSearchAsst‖ and set its value
to: No
Comments: Will disable the search assistant for Windows. Forget the dog and the merlin.

>> Disable the Thumbnail Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced
Edit: Create a new DWORD value, or modify the existing value, called 'DisableThumbnailCache'
and edit the value to 0 to enable or 1 to disable.
Comments: This edit disables Windows ability to create Thumbnails for images or video files. On
systems with large number of multimedia files this setting can save a lot of memory space.

>> Disable/Turn Off System Beeps
HKEY_CURRENT_USER\Control Panel\Sound
Edit: In the right pane, right click "Beeps", modify, set the value to no.
Comments: Use this to disable the irritating system beep that you get when you pull the volume
slider out of focus.

>> Disable Desktop Cleanup Wizard
Edit: Create a new DWORD value, or modify the existing value, called 'NoRun' and edit the value
to 0 to enable or 1 to disable.
Comments: This disables the Desktop Cleanup Wizard that displays which icons weren‘t used
for a long time and tells you it can take care of them.

>> Change the Text in Internet Explorer‟s Title Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main.
Edit: In the right pane, change the value of the string, "WindowTitle", to any string of your choice.
Comments: This edit enables you to add your own Title to Internet Explorer‘s Title bar. You must
have seen IE with ‗Hacked by Godzilla‘ or something similar at cyber cafes or at home, this is
where the change is done.

>> Change Name and Company Information after Installing Win XP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Edit: In the right pane, modify ―RegisteredOrganization‖ and ―RegisteredOwner‖ to your liking.
Comments: You can use this to change the name and company information that you provided
while installing.

Page | 157
A Beginners Approach to Windows

>> Get Rid of the "Links" Folder in Favorites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar.
Edit: Set the String value of "LinksFolderName" to equal a blank string. Open IE and delete the
Links folder from the Favorites menu. The next time you start Internet Explorer the Links folder
will not be recreated.
Comments: Have you tried deleting the Links folder in Internet Explorer and noticed how
shamelessly it reappears? You can now finally win.

>> Run Explorer Full Screen
Edit: In the right pane find or create the DWord value ―FullScreen‖ and modify the value to 1. For
the second key, in the right pane find or create a string called ―FullScreen‖ and modify the value
to yes.
Comments: This edit causes Explorer, all Windows folder, views to be displayed in full screen by
default since you can press F11 anytime in explorer to go full screen. Very handy when viewing
folders having loads of images.

>> Add Open Notepad to Every Folders right click menu
Edit: Create a new ―key‖ and it as Notepad. In the right hand pane, modify the default value to
something like ―Launch &Notepad‖ where the ―&‖ sign will cause N to get underlined and will thus
act as the shortcut. Then create another ―key‖ below ―Notepad‖ key and name it as ―command‖.
In the right hand pane, modify the default value and enter ―notepad.exe‖
Comments: You can in fact use this option to add any program to the right click of folders.

>> Customize the Windows Logon and Security Dialog Title
Edit: Create or modify the string value named ―Welcome‖ to anything you wish. You will have to
logoff or restart to see the changes.
Comments: This setting allows you to add additional text to the title of the standard Windows
Logon and Windows Security dialog boxes.

>> Legal Notice Dialog Box before Logon
Edit: Modify the value named ―LegalNoticeCaption‖ to the caption on the dialog box (e.g.
Warning!!). If this value doesn't already exist create it. Then modify the value named
―LegalNoticeText‖ to represent the body of the dialog box (e.g. Your activities on this computer
are being monitored blah blah blah…). Restart to see the dialog box pop up before logon.
Comments: This is cool... This allows you to create a warning box that is displayed before the
user actually logs in.

Page | 158
A Beginners Approach to Windows

>> Change the Message Shown on the Logon Box
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ Winlogon.
Edit: Create a new string value named ―LogonPrompt‖ and enter the text you want to display.
Comments: The default message is: ―Enter a user name and password that is valid for this
system.‖ You can change this text to a custom message. Show your authority.

>> Change the Title of Windows Media Player
HKEY_CURRENT_USER\Software\Policies\Microsoft\ WindowsMediaPlayer
Edit: Create a new string value called "TitleBar" and set it to the text you would like to be
displayed in the title bar of Windows Media Player.
Comments: This edit shows a custom string on the Title Bar of Windows Media Player. Shows
how customizable Windows is.

>> Display the Attributes Column in Explorer
Edit: Create a new DWord value called ―ShowAttribCol‖ and set the value to '1' to enable the
attributes column.
Comments: This causes an additional column displaying file attributes to be listed when the
contents of a folder are seen in Details View. Paying tributes to Windows 95.

>> Force the Use of the Windows XP Style Start Menu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer.
Edit: Create a new DWORD value, or modify the existing value, called ―NoSimpleStartMenu" and
edit the value to 1 to force the newer start menu.
Comments: This prevents the users from changing the Start Menu to classic through the
Taskbar properties. When set to 1, this disables the Start Menu check box in Taskbar Properties.

>> Remove Common Groups from the Start Menu
Edit: Create a DWORD called ―NoCommonGroups‖ and set the value to 1 to hide them, 0 to
display them.
Comments: This edit will remove all the entries located in C:\Documents and Settings\All
Users\Start Menu and its sub-folders from the Start Menu when All Programs is accessed.

>> Add Control Panel to right click menu of My Computer
HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}.
Edit: Create a new key called ―shell‖ (if it is not present), then create another key below it and
name it as ―Control Panel‖. In the right hand pane modify the value of default to ―Open &Control
Panel‖. Then create another key called ―command‖ and modify the right hand side default value
and make it ―control.exe‖. Results are usually immediate.
Comments: Control Panel will be added to the right click menu of My Computer. You can use the
name of any executable under the shell key to create a right click menu. You could for example
add regedit to the right click.

Page | 159
A Beginners Approach to Windows

>> Add Your Own Tips
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Tips.
Edit: You can create a new string value named by incrementing the existing value names and set
it to the required tip text. You can just modify the existing tips for fun.
Comments: The Tips in Windows can be altered to suit your needs. Its fun.

>> Enable Start Menu Scrolling
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
Edit: Create a new String value, or modify the existing value, called '‖StartMenuScrollPrograms‖
and edit the value to YES or NO.
Comments: This edit causes the Program Files in the Start Menu to be of fixed size and the list
can be scrolled by keeping the mouse pointer at the small arrows at the end and top of the menu.

>> Change the Login Window
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon
Edit: Create a new DWORD value, or modify the existing value, called ―LogonType‖ and edit the
value to (0 = Classic Mode, 1 = Welcome Screen)
Comments: This changes the Login Window from the Welcome screen to the Logon Box and
vice versa.

>> Activate Clear Type on the Welcome Screen
HKEY_USERS\.DEFAULT\Control Panel\Desktop
Edit: In the right pane, right click "FontSmoothingType", modify and change the value to 2.
Comments: Using this option allows the text and images to be drawn sharply on the screen. Very
helpful if you are using an LCD panel or a notebook.

>> Clear Cached Command Lines from the Run Menu
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.
Edit: Delete the value corresponding to the command you want to remove, or remove all the
entries to clear the list completely.
Comments: This clears of the list that accumulates when you use the run menu. For people who
use the run menu for most of Windows tasks, this list could be pretty huge...

>> Disable Show Last User Name
Edit: Create a new DWORD value, or modify the existing value, called ―dontdisplaylastusername‖
and edit the value to 1 for hiding last logon.
Comments: This is an additional security concern that you can implement. Using this edit will
cause the last logged on user‘s username to be erased from the logon box at Windows Logon.
Will be visible if you have the Welcome screen turned off.

>> Remove Username from the Start Menu

Page | 160
A Beginners Approach to Windows

Edit: Create a new DWORD value, or modify the existing value, called
―NoUserNameInStartMenu‖ and change its value to 1 to hide username from the start menu.
Comments: This removes the username from the Windows XP Start Menu. The Start menu may
appear a bit odd for a few days for people who are used to seeing their names there…

>> Disable Windows XP Tour
Edit: Modify or create a new DWORD value in the right hand pane of the window, "RunCount"
and set the Value to 0. To restore set the Value to 1.
Comments: Disable the Windows XP Tour that pops up when you login after a Windows
installation. The Windows XP Tour could be irritating at times, in any case a must go through if
you are a new user.

>> Make Notepad as the default application for files without an association.
Edit: If shell does not exist create it. Under shell create a new key called open, and edit the string
"(Default)" to read "Open with Notepad". Under open create a new key called command, and edit
the string "(Default)" to read "notepad.exe %1" (including the quotes).
Comments: A very helpful registry hack that allows you open extension-less files or files without
a default application by a double click.

>> Change the Command Prompt format (C:\>)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Edit: Create a new Expandable String Value (REG_EXPAND_SZ) and name it as Prompt. Modify
its value to any of the following combinations:
Special Codes:
$A - & (Ampersand)
$B - | (pipe)
$C - ( (Left parenthesis)
$D - Current date
$E - Escape code (ASCII code 27)
$F - ) (Right parenthesis)
$G - > (greater-than sign)
$H - Backspace (erases previous character)
$L - < (less-than sign)
$N - Current drive
$P - Current drive and path
$Q - = (equal sign)
$S - (space)
$T - Current time
$V - Windows XP version number
$_ - Carriage return and linefeed
$$ - $ (dollar sign)

%USERNAME% - Current Username
%COMPUTERNAME% - Local computer name
%USERDOMAIN% - Local domain name

Page | 161
A Beginners Approach to Windows

The default prompt is "$P$G" (i.e. "C:\>"), some alternatives include:
[%computername%]$S$P$G to show the computer, drive and path [%username%]$S$P$G to
show the current user, drive and path.
Comments: Makes your command prompt look whacky. If you use the prompt often then this is
definitely your take. My favorite is: [%username%]$S$V$S$P$G

>> Disable the Windows Installer
Edit: Create or modify the DWORD value named ―DisableMSI‖ and set the value to 2 to disable,
1 for admin use only and 0 to enable.
Comments: Very useful if you have multiple accounts and if you don‘t want the other account
users to install applications that use msiexec.exe. Also you can check for this value in the
registry if you have received this error “The System Administrator has set policies to prevent
this installation.”

>> Change the Color of Encrypted Files
Edit: Create a new Binary value, or modify the existing value called 'AltEncryptionColor' to any
value in the format RR GG BB 00 (default = 00 80 40 00)
Comments: When you encrypt a file in Windows (See Securing Windows), the file name
changes to a bright green color. To change this color you can use this edit and modify it to suit
your needs. Try red (FF 00 00 00) or yellow (FF FF 00 00). The values are in hex hence they
range as 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0A, 0B, 0C, 0D, 0E, 0F, 10, 11, 12 and so on…

>> Customize the Open and Save Dialog Box
Edit: Create new DWORD values or modify existing ones for the following changes:
―NoBackButton‖ - Hides the back button
―NoFileMRU‖ - Hides the most-recently-used (MRU) list
―NoPlacesBar‖ - Hides the places bar
Modify the value to 0 to display or 1 to remove.
Comments: This allows you to play around with the look and settings of the Common Dialog
Control Open and Save box. Use the Browse button in the Run box to test your settings.

>> Remove the Minimize, Maximize and Close Tooltips
HKEY_CURRENT_USER\Control Panel\Desktop
Edit: Create a new String value, or modify the existing value called ―MinMaxClose‖ to 0 to disable
or 1 to enable tooltips.
Comments: This disables the tooltips from popping out when you move your mouse over the
Minimize, Maximize or Close buttons in an explorer window.

>> Show Windows Version on Desktop
HKEY_CURRENT_USER\Control Panel\Desktop
Edit: Create a new DWORD (or String on Windows 98 and Me) value, or modify the existing
value called 'PaintDesktopVersion' set the value to equal '1' to display the version.

Page | 162
A Beginners Approach to Windows

Comments: A nifty little hack that displays the version of Windows including the full name and
the build of the OS. Here‘s a screen shot.

Windows Version on Desktop - Print Screen 9.3

>> Rename My Computer to “Username on Computername”
Edit: Rename the value named "LocalizedString" to "LocalizedString.old". Create a new
REG_EXPAND_SZ value named "LocalizedString", and set the value to "%USERNAME% on
Comments: Use this to change the My Computer to anything of your choice. To use Environment
variables like %username%, %homepath% and %systemroot% in place of My Computer this
method should be used, for everything else there‘s always the standard rename option.

>> Prevent Windows from shutting down through the Start Menu
Edit: Create a new DWORD value and name it to ―NoClose‖. Modify its value to 1.
Comments: This prevents Windows from shutting down, usually used on machines on a domain,
can be implemented on your local system. When you try to shutdown your computer through the
Start >> Shutdown option, a Restrictions message is displayed. There are other ways to
shutdown your machine though…

>> Remove Run from the Start Menu
Edit: Create a new DWORD value and name it to ―NoRun‖. Modify its value to 1.
Comments: This option removes the Run command box from the Start menu. Not a wise thing to
do, knowing the importance of the Run box. If you use the Win key + R, you get a Restrictions
message preventing you from opening it.

>> Remove Tray Items from Taskbar
Edit: Create a new DWORD value and name it to ―NoTrayItemsDisplay‖. Modify its value to 1.

Page | 163
A Beginners Approach to Windows

Comments: Removes the items in the tray. The applications themselves are running in the
background but their icons are not displayed. This edit makes your taskbar look neater and clutter

>> Remove My Computer from the Desktop and Start Menu
Edit: Create a new DWORD value, or modify the existing value called ―{20D04FE0-3AEA-1069-
A2D8-08002B30309D}‖ to 0 to show, 1 to remove.
Comments: My Computer is not displayed on the Desktop as well as the Windows XP Start

>> Prevent Files from being added to Recent File List of Media Player
Edit: Create a new Binary value, or modify the existing value called ―AddToMRU‖ to 00 to disable
file adding and 01 to enable.
Comments: This is very helpful for guys who wouldn‘t want the recent file list in Windows Media
Player to be populated with recent files. The recent file list will remain empty no matter what you

>> Directly delete a file instead of sending it to Recycle Bin.
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
Edit: Create a new DWORD value, or modify the existing value called ―NukeOnDelete‖ to 1 to
directly delete.
Comments: Same as doing a Shift + Delete on a file. The file or folder is deleted directly without
going to the recycle bin. This value can also be set by going to the properties of recycle bin and
selecting the Do not move files to the Recycle Bin option. Here‘s the option.

Setting NukeOnDelete through Properties - Print Screen 9.4

Page | 164
A Beginners Approach to Windows

>> Restore Folder Windows at Startup
Edit: Create a new DWORD value, or modify the existing value called '‖PersistBrowsers‖ to 0 to
prevent explorer from re-opening windows or 1 to re-open windows.
Comments: When you shutdown your computer with folders still open, this setting causes
explorer to reopen the folders that were not closed when Windows was last shutdown or the user
was logged off.

>> Disable the "Log on using dial-up connection" Check Box
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
Edit: Create a new String value, or modify the existing value, called 'RasDisable' and edit the
value to 1 for Restriction Enabled and 0 for Restriction Disabled.
Comments: This edit disables the option to Log on using dial-up connection during Logon.
Windows allows users to optionally connect to a Windows domain using dial-up networking
through this option.


>> Auto Disconnect for Internet Explorer
Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
Edit: In the right pane, find ―Autodisconnect‖ and change the time accordingly.
Comments: The Auto Disconnect feature is designed to terminate the connection to your Internet
Service Provider (ISP) after a designated period of inactivity. This is what you specify in the time
settings. The value is in minutes. This feature also prompts you to disconnect from your ISP after
you close all instances of Internet Explorer. Thus reminding you and in a way saving you the
trouble to manually disconnect from the tray icon.

>> Set the Start Page in Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main.
Edit: Modify the existing value, called ―Start Page‖ to any URL you want (eg:
Comments: This one is simple to understand. This edit sets the Start Page in Internet Explorer;
the link that you specify here will be opened whenever you start IE. This is the same as setting
the start page from Internet Options under the general tab, but at least you get to know where the
change is being done.

>> Change the Text in Internet Explorer‟s Title Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main.
Edit: In the right pane, change the value of the string, "WindowTitle" to something like ―I know
what you did last summer…..‖
Comments: This is pretty cool. You can change the text in the Title bar of Internet Explorer to
something more appropriate to your taste. You may have also seen the title bar of Internet
Explorer display something like Hacked by Godzilla, or something else. Now you know what to

Page | 165
A Beginners Approach to Windows

>> Change default Internet Explorer Download Directory
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Edit: In the right pane, double click on the ―Download Directory‖ value. Enter the path to the
folder you want as your download location.
Comments: When you click on a link that IE does not understand how to handle (.exe, .zip or .rar
etc), it will ask you for a download and then you can choose the directory to save it. Instead of
searching for the directory, how about IE showing up a directory of your choice everytime you
download. Use this edit to control which becomes your default directory.

>> Get rid of the Unread Mail message at the Welcome Screen
Edit: Create a new DWORD value called "MessageExpiryDays" and set it to "0".
Comments: When you receive mail through Outlook Express, a message will be displayed on
the Welcome screen under your username informing you that there are some x number of unread
mail messages. This edit removes the nagging message. I like my Welcome Screen clean.

>> Modify the Internet Auto-Dial Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings
Edit: Create a binary value named "EnableAutodial", and set its value to equal "01 00 00 00" to
enable autodial or "00 00 00 00" to disable it.
Comments: A very important tweak that prevents Windows from Auto dialing your ISP when a
service or application requests information from the web. Use it to secure your system so that
applications do not cause a connection to the ISP to progress when you aren‘t at your desk.

>> Customize the Auto Complete Mode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ AutoComplete
Edit: Create a new string value, or modify the existing value, named "Append Completion" and
set it to "yes" to append the suggested text as you are typing or "no" to show a drop-down list.
Comments: This comes really handy when you are typing text into a field. The Auto complete
feature allows you to select previously entered text or suggestions that match your current
incomplete text thus saving a lot of typing work. Here‘s the difference…

Append Completion = “no” - Print Screen 9.5

Page | 166
A Beginners Approach to Windows

Append Completion = “yes” - Print Screen 9.6

>> Remove MSN Messenger from Outlook Express
Edit: Create a new DWORD value, or modify the existing value, called ―Hide Messenger‖ and set
the value to 2 to remove messenger from Outlook Express.
Comments: MSN Messenger has a very annoying habit of popping up whenever you start
Outlook Express. This tweak lets you prevent messenger from starting up whenever you start
Outlook Express.

>> Control Internet Explorer Error Reporting
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main.
Edit: Create a new DWORD value called "IEWatsonEnabled" and set it to "0". Create another
DWORD value called "IEWatsonDisabled" and set it to "1". Restart your browser for the changes
to take effect.
Comments: This edit suppresses the Microsoft‘s Error reporting tool to be inactive for Internet

>> Open Internet Explorer Shortcuts in a New Window
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Edit: Create a new DWORD value, or modify the existing value called ―AllowWindowReuse‖ to 0
to open in new window or 1 to open in the same window.
Comments: This tweak causes Internet Explorer to open new windows for links click on pages.
Excellent tweak that allows you to open new windows without using the right click option.

>> Hide the Internet Explorer Icon
Edit: Create a new DWORD value, or modify the existing value called ―NoInternetIcon‖ to 1 to
hide and 0 to display.
Comments: This edit removes the Internet Explorer Icon when set to 1 from the desktop and the
Quick Launch folder. Can also be done through Display Properties >> Desktop >> Customize
Desktop and by removing the check against Internet Explorer.

>> Disable Internet Explorer Download Notification
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Edit: Create a new String value, or modify the existing value called ―NotifyDownloadComplete‖ to
yes or no depending on your preference.

Page | 167
A Beginners Approach to Windows

Comments: IE informs you whether the current download has completed or not. You can change
this setting according to your preference.

>> Lock the Internet Explorer Toolbars
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Edit: Create a new DWORD value, or modify the existing value called ―Locked‖ to 0 to unlock or
1 to lock.
Comments: Locks the toolbars of Internet Explorer when Locked is set to 1. you can also lock
toolbars by from the right click context menu of a toolbar in IE, this edit lets you know where you
did the changes in the registry.

>> Add a Background Bitmap to the Internet Explorer Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Edit: Add a new string value, or modify the existing value, named "BackBitmap" for IE4 or
"BackBitmapIE5" for IE5 and IE6, then set the value to the path and name of bitmap file you wish
to use (e.g. "C:\WINDOWS\CLOUDS.BMP")
Comments: This allows you to have a colorful background to your toolbars. IE looks pretty cool
with images of your choice. To restore your IE to ‗normal‘ without the background image, window
title and other customizations run Rundll32 Iedkcs32.dll,Clear. The command is case sensitive.

>> Block Executable Attachments in Outlook Express
Edit: Create a new DWORD value, or modify the existing value called ―BlockExeAttachments‖ to
0 to disable restriction or 1 to enable restriction.
Comments: This is a very important edit that revolves around securing your computer against
malicious code sent to you as an executable attachment. Outlook will filter out the attachment
thus preventing the exe from being downloaded on the system either accidentally or deliberately.
Might cause some problems if the attachment is a valid, clean executable.

>> Remove the Go Button in Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Edit: Create a new String value, or modify the existing value called ―ShowGoButton‖ to yes or no
to show or hide respectively.
Comments: Causes IE to hide or show the ‗Go‘ button. You can still browse by pressing Enter on
the keyboard.

>> Automatically Resize Images in Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Edit: Create a new String value, or modify the existing value called ―Enable AutoImageResize‖ to
yes or no to resize or disable resizing respectively.
Comments: This is an essential edit if you use the Internet Explorer often when browsing the
Internet. Images come in different sizes and may not be properly rendered n your browser. This
edit automatically resizes the images fit the page context and the screen; hence causing web
pages to appear more ordered.

Page | 168
A Beginners Approach to Windows

>> Internet Explorer FTP Mode (Folder View or Traditional View)
Edit: Create a String or modify the existing one called "Use Web Based FTP" to "no" for the
folder view or "yes" for the traditional view.
Comments: This is a very helpful edit if you frequently visit ftp sites and upload data. When on a
Local Area Network, ftp sites may have read write permissions, and if you wish to upload data to
an ftp site that gets displayed in its traditional view in IE then it gets cumbersome. With the Folder
view, ftp sites are displayed like Windows Explorer folders, so you can just copy the data from
your source folder, use a right click and paste it in the destination ftp site when in Folder view.

>> Disable the Outlook Express Splash Screen
HKEY_CURRENT_USER\Identities\{Unique-Identity}\Software\Microsoft\Outlook Express\5.0
Edit: Create a new DWORD value or modify the existing one called "NoSplash" to 1 to disable
Comments: Disables the Splash screen that pops up every time you start Outlook Express when
NoSplash is set to 1.

>> Disable Password Caching in Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Edit: Create a new DWORD value, or modify the existing value called ‖DisablePasswordCaching‖
to 1 to disable password cache, 0 is for default.
Comments: When you use a Username and Password to login into web services like email and
social networking sites (like orkut and myspace), if the password cache option is enabled your
password is stored on the system for ‗ease of refilling‘ the form the next time you login. This is a
security risk and hence this edit should be immediately employed to make your system a bit

>> Empty Temporary Internet Files on Exit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
Edit: Create a new DWORD value, or modify the existing value called ‖Persistent‖ to 0 to empty
temporary files or 0 to default.
Comments: Another important security edit. This tweak will erase all your temporary files when
you close IE instead of you manually navigating to the Temporary Internet Folder and deleting


>> Show Super hidden Operating System Files
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
Edit: Create a new DWORD value, or modify the existing value, called ―ShowSuperHidden‖ and
change the value to 0 to hide and 1 to show.
Comments: This edit causes explorer to show system files which are recommended by
Microsoft to be kept hidden, but since many viruses and unwanted applications use this security
feature of Windows to hide themselves, using this edit will at least display them if you have
something funny somewhere. You can also show super-hidden files by going to Folder Options
and unchecking the ‗Hide Protected OS Files‘ under the View tab.

Page | 169
A Beginners Approach to Windows

>> Unload DLL's
Edit: Create a new sub-key named ―AlwaysUnloadDLL‖ and set the Default value to equal '1' to
disable Windows caching the DLL in memory.
Comments: After an application closes, Windows caches the DLLs that were loaded by it in
memory for some time. This can cause performance issues on low memory systems. Use this
edit to unload DLLs no longer required.

>> End Task Time Out
Edit: Modify or create a new string value called, "WaitToKillServiceTimeout" and change the
Value to 2000. Close the registry editor and restart your machine.
Comments: This value (in milliseconds) changes the time given to a service or an application to
shutdown after it has been notified that the system has been issued the shutdown command.
Lowering this value decreases shutdown time but there could be a trade-off for applications that
require more time to cleanup memory space of data. 2000 milliseconds is ideal.

>> Change Default Search Options
Edit: Modify the following values, setting them to "1" to select the parameter as a default or "0" as
unselected. ―CaseSensitive‖, ―IncludeSubFolders‖, ―SearchHidden‖, ―SearchSlowFiles‖,
Comments: When you use search, there is an option to provide more advanced options like to
search in system folders, in hidden files and folders, in tape backup and filename is case
sensitive. You can set these options in the registry and use them as default in any future
searches instead of setting them manually each time you use Search.

>> Automatically Close Non-Responding Applications on Shutdown
HKEY_USERS\.DEFAULT\Control Panel\Desktop
Edit: Modify or create a new string value called ―AutoEndTasks" and change its value to ―1‖ to kill
unresponsive applications at shutdown automatically.
Comments: When you shut down your computer, enabling this option will cause unresponsive
applications to be killed immediately. Faster shutdown but again the trade off…

>> Speed Up Menu Display
HKEY_CURRENT_USER\Control Panel\Desktop
Edit: In the right pane select, "MenuShowDelay". Right click, modify and set the value to 100.
Comments: This determines the interval from the time the cursor is pointed at a menu until the
menu items are displayed. Best noticeable effect is on the Start Menu items.

>> Run a Program at Windows Startup just once
Edit: Create a string value, name it to anything and modify it to the executable path.

Page | 170
A Beginners Approach to Windows

Comments: This edit causes an application to be run at Windows Startup and then the entry is

>> Run a program whenever Windows starts.
HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run
Edit: Create a string value, name it to anything and modify it to the path of the executable. The
first entry will cause the program to run only for the current logged in user whereas the second
entry is global mode.
Comments: Very important locations for viruses and other unwanted applications to run without
user intervention. Especially the HKEY_CURRENT_USER entries, since they are easily writable.
Keep a frequent check on these locations for unwanted applications.

>> Speed up Network Share viewing by preventing Remote Schedule Task Check
Edit: Delete the key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and reboot.
Comments: If your computer is on a LAN and if you use the Start >> Run >> \\<Computer
Name> method or if you search for Computers to access them and if you have experienced a
delay in accessing them then deleting this sub key helps quicken things up for you. Windows will
normally check for Scheduled Tasks on the remote machine which is apparently the reason for
the delayed search results or login access. Deleting this key disables the lookup for Scheduled

>> Remove Properties from My Computer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer
Edit: Create a new DWORD value, or modify the existing value, called
―NoPropertiesMyComputer‖ and change the value to 1 to restrict the viewing of System
Properties or 0 to keep default status.
Comments: This prevents access to the System Properties box. Can be enforced if you do not
want users to change virtual memory settings or alter environment variables.

>> Enable DVD Player in Media Player
Edit: Create a new string value called "EnableDVDUI" and set it to "yes" to enable DVD
Comments: Enables the DVD playback feature in Windows Media Player. You will be presented
with DVD specific options whenever Media Player starts.

>> View Which Hot Fix Patches Have Been Installed
Comments: Periodically Microsoft releases Hot Fix's to patch bugs in Windows and other
products, this key contains information about which Hotfixes have been installed.

Page | 171
A Beginners Approach to Windows

>> Change or Add System Environment Variables
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager \Environment
Edit: Modify any value by double clicking on the name of the variable. To create new variable,
create new Expandable String and rename it to the variable name that you want. Modify its value
to the variable value that you want.
Comments: You can create or edit existing environment variables. Effective when your access to
System Properties is disabled.

Note: Variables are required by the OS and programs to run properly, any incoherent changes to
existing variables can cause Windows to function incorrectly.

>> Remove Computer Management Option from the right click of My Computer
Edit: Create a DWORD or modify the existing one called "NoManageMyComputerVerb" to 1 to
remove the Manage option from the right click context menu of My Computer.
Comments: With this edit set to 1, you will not be able to access Computer Management from
the right click menu of My Computer. In simple words, the Manage option from the menu will be

>> Disable the Windows Key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layout
Edit: Create a new Binary value, or modify the existing value called ―Scancode Map‖ to (―00 00
00 00 00 00 00 00 03 00 00 00 00 00 5B E0 00 00 5C E0 00 00 00 00‖) (without the “ and
Comments: This edit will disable the Windows Key that is found on most keyboards.

>> Show Run in Separate Memory Space Option in the Run Command box
Edit: Create a new DWORD value, or modify the existing value called ―MemCheckBoxInRunDlg‖
to 1 to show checkbox.
Comments: This edit adds the Run in Separate Memory Space check box to Run dialog box.
When selected, this option lets users run a 16-bit program in a dedicated (not shared) Virtual
DOS Machine (VDM) process. The additional check box is enabled only when a user types the
name of a 16-bit program in the Run dialog box.

>> Control the CD-ROM Autorun Function
Edit: Change the value of ―Autorun‖, or create a new DWORD value if it doesn't already exist,
and set the data to equal 0 for Autorun disabled.
Comments: Always disable this option as a security measure. Autorun programs could be
infected and could infect your system too. If the CD contents have been found to be safe by a
scan then you can always use the right-click >> Autorun option on the CD ROM drive.
>> Disable CD Burning in Windows XP

Page | 172
A Beginners Approach to Windows

Edit: Create a new DWORD value, or modify the existing value called ―NoCDBurning‖ to 0 to
allow Recording or 1 to disable CD burning through Windows.
Comments: Windows XP has inbuilt support for CD-burning which can be disabled by using this
edit if you are using a third party tool to burn CDs.

>> Hide the Taskbar Clock
Edit: Create a DWORD or modify the existing one called "HideClock" to 1 to remove the clock
from the System Tray.
Comments: This edit will remove the clock from the System Tray or the Notification Area in
Windows XP.

>> Prevent Access to the Contents of Selected Drives
Edit: Create a DWORD or modify the existing one called ―NoViewOnDrive" to the following
decimal values for the corresponding drives:
A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N:
8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152,
W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863
To hide 2 or more drives just add their equivalent numbers and change the value of
NoViewOnDrive to the sum. For example to hide floppy drive (A:), D: drive and E: drive, add 1 + 8
+ 16 = 25. Change the value of NoViewOnDrive to 25 in Decimal.
Comments: This is a nifty little edit that can be used to prevent access to an entire drive. You
can have a drive full of sensitive data and then use this edit to lock it out.

>> Disable the Ability to Right Click on the Desktop
Edit: Create a DWORD or modify the existing one called ―NoViewContextMenu‖ to 1 to disable
right click on the desktop. Change the value to 0 or delete the DWORD to restore right click.
Comments: This edit will prevent users from right-clicking on the Desktop. You can still right click
on the Taskbar and the Start button though.

>> Clear Page File at Shutdown
Edit: Create a DWORD or modify the existing one called "ClearPageFileAtShutdown" to 1 to
clear the Page File at shutdown.
Comments: The page file is a portion of the hard drive that Windows uses to store parts of
applications and functions that don‘t fit into memory. When a user shuts down Windows, the page
file is not cleared which could be a security issue if access to the drive is possible. The page file
could be read through another Operating System and possibly passwords can be retrieved,
hence the need to clear the page file at shutdown; but again the trade off. Since the page file is
large, flushing requires some time which could affect the overall shutdown time.

Page | 173
A Beginners Approach to Windows

>> Disable Folder Options Menu
Edit: Create a DWORD or modify the existing one called "NoFolderOptions" to 1 to remove the
Folder Options option from the Tools menu of any Explorer window.
Comments: This is one of the most common changes done to the registry by viruses that hide
themselves by changing their attribute to hidden. This edit removes access to Folder Options
from the Tools menu in Explorer. Set the value of NoFolderOptions to 1 to enable or just delete
the DWORD.

>> Restrict Users from Running Specific Applications
Edit: Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable
application restrictions or "0" to allow all applications to run. Then create a new sub-key called
―DisallowRun‖ and define the applications that are to be restricted. Creating a new string value for
each application, named as consecutive numbers, and setting the value to the filename to be
restricted (e.g. "calc.exe").
Note: Never restrict the use of the registry editors.

In addition to these there are several tricks that you can employ without any reference, just navigate
through the various keys and values and experiment and see the changes in your system for
different values. If in case you do not know the exact name or value of key or something, you can
always use the Find feature available through the Edit menu on the Menu bar. The challenges
provided at the end of this chapter will prove to be a starting point for your exploration.

IX.6: The Reg command

In some cases it may so happen that the registry editor may not be accessible, it could be a virus
that has written into the registry to prevent its editing, or it could be a policy imposed by the system
administrator. The registry can be locked out by adding it to DisallowRun (see Tips & Tricks) or by
creating a System Policy. If a program has read/write permissions to the registry, it can very well
modify, add or delete keys. There are viruses that write either the DisallowRun to the registry with
regedit.exe & regedt32.exe as the programs that are disabled or in most cases to achieve
everything in a single value a ―DisableRegistryTools‖ DWORD value set to 1 is written to either




This prevents the running of any standard Microsoft Registry Editing Tools. This policy is so strong
that even some third party non – Microsoft registry Editing Tools are also prevented access.
Viruses may do this so that whatever changes they have done, like removing the Folder Options
menu so that you don‘t see the virus that it is a hidden file, etc cannot be re-edited. The only thing
that even most administrators do is to reinstall Windows.

Microsoft must have come across this problem, hence the reg.exe file was put, atleast I think that
must have been the one of the reasons. Reg.exe is a small command line based utility found in the
System32 folder in Windows XP & Windows 2000 that allows console mode editing of the registry,

Page | 174
A Beginners Approach to Windows

you can view keys of the registry, add keys, delete, export, import and almost everything that the
Regedit program can do. It can also be used through scripts to access the registry. For example
you could use this program to edit the registry add keys read the registry. For people using scripting
tools like AutoIt, this is the only method to delete keys and values from the registry. The reg
program also allows you to access the registry of a remote computer.

To run the reg.exe file open command prompt by going to Start >> Run >> cmd.exe, at the prompt
type reg.exe. The standard output without any parameters is as below:

Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved

REG Operation [Parameter List]

Operation [ QUERY | ADD | DELETE | COPY |

Return Code: (Except of REG COMPARE)

0 - Succussful
1 - Failed

For help on a specific operation type:

REG Operation /?



This program is very important if you are locked out of the registry, hence descriptive analysis has
been taken up. I have simplified each parameter help, since what they display could be confusing to
some people. Try, the examples first, them out by simultaneously keeping the registry editor
(regedit.exe) opened. If reg.exe says that the key or value name was not found, use regedit to
create keys and values then experiment on them using reg.exe.

The commands are not case sensitive, reg add is the same as REG ADD or rEg aDD. Note that:-
HKLM – HKey_Local_Machine
HKCU – HKey_Current_User
HKCR – HKey_Classes_Root
HKU – HKey_Users
HKCC – HKey_Current_Config

Page | 175
A Beginners Approach to Windows

 REG QUERY: Used to view keys and values in the registry.
REG QUERY KeyName [/v ValueName OR /ve] [/s]
KeyName [\Machine\]FullKey
Machine - Name of remote machine. If excluded means local machine.
(Only HKLM and HKU are available on remote machines.)
FullKey - in the form of ROOTKEY\SubKey name
SubKey - The full name of a registry key under the selected ROOTKEY
/v query for a specific registry key, ValueName - The value name, under the
current selected Key, to query. If omitted, all values under the Key are queried.
/ve query for the default value or empty value name <no name>
/s queries all subkeys and values, if queried right at root, will expand the
entire registry.

REG QUERY HKLM\Software\Microsoft\Active Setup /v DisableRepair
Displays the value of the DisableRepair under the Active Setup key.

REG QUERY HKLM\Software\Microsoft\Active Setup /s
Displays all subkeys and values under the registry key Active Setup.

 REG ADD: Used to add keys and values in the registry.
REG ADD KeyName [/v ValueName] [/t Type] [/s Separator] [/d Data] [/f]
/v The value name, under the selected Key, to add
/t RegKey data types
REG_NONE, REG_EXPAND_SZ]. If omitted, REG_SZ is assumed.
/s Specify one character that you use as the separator in your data
string for REG_MULTI_SZ. If omitted, use "\0" as the separator.
/d The data to assign to the registry ValueName being added
/f Force overwriting the existing registry entry without prompt

REG ADD \\Matrix\HKLM\Software\Test
Adds a key HKLM\Software\Test on remote machine Matrix.

REG ADD HKLM\Software\DeltaSquad /v Team /t REG_SZ /d Omega
Adds a value (Name: Team, Type: String (REG_SZ), Data: Omega)

REG ADD HKLM\Software\DeltaSquad /v Weapons /t REG_MULTI_SZ /d
Adds a value (name: Weapons, type: Multiple String Value (REG_MUTLI_SZ),
data: AK47\0MS-242\0Krieg-22\0\0)

REG ADD HKLM\Software\DeltaSquad /v Path /t REG_EXPAND_SZ /d
Adds value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)
Notice: Use the double percentage (%%) inside the expand string .

Page | 176
A Beginners Approach to Windows

 REG DELETE: Used to delete keys and values in the registry. Use with caution.
REG DELETE KeyName [/v ValueName OR /ve OR /va] [/f]
/v Specify the ValueName, under the selected Key, to delete. When
omitted, all subkeys and values under the Key are deleted
/ve delete the value of empty value name <no name>
/va delete all values under this key, NOT the subkeys.
/f Forces the deletion without prompt. Use only in scripts as caution.

REG DELETE HKLM\Software\DeltaSquad
Deletes the registry key DeltaSquad and its all subkeys and values

REG DELETE \\MATRIX\HKLM\Software\Test /v SingleEdition
Deletes the registry value SingleEdition under Test on MATRIX.

 REG COPY: Used to copy keys and values from one subkey to another.
REG COPY KeyName1 KeyName2 [/s] [/f]
/s Copies all subkeys and values from KeyName1 to KeyName2
/f Forces the copy without propmt

REG COPY HKLM\Software\Crap HKCU\Software\BigBoss\Crap /s
Copies all subkeys and values under the key Crap in HKLM to the key Crap
under HKCU.

REG COPY \\MATRIX\HKLM\Software\Omega HKLM\Software\Sigma
Copies all values under the key Omega on MATRIX to the key Sigma on the
current local machine.

 REG SAVE: Used to save keys and values from the registry to a file on your computer.
REG SAVE KeyName FileName
FileName -- The name of the file to save. Filename has to be supplied. If only
filename is given without the full path, then file is created in the current working

REG SAVE HKLM\Software\ControlRoom Data.hiv
Saves the hive ControlRoom to the file Data.hiv in the current folder.

 REG RESTORE: Used to restore keys and values from a file to the registry.
REG RESTORE KeyName FileName
SubKey -- The full name of a registry key to restore the hive file into,
overwriting the existing key's values and subkeys
FileName -- The name of the file to restore. This file should have been created
using REG SAVE.

REG RESTORE HKLM\Software\Microsoft\ControlRoom Data.hiv
Restores the file Data.hiv overwriting the key ControlRoom.

Page | 177
A Beginners Approach to Windows

 REG LOAD: Loads keys and values from a file to the live registry (Only HKLM & HKU).
REG LOAD KeyName FileName
FileName -- The name of the hive file to load. You must use REG SAVE to create
this file.

REG LOAD HKLM\TempHive Data.hiv
Loads the file Data.hiv to the Key HKLM\TempHive. You cannot load inside any
other keys, only at root. Reg.exe will give an Access is Denied Error if the Hive
Key you are attempting to create and load the hiv file, already exists.

 REG UNLOAD: Unloads the specified key from the live registry (HKLM & HKU Only)
KeyName -- ROOTKEY\SubKey

Unloads the hive TempHive in HKLM

 REG COMPARE: Used to comapre keys and values of one subkey with another.
REG COMPARE KeyName1 KeyName2 [/v ValueName OR /ve] [Output] [/s]
If FullKey2 is not specified, FullKey2 is the same as FullKey1
ValueName -- The value name, under the selected KeyName1, to compare. When
omitted, all values under the Key are compared.
/ve compare the value of empty value name <no name>
/s Compare all subkeys and values
Output [/oa | /od | /os | /on] When omitted, output only differences.
/oa Output all of differences and matches
/od Output only differences
/os Output only matches
/on No output

Return Code:
0 - Succussful, the result compared is identical
1 - Failed
2 - Successful, the result compared is different

REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2
Compares all values under the key Delta with Delta2

REG COMPARE HKLM\Software\Delta HKLM\Software\Delta2 /v Team
Compares the value Team under the key Delta and Delta2

REG COMPARE \\MATRIX\HKLM\Software\Test \\. /s
Compares all subkeys and values under HKLM\Software\Test on MATRIX with
the same key on the current local machine.

Page | 178
A Beginners Approach to Windows

 REG EXPORT: Used to export a key and/or subkeys to an importable .reg file.
REG EXPORT KeyName FileName
FileName -- The name of the file to export the KeyName as a .reg file.

REG EXPORT HKLM\Software\DeltaSquad D:\DeltaConfig.reg
Exports all subkeys and values of the key DeltaSquad to the file DeltaConfig.reg
in the D Drive. You can then double click the file to add it back or open in
notepad and read contents.

 REG IMPORT: Used to import keys and values from a file of Regedit format.
FileName -- The name of the disk file to import (local machine only). The file
should be in the standard REGEDIT format, can be created from REG EXPORT.

REG IMPORT D:\DeltaConfig.reg
Imports registry entries from the file DeltaConfig.reg from the D Drive.

The entire reg program was explained here because it can be a life saver if your registry editor is
disabled and you know there is a virus on your computer, but its hidden, and you can‘t access
folder options to reenable show hidden files and folders. The only way (other than gpedit.msc on
WinXP Professional) to get to folder options is by removing NoFolderOptions DWORD value from
the Explorer Policy key in HKCU. You also need the registry editor for several other useful and
creative tweaks. So here‘s how you go about it.

If you get an error saying Restrictions: This operation has been cancelled due to restrictions in
effect on this computer. Please contact your system administrator, when trying to run regedit.exe or
regedt32 or Registry Editing has been disabled by your administrator, then try the following step by
step procedure to get your rights and your registry editor back.
 Goto Start >> Run >> cmd
 At the prompt type
Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
 Check to see if there is a DisableRegistryTools DWORD value set to 1.
 If Yes then delete it by
Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
/v DisableRegistryTools
 You should be able to run regedit now.
 If there is no DisableRegistryTools when you query, then change the reg query to
Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 Check if there is a subkey called DisallowRun, if yes then Delete it by
Reg Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 Regedit should now be able to run, navigate to the Explorer key and delete the
DisallowRun DWORD value also.

Use the reg file for good, programming viruses to delete keys and values is by virtue of computing
bad and distasteful.

Page | 179
A Beginners Approach to Windows


1. Add an option called “Open Paint” on the right click of the Start Button and all folders
which will open MSPaint.

2. Change the shell to Command Prompt. When Windows starts cmd.exe should run
instead of Explorer.exe as the Windows shell.

3. Clear the recent file history of Windows Media Player.

4. Change the My Computer Tooltip to anything of your choice.

5. Hide all the Items on the Desktop.

6. Change the Warning text that is displayed when you remove the check against the
Hide protected operating system files option in Folder Options under the View tab.

7. Change the text in the Time Zone tab of Date & Time Properties in Control Panel.
Change (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi to (GMT+05:30)
Vasco, Panjim, Ponda, Margao.

Page | 180
A Beginners Approach to Windows

Securing Windows

This chapter on Windows Security reveals how Windows Security is jeopardized and what steps
you can take to secure your system from unwanted threats. We shall also see how security begins
at your system level and how it will manifest at the network level. Users and file permissions are
also explained.

After this chapter the reader should be able to:
 Explain how the Administrator account can be dangerous.
 Understand how common Windows API can be used maliciously.
 Explain NTFS Security and its benefits over other file systems.
 Use NTFS Encryption and Access Control Lists to protect data.
 Explain how common viruses work and how to prevent an infection.
 List the advantages of using the Windows Firewall.
 Secure Windows Networks by using share permissions.

Page | 181
A Beginners Approach to Windows

Secure systems aren‘t a far-fetched dream. A comprehensive knowledge of the realm of security
and managing resources should hold strong enough to keep intruders at bay. Below is a layman‘s
guide to secure computing with Windows. A brief inspection of key features of Windows XP like the
support for NTFS, user access control lists and patch work has been taken up.

X.1: Security – An Overview

No Operating System is entirely secure. The bad guys out there are continuously finding holes in
systems that allow them to gain control of computers remotely. The good guys also do the same
but also create patches or explain how to patch the hole or what necessary preventive measures
have to be taken to keep your system safe. Security can be divided into 3 distinct subjects: System
Security, Network Security and Web Security. These distinctions are custom made by me since
they best describe the security scenario on the whole. System security pertains to the desktop level
and file system level security. This includes data isolation from unauthorized prying eyes and user
access rights and management. Network Security deals with perimeter based defense mechanisms
and access to shared network resources and protocols. Web Security deals with the understanding
of the Internet and browsing securely out there. The realm of Web Security also contains Web
Application Security and End server security.

Most insecure systems today are not due to smart hackers but due to users with restricted
knowledge of the security scenario. The combination of System, Network and Web security truly
covers all the aspects of Secure Computing. Operating Systems and Network resources if securely
taken care of, can be utilized without any hindrance and to its full potential.

Internet, the biggest library of digital information on this planet is also the weakest network of
computers. The Internet has brought people from different nations and social strata closer via its
services like e-mail, voice chats, messengers, blogs and forums. Tons of information on literally
anything ranging from a grasshopper‘s digestive system to NASA‘s Hubble Space Telescope
photographs is available online. Everybody uses the net, but hardly anybody thinks of its
undocumented side, Internet Security. The Internet is, at its core, a global connection of many
millions of computers that belong to companies, universities, banks, research facilities, defense
wings, governments and individuals. Any possible network attack at a 2-computer network level is
also theoretically applicable to the Internet. People wake up to this fact after they have been hard
hit. Why bother? Some ask. I have nothing of importance on my hard disk, many home users say.
But won‘t you be surprised if your photograph (kept safely in the My Documents folder of your PC
at home) turns up on a porn website, digitally edited to look authentic. It can happen. Companies
and banks have crashed. Several people have got their self-respect disgraced. Firms have gone
bankrupt overnight; millions have been lost in revenues all because of sheer negligence.

How do all these seemingly impossible situations arise? To understand and proceed further let us
get one image clear. Networking gurus are basically divided into 2 tribes by a thin line; hackers and
crackers. Any computer criminal these days is branded as a hacker, which is explicitly incorrect.
Hacking is a term in the online world that reminds you of a guy with a cap on his head, sitting in
front of a computer screen in the dark, busy typing crap on a terminal window with CDs and pizzas
strewn around. This is certainly not the correct picture. Hackers are usually good system
programmers and network administrators who actually search and patch security holes in local or
remote systems. Then there are crackers. Crackers are sadistic hackers who have turned bad just
to grab immediate publicity, but what they don‘t realize is the amount of chaos and damage they
are causing to the hacked systems and their users. They essentially use the same tools that a
hacker uses but to gain notoriety. Computer Crackers commit various nefarious activities that
include password stealing, phishing, accessing and manipulating sensitive data that could range
from credit card numbers to classified military projects.

A lot of companies and millions of users worldwide have woken up to the threat of cyber crimes.
Netizens are now on the watch for cyber criminals. There have been several cases of website

Page | 182
A Beginners Approach to Windows

defacing and in some cases entire business websites have been brought down. Distributed Denial
of Services (DDOS) attacks were considered theoretically possible before Yahoo!, EBay and
CNN.com crashed in 2000. Crackers, in DDOS, compromise several small weak networks and
exponentially break into still weaker networks and then using these final end systems flood web
servers with bogus data packets essentially causing these remote machines to hang and thus
causing denial of valid services to its valid end users. You may not even know your computer was a
part of a DDOS attack. In the beginning when computers were used by university researchers to
send and receive emails and networks were used for sharing printers, nobody had thought of terms
like firewalls, BackOrifice, l0phtcrack or Cain & Abel. But now as millions of people and thousands
of corporate houses worldwide are using the Internet and networks for banking, shopping, research,
chatting, auctions, education and defense related works, the amount of sensitive information that
can be intercepted is mind-boggling.

Then there are viruses and Trojan horses. Computer viruses can be anything from user generated
scripts to carefully compiled executables. Viruses have been with us since the day program buffer
overruns and process bugs (programming errors in applications that crash the program whenever
an invalid data entry is made) were discovered in Operating Systems and user friendly Operating
Systems were developed. Viruses can come through emails, through removable media like floppy
disks, CD ROMs, USB drives or through the network in general. If you go online frequently and if
you find your computer running miserably slow, then chances are that you are infected. Trojan
horses are an interesting class of software, the most famous examples being BackOrifice and
SubSeven, which are based on the client server model and which allow a remote user to control the
host computer remotely. These unwanted programs are usually hidden inside another program and
install and run themselves when you run a seemingly harmless application; that is precisely the
reason they are called Trojans. Hackers can move the mouse cursor on the remote machine, turn
the desktop upside down, run applications, upload and download files, turn off the remote machine
and lots of more stuff sitting in the comfort of their homes. It may sound fun but it can be frustrating
for the end user. Trojans can be run as local applications and can be started in listening mode at
system startup. You won‘t even know your computer has a Trojan running in the background unless
you run a complete system scan or open Task Manager and scrutinize each process under the
Processes tab. An understanding of the working of the sadistic hacker and his inventions will save a
lot of time and energy in reinstating the whole system from scratch.

You may have arrived at a point in your computing life when your beloved computer was infected
with viruses and somebody told you to format and you had to hesitatingly format your hard disk
losing all your precious data and years of memories. If you have gone through that painful phase of
life then this chapter is meant for you (even if you haven‘t gone through it, carry on anyways).
System formatting is not always the option when it comes to gaining back control over your system.

Windows has been programmed to be user friendly while keeping most of its working in the
background. As we saw in the chapter on the Windows Registry, how easy it is to manipulate the
system. Most viruses take advantage of this fact and are devised in a way so as to use the systems
features to hide them. To add salt to injury, users like you and me usually end up running the virus
themselves. How many times have you double clicked on a normal looking exe and it did nothing?
How many times have you cursed Windows for this unusual behavior? The truth is that knowledge
is a vital weapon to combat menaces. You can start taking precautionary measures right from the
point when you create a new user. Let us see how.

X.2: The Administrator‟s Dilemma

Everybody would want to work on their computers as Administrators without realizing the potential
damage that this could cause. By default, when you install Windows XP, the Home Edition version
creates a password less Administrator account called Owner and the Professional Edition makes
you create User Accounts after install. In both the cases the user accounts that you use to login

Page | 183
A Beginners Approach to Windows

finally usually belongs to the administrator group. To understand how Users are actually allocated
control over the system, we need to see the general groups that exist on a Windows machine.

Windows, as you know by now, groups users on the basis of their administrative rights, or in more
simpler terms, based on their system rights. The all-powerful group is the Administrators group. In
fact there are three fundamental groups of users who exist on a given Windows machine. There will
definitely be more then three but understanding these three is of primary importance.
Administrators, Power Users and Users comprise the systems standard set of user groups.

Administrators: Administrators have system wide access. They can schedule tasks, install and
uninstall programs, edit the registry to make system wide changes, take system backup using the
backup utility, create and delete partitions, change file permissions, encrypt and decrypt files and
folders, create and delete users, change user groups, create network shares, create system restore
points, install service packs or upgrade the Operating System, install drivers for hardware, start,
stop or change service parameters, enforce password policies, create network connections and
take ownership of files that have become inaccessible. Administrators practically are omnipotent on
a Windows machine.

Power Users: The rights of Power Users lie between that of Administrators and Users. Members of
this group, by default are allotted permissions to modify system wide settings. Power Users can
perform any Operating System Task except those that are reserved for the Administrators. Power
Users can install programs that do not modify Operating System files or install themselves as
System Services (Antiviruses for example), customize system wide resources like printers, date,
time, power options etc., create and manage users and groups, start and stop services that are not
started by default.

Power users cannot add themselves to the Administrators group nor can they add others. Power
Users do not have access to the files and folders of other users if on an NTFS partition unless they
have been given file access permissions, we shall see how that is possible in the coming pages.

Users: Users have absolute restrictions in terms of system wide changes are concerned. Users
cannot install programs, nor can they run content that has not been signed by Microsoft. Users also
cannot edit the registry keys that will affect the local machine. Users have full control over the files
that they create and their data folder (%userprofile%) and their portion of the registry
(HKEY_CURRENT_USER). Users can shutdown their computers only if they are workstations and
not servers. Users are stripped of all rights and permissions on objects that could modify system
parameters. Users can‘t even modify the system date!!

 To view all the user groups on your computer, goto Start >> Run >> cmd. At the
prompt type “net localgroup” without the quotes.

Apart from these three, there also exist other groups like the Backup Operators and the Guests.

BackUp Operators: Members of this group can backup and restore files on a computer regardless
of any permissions that protect those file. Backup Operators cannot change system security

Guests: This group usually has just one user called, well… Guest. Guests can login and logoff and
browse the file system. Many security issues have been attributed to the guest account including
some which relate to a system compromise and it is hence advisable to disable this account
whenever possible. To disable the Guest account on a Windows XP Professional machine open
Computer Management through the Control Panel >> Administrative Tools. Under Computer
Management expand Local Users and Groups >> Users. You will be able to see all the users on
the current local machine listed here. In the right hand pane, right click on the Guest account and
select Properties. Under the General Tab, select the Account is disabled. Click OK to Apply

Page | 184
A Beginners Approach to Windows

settings and exit. You can in fact disable any account from here if you are a member of the
administrators group except for built-in accounts (the Guest is an exception).

A simple scenario should expose the seriousness of the problem and also help you understand
which user account could be the most dangerous and which the least. Consider this: Your friend
gave you program that he downloaded from the Internet. This program claims to be a prank
application, which allows you to move the start button around the taskbar. You are proudly logged
in the only account on your computer, the Administrator. You execute the program and lo your Start
Button moves around, so far so good.

Moving the Start Button - Print Screen 10.1

You smile at yourself for your cheesy accomplishment. Then you close the program, causing the
start button to return to its normal corner and continue working. Suddenly you find your screen turns
upside down. Then the shutdown timer pops up counting down from 15, you try opening the Run
box to stop the shutdown and you are greeted with a Restrictions message, as you helplessly
watch your mouse dance around the screen, the shutdown timer ends counting with 2 seconds to
spare. Then you are forcibly logged off. You frown in disbelief and log in again, just to find that you
can no longer access any drive in My Computer. You also find that you have been locked out of the
registry too.

Sounds far fetched? Not at all I ssay. This was an example of a Trojan Horse that was possibly
hidden in the prank program. Claiming do one thing but does loads of other stuff that you can‘t
account for. In fact it is extremely easy to program an application that does all that and much more.
Ok let us understand how the application did all what it did, then we shall see the simple steps you
can follow to thwart any such scrupulous behavior of any unknown application. Most of what the
application did was possible with the use of common Windows API and some clever programming.
APIs as you‘ll already know are functions inside dlls that allows Windows and other applications to
interact with each other.

To turn the screen upside down, a screen print was taken, rotated by 180 as a bitmap and then
displayed ‗Right on Top‘ of the desktop, all using APIs. You can find a harmless implementation of
the Right On Top function (SetWindowPos function in User32.dll) in Task Manager under the
Options menu which when selected causes the Task Manager to be on top of any window, either
newly opened or previously existing.

A 15 second shutdown timer is displayed using the command shutdown –s –t 15 which also
causes an internal timer inside the application to be start that keeps the record of the number of

Page | 185
A Beginners Approach to Windows

seconds passed so that an abort shutdown can be issued to dramatically stop the timer at 2
seconds to spare.

A DWORD NoRun is added to the \Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer key of either the HKEY_LOCAL_MACHINE or the HKEY_CURRENT_USER in the
registry to prevent the run box from opening. The change will be effective if the policy is applied at
the Local Machine level since it will be imposed no matter who logs on. But for the Run Restrictions
to become effective, you have to logoff or restart, which you haven‘t done till this point, then how
does the policy come into effect? The simple answer is that explorer.exe was enumerated from the
process list by using another common API (Process32Next in a loop till Exe name = explorer.exe)
then terminated by passing its PID to another common API (TerminateProcess()). Both functions
are found in the kernel32.dll file. Explorer restarts and reads the new values from the registry thus
enforcing the policies. All this happened when the inverted screen was displayed on screen.

The mouse cursor can be made to move around the screen by using another API (SetCursorPos
from user32.dll) by supplying it with the x and y co-ordinates of the point where you want the mouse
cursor to be set.

There are various methods to force a user to logoff, but the simplest is by issuing the command
logoff or shutdown –l –t 00. The application by this time has already done majority of the damage.

All drives in My Computer can be disabled by adding the NoViewOnDrive DWORD policy in the
Explorer key of the registry under the Local Machine or the Current User with a value of 67108863
in decimal. Using the DisableRegistryTools DWORD policy in the System key locks out the
registry editor.

This was in no way a comprehensive list. There are several hundred APIs that Windows and
applications use for their normal working and several of them can be exploited to wreak havoc on a
normal looking system. You don‘t even have to execute the exe in order to run, applications (or
more specifically code) can be run even if you do a seemingly harmless task like viewing a
webpage. Code can be downloaded and run without the knowledge of the end user. Scripts in web
pages could potentially ruin your system if proper care has not been taken to prevent their

This example was taken just to prove a simple, yet an often overlooked, aspect of computing, the
Administrator account is potentially the most dangerous account on a system, and be it a
standalone machine or a computer on a network. When a program runs when an administrator is
logged on, the application too runs in the same permission space thus creating a big loophole for
untrusted applications to play around with your system. The safest account is a normal user
account with no privileges at all. With a normal account you can surf the Internet (a little more
safely), run programs that will accidentally not cause system wide changes, play games, listen to
music, watch movies and create word documents, all this without the fear of accidentally messing
up your system at the end of the day. In fact the Administrator account should be used sparingly
perhaps only in cases of an account lockout or user settings corruption issue. Applications can be
installed in a normal user account by using the RunAs feature on the right click of the setup file.

This calls for the use of best practices that come after years of experience after working with
Windows. But before we go ahead and implement security policies and other edits, let us
understand what role does NTFS play in keeping our data secure and what features of it can be
used in providing a safer computing environment.

Page | 186
A Beginners Approach to Windows

X.3: NTFS Security – The ACL Story

An advice that all Microsoft Certified Professionals will give you is to convert your current file
system to NTFS. We have already seen an overview of the NTFS File System; now let us see it
through a security context, touching upon access control lists, file permissions and encryption.

NTFS provides file level security through its much talked File access permissions which are
implemented through the use of ACLs or Access Control Lists. Let us see how file permissions are
assigned and how you can protect your data using them.

As we all know, by now, the MFT or the Master File Table contains attribute records of all files and
folders on an NTFS volume. Among these attributes, there exists a special attribute called the
Security Descriptor (SD) which contains information related to security and permissions of the
corresponding object. Within the SD, amongst other information there exist lists which define which
users have access to the object (file or folder) and to what level of access is permitted to them.
These are called Access Control Lists or ACLs. Every object on an NTFS partition has two types of

 System Access Control List (SACL): This ACL is used to audit success and failures of attempts to
access an object. Read ahead for an example.
 Discretionary Access Control List (DACL): This ACL is where permissions are stored that dictate
what users and groups are allowed what type of access to an object.

At this point, DACLs should be of primary importance to us since they contain access permissions
and DACLs are broadly referred to as ACLs. To view the ACLs of an object on an NTFS volume,
right click any object, a file or folder and go to Properties. Click the Security tab to display a
summary of the ACLs. This page allows you to set permissions for the particular object. You can
add users and groups and assign individual permissions to them. You can see current permissions
to various users and groups in the upper frame of the page. The user names and group names are
followed by their network names too whose format is computername\username or
computername\groupname. In the figure the computer name has been erased for, well.., security

The permissions pane will show you what different permissions can be assigned to an object. This
list is by no means comprehensive. A little ahead we shall see the entire DACL Entry for an object.
A DACL can accept a negative ACE (Access Control Entry) or a positive ACE. The Allow or Deny
are just that. If you are the owner of the object (if you have created the file or folder or if it was
created by a process running when you were logged on if the object was created by using your
login credentials) then you can change permissions and assign individual restrictions to users and
groups. The summarized permissions that you see on this page are Full Control (allows all access
to the object), Modify (allows Read & Execute + Read + Write), Read & Execute (allows read
access and execute functionality), Read (allows Read access), Write (allows write access) and
Special Permissions (allows operations like delete, change permissions, write extended attributes

One thing to bear in mind is that a Deny is given preference over an Allow permission. For
example consider a user called Riyaz who belongs to the Administrators group who have full
control over an object. Now if Riyaz is denied access to write, then this setting takes priority and
Riyaz is denied write access, even though the group to which he belongs has Full Control.

Page | 187
A Beginners Approach to Windows

Summarized DACLs for Secret.txt - Print Screen 10.2

Let us now see how you can use DACLs to protect your data. Consider our file secret.txt that
contains all your passwords and usernames. By intelligently employing file permissions, you can
easily prevent access to any user on your computer whom you do not want the file to be accessible.
Go to the properties of the file. Every new file or folder created on an NTFS volume will by default
Inherit the security permissions from the parent folder. This means that if you create a file inside
D:\MyData\, then by default the file permissions will show other users and groups if they have been
defined in the permissions for D:\MyData\. As mentioned earlier, what you see under the security
tab is the summarized values of access types to an object. You can view the entire list under the
Advanced Security Settings page. Click on Advanced. Here under the Permissions (the first tab)
tab, you will see the list of users/groups who have access permissions on your file.

Page | 188
A Beginners Approach to Windows

Advanced Security Settings for Secret.txt - Print Screen 10.3

Also you will see that an option that allows file permissions to be inherited from the parent is
checked. For now uncheck the option, and click on Remove on the warning that comes up. This will
probably clean out the whole list from view. This effectively gives a Deny to ―Everyone‖ on the
computer. Click on Add to open up the Select User or Group box. Here you can type your
username and click OK or for a safer and sure approach, click Advanced and the Find Now.
Select your username from the search result and then click OK.

When you click OK, the Permissions Entry page will open up showing you detailed access
permissions of the DACLs for your secret.txt file.

Page | 189
A Beginners Approach to Windows

Effective DACL permissions for Secret.txt - Print Screen 10.3

Click on Full Control to automatically select all other permissions. Then OK your way back. You
now have a file that is accessible to only you and nobody else. Try it out, logoff and login as as any
other user and try accessing the file.

You can even customize permissions in such a way so as to have no write permissions for a user
and allow only read permissions. You do not have to repeat the entire procedure detailed above.
You can add a new user from the Security tab itself. Go to Properties >> Security, click on Add >>
Advanced >> Find Now. Select the User you want to change permissions for, then OK your way
back to the Security page. Here change the permissions by selecting the user in question. You can
even edit file permissions for the Administrator so that he gets only read and no write permissions
on your file.

Page | 190
A Beginners Approach to Windows

Denying Administrator Write for Secret.txt - Print Screen 10.4

Use file permissions judiciously, always give at least one account the rights to ‗Take Ownership‘
(effective permissions) of the file, in case you ever consider your account for deletion. Taking
Ownerships helps you gain access to files and folders that are not accessible. In case you denied
other users (not ‗Everyone‘ since that would include you too) access to a file or folder and then it so
happened that you had to delete and recreate your account, then you may not have access to your
data. This comes as a very important point since all your precious data might be there right on the
desktop and yet you may not be able to open it. To reclaim your data in such cases taking
ownership is the only way out (as far as I know ;-)).

You have to be the Administrator or a member of the Administrator group to be able to Take
Ownership. Right click on the folder to which you get an access denied message, go to Properties
>> Security tab >> Advanced >> Owner tab. Select your current username here. If your username
is not listed then you can add your username by clicking on the Other Users or Groups >>
Advanced >> Find Now and then by selecting your username from the list. select the Replace
owner on subcontainers and objects check box which will be visible only if you are taking
ownership of a folder. This checkbox will not be visible while taking ownership of files. Click on
Apply and click Yes when you are prompted with the following message:

You do not have permission to read the contents of directory <folder name>. Do you want to
replace the directory permissions with permissions granting you Full Control?

Upon clicking Yes, all permissions will be replaced. This method is very effective for companies
where user accounts are created for employees and when they leave the job, there could be data
that should be retrieved back in the interest of the company. Use File permissions with care. Don‘t
lock yourself out of your data, as it has happened to me on several occasions ;-)

Page | 191
A Beginners Approach to Windows

Encryption, or the process of disguising a message or data in such a way so as to hide its actual
meaning, is possible in Windows by using the Encrypting File System or EFS. EFS is supported on
Windows 200, Windows XP Professional, Windows Server 2003 and its variants. EFS is not
supported on Windows XP Home Edition.

EFS works by way of creating cryptographic private keys that allow the user transparent access.
Whatever data you encrypt will be inaccessible to other users, irrespective of what permissions
he/she has. This is the advantage of using Encryption over file permissions. Your username and
your password is used when creating the Private Key required to decrypt files when you try to
access them. Hence, you may have noticed that when you attempt to change the password of
another user through Control Panel >> User Accounts in Windows XP, you are presented with a
warning that says the user will lose all his EFS-Encrypted files. This happens because the key is
not updated with the new password if another user changes it.

The decryption process happens automatically without any prompts, well of course if you are the
user who encrypted the file in the first place. We can provide encryption in two ways. One, you can
encrypt a single file and two; you can encrypt a whole folder so that all files in it and those which will
be added to it later will be encrypted by default. Encrypted files are shown in a different color in
Explorer. By default it‘s green, but anyways you can change that by using a registry edit.

Let us use our Secret.txt file as an example. Create the file anywhere on your computer (and
remember where you created it.), preferably in the root of C:\. Write some data into it and save the
file. Then right click on the file and select Properties. Click on the Advanced button next to the
Read-only and Hidden attribute check boxes. In the Advanced Attributes box that opens up, select
the option that says Encrypt contents to secure data, click on OK and Apply. That‘s it. You have just
made your file inaccessible to prying eyes.

Encrypting Secret.txt - Print Screen 10.5

Page | 192
A Beginners Approach to Windows

To test your adventure, log off and log in as another user. Try accessing the file. You will be
surprised as to how easy this was. Encryption can really be a life saver.

Encrypting a folder can be really advantageous since you have to just encrypt it once and all files
added to it are encrypted by default. When you are encrypting a folder, you will be presented with a
Confirm Attribute Change dialog box where you have to select the second option that allows you to
apply changes to subfolders and files. Enabling this option allows you to add files to this folder,
encrypting them on the fly. You are saved from the hassle of encrypting every file and folder that
you need to be protected.

Applying encryption to subfolders and files - Print Screen 10.6

To ease the encryption and decryption process, you can add or modify a setting in the registry that
allows you to shorten the process and reduces the entire ordeal to a right click option. Open the
registry editor and navigate to
Create a new DWORD value and name it to EncryptionContextMenu and modify its value to 1.
Changes are usually immediate and you will see an Encrypt/Decrypt command at the context of
files and folders.

Bear caution while dealing with user accounts; do not change your passwords from another
account unless absolutely unavoidable.

X.4: Password Policies and the Password Reset Disk

Safe passwords are easy to construct and remember too. Contrary to popular belief, long
passwords are not necessarily strong. This section of the chapter will give you an insight into what
goes in constructing a strong password and creating a Password Reset Disk that Windows XP
users can use to login in case they have forgotten their passwords.

Password policies can be applied by the Administrator on a Windows XP Professional box that will
govern the nature and behavior of the passwords of the users created on the system. Before
creating any accounts on the computer, create password and account polices for users by using the
Security Policy Editor. Remember that strong passwords are a necessity of a Windows box.

Before we actually get into defining polices, let us first understand what a strong password
comprises of. To start off with, a strong password comprises of at least 14 characters and should
not contain your username or computer name or a dictionary word or any other personal
information. Assuming you are a big Harry Potter fan, let‘s use a word from JK Rowling‘s world to
construct our strong password. How about expelliarmus? The most common type of passwords

Page | 193
A Beginners Approach to Windows

people use usually contain leetspeak, which is a type of written slang that replaces letters with
numbers or other characters that look like the original alphabet. You must have seen people on the
internet calling themselves w@rl0[k (warlock), 0r|)3r (order) etc. These are handles that people use
to hide their identity. Let‘s use this same concept in constructing our password. Thus expelliarmus
could be written as 3x|>3ll1@rmu$. You could then add some special characters at the beginning
or end. Our final password could look like #3x|>3ll1@rmu$~. Now that‘s difficult to guess but easy
to remember.

The above method actually satisfies all the three criteria that I can think of for a strong password.
First of all, it does not contain your name in it and it is larger then 14 characters. Secondly it uses
alphanumeric and special characters and thirdly it is not easily guessable.

Passwords have to be longer then or at least 14 characters in length. Don‘t even think about using
personal information like birthdays, girlfriend‘s name, place of birth, or the name of your dog. Also,
don‘t use words from the dictionary. If you have more than one email ID or if you use multiple
services that require passwords (email, gaming, chat, forums and music download) then don‘t use
the same password for all the services. Also always keep it a mixture of alphanumeric and special
characters. It is also advisable to change your Windows login password often.

To create password policies on your Windows XP Professional box, go to Start >> Run and type
secpol.msc. This should start the Local Security Policy Editor. Remember, if your machine is a part
of a domain (large corporate offices for example) then the Password Policies are set at the domain
controller level and there isn‘t much you can do as a user. In our workstation example after you
open the Security Policy Editor, expand Account Policies and then select Password Policy. You can
change various parameters here. Double click Maximum password age and set the password
expiry days as 21. Then double click the Minimum password length and set the character length to
14. A value of zero indicates your system does not require a password to login. Then the most
important setting, double click on Password must meet complexity requirements and change its
setting to Enabled. Change your current system password to match the policies you have described
and then logoff and logon again.

Along with the password policies you can also set the Account Lockout Policies. These policies
come into effect if an invalid logon attempt is made to your system locally. For example if a
malicious user uses your system and tries to login by guessing your passwords, then you can
create a policy here that describes after how many login attempts will the account get locked and
for how much time.

To create these policies, click on Account Lockout Policy. In the right hand pane you will in all
probability see three options. The first and the last will be set to ‗Not Applicable‘. If this is the case
then it is because of the Account lockout threshold value being set to 0 invalid logon attempts.
Double click on it and change the value from 0 to 5 login attempts and click OK. You will be
presented with a Suggested Value Changes window that shows that the options for the other 2
settings have now been changed to 30 minutes. Click OK for now and then change their values
individually. You cannot set the account lockout duration to a time smaller than that of the reset
account lockout timer. Keep them the same, probably 15 minutes for optimum usage.

Page | 194
A Beginners Approach to Windows

The Local Security Policy Editor on Windows XP Professional - Print Screen 10.7

Windows XP provides a convenient way to reset your account password with the use of a
Password reset disk. It is easy to create and use. Always bear in mind to safely protect your disk if
you have created one.

A Windows XP Password Reset Disk will not work for any other computer other then on which it
was created. To start you will require one blank, formatted floppy disk. The procedure is a little
different if you are a limited user. Administrators can create floppy reset disks for any user on the
local machine whereas a limited user can do it only for his account. If you are an Administrator and
if you wish to create the disk for another local user or yourself then:
Go to Control Panel >> User Accounts. In the User Accounts pane, click the account that you want
to work with. In the Related Tasks on the left of the window, click Prevent a forgotten password to
start the Forgotten Password Wizard, and then click Next. Insert a blank, formatted disk into drive
A, and then click Next. In the Current user account password box, type the password for the user
account that you selected, and then click Next. If the account does not have a password, then keep
this space blank. In case the user creates a password later, you could reset it using the floppy disk
instead of User Accounts to preserve the EFS certificates and Encrypted data.

When the Progress bar reaches 100% complete, click Next, and then click Finish. Remove the
floppy disk and keep it in a safe place.

 It is very important to keep the floppy safe because it could be used to compromise
the system as well as the data on it.

If you are a limited user then the only change is that the Prevent a forgotten password option is
available only on your account details in User Accounts. In that case when asked to enter the
password during the creation of the reset disk by the wizard, enter the password of your account.

Now we are ready with the reset disk, let‘s use it to reset the password assuming you have
forgotten it. Logoff your account and at the welcome screen click on your username and instead of
the password press Enter or click on the login arrow. You will be presented with an error message
that looks like this.

Page | 195
A Beginners Approach to Windows

Did you forget your password?
You can click the "?" button to see your password hint.
Or you can use your password reset disk.

Please type your password again.
Be sure to use the correct uppercase and lowercase letters.

Click use your password reset disk. This should start the Password Reset Wizard. Click Next. Insert
the password reset disk into drive A: when prompted to and then click Next. Type and confirm your
new passwords in the space provided. You could also keep a hint as a reminder if you forget again.
Not advisable though. Click Next, and then click Finish. The Wizard will quit and you will be
returned to the welcome screen. Type your new password and press Enter to log in.

You do not have to worry about re-creating the password reset disk because the disk is
automatically updated with the new password information. Hence it is absolutely necessary to store
the floppy in a safe and secure location.

X.5: Malicious Code and Common Infections

Viruses, worms and Trojans have always tortured lives of Windows users. Many a times people
grudgingly format there computers losing all their data and painstakingly reinstall Windows and the
several other applications that were installed. Several virus infections can be detected by running a
good antivirus. I wouldn‘t pass judgment on the ones I know but would definitely recommend a few.
Kaspersky, McAfee and Symantec provide products that are really worth the money. These
antiviruses (and many others) provide features like On-Demand Scanning and Real Time
Monitoring of files. A user can invoke an antivirus program to scan the entire hard drive or specific
files and folders, this is called On-Demand Scan and is available in all antivirus softwares. Real
Time Monitoring works by examining system calls and I/O read write operations thus eliminating or
suppressing threats before the viral action is completed. However this can cause substantial
amounts of CPU cycles to be consumed.

A virus is defined as a computer program that has the capability of copying itself and infecting other
computers on which it is taken or networked too. Sometimes Trojan horses, worms and other forms
of malware are also incorrectly referred to as viruses. Viruses spread through computer networks,
emails or through removable media like floppies, CDs and USB drives. Most often then not worms,
viruses and Trojan horses are confused with each other. Viruses require a host to propagate. They
copy themselves into the host file and when a user runs the file the virus code is run thus infecting
other files and doing whatever action it was meant to. Worms on the other hand can propagate
without the need of a host. A worm usually copies itself as individual files and runs in memory
creating copies of itself into removable media and network shares. Finally, a Trojan horse is a
harmless looking application that appears to do some harmless activity, but carries a payload that is
executed when run. Trojan Horses are used to deploy other nasty applications like key loggers,
remote administration tools like BackOrifice and NetBus, and even erasing and overwriting data on
a computer. There are applications available that allow you to join multiple files, the harmless
application and the more sinister one so that they appear to be one program but both are executed
when run. Many prank programs come with other malicious code. Simple applications like those
that allow you to open and close your CD Rom drive tray may install a backdoor that allows a
remote user to connect to your computer, transfer files and capture keystrokes. Imagine if you were
typing your password for you mail account or credit card number at a shopping site!! The variations
of these actions are huge.

Viruses come in different forms. As the battle between anti virus companies and smart system
users on one side and virus writers on the other side continues, the bad side is getting smarter
faster then we can cope. Today‘s viruses can modify their code so that anti viruses don‘t detect

Page | 196
A Beginners Approach to Windows

them. Most antiviruses have virus signatures in their databases. These are pieces of code that are
obtained from the virus. An executable is compared with this database to see if it contains the
signature, if it does, it is flagged infected. Polymorphic viruses beat this type of scan method by
changing the code while keeping its algorithm intact. Several other methods to prevent detection
may also be employed by viruses. Some viruses even terminate the antivirus process from memory
before it can be detected!! Some antiviruses detect the change in file size of an executable and flag
it infected if it changes. Viruses have even beaten that by infecting these files yet not increasing
their sizes. They accomplish this by overwriting unused areas of executable files.

Viruses can chiefly be divided into two types based on the basis of their behavior when they are
executed. Nonresident viruses, when executed, immediately search for other programs that can be
infected, infect these files, and finally transfer control to the application they had infected. Resident
viruses do not search for hosts when they are started. Instead, a resident virus loads itself into
memory on execution and transfers control to the host program. The virus then stays active in the
background and infects new hosts when those files are accessed by other programs or the
Operating System itself. This allows the virus to infect a new file whenever it is accessed by the
Operating System. There are viruses that can infect even Word and Excel files or any file that
supports code execution called Macros. Macros in documents allow a user to repeat a certain task
or perform a certain action that is programmed by the user. For example a macro could be written
in Outlook Express that checks for the subject line when you send a mail and pop up a message
that tells you that the Subject line is blank. This helpful feature is often exploited by virus writers to
write code that gets executed when you open a file, infecting other files and probably mailing a copy
of itself to all the people in your address book.

Viruses have also been known to modify the boot sector of the hard disk. These viruses, aptly
called boot sector viruses, modify the boot sector so that the virus gets executed every time you
start the computer. The control is then transferred to the actual boot loader.

Anti-viruses use two common methods to detect viruses. The first and the most common method of
virus detection is using a list of virus signatures. Antiviruses examine the content of the computer's
memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives,
floppy drives), and comparing those files against a database of known virus signatures. If a match
is found then the user is presented with options of deleting, cleaning or quarantining the file. Virus
signatures have to be updated regularly to protect your computer and data from new threats. The
second method is to use heuristic analysis to find viruses based on common behaviors. This
method allows detection of viruses of which signatures have not yet been created by the antivirus
company. Heuristic analysis can create a lot of false positives, or may flag legitimate files as
infected since the scan engine checks for common viral action like file replication or file overwrite or
append. A combination of the two can keep many threats at bay.

Worms are self replicating computer programs. They use computer networks and removable media
to spread. Most often then not, the most popular worms have spread through email as attachments.
Notable examples of these include the Sobig and MyDoom worms. Worms, unlike a virus, do not
need a host program to propagate. Worms can also be used to carry payloads and trigger emails to
certain addresses thus spamming users with thousands and millions of emails bringing down the
entire mail system. This attack when done from multiple points is called a Distributed Denial of
Service attack. Worms largely rely on emails and networks to spread causing network bandwidth
issues and traffic congestion. An email worm when executed usually sends a copy of itself to all the
users in the users contact list. Since the email appears to come from a trustworthy source (you in
this case) the recipient opens the attachment causing the worm to send more copies of itself to
everybody in the recipients contact list. This causes a rapid spread of the worm and in no time
millions of computers are infected. Most worms just spread without harming the system (except for
the network congestion) but some worms carry payloads and drop them on the infected systems.
These payloads may include keyloggers, backdoor programs and even viruses amongst others.

Page | 197
A Beginners Approach to Windows

Most often then not worms will remove access to Folder Options, the Registry Editor and the
command prompt. In several cases the Task Manager is also disabled displaying an error saying
“Task Manager has been disabled by your administrator” when you press Ctrl+Alt+Delete.

Task Manager Disabled - Print Screen 10.8

This is done by setting the DisableTaskMgr Dword value in the registry. The worm, if in memory,
will reset any changes done to the registry immediately after you change settings to normal. Hence
the approach is to terminate the application from memory and then attempt to change settings

Many worms exploit the ignorance of several Windows users. Windows by default hides file
extensions for known file types and hides hidden files and folders. Worms and even viruses take
advantage of this fact. Worms create copies of themselves with the icon of a Windows folder and
hide the original folder. Since Windows does not show file extensions for known file types, the exe
extension is hidden and what the user sees is an innocent folder. When double clicked nothing
visible may happen, but the worm will get executed causing more copies of itself to be made in
other folders on the system. Worms prevent access to Task Manager because it is possible to
terminate the application from memory if you can open Task Manager and go to the Process tab.
Access to Command Prompt is denied to prevent you from running the tasklist, to display current
processes, and taskkill, to terminate tasks using their Process Identifiers (PID) or image names
and to also prevent you from running the reg command to change registry settings. Finally access
to Folder Options and the registry editor is denied so that you cannot unhide folders and or modify
registry values. Generally people prefer to use the Registry Editor instead of the reg command line
tool which can easily provide access to the registry even if you have restrictions using regedit.

Tasklist showing running processes - Print Screen 10.9

Page | 198
A Beginners Approach to Windows

Many worms also create Autorun.inf files in the root directories of all the hard drives and have the
open command set to the name and path of the application. An Autorun.inf file, as you will know, is
a file that contains information about the action to be taken when a default command is executed.
The default command on a drive is to Open it. When you double click on a drive in My Computer it
should open by default in explorer. But the presence of an Autorun.inf file causes an autoplay
option to be added. Even this text can be modified to something more inconspicuous like Open.
etc. Since the Autorun.inf file and the file or files it causes to execute when you perform the default
action are hidden, most often then not, with the system attribute set causing them to be
superhidden, you will not see them when you manage to open the drive. Windows, by default,
autoplays CD Rom discs and USB drives if they have an Autorun.inf file. You don‘t even have to
double click on the drive, the worm executes without user intervention.

Trojan Horses are an interesting class of nuisance. They appear as completely harmless
applications that promise to do something innocent but actually do more then that. The name Tojan
Horse is derived from a section of the legendary Torjan War in Greek Mythology, in which the
Greeks built a wooden horse as an offering of peace to the City of Troy, and pretended to sail
away. The wooden horse contained Greek soldiers hidden inside its belly. After the people of Troy
(Trojans) brought the horse inside the city, the soldiers emerged and opened the Gates of the City
to the Greeks and destroyed the city of Troy.

Generically, any application that carries a payload that is not used by the main application and
performs actions other then those promised or believed to do is termed as Trojan. A Trojan by itself
is not harmful, but due to the various payloads they can carry are they termed malicious.
Applications are specifically written to act as Trojans carrying payloads with them, while many
others are made by joining payloads to already existing applications.

Some of the popular payloads delivered by Trojans are NetBus, BackOrifice and Sub7. These are
applications that allow the deployer to remotely control computers. These applications install a
small program (the server) and allow the machine to be controlled remotely through a client. These
tools by themselves are excellent programming masterpieces, but since they are used by script
kiddies and sadistic hackers all over the world to wreak havoc, they have earned a bad reputation
amongst security conscious people. Remote Administration Tools are not the only payload for
Trojans to carry, although they are the most popular. Some other payloads include keyloggers,
antivirus disablers, DoS tools or merely downloaders. Most of these payloads are bundled with
prank applications that unsuspecting users happen to find across the Internet.

The most popular payloads of Trojans are Remote Administration tools as mentioned earlier.
Remote Administration tools can be used ethically to troubleshoot problems remotely and interact
with users. Most of these applications come with a server and a client program. The server part of
the program has to be run on the system you wish to control and the client (usually a Graphical
User Interface) is used to send commands to the server. Windows provides several APIs that allow
you to completely control a computer remotely and it is not very difficult to write a remote control
application of your own. In the final year of my Engineering, way back in 2006, I managed to write a
Remote Administration Tool of my own called NetCon which I shall briefly describe here.

Page | 199
A Beginners Approach to Windows

NetCon System & Network Page - Print Screen 10.10

Designed to work on the Local Area Network and written in VB 6.0 with over 80 Windows API, the
program has the following features:
 Get Remote System Info: This info includes:
 Computer Name
 IP address
 Operating System
 Physical RAM
 Drives
 Product ID
 Registered Owner
 System Directory
 Windows Directory
 Processor Type
 Current Logged on User
 Temporary Directory
 Wallpaper location (Whew!!)
 Screen Resolution
 Get list of running Processes: This allows users to view and terminate processes on the remote
 Shutdown Controls: Allows users to remotely shutdown, restart the system or logoff the current
user. If the end system is Windows XP then the shutdown and restart commands will give a 12
second countdown.
 Get Open Ports: This command shows all the open listening ports and connections on the remote
 Get Routing Table: Allows users to view the entire TCP/IP routing table.
 Get Adapter Status: This command allows viewing of the entire adapter status along with other
information, equivalent of ipconfig /all.
 Send Message to remote computer. Displays a message box on screen when a user is logged in.

Page | 200
A Beginners Approach to Windows

 Run an application on the remote computer by supplying the full path of the program.
 Rename the Start Button on the Remote Computer!!!
 View Directory structure, disks and contents.
 File Transfer: Using binary mode for file transfer, this command allows you to copy files from the
remote system and save it onto your computer.
 Fun Controls: These are commands intended for general experimental purpose. Click on the
buttons to perform their respective functions.
 Open / Close CD ROM drive tray.
 Show / Hide Start Button
 Show / Hide Clock
 Show/Hide Desktop
 Show Black Screen & desktop alternatively.
 View / Set / Clear Clipboard
 Beep User with custom frequency (default 2000 Hz)
 Play custom sound. Default is C:\Windows\Media\tada.wav.
 Change Wallpaper on remote machine (requires logoff)
 Freeze mouse for 8 seconds
 Swap mouse buttons, the right click becomes left and vice versa.
 Crazy mouse. Mouse cursor is set at random locations for 8 seconds.

NetCon Fun Controls Page - Print Screen 10.11

 Move Mouse. This is an advanced mouse control function written to remotely move the mouse on
the remote computer with the administrator controlling cursor positions from the client machine.
Right and left clicks can be manifested too.
 Live Keylogger allows you to view pressed keys on the remote machine in real time on a screen
on the Info Pane.
 Screen Stuff: A highly advanced separate module written which exclusively employs the BitBlt
and StretchBlt methods to manipulate the screen. Allows users to do the following functions:
 Get Remote Screen (AutoDump feature also available).
 Invert Remote Computer Desktop

Page | 201
A Beginners Approach to Windows

 Invert Colors of the desktop.
 Fade Screen Colors
 Brighten Screen (MAX ALPHA)
 Darken Screen
 Show Ghost Image
 Monitor On / Off (Works on Laptops only)

The server cannot be seen under the TaskList but can be seen under the Process tab of the
Windows Task Manager. It also adds itself to the Local Machine Run key (creates if non existent) in
the Windows Registry so that it runs at system startup irrespective of who the logged on user is.
NetCON v1.2 runs on port 7108 at system startup (upon a previous execution) in listening mode.

These tools may be fun to use in the hands of novice users but can be real frustrating to the end
user. The Windows API is a powerful collection of functions which can be used maliciously. Several
applications exist out in the wild that incorporate these APIs. To read drives and directories, to copy
themselves and spread, to open and infect other files, to create and add user accounts without your
knowledge, to delete files and directories and replace them with executables of their own, to log
every key you press on the keyboard, stealing your passwords and credit card numbers, emails and
photographs, documents and other data, to prevent shutdown of the computer, to crash the
operating System and in the worst case format your drives. The bad guys are using their knowledge
to do evil stuff with their evil tools. Some simple precautionary measures can save a lot of time,
money and pride. Here are a few methods that you can easily employ to keep your system safe and
detect and delete threats before it‘s too late.

One of the most common trick worms and some viruses use is to create copies of themselves that
have icons of common file types or of folders but with the obvious ‗.exe‘ extension at the end of the
filename. A very common example that I can recollect is the Jangan Dibuka.exe which has the icon
of a Microsoft Word Document. This worm has got several other names like My Love.exe,
Kenangan.exe, Hallo.exe, Puisi Cinta.exe, My Heart.exe, and Mistery.exe. Such worms may
disable folder options and cause the hide file extensions for known file types option to be checked.
A non suspecting user is bound to attempt to open a file that has the name ―My Love‖ and the icon
of a word document. What they don‘t realize is that you are in fact executing the worm! Hence to
detect such threat, you can either enable the show file extensions option through folder options, but
that may not be helpful if the worm periodically checks for registry values and resets them
according to its own convenience.

Windows hides file extensions for shortcut (.lnk files), Explorer command files (.scf) and some other
file types. These extensions will remain hidden even if you deselect the Hide file extensions for
known file types. You can enable their view through a registry hack. I did not include the trick in
the chapter on the registry since it would be much more captivating to use it here in its correct
context. Link files and Explorer‘s command files have a special string value called NeverShowExt
written under the HKEY_CLASSES_ROOT\lnkfile and HKEY_CLASSES_ROOT\SHCmdFile
respectively. You can even do the opposite using a string value called AlwaysShowExt. You can
direct Windows to show you file extensions for a known file type even when the option to Hide file
extensions is enabled in Folder Options. Since the most dangerous file type to us presently would
be the executable, navigate to HKEY_CLASSES_ROOT\exefile, create a new string value in the
right hand pane and name it as AlwaysShowExt and keep its value blank. Restart explorer using
the Task Manager or logoff and login again. This registry edit causes Windows to display the exe
extension even when the option to Hide File extensions is enabled in Folder Options. Try it out.
Apply the option in the View tab of Folder Options and navigate to any exe that you have,
C:\Windows would be a nice place to check. Look at the filename of Explorer.exe, for instance, the
file extension will be visible even though files around it will have their extensions hidden. This
allows you to view the extension of a file before you run it. For best practices, deselect the option in
Folder Options to Hide file extensions.

Page | 202
A Beginners Approach to Windows

Some worms have long names like Picture_of_the_worlds_most_wanted_person.exe. This file for
instance is a script written in AutoIt, a popular scripting language, and has the icon of an image file.
Since the name is long, Windows Explorer does not display the whole name in Tiles and Icons
view. The entire file name with the exe extension will be seen if the folder is made to display objects
in Thumbnail view, Details view or List view. An unsuspecting user may execute the file expecting it
to really be the picture of the worlds most wanted person! Be careful of files that have tempting
names and are pretty long that are obscured by Windows. It‘s a feature in Windows to avoid
cluttering and messy looks but is exploited by the malicious file writer. Enable double click to open
option in Folder Options under the General Tab. That way you can view the file type, by merely
selecting it, in the common tasks pane to the left of the window.

Common Tasks Pane showing file type - Print Screen 10.12

Windows allows programs to add to the system startup as an effective method to allow program
execution without user intervention. This allows programs like Antivirus software and Network
Monitoring Tools to start and run without user interference. Even this feature of Windows has been
exploited. It is a common feature of viruses to add their path to system startup, so that even if you
terminate the malicious file from memory using Task Manager, the virus will run the next time you
restart your computer. A major drawback of the Task Manager is that it does not display additional
information about a process like its path or child processes. Microsoft has a tool called Process
Explorer that provides much more information than the native Task Manager of Windows. The tool,
written by Mark Russinovich, shows loaded dlls, detailed description and thread information and the
option to terminate individual threads and close open handles. This tool can be used to find the
path of a virus or any other malicious file when it is in memory.

Page | 203
A Beginners Approach to Windows

Process Explorer - Print Screen 10.13

Windows XP provides msconfig that allows you to keep a check on startup items. However there
are locations in the Windows registry that viruses or worms can write their path to without msconfig
displaying them. In such cases Microsoft (again a Mark Russinovich creation) provides a tool called
autoruns.exe which shows startup entries from over 50 locations!! One of the most important place
to check is the shell value under HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon. The correct value is just explorer.exe, or its full path. There are
possibilities of some malicious files changing the value to explorer.exe virusname.exe, which
causes explorer.exe load the malicious file every time you login. The file will be executed even if
you start the computer in Safe Mode. You can eliminate this threat by starting your computer in
Safe Mode with command prompt and then running regedit, navigating to the said key and
correcting the entry to explorer.exe. All in all, the best bet would be to disable all startup entries
except for Antivirus software. Use msconfig to disable all entries except for any Antivirus software
and use the Services.msc mmc snap in to control which services are running. Disable services that
are not required. Be careful while using autoruns.exe, although it‘s a usewful tool, it lists all the
entries that start when your computer starts and leaves the decision to disable any to the end user.
There are several entries that belong to the OS. Disabling any of them might cause your computer
to behave unexpectedly. The Logon tab contains the normal startup items that execute when you

Page | 204
A Beginners Approach to Windows

Autoruns.exe with its Logon Tab - Print Screen 10.14

Except for userinit.exe and explorer.exe, usually nothing else is needed from the list here. Verify
that the entries are published by Microsoft. Anything else should be looked at with suspicion.

A very interesting feature that most worms come with is that they create a autorun.inf file that as
you know causes drives to execute a file or perform an action when the default option on the drive
is selected. Merely inserting an infected CD into the CDROM drive could get you infected. Disabling
autorun could well cause some CD to function improperly, especially those that rely entirely on the
executable that runs when you insert the CD. Common examples would include Game and
Software CDs that have an exe that shows a menu that allows you to select options and continue
with the installation. To disable the autorun feature for CDROMs completely, fire up the registry
editor and navigate to HKLM\System\CurrentControlSet\Services\CDRom and change the value of
―Autorun‖, or create a new DWORD value if it doesn't already exist, and set the data to equal 0 for
to disable Autorun. You can easily right click on the drive icon in My Computer and select Autoplay
AFTER scanning the CD with a reliable and updated antivirus. On a personal note, I keep the shift
button pressed to bypass any Autorun executable and then open command prompt to attrib and dir
on the contents. I then use the type command to read the contents of the autorun.inf file to see
which executable it points to. Having done that, I proceed to open the Run dialog box and browse
to the CD ROM, I right click on the executable and select properties through the file open dialog
box, since some autorun.inf files tell Windows to execute programs even on Exploring the drive.
The version tab gives me the information needed. Any oddity here and the exe goes through a
thorough scan. The same treatment goes for a USB storage device or a pen drive too.

Make sure that the access to regedit, cmd, folder options, msconfig and task manager is always
enabled. There are registry policies that can lockout the Task Manager, the registry editor and
folder options. Worms and viruses use this fact to disable access to these three important tools in
Windows. The previous chapter on the Windows Registry explains all the three polices in greater
detail and their settings too. What is of importance to note that although there is no explicit setting
in Windows to disable cmd and msconfig, worms can still write their locations to the DisallowRun

Page | 205
A Beginners Approach to Windows

key, preventing users from executing them. Another simpler method chosen by ignorant worm
writers is to continuously read the title bars of all Windows that open, if any of them is found to
contain cmd.exe or System Configuration Utilty, the window is quickly minimized or the process is
terminated. This consumes precious CPU and Memory usage and you may notice your system
reacting slowly to mouse clicks and user interface interaction and command execution. You can
easily open Task Manager and terminate the process that‘s troubling the system. But what do you
do if the Task Manager is disabled. Restarting the computer in safe mode to access the task
manager will not be of much help since the policies will still be in effect, preventing you from
running task manager.

The solution lies in the Safe Mode itself, but in Safe Mode with command prompt. This prevents any
rogue application executed as an argument to explorer in the Winlogon key from running. Start the
computer in Safe Mode with command prompt and enable the Task Manager and the registry editor
using the reg command. If you can open the command prompt in normal mode, but the Task
Manager is still locked out and deleting the policy through the reg command causes the worm in
memory to rewrite the key back to the registry, the only way out is to terminate the worm first before
enabling the Task Manager. It is a little known fact that Windows provides a command line tool to
view and terminate tasks. Using Tasklist and Taskkill as mentioned earlier, you can manage
running process on your computer. Open cmd and then type tasklist to see the current running
processes. You can even see which dlls are loaded for all the process in memory!! Use tasklist /?
for more options.

Tasklist provides users with the list of current processes and their PIDs (Process Identifiers). Using
these PIDs and image names you can terminate the associated application using taskkill. The
general syntax is taskkill /PID 504 /F to forcibly kill the process with PID 504, taskkill /IM spool* /F
/T to forcibly kill all process that start with ‗spool‘ and their child processes (same as end process
tree in the Task Manager.) There are several filters also that you can apply. Detailed usage is
beyond the context of this text. But noticing any unexpected memory consumption by an image you
do not recognize, could be signs of malicious activity. Terminate applications with care and only if
you are sure of them being malicious. The following screenshot shows taskkill being used to forcibly
terminate all processes and their child processes that start with the string ‗note‘.

Taskill - Print Screen 10.14

A very important precautionary measure that Windows users HAVE to take is to use a limited user
system account for your everyday computing. A limited user account allows you to write and save
documents, watch movies, play games, listen to music and surf the internet. When you want to
install an application, you can always right click over the executable and select RunAs, this allows
you to install the application being in your security limits. The administrative account should not be
used except for well administrative purposes. Deleting and creating partitions, formatting drives,
debugging programs, creating or restoring system restore points are some instances where you
might need to use the Admin account. Worms, viruses or any malicious files do maximum damage
if they run in the Admin account.

And finally always use an updated antivirus and scan your system regularly for threats. Real time
monitoring of files could slow down systems that do not have enough resources. Real time
monitoring enables virus and other threats to be eliminated before the Operating System can read
the file hence continuously scanning memory and opening and reading files being accessed by

Page | 206
A Beginners Approach to Windows

Windows could prove to be costly on systems that are low on memory and CPU resources. This is
one of the reasons many Windows users give when asked about the absence of antivirus software
on their machines. In fact an Antivirus is perhaps the most important third party application you
would install on your computer.

Always update your antivirus virus definitions and scan engines. Almost all major antivirus software
companies provide daily updates as either downloadable content or through the update engine in
the Antivirus program itself. Run a full system scan daily if possible or with a maximum delay of one
week between each scan. You could keep a scan running and have lunch and endorse other
activities simultaneously.

Almost all Antivirus products use a common procedure for threat response. When a malicious file or
activity is detected, the program will alert the user with either a visual display or an audio tone or
both in many cases. The alert will contain the name of the threat, the file name found to be
malicious and the response to be taken. Many users get paranoid when a virus is detected on their
systems and feel that the correct response would be to delete the file. Not always. There are
several actions that you could choose, but the most common ones are to delete the file, to clean the
file or to quarantine the file. Different responses should be chosen for different scenarios. Here‘s
how you choose. When the threat detected is an individual file that you know does not belong on
your system, files, with suspicious sounding names and without proper version information, are a
sure go go. Files like ssvccihost.exe, lsasss.exe, winlogons.exe are some examples. Even if the
name is a common Windows file, check its location and version information, like if you find
lsass.exe file in the %homepath%\Application Data folder, deleting it would be the safest bet. Files
are to be cleaned if they can be cleaned. It is a property of viruses that they require a host
application to spread. A host application could be any executable or a file that allows executable
code to run (like Microsoft Word Documents). These host applications may be required by Windows
and by the user himself. It could be the exe of your favorite game, or they could be the MS Word
documents of your application forms and letters. Deleting these does not make sense. In majority of
the cases these files can be cleaned and the original file restored back. If the file cannot be repaired
then most often then not the file would be in memory. Use the task manager to end the process
from memory and then attempt cleaning the file. There is a worm called Passma32, commonly
found as servicemgr.exe in Windows that infects executables and creates a value in the registry
that allows it to run when a user logs in. When a user runs an infected executable, the worm dumps
a copy of the original executable to the same directory with an extension of .hwd, changes its
attribute to hidden and loads the file into memory. For example if my computer had Fifa06 installed
in D:\Games\Fifa06\, and if the worm had infected the main game executable, fifa06.exe, then when
I run the game, the worm creates a copy of fifa06.exe as fifa06.hwd in the same directory, changes
the file attribute to hidden and loads it into memory so that effectively what I perceive is that my
game ran without any issues, no worms, no problems. This executable can be cleaned of this
worm; in fact any updated antivirus should be able to get rid of this particular threat. Lastly, the
option that all major antivirus products provide is the option to quarantine the file. What simply
happens is that the infected file if it cannot be cleaned or deleted then the user can move the file to
an area on the system that acts like a vault containing threats that are not mitigated yet.
Quarantining a file allows the user to clean the file later when an update has been found. This
allows your files to be safely recovered later. When a file is quarantined, all operations to the file are
restricted through the Operating System. I derive pleasure in visualizing it to be a prison of some
sorts that keeps the malicious threat inside and in inactive mode.

An antivirus product can be configured to attempt a set of procedures when a file is tagged infected.
The antivirus by default attempts to clean the virus, failing which it tries to delete the threat, failing
which the file is moved to quarantine.

Following these simple measures could save a lot of time, energy and data. Be prepared for the
worst case scenario. It is the same old story again; Precaution is better then Cure.

Page | 207
A Beginners Approach to Windows

X.6: Windows Network Security

Windows Networking allows users to share files and resources across the globe. Users can access
the internet and other computers on the Local Area Network. Networking opens avenues of
businesses to organization allowing data to be stored on servers that are then requested by clients.
Shopping, Banking, Email and Messaging are some of the activities possible on a network. If your
computer is a standalone home machine then and if you use the internet, the chances of your
computer being infected by malware through your browser are pretty high. Crackers and script
kiddies out there may use your computer for an attack on an organization without your knowledge.
Some process might slyly send data out including the keys typed on the keyboard and other
personal information including files and documents stored on your computer. Data can be stolen off
your hard drive and published on the internet. Network Security is a vast topic but it all starts from a
single machine. Securing your computer is a start towards securing your network.

Windows has several inbuilt components that allow your machine to be secured over the internet or
the LAN. Let us look at them individually, securing your computer to be safe from internet based
attacks and securing your computer from LAN based threats.
Securing your computer from Internet based attacks can be understood in two different ways. One
is through restricted access from external networks to your machine and second is to prevent
malicious activity through your browser and email programs. The easiest way to keep a check on
applications that are communicating with other computers or are requesting communication is to
use a firewall. And Windows makes it easier by providing an inbuilt firewall called the Internet
Connection Firewall. In Windows XP Service Pack 2 (SP2), ICF has been replaced with the
Windows Firewall. A firewall in general terms is a dedicated system or software that is designed to
prevent unauthorized access to or from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both. Hardware based firewalls reside on routers or
special devices specifically designed to act as firewalls. The most common use of a firewall is to
prevent unauthorized access attempts from the Internet to the private network or your system. All
network traffic is routed through a firewall which examines each packet that passes and allows only
those that match its security criteria called rules.

The Internet Connection Firewall, or the ICF, in Windows prevents unauthorized access from the
outside world to your computer. The ICF follows the same norms as general firewalls do and
consists of rules or generally speaking a set of rules which are used to inspect each and every
single packet passing your computers perimeter. The ICF intercepts network traffic and applies its
rule set to the traffic. Then the ICF filters packets according to the rules allowing or denying the
passage of traffic based on the information in the header of each packet contained in the data. This
is broadly called Packet Filtering. The ICF rules or generically any firewall‘s rules contain Network
protocol specific information such as TCP/IP source and destination IP addresses and port
numbers, along with other information such as connection parameters and size of the packet. This
information is matched to the current packet being inspected and then further course of action, i.e.
whether the packet enters the network (your computer here) or is dropped at the perimeter itself, is

Packet filtering is broadly of two types. Static and Stateful. Static packet filters typically drop or
allow packets to pass through the network perimeter on rules based solely on the packets source
and destination addressing and other header information. On the other hand a Stateful packet filter
allows packets to pass or drops them based on the header information as well as the related
information of requested or current session. Like for example the stateful packet filter may drop all
packets that do not have header information related to ftp when the packets are being directed to
the ftp port. The ICF uses a stateful filter thus allowing a more elaborate set of rules then a normal
static filter.

Page | 208
A Beginners Approach to Windows

To Open the Windows Firewall (Windows XP SP2 and higher) dialog, go to Control Panel >>
Network Connection and right click on the connection on which you want to enable the firewall and
select Properties. Go to the Advanced tab of the connection properties and then click on Settings.

Network Connections - Print Screen 10.15

The Windows Firewall can be easily configured through this dialog. The General tab displays the
current status of the firewall. Select the On radio button to enable the firewall and click OK.

Windows Firewall - Print Screen 10.16

Page | 209
A Beginners Approach to Windows

Windows also allows you to create exception rules. Under the Exception tab, you can select the
programs that can accept incoming network connections and can communicate with the outside
network. If the checkbox which allows Windows Firewall to display a notification at the bottom of
this page is checked then, Windows Firewall will display a security alert with the name and
Publisher of the application asking for network access. You can the select whether the application
should be given access or not. Based on your choice, the Windows firewall will create an entry in
the Exception tab.

Windows Security Alert - Print Screen 10.17

The Advanced tab has options to individually add exceptions to each connection on your system.
Click on the settings button in the Network Connections frame to grant access to services running
on the network and which communicate with the outside network through your system. For
example, if a machine on your local network has a web server running and if your system acts as
the gateway to the internet then you can select the HTTP Server service to allow incoming
connections from the internet to reach the web server.

ICMP or the Internet Control message Protocol allows computers on a network to communicate and
share status information like ping echo replies and route and packet information. You can edit these
and more settings for ICMP behavior under the second tab of Advanced Settings under the
Advanced Settings of the connection in question. For general ICMP options, you can click on the
Settings button under the ICMP frame under the Advanced tab of the Windows Firewall
configuration dialog.

Every connection to your system, successful connection, connection attempts and dropped packet
information can be logged to a text file for later retrieval. This information is critical when
researching the possibilities of a system break in or a network based attack. By default, the log file
is stored in C:\Windows as pfirewall.log. Select the options to log dropped packets and log
successful connections.

Page | 210
A Beginners Approach to Windows

Log Settings - Print Screen 10.18

If your system is behaving erratically with network connections and you have difficulty connecting to
other computers on the network, then restore the default settings for Windows Firewall by clicking
on the Restore Defaults button in the Default Settings frame.

The firewall is as smart as the user who configures it. Unknown applications that ask for network
access should not be allowed under the exceptions tab. Even when the security alert box pops up,
make sure the Publisher is a trustworthy source and the importance of the application to have
network access. Scrutinize every application that pops up the security alert box. Even the most
convincing application could cause your entire network to collapse.

That was about Firewalls and connections. Let us now see the importance and procedure to
enforce share accesses. Windows as you know allows you to share a folder or other resources like
printers and scanners over the network for immediate access by other users. Data that is shared on
the network has to be secured to prevent unauthorized access. You can set permissions to
individual users or groups and allow read or write access or full control to the share.

To proceed, disable simple file sharing through folder options. Open Folder Options and under the
view tab, scroll right down to find the option Enable Simple File Sharing (Recommended). Uncheck
it and click on Ok for the settings to take effect. Then right click on a folder you wish to share and
select Properties. Select the Sharing tab to show the Share Options. Click on Share this folder to
share the folder on the network.

Page | 211
A Beginners Approach to Windows

Creating a Shared Folder - Print Screen 10.19

The share name is the name that will be displayed to other users on the network. You can describe
the share by writing a comment about it in the space provided. Always set a user limit on how many
users can simultaneously access the share. 3 would be more secure, but if it is a large network with
the share being an important data exchange centre then you can use the Maximum allowed option.
To set Permissions for users who access the share over the network, click on Permissions. By
default everyone will have read permissions. You can add other users to have read and write
permissions or even delete permissions by giving Full Control. OK your way back and you should
be set. To access your folder from the network, go to My Network Places and click on View
Workgroup Computers in the common tasks pane.

The View WorkGroup Computers option in My Network Places - Print Screen 10.20

Page | 212
A Beginners Approach to Windows

Then open the computer on which the share is located to access the share. For ease of access you
can right click on the share and select Map Network Drive to map the share as a drive in My

To see all the folders that your system has shared, you can go to Computer Management >>
Shared Folders.

Computer Management –Share Folders - Print Screen 10.21
Here you will see administrative information about every share on your system, including the default
shares. All share names that end with $ are called default shares and can be accessed only by
administrators over the network. They are created for troubleshooting and problem solving
scenarios and can be safely deleted. You can also view the number of connections any given share
has. Refresh the snap in to get an update. You can also create a new share through here by right
clicking any where in the blank space and selecting New Share. Windows will present the Share a
Folder Wizard which will guide you through the share creation procedure.

You can view which users have opened which files on the network and terminate connections and
close individual files through Sessions and Open Files.

Close Open File - Print Screen 10.22

Close Established Session - Print Screen 10.23

Page | 213
A Beginners Approach to Windows

All these precautions and security measures may sound so much that you‘ll be compelled to think
that it is useless. Out of millions of computer‘s worldwide the chances of me being targeted are
slim. Are you correct? The truth is that the world is a very small place digitally and it is always better
to be prepared than losing your personal class & picnic photographs, your 1500 mp3 songs, 10 GB
of rock videos, your dad‘s office documents, your mom‘s recipes, your brother‘s projects and the
address book containing a list of all your girlfriends. Prevention is always better than cure…

Page | 214
A Beginners Approach to Windows

Windows Tips & Tricks

We have seen enough of Windows now. Let us now put whatever we have learnt into practical use.
This chapter consists of the best tips and tricks that I employ for the smooth running of my
computer. Many other Microsoft‘s best tricks and tips are also included. Windows can be tweaked
to give optimal performance by following some simple tips. Follow these tricks and tips to ensure a
long and healthy Windows installation.

After this chapter the reader should be able to:
 Tweak the startup of Windows for their own needs.
 Customize Wallpapers and other desktop settings.
 Increase overall performance by memory management.
 Customize explorer to protect your computer from viruses and other threats.
 Chat live with another user on a Local Area Network using the TCP/IP stack.
 Securely hide & protect a folder or files from normal users.
 Play around with some of the eggs found in Windows.

Page | 215
A Beginners Approach to Windows

Windows by itself may become slow if not tuned from time to time. Given below is a list of different
tips and tricks involving different aspects of this Operating System. The tips and tricks described
below pertain to the Windows XP OS unless otherwise specifically mentioned. Take full advantage
of this chapter to tweak your once slow OS to something not less than a 512 MB 2.55 GHz PIV
Windows 2000 system. Most of the common aspects of Windows have been covered here including
Startup, Logon, Explorer, Memory Management, File Protection techniques and some of the most
notable eggs in Windows.

XI.1: Startup

The startup of a computer here refers to the phase from the moment you press the power on button
to the time you see the welcome screen. After that it is called as Windows logon which is covered
as a separate section. Some tricks given here may not work on your computer due to the difference
in Motherboard models and Jumper (pin) connections on the Motherboard. A motherboard manual
is almost always supplied with the computer when you buy it from the vendor; refer to it in cases of
any difficulty.

Tips and tricks are not visibly differentiated, since both will give the reader equal fun when

Start Your computer with the Keyboard.
Everybody starts their computers by pressing the Power On button on the cabinet. There are
other methods too. You could use any device attached to your computer that has Power
Management Support by the Motherboard. Common devices include your keyboard, mouse
and the Network Card. We shall see how you can use your keyboard to start your computer.

To use the keyboard to start booting, open the system BIOS setup, this can be done by
pressing the Delete key just after the first beep. If you do not hear beeps, then keep pressing
the delete key to get into your BIOS Setup. Some motherboards have a different key, check
your Motherboard manual for details. Anyways once you are in the computer‘s CMOS setup,
go to the Power Management Setup Page. Here you will see (if your motherboard supports it
then) Power Management Settings. Enable the Power Management option to use the
keyboard or any other device supported. All supported devices will be listed here. Look for a
Keyboard Power On option, enable it and also change the Specific Key for Power On to a
keyboard key (or combination like Start). You may be prompted to enter it twice. Save
changes & exit Setup. The next time you want to start your computer, type Start on the
keyboard and lo behold!! Cool ain‘t it?

Enable Quick Booting
Usually when you start your computer, the BIOS checks all hardware and sends signals to all
other interfaces and cards etc. This method can really slow down booting time especially if
you have added a new IDE device or shuffled them from masters to slaves or from primary to

To enable quick booting, open the system BIOS setup. Once you are in the computer‘s
CMOS setup goto the Advanced Setup option and enable the option for Quick Boot and
preferably set the computer‘s first boot device to IDE 0 if you have just one hard disk (and if it
is on the primary IDE Channel) and the OS is on it. All these options will usually be one the
same page. Consult your motherboard‘s manual if you cannot find the mentioned options.

Page | 216
A Beginners Approach to Windows

Enable the Display of the Boot.ini
The advantage of displaying the boot.ini file is that you can easily boot into safe mode or any
of the other options presented during startup, you can press F8 when the boot.ini file is being
displayed and then select an option to start.

The boot.ini file shows all the Operating systems installed on your computer. If you have
more than one OS installed or the recovery console present than the boot.ini file is always
visible. The boot.ini file may be Read Only and/or Superhidden as a system file. To remove
these attributes, go to My Computer >> C:
1. If the boot.ini file is visible (which is rarely the case) Right-Click on it and select
Properties. Under the General tab remove the check mark against the Read-only box. Click
on OK to save attributes and exit.
2. If the boot.ini file is not visible, go to View >> Folder Options (Windows 98) or Tools >>
Folder Options on the Menu Bar (no folder options? Registry Policy, go back to the Windows
Registry in the Tips & Tricks section) Once Folder Options opens go to the second tab (View)
and then scroll down to remove the check mark next to the option saying Hide Protected
Operating System files. You will be presented with a warning. Click on Yes. Also select the
Show hidden files and folders option and Hide extensions for known file types. Click on OK to
close the Folder Options dialog box. You should now be able to see the file. Remove the read
only attribute by following the steps mentioned under 1.

It‘s an easy job if you have fully understood the boot.ini file. We know that the boot.ini file is
displayed only if the computer has 2 or more than 2 OSs. That means we will have to make
the computer believe that there are two OSs when actually there is only one installed. To do
this open the boot.ini file. On a single OS system the boot.ini file should look something like

[Boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"

Now just copy the line multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft
Windows XP Home Edition" /fastdetect and paste it below itself so that you now have two
entries in the boot.ini. Your file should now look something like this:

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"

You can change the text "Microsoft Windows XP Home Edition" to something like "Microsoft
Windows XP Test for boot" and add switches like /NOGUIBOOT and /SOS. Decrease the
timeout value to 2 seconds from 30 seconds if you wish to. Press Ctrl + S to save the file.
Close the file and restart by going to Start >> Turn Off Computer >> Restart to see the

Page | 217
A Beginners Approach to Windows

Change the bootscreen to your own.
You will definitely have seen the Windows boot screen, the same old boring Windows loading
with the logo and Windows written on it. You can change the screen to anything of your
choice. The procedure is different for Windows 98 and Windows XP.

Windows 98: The Windows 98 logo screen is located in the C:\ drive as logo.sys or in the
C:\Windows folder as logow.sys. If the file logo.sys is not present in C:\ then copy it from the
Windows folder using the command prompt. Whatever the case, open command prompt by
going to Start >> Run >> command and then using the attrib command to unhide the file(s).
In command type the following

C:\> attrib –s –r –h C:\Windows\logow.sys
C:\> attrib –s –r –h C:\logo.sys

The above commands will remove the hidden, read-only and system attributes from the file.
Then open Paint, from the file menu select open and open the logo.sys file and edit to
whatever you want, just remember not to change the dimension of the file. Save the file as
C:\logo.sys and then change the attributes of the file back to what they were by using
command prompt and by typing

C:\> attrib +s +r +h C:\logo.sys

The logow.sys file pertains to the shutdown screen. Give it the same treatment as the
logo.sys file and see the changes for yourself. Restart your computer to see the changes.

Windows XP: The Windows XP logo screen is not found as a separate file. Instead the logo
is embedded into the ntoskrnl.exe file. One method of having a custom boot screen is by
adding a boot.ini switch. First create a 640 X 480 16 colour Bitmap through MSpaint. Open
paint and goto to Image >> Attributes and set the Width and Height to 640 and 480 pixels
respectively. Create an image and save the file as a 16 color bitmap by the name of
Boot.bmp in the Windows directory.

Second, open the boot.ini file and add a /bootlogo and /noguiboot to the Operating System
name. Your final boot.ini file OS line should look something like this

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition
Sfx" /fastdetect /bootlogo /noguiboot

Save the boot.ini file and then restart using the Start Menu.

Page | 218
A Beginners Approach to Windows

Change the welcome screen

Welcome Screen - Print Screen 11.1

Page | 219
A Beginners Approach to Windows

Welcome Screen - Print Screen 11.2

The welcome screen that you see at logon is a file found in the system32 folder called
Logonui.exe. You can change the welcome screen to any other screen provided you have
another logonui screen with you. There are several available on the internet. There are even
Logon Screen creators like chameleonXP and LogonStudio. Just create one using these
softwares or download the logonui.exe file and save it in some directory like C:\Windows.
Then open the registry editor and navigate to
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon. In the right hand pane scroll
down to locate UIHost and change its value to the address of the logonui.exe file, typically
C:\Windows\logonui.exe. Logoff to see the changes. You have to be logged on as an
Administrator to effect the change.

Change the way users log on and off.
If you don‘t like the welcome screen (???) and would prefer the Windows 2000 style of login
then you can do the following. Open User Accounts through Control Panel and click on the
Change the way users log on and off in the main page of user accounts. Remove the check
in the Use the Welcome screen option and click on Apply Options. This will disable the
Welcome screen and show a Windows 2000 kind of login. If you are a single user and auto
login was enabled then that will be disabled and you will have to press Enter at the login box.

 At the Welcome screen you can press Ctrl + Alt + Del twice to switch to the Windows
2000 style of login. If the logonui.exe file is corrupt you will be shown the Windows
2000 login box.

Page | 220
A Beginners Approach to Windows

XI.2: Logon

Logon in the context of this chapter is the phase from the Welcome Login screen to your
computer‘s desktop. You can reduce the logon time by removing startup items and by preventing
unwanted services from starting up.

Auto Logon
If you are a single user or if everybody else use the same account and you wish to auto login
every time you start Windows you can enable Auto Login.

Go to Start >> Run >> control userpasswords2 which will open up the Advanced User
Accounts dialog box on Windows XP. On Windows 2000 you can use the normal User
Accounts found in Control Panel. Under the Users tab select the user you wish to Auto Logon
as and remove the check against the option saying Users must enter a user name and ……
Click on Apply and you will be presented with a dialog box which will ask you to enter the
default User name and Password. Enter the required parameters and click on OK and OK
again to close User Accounts. The next time you start your computer, you will be logged in
with the default username and password.

User Accounts (Userpasswords2) - Print Screen 11.3

 You can also type „rundll32 netplwiz.dll,UsersRunDll‟ in the run box to open up User
Accounts. UsersRunDll is case sensitive and is a function in netplwiz.dll and the
rundll32.exe application causes the dll to be run as an exe. Almost everything in
Windows is done using either standalone programs or dll‟s.

Page | 221
A Beginners Approach to Windows

Speed up Logon
Whenever you install some program, it may so happen that the application may start at
Windows startup. Sometimes it can get completely unnerving when your computer‘s memory
is drenched only to start the computer. Whereas some programs are required immediately
after startup, like Antivirus software or Network Monitoring tools, some are completely
useless, like the Winamp tray program and the MSN messenger. These programs run in the
background and eat up precious computer resources like CPU time and RAM space.

Then there is the threat of viruses. Almost all viruses have the ability to copy themselves to
system startup which can, as everybody knows, wreak havoc on your computer.
On Windows XP and Windows 98 you can use the msconfig tool to remove startup objects.
Just go to Start >> Run and type msconfig to start the System Configuration Utility. Click on
the Startup tab to see all the startup programs. You can easily prevent a program from
starting by removing the check next to it. Similar is the case with Services, but it is
recommended to use the services management console snap-in to alter services settings. All
the entries shown under the startup tab in msconfig are from the registry and the program
files startup folder. You can also manually remove each entry physically from the registry by
navigating to the keys described below. The drawback of msconfig is that it does not list any
programs from the autoexec.bat file.

The autoexec.bat file has the programs and set path configurations (for Windows 98), in
Windows XP it is usually blank; but some programs can write their location into it so that they
are executed at the next system startup. The Win.ini file is a special file in Windows 98
(Windows XP hardly refers to it) which has configurations for 16 bit program support. You can
find it in your Windows directory. It usually contains information about mail configuration and
mpeg extensions. Fonts and other program specific information may also be found here.
Win.ini supports a method called [load] under which you can specify the full path of the
executable that you want to run during logon.

Windows 2000 provides the worst case scenario, it does not have msconfig. Hence it is
necessary to know the locations where viruses or programs might put in their addresses. Just
delete the values to prevent them from starting up.


HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunServices
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunServicesEx

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ RunServices
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ RunServicesEx

Changes done to the Local Machine key of the Windows registry are global, which means
that if there was a program that had its address in the HKLM key and if you removed it, then it
won‘t start for all users on that particular computer. HKCU key is user specific and hence
even if you have removed the reference to a program (say a virus) from your account‘s
HKCU key, it may still be present in the HKCU key of the other user‘s on your machine; and if
that is the case then the program may recopy its address into the HKLM key of the registry
the moment the other user logs in, which will mess all the hardwork you had done.

Page | 222
A Beginners Approach to Windows

There are some viruses that go a step further. They edit the Shell portion under Winlogon to
run themselves as an argument to explorer. No way possible you can detect that!!

HKLM \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ WinLogon

The value of shell may look something like explorer.exe “C:\Windows\Skullstorm.exe”
where skullstorm.exe is the virus. Check that too. Here the virus will run even in Safe Mode!!!
Instead of clicking on Yes on the Dialog that is asked at the start of Safe Mode, press Ctrl +
Alt + Del to bring up the Task Manager and run the registry editor and edit the value and
delete the virus. Who said you need an antivirus? ;-)

Open services.msc through Run and check if there are any unwanted services running; you
can use the services table included in this book for your reference. The best option is to
convert all services startup type to manual. Then restart your system normally. You will notice
that the computer starts miserably slowly at this time. Once your computer starts completely,
do some normal computing that you would do in everyday life, listen to music, play a game,
open MSWord, Excel, Install & run programs, open My Documents, connect to the net,
browse a few sites, download some files etc. This is to enable Windows to select which
service is important for your daily computing. After you have finished with your routine, open
Services.msc again and now see which services have started, turn them to Automatic and
you can now be sure that Memory & Resource Management has been taken care of.

Check the win.ini and autoexec.bat file for unwanted nuisance.

Change the Logon sound
You must have definitely heard the Windows logon sound. Have you ever wanted to be
greeted by the starting piano music of Marc Anthony‟s I dream at night instead of the
boring rumbling of Windows? Here‘s how you do it. You will require additional help though.
Check if you have got an mp3 to wav convertor. Winamp (any version) will do. Then you
should have a sound editing tool. The best is Sound Forge. You can get a demo version of it
on the Internet or search through the Digit or Chip Magazine CDs. And finally get a good
song whose some part you will want as startup music. I am assuming you will be using
Winamp and Sound Forge because they are the simplest and the best.

Page | 223
A Beginners Approach to Windows

Winamp Preferences - Print Screen 11.4

Create a folder in your D:\ drive by the name of sound or anything you want and copy the
song into it. If the song is already in the .wav format, then skip this paragraph and jump to the
editing in the next paragraph. Open the song in Winamp and play to check it. Then give a
right click on the Winamp window to show the right click menu. Select Options >>
Preferences to open the Winamp Preferences dialog box. Select Output from the left hand
side pane to show all the output plug-ins for Winamp installed on your computer. You should
have the Nullsoft Disk Writer plug-in [out_disk.dll] listed in the right hand pane. Select it
and click on configure. In the directory listing box that appears Select the folder you created
for the song (sound or something) and click on OK and then Close to close preferences.
Now play the song; it will get converted into a wav file that has to be now edited using Sound
Forge or something equivalent. Change the output plug-in of Winamp back to Nullsoft
waveOut plug-in [out_wave.dll] to restore audio. File size of wav files is extremely large
and hence you may find that your 4.2 MB of I dream at night.mp3 has become 46.3 MB of a
wav file.

Page | 224
A Beginners Approach to Windows

Winamp mp3 to Wav Conversion - Print Screen 11.5

Open Sound Forge and open the created wav file through File >> Open. Sound Forge will
build peaks and show you the song in a raw editable graphical format. Select the part you
wish to make the Windows Logon file and goto Edit >> Trim/Crop. You can add fading effects
to this file by going to Process >> Fade >> Out. Then save the file with a name that you will
remember, something like Marc-Dream Logon.wav. Save it in a location you won‘t be
messing around too much with. Close Sound Forge and delete the other temp peak files
(*.sfk) and the converted wav and the copied mp3. Do not delete the newly created file.

Open Control Panel and goto Sounds and Audio Devices. Under the Sounds tab of the
Sounds and AudioDevices Properties dialog, search for the Start Windows program event.
Select it and Browse for the newly created wav file. Select the file and click on OK. Click on
the small Play button to hear the file playing. Click on OK to save changes and lo you have
successfully achieved what you wanted. Logoff or restart properly to see the changes.

Change the shell
Many of us find using the command prompt or cmd.exe more efficient when running simple
tasks. You can cause Windows to start cmd.exe as the shell instead of explorer. This is as
simple as changing an entry in the registry. Open the Windows registry editor and navigate to
the following key:

HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

Page | 225
A Beginners Approach to Windows

In the right hand pane find a String value called Shell. Modify its value to the full path of
cmd.exe i.e. %systemroot%\system32\cmd.exe and then logoff to see the changes. You
can run the registry editor from the command prompt if you wish to undo any changes. To
shutdown Windows use the Task Manager.

This was child‘s play; but have you ever wanted to make
explorer into yours completely. This includes, your own
custom error messages, the Start Button renamed into any
5 character string, the right click menus in Hindi and lots
more. You can do all of this but there is a trade off. You
will be editing licensed and copyright software. You are
requested not to distribute whatever you have edited. Only
if you are using an OEM version of Windows, then only
proceed, else skip this section. You could face legal
prosecution if you are found guilty of violating the EULA.
To read the EULA goto Start >> Run >> Eula.txt. This is
purely for fun and I request users not to go overboard else
you will end up with a messed shell (explorer). In any case
I shall not be held responsible for any outcome, good or
bad, out of the usage of this text….

That was for the legal part. To edit bitmaps and strings in
explorer, you will have to use a Hex Editor or the best, use
Resource Hacker. You can download it at
http://rpi.net.au/~ajohnson/resourcehacker. Copy
Explorer.exe from the %systemroot% folder into some
other safe place as backup. Now open Resource Hacker
and then open explorer.exe through File >> Open. Edit
whatever you want and then save the file in system32 as explorer.exe itself. Then open the
registry editor, navigate to the Winlogon Key under HKEY_LOCAL_MACHINE and change
the value of shell to %systemroot%\system32\explorer.exe. End Explorer through Task
Manager and start it again by going to New Task >> explorer. This causes Windows to load
the file specified under the Winlogon key as its shell which is now your custom explorer.exe. I
managed to pull this off.

Custom Right Click Context Menu on the Clock - Print Screen 11.6

Page | 226
A Beginners Approach to Windows

 When using an antivirus, select the one that provides real time scanning of files so
that you are always protected. Real time scanning keeps you protected by scanning files
while copying them from external sources like CDs or floppy disks. And remember to
update your Antivirus regularly to remain protected from new threats.

XI.3: Desktop & Wallpaper

The desktop and wallpaper are unique for every user on a Windows system. You can customize
your desktop and other related settings to give your computer a fresh and appealing look. The
Quick Launch and the Taskbar especially can be tweaked to get the most out of them.

The Quick Launch
The Quick Launch is the region next to the Start button that has icons for quickly accessing
some programs and also has a Show Desktop shell file (*.scf) which minimizes all open
windows and shows the desktop. If Quick Launch is not visible then you can enable it by right
clicking on the Taskbar and selecting Toolbars >> Quick Launch. There are more toolbars
available here including links, addresses and the Desktop. If you like to have an uncluttered
desktop, you can enable this option and then hide all desktop icons. On Windows XP the
desktop can be hidden by selecting the Arrange Icons by and then deselecting the option that
says Show Desktop Icons. You can select New Toolbar from the right click menu of the
taskbar and then select a folder to get the folder to the taskbar. This is practically useful if you
have a folder deep nested in some drive (D:\..\..\..\..\ etc) and you access it frequently. Just
create a toolbar and forget about going to My Computer to open it.

Coming back to the Quick Launch, you can create many shortcuts to various objects in
Windows. In Windows XP you can have shortcuts for Shutdown, logoff and Switch user as
well. Here I will describe the procedure to create shortcuts for all three. For shutdown, you
will be employing the fact that there is actually a shutdown.exe file in Windows XP that allows
you to interactively shutdown your computer, restart or logoff. You can even shutdown
remote computers with shutdown.exe. Its syntax is simple and we shall see only the
shutdown and restart using this file. As we all know by now that the Quick Launch is actually
a folder whose location is given by %homepath%\Application Data\Microsoft\Internet
Explorer\Quick Launch which is different for every user. Open this folder and then right click
and select New >> Shortcut. In the location of the item type the following as it is:

Shutdown.exe -s -t 12 -c “This computer is about to shutdown!!”

The –s tells shutdown.exe to shutdown the computer, the –t xx gives a timeout for the
shutdown sequence, you can change that from zero to anything including 99999999999999
seconds to give 3199 days. The –c is for comments. Put any standard 127 character string
under inverted commas for the comment. You can create more shortcuts in this folder for
restart and logoff by changing the –s to –r and –l respectively. If in any case you wish to stop
the shutdown or restart process when the timer is still going on, you have to use shutdown –
a where the –a tells shutdown to abort the process. Create a shortcut to it and place it where
you can immediately access it (when the need arises!!!). If you don‘t like the icon of the
shutdown shortcut (the DOS kind of shortcut) then right click >> properties and select
Change Icon and select an icon from the shell32.dll file. This command works only on
Windows XP because the shutdown.exe file is found only on Windows XP. The funniest part
is when you rename the newly created shortcut to something like ―GetLost‖ and move the
shortcut to the Windows directory. Then you can go to Start>> Run and type getlost, and your
computer will just do that!!!

Page | 227
A Beginners Approach to Windows

System Shutdown - Print Screen 11.7

For Windows 98 create a shortcut having the following command:

Rundll.exe user.exe,exitwindows

to shutdown and

Rundll.exe user.exe,exitwindowsexec

to restart the computer.

Another method of logoff is the plain logoff command that can be run from the run box or
create a shortcut to it in Quick Launch. Logoff is found only on Windows XP

To switch user, the command is slightly twisted but it is easy to understand. First create a
shortcut in Quick Launch, or anywhere and in the location to the item just type the following:

rundll32.exe user32.dll,LockWorkStation

This command invokes a function in user32.dll called LockWorkStation which we normally
define as the Switch user method. The dll user32.dll has many methods but the procedure of
invoking them has to be done through rundll32.exe which is an application that runs dll files
as though they were executables. A complete list of methods of user32.dll is beyond the
scope of this text. But if you are still interested, then you can open notepad and open
user32.dll through its File >> Open menu. You will see a lot of garbage characters, scroll
down or search for the LockWorkStation text by using the notepad search. Along with it you
will find many more methods which are continuously used by the Operating System. These
functions called API (Application Programming Interface) functions and are used by almost all
programmers to perform many OS functions like creating folders and Task Management. Do
not do any changes to this file, else you will end up with a messed Operating System.

Another thing that I mentioned above is the Show Desktop file that minimizes all open
windows to show you the desktop. Well this is a normal text file but saved with a .scf

Page | 228
A Beginners Approach to Windows

 Windows always hides .lnk, .scf, .pif and some other extensions. You can see them
only through a registry hack. .lnk files are program, file or folder shortcuts, .scf are
explorer command files and .pif are MSDOS program shortcuts.

To create one of your own or to change the icon of an existing one, open notepad and then
click and drag the Show Desktop file (from the Quick Launch) to the notepad window. You
will see the following text:


To change the icon of the file change the 3 to any other number between 0 and 17 for
explorer or you can change the file itself by changing the explorer.exe to
%systemroot%\system32\shell32.dll followed by a comma and the icon number. Icon
numbers start from zero and end at the maximum that the file contains. All executables have
their own icons. Do not leave any spaces between the exe name, comma and the icon
number. Just copy this text into any blank text file and save it with a .scf extension to create
your own Windows Explorer Command. Put it in any folder you want and double – click it to
check the effects.

The Wallpaper and associated settings
The wallpaper could be any valid image in any format supported by Windows. Everybody
knows how to change the wallpaper from desktop properties. When you click on Browse to
search for an image, right click in the folder and Change the view to thumbnail, which
provides you a preview of the images. Select an image and click on OK.

The thing is that if you have an image whose size is much smaller than your screen size, then
you can either keep the image at the center or resize and resample the image so that it looks
good when stretched. Smaller images look yuck when stretched. Never keep a .gif file as
your wallpaper. They hog a lot of memory due to the animation in them (if there is). To know
your current display mode goto Start >> Run >> dxdiag to open the Direct X Diagnostic tool.
Under the display tab you will be able to see the screen resolution. Standard resolutions used
worldwide are 800x600 and 1024x768 pixels. The greater it is the tinier the desktop appears.
Sometimes it may so happen that your monitor may not be able to support the resolution that
your computer graphics card can support, in those cases stick to the maximum that is
supported by your monitor. (or buy a new monitor…)

This is for those people who want to squeeze memory out of everything in Windows, do not
keep a wallpaper, but instead have a black background. Keeping a wallpaper takes around
800 KB of more memory for the visual display and graphic calculation by the processor.

But who cares, right? So get online and search some good wallpapers and enjoy. Some good
websites that provide wallpapers are www.desktopwallpapers.com,
www.shiftedreality.com, www.3dart.com, www.topwallpapers.com and
www.digitalblasphemy.com. There is also a program called webshots that can be
downloaded from www.webshots.com that allows you to download classic images and
apply them to the background just by a keyboard shortcut, you don‘t have the hassle of
opening Display Properties and browsing. This program is available for free download. You
can try it out any time. If you don‘t want it and you also don‘t like browsing again and again
for wallpapers, the alternate option that you can have is to copy all your favorite wallpapers to

Page | 229
A Beginners Approach to Windows

the My Pictures folder in My Documents and then access them directly in the Display
Properties dialog.

Windows XP provides an ultimate solution to all this mess by giving the Windows Picture and
Fax Viewer and if you have View as Thumbnails or Filmstrip then you can just right click on
the image and select it as the desktop background image.

To end the discussion on wallpapers: when you select an image as a wallpaper, no matter
what the extension is, Windows copies the image and converts it to a bitmap (*.bmp) file and
saves it with the name of Wallpaper1.bmp in the %homepath%\Local Settings\Application
Data\Microsoft. So indirectly you can change the wallpaper of the other users without
logging into their account!!!

Always refresh the screen when you are going to copy something on the desktop. This
sometimes aids copying of files and helps the job to get over faster.

If you have the Windows Classic desktop, you can hide the My Computer, Internet Explorer,
Recycle Bin and the My Network Places icons by selecting Customize desktop from the
Display tab of Display Properties. You can even change their icons. The new icon can be
selected from exe, dll or other library files (*.ocx *.tlb etc.). This new icon path is updated in
the CLSID value of the component in the registry.

XI.4: Explorer

The Windows shell can be modified in N number of ways by still being inside the legal limit. Most of
the tricks involve the registry, which have already been covered. There are many others that involve
the registry only to some extent and some that hardly require it. There have to be some general
considerations that have to be followed when working with Windows. Intelligent memory and
program management will help in your PC surviving a longer duration of time. Some simple steps
can be followed to make your PC the best in the neighborhood.

Memory Management
Some people talk of Windows being a slow Operating System and you can hardly play
games on it. Memory is something which is inside you can‘t help it nor can the OS. Every OS
takes some memory for its running. Windows XP was released with the idea in the head that
there will be at least 128 MB of RAM on the computer. Now if you have 128 MB of RAM and
still your computer is slow, that means that there is something else that is eating the
computer‘s precious RAM. If you have followed the tips of the previous sections and
eliminated the startup items then you have won half the battle. Open Task Manager and
under the Processes tab, right click explorer.exe and select End Process Tree and after
explorer closes down goto File >> New Task and type Explorer for the shell to return and now
see the difference.

If you still want to make you Windows XP system faster, then right click on My Computer and
select properties to open System Properties. Under the Advanced tab, select Performance
settings. Select the Adjust for best performance option under the Visual Effects tab to remove
all the check marks on the several listed below. Now scroll down and select the 11 option
saying to smooth edges of screen fonts, the 14 option saying to use common tasks in
folders and finally the 15 option telling Windows to use drop shadows for icon labels on the

Goto the Advanced tab and select the Processor Scheduling and Memory Usage to be
adjusted for best performance of programs (if your computer is a desktop. If you intend using
it as server then Background Services and System Cache makes a notable change in the
server performance).

Page | 230
A Beginners Approach to Windows

Virtual Memory Settings - Print Screen 11.8

Finally the most important of all, Click on the change button for Virtual Memory. In the Virtual
Memory dialog box that opens all the drives of your computer will be listed. If your computer
has just a single drive, it is bound to have a paging file. Select each drive and select the
option to System managed size and click on Set. Do this for each drive and then click on
OK. If you are prompted to restart, please do so.

Another small adjustment that you have to do is, give the Start Button a right click and select
Properties >> Classic Start menu to complete the new Windows look. Your Windows XP will
have become Windows 2000 by the looks but by the speed, you will love it anyways.

General Discussions
Windows has lots to be squeezed out. Here are some of the best tricks and tips that
Administrators usually employ to customize explorer the way they want it.

 Have you ever wanted to change the PM and AM of the system clock to something more
whacky? Here‘s how you do it: Open Control Panel >> open Regional and Language
Options. Under the Regional Options tab, click on Customize. Under the Customize
Regional Options dialog goto the Time tab and change the AM and PM symbol to any
string that you want (like Morning and Night). Click on OK all the way back to save
changes. The changes are usually immediate. If not then logoff and re-login to see the

 If you intend formatting your computer to do a fresh install of Windows then there are some
very important things to be kept in mind. Your My Documents folder has to be moved to a
drive other than the OS. If you cannot copy the folder entirely Windows has an inbuilt

Page | 231
A Beginners Approach to Windows

option. First create a folder in any other drive and name it something like Backup and then
right click on the My Documents folder icon on the desktop and select properties. In the first
tab itself the target path of the current folder is given. Just click on Move and Browse to the
new folder you just created. Click on OK and when asked as to whether you wish to move
all your documents to this new folder, select Yes and you are done. Just wait till all the files
are copied, then you can move ahead with your formatting.

Sometimes it also happens that some programs allow you to save their documents and
these are saved in the program installation folder itself which is usually on the same drive
as your OS. Just search through the folders to find anything worth a backup. If you have
edited any system files or created new folders like the Turbo C Compiler then copy them
too. If you have edited explorer to rename the Start button or something then copy the file
to the backup folder.

 If while installing some software, the setup is taking an unusually long time to complete or if
the setup exits erratically with or without any errors, check the Temporary folder. First
restart your computer and then delete the contents of the Local Settings Temporary and the
Internet Temporary Files. To delete the Temporary files, goto Start >> Run and type
%temp% which will open up the Temp folder, delete all its contents and then close it.
Empty the Recycle Bin and then Open Internet Options from the Control Panel and delete
the Cookies and files by selecting appropriate options under the General tab itself. For
temporary internet files, delete all your offline content too if you wish to. Then clear Internet
History and then again restart after all this.

 Many Viruses have long and interesting names, not for pleasure but with a motive.
Windows hides file extensions and hidden files are not displayed by default. This can act as
a serious threat. A very famous example is the picture virus with
Picture_of_the_world’s_most_wanted_person.exe as its filename. This exe has the icon
of an image (*.jpeg) and since Windows hides file extensions of known file types, the exe
will not be seen and guys like me will definitely want to see who is the world‘s most wanted
person. There are viruses which have icons of MSWord files which copy themselves to
floppy drives and other removable media when executed. These viruses copy themselves
into the system folder and add their addresses to the registry so that they run at startup.
Even at times viruses like the Passma.C Worm or commonly known as ServiceMgr of
Windows infect an exe and when the exe is called a hidden infected copy of the exe is run
while more files are infected on the hard disk. If you have hidden files enabled then you
may miss this and other similar threats. More examples of this type would be the Folder.htt
and the desktop.ini pair which goes on replicating in every folder.

Precautions would be to disable hidden files and hiding of file extensions. Open folder
options through Start >> Run >> Control folders. Under the General tab select the Double-
click to open an item (single-click to select) option. Under the View tab select show hidden
files and folders and remove the check against the hide extensions for known file types.
Click on OK to save and exit.

In case you do not find Folder Options under Tools, then chances are you are infected. Re-
enable Folder Options through the registry (Policies\Explorer) and then unhide hidden files.
If the Registry Editor itself is disabled, use the reg command to re enable the registry and
then clean your system (See the Chapter on the Windows Registry for the reg command

Page | 232
A Beginners Approach to Windows

 To make Windows friendlier, you can give icons to individual folders according to the data
they contain. This can be achieved in two ways. By creating a Desktop.ini file or by
manually selecting customize from the properties of the folder. Under the Customize tab
click on Change Icon and select one from the shell32.dll file. Whenever any folder is given
an icon a desktop.ini file is created. This file is Superhidden and therefore you will have to
enable the visibility of system files through folder options. Another method of opening the
dektop.ini file would be to give it in the full path of the folder. Goto Start >> Run and type
the full path to your folder followed by a \desktop.ini string. For example if your folder is
D:\Games\Activision\Spiderman2 then the Run command should be
D:\Games\Activision\Spiderman2\desktop.ini. A normal desktop.ini file will look like this (for
general folders)


You can change the icon index to any integer that is valid for the number of icons in the file.
For shell32.dll it is 237. You can even add your own personalized tool tip message to the
folder. Just add a line called Infotip in the desktop.ini file followed by the string that you
wish to display. Suppose you have a folder full of songs then you can display a tool tip with
the message that this folder contains songs. The final desktop.ini file should look something
like this.

InfoTip=”Best of Marc Anthony.”

Save the file whenever possible. If the file is read only then remove the read only tag from
the properties option of the file.

 Whenever you write a CD you can program your own personalized menu using batch files
or any other language for that matter and then make the CD auto running so that the menu
pops up just like game companies and Microsoft does it. Its one of the easiest jobs in
everyday computing. First select an exe or a batch file to be run when you insert the CD. If
you have some other file of some other extension that has to run (like an html webpage,
then you can write the batch code for it and make the batch file run). A drive or a CD will
auto run if there is a file called autorun.inf in the root of it. Root of it means that when you
open the drive the autorun.inf file should be the outermost file, it shouldn‘t be inside any
other folder. This is a normal text file saved with a .inf extension. The normal syntax of the
autorun.inf file is


Keep the executable also alongside the autorun.inf file. If in any case the exe happens to
be inside any folder then replace the program_name.exe by
\folder_name\folder_name\program_name.exe. So now you know how the menu of
MSOffice & Counter Strike pops up when you insert the CD into the drive. To prevent a CD
from auto running just keep the shift button pressed when inserting a CD into the drive.

Page | 233
A Beginners Approach to Windows

 WindowsXP has a new feature called Prefetch. This is a folder that keeps shortcuts to
recently used programs. The folder is found in the Windows folder. This is useful and
obiviously a faster method of program location & execution, however as time goes it can fill
up with old and obsolete programs addresses. To clean this periodically go to: Start >> Run
>> Prefetch. Press Ctrl-A to select all the shorcuts and delete them. This is only to free up
some disk space. Emptying the prefetch folder can cause the system to boot more slowly
although the difference in times isin‘t significant.

 You all must be familiar with the Blue Screen of Death on Windows 98. Well at times of
disaster too, you can opt for some fun by having the screen customized to suit your eyes.
You can change the normal colors of the background and text when you get a Blue Screen
of Death. Open the SYSTEM.INI file in the Windows directory. In the [386Enh] add the


Where X is replace by the number for each of the following colors:

Black = 0
Blue = 1
Green = 2
Cyan = 3
Red = 4
Magenta = 5
Yellow/Brown = 6
White = 7
Gray = 8
Bright Blue = 9
Bright Green = A
Bright Cyan = B
Bright Red = C
Bright Magenta = D
Bright Yellow = E
Bright White = F

 Never delete programs from the Program Files folder. Always uninstall them using the
Windows Add/Remove Programs or the uninstaller supplied with it. When you install a
program, along with the main executable other dlls and helper files or program child files
are also copied to the hard disk. If the program requires system interaction most of the time
then the chances are that the excess files are installed in the system32 folder. Now nobody
can sift through the 1000 odd files in system32 folder to find the helper files of the program.
That is why, even if you delete the program, space is wasted because of those unknown
files. Needless to say there are the registry keys that are created during installation. Even
these keys remain in the registry as null and useless data, resulting in increased size of the

In any case if you have deleted a program from the Program Files folder and you can still
see it in Add/Remove Programs then open the registry and navigate to the following key
and inspect and delete the key that shows a string in the right pane as DisplayName whose
value is the program that you deleted.:

Page | 234
A Beginners Approach to Windows


Refresh the registry and the Add/Remove programs Control Panel applet to see the

 Do not delete any unnecessary keys here. This is a very crucial part of the registry.
Any erratically deleted key could cause errors during future reinstall of the software.

 Windows has many components that you hardly will be using. An example could be the
irritating MSN messenger that starts up and sits in the background eating memory. There is
a method of removing unwanted Windows components. Here‘s how. Open the
C:\Windows\inf folder which is hidden and read-only. Goto Start >> Run >> inf, you will be
directly taken to the inf folder. In this folder search for the sysoc.inf file. Open the file and in
the Components section, simply remove the word hide. This will leave two commas
together (like on the rest of the items). Then you can go to the Control Panel / Add or
Remove Programs / Add/Remove Windows Components and the new items will be

IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 


 If you think that some virus or some malware has corrupted your Windows files then there
is an inbuilt tool that gives you the option of replacing modified (possibly infected!!) files
with the original ones from the Windows CD. You can run the System File Checker to verify
protected system files.

Page | 235
A Beginners Approach to Windows

Command line switches are:
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]
/scannow - Scans all protected system files immediately.
/scanonce - Scans all protected system files once.
/scanboot - Scans all protected system files every time the computer is restarted.
/revert - Returns the scan to its default operation.
/purgecache - Purges the Windows File Protection file cache and scans all protected
system files immediately.
/cachesize=x - Sets the size, in MB, of the Windows File Protection file cache.

Run sfc/scannow and insert the Windows CD when prompted for. There is yet another tool
that checks for the digital signature on files. To help maintain the integrity of our systems,
critical files have been digitally signed so that any changes to these files can be quickly
detected. Use sigverif to scan all digitally signed files for incoherencies.

 You must have noticed the name of your OEM (like HCL) etc. when you open System
Properties. How about changing that to your name? They Information displayed here is
stored in a file called Oeminfo.ini, found in the System32 folder in XP and System folder
on Windows 98. If non existent create the OEMINFO.INI file in the System32 folder and
enter or edit the lines:

Manufacturer=<Anything you want>
Model=<Some Supercomputer>

[Support Information]
Line1="Add whatever you want here"
Line2="with the continuation of the text on the next line"
Line3="keep the double quotes though."

Open System Properties dialog box, you'll see a Support Information button. Click on this
and the information you entered will be displayed. You can add more lines if you want to.
To add or change the bitmap image, edit or create an image with 210x105 pixels
(maximum) or smaller through Paint or your favorite image editing tool. Save the file as
OEMLOGO.BMP in Windows\System32 folder. For the Image to be displayed the
OemInfo.ini file should be present.

 Directory navigation is quite simple when you put in a ―\‖ at the end of a folder. But
navigating out? This is how you would do it with a backslash. Go to Run and type
―C:\Windows\System32\‖ and press Enter. You will find you are in the System32 folder
(Duh..?) as expected. Now go back to Run and type ―C:\Windows\System32\..\..\‖. C drive
will open up. The ―..\‖ tells explorer to navigate out of the current folder. Hence two ―..\‖ will
get you back to C drive. Therefore ―..\‖ means the previous directory. Now try the
C:\Windows\System32\.\.\ with a single dot instead of two. A ―.\‖ means the current
directory, so C:\Windows\System32\.\.\ opens System32. You can infact navigate out of
your current folder and navigate into some other folder on the same drive. For example;
open C:\Windows\System32\oobe, now in the address bar type (don‘t press enter)
―..\..\Fonts‖, so that the final address in the Address bar looks like this:
―C:\Windows\System32\oobe\..\..\Fonts‖ Now press enter, you will be taken out into
C:\Windows and then back into the Fonts folder. Pretty cool eh?

Page | 236
A Beginners Approach to Windows

 If your computer is on a Local Area Network you can chat with another user on the network
in real time. There are two methods of doing this. One is the commonly known winchat
method and the other the less common dxdiag method. To do a normal chat, go to Start
>> Run >> winchat. This will open up the windows chat program. Click on Conversation >>
Dial and then select a computer from the network either by browsing through the dialog or
by typing its name in the box provided. The other method is by using the DirectX Diagnostic
tool. This is slightly tricky so follow the instructions carefully. We shall be using the Direct X
diagnostic tool to connect to another computer solely for the purpose of chatting. Go to
Start >> Run >> dxdiag to start the Direct X Diagnostic tool. Wait till it checks for
necessary signatures etc and then click on the network tab. In the Registered DirectPlay
Service Providers select Internet TCP/IP Connection For DirectPlay. Then click on Test
DirectPlay. In the DirectPlay Test dialog box, type in a username (anything) and select the
TCP/IP service provider, select Create New session and click on OK. On the other
computer from which you want to receive messages repeat the above but at the end where
you selected Create New session, select join Existing session (leaving everything else
exactly the same). You will be presented with another dialog in which the creator of the
session will be listed. Select the session and click on Join and start chatting…..

This can be done with any of the service providers, provided that they exist on both the
computers and both the users on both the different machines have to create or join
sessions from the same service providers.

To simply send a one way message to any computer on the network use the net send
command through cmd. The syntax is as follows:

Net send [computername] “message”

The computer should be on the same domain and in the same workgroup for this command
to work properly. Else some modification in the command should be done. See Net Send ?
for more details and the full syntax.

XI.5: File & Folder Protecting Techniques

Every body has some or the other data on their computers which they wouldn‘t want anybody else
to find. You wouldn‘t like if your younger brother or somebody comes and peeks into your mail or
your personal photographs. Data protection and file & folder security is a must if you wish to have

 Convert all your computer‟s hard disk partitions to NTFS for maximum security. Use
the convert command of cmd.exe to change drive file systems without data loss. If you
prefer using third party software, use Partition Magic 7.0. It‟s the best.

I have included six methods of folder hiding and protecting using Windows itself, here. Using the
attrib command, using cacls, using CLSID values from the registry, using the copy command to
byte stuff data into images, using Windows Encryption and using Alternate Data Streams. The attrib
command is explained below.

 The attrib command basically modifies attributes of files or folders. Attributes include read only,
hidden, system and archive. These characters describe a file physically to the computer and
Windows changes its access mechanisms based on these attributes. To understand this method,
first create a folder in your computer‘s D: drive called Secret or something like that. Then open
cmd.exe and run the attrib –s –h –r D:\Secret. This command will reset all the attributes of the
folder. Here –s stands for system, -h for hidden and –r for read-only. The fact that we trying to
employ is that when you hide folder in Windows it is just hidden but when you try to hide system file

Page | 237
A Beginners Approach to Windows

or folder, Windows superhides it. Superhidden files or folders cannot be seen even if show hidden
files are enabled from the Folder Options dialog. To see Superhidden files remove the check
against the Hide protected operating system files option. Press Yes on the warning and now you
can see your folder. Superhidden files and folders cannot be seen even if show hidden files are
enabled. To super hide D:\Secret, open cmd.exe and at the command prompt type attrib +s +h +r
D:\ secret. The +s, +h and +r will set all attributes. To access the folders just reset the s and h
attributes from cmd .exe by attrib -s -h -r D:\ secret. If you find resetting and setting of attributes
tiresome, then you can open My Computer and type the path (D:\Secret in this case) in the address
bar to be taken straight into the folder. It is advised not to use the Run box since the Run history will
show the folder path and the whole motive of secrecy is lost. This is not a powerful method but I still
use it in some cases especially on FAT32 drives.

 The Access Lists (ACLs) modifier or cacls.exe can be used to prevent access to a file or folder for
specific users or everybody. Cacls.exe is a console based implementation of the Windows User
Permissions module. You can right click on most NTFS folders and access the security TAB to do it
using the GUI mode through the Properties option of the right click context menu.

The cacls command works only on NTFS drives. The following example will show you the power of
the cacls command.

Create a sub folder inside D:\Secret called Data or something and store your data inside this
new folder instead of storing it in D:\Secret. This is very very important. The reason I'll come to
later. To protect the D:\Secret folder, open cmd and type the following

D:\>cacls D:\Secret /D everyone

Where the /D will disable the folder to all types of access for everyone. The ‗everyone‘ can be
replaced by a specific user. Now try accessing the folder. You will get an ‗Access is denied‘ error.

 To see the names of all the users on your computer, open cmd.exe and type net user.

To make the folder accessible, type the following at the prompt:

D:\>cacls D:\Secret /G everyone:F

where the /G tells cacls to grant access to the specified user (everyone here) and the :F tells cacls
to give full access to the folder. Other access rights are R (Read only) W (Write and Read) and C
(Change). Instead of using the cacls command again to gain access to the folder, you can simply
type in the full path of the new folder you created inside Secret (Data in this case) in any explorer
window, and you will be taken directly into the folder where your data is stored. Again do not use
the Run command box for security reasons. But always have a backup of the data elsewhere
because ACLs for a folder may differ on different versions of Windows. If in case you get access
denied errors while granting access, then use the /C switch with the /G to continue processing on

D:\>cacls D:\Secret /C /G everyone:F

It is a known problem that reverse cacls may not work if the user who created the folder is deleted
or if the folder is being accessed through another installation of Windows. Which means that grant
access may not always work, that is the reason why I said to create another folder called Data or
anything so that in case grant access doesn‘t work, you should be able to atleast navigate straight
into the Data folder from the Address Bar of Explorer and get your data out.

The cacls command is worth a shot but has the major disadvantage that anybody with physical
access to the folder can easily use cacls and access the folder or file. In that case, a small trick that

Page | 238
A Beginners Approach to Windows

can help you is that use the cacls command in combination with attrib. People won‘t even know that
the folder exists until somebody is smart enough to use Folder Options. You cannot modify
anything of a folder after locking it out with cacls therefore use the attrib +s +h +r D:\Secret
command first and then cacls D:\Secret /D everyone. You could also use the registry to disable
Folder Options to prevent other users from using the View Tab to show Superhidden files.

If you have an entire drive full of sensitive data, then you can use the registry to lock out the entire
drive to other users. See the registry chapter for more details.

 If you have read the chapter on the Windows Registry, this next method should be a piece of cake.
But first, let us try to understand the logic. Renaming of files and folders if carried out in some ways
can act as protective measures. Windows recognizes files in two ways, through its file extension
and/or by the file header. For example if you have a .wav file called ―Tere Bin.wav‖ then the
extension tells Windows that the file is a Wave file which is basically an audio file and if file
associations has wav files associated with Windows Media Player then the icon will be the familiar
Windows Media Icon. When you double click on this file, it will by default open with Windows Media
Player. This happens because the extension .wav is registered in the Windows registry with a
unique hexadecimal number called CLSID (Class Identifier) that it should open with Media Player.
Now, if you rename the file from ―Tere Bin.wav‖ to ―Tere Bin.txt‖ and if you double click on the file, it
will open with notepad because of the extension, but if you drag and drop this text file into Windows
Media Player, it will still play. This is because of the header. The header in case of wav files is the
first 44 bytes of the file which has got information on what type of file it is etc. Windows Media
Player will of course check for the extension, finding it non compatible (.txt) it will then check for the
header, if it‘s a valid media file then it plays it, else a format not supported error is displayed. Now
we know extensions are decided by the CLSID values in the registry. So if we rename a file or
folder with a CLSID value of some other file or may be even the special folders, preceded by a dot,
then logically Windows will attempt to execute the function associated with that CLSID. Got that?
Alright…. enough of logic, here is an example.

Create a folder called Test in D Drive or anywhere. Put some data into it, some mp3 files, some 5
or 6 wallpapers and maybe 2 PDF files. Open the registry editor (regedit.exe), then open the
HKEY_CLASSES_ROOT hive because this key stores all CLSID values. Press F3 to open the find
box. Type ―My Computer‖ and press Enter to search the CLSID for My Computer. You should reach


Right Click on the key and select rename and then right click again and copy {20D04FE0-3AEA-
1069-A2D8-08002B30309D} because this huge number is the CLSID value for My Computer.
Close regedit and go back to your Test folder and rename it to Test.<CLSID>, just use Ctrl+V to
paste the CLSID, remember to put a dot between the name of the folder (whatever) and the CLSID.
Once you press enter, and if you have done everything properly then, the folder Icon should turn to
that of My Computer, not only the Icon, try double clicking the Folder, you will be surprised. Don‘t
worry your data is safe. To get your data back, just rename it back to Test using command prompt,
because normally explorer won‘t show you the CLSID value. Press TAB to complete the file name
in cmd.

To do it faster, create two batch files, one to lock (make My Computer) and the second one to
unlock (make normal). Assuming the folder to protect is in D Drive named Secret, here is the batch
file to lock. Run it from the same folder as the Secret folder.

@echo off
rename Secret Secret.{20D04FE0-3AEA-1069-A2D8-08002B30309D}

To unlock use this batch file.

Page | 239
A Beginners Approach to Windows

@echo off
rename Secret.{20D04FE0-3AEA-1069-A2D8-08002B30309D} Secret

Try out the other CLSIDS also out of the many that are available.

There is a slight problem with the above method. The CLSID part of the file name will be visible in
some cases. On some systems the whole folder name is displayed. Suppose you have named your
Secret folder with the Recycle Bin CLSID {645FF040-5081-101B-9F08-00AA002F954E} then the
whole folder name could be visible (See Print Screen)

Visible CLSID Extension – Print Screen 11.9

In such cases a user will be able to just rename the folder to anything of his choice, removing the
CLSID and returning the folder to its normal form. If the extension is not visible then even if you
rename the folder in explorer, it does not revert to a normal folder but remains as a Recycle Bin.

To prevent this from happening, you can influence the folder‘s behavior using a desktop.ini file.
Create a folder to hide your data. Open notepad and copy the following two lines as they are.


Save the file as a .ini file by selecting Save As type as All files and File name as desktop.ini. Save
the file in the folder. Now comes the interesting part. Logically the folder should have got converted
to another Recycle Bin, but it does not. What is missing is the folder not being recognized by
Windows as a System folder. When you rename a folder using a CLSID value of a System Folder
(My Computer, Recycle Bin, My network Places etc..), Windows automatically assumes them to be
System folder‘s even though their S attribute is not set. Now to complete the trick, use cmd to set S
attribute of the folder using the command attrib +s <full folder path>
Your folder should now have become another Recycle Bin without the CLSID extension in the

To retrieve your data, use cmd to remove the S attribute using the command attrib –s <folder>.

 The next method is what I prefer to use when I am sending important, data to my friends via a
floppy or e-mail. This method just byte stuffs the data to another file mentioned in the copy

Page | 240
A Beginners Approach to Windows

command and creates another file with both the original files merged. This method allows you to
copy text or other documents into another file. You could very well hide an MSWord document
inside a video file and play the video without any problem with your data safely hidden inside the
video file. The only problem will be retrieving your MSWord file. Hence it is advised to restrict this
method to only text (notepad) files and jpeg images. Create a folder in C drive called Test (or
anything). Copy a jpeg into it and then create a notepad file and use 3 or 4 Carriage Returns
before you write some data into it. This will make it easier to read the data from the image. Then
open cmd.exe and go to C:\Test. Then use the copy command in this format:

C:\>copy /b [image name] + [Text file] [destination image]

So if the name of our image was C:\Test\Earth.jpg and the text file was C:\Test\Secret.txt then
the command would look something like this:

C:\Test>copy /b Earth.jpg+Secret.txt New.jpg

This command will byte stuff the text file into the Image file and create a new image file called
New.jpg which you can mail or send via a floppy. If you want to retrieve the text, just drag and drop
the image in notepad and scroll right to the bottom, if you created the text file with carriage returns
then the text should be plainly visible. But who would think hiding text into images was possible.
(Hmmm..?) And this isn‘t even steganography…

 As we saw in the last chapter Windows on NTFS drives provides encryption at the file and folder
level. You can easily keep your data safe from other users on the same machine. Let us take a
quick example here. Re-consider your D:\Secret folder. Go to its properties, then click on
Advanced in the General tab itself. Then select the Encrypt Contents to secure data option.
When you click on Apply or OK, you will be presented with a Confirm Attribute Changes dialog,
select the second option of applying encryption to folders, subfolders and files. This is a good
administrative practice since any folders or files added inside this directory will be encrypted. To
decrypt the file or folder, follow the same procedure and remove the check mark against the
Encrypt Contents to secure data option. Do not let any other user change your password,
you will not be able to access your data if encrypted.

 The last method is a helpless extension of a very little known feature of NTFS called ADS or
Alternate Data Streams. To actually use it to hide data, we will have to understand what ADS is.

It included several new features: quotas, sparse file support, reparse points, distributed link tracking
and the Encrypting File System (EFS). ADS or Alternate Data Stream is any data attached to
another file but not within the file itself. Windows implements many of its little known functions like
additional file information and tagging files as encrypted using ADS. When a file is created as an
Alternate Data Stream, it is always created linked to another file or even a folder. The ADS is
present on the disk but isn‘t included in the file size calculating algorithm. And to top it all, a file or
folder can have any number of ADS of any sizes that is only limited by the available free space.

One of the most common uses of ADS is to store additional file information like the Author‘s name,
Word count, Pages and other document data of a word file. You can view and edit this information
by right clicking a word document >> properties and clicking on the summary tab. In fact any file will
have a summary tab on an NTFS drive so that you can indirectly edit the ADS of that particular file.
A file without any custom information added, contains a single data stream called $DATA which is
the data inside the file itself and is not an alternate data stream. Any other streams attached to it
will have the format filename.extension:ADSname:$data. When you open a normal file the
default $DATA is read which is the data in the file itself. A normal file will be of the format
filename.extension::$Data (Note there is no ADS). Imagine you had a text file full of passwords
and you had attached (We shall see how) it to explorer.exe, then to access the contents of
passwords.txt file you would have to use explorer.exe:passwords.txt:$Data. You can even have

Page | 241
A Beginners Approach to Windows

ADS for a folder!! In fact any folder on a NTFS system. You could then store your passwords.txt file
attached to C:\Windows!!

You can attach any number of files to any single file or folder. That means you could attach a 600
MB ―Chak De.mpg‖ to a 4 MB ―Summer of 69.mp3‖ without increasing the size of your mp3 by a
single byte!! Windows does not show the attached file in explorer or by any normal means. The
whole 600 MB can be stored on to the hard disk (without anybody knowing) and retrieved later.
Since ADS is not stored inside the parent file, the size of the mp3 remains the same!!

That kinda sounds far fetched right? Alright let‘s have a small demonstration. I will show you how
you can attach a text file to another file. Let‘s use explorer.exe and passwords.txt

 Open Notepad and type the following:
These are web services and their respective passwords. You could type in anything you want. Then
save the file as passwords.txt in C: drive.

 Then go to Start >> Run >> cmd to open the command prompt. cd.. your way to C:\> then type
the following:

C:\>type passwords.txt > C:\Windows\explorer.exe:passwords.txt

Delete the original passwords.txt file from C: drive. The above command is self explanatory but for
all those who didn‘t grasp its entirety, here‘s how it works. The type command is a cmd internal
command to display the contents of a file, so type [filename] will display the contents of the text
file. The >, also called as the output redirection operator is used to redirect output from one
command to another command or file. C:\Windows\explorer.exe:passwords.txt is the ADS to
explorer.exe called Passwords.txt. Now your file is safe and since you have attached it to
explorer.exe (highly unlikely to be deleted) you can sleep well.

To retrieve the text file or the data inside, you can again use the command prompt or notepad.

 Using command prompt:

C:\>more < C:\Windows\Explorer.exe:Passwords.txt

More is used to display output one screen at a time. Conveniently type does not work to display file
contents here. The <, also (you must have already guessed it) called the input redirection operator
takes the file contents from the file and gives it to more so it is displayed a (screen) page at a time.
To dump it back to a text file use

echo | more < C:\Windows\Explorer.exe:Passwords.txt > Passwords.txt

This is slightly complicated. Echo is used to display whatever is given to it as an argument. Echo
Hello will display Hello. The pipe (|) is used to pass the output of the more command to echo and
the > is used to dump whatever got echoed to the text file Passwords.txt. Ok? Here is a simpler

 Using notepad: Go to Start >> Run and type the following.

Notepad C:\Windows\Explorer.exe:Passwords.txt

Notepad should open up displaying the contents of the file. You can then use File >> Save As to
save it anywhere you want.

Page | 242
A Beginners Approach to Windows

These are just two of the methods to read and write of the many that you can have. Just manipulate
your cmd commands and think…

Since ADS is any data attached to another file, it will be deleted only if you delete the parent file (or
use a third part tool to delete… Sysinternals (now under Microsoft) provides a tool called streams).

I wrote a tool some time ago that would allow users to create, delete, modify and extract alternate
data streams using Visual Basic 6.0, although not available for download, here‘s a screenshot of
the application:

NTStream: An application to work with NTFS ADS – Print Screen 11.10

Always remember the name of the data stream and the parent file to which you attached it.
Creating data streams could take up valuable hard disk space (if you are planning to hide movies
[;)]). You can use ADS to hide any type of data, even executable code. Although that‘s not good
administrative practice, it can be done. Viruses and worms like Email-Worm.Win32.Dumaru.a and
Win2K.Stream use ADS to spread. Use ADS efficiently and non-maliciously, use it to your

Page | 243
A Beginners Approach to Windows

XI.6: Eggs & Bugs

Eggs are defined as deliberate programming errors or small animation or unexpected stuff left
deliberately inside a program by the creator just for the sake of some fun. Many program eggs are
simple animation or list of programmers or calendar or names of countries and things like that.
Many of these eggs are activated by a special key combination or a mouse click at a very precise
location in the program interface. Most of these are found in screensavers and the games that
come shipped with Windows. Other Applications like Microsoft Word & Excel also have their share
but their discussion is beyond the context of this text.

 In Freecell (I don‘t know who else plays this except me….) press Ctrl + Shift + F10 during
game play (when the cards are lined out), you will be presented with a Abort Retry Ignore
box. Press Abort and move a card on the screen to win the entire game.

 For all the solitaire lovers this ones a gem. Press Alt + Shift + 2 from the keyboard to force
an easy win anytime during the game. Press any key to come out of the animation and
when asked to deal again select No. You will be then left with a blank green screen. Press
Alt + Shift + 2 again and check out the cards come out of the screen.

 In Solitaire again, draw from the deck at least twice. Hold control and drag a card down
from the deck. Press the "A" key and then let go of the left mouse key. You will get 10
points for this. Continue doing this for infinite points!! The cards will look weird while
dragging though…

 Pinball has got several cheats that allow you to easily surpass any previously recorded
highest scores. At the first screen before launching the ball type the following to activate the
respective function:
 1max : Gets you extra balls at the start of a new ball.
 gmax : Activates the gravity well.
 rmax : Go up in ranks.
 bmax : No notification will be given that this is activated but when a ball is lost a
new ball will appear from the yellow wormhole indefinitely.
 hidden test : You can move the ball around with the mouse. Left Click and keep
mouse button pressed to move around. No notification is given that this mode is

Bugs are always found in some program or the other. No program can ever be made bug free. Best
example that I can think of is a calculator. When you are programming a calculator, the user will
enter numbers through a text box and click on the function (add, subtract, divide, multiply etc.). Now
what may happen is that, you cannot be certain that the end user is actually going to type a number
in the text box. A text box is meant to take in strings, you will internally (in the code) have to make
sure that the character entered can be converted to an integer. So you won‘t be able to enter your
name in the text box because that will give an error. You can also program the calculator in such a
way that it will cause execution to jump to another function that checks if entered character can be
converted to a number, if it can, proceed ahead else display a message or clear the text field. This
function that handles the error is called an error routine. More prominent bugs are the divide by
zero errors and factorials, but these can be checked with the help of error routines.

Programming bugs in Windows are exploited by hackers to run applications on remote machines.
This is both difficult to perform and extremely dangerous. Hence the need to keep your system
patched. Read the Appendix for details and an overview on Security.

Page | 244
A Beginners Approach to Windows

Windows has files to simulate the existence of some devices in its architechture. These virtual
devices include the nul device, the comN (N = 1,2,3…9) ports, the two pipes, aux, con (console),
lptN (N = 1,2,3) and the prn device for printer. You cannot by normal means create a folder or file
in Windows with any of these names. (There‘s a challenge waiting here…) The folder will simply not
recognize the name and revert back to New Folder. In Windows XP, if you go to Start >> Run and
type C:\nul, Windows pops up a box to ask you which application to use to open this type of file. If
you select notepad, you get an ―Incorrect function‖.

 Do not try executing a location through a Start >> Run C:\nul\nul or C:\con\con or
for that matter any combination of these or other virtual devices on Windows 98 or
Windows 95. Windows 98 does not have the necessary exception handling for
references to such devices and may crash.

Page | 245
A Beginners Approach to Windows


1. Create a folder called con in C:\.

Page | 246
A Beginners Approach to Windows

Keyboard & Program Shortcuts

This chapter lists most of the possible keyboard shortcuts that exist on a Windows machine. This
chapter will surely make your life easy. Individual applications have their own shortcuts to navigate
through their child windows. This chapter will highlight only the Windows Keyboard Shortcuts.

After this chapter the reader should be able to:
 Use various Windows keyboard shortcuts.

Page | 247
A Beginners Approach to Windows

All applications have shortcuts, but they are usually not user known, and it may so happen that you
may accidentally stumble upon one shortcut and feel a great sense of elation. It is the case with all
Windows users; Users, who have used Windows as their primary OS for quite a time now, will
hardly use the mouse. Most commands and windows and applications can be handled through the
keyboard. This is easier since almost all tasks can be performed by using the keyboard. I am not
saying the mouse is not necessary, it is absolutely necessary otherwise how are you gonna play
Unreal Tournament, but using the keyboard for common tasks can relieve lot of tension caused by
moving the mouse and clicking the right button.

Most of the shortcuts mentioned here are taken from the Microsoft Knowledge base, reformatted,
condensed and rewritten for the sake of easier application of them.

XII.1: Windows Shortcuts

Windows is full of shortcuts. Remember the general rule, a button or menu is accessible through
the keyboard by pressing the ALT + (underlined letter) combination. If you cannot see any
underlined letters on menus then press the ALT key on the keyboard to show all the underlined
letters for the current active program.

General keyboard shortcuts
These are general purpose shortcuts that can be used when you are on the desktop or when you
are working with Windows.

Keyboard Combination Action / Output

CTRL + C Copy

CTRL + X Cut

CTRL + V Paste

CTRL + Z Undo


SHIFT + DELETE Delete selected item permanently without moving to the
Recycle Bin

CTRL while dragging an item Copy selected item

CTRL + SHIFT while dragging an Create shortcut to selected item

F2 Rename selected item

CTRL + RIGHT ARROW Move the insertion point to the beginning of the next

CTRL + LEFT ARROW Move the insertion point to the beginning of the
previous word

CTRL + DOWN ARROW Move the insertion point to the beginning of the next

Page | 248
A Beginners Approach to Windows

CTRL + UP ARROW Move the insertion point to the beginning of the
previous paragraph

CTRL + SHIFT with any of the Highlight a block of text
arrow keys

SHIFT with any of the arrow keys Select more than one item in a window or on the
desktop, or select text within a document

CTRL + A Select all.

F3 Search for a file or folder.

ALT + ENTER View properties for the selected item

ALT + F4 Close the active item, or quit the active program

ALT + Enter Displays the properties of the selected object

ALT + SPACEBAR Opens the shortcut menu for the active window

CTRL + F4 Close the active document in programs that allow you
to have multiple documents open simultaneously.

ALT + TAB Switch between open items.

ALT + ESC Cycle through items in the order they were opened

F6 Cycle through screen elements in a window or on the

F4 Display the Address bar list in My Computer or
Windows Explorer

SHIFT + F10 Display the shortcut menu for the selected item

ALT + SPACEBAR Display the System menu for the active window

CTRL + ESC Display the Start menu

ALT + Underlined letter in a menu name Display the corresponding menu

F10 Activate the menu bar in the active program.

F5 Refresh the active window

BACKSPACE View the folder one level up in My Computer or
Windows Explorer

ESC Cancel the current task

SHIFT when you insert a CD into Prevent the CD from automatically playing.
the CD-ROM drive

Page | 249
A Beginners Approach to Windows

Dialog box keyboard shortcuts
Keyboard Combination Action / Output

CTRL + TAB Move forward through tabs

CTRL + SHIFT + TAB Move backward through tabs

TAB Move forward through options

SHIFT + TAB Move backward through options

SPACEBAR Select or clear the check box if the active option is a
check box

F4 Display the items in the active list

Natural keyboard shortcuts
Most keyboards have the Windows Logo key and the Right Click menu key. You can use these
keys, especially the Windows Logo key in combination with various keys on the keyboard to access
some features of Windows.

Keyboard Combination Action / Output

WinKey Display or hide the Start menu

WinKey + BREAK Display the System Properties dialog box

WinKey + D Show the desktop

WinKey + M Minimize all windows

WinKey + SHIFT + M Restores minimized windows

WinKey + E Open My Computer in Explorer view

WinKey + F Search for file or folder

WinKey + CTRL + F Search for computers

WinKey + F1 Windows Help

WinKey + L Switch User or Lock Computer

WinKey + R Run Dialog Box

WinKey + U Open Utility Manager

WinKey + (Shift) + Tab Cycle through Taskbar Open Programs

Accessibility keyboard shortcuts
Keyboard Combination Action / Output

Page | 250
A Beginners Approach to Windows

Right SHIFT for eight seconds Switch FilterKeys on and off

Left ALT + left SHIFT + Print Switch High Contrast on and off

Left ALT + left SHIFT + Num Switch MouseKeys on and off

SHIFT five times Switch StickyKeys on and off

NUM LOCK for five seconds Switch ToggleKeys on and off

Windows Explorer keyboard shortcuts
These shortcuts can be used in any explorer window.

Keyboard Combination Action / Output

End Display the bottom of the active window

Home Display the top of the active window

Num Lock + * [on numpad] Display all subfolders under the selected folder

Num Lock + - [on numpad] Collapse the selected folder

Left Arrow Collapse current selection if it's expanded, or select
parent folder

Right Arrow Display current selection if it's collapsed, or select first

Ctrl + Left Arrow Adjust the Left pane towards the left

Ctrl + Right Arrow Adjust the Left pane towards the right

Backspace Go to a higher level without collapsing any folders

Page | 251
A Beginners Approach to Windows

Troubleshooting Common Problems

This chapter aims to provide you with reference information that you can use to troubleshoot you
Windows installation. Most troubleshooting is defined and that too extremely to the detail in
Windows help. This chapter covers some very common problems that users can face. Ten such
errors are corrected using troubleshooting or by direct response. The Windows Recovery Console
is also covered with a general description of commands and laying stress on the important ones.

After this chapter the reader should be able to:
 Use the Recovery Console to write a new boot.ini file and a new MBR.
 Correct some common problems that can occur in Windows.
 Explain the difficult to understand Windows Errors (Exceptions and Illegal errors)

Page | 252
A Beginners Approach to Windows

Nothing is perfect. Windows has its own set of difficulties just like any other Operating System.
Troubleshooting Windows is the process of going to the root of a problem by following a path and
eliminating options one by one till you get to the end. Windows has its own interactive
troubleshooters that correct many problems right from graphics to booting of your computer.
Windows now provides something called as the Recovery Console and the repair option so that you
don‘t have to format your computer and reinstall everything. Data is safe and so are all your
settings. Getting back to your desktop has never been easier.

XIII.1: The Recovery Console

The Recovery Console of Windows 2000 and Windows XP comes as a boon to people like me who
experiment a lot with their Windows installation and could end up a wall anytime. The Recovery
Console is a non GUI DOS kind of environment having a fixed set of commands that allow users to
correct several common problems. The Recovery Console has to be run from the original Windows
Installation disk or it can also be installed as a boot option with an entry in the boot.ini file. The
second option of installing the Recovery Console as a boot option is better since it will run of the
hard disk and will be faster (and will also save some scratches of your CD). The CD will be there in
any case if the hard disk Master Boot Record (MBR) has become corrupt or due to any other
undocumented problem that prevents you from starting your computer. You can even create a new
boot.ini file and disable or enable services.

To install the Recovery Console insert the CD into the drive and at the Run prompt type the
following at the Start >> Run box:

G:\I386\winnt32.exe /cmdcons

where G: is the name of the CD ROM drive, change it accordingly on your computer. Follow the
onscreen instructions and you will have the Recovery Console installed in no time. It gets added as
a boot option with a 30 second timeout. Lower the timeout if you wish to by using msconfig or by
editing the boot.ini file. The next time you restart your computer you will see it in the Startup options
for boot.

When using Recovery Console, you can view and reuse previous commands by pressing the UP
ARROW and DOWN ARROW keys, which move you forward or backward through your command
history. For the list of Recovery Console commands that follow, brackets ([]) enclose optional
parameters and a pipe (|) separates mutually exclusive choices. Recovery Console commands and
parameters are not case sensitive. Most of the commands that exist in the Recovery Console are
also present in cmd.exe therefore they will no be covered here. A complete list of the commands is
given in the Appendix at the end of the book.

Use the batch command to run the commands specified in a text file. Use the following syntax:

batch inputfile [outputfile]
Parameter Description
Specifies the text file (by using [drive:][path][filename] format) that
contains the list of commands you want to carry out.
If specified, stores the output of the Batch command in the specified
file. If you do not specify a value for outputfile, the Batch command
displays its output on the screen. Specify outputfile by using
[drive:][path][filename] format.

Page | 253
A Beginners Approach to Windows

The batch command cannot call itself recursively. Do not include the batch command in the file
specified by the inputfile parameter.

For x86-based systems, use the bootcfg command to scan your hard disks and use the
information to modify the contents of the Boot.ini file or rebuild a new copy. Use the following

bootcfg [/add] [/default]| [/list] [/rebuild] [/scan]
Parameter Description
/add Adds a Windows installation to the operating system boot menu list.
/default Sets the default boot menu.
/list Lists the entries already in the boot menu list.
/rebuild Scans hard disks for Windows installations and to select which to add.
/scan Scans all disks for Windows installations and display the results.

Use the chkdsk command to check a volume, and if needed, to repair the volume. Also, use
Chkdsk to recover and move readable information before marking bad sectors as unusable. Use
the following syntax:

chkdsk [drive:] [/p]|[/r]
You can use Chkdsk without parameters. When you do not specify a volume, Chkdsk
runs on the current volume.
Parameter Description
drive: Specifies the volume that you want Chkdsk to check.
Performs an exhaustive volume check. This parameter does not make
any changes to the volume.
Locates bad sectors and recovers readable information before marking
them as unusable. Implies /p.

Chkdsk requires the file Autochk.exe. If Chkdsk cannot find Autochk in the systemroot\System32
directory, it attempts to locate Autochk on the Windows installation CD. If you are using a multiple
boot configuration, verify that you are issuing this command from the volume containing the proper
version of Windows you wish to work with.

Use the dir command to display a list of the files and folders in a directory. Use the following

dir [drive:][path][filename]
Parameter Description
drive: Specifies the volume of the directory for which you want a listing.
path Specifies the directory for which you want a listing.
filename Specifies the file for which you want a listing.

Page | 254
A Beginners Approach to Windows

In Recovery Console, the dir command functions differently, listing all folders and files, including
those with hidden and system attributes set. For each file and subdirectory, the dir command lists
its attributes (if they apply) by using the following abbreviations.
a Archive
c Compressed
d Directory
e Encrypted
h Hidden
p Reparse point
r Read-only
s System file
You cannot use wildcard characters with this command.

Use the disable command to disable a service or driver. Use the following syntax:

disable servicename
Parameter Description
servicename Specifies the service or driver that you want to disable.

Use the related command listsvc to view a list of service and driver names for your system. The
disable command displays the previous start type of a service before changing it to
SERVICE_DISABLED. Record this value so that you can restore the original state of a service after
troubleshooting a problem.

Use the diskpart command to manage the partitions on your hard disk. For example, to create or
delete disk partitions, use the following syntax:

diskpart[/add|/delete] [device-name|drive-name|partition-name] [size]
Parameter Description
/add Creates a new disk partition.
/delete Deletes an existing partition.
Specifies the name of the device for which you want to create or
delete a partition, for example, \Device\HardDisk0. To obtain the
name of a device, view the output of the map command.
Specifies the drive letter of the partition that you want to delete, for
example, D:. Use only with /delete.
Specifies the partition that you want to delete; can be used in place
of the drive-name parameter. For example, \Device\HardDisk0. Use
only with /delete.
Specifies the size, in megabytes, of the partition you want to create.
Use only with /add.

If you do not use a parameter, a user interface for managing your partitions appears. Use this
command with caution because this command can damage your partition table if the disk has been
upgraded to dynamic disk.


Page | 255
A Beginners Approach to Windows

Use the enable command to enable or change the startup type of a service or driver. Use the
following syntax:

enable servicename [start_type]
Parameter Description
servicename Specifies the service or driver that you want to enable.
Specifies the startup type for a service or driver. Valid values are:

If you do not specify a new start type, the enable command displays the previous start type.

Use the expand command to expand a compressed file stored on the Windows operating system
CD or in a cabinet (.cab) file, and copy it to a specified destination. Use the following syntax:

expand source [/f:filespec] [target] [/y]
expand source [/f:filespec] /d
Parameter Description
Specifies the file you want to expand (by using
source [drive:][path][filename] format). You cannot use wildcard characters
(* and ?).
Specifies the destination folder and/or file name for the new file using
[drive:][path][filename] format.
Specifies the specific file(s) you want to expand if the source contains
more than one file. Wildcards are optional.
Specifies that the confirmation prompt that appears when attempting
to overwrite an existing file is not required.
Specifies that files display, but does not expand the files in the cabinet

Use the fixboot command to rewrite the boot sector code to the system volume. This is useful for
repairing a corrupted boot sector on x86-based systems. If you need to replace the boot sector of a
volume that is not the system volume, then you must specify the appropriate drive letter. Use the
following syntax:

fixboot [drive:]
Parameter Description
Specifies the volume drive letter on which to rewrite a new boot

If you do not specify a drive, the default is the system boot volume.

Page | 256
A Beginners Approach to Windows

Use the fixmbr command to rewrite the master boot code of the master boot record (MBR) of the
startup hard disk. This command is useful for repairing corrupted MBRs. Use the following syntax:

fixmbr [device-name]
Parameter Description
device- Specifies the name of the device that needs a new MBR, for
name example, \Device\HardDisk1.

If you do not specify a device, the default is disk 0. If disk 0 is not the device that needs repairing,
you can obtain the device name of other disks by using the map command. If the fixmbr command
detects an invalid or nonstandard partition table signature, it prompts you for permission before
rewriting the MBR.

Use the help command to view Help information for Recovery Console commands. Use the
following syntax:

help [command]
Parameter Description
command Specifies the command for which you want to view Help information.

Use the command parameter to specify a name of any Recovery Console command. If you do not
specify a parameter, Help lists all the supported commands.

Use the listsvc command to view details about the services and drivers on your system, including
service start types. Use the following syntax:


Use the listsvc command together with the disable and enable commands. The information
displayed is extracted from the System registry file that is located in the
systemroot\System32\Config folder. If the file System is damaged or missing, the information
displayed might be inaccurate.

Use the logon command to detect and log on to Windows installations. Use the following syntax:


You must correctly enter the local Administrator password within three attempts or the computer

Use the map command to list all drive letters, file system types, volume sizes, and mappings to
physical devices that are currently active. Use the following syntax:

map [arc]
Parameter Description

Page | 257
A Beginners Approach to Windows

Use the arc parameter to force the use of the Advanced RISC
Computing (ARC) specification format to describe paths instead of
using device paths. You can use this information to create or repair
the Boot.ini file.

Use the set command to set Recovery Console environment variables. Use the following syntax:

set [variable = value]
Environment Var Description
Set to TRUE to enable wildcard character (* and ?) support
AllowWildCards for some commands, such as DEL, that do not otherwise
support them.
Set to TRUE to allow access to all files and folders on the
Set to TRUE to allow files to be copied to removable
media, such as floppy disks.
Set to TRUE to suppress the confirmation prompt that
appears when overwriting a file.

To display the list of current environment variables, use the set command without specifying a

Sets the current directory to the systemroot directory of the Windows installation with which you are
currently working. Use the following syntax:


Recovery Console on the whole does not support wildcards but this setting can be overridden by
using the environment variable AllowWildCards.

You even have the option of repairing your current installation of Windows, just insert the
installation CD and boot from it. At the second page you will be prompted to press R to start
repairing your current installation. This is the best option if your OS is severely damaged by
accidental deletion of system files of file corruption by viruses or something. Repairing does not
delete your settings (and that includes your My Documents folder) but just deletes the system files
form system32 and Windows and copies new files from the CD. All your drivers, Program Files and
Documents and settings are kept intact.

XIII.2: A List of Common Problems

Windows can have many problems if not taken care of properly. Providing you the best, it asks for
nothing more than proper care. Below is a list of some of the most common problems that can
occur on a normal Windows home desktop. These problems have been resolved in a manner which
will help you understand what caused the problem in the first place. Commonly you will get a wide
variety of hardware problems and their solutions anywhere but this section of the text combines the
most common software as well as hardware problems. For other more conscious problems use the
Windows troubleshooters. You can access them by going to Start >> Help & Support and by
searching for ―Troubleshooters‖.

Page | 258
A Beginners Approach to Windows

1. Monitor out of Frequency
Sometimes when a program (a game for example) changes the current display frequency of your
monitor to one that is not supported, the monitor may go off or a flashy message box will be
displayed saying that the monitor has gone out of frequency. Many users panic and end up
reinstalling Windows. There is a simple solution that can get your monitor back to life.

This problem may also occur if you change your screen resolution to a higher (say from 800X600 to
1024X768 pixels) mode which may not be supported by the monitor frequency at that mode. Many
standard monitors operate at a frequency of 60 Hertz. To see your current monitors frequency,
open Display Properties. Go to the Settings tab and click on Advanced to open the Plug and Play
Monitor properties. The number of tabs over here depends on the Video card and its drivers. But
the one in which we are interested is the Monitor tab which has the Monitor refresh frequency
displayed. If your monitor goes out of frequency then restart your computer from the Cabinet. You
will lose all unsaved data. Press F8 just after the ‗Press Del to Enter Setup‘ message. Select the
‗Enable VGA mode‘ from the Advanced startup options to start your computer in the lowest
resolution. Then once your computer starts normally, readjust the screen resolution and monitor
refresh frequency to values that the computers hardware can survive on.

2. Crashing Applications and Hazy Games
When you install a game or an application that switches over to full screen, you may face problems
like the application may terminate or crash unexpectedly. The game might run with lot of difficulty, it
may take an extremely long time to load or the visuals of the game may have ―burnt out‖ (a white
hazy display). In most of the cases the culprits are the display settings, DirectX and/or the video
memory. Increasing the amount of physical memory does help but there are always workarounds. If
you have 128 MB of memory then you could opt for another stick of 128 (of the same frequency) to
make the total to 256 which is fairly fast. The game loading will be resolved. Some games have a
minimum requirement of 256 MB of RAM.

If the problem persists, then try running the application or the game at a lower resolution or graphic
acceleration. Most games have a settings page where you can lower the game graphics
acceleration and the screen resolution. A standard resolution of 800x600 pixels can overcome
many a problems. Try playing the game at lower graphics acceleration.

For all Display and sound related applications (which include games) you require the latest version
of Direct X. You can download the latest version from the Microsoft website, the current latest
version is Direct X 9.0c. To see what you have got installed on your computer, goto Start >> Run
>> dxdiag to open the DirectX Diagnostic Tool. On the first page itself, the DirectX version will be
given along with other important system information. Display problems may also arise if the correct
version of DirectX has been incorrectly or incompletely installed. Check the second tab (DirectX
files) to see if any there is any incoherency with the installed files. See the notes on the screen to
correct any errors. The third tab is the display which shows all the necessary information related to
your video card. You can disable DirectDraw and Direct3D from here. These have to be disabled
only in an extreme situation. You can test DirectDraw and Direct3D here. If the results are
successful then please do not disable any option here.

Finally try ending explorer and child processes and then play the game or run the application. To do
this open Task Manager (Ctrl + Alt + Del) then under the Processes tab right click explorer.exe and
select End Process tree. Then go to File >> New Task and browse for the game or the application
that is causing the problem and run it. It should run by availing the memory that has become free
due to the terminating of some processes. To get back your desktop, type explorer in the New Task
box and press Enter.

Page | 259
A Beginners Approach to Windows

3. Inability to create a new Dial up connection
We connect to the internet in many different ways including DSL modems, Broadband connections,
VPN Networks and Dial up connections. The most widely used of these, the Dial Up connection
allows you to access the internet through a phone line. You have to have a modem and a phone
connection and an account with your ISP. You have to create a Dial Up connection to connect to
the internet which will dial through your computer and authenticate you to logon.

You can create a new connection by opening Network Connections from the Control Panel and
then by selecting Create a new connection from the common tasks pane to the left of the window. If
the pane is not visible you can go to File >> New Connection to start the New Connection Wizard.

Sometimes, usually after an upgrade, you are not able to create a new connection especially a
remote access or Dial Up connection. All items on the "Network Connection" page of the New
Connection Wizard will be unavailable (dimmed). The network connections folder may be empty.
The Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF) services do not
start because of dependency failure. If you open services.msc and try starting the Remote Access
Connection Manager, you will be presented with the following error:

Could not start the Remote Access Connection Manager service on Local Computer.

Error 5: Access is denied

You will receive this error message even when you are logged on as Administrator or in an account
that has admin privileges.

You will not be able to create a new connection if one of the following is true:
 You install Service Pack 1 (SP1) for Windows XP, and then use the System Restore feature to
restore Windows to a state before the installation of the service pack .
 You install SP1 for Windows XP when Windows XP Home is installed and then you upgrade to
Windows XP Professional.
 You install Windows XP Home Edition (SP1) and then upgrade to Windows XP Professional in
the 30 day activation period.

To resolve this problem reinstall the SP1 for Windows XP again. If you cannot install the Service
Pack then you will have to manually edit the registry. Open the registry editor and navigate to the
following key:


Take a backup of this key by going to File >> Export and save it with a file name of rasman. Then
verify that the Objectname string in the Rasman key is set to Localsystem. If not then modify it to
LocalSystem. After you do this, delete the following keys by right clicking and selecting delete from
the context menu:


Restart your computer for the change to take effect. To prevent this problem from occuring, install
the Q329441critical update from the Microsoft Update website. Use the advanced search in the
Windows Update Catalog. After applying this update you can upgrade to Windows XP Professional.

Page | 260
A Beginners Approach to Windows

4. No Sound or crackled audio
One of the most common problems faced by majority of users. The solution could be as simple as
plugging in the audio jack to the correct port of your audio card. If you cannot hear any audio then
try one of the following or all of them in the order given below:

Try playing some other audio file. It may so happen that attached information to the audio file is
corrupt or the file itself is corrupt with a misplaced header. If you cannot hear any other file then
check for connectivity. Check the power and the audio jack connector to the audio input on your
cabinet. Different speaker sets have different cable configurations. Consult your speaker
documentation to be sure of the correct configuration. If still the problem persists then go to Start >>
Run and type sndvol32 to open the Volume Control for your computer. Go to Options >>
Properties and select the Mixer Device to your sound device. Select the Playback option and put a
check against all components in the show volume controls for frame. Click on OK to come back to
the volume control panel. Remove the mute check (if any) for all components except microphone.
Increase the volume slider to full on all components. Keep the balance sliders in the centre and
close the control.

Make sure that your current audio device is the default device for Windows. To do this open Control
Panel and go to Sounds and Audio device properties. On the Audio tab, click your sound device
in the Default device lists under both Sound Playback and Sound Recording. Click on Apply to save
changes. If the problem still persists then open Device Manager and check if the device is enabled.
To do this double-click Sound, video and game controllers, right-click your sound device, and
then click Properties. Under device usage, make sure that use this device (enable) is selected.
Make sure Windows is configured to use the audio device connected. Under the Properties tab of
your Audio Device Properties dialog expand Audio Devices and select your device and then select
Properties and then click on Use Audio features on this device. Click OK until you return back to
Device Manager, you may be prompted for restart, anyways just restart your computer.

The last option that remains if still your device does not work then try reinstalling the device. Open
Device Manager and right click on your audio device under Sound, video and game controllers and
select Uninstall. Restart your computer. This will cause the computer to reallocate new resources to
newly found hardware (your audio card in this case). Once your computer starts, reinstall the device
by running the Add Hardware Wizard.

Do not keep any magnetic or electrical objects close to your speakers, since the speakers
themselves have magnets inside which may get damage or the magnetic field may disintegrate or
distort resulting in crackled audio. Keep mobile phones and Radio Frequency (RF) devices
(including transistors, walkie talkies and radio instruments) away from the speakers or your cabinet
and monitor in general.

5. Slow startup and/or slow shutdowns
Majority of slow startups are related to startup programs or device drivers. Start your computer in
Safe Mode, by pressing F8 at the display of Operating Systems. Once in Safe Mode, open
msconfig and go to the Startup tab and remove the check marks of all options in the list. This will
disable all the startup items. Then restart the PC after msconfig prompts you to. This solves the
problem in majority of the cases. You will not have the luxury of some of the important startup items
like Antivirus software or sound and video settings manager (these are specific to hardware). You
can re-enable the items one by one and check to see if the problem recurs. If the item is a non
essential component that has been installed without your knowledge, you can uninstall it. Update
your antivirus and run a full system scan because majority of the viruses run at startup. Get an
antivirus that scans even the MBR of the floppy and the hard disk (McAfee of Network Solutions is
a good one).

If disabling all items does not resolve the issue then likely it is a service or device driver. Open
msconfig and under the services tab select the Hide All Microsoft Services. This will display all the

Page | 261
A Beginners Approach to Windows

Non-Microsoft Services with their Status on your computer. Disable all of them and then start your
computer in normal mode. Re-enable them one by one and check if the problem recurs. If it does
then the last enabled service was the culprit.

If still the problem persists then the last thing to do is to select the Startup type to Diagnostic
Startup under the General tab of msconfig.

Slow shutdowns can be caused by a number of factors, one of the major and the most common
cause is the Clear Pagefile at shutdown option enabled. Virtual memory support uses a system
pagefile to swap pages of memory to disk when they are not used. On a running system, this
pagefile is opened exclusively by the operating system, and it is well protected. However, systems
that are configured to allow booting to other operating systems might have to make sure that the
system pagefile is wiped clean when this system shuts down. This ensures that sensitive
information from process memory that might go into the pagefile is not available to an unauthorized
user who manages to directly access the pagefile.

When this option is enabled, it causes the system pagefile to be cleared upon clean shutdown. This
takes considerable time of the Operating System to flush-out the pagefile, thus causing the slow
shutdown. You may disable ClearPageFileAtShutdown option to improve shutdown times. But the
pagefile.sys will be intact and accessible via other Operating System, in case or dual or multi-boot.
Open the registry editor and navigate to the following key and change the value of
ClearPageFileAtShutdown to 0 disable the flushing of the page file(s).

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

Non responsive programs or services also contribute to slow shutdowns. Lowering the
WaitToKillServiceTimeout value in the registry may also help. Open the registry editor and
navigate to the following key and reduce the value of WaitToKillServiceTimeout (default being
20000ms) to your preference. By doing so, we're forcibly closing a non-responsive service.

Another method of doing a faster shutdown is by forcing all applications to close irrespective of
what they are and how important they are. This has to be used in the most extreme situations:
Create a Windows XP shutdown shortcut as explained in the Tips & Tricks chapter, but add a –f
parameter to it so that the final command looks something like this (may look different depending
on the timeout and comment that you have given):

Shutdown.exe -s -f -t 12 -c “This computer is about to shutdown!!”

Use this shortcut to force open applications to close immediately.

6. Burnt or hazed desktop icons
It may so happen that the desktop icons or drive icons may appear burnt or hazed. Icons may get
patchy backgrounds or may appear distorted. There could be two reasons. One is that your screen
resolution is set at a lower color (standard is 32 bit) or the IconCache.db file of the current user
account has become corrupt.

To change the color depth, open Display Properties and under the Settings tab change the Color
quality to Highest. Click on Apply. The screen will go blank (or you may be asked to restart
depending on the setting) and your desktop will be reconfigured.

If this does not cure the Icons then definitely it is the case of a corrupt Iconcache.db file. This file is
found in the %homepath%\Local Settings\Application Data directory and contains the Icon
information about all the desktop and other icons specific to the logged on user. The file may be
hidden. Use the Tools >> Folder Options to unhide the file under the second tab. Just delete this file

Page | 262
A Beginners Approach to Windows

and do a normal restart. This file will be re-created at the next user logon complete with new and
fresh icons.

7. Windows Could Not Start <Some File Missing>
There are times when Windows may not start at all. The screen will just show a message saying
that some file is missing or is corrupt. Usually it is the C:\Windows\System32\Config\System file
or the C:\Windows\System32\Config\Software. As you already know these files are part of the
Windows registry and are extremely important. Due to inappropriate access by a malicious program
these files can be tampered with. To start your computer you will have to replace them with the
originals found in the C:\Windows\Repair folder. Follow this procedure for ONLY the file that is
said to be corrupt or missing.

Start your computer with the Recovery Console and at the prompt navigate to the Config folder and
rename the current (corrupt) System and Software to System.old and Software.old. Then use the
copy command to copy the originals from the repair folder. The following commands in order will do
the job:

C:\Windows> cd System32\config\
C:\Windows\System32\Config> ren system system.old
C:\Windows\System32\Config> ren software software.old
C:\Windows\System32\Config> copy C:\Windows\Repair\System System
C:\Windows\System32\Config> copy C:\Windows\Repair\Software Software

Restart your computer by typing Exit. You may have to reconfigure most of your programs and your
hardware. Many programs will not work as expected since the entire bunches of the registry have
been replaced. Don‘t frown, at least your desktop is back.

8. HAL.DLL Missing or Corrupt
More often than not a missing Hal.dll or corrupt Hal.dll is the result of the Boot.ini having a syntax
error or a corrupt boot sector. Boot through the Recovery Console and use the bootcfg command
with the /rebuild switch to rebuild the boot.ini file. Use the bootcg /list command to view the whole
list of Installed Operating Systems. If this does not work then run chkdsk with the /r switch on the
system drive (usually the C: drive) to check for bad sectors. Once the scan is complete, repeat the
previous step.

XIII.3: Windows Errors

Errors usually occur in a program when data what is read by the application is corrupt or the
method of fetching the data is not understood by the Operating System. Errors occur on all OSs but
of all of them the Windows Blue Screen is the most famous. The Blue Screen Error of Windows is
distinct to Windows 98. In Windows 98 if you are playing something or reading data from a CD and
you eject the disk out then a Blue Screen is displayed whereas on Windows XP a Continue, Abort,
Retry box is provided. The Blue screen error can also occur on Windows XP but its presentation is
different. The thing that is common in both is that both provide little information on what went

Windows XP has the Event log which can be accessed from the Computer Management snap in
which records all information in log files which can be read later to get to the problem. Windows 98
is left on its own. Illegal Operation errors, Exception errors and Kernel errors are the three types of
errors that usually occur. A crashing application will show a blue screen on Windows 98 but on
Windows XP you will be presented with a dialog saying that the specific application has crashed,
you can view details and even send an error report to Redmond.

Page | 263
A Beginners Approach to Windows

In case of an error, it is a general practice to believe that you are infected with a virus. They can be
used useful for diagnosing problems.
Exceptions Errors: These usually occur when the program code in memory is overwritten by itself.
When you run an executable, Windows pushes the entire program in to the RAM (if there is space
or a part of it is pushed in to the paging file if enough space is not available) and the execution
begins. Suppose the program has to play a song then while doing so it may use a decoder for the
song in a memory block reserved for the program itself, thus overwriting a part of its own code.
Thus the entire application crashes.

Fatal Errors: Fatal errors usually have the form:

'A FATAL EXCEPTION <XX> has occurred at xxxx:xxxxxxxx.

Note: <XX> represents the actual processor exception from 00 to 0F and the xxxx:xxxxxxxx
represents the code pointer, i.e. the actual address in the memory module where the error

Whenever a program or application accesses an illegal instruction, invalid data, code or privilege
levels, it returns certain error codes that are what we know as Fatal Errors. Whenever any such
error occurs, the processor sends or returns an 'exception‘ to the operating system. These
'exceptions' are handled by the operating system as fatal exception errors. If the error causing
application has interfered with the memory block of any Windows component then the error is non
recoverable. You will have to restart your computer forcibly.

Invalid Page Faults: Invalid Paging Faults occur if an application reads or writes to a memory
location not allocated to it and when the program jumps to that instruction address it does not get
the correct code and hence is terminated with the following error on Windows 98.

'This program has performed an illegal operation and will be shut down. If the problem
persists, contact the program vendor'

The dialog box also provides you the name of the module that is causing the error. For example, if
the error recurs every time you play a song or every time you perform a specific task, then
reinstalling the application may fix the problem or try installing a higher version of the program. Like
in my case the Winamp 2.7 Player on my computer crashed frequently when I played Solitaire.
There was no link!! I reinstalled Winamp 2.7 but still the problem continued. Finally a installed
Winamp 5.0 and the problem never occurred again.

Invalid Page Faults are the easiest to diagnose. The module name is the only hope that we have to
prevent the problem from recreating itself. The best way to get rid of such IPF errors is to re-install
the component or file mentioned by the error message. If the error message is being displayed by
more than a single application, then it probably means that there is something wrong with a
Windows components rather than the application itself. Or if you perform a specific task with the
application then it is certain that the problem lies with the application dll or library handling the

Windows Errors are not that difficult to understand. Most errors can be fixed by using
troubleshooting, a little common sense and a whole lot of patience. Keep your system Updated at
all times, scan your computer regularly with an Updated Antivirus, empty the Temporary Internet
Folders and the %Temp% Folders of your account as well as the others.

Page | 264
A Beginners Approach to Windows

‘Flavors’ of Windows

This chapter will basically provide an insight into the different versions of Windows that were released
along with a brief description of their working. This chapter also includes a concise explanation on the
MS DOS version of OS that formed as the basis of the Windows series.

After this chapter the reader should be able to:
 Compare different flavors of Windows and understand the general working of each.
 Compare advantages of the different versions.

Note: The descriptions penned down in the following pages are brief in its context and the reader is
informed that any further accounts are beyond the scope of the book.

Page | 265
A Beginners Approach to Windows

We have seen the working and methods of getting the most out of your OS in the last few chapters.
Windows has gone through revolutionary changes during its initial stages of development. Initially
when operating systems became commercially viable there were very few OSs which could provide
multiple functionalities and still run services in the background. The following pages will enable its
readers to see the basic differences between the different versions released by Microsoft.

XIV.1: MS-DOS to Windows XP SP2

Microsoft introduced its Operating System series by launching MS DOS (Microsoft Disk Operating
System) which gave the user the abilities to create simple files and store data into preformatted file
systems. Although there were many variations in the series, we shall only see those OSs that
paved the way for some drastic changes. Although not a part of the Microsoft Windows series, MS-
DOS 6.22 has been included since DOS formed the basic foundation of the Windows series upto
Windows 98 (Windows ME, Windows 2000 & Windows XP run their shell, explorer.exe,
independently without any DOS support).

>> MS-DOS 6.22
MS-DOS 6.22 was the last stand alone command line OS designed by Microsoft for the Personal
Computer and is generally considered to be one of the most versatile and reliable DOS type OS
ever released by Microsoft. It was not exactly Windows but future editions of Windows resided on
its integral and promising structure. It had numerous safety features including a primitive type of
Antivirus and a system backup utility, alongwith other enhancements designed to provide the
safest possible computing environment of any MS-DOS version.
MS-DOS 6.22 could run on virtually any PC platform with just 1 MB of RAM. MS-DOS 6.22 did
not have setup disks as CDs but its setup had to be run from 1.44 MB floppy diskettes. The
installation space required for this version of MS-DOS was around 6 MB and the usage of a
mouse was optional. It was completely command based and did not support any GUI features.
The display text was Mono, i.e. it did not require the usage of any display adapter as such.

Below are few of the most noticeable features of this DOS version:

DriveSpace and DoubleGaurd: DriveSpace was a well known file compression application that
came bundled with MS-DOS versions and later versions of Windows (3.1 & 9x). DriveSpace
integrated disk compression with the OS and supported the hard disk as well as floppy disks.
DriveSpace included DoubleGaurd safety checking which protected data by verifying data
integrity before writing it physically to the disks.
Scandisk: Scandisk not only detected but also diagnosed and repaired instances of bad sectors,
clusters and verified disk errors on uncompressed normal drives and on DriveSpace compressed
disks. Scandisk could repair file system errors and physical disk errors. File System errors include
cross linked chains and lost clusters. MS-DOS Scandisk was restricted to FAT16.
Backup: A small utility that was shipped with MS-DOS 6.22 and which took the backup of your
crucial system files. MS-DOS 6.22 carried a version of Backup for DOS and Windows 3.1x as
Defrag: This utility allowed the user to reorganize files on the hard disk, thus freeing up some
unused space and allowing faster file access.
SmartDrive: The SmartDrive program included with MS-DOS 6.22 speeded up the computer by
using a disk cache that stored information being read from the computer‘s hard disk.

>> Windows 1.0
The first in the Windows series of operating systems, Windows 1.0 was released in November
1985, with the intention of providing multi-tasking capabilities in a GUI environment for end users.
But unlike later versions, Windows 1.0 offered limited multitasking of existing MS-DOS programs
and concentrated on creating a stable Application Programming Interface (API) for native
programs for the future.

Page | 266
A Beginners Approach to Windows

Windows 1.0 was often regarded as a "front-end to the MS-DOS operating system" rather than a
full-fledged operating system, a description which was also applied to subsequent versions of
Windows. Windows 1.0 allowed users to interact with the hardware by running itself over DOS.
However unlike other shells available at the time, the Windows 1.0 shell known as MS-DOS
Executive had its own memory management system and allowed a software based approach
towards memory sharing called ‗virtual memory‘.

Windows 1.0 with its feature of non-overlapping windows allowed users to switch over to other
open windows without closing the present working window. Instead of over lapping, the windows
were kept tiled. Only dialog boxes could appear over other windows.

Windows 1.0 executables even though having the same extension and file header did not contain
the ability to print "This program must be run under Windows" or similar message and exit when
the program was run outside of Windows. Instead, the file header was created in such a way as
to make DOS reject the executable with a "program too large to fit in memory" error message.

>> Windows 2.0,
Windows 2.0 which was released in 1987 allowed for windows to overlap each other, as
contrasted with Windows 1.0, which could only display multiple windows on screen by tiling them.
The "Minimize" and "Maximize" feature of Windows was introduced with this version, as was a
more sophisticated keyboard-shortcut mechanism in which shortcut keys were identified by
underlining the character that, in combination with the "Alt" key, would cause them to be selected.
File management tasks were still managed by use of the MS-DOS Executive program introduced
in Windows 1.0, which was more list-driven than icon-oriented.

The first Windows versions of Microsoft Word and Microsoft Excel ran on Windows 2.0.

A year later, Windows/286 2.1 and Windows/386 2.1 were released, which could take advantage
of the specific features of the Intel 80286 and Intel 80386 processors.

Windows /286 was shipped with the ‗himem.sys‘ DOS driver which took care of the High Memory
Area (HMA) specification of the Intel 80286 processor which allowed Windows 2.0 to expand its
memory for programs.

Windows/386 introduced a kernel over which the GUI and applications would run as virtual tasks
of the 80386 processor. It allowed several MS-DOS programs to run in parallel virtual machines,
rather than always suspending background applications to clear enogh memory for new
programs. There was no disk-based virtual memory, so multiple DOS programs had to fit inside
the available physical memory.

>> Windows 3.1
Windows 3.1 was a major change in the series of Non GUI based OSs. Windows 3.1 needed MS-
DOS version 3.1 or later to run over it. Windows 3.1 could run in two modes
 The ―386 enhanced mode‖ required a PC with a 386 processor (or higher) and 640 K of
conventional memory plus 1024 K of extended memory, 8 MB of free hard disk space (10 MB
recommended), and a floppy drive.
 The ―standard mode‖ asked for a PC with a 286 processor (or higher) and 640 K of
conventional memory plus 256 of extended memory, 6 MB of free disk space (9 MB
recommended), and a floppy dive.

Page | 267
A Beginners Approach to Windows

Windows 3.1 for the first time used a display adapter to display its GUI interface. Windows 3.1 by
itself did not boot but the user could access the Windows GUI interface by booting into the usual
DOS prompt and typing ―win‖ at the prompt. To boot directly to Windows 3.1 the user needed to
edit the Autoexec.bat file and appending it with ―win‖. Windows 3.1 also allowed users to start an
application alongwith itself through the prompt, for example the following command would start
Windows and start notepad as well:

win c:\windows\notepad.exe

If an MS-DOS application had to be run in Windows then one of the two modes had to be
specified for the application, for example if game.exe is a DOS based application then the
following command would start Windows in its standard mode and run game.exe too:

win c:\windows\alcatraz\game.exe

Windows 3.1 also had a program called ―File Manager‖ that did most of the file arranging and
displaying them in folders and columns. This primitive form of Explorer helped the user to
manage drives, directories and files. You could open different instances of ―File Manager‖ and
then drag & drop files and folders from one drive to another to copy or move those files. To
expand directories the user had to double click on them. Opening another instance was as easy
as going to the ‗Window‘ menu and clicking on the New Window option. The ―File Manager‖ gave
options to rename, delete and create directories and files. It also had a search facility that
supported wildcards (* or ?) and you could also work with the files that appeared in the Search
Results window in the same way you could work with files in the directory window.

Windows 3.1 also came with Character Map, an application still found in Windows XP. This
application allowed the user to insert special characters not found on the keyboard into your
application like Excel. These characters included symbols like ®, ©, α, β, θ, λ etc.

The Run dialog box could be accessed from the File menu of ―File Manager‖ and had the same
use as present day Run command. Windows 3.1 also supported OLE i.e. Object Linking and
Embedding and had an improved startup configuration.

>> Windows 95
Microsoft released Windows 95 in August 1995 as a major relief over Windows 3.1. Windows 95
was designed to offer the most out of the hardware of those years and was superior in
performance. It took advantage of new and developing PC technologies like power management
and plug and play of hardware accessories. Besides being able to run most of Windows 3.1 and
MS DOS programs, Windows 95 was coupled with a hoard of useful programs and other
improved features like Add/Remove Programs, Internet Dial up connection and support for long
file names.

Below are some of the most noticeable features of Windows 95:

Active right mouse button: The right-click of a mouse would open a context menu full of useful
options. Clicking on any folder or file would enable a user to perform common tasks easily like
renaming etc.
Dial Up Networking: This feature allowed users to access online resources by connecting to their
respective ISPs by dialing their ISPs number via a modem. This feature also allowed users to
connect between two local computers.
Windows Explorer: The primitive File Manager was replaced by Windows Explorer, a file so
important, an entire chapter has been dedicated to study it. Explorer, in Windows 95, was
basically used to manage, search and sort files and folders in to proper locations. Management
and browsing of files, drives and directories becomes easier with Windows Explorer.

Page | 268
A Beginners Approach to Windows

Shortcuts: Windows 95 provided additional ease in browsing by the use of shortcuts. Shortcuts
are basically links created for easy access to important or frequently used files. For example,
consider a file called game.exe lying in the ―D:\Value\Data\Strings\Gamedata\bin‖ folder. Instead
of going all the way to ―bin‖ to execute game.exe, a shortcut is created to it and placed on the
desktop for easy access. To create a shortcut to a file click on the file whose shortcut has to be
made and then press the Alt and Shift keys on the keyboard and drag the file to a location where
you want the file‘s shortcut to be placed.
MultiTasking: Windows 95 for the first time offered improved multitasking capabilities by sharing
memory resources with 2 or more applications and allowing them to run simultaneously without
any system interruptions.
Taskbar: The taskbar was a great relief for Windows 3.1 users. The taskbar shows all open
Windows and holds all minimized Windows and application. The user uses the taskbar to switch
between applications. The Taskbar also holds the Start button. The start menu is explained I
detail later.
Plug & Play: This feature allowed users to plug in any hardware and the Add Hardware program
would detect and search for drivers automatically and prompt you for an installation disk or
location if it cannot find any drivers automatically.

Windows 95 truly revolutionized computing as Windows users knew, the new GUI interface, the
wallpapers, the screensavers, the Taskbar etc provided Microsoft the required fuel to push their
dream of perfection with quality a step further and Windows 98 was launched in June 1998.

>> Windows 98
Windows 95 had many holes and bugs and hardware issues that were resolved with the coming
of the one of the most stable OSs ever – Windows 98. Windows 98 was built over Windows 95 by
adding several changes to obtain a full fledged 32 bit OS. Windows 98 promised many new and
improved changes including faster system shutdown, networking, hardware support, System file
checker, Media Player and lots more…

Even after the release of a Windows version called Windows Millennium Edition (Windows ME),
Windows 98 still continues to find itself on the desktop of common users and office workers. The
scenario changed after Microsoft released Windows XP, but that‘s another story…..

The most notable features of Windows 98 that allowed it to stand out are given below. The
readers are informed here that these are not the only features of Windows 98, but several others
exist but the ones that are important from the view of a normal home computer user are explained

Disk Defragmenter: Whenever a file is updated or stored, Windows tends to store the file in the
largest continuous space available which may be different sectors for the entire file. This causes
the computer to perform slowly since every time the file is opened the computer has to search
and assemble the entire file again and again. Defragmenting is the process by which parts of files
are written to contiguous (or alternate) sectors so that access and retrieval time of the computer
is reduced. A Disk Defragmenter in short helps in improving the performance of your computer.

System File Checker: This was something new in Windows. The System File Checker allowed the
user to verify whether the Windows system files (*.ocx, *.dll, *.vxd, *.exe, *.inf and so on) have
been modified or corrupted. This was a relief for those people who feared reinstallation of
Windows, you had to just run ‗sfc‘ at the run prompt and insert the Windows 98 CD when asked
for, the System File Checker utility would then copy the needed files to the respective system
folders and the user could heave a sigh of relief.

Improved Dial up Networking: The dial up networking feature included with Windows 98 had the
additional characteristics like dial up scripting support and multilink channel aggregation (MCA)
that allowed users to attain higher transfer speed by combination of all available dial up lines.

Page | 269
A Beginners Approach to Windows

Windows Media Player: Windows 98 came with an updated version of Windows Media Player that
supported several audio, video and combined media formats like *.mpeg, *.mpg, *.avi, *.dat,
*.mp3, *.wav and *.mid. New versions of Windows Media Player are available for download at the
Microsoft Website.

Internet Connection Sharing: This feature of Windows 98 SE allowed users to connect two or
more computers to the internet through the same line. This was made possible by making the
computer connected directly to the internet as a gateway to the other computers on the LAN.

Dr. Watson: Windows 98 came with an application called Dr. Watson (its refined version
drwtsn32.exe is found on XP systems) which intercepted program crashes and general protection
faults and logged errors into a log file which could later be evaluated to give a complete
description of the state of the system when the fault occurred.

Multiple Display Support: Windows 98 for the first time enabled users to connect multiple monitors
to the same machine.

Improved Control Panel: The control panel of Windows 98 allowed users to do several tasks like
searching for hardware, uninstalling programs and installing networks without any difficulty.

System Configuration Utility: The Windows 95 ‗sysedit‘ or system editor was surpassed by
‗msconfig‘ of Windows 98 which allowed users to modify their startup and enable or disable
individual items in AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and SYSTEM.INI. Users could
easily select type of startup (Normal, selective or diagnostic). Disabling unwanted applications
from starting up was as easy as removing a tick mark from the startup tab under this utility.

System Information Tool: This utility provided detailed information on the system resources which
included information right from the OS Name to IRQ‘s of different devices. The File menu had an
export command to export information to a text file which you could specify. The Tools menu
provided easy access to several commonly used troubleshooting applications like Dr. Watson and
Direct X Diagnostics.

Windows System Update: This feature allowed users to automatically download and install
patches and updates. A web based service would scan your system for the hardware and
software installed and either notify the user or continue downloading and installing new drivers
and system files.

>> Windows Me
Windows 98 was succeeded by Windows Me which included very few upgrades like Internet
Explorer 5.5. It also bundled Windows Media Player 7 and included the new Movie Maker
software, which provided basic video editing and was designed to be easy for home users.

No Real Mode DOS: Windows Me did not include real mode MS-DOS. Windows 95 & Windows 98
had to load DOS and then the GUI interface was loaded. Windows Me came with this exception,
the GUI shell (explorer.exe) was loaded without any DOS support. However, the changes to
Windows Me were minor, with access to real mode DOS simply restricted, so some applications
(such as older disk utilities) that required real mode would not run in Windows Me.

System Restore: Windows Me introduced the "System Restore" feature that allowed the user to
create restore points to get their system back to point were it was working. If the installation of an
application or a driver adversely affected the system, the user could undo the install and return
the system to a previously-working state.

Page | 270
A Beginners Approach to Windows

Improved Networking: The Network Setup wizard in Windows Me gave detailed step by step
procedures to configure a home peer to peer network and customizing printers, file and Internet
sharing was made even simpler. The wizard even allowed the creation of a floppy disk that could
be used to install the Windows Me network components and software on other computers that
you want to include in the same network, even if the other computers were using Windows 95/98.
The new TCP/IP networking stack under Windows Me allowed more than six instances of the
protocols to be used by programs without the need of disabling or uninstalling any other feature
or component.

>> Windows 2000
Windows 2000 (also known as Windows NT 5.0) is one of the most stable Operating Systems
ever released which was designed to work with a uniprocessor or symmetric multiprocessor 32 bit
Intel x86 computers. It is a part of the Windows NT series of operating systems and was released
on February 17, 2000. The Windows NT series dates back to July 1993 when two versions of
Windows NT 3.1 (Workstation & Advanced Server) were released. Windows 2000 or Windows
NT 5.0 comes in four versions: Professional, Server, Advanced Server and Datacenter Server.
Windows 2000 is very secure and with its NTFS file system and user accounts data management
and protection has become a reality. Windows 2000 has dual mode architecture. The kernel
mode provides unrestricted access to system resources and facilitates the user mode, which is
heavily restricted and designed for most common applications.

The system files are kept in %systemroot%\system32\ folder in case of Windows 2000 and
The Windows folder (%systemroot%) is named as ‗Winnt‘.
Windows 2000 does not have msconfig and has two variants of the registry editor: regedit.exe
and regedt32.exe (a full fledged 32 bit model with SAM and Security keys expandable)

Advanced User Management: Windows 2000 allows the creation of users who could have access
to all the system resources called the Administrators and the limited account holders who would
have limited permissions. Administrators can control almost everything on a given Windows 2000
system by using something called as Policies. Administrators can levy many restrictions on any
user specific or an entire group. Administrators have full access to system resources including
hardware installation, program installation/uninstallation, registry editing, scheduling tasks and
creating and deleting users and so on.

Hardware Wizard: Windows 2000 has a hardware wizard which has a simple interface for dealing
with many hardware problems. Users can install, configure, remove, troubleshoot and upgrade
devices using this simplified hardware wizard.

Improved Start Menu: The start menu in case of Windows 2000 needs special mention due to its
uniqueness. Windows 2000 keeps a note of programs and applications accessed through Start |
Programs. After 6 sessions the start menu is altered to show the recently used items and the
remaining items remain hidden in the collapsible Programs menu and can be accessed by
clicking on the small double arrows displayed.

Windows Explorer: The Explorer in Windows 2000 has many improvements, some of which
include an enhanced Folder Options applet which could be accessed through Tools option in the
Menu bar unlike Windows 98 which had Folder Options under View. Crucial system files are
‗superhidden‘ and can be accessed by removing a tick mark in the Folder Options (explained in
detail later). Managing file associations and customizing folders is easier in the case of Windows
2000. The Open/Save dialog boxes have common folders like My Computer & My Documents, on
the left for quick and easy navigation. Search has been integrated into Explorer and can be
accessed from any explorer window by clicking on the search button in the Standard Button

Page | 271
A Beginners Approach to Windows

>> Windows XP
Codenamed „Whistler‟ during its development, Windows XP was publicly released on October 25
2001. The most common editions of Windows XP are the Windows XP Home Edition, which is
targeted at home users, and the Windows XP Professional Edition which comes with a few better
improvements for business and power users. The word XP comes from „Experience‟. Windows
XP still follows the Windows NT version number being version 5.1 after Windows 2000 being 5.0.
Windows XP also has several features exclusive only to server and workstation oriented
Windows NT family, which include greater stability and efficiency due to its pure 32 bit kernel.
Microsoft has customized Windows XP for different markets; Windows XP Media Center Edition
for special Media Center PCs (Television and Radio broadcast receivers), Windows XP Tablet
PC Edition for special laptops and notebooks (cannot be bought separately), Windows XP
Embedded for set-top boxes, ATMs and medical devices, Windows XP Professional x64 Edition
for computers with 64-bit processors, and Windows XP Starter Edition a low priced edition for
users who want a feel of the new OS and is available only in Asia and South America.

The windows folder is named as ‗Windows‘, unlike ‗Winnt‘ of Windows 2000, to make the OS
more user friendly (perhaps).

Windows XP has many notable improvements over previous versions of Windows. The following
pages will mention just a few of them.

Improved User Interface: Windows XP features a new task based Graphical User Interface (GUI).
The Start Menu and Search have been retouched to give a splendid looking pleasant interface.
Along with visual effects like:
 A transparent blue selection rectangle in Explorer
 A watermark-like graphic on folder icons, indicating the type of information stored in the
 Drop shadows for icon labels on the desktop
 Task-based sidebars in Explorer windows
 The ability to group the taskbar buttons of the windows of one application into one button
 The ability to lock the taskbar and other toolbars to prevent accidental changes
 The highlighting of recently-added programs on the Start menu
 Animation of Windows when minimising and maximising
 Fading and sliding of menus into view and lots more…..
Windows XP gives the ultimate in visual styles too. Luna is the visual style that comes enabled by
default. Many third party softwares allow creation of desktop visual themes and styles for XP.
The Windows 2000 "classic" interface can be used instead if preferred or to conserve memory.
User logon is a completely revised environment in case of Windows XP. Unlike the normal boring
username and password box of Windows 2000 and in some Windows 98 machines, XP users
have to click on their username and then enter a password if required. This improved interactivity
can be overridden by disabling The Welcome Screen in the User Accounts panel to get back a
Windows 2000 kind of logon environment.

Windows Explorer: Search is integrated with Windows Explorer and has animated characters that
make the task of searching for files a pleasant chore. Readily available options include searching
for Pictures, Music & Videos. Search also allows searching of superhidden system files. You can
also change the animated characters and disable indexing (makes searching slower). Explorer
recognizes contents of folders and displays common tasks in the left hand pane of the Window.
For eg: If a folder contains video files, then common tasks will contain ‗Play all‘ which enables
direct playing of all (compatible) video files in Windows Media Player. Common Tasks also
contain links to ‗useful‘ places which includes ‗My Computer‘, a properties box which displays File
Properties of any selected file. Explorer also has options to view Pictures as Thumbnails right on
the Standard Buttons Bar. CD Burning being integrated into Explorer, easy compilation of CDs
has become very easy. Since Internet Explorer & the Windows Explorer come merged, navigation

Page | 272
A Beginners Approach to Windows

to folders or websites can be done through any of the two. The Windows Explorer of XP also
allows users to give customized icons to individual folders.
Windows XP creates special folders for its users. These folders include the My Pictures, My
Music, My Videos, and My Documents etc. Explorer recognizes the specialty of these folders and
changes the File and Folders Tasks to incorporate another list of shortcut commands to suit the
folder. For example in the My Music folder, you will get a ‗Shop for Music Online‘ shortcut which
gives you a direct path to access and download legal music. These folders are usually found in
you‘re my Documents folder on the desktop. Microsoft encourages users to keep data here for
quick access, but this ‗My Documents‘ folder could well be the worst place to keep your data. See
the Explorer & The Windows Interface chapter for in depth explanation.
The right click context menu of ‗Send To‘ can also be changed by adjusting the contents of the
Send To folder of a user in the same way as the New menu can be changed by a little tweaking.
Windows XP keeps user profiles and related stuff at %systemroot%\Documents and Settings\. To
see the contents of your profile folder go to start > run and type %homepath%.
Explorer hides system files and other important files by default, thus when you go to your
Windows folder you may get ―These files are hidden‖ type of message. To view these files just
click on the ―Show the contents of this folder‖ link. Explorer hides the paging file and System
Volume Information and other system folders in such a way that even after removing the check
mark against the ‗Show hidden files and folders‘ option in Folder Options you are still unable to
see these files. This is because Windows XP ‗superhides‘ these files. These files and folders are
then accessible by removing the check mark against the ‗Hide Protected Operating System files
(Recommended)‘ option in Folder Options in control panel. Explorer also allows customizing of
display properties of files by changing available options. This can be done by selecting ‗Choose
Details‘ under ‗View‘ menu of any open Explorer window.
The right click context menu of Windows XP‘s Explorer has several enhancements over its
predecessors. It recognizes the file type and displays a menu accordingly. For example if a
picture file (*.bmp, *.jpg etc….) is selected and the context menu viewed, it will generally have a
Preview option and an Edit option which will open the file in Windows Picture & Fax Viewer &
Paint respectively (these options can be changed).
If there exists a file whose extension is unknown to Windows, then Explorer allows the user to
open the file using an application which the user thinks will work or automatically searches the
web for the application that created the file.
Explorer also allows users to see what the contents of a folder are without opening it. Just moving
your mouse over the folder or selecting the folder with your arrow keys, shows you the size of the
folder and its contents in tooltip kind of style. The Standard Buttons Bar can be customized to
contain more buttons like ‗Stop‘, ‗Refresh‘, ‗Map Drive‘, ‗Disconnect‘, ‗Favorites‘, ‗History‘,
‗Fullscreen‘, ‗Move To‘, ‗Copy To‘, ‗Delete‘, ‗Undo‘, ‗Properties‘, ‗Cut‘, ‗Copy‘, ‗Paste‘ and ‗Folder
Explorer also sorts all files and displays them accordingly. The right click context menu has an
option to arrange icons by Name, Size, Type and Date modified. The changes done to one folder
can be made universal by selecting the ‗Apply to all Folders‘ in Folder Options under the View tab
(Start > Run > control folders)

User Management & Logon: Creating of users is as simple as opening ‗Control Panel‘ | ‗User
Accounts‘ and ‗Create a New Account‘. Users can be limited or administrators, and accounts
protected by passwords. Fast User Switching allows another user to log in and use the system
without having to log out the previous user and quit his or her applications. However Fast User
Switching requires more system resources than having a single user logged in at a time. Fast
User Switching is only available for stand-alone computers and users in a workgroup. It is not
available if your computer is part of a network domain. Users can be restricted from performing
various tasks on a local machine. The administrator on a Windows XP Professional Edition
installed system can variably use the Group Policy Editor to indirectly edit the registry and put
several restrictions on a user.
For those who are familiar with the Windows NT kind of User Accounts control box can run
―control userpasswords2‖ from the run command box. Under the advanced tab you get options to
manage your stored passwords for websites etc. and a .NET passport wizard.

Page | 273
A Beginners Approach to Windows

Users are again divided into Administrators, Users, Debuggers and Guests in Windows XP.
Windows XP allows the creation of a ‗Password Reset Disk‘ which can be used in case a user
has forgotten his/her password.
There are two methods of logging in into a Windows XP machine: The Welcome Screen is the
fastest and easiest way to log on. You log on simply by clicking your Username and typing in your
password (if you have one), the classic logon is the most secure way to login because it requires
you to type a username and password.
A custom Welcome screen can be used in place of the normal Windows Welcome Screen. The
trick is to change the path to the logonui.exe file of C:\Windows\System32\ to a custom created
logonui.exe file, in the registry (Already explained in the Windows Tips & Tricks chapter).
To choose between the Welcome Screen or the classic logon prompt, on the main User Accounts
screen select Change the way users log on or off.

Security: Built over NT, Windows XP continues to give excellent security (sometimes a bit more)
like Windows 2000. The policies that can be applied to Users can be used to restrict several
actions of these users. They can be disallowed access to many places on the hard disk, including
entire drives.
If your data is on an NTFS drive then it can be locked out by using the ‗cacls‘ command. NTFS
drives also allow data to be encrypted so that any other user may not be able to read the
contents. To help maintain the integrity of Windows XP systems, critical system files are digitally
signed so that any changes to these files are quickly detected. The File Signature Verification
utility helps verify digital signatures of these files and informs the user for any unexpected file
The System File Checker has become command line based, to access SFC just run ‗cmd‘ (the 32
bit command interpreter of XP) and type ‗sfc‘ at the prompt to get help or type ‗sfc /scannow‘ to
start the System File Checker. Insert the Windows XP CD when asked by the utility to copy new
files to replace files which have been damaged or whose versions have been scrupulously
changed by other applications.
Going online is safer with Windows XP; the dial up connection has an option to be guarded by an
integrated firewall. You can configure your dial-up, virtual private network (VPN), and direct
connections to enforce various levels of password authentication and data encryption.
Authentication methods range from unencrypted to custom. The Internet Connection Firewall
(ICF) should be enabled on any computer connected to the internet through a Broadband, cable
or dial up connection. Communications that originate from a source outside an ICF computer,
such as the Internet, are dropped by the firewall unless an entry in the Services tab is made to
allow passage. Rather than sending you notifications about activity, ICF silently discards
unsolicited communications, stopping common hacking attempts such as port scanning. Such
notifications could be sent frequently enough to become a distraction. Instead, ICF can create a
security log to view the activity that is tracked by the firewall. The log is by default
‗C:\Windows\pfirewall.log‘ where C: is your root drive. The firewall can be configured to allow
ICMP and other services or disable them completely.
The usage of certificates, digital documents used for secure authentication and transfer of data
over networks and the internet, by internet explorer has increased the security of data and
information exchange over the internet. The entity receiving the certificate is the subject of the
certificate. The issuer and signer of the certificate is the certification authority. Typically,
certificates contain the following information:
 The signature algorithm implemented (MD5, RSA etc)
 The subject's public key value
 The subject's identifier information, such as the name and e-mail address
 The validity period (the length of time that the certificate is considered valid)
 Issuer identifier information
 The digital signature of the issuer, which attests to the validity of the binding between the
subject‘s public key and the subject‘s identifier information.

Page | 274
A Beginners Approach to Windows

A certificate is valid only for the period of time specified within it; every certificate contains Valid
From and Valid To dates, which set the boundaries of the validity period. Once a certificate's
validity period has passed, a new certificate must be requested by the subject of the now-expired
certificate. Certificates can be viewed by using the Crypto Shell Extensions in Windows XP.
Windows XP‘s users have additional security over Windows 98 users. Logon Passwords of XP
users are hashed using the RSA MD4 hashing algorithm and then they are masked using another
strong algorithm which has now been released by Microsoft. Once masked, the passwords are
then stored into the Windows NT registry as the SAM file which resides at
‗%systemroot%\system32\config\sam‘ on the hard disk. Any attempt to open the file gives an

Remote Assistance & Support: Windows XP comes with Remote Assistance which permits
support staff and computer technicians to temporarily take over a remote Windows XP computer
over a network to resolve common software and hardware related issues. Remote Assistance
can be used over the internet too. Remote Assistance is a convenient way to connect to another
computer running a compatible OS (like Windows XP) and give a detailed walkthrough of the
problem. After you are connected, you will be able to view your friend's computer screen and chat
together in real time about what you both see. With your friend's permission, you can even use
your mouse and keyboard to work with your friend on his or her computer.
Remote Desktop is available only in Windows XP Professional. It is built on Terminal Services
technology (Remote Desktop Protocol), and is similar to Remote Assistance, but allows remote
users to access local resources such as printers. Any Terminal Services client, a special "Remote
Desktop Connection" client, or a web-based client using an ActiveX control may be used to
connect to the Remote Desktop. There are several resources that users can redirect from the
remote server machine to the local client, depending upon the capabilities of the client software
 File System Redirection allows users to use their local files on a remote desktop within the
terminal session.
 Printer Redirection allows users to use their local printer within the terminal session as they would
with a locally or network shared printer.
 Port Redirection allows applications running within the terminal session to access local serial and
parallel ports directly.
 Audio allows users to run an audio program on the remote desktop and have the sound
redirected to their local computer.
 Clipboard can be shared between the remote computer and the local computer.

Microsoft provides excellent online support along with frequent updates and security patches to
keep your system protected at all times. These updates can be manually obtained from
‗http://windowsupdate.microsoft.com/‘ or Windows XP can be configured to silently download and
apply updates without interfering with the users work. A major update released by Microsoft for
Windows XP was Windows XP Service Pack 2 (there is a section dedicated to this update just a
few pages ahead) which had several new patches and security addons. The Microsoft Knowledge
Base, which is one of the most comprehensive online libraries on Microsoft Products gives
detailed solutions to most customer related queries, be it Windows TCP/IP stack or common
software uninstallation errors. The range of help offered is so wide that your guess is as good as
mine. Microsoft has painstakingly compiled all its resources with the view of providing quality
customer care through its web based help portal.
The Help and Support Center that comes along with Windows XP provides excellent insights into
the most usual problems faced by users when using a machine with Windows XP installed.
Microsoft Help and Support Center is a comprehensive resource for practical tutorials, and
demonstrations to help its users use Microsoft Windows XP. The Search feature provides
excellent results, combined with the Index, or table of contents, all Windows Help resources,
including those that are on the Internet can be viewed and accessed.
In addition to the Help resources, you can access various Windows important and ‗life‘ saving
utilities. Using Windows Help and Support Center, you can:
 Let a friend help you over the Internet by using Remote Assistance.

Page | 275
A Beginners Approach to Windows

 Keep your computer up-to-date with the latest downloads from Windows Update.
 Use tools such as System Information to manage and maintain your computer.
 Find if your hardware and software are compatible with Windows XP.
 Use System Restore to get your computer to a previous functional state.
 Use troubleshooters to resolve common hardware and software issues.
 Get help online from a support professional by using Microsoft Online Assisted Support or
from other Windows users through the Windows Newsgroups etc……

Task Manager: The Windows XP Task Manger is almost the same as that of Windows 2000,
except for the Networking and Users tab. Taskmanager can be opened by pressing Ctrl+Alt+Del,
or by pressing Ctrl+Shift+Esc or by right clicking on the Taskbar and selecting Taskmanger. The
Taskmanger is a handy utility which gives indepth information about any process running on your
computer. You can get information like the PID (Process Identifier), the user running the process,
CPU Time, Memory Usage (RAM Usage), Virtual Memory Size, I/O Reads, Thread Count etc…
of a running program or process. You can select the columns by selecting Select Columns under
the View menu.
It displays the most commonly used performance measures for processes. You can see the
status of the programs that are running and end programs that have stopped responding. You
can also assess the activity of running processes using as many as fifteen parameters, and see
graphs and data on CPU and memory usage. In addition, if you are connected to a network, you
can view network status and see how your network is functioning. Finally, if you have more than
one user connected to your computer, you can see who is connected, what they are working on,
and you can send them a message.
Be careful when ending a program, you will lose all unsaved data that you were working with in
the program. Task Manager allows to ‗End Process Tree‘ an application, which means that the
application along with any other processes that were created or started directly or indirectly by it
will end. For e.g. if explorer.exe is given a ‗End Process Tree‘ while your Media Player and
Internet Explorer is open then all of these applications along with startup programs and other
indirect applications will end immediately. To get back the start button and your desktop back just
go back to the Applications tab, click on New Task (same as Run) and type ‗explorer‘ (without the

Multimedia Enhancements: Windows XP boasts of an enhanced multimedia environment. Several
things have been improved in Windows XP to give its users the perfect experience that they can
have when working with media files. The My Pictures folder in My Documents allows you to easily
edit and organize photos. You can also create an online photo album or post photos to a Web
site, add photos to a CD, and even order prints online. Windows Media Player is a cool program
to play your audio and video files. You can perform virtually any task with music, from simply
listening to a CD or Internet radio station to creating your own CDs and customized playlists.
Several skins and visualizations are available which make playing and listening to music a visual
treat. The Windows Movie Maker that comes bundled with Windows XP allows you to transfer
files to your computer from a camcorder or digital video camera, or import external audio and
video files into your work. You can collect, view, and edit video clips, and share your work by
sending files in e-mail or posting them to a Web site.

Power Management: Before Windows 98, power management was based on the Advanced Power
Management (APM) architecture. It was of limited use to most users and the feature was easily
broken by the addition of hardware devices or software. In Windows 98, Advanced Configuration
and Power Interface (ACPI ) was supported but disabled by default. Windows Me enabled ACPI
by default. Windows XP's power management architecture is based on the ACPI standard. It
supports multiple levels of sleep states, including critical sleep states when a mobile (or UPS
connected) computer is running out of battery power, processor power control (the ability to
adjust the speed of the computer's processor on-the-fly to save energy), and the ability of
Windows XP to turn off the power to the screen of a laptop when the lid is closed. In addition, it
also dims the screen when the laptop has low battery power.

Page | 276
A Beginners Approach to Windows

To change power options of your computer, goto Control Panel and open Power Options, under
the Power Schemes tab select a Scheme suitable for your computer.
Hibernation involves Windows dumping the entire contents of the RAM to disk and then powering
down. On startup it quickly reloads the data. It allows the system to be completely powered off
while in hibernate mode. This requires a file the size of the installed RAM to be placed in the
system's root directory, using up space even when not in hibernate mode. Hibernate mode is
enabled by default and can be disabled in order to recover this disk space. To disable hibernaton
open Control Panel, double click on Power Options, under the Hibernate Tab remove the Enable
Hibernation check mark.

Standby (Sleep) mode:
This involves Windows deactivating all nonessential hardware including the monitor, most fans,
hard disks drives, and removable drives. This means that the system reactivates itself very
quickly when 'woken up'. It does not allow the system to be powered down. In order to save
power without user intervention a system can be configured to go to standby when idle and then
hibernate if not re-activated.
If hibernation is enabled, then holding the shift key down while the shutdown dialog box is open
causes standby button to become the hibernate button.

Windows Product Activation: Windows XP is the first Microsoft OS to use WPA or Windows
Product Activation to combat piracy. Activation requires the computer or the user to activate with
Microsoft within a certain amount of time (30 days after the first run of the OS) in order to
continue using the operating system. The informaton transmitted to Microsoft during activation
includes a cryptographic hash of the following ten values:
 Display adapter name
 CD-ROM/ CD-RW/ DVD-ROM identification
 RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.)
 IDE adapter name
 Processor type
 SCSI adapter name
 Processor serial number (if applicable)
 Hard drive device type
 Hard drive volume serial number
 Network adapter MAC address
This information is used to generate a number which, along with the CD Key and country of
installation, is transmitted to Microsoft.

Entering a specially crafted Volume License Key (VLK) into a copy of Windows XP Professional
disables Windows Product Activation entirely. Copies of Windows XP Professional with WPA
disabled through the use of a VLK are commonly referred to as "Windows XP Corporate Edition".
A VLK can be entered during installation of Windows or afterwards, by invoking the Windows
Product Activation Wizard. According to Microsoft, 90% of pirated installations of Windows XP
use VLKs to bypass WPA. The most famous VLK being the one beginning with FCKGW, which
was released with the first pirated copies of the final version of Windows XP.
Activating and registering with Microsoft enables you to get faster help and resources to manage
your computer more efficiently from time to time.

>> Windows XP Service Pack 2
Service Pack 2 is not another operating system or so, but had to be included here because of its
several advantages it has over Windows XP Service Pack 1. Major upgrades and patches are in
the field of security. The main area of change is security, especially Internet security. Windows
XP and its sister operating systems Windows 2000 and 2003 Server are well secured as far as
protecting data and passwords go, but are full of holes when connected directly to the Internet.

Page | 277
A Beginners Approach to Windows

The most visible change is that Service Pack 2 adds a Windows XP Security Center. This
addition, which can be accessed through the Control Panel, gives users an easy access to the
security features of XP such as the Firewall and Automatic Updates.

The fully configurable firewall can now be accessed through the control panel instead of just a
dumb check button in the Advanced Properties of your Internet Connection. The firewall is
activated by default after the service pack is installed. More importantly, Microsoft has added
screening for outbound connections to the firewall. This means that it can locate and block
programs installed on your system that attempt to open ports so that other computers can
connect to your system from the Internet thus preventing possible hack attacks.
The new Internet Explorer Pop-up Blocker suppresses pop-up ads unless you choose to view
them, and can be configured to allow specific websites to allow ads to appear.
The Attachment Manager monitors and disables potentially unsafe attachments, which could
contain viruses that might spread through Internet Explorer, Outlook Express, and Windows
Internet Explorer Add-On Manager allows the user to enable or disable any plugins or add-ons
currently active in your Internet Explorer (Google and Yahoo! toolbars for example).
Internet Explorer download Monitoring warns you about potentially harmful downloads and gives
you the option to block files that could be malicious.
Internet Explorer Information bar provides information about events that are happening as you
browse the Web, so it is easier to know if anything is wrong with the page you are currently
working with etc……

Other than security Service Pack 2 also gives Improved Wireless Support and has Windows
Media Player 9 (cool) and a DirectX update to enable smooth functioning of games on your

Page | 278
A Beginners Approach to Windows

Jargon Buster

This chapter provides you the meanings of some common technical and computer related terms
whose depth and meaning you were not able to grasp through the text. This chapter has been
compiled with words that are used in common day computer related talks and will be useful in
technical communication with your peers.

After this chapter the reader should be able to:
 Use common computer and Internet related terms in everyday communication.
 Explain common concepts in computer working.

Page | 279
A Beginners Approach to Windows

Technical Jargon may fill the air when you talk to some big shot of an IT related firm. You may feel
left out in such talks. Here is a common list that will help you expand your line of thinking and
communication. This list is compiled from various sources most of it being selected and condensed
from the Microsoft Knowledge Base and the Glossary of Windows XP Home Edition Help & Support

XV.1: Definitions & Useful Terminology

The process of unlocking all the features of a program by sending some encrypted unique key to
the program company. This is usually incorporated to avoid piracy of the software. Windows XP
uses WPA (Windows Product Activation) that allows the user to use Windows after 30 days of
install for OEM machines.

Active content
Material that is updated frequently like news or weather reports is called active content

Active partition
The partition from which the computer boots. Usually C: drive on most computers running
Windows. The active partition must be a primary partition on a basic disk.

Active window
A window that is being used or which is currently selected is called active. The operating system
always applies the next keystroke or command you choose, to the active window.

Programmed interfaces that allow software to communicate with each other across networks and
computers. ActiveX components can be written in various languages including C, VB and Visual
C++. ActiveX controls allow users to click on buttons and tick checkboxes and make programmed
interfaces easier to use by the end user. ActiveX controls are embedded into many programs for
higher functionality, a fine example will be the file open dialog box that a program may have is
due to an embedded ActiveX called comdlg32.ocx found in the system32 folder.

Windows Administrators are the highest and the most powerful type of users on a system. An
administrator is responsible for creating users, assigning passwords and permissions.
Administrators can make system-wide changes to the computer, install software, and access all
files on the computer. Administrators are members of the Administrators group and have full and
unrestricted access to other user accounts on the computer.

Allocation unit
The smallest amount of disk space that can be allocated to hold a file. All file systems used by
Windows organize hard disks based on allocation units. The smaller the allocation unit size, the
more efficiently a disk stores information. An allocation unit is also called a cluster.

ASCII (American Standard Code for Information Interchange)
A standard single-byte character encoding scheme used for text-based data. ASCII uses
designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters.
Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0
through 9, punctuation marks, and special control characters used in U.S. English. For example
the number 5 is read by a standard computer as 35 or 00110101 and A is read as 41 or

Page | 280
A Beginners Approach to Windows

For files, information that indicates whether a file is read-only, hidden, ready for archiving
(backing up), compressed, or encrypted, and whether the file contents should be indexed for fast
file searching. You can access the attributes of a file by giving a right-click >> properties on the
file. You can also change or view the attributes of a file by using the attrib command through

Audio input device
Any device capable of sending audio from an external source to the computer. Examples include
microphones and CD ROM players.

The process for verifying that an entity or object is who or what it claims to be. Examples include
confirming the source of information, such as verifying a digital signature or verifying the identity
of a user or computer by means of a password or digital code.

The Windows desktop background. Any picture file or pattern that can be applied as a Windows
background is called a background picture file or simply a wallpaper.

In analog communications, the difference between the highest and lowest frequencies in a given
range. For example, an analog telephone line accommodates a bandwidth of 3,000 hertz (Hz),
the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In
digital communications, bandwidth is expressed in bits per second (bps). Bandwidth, when
referring to digital systems, can simply be stated as the maximum amount of data that can be
transferred through a given channel in a unit of time.

Basic disk
A physical disk that can be accessed by MS-DOS and all Windows-based operating systems.
Basic disks can contain up to four primary partitions, or three primary partitions and an extended
partition with multiple logical drives. All standard hard disks are basic disk but can be converted to
dynamic volumes.

Basic input/output system (BIOS)
A set of hardware implemented routines that runs and checks all hardware for connectivity, power
and starts the operating system from the necessary disks or network according to the information
stored in it. The BIOS is stored in read-only memory (ROM) so that it can be executed when you
turn on the computer. The system BIOS also supports the transfer of data among hardware
devices through various data buses on the motherboard.

Batch program/files
A text file that contains one or more operating system commands in a sequential order and which
is saved with a .cmd or a .bat extension. When you type the path and name of the file at the
command prompt, Windows executes each instruction written in the file sequentially. Useful for
doing repetitive tasks.

Baud rate
The speed at which a modem communicates with the server. Measured in bits per second (bps).

Binary System
A base-2 number system in which values are expressed as combinations of two digits, 0 and 1.
The processor understands the language of computers in the form of binary digits. Instructions

Page | 281
A Beginners Approach to Windows

are passed to the devices and to the processor in the form of binary coded numbers. To convert a
decimal (normal) number into binary, keep dividing by 2 till you get a remainder or zero and the
remainders at each stage are kept as the number.
For example: 5 is written as 0101 in 4 bit binary. Divide 5 by 2 you get 1 as remainder with 2x2 =
4, this remainder 1 is the least significant bit of our binary number. Next, you forget the remainder
and divide 2 by 2 which gives you a 0 remainder, since 2x1 = 2. This zero remainder is our
second digit from the right. Next you have 2x0 = 0, which gives you the remaining 1 as the
remainder. This 1 is the third digit from the right. To make the number a complete nibble (a 4 bit
binary number) we add a zero to the most significant position, that is to the extreme left. Thus you
have 5 = 0101.
To do the reverse you allot each position of the binary number with a 2 power value and then add
its equivalent. The standard rule is, suppose 0101 is the binary 4 bit number, then the extreme
right position carries a value of 0, then next position carries a value of 1, then 2, then 4, then 8,
then 16, then 32 and so on. Hence you add its equivalent in the following manner: 1x1 + 0x2 +
1x4 + 0x8 = 1 + 4 = 5, which was our original number.

Bits per second (bps)
The number of bits transmitted every second, used as a measure of the speed at which a device,
such as a modem, can transfer data.

The process of starting a computer. When first turned on (cold boot) or reset (warm boot), the
computer runs the BIOS POSTs and other routine checks and then loads and starts the
computer's operating system.

Boot files
The files needed to start an Operating System. With reference to Windows XP, ntldr and

Boot partition
The partition that contains the Operating System and its support files. The boot partition can be,
but does not have to be the same as the system partition.

Broadband connection
A high-speed connection, usually pointing to Internet connectivity. Broadband includes DSL and
cable modem service and are typically 256 kilobytes per second (KBps) or faster.

Program that decodes files from HTML format and displays them in a readable manner to the end
user in the form of web pages. Some browsers allow users to read and send emails or listen to
streaming audio or watch video files over the Internet. Common browsers include Internet
Explorer, Opera, Netscape Navigator and Firefox.

The process of collecting continuous fed information for output at once. In terms of hardware, a
region of RAM reserved for use with data that is temporarily held while waiting to be transferred
between two locations, such as between an application's data area and an input/output device.

A programming error that is left inside a program unconsciously. Bugs can be overcome by using
the common ―On Error Resume Next‖ statement during programming, but it is not considered
ethical. Programming bugs can sometimes be exploited by hackers to gain unauthorized access
into computers. Example of a bug is when you add a number (integer) and a string (character)
and try to assign this illogical computation to another integer. Another case could be when you try
to divide a number by zero. Bugs usually cause the entire program to crash. The OS is not

Page | 282
A Beginners Approach to Windows

affected unless and until the program which has the bug is directly involved in the normal working
of the OS itself.

The process of writing data from your computers hard disk or any other source to a CD ROM by
using a specially designed device called a CD Writer or CD Burner.

A communication line used for data transfer among the components of a computer system. If you
see the motherboard of your computer carefully you can see several lines running through the
board, most of these carry data to and fro between various devices and the processor. A bus
essentially allows different parts of the system to share data.

A unit of data that typically holds a single character, such as a letter, a digit, or a punctuation
mark. Some single characters can take up more than one byte. One byte is equal to 8 bits. For
example the character ‗S‘ is ASCII 53 and hence the byte that equals the letter S is 01010011.

Cable modem
A device that enables a broadband connection to the Internet by using cable television
infrastructure. Access speeds vary greatly, with a maximum transfer of 10 megabits per second

Recordable compact disc. Data can be copied to the CD on more than one occasion making
them into multisession discs; however, data cannot be erased from the CD.

Rewritable compact disc. Data can be copied to the CD on more than one occasion and can be

A digital document that is commonly used for authentication and secure exchange of information
on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed
by the issuing certification authority and can be issued for a user, a computer, or a service.

A path or link through which information passes between two devices.In terms of Internet
terminology, a channel is a Web site designed to deliver content from the Internet to your
computer, similar to subscribing to a favorite Web site.

Any computer or program connecting to, or requesting the services of, another computer or
program. Client can also refer to the software that enables the computer or program to establish
the connection.

Communication port
A port on a computer that allows asynchronous communication of one byte at a time. A
communication port is also called a serial port. You can connect various devices including
printers and scanners to a serial port.

Compatibility mode
A feature of a computer or operating system that allows it to run programs written for a different
system. Programs can be configured to run in compatibility mode of Windows 95, 2000 or NT on

Page | 283
A Beginners Approach to Windows

a Windows XP system. See the properties of the shortcut to the program. Programs often run
slower in compatibility mode.

Default user
The profile that serves as a basis for all user profiles. Every user profile begins as a copy of the
default user profile. Windows XP has its default profile stored in C:\Documents & Settings\Default

The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed
of access and retrieval.

The on-screen work area on which windows, icons, menus, and dialog boxes appear. This is also
the first screen that a user sees when he/she logs on to a Windows system.

Any piece of equipment that can be attached to a network or computer; for example, a computer,
printer, joystick, adapter, or modem card, or any other peripheral equipment. Devices normally
require a device driver to function with Windows.

Device driver
A program that allows a specific device, such as a modem, network adapter, or printer, to
communicate with the operating system. Although a device might be installed on your system,
Windows may not be able to use the device until you have installed and configured the
appropriate driver.

Device manager
An administrative tool that you can use to manage the devices on your computer. Using Device
Manager, you can view and change device properties, update device drivers, configure device
settings, and uninstall devices. Right click on My Computer and select Manage >> Device

Dialog box
A secondary window that contains buttons and various kinds of options through which you can
configure certain settings or save or run some command or task.

Digital video disc (DVD)
A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data.
DVDs are often used to store full-length movies and other multimedia content that requires large
amounts of storage space.

An extension of the Microsoft Windows operating system that allows you to use the advanced
multimedia capabilities of the hardware connected to your computer to play games and run other
programs more efficiently. To configure DirectX settings, go to Start >> Run >> dxdiag.

A group of computers connected together primarily for administrative purposes. The domain is
managed by a central domain controller that runs a database of information about the other
systems on the network called the Active Directory. This database can be used to create users,
groups and assign policies to the other computers on the network via the domain controller.

Page | 284
A Beginners Approach to Windows

Double-byte characters
A set of characters in which each character is represented by two bytes or 16 bits. Some
languages, such as Japanese, Chinese, and Korean, require double-byte character sets.

To transfer a copy of a file from a remote computer to the requesting computer by means of a
modem or network. On the internet there are complete websites dedicated to downloading of
software, music, movies, games and other files.

An area of storage that is formatted with a file system and has a drive letter. The storage can be a
floppy disk, a CD, a hard disk, or another type of disk. You can view the contents of a drive by
clicking its icon in My Computer.

Dual boot
A computer configuration that can start two different operating systems.

Dynamic-link library (DLL)
DLLs are files that contain extra functions or routines that are called by the main program only
when needed. Many exe files carry dlls to lower their file size. For example Microsoft Word has its
own dll files that contain functions to display toolbars in the main program. These dll files are
installed along with the normal installation of Microsoft Word. An example that can be given here
is the less heard impmail.dll that has the functions and routines to import mail in Outlook

Eggs are interesting programming ―mistakes‖ or bugs left on purpose in a program usually for the
sake of fun. Eggs are usually not visible or seen unless a certain combination of keystrokes or
some special input is given in the form of a number or string. Example of an egg in Windows is
the solitaire egg. Open solitaire and press ALT + Shift + 2 on the keyboard to directly end the

Embedded Object
Information created in another program that has been pasted inside another document. When
information is embedded, you can edit the information in the new document using toolbars and
menus from the original program. For example, if you embed a audio file in a word document, you
can play the audio by clicking on the toolbar that Word shows you when embedding is successful.

Encrypting File System (EFS)
The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000,
Windows XP Professional, and Windows Server 2003. (Windows XP Home doesn't include EFS)
that allows transparent encryption and decryption of files by using advanced, standard
cryptographic algorithms. Unlike 3rd-Party encryption tools, EFS is fully integrated into the
Windows Explorer shell, thus enabling easy encryption and decryption of files and folders.

The process of disguising a message or data in such a way as to hide its actual meaning. This
can be done by passing the message through an encryption algorithm that, for instance, replaces
letters by their equivalent alphabetical numbers. Like A = 1, B = 2 etc, thus making the message
difficult to read. The message is decrypted by passing it through a reverse algorithm.

End User License Agreement. This is a legal agreement between the company supplying the
software and the end user containing all the legal aspects of distribution, installation and use of

Page | 285
A Beginners Approach to Windows

the software. The Windows EULA is displayed during installation and if you wish to read it after
installation, you can open any explorer window and click on Help >> About Windows. In the
dialog box that opens click on the blue End User License Agreement link to open the EULA.txt
file. You can also manually read the EULA by going to Start >> Run >> eula.txt

Extended characters
Any of the 128 additional characters in the extended ASCII (8-bit) character set. These characters
include those in several non-English languages, such as accent marks, and special symbols used
for creating pictures like smileys (, ) etc.

Extended partition
Extended partitions are used to create multiple logical drives within themselves. Unlike primary
partitions, you do not format an extended partition with a file system and then assign a drive letter
to it. Instead, you create one or more logical drives within the extended partition. After you create
a logical drive, you format it and assign it a drive letter. An MBR disk can have up to four primary
partitions, or three primary partitions, one extended partition, and multiple logical drives.

Extraction is done to compressed files. When you extract a file, an uncompressed copy of the file
is created in a folder you specify. The original file remains in the compressed folder. Popular
compression formats include .zip, .rar and .tgz. Windows XP has inbuilt support for .zip files.

A file system used by MS-DOS and other Windows-based operating systems to organize and
manage files. The file allocation table (FAT) is a data structure that Windows creates when you
format a volume by using the FAT or FAT32 file systems.

A more efficient derivative of the file allocation table (FAT) file system. FAT32 supports smaller
cluster sizes and larger volumes than FAT, which results in more efficient space allocation on
FAT32 volumes.

File extension
A file extension is the text that follows the dot in a filename and which describes the contents and
type of file and to some extent the application associated with it. For example Track.mp3 denotes
the file to be a file of type audio or whatever.txt for that matter denotes a text file that can be
opened and edited using notepad in Windows.

File system
In an operating system, the overall structure in which files are named, stored, and organized.
NTFS, FAT, and FAT32 are types of file systems.

File Transfer Protocol (FTP)
A member protocol of the TCP/IP suite of protocols, used to copy files between two computers on
the Internet. Both computers must support their respective FTP roles: one must be an FTP client
and the other an FTP server. The ftp works through port 21.

A software or hardware based program or a collection of them which prevents unauthorized
access from the region defined as being outside the perimeter of a computing environment, can
include the Local Area Network and/or the internet. A firewall basically prevents direct
communication between network and external computers by routing communication through a
dummy server outside of the network, which is called as a proxy server. The proxy server

Page | 286
A Beginners Approach to Windows

determines whether it is safe to let a file pass through to the network. Most firewalls have
comprehensive log files that describe communication attempts and other routing information.

Flash Content
Animation of text or characters or images with or without audio that are embedded into web
pages for better appeal and effects. Flash is a product of Macromedia Inc. Flash is platform
independent if the correct plug-in is installed. On Windows, the plug-in is found in the
%systemroot%\system32\Macromed\Flash\ as Flash.ocx.

Floppy Disk
A reusable magnetic storage medium. The floppy disk used today is the rigid 3.5-inch disk that
holds 1.44 MB.

A graphic design that is applied to text or characters and symbols. A graphic design applied to a
collection of numbers, symbols, and characters. A font describes a certain typeface, along with
other qualities such as size, spacing, and pitch. Common fonts include Arial, Verdana and

When a file is copied from an external source to a physical disk (e.g. hard disk) the file is copied
to all the free areas of the disk irrespective of the location. This causes an increase in fetching
and retrieval of the file. This scattering is called file fragmentation.

Gigabyte (GB)
1,024 megabytes, though often interpreted as approximately one billion bytes.

An account specifically meant to provide restricted access to resources on a Windows XP
computer. Guest users can login and check their mail and then logoff.

Hard disk
A device, also called hard disk drive, that contains one or more inflexible platters coated with
material in which data can be recorded magnetically with read/write heads. The hard disk exists
in a sealed case that protects it and allows the head to fly 10 millionths to 25 millionths of an inch
above the surface of a platter. Data can both be stored and accessed much more quickly than on
a floppy disk. The primary storage medium for home and office computers.

Any physical component of a computer that includes any peripheral equipment like printers,
external modems, keyboards and mice.

Hardware profile
Data that describes the configuration and characteristics of specific computer equipment. This
information can be used to configure computers for using peripheral devices. Different hardware
profiles may be created by disabling or enabling devices.

A state in which your computer shuts down after saving everything in memory on your hard disk.
When you bring your computer out of hibernation, all programs and documents that were open
are restored to your desktop. Hibernation, if enabled can be accessed by pressing the Shift
button during the Shutdown option display.

Page | 287
A Beginners Approach to Windows

A section of the registry that appears as a file on your hard disk. By default, most hive files
(Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The
systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive
is a file, it can be moved from one system to another. However, you must use the Registry Editor
to edit the file.

Any Windows computer that runs a service program or any other program to which other
computers on the network require access to. Some computers are specifically configured to run
as servers for various client machines. Examples include telnet, web hosting and ftp servers.

HTTP (Hypertext Transfer Protocol)
The protocol used to transfer information on the World Wide Web. A type of HTTP address takes
the form: http://www.microsoft.com.

A common connection point for devices in a network. Typically used to connect segments of a
local area network (LAN), a hub contains multiple ports. When data arrives at one port, it is
copied to the other ports so that all segments of the LAN can see the data.

The position of a color along the color spectrum. For example, green is between yellow and blue.
This attribute can be set using Display in Control Panel.

Colored and underlined text or a graphic that you click to go to a file, a location in a file, an HTML
page on the World Wide Web, or an HTML page on an intranet. Hyperlinks can also go to
newsgroups and to Gopher, Telnet, and FTP sites.

HTML (Hypertext Markup Language)
A simple markup language used to create hypertext documents that are portable from one
platform to another. HTML files are simple ASCII text files with codes embedded (indicated by
markup tags) to denote formatting and hypertext links. Most web pages that are available online
are written in HTML.

A small image displayed on the screen to represent an object that can be manipulated by the
user. Icons serve as visual mnemonics and allow the user to control certain computer actions
without having to remember commands or type them at the keyboard. You can double click an
icon to open the file or folder or drive. More functions are available on the right click of the icon.

IDE (Integrated Device Electronics)
A type of disk-drive interface in which the controller electronics reside on the drive itself,
eliminating the need for a separate adapter card. Most home computer motherboards have 2 IDE
channels on which you can connect maximum 4 IDE devices. Common IDE devices include Hard
disk drives, CD ROM drives and DVD Drives.

IIS (Internet Information Services)
Software services that support Web site creation, configuration, and management, along with
other Internet functions. Internet Information Services include Network News Transfer Protocol
(NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

Page | 288
A Beginners Approach to Windows

Insertion point
The place where text will be inserted when typed. The insertion point usually appears as a
flashing vertical bar in an application's window or in a dialog box.

When referring to software, to add program files and folders to your hard disk and related data to
your registry so that the software runs properly. Installing contrasts with upgrading, where existing
program files, folders, and registry entries are updated to a more recent version.
When referring to hardware, to physically connect the device to your computer, to load device
drivers onto your computer, and to configure device properties and settings.

A worldwide network of millions of computers. If you have access to the Internet, you can retrieve
information from millions of sources, including schools, governments, businesses, hospitals,
shopping malls, military installations, industries, space agencies and individuals. You can connect
to the internet through phone lines, direct cables or through an ISP.

Internet address
An address for a resource on the Internet that is used by Web browsers to locate Internet
resources. An Internet address typically starts with a protocol name, followed by the name of the
organization that maintains the site; the suffix identifies the kind of organization it is. For example,
the address http://www.yale.edu/ provides the following information:
http: This Web server uses the Hypertext Transfer Protocol.
www: This site is on the World Wide Web.
edu: This is an educational institution.
Internet address is also called Uniform Resource Locator (URL).

A request for attention from the processor. When the processor receives an interrupt, it suspends
its current operations, saves the status of its work, and transfers control to a special routine
known as an interrupt handler, which contains the instructions for dealing with the particular
situation that caused the interrupt.

A network within an organization that uses Internet technologies and protocols, but is available
only to certain people, such as employees of a company. An intranet is also called a private

IP address
A 32-bit address used to identify a node on an IP inter-network. Each node on the IP inter-
network must be assigned a unique IP address, which is made up of the network ID, plus a
unique host ID. This address is typically represented with the decimal value of each octet
separated by a period (for example,

ISDN (Integrated Services Digital Network)
A high-speed digital telephone service that can dramatically increase the speed at which you
connect to the Internet or to your corporate LAN (local area network). ISDN can operate at 128
kilobytes per second (Kbps), which is five or more times faster than many analog modems.

ISP (Internet service provider)
A company that provides individuals or companies access to the Internet and the World Wide
Web. An ISP provides a telephone number, a user name, a password, and other connection
information so users can connect their computers to the ISP's computers. An ISP typically
charges a monthly or hourly connection fee.

Page | 289
A Beginners Approach to Windows

Standard input device for computers having keys for characters and numbers along with
secondary keys that provide additional functionalities. Many keyboards nowadays have around
102 keys.

Kilobyte (KB)
1,024 bytes, though often interpreted as 1,000 bytes.

LAN (Local Area Network)
LANs are network restricted to a specific locality but may take upto 500 computers and other
devices including switches, hubs, USB devices, routers and cable modems.

Linked Object
An object that is inserted into a document but still exists in the source file. When information is
linked, the new document is updated automatically if the information in the original document
changes. If you want to edit the linked information, double-click it. The toolbars and menus from
the original program will appear. If the original document is on your computer, changes that you
make to the linked information will also appear in the original document.

Log file
A file that stores messages generated by an application, service, or operating system. These
messages are used to track the operations performed. For example, Web servers maintain log
files listing every request made to the server. Log files are usually plain text (ASCII) files and
often have a .log extension.

Logical Drive
A volume that you create within an extended partition on a basic master boot record (MBR) disk.
Logical drives are similar to primary partitions, except that you are limited to four primary
partitions per disk, whereas you can create an unlimited number of logical drives per disk. A
logical drive can be formatted and assigned a drive letter which can be then accessed from My
Computer or by using the Windows Explorer.

The process of connecting to a computer by using a username and password. Locally, on a
Windows XP system, Logon refers to the process of confirming your identity with the SAM by
entering a username and password (if required) and then loading a pre-saved set of user
environment for the user.

Logon script
Typically a batch file, a logon script runs automatically every time the user logs on. It can be used
to configure a user's working environment at every logon.

Long name
A folder name or file name longer than the 8.3 file name standard (up to eight characters followed
by a period and an extension of up to three characters) of the FAT file system. Windows XP
supports long file names up to 255 characters.

Master IDE device
Any device connected to an IDE channel on the motherboard and which is configured to be a
master by means of jumper settings on the device. Masters have higher data transfer priority than

Page | 290
A Beginners Approach to Windows

To enlarge a window to its largest size by clicking the Maximize button (at the right of the title
bar), or by pressing ALT+SPACEBAR and then pressing X.

MBR (Master Boot Record)
The first sector on a hard disk, which starts the process of booting the computer. The MBR
contains the partition table for the disk and a small amount of executable code called the master
boot code.

Megabyte (MB)
1,048,576 bytes, though often interpreted as 1 million bytes.

To reduce a window to a button on the taskbar by clicking the Minimize button (at the right of the
title bar), or by pressing ALT+SPACEBAR and then pressing N.

Modem (Modulator/Demodulator)
A device that allows computer information to be transmitted and received over a telephone line.
The transmitting modem translates digital computer data into analog signals that can be carried
over a phone line. The receiving modem translates the analog signals back to digital form.

The main circuit board of a microcomputer. The motherboard contains the connectors for
attaching additional boards. The processor, IDE channels (if any), floppy disk controllers and
memory modules are connected to the motherboard.

Mounted Drive
A drive attached to an empty folder on an NTFS volume. Mounted drives function the same as
any other drive, but are assigned a label or name instead of a drive letter. The mounted drive's
name is resolved to a full file system path instead of just a drive letter. Members of the
Administrators group can use Disk Management to create mounted drives or reassign drive

A keyboard feature that enables you to use the numeric keypad to move the mouse pointer and
to click, double-click, and drag.

MS-DOS-based program
A program that is designed to run with MS-DOS and therefore may not be able to take full
advantage of all Windows features.

My Computer
A folder that is accessible through the start menu or the desktop and which shows all the disk
drives and removable media connected to your computer. You can access all other drives (C:, D:,
etc) through the icons shown in My Computer. To change the settings of your computer you can
go to the Control Panel which is also displayed in My Computer.

My Documents
A folder that provides you with a convenient place to store documents, graphics, or other files you
want to access quickly. When you save a file in a program such as WordPad or Paint, the file is
automatically saved in My Documents, unless you choose a different folder.

Page | 291
A Beginners Approach to Windows

A group of computers and other devices, such as printers and scanners, connected by a
communications link, enabling all the devices to interact with each other. Networks can be small
or large, permanently connected through wires or cables, or temporarily connected through
phone lines or wireless transmissions. The largest network is the Internet, which is a worldwide
group of networks.

Network adapter
A device that connects your computer to a network. This device is sometimes called an adapter
card or network interface card or a LAN card.

Network administrator
A person responsible for planning, configuring, and managing the day-to-day operation of the
network. Network administrator is also called a system administrator.

Network password
A password that you use to log on to a network. You can make this the same as your Windows
password, so you have only one password to remember.

Notification area
The area on the taskbar to the right of the taskbar buttons. The notification area displays the time
and can also contain shortcuts that provide quick access to programs, such as Volume Control
and Power Options. Other shortcuts can appear temporarily, providing information about the
status of activities. For example, the printer shortcut icon appears after a document has been
sent to the printer and disappears when printing is complete or the Windows Activation reminder
or CD burning files.

NTFS file system
An advanced file system that provides performance, security, reliability, and advanced features
that are not found in any version of FAT. For example, NTFS guarantees volume consistency by
using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log
file and checkpoint information to restore the consistency of the file system. In Windows 2000 and
Windows XP, NTFS also provides advanced features such as file and folder permissions,
encryption, disk quotas, and compression. Windows 98 does not support the NTFS file system,
although you get third party software like NTFSDOS which can access the NTFS file system and
copy data to a FAT drive through the DOS environment.

Number System
Any system for representing numbers. The four number systems available are decimal,
hexadecimal, octal, and binary. Decimals are from 0 to 9 and their combinations, hexadecimal
counts from 0 to 9 and then A, B, C, D , E and F where F is decimal 15 and hexadecimal 10 is
decimal 16. Octal counts using 8 numbers and binary counts using 1 and 0 where binary 01 is
decimal 1 and 10 is decimal 2, 11 is decimal 3, 100 is 4 and 101 is decimal 5 and so on.

OLE (Object Linking & Embedding)
A way to transfer and share information between applications by pasting information created in
one application into a document created in another application, such as a spreadsheet or word
processing file.

OpenType fonts
Outline fonts that are rendered from line and curve commands, and can be scaled and rotated.
OpenType fonts are clear and readable in all sizes and on all output devices supported by
Windows. OpenType is an extension of TrueType font technology.

Page | 292
A Beginners Approach to Windows

Overflow refers to the condition when a calculation gives an unexpected result or a result that
cannot be stored or computed using the present architecture. Examples include divide by zero or
the infinite calculation of the product of all integers etc. Most programs are written in such a way
as to prevent overflows or to hang and terminate when met with such a condition.

An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary
information representing both data and a header containing an identification number, source and
destination addresses, and error-control data.

Page Fault
The interrupt that occurs when software attempts to read from or write to a virtual memory
location that is marked not present. In Task Manager, page fault is the number of times data has
to be retrieved from disk for a process because it was not found in memory. The page fault value
accumulates from the time the process started.

Page Faults Delta
In Task Manager, the change in the number of page faults since the last update.

Paged Pool
The system-allocated virtual memory that has been charged to a process and that can be paged.
Paging is the moving of infrequently-used parts of a program's working memory from RAM to
another storage medium, usually the hard disk. In Task Manager, the amount of system-allocated
virtual memory, in kilobytes, used by a process.

Paging File
A hidden file on the hard disk that Windows uses to hold parts of programs and data files that do
not fit in memory. The paging file and physical memory, or RAM, comprise virtual memory.
Windows moves data from the paging file to memory as needed and moves data from memory to
the paging file to make room for new data. Paging file is also called a swap file. In Windows the
paging file is found at the root of drives and named as pagefile.sys.

A portion of a physical disk that functions as though it were a physically separate disk. After you
create a partition, you must format it and assign it a drive letter before you can store data on it.
On basic disks, partitions are known as basic volumes, which include primary partitions and
logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple,
striped, spanned, mirrored, and RAID-5 volumes.

A security measure used to restrict logon names to user accounts and access to computer
systems and resources. A password is a string of characters that must be provided before a
logon name or an access is authorized. A password can be made up of letters, numbers, and
symbols, and it is case sensitive.

Peak Memory Usage
In Task Manager, the peak amount of physical memory resident in a process since it started.

A technique employed by crackers on the Internet to steal sensitive information like Credit card
numbers, Usernames and Passwords by displaying web pages that appear genuine, thereby

Page | 293
A Beginners Approach to Windows

fooling users in using their personal details which could possibly be then redirected to the special
servers tha