Windows 2000 Professional Control Panel

• Accessibility - Five tabs are keyboard, sound (Can have visible sound indications), display, mouse(Can move the
mouse with the keyboard), and general (alternatives to keyboard and mouse).
• Add/Remove Hardware - Can add and remove hardware device drivers for display devices, CDROM and DVD
drives, I/O devices (Keyboard, mouse, USB devices and more), Mobile computer hardware, modems, multimedia,
and network cards. A device driver is a software3 program that allows the system to interact with hardware. If the
driver is signed, it has a digital signature from its creator verifying its authenticity.
• Add/Remove Programs - Allows programs to be installed or removed from the system including optional Windows
2000 components. Vendor programs must be written to use this applet.
• Administrative Tools - Only the members of the Administrators group can use these tools.
• Console - Allows settings for MS-DOS console. Uses four tabs which are options (for cursor size, command history,
and display options), font, layout, and colors tabs.
• Date/Time
• Display - Tabs are Background, Screen Saver, Appearance, Web, Effects, and Settings( Sets the video mode). The
Screen saver allows power settings to be adjusted along with selection of the screen saver. Appearance tab adjusts
the Windows color schemes. The Web tab allows a specific web page to be displayed all the time on the desktop.
The effects tab allows desktop icons to be changed. The Settings tab allows screen size and colors to be changed.
• Fax - Is used to configure Fax information and access theFax Service Management Console which allows a Fax to
be setup to receive or send faxes. It is also accessed using "Start", "Programs", "Accessories", "Communications",
and "Fax".
• Folder Options - Allows the way files and folders are displayed to be modified. It includes the tabs "General", "View",
"File Types", and "Offline Files". The View tab allows settings to specify whether the whole path is displayed, and
whether hidden files are shown. The File Types tab specifies the application to be used to open files with extensions
of specific types. The Offline Files tab allows setting of whether offline files are displayed and worked on. Once
changed these files may be placed back into the online source. The default setting is on for Windows Professional
and off for Windows Servers.
• Fonts - Allows viewing of current fonts and installation of new fonts. It is a shortcut to the fonts folder.
• Game Controllers- Allows configuration of joysticks and gamepads.
• Internet Options - These are options for Internet Explorer. They can be accessed from the Tools menu of IE. Tabs
include General (Control of temporary files, history, and home page), Security (Allows trusted site settings, cookie
settings, JavaScript settings and more), Content (Allows certificates, and storage of private information),
Connections, Programs (Specification of programs for e-mail, HTML editing, newsgroups, and more), and Advanced
tabs(JavaScript debugging options, HTML versions and more).
• Keyboard - Includes Speed, Input Locales (assign hotkeys), and Hardware (physical type of keyboard) tabs.
• Mouse and mouse pointer settings including mouse speed - Tabs include, Buttons (to set right or leeft handed
mouse), Motion (speed), Pointers (Selection of mouse icons for normal, waiting, and other states), and Hardware
(Sets up the mouse type such as PS2 Intellimouse and options available in the Device Manager).
• Network and Dial-up Connection - Can change computer name, and set to workgroup or domain. bindings are set
here with the first one on the list to be the first one tried when services are attempted to be used. Also used to install
NIC drivers. Tabs are:
o Identification - computer name and domain or workgroup name
o Services - Can add, or remove services and check their properties.
o protocols - Can add or remove protocols or check their setup (properties).
o Adapters - Add or remove NIC adapter drivers.
o bindings - Where the binding priority may be set for various services.
• Phone and Modem Options - Modem properties and dialing rules are configured here.
• Power Options - Settings for how long hard drives and the monitor stays on are configured here. Tabs are "Power
Schema", "Advanced", "Hibernate", "APM", and "UPS". The Power Schema tab controls how long of a period of
inactivity to wait before turning off the monitor and hard drives. The Advanced Power Management (APM) tab
controls older power management for laptops. The UPS tab is used to configure commands to execute when a UPS
event occurs.
• Printers - Allows addition and deletion of printers. Right clicking and selection properties for a specific printer, opens
a properties window with General (Driver Selection, Separator page, print processor [RAW, text], print test page),
ports, Scheduling (priority, When printing starts relative to spooling, Hours of availability), Sharing, Security, and
About tabs.
• Regional Options - Set up regional and language settings for NT. Select General, Numbers, Currency, Time, Date,
or Input Locales tabs. The Regional Options tab is used to add additional language support.
• Scanners and Cameras - Digital cameras and scanners may be installed and configured here.

1
• Scheduled Tasks - Also called the "Task Scheduler", it is used to schedule programs or scripts to run at specific
times. An "Add Scheduled Task" icon is in this folder.
• Sounds and Multimedia - Used to setup sound schemes and sounds to play for specific events. Tabs are "Sounds",
"Audio", and "Hardware". The Sounds tab is used to associate events and sounds. The Audio tab allows the device to
use for playing and recording sound to be set. The Hardware tab is used to configure and view multimedia devices.
• System
o General - Describes the name and version of the system, who it is registered to and the hardware it is
running on.
o Network Identification - Allows the changing of the computer name, workgroup, or domain.
o Hardware - Allows selection of hardware profiles and what to do if the system cannot determine which profile
to use. Includes Hardware Wizard, Device Manager, and Hardware Profiles sections. The Hardware Profiles
section allows additional hardware profiles to be created. The Device Manager section includes a Device
Manager and a Driver Signing button. The Device signing allows configuration of what to do when system
files are not digitally signed. Options are Ignore, Warn, or Block. Sigverif command line utility is used to
find unsigned files on the computer. Sfc.exe command line utility is used to replace any unsigned
files with the original Microsoft version from the SystemRoot\System32\Dllcache directory. The
device manager includes the ability to configure:
 Computer - Used to configure for multiple processors.
 Disk drives
 Display adapters
 DVD/CD-ROM drives
 Floppy disk controllers
 Floppy disk drives
 IDE ATA/ATAPI controllers
 Imaging devices
 Infared devices
 Keyboards
 Mice and other pointing devices
 Modems
 Monitors
 Network adapters
 PCMCIA adapters - (Card Services)
 Ports (COM & LPT)
 Sound, video and game controllers
 System devices
 Universal Serial Bus controllers
o User Profiles - Allows user profiles to be added and changed which will affect desktop settings. Roaming
profiles may be set using this tab.
o Advanced - Used to set:
 Environment variables - Used to set environment variables. If the path is modified to include
applications run on Win95, these applications can be run when using a dual boot system or
migrating from Windows 95.
 Performance options- Allows performance to be optimized for applications or background services
(all programs with equal priority). Also allows configuration of page files.
 Startup and shutdown options - Allows default selection of system to boot and amount of delay
before timeout. Allows selection of what to do when a stop error occurs. More than one choice may
be selected.
 Write an event to the system log
 Send an administrative alert
 Automatically reboot
 Write debugging information (selection of none, small, kernel dump, and complete
memory dump) to a specified file (default is Memory.dmp).
• Users and Passwords (Only on 2000 Professional) - Manage user access and passwords on this computer.
• Wireless Link - Configuration of infared devices. Tabs include "File Transfer", "Image Transfer", and "Hardware".
• ports - Allows configuration of serial and parallel ports.
• SCSI Adapters - SCSI adapters may be added or removed here. They are not configured here but may be
configured at boot time using the manufacturer bIOS.
• Server - Tells who is connected, see shared resources, directory replication.
o Users - Shows users logged onto the domain and where they are logged on from. (NT Server ONLY)
o Shares - Shows resource name and path along with connected users.
2
 o In Use - Shows resources being used and the associated permissions.
o Replication - Allows setup of directory replication.
o Alerts - Controls where administrative alerts are sent
• Services - Can start or stop services or set them to automatically start when the system is booted. Description
entries include:
o Service - The name of the service.
o Status - Whether the service is running.
o Startup - Manual or automatic.

buttons include:

o Start
o Stop
o pause
o Continue - Restart a service that is paused.
o Startup - Set the service to be started by selecting one ot the radio buttons automatic, manual or disabled.
Can also select one of two radio buttons called "System Account" or "This Account".
o HW profiles - Allows selection of the hardware profile the service is being configured for.

There is also a "Startup parameters" text box used to configure special startup parameters for the service.

• Sounds- Alignment of sound (.wav) files to system events.

• Tape Devices - This is where tape device drivers are added to allow the system to perform backups. They can be
added using the detect button or using the drivers tab.
• Telephony - Used to configure part of RAS. The TApI (telephony application programming interface) and unimodem
service provider are automaticllly installed. Unimodem works for modems on com ports and TApI is used for
telephony applications.

UpS - Configure the UpS. UpS command configuration is configured here so the systems may receive information from the
UpS unit. Commands can be programmed here to execute when a UpS event occurs.

Windows 2000 Server Control Panel

This section only describes control panel applets and features not described for Windows 2000 Professional.

• Licensing - Allows setting of per server or per seat licensing.

• Licensing - Allows software package licenses to be added.
• Mail - Microsoft Mail client control.
• Microsoft Mail postoffice - Setup and control of the messaging server Microsoft mail post office.
• ODbC - ODbC database information routing control. Need database software or IIS ti be installed for this applet to be
visible.
• MacFile - Allows setup of AppleShare services for Macintosh clients. Services for Macintosh must be installed for this
applet to appear.
• GSNW - Gateway services for NetWare. Services for Netware must be installed for this applet to appear.
• Monitoring Agent - Network monitor tools and agent must be installed for this to appear.
• RAS - One of modem, ISDN, or X.25 must be installed to use this applet. The modems applet is used to install
modems, ISDN, or X.25.
• Server - Tells who is connected, see shared resources, directory replication. This applet is included with NTWS but
can be used to control users and shares on the domain so it is noteworthy here.
o Users - Shows users logged onto the domain and where they are logged on from.
o Shares - Shows resource name and path along with connected users.
o In Use - Shows resources being used and the associated permissions.
o Replication - Allows setup of directory replication.
o Alerts - Controls where administrative alerts are sent

The Windows Registry is a database which stores settings and options for Microsoft
Windows operating systems. It contains information and settings for all the hardware,
operating system software, most non-operating system software, and per-user settings. The

3
 registry also provides a window into the operation of the kernel, exposing runtime
information such as performance counters and currently active hardware.

Hives
The Registry is split into a number of logical sections, or "hives"[3] (the reason the word hive was used is an in-
joke[4]) Hives are generally named by their Windows API definitions, which all begin "HKEY". They are abbreviated to
a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM).

The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER nodes have a similar structure to each other; applications
typically look up their settings by first checking for them in "HKEY_CURRENT_USER\Software\Vendor's
name\Application's name\Version\Setting name", and if the setting is not found look instead in the same location
under the HKEY_LOCAL_MACHINE key. When writing settings back, the reverse approach is used —
HKEY_LOCAL_MACHINE is written first, but if that cannot be written to (which is usually the case if the logged-in
user is not an administrator), the setting is stored in HKEY_CURRENT_USER instead.

[edit] HKEY_CLASSES_ROOT (HKCR)

Abbreviated HKCR, HKEY_CLASSES_ROOT stores information about registered applications, such as file associations
and OLE Object Class IDs tying them to the applications used to handle these items. On Windows 2000 and above,
HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the
subkeys above, the one in HKCU\Software\Classes is used.[5]

[edit] HKEY_CURRENT_USER (HKCU)

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user. The HKCU
key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both
locations. On Windows-NT based systems, each user's settings are stored in their own files called NTUSER.DAT and
USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users subfolder in Windows Vista).
Settings in this hive follow users with a roaming profile from machine to machine.

[edit] HKEY_LOCAL_MACHINE (HKLM)

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general to all users on the computer. On NT-
based versions of Windows, HKLM contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM, that are found
within their respective files located in the %SystemRoot%\System32\config folder. A fifth subkey, HARDWARE, is
volatile and is created dynamically, and as such is not stored in a file. Information about system hardware drivers
and services are located under the SYSTEM subkey, while the SOFTWARE subkey contains software and Windows
settings.

[edit] HKEY_USERS (HKU)

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user
profile actively loaded on the machine, though user hives are usually only loaded for currently logged-in users.

[edit] HKEY_CURRENT_CONFIG
Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this
key is not permanently stored on disk, but rather regenerated at the boot time.

[edit] HKEY_PERFORMANCE_DATA
This key provides runtime information into performance data provided by either the NT kernel itself or other
programs that provide performance data. This key is not displayed in the Registry Editor, but it is visible through the
registry functions in the Windows API.

4
[edit] HKEY_DYN_DATA
This key is used only on Windows 95, Windows 98 and Windows Me. [6] It contains information about hardware
devices, including Plug-and-Play and network performance statistics. The information in this hive is also not stored
on the hard drive. The Plug and Play information is gathered and configured at startup and is stored in memory. [7]

[edit] Symbolic Links

In Windows NT based systems Symbolic Links between registry keys are supported through REG_LINK value type.
Registry links work similarly to file shortcuts or filesystem Symbolic links. As such they can span across different
hives, however only those visible in Native API namespace, that is \Registry\Machine and \Registry\User.
Other hives like HKEY_DYN_DATA are only virtual objects in Win32 API and thus not linkable. Links are used in
Windows rather scarcely, only by CurrentControlSet and Hardware Profiles\Current.

Windows 2000 has 2 Group Types - Security and Distribution. Security groups are used to assign permissions for access to
network resources. Distribution groups are used to group users together for Email distribution lists. Security groups can be
used as a Distribution Group, but Distribution Groups cannot be used as Security Groups. Proper planning of group
structure affects maintainability in the future, especially in the enterprise environment where multiple domains are involved.
Win2K groups (both security and distribution) are classified into one of three group scopes - Domain Local, Global and
Universal. Below you can see how these groups are used. Although Local Groups are not considered part of the Win2k
group scope, they are included for your information.

Group Scope

Local Groups (or machine local groups) - For backward compatibility with NT, there are local groups. Also called Builtin
Local Groups.
They are the only type of local group available in a Windows 2000 mixed-mode domain.
Local groups can have members from anywhere in the forest, from trusted domains in other forests, and from trusted
down-level domains.
A local group has only machine-wide scope. It can be used to grant resource permission only on the machine on which it
exists. However, the local groups on a domain controller are available on every domain controller in that domain.

Domain Local groups – assign access permissions to domain global groups for local domain resources.
Available only in native mode (not mixed-mode) domains if you want to use them as anything other than machine local
groups on DCs only.
Can have members from anywhere in the forest, from trusted domains in other forests, and from trusted down-level
domains.
They have domain-wide scope, can be used to grant resource permission on any Win2K machine within the domain in
which it exists, but not beyond. Used as a resource group.

Domain Global groups – provide access to resources in other trusted domains.

Exist in both mixed-mode and native-mode domains.
Can have members from within their own domain only. Can be made a member of machine local or domain local groups or
granted permission in any domain (including trusting domains in other forests and down-level domains).
Use global groups to collect users or computers that are in the same domain and share the same job, role or function.
In a Native Mode domain only, Global groups can contain other Global groups.

Universal groups – grant access to resources in all trusted domains.

Only in native-mode domains. Can have members from any Win2K domain in the forest. If you scroll up and look at the
Add new group image above, you can see "Universal" is grayed out. That's because this domain is a Mixed-Mode Domain.
Universal groups can be granted permissions in any domain, including in domains in other forests with which a trust exists.
These groups can help you represent and consolidate groups that span domains, and perform common functions across the
enterprise. A useful guideline is to designate widely used groups that seldom change, as universal groups. Universal
groups and their members are listed in the global catalog, and if changes are made, the entire group membership must be
replicated to all global catalogs in the domain tree or forest.
Domain Local and Domain Global groups can be converted to Universal groups. This can only be done in a Native Mode
domain, and only if the groups do not contain groups of the same scope. For example, a Global group that contains another
Global group cannot be converted to a Universal group.

Notes:
Groups having global or domain local scope are also listed in the global catalog, but the individual members of the group
are not. Using these groups will reduce the size of the global catalog and replication traffic.
Microsoft advises against using Domain Local groups when filtering Group Policy objects. See this KB article for more info:
http://support.microsoft.com/default.aspx?scid=kb;[LN];309172

Native Mode Domains

5
Group Scope Allowable Objects Native Mode Replication

Domain Local Computer accounts, users, global groups and Group object and its membership are
universal groups from any domain. Domain replicated only to DCs within the same
Local groups from the same domain. Nest in domain; not included in GC (Global Catalog)
other Domain Local groups in same domain. replication to other domains.

Domain Global Only users, computers and global groups from Group object is replicated to all DCs in the
same domain. Nest in other Global (in same same domain and to all GCs in the forest.
domain), Domain Local, or Universal groups. Membership is replicated only to DCs within
the domain.

Universal Universal groups, global groups, users and Group object and its membership are
computers from any domain in the forest. replicated to all GC servers in the forest.
Nest in Global, Domain Local or Universal
groups.

Mixed Mode Domains

Group Scope Allowable Objects Mixed Mode Replication

Domain Local Computer accounts, users, global groups from Same as Native Mode
any domain. Cannot be nested.

Domain Global Only users and computers from same domain. Same as Native Mode
Cannot be nested.

Universal Not Available. Not Available.

Built-In Groups - There is another category of groups that you will see if you open Active Directory Users and Computers.
It is called Builtin. The Built-in groups are groups that Windows 2000 creates for you. They have a predetermined set of
user rights and group membership, and can be used to assign permissions to network resources. You can find Built-in
groups in the Builtin folder and in the Users folder.

Using Groups

The official Microsoft-sanctioned method for using groups in a domain setting is known
as the A-G-DL-P method.

(A) Take the user Account and place it in a

(G) Global group, then take the global group and place it into a
(DL) Domain Local group, after which you assign
(P) Permissions to the domain local group.

Of course, always following this method is not practical. You have to use common sense and judgment when assigning
groups to permissions. The above is just an official Microsoft guideline.

Special Identities

There are also some special groups, referred to as Identities, because they are managed by the system and not by
administrators. They are also automatically installed on all Windows 2000 computers. However, they do not appear in
Active Directory Users and Computers, or in the Computer Management Tool. Here are the special identities:

Everyone: Represents all current network users, including guests and users from other domains. Whenever a user logs on
to the network, they are automatically added to the Everyone group.

Network: Represents users currently accessing a given resource over the network (as opposed to users who access a
resource by logging on locally at the computer where the resource is located). Whenever a user accesses a given resource
over the network, they are automatically added to the Network group.

6
Interactive: Represents all users currently logged on to a particular computer and accessing a given resource located on
that computer (as opposed to users who access the resource over the network). Whenever a user accesses a given resource
on the computer to which they are currently logged on, they are automatically added to the Interactive group.

Anonymous Login: The Anonymous Login group refers to any user who is using Windows 2000 resources, but that didn’t
go through the authentication process.

Authenticated User: The Authenticated User group includes all users who are authenticated into the network by using a
valid user account. When assigning permissions, you can use the Authenticated User group in place of the Everyone group
to prevent anonymous access to resources.

Creator Owner: The Creator Owner group refers to the user who created or took ownership of the resource that you’re
assigning permissions to. For example, if the User Jack created a resource, but the Administrator took ownership of it, then
the Creator Owner would be the Administrator.

Dialup: The Dialup group includes anyone who’s currently connected to the network through a dialup connection.

These groups can be assigned permissions to network resources, although caution should be used when assigning some of
these groups to permissions. Members of these groups are not necessarily users who have been authenticated to the
domain. For instance, if you assign full permissions to a share for the Everyone Group, users connecting from other
domains will have access to the share.

Adding Groups/Users to Resource Permissions

Domain Computers and Member Servers can add the following users/groups to the ACLs of their local resources:

In a Mixed Mode Domain In a Native Mode Domain

Domain Users Domain Users

Global Groups Domain Local Groups
Local Groups Global Groups
Local Users Universal Groups
Local Groups
Local Users

Domain Controllers can add the following users/groups to the ACLs of their local resources:

In a Mixed Mode Domain In a Native Mode Domain

Domain Users Domain Users

Global Groups Global Groups
Built-In Local Groups Universal Groups
Domain Local Groups Built-In Local Groups
Domain Local Groups

Profile shows an organization exactly how good they are and what areas they can
focus on to enable further improvements and productivity gains
Profile opens up new possibilities for the development of your organisation and it’s performance. Though it is still
based on the same 3 principles as the Standard - Plan, Do and Review - it goes beyond the current scope of the
Standard.