RIS Installations of Windows XP

Professional
In order to install Windows XP Professional using the Remote Installation Service, you
must install the RIS on a Windows 2000 server (either Server, Advanced Server or
Datacenter) using the Remote Installation Services Setup Wizard. The server can be a
member server or a domain controller, it doesn't make a difference, however, what must
be present on the network in order to use RIS are the following services:

RIS relies on the DNS service for locating both the directory service and
DNS
client computer accounts.
The DHCP service is required so that client computers that can receive an
DHCP
IP address.
Active
RIS relies on the Active Directory service in for locating the RIS servers.
Directory

The shared volume where the RIS data is installed cannot be on the same drive that is
running Windows 2000 Server. The volume must be large enough to hold the RIS
software and the various Windows XP Professional images that are installed and that
volume must be formatted with the NTFS 5 file system.

You begin the RIS server setup by logging on to the server with an account that has
administrative permissions, and go to the Control Panel and select Add/Remove
Programs. From here you will need to choose Add/Remove Windows Components and
make sure that you have either the Windows I386 directory available for the installation
or the Windows 2000 Server CDROM.

In the Add/Remove Windows Components window, select Remote Installation Services.

From this point, the remainder of the installation is automatic. (If the I386 source files
cannot be found the system will prompt you to locate them.)

When the installation is completed, you'll need to restart your server to configure your
RIS services.

You need to go back into the Control Panel and choose Add/Remove Windows
Components again in order to start the configuration. (You can also type RIsetup from
the run line or a command prompt as well.)

Click on Configure to begin. This will launch the Welcome to the Remote Installation
Services Setup Wizard, as shown below. (The window below is the first thing you will
see if you choose to type RIsetup from the run line or a command prompt.)
Once you continue you will be prompted with the default Remote Installation folder
location of D:\RemoteIstall. You can elect to keep the default path or browse to a new
location.

The volume you opt to use must be large enough to hold the RIS software and the various
Windows XP Professional images that will be installed and the volume must be formatted
with the NTFS 5 file system.
By default, Remote Installation Services servers do not respond to requests for service
from client computers. There are two settings available to use on the server.

If you select the Respond to clients requesting service option, Remote Installation
Services is enabled and will respond to client computers requesting service.

Additionally, if you select the Do not respond to unknown client computers option,
Remote Installation Services will respond only to known (prestaged) client computers.

You will also need to provide a name for the Windows installation image folder, as well
as a friendly description for each image you install on the RIS server.
The last step the wizard performs is actually a series of events, as outlined in the image
above. Once the final step is completed, the setup wizard starts the required services for
RIS to run. The server is complete at this point and will service client requests for CD-
based installs.
Additional details of RIS configuration and administration from this point forward
actually goes beyond the scope of what is required for installing Windows XP
Professional CD-based installs via RIS. For additional information on RIS for Windows
XP Professional, you can visit the Microsoft Website

Client computers that support remote installation must either meet the Net PC
specification (which is, effectively, a system which can perform a network boot) or have
a network adapter card with a PXE boot ROM and BIOS support for starting from the
PXE boot ROM.

Some client computers that have certain supported PCI network adapter cards can use the
remote installation boot disk as well.

This support is somewhat limited and can only be used with certain motherboards, as the
BIOS settings for booting the system from the network needs to be configurable.

The RIS service provides the Windows 2000 Remote Boot Disk Generator if your system
does support starting from the PXE boot ROM. You can create a Remote Boot Disk by
typing <DRIVE LETTER> RemoteInst\Admin\i386\rbfg in the RUN box or at a
command prompt. (The drive letter is the drive where you installed the RIS services and
will vary from server to server).

The boot disk simulates the PXE boot process on your system when your network card
does not have the required PXE boot ROM for a RIS installation. (Again, only a small
number of PCI network cards currently support using the Remote Boot Disk. This
includes mainly 3COM and a small cross section of other major vendors.)

The user account used to perform a RIS installation must be assigned the user right of
Log On as a Batch Job. The users must also be assigned permission to create computer
accounts in the domain they are joining if this has not been done ahead of time. There are
other factors as well, such as prestaging a client. For the purposes of this overview, we
will go through a "plain vanilla" RIS installation from a boot floppy.
When the client system starts from the boot floppy you would press F12 when prompted
to boot from the network.

The Client Installation Wizard will start and you will need to supply a valid user name
and password for the domain you're joining as well as the DNS name of the domain.
Once this is done you can press Enter to continue.

You are then given the option of performing an Automatic Setup, Custom Setup, or to
Restart a Previous Setup Attempt, or use the Maintenance and Troubleshooting Tools
installed on the RIS server. You would choose one of the options and then press Enter.

The next screen will show a number of RIS images (including the default CD-based
image) that you can use. (The number will depend on what has been placed on the server
by the administrator and whether or not you have the proper access permission to read
them.) Choose an image and then press Enter.

You will be presented with one last opportunity to verify that the settings are correct.
Once you're sure that they are, you would press Enter to begin the RIS installation. When
it is complete, Windows XP Professional will be deployed to the client system and
available for use upon restart.

Troubleshooting the Windows XP

Professional Setup
By Jason Zandri
<< Index | Next >>

This article covers Troubleshooting the Windows XP Professional Setup.

Troubleshooting the Windows XP Professional Setup

Usually when you are going about your Windows XP Professional installation, you will
not run into any issues, particularly if you are sure that the installed system hardware
meets the minimum Windows XP Professional hardware requirements by verifying all of
the hardware is on the Hardware Compatibility List (HCL) at the Microsoft website.
Windows XP Professional supports only the devices listed in the HCL. If your hardware
isn't listed, contact the hardware manufacturer and request a Windows XP Professional
driver or replace the hardware to avoid potential issues.

Support means that while the operating system may load and run on unsupported
hardware and software, any issues that come up with the system will not be covered (i.e.
supported) by Microsoft Technical Support if you should need to engage them.

If this has been done beforehand and issues do arise, there are a couple of "textbook"
events that can be looked at first that will cover some of the more common problems you
might encounter during installation and these will generally be what is at issue most of
the time.

Common installation problems and Troubleshooting Tips

Media errors - When you are installing Windows XP Professional from a CD-ROM and
run into problems, the quickest way to try to resolve the issue is to use a different CD-
ROM. Even if the CD-ROM you are using has worked a dozen times before, the drive it
is in at the time of the error may have trouble reading it or the disk itself may have been
newly damaged by a fall or some other issue. You can attempt to clean a finger print
laced CD-ROM as a troubleshoot point as well. If you should need to request a
replacement CD-ROM, you can contact Microsoft or your point of purchase.

You can also try using a different computer and CD-ROM drive. If you can read the CD-
ROM on a different computer, you can perform an over-the-network installation if that
option is available to you.

If one of your Setup disks is not working, download a different set of Setup disks. (The
ability to directly create setup floppies has been dropped from Windows XP. Setup boot
disks are available only by download from Microsoft. The Setup boot disks are available
so that you can run Setup on computers that do not support a bootable CD-ROM. There
are six Windows XP Setup boot floppy disks. These disks contain the files and drivers
that are required to access the CD-ROM drive through generic PCI drivers and begin the
Setup process.

You may also find that the Windows XP Professional setup program is unable to copy
files from the CD-ROM. In this event, it may be possible to either replace the drive with
a supported drive (as this is usually the issue) or you can attempt your installation via a
different method such as installing over the network (as mentioned above) or by copying
the files to the local drive first, outside of the installation program, as sometimes the copy
failure only crops up after the Windows XP Professional setup program is running.

Insufficient disk space errors - The current minimum hardware requirements for
Windows XP Professional at the time of this writing is as follows:
 • 300MHZ or higher processor clock speed recommended (233 MHz minimum
required, can be single or dual processor system) Intel Pentium /Celeron family,
or AMD K6/Athlon/Duron family, or compatible processor recommended
• 128MB of RAM or higher recommended (64MB minimum supported; may limit
performance and some features)
• 1.5GB of available hard disk space
• Super VGA (800 × 600) or higher-resolution video adapter and monitor
• CD-ROM or DVD drive
• Keyboard and Microsoft Mouse or compatible pointing device

If you do not have 1.5GB of available hard disk space on a single partition, you will not
be able to complete the installation in most cases.

You can use the setup program to create additional partitions that are large enough for the
installation if there is enough space on the drive or you can elect to delete existing data
on the current partition to make enough room for the installation.

Troubleshooting using Setup Logs

Windows XP Professional generates a number of log files during the setup routine that
contain information that was logged during installation that will assist you when you are
attempting to resolve problems that may have occurred during the setup.

[NOTES FROM THE FIELD] - For the purpose of the Windows XP Exam you need
not remember the exact contents of these files, they are supplied here so that you can get
an overview of what would be in them commonly.

Error codes are often cryptic, whether in a log file or the system event viewer but taking
the time to understand what error has occurred and why, will help you better understand
and troubleshoot the system.

The list below outlines the purpose of each file, and also a portion of the file contents for
you to examine.

Action Log (SETUPACT.LOG) - The action log records the actions that the Setup
program performs in chronological order and is saved as SETUPACT.LOG. Click here
for the sample log.

The setup log that I have available from my system is 165KB in size and too large to post
here in its entirety, but I have cut a few sections out so that you can see what some of the
entries look like.

(The SETUPACT.LOG can be found in the \Windows directory in a default Windows XP

Professional installation)

As I mentioned before, the log file is much larger and has a lot more to it, but this cross
section gives you an idea of what is there.
Error Log (SETUPERR.LOG) - The error log shows any errors that occurred during
setup and their severity level. If errors do occur, the log viewer displays the error log at
the end of setup.

(The SETUPERR.LOG can be found in the <DRIVE LETTER>\Windows directory in a

default Windows XP Professional installation)

The log will be created even if no errors occur. (I do not have anything available to show
you from the error log as mine is empty. Sorry.)

Setup also creates a number of additional logs during setup.

<DRIVE LETTER>\Windows\comsetup.log - Outlines installation for Optional

Component Manager and COM+ components. A subsection of mine is here.

<DRIVE LETTER>\Windows\setupapi.log - Receives an entry each time a line from

an .inf file is implemented. If an error occurs, this log describes the failure. A subsection
of mine is here. (The full size was 245KB)

<DRIVE LETTER>\Windows\debug\NetSetup.log - Logs activity when computers

join domains or workgroups. (This entire log was only 7KB, so I copied all of it). Click
here for the sample log.

<DRIVE LETTER>\Windows\repair\setup.log - Provides information that is used by

the Recovery Console. A subsection of mine is below. (The full size was 204KB)

[Paths]
TargetDirectory = "\WINDOWS"
TargetDevice = "\Device\Harddisk0\Partition3"
SystemPartitionDirectory = "\"
SystemPartition = "\Device\Harddisk0\Partition1"
[Signature]
Version = "WinNt5.1"
[Files.SystemPartition]
NTDETECT.COM = "NTDETECT.COM","b28f"
ntldr = "ntldr","3a7b2"
[Files.WinNt]
\WINDOWS\system32\drivers\kbdclass.sys = "kbdclass.sys","e756"
\WINDOWS\system32\drivers\mouclass.sys = "mouclass.sys","8cd9"
\WINDOWS\system32\drivers\usbuhci.sys = "usbuhci.sys","11ded"
\WINDOWS\system32\drivers\usbport.sys = "usbport.sys","22ffd"
\WINDOWS\system32\drivers\usbd.sys = "usbd.sys","40af"
\WINDOWS\system32\drivers\hidparse.sys = "hidparse.sys","acd7"
\WINDOWS\system32\drivers\hidclass.sys = "hidclass.sys","88de"
\WINDOWS\system32\drivers\usbhub.sys = "usbhub.sys","ee45"
\WINDOWS\system32\drivers\intelide.sys = "intelide.sys","dec0"
\WINDOWS\system32\drivers\pci.sys = "pci.sys","1a257"
\WINDOWS\system32\drivers\oprghdlr.sys = "oprghdlr.sys","b001"

(The whole remainder of the file looked as it does above, detailing drivers and path
information for the whole system).

Well, that's a wrap for this week.

"Weak passwords trump strong security."

Using Disk Management tools in Windows XP Professional

In Microsoft Windows XP Professional, you can perform most disk administrative

tasks, both local and remote, by using the Microsoft Management Console (MMC) snap-
in tool called Disk Management.

A command-line tool, DiskPart, is also available in Windows XP Professional which

allows the administrator to handle disk administrative tasks from a command prompt.

You can use both tools to convert disks, as well as format current partitions and
unallocated space. You can also check on the status of fixed and removable disks and
their associated properties.

Disk Management
Normally, you will need to be a local administrator to perform most system configuration
functions (even just taking a look at the current configuration settings) on a Windows XP
Professional system, and in some cases, there may be a local policy set by some other
administrator or if your system is in a Domain, a Domain policy setting which may
prevent you from performing some actions.

To open the Disk Management MMC, you can select Start, right-click My Computer, and
then click Manage, which will open the Computer Management MMC. Under the Storage
icon, click Disk Management to open the Disk Management MMC.
You can also type compmgmt.msc in the RUN box or from a command line to launch the
Computer Management MMC.
[NOTES FROM THE FIELD] - What your Start Menu options look like all depend on
how you have the menu set. If you are using the Classic Start Menu, you would not see
My Computer as a selection to right click on. Your options would be to click Start, select
Administrative Tools and then select Computer Management. Not a whole lot different,
but perhaps just enough to confuse you.
The Windows XP Professional exam rarely tests you on Classic anything. You need to
know how to get from Windows XP Professional settings to Classic and back, but in 90%
of the cases you're going to find instructions laid out in the Windows XP Professional
vein. I will do my best to point out alternatives in the [NOTES FROM THE FIELD]
section as I have done here.

If you want to directly open the Disk Management MMC you can type diskmgmt.msc
from the RUN box or from a command line. This will run the tool independently from the
Computer Management MMC.
As you can see from the image above, we have a number of basic physical and logical
drives on the system, as well as two CD-ROM drives (not shown in the above image).

If there were removable drives on this system, such as Jaz or ORB drives and the like,
they would appear here as well. The removable drives, as well as the CD-ROM drives,
will either show "no media" when they are empty (or some error is preventing them from
seeing inserted media) or the file system of the installed media.

(When I inserted a CD-ROM in my DVD drive, the Disk Management MMC

automatically detected the change, refreshed it's view, and displayed the data. The
Compact Disk File System (CDFS) is file system of the inserted disk and is displayed.)

When you select a drive in the upper window (which is currently set to the default
Volume List View) by left clicking on it once, not only will it become highlighted (in
blue), but it will also become shaded in the lower part of the window (which is currently
set to the default Graphical List View).

You can change the appearance of both the top and bottom window views by selecting
VIEW from the menu and then selecting whichever (or both) views you wish to change.
Top and Bottom, along with Settings and Drive Paths are controlled here.

You can change the colors and wallpaper for volumes and disk regions by selecting
VIEW and then SETTINGS. The APPEARANCE tab shows all of the current default
colors for the available disk regions. Even disk regions that are not currently installed on
the system are set with specific colors by default.
You can change how disk sizes are displayed on the SCALING tab. The default settings
are shown below.
That's the five cent tour of the Disk Management MMC.

DiskPart
The command line tool, DiskPart, is available in Windows XP Professional, which allows
the administrator to handle disk administrative tasks from a command prompt.

You start your session at the command prompt by typing the following:

H:\Documents and Settings\JZANDRI>diskpart

Microsoft DiskPart version 1.0

Copyright (C) 1999-2001 Microsoft Corporation.
On computer: P42GHZ

DISKPART>

This will put you into the DiskPart program session. If you needed to get a little more
information on DiskPart before starting your session and tried the standard :\diskpart /?,
this is all you would get:
H:\Documents and Settings\JZANDRI>diskpart /?

Microsoft DiskPart version 1.0

Copyright (C) 1999-2001 Microsoft Corporation.
On computer: P42GHZ

Microsoft DiskPart syntax:

diskpart [/s <script>] [/?]

/s <script> - Use a DiskPart script.

/? - Show this help screen.

However, if you started the program and then typed HELP, you'd get much more
information:

H:\Documents and Settings\JZANDRI>diskpart

Microsoft DiskPart version 1.0

Copyright (C) 1999-2001 Microsoft Corporation.
On computer: P42GHZ

DISKPART> help

Microsoft DiskPart version 1.0

ADD - Add a mirror to a simple volume.

ACTIVE - Activates the current basic partition.
ASSIGN - Assign a drive letter or mount point to the selected volume.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the disk.
CONVERT - Converts between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart
EXTEND - Extend a volume.
HELP - Prints a list of commands.
IMPORT - Imports a disk group.
LIST - Prints out a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. Used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retainer partition under a simple volume.
SELECT - Move the focus to an object.
DISKPART>

For the most part, this command line tool is highly effective when you are using any of
the above commands via scripting. The only other time it is easy / necessary to use it, is
from the Recovery Console, as it is one of the commands that are available from it.

[NOTES FROM THE FIELD] - Do not modify the structure of dynamic disks with the
DiskPart command line tool because you might damage your partition table within the
dynamic disk structure.

To exit the DiskPart program simply type EXIT at the program prompt.

The Diskpart Command Line Utility is available for download from Microsoft for
Windows 2000 and it is part of the Windows 2000 Resource Kit Tools as well. (It is
included as part of Windows XP Professional and Windows Server 2003.) As with any
software available for use from any version of the Resource Kits or the download site, it
is not supported under any Microsoft standard support program or service. You use it at
your own peril.

File System Overview

To have a good understanding of how and why you can set up or deny access to data on a
Windows XP Professional system, you need to have an underlying understanding of any
native file security that may or may not be in place.

One place to start would be the file system the operating system is utilizing.

Windows XP Professional supports the three major computer files systems of File
Allocation Table (commonly known as FAT or FAT16), FAT32 and NTFS.

FAT16

File Allocation Table (commonly known as FAT or FAT16) is supported by Windows

XP Professional, all Windows operating systems, DOS, as well as a host of other non-
Microsoft OSes.

FAT is allocated in clusters, the size of which are determined by the size of the partition.
The larger the partition, the larger the cluster size. The larger the cluster size, the more
space is "required" when using it to store data.

FAT file system cluster sizes

Partition Size Cluster Size FAT Type
0M to less than 16MB 4,096 bytes 12-bit
16M through 128MB 2,048 bytes 16-bit
128 through 256MB 4,096 bytes 16-bit
256 through 512MB 8,192 bytes 16-bit
512 through 1,024MB 16,384 bytes 16-bit
1,024 through 2,048MB 32,768 bytes 16-bit

As you can see, with a 2GB partition size, (the maximum allowed under FAT16 in most
cases) if you were to save 50 different files, all 1024 bytes (1KB) in actual size (or to
have 50 fractions of larger files "fall over" to the next cluster by that same amount), the
amount of hard drive space used up would be 1,638,400 bytes (a little over 1 MB), for
51,200 bytes of actual data.

You can obviously see that this is a serious problem when there are thousands of small
*.DLLs and other types of small files.

Also, with the advent of super-inexpensive hard drives that are 80GB in size, you can see
where using FAT would be an issue as well.

In summary, there are "advantages" for using the FAT file system on a Windows XP
Professional installation:

MS-DOS, Windows 95, Windows 98, Windows NT, Windows 2000 , and some UNIX
operating systems can use FAT16. If there is some reason to dual boot the system,
FAT16 allows you the greatest number of options.

There are many software tools that can address problems and recover data on FAT16
volumes.

If you have a startup failure, you can start the computer by using a bootable floppy disk
to troubleshoot the problem.

FAT16 is efficient, in speed and storage, on volumes smaller than 256 MB.

(Those 50 files I mentioned above, all 1024 bytes (1KB) in actual size, would use up
"only" 409,600 bytes on a 400MB partition formatted with FAT16 and "only" 204,800
bytes on a 250MB partition.)

There are also some FAT16 disadvantages as well:

The root folder (usually the C:\ drive) has a limit of 512 entries. The use of long file
names can significantly reduce the number of available entries.

FAT16 is limited to 65,536 clusters, but because certain clusters are reserved, it has a
practical limit of 65,524. The largest FAT16 volume on Windows 2000 and Windows XP
Professional is limited to 4 GB and uses a cluster size of 64 KB. To maintain
compatibility with MS-DOS, Windows 95, and Windows 98, a volume cannot be larger
than 2 GB. (Those 50 files I mentioned above, all 1024 bytes (1KB) in actual size, would
use up 3,276,200 bytes of hard drive space to store 51,200 bytes of actual data on a 4 GB
FAT16 partition used in this scenario.)
FAT16 is inefficient on larger volume sizes, as the size of the cluster increases. We have
seen this in the examples above.

The boot sector is not backed up on FAT16 partitions. Because FAT16 does not include a
backup copy of critical data structures they are susceptible to single point of failure
issues, more so than other file systems.

There is no native file level security, compression or encryption available in the FAT16
file system.

Below is a table of Microsoft Operating systems and which file systems they can natively
access.

Supports Supports NTFS Supports NTFS Max

Operating System
NTFS FAT32 FAT Partition
Windows XP Professional Yes Yes Yes 4GB
Windows XP Home Yes Yes Yes 4GB
Windows 2000
Yes Yes Yes 4GB
Professional
Windows Millennium
No Yes Yes 2GB
Edition
Windows 98 and Second
No Yes Yes 2GB
Edition
Windows 95 OSR2 and
No Yes Yes 2GB
OSR2.5
Windows NT4
Yes No Yes 4GB
Workstation
Windows 95 Gold
No No Yes 2GB
(Original Release)
Windows NT3.5x
Yes No Yes 4GB
Workstation
MS-DOS (versions 3.3
No No Yes *See below
and higher)

[NOTES FROM THE FIELD] - There is no test requirement to memorize these tables,
but it's good to understand the "how and why" of it. Also, it is never a "best practice" to
dual boot any workstation or server that has sensitive data on it with any file system
installed that cannot secure those files or any operating system that threatens that
security.

The maximum FAT partition that can be created and accessed by the operating systems
listed above is 2GB in most cases. 4GB FAT partitions can be created and properly
accessed only under those operating systems specifically listed above. A dual boot NT
family of operating system can create a 4GB FAT partition and a lower level OS such as
Windows 98 may be able to see data on it, however, issues will arise when data access is
attempted above the 2GB threshold that the OS normally uses.

For more information on the Maximum Partition Size Using the FAT16 File System in
Windows XP, you can look up Q310561 at the Microsoft PSS webpage.

The "OSR" in "Windows 95 OSR2 and OSR2.5" stands for OEM Service Release.

The "OEM" in "OEM Service Release" stands for Original Equipment Manufacturer.

For more information on Maximum Partition Size Using FAT16 File System, feel free to
follow the link I have provided to the Microsoft web site.

* There are some exceptions, but for the most part, DOS 3.3 and higher can access up to
2GB of single partition space, as outlined in Q67321 at the Microsoft PSS webpage. The
MS-DOS Partitioning Summary (Q69912) names some exceptions and points out the fact
that some earlier versions didn't support many of today's FAT16 standards.

The maximum single file size on a FAT16 partition is 2 GB, regardless of the fact that
some OSes can have a 4GB partition.

FAT32

FAT32 is supported by Windows XP Professional, as well as a number of the newer

Microsoft Operating systems. FAT32 was first introduced with Microsoft Windows 95
OSR2 and the major differences between FAT and FAT32 are volume and cluster sizes
for the most part and the fact that only Microsoft Operating systems can natively access
FAT32 and these are a reduced number from FAT16.

The FAT32 file system can support drives up to 2 terabytes in size (in theory) and
because it uses space more efficiently, FAT32 uses smaller clusters (that is, 4,096 byte
clusters for drives up to 8 GB in size), resulting in more efficient use of disk space
relative to large FAT16 drives.

FAT32 file system cluster sizes

Partition Size Cluster Size
0M to less than 260MB 512 bytes
260MB through 8GB 4,096 bytes
8GB through 16GB 8,192 bytes
16GB through 32GB 16,384 bytes
32GB through 2TB 32,768 bytes

The 50 files I mentioned in the FAT16 section, all 1024 bytes (1KB) in actual size, would
use up only 409,600 bytes on a 16GB partition formatted with FAT16 and only 204,800
bytes on a 8GB partition. As you can see however, we are now running into the issue
with FAT32 drives with 80GB and 100GB partitions that we did a few years ago under
FAT16, wasted space. Those same 50 files would use 819,200 bytes on either of the two
large drives I mentioned. There's a Windows 2000 Professional and XP Professional
catch, however.

While the FAT32 file system can support drives up to a standard theoretical size of 2
terabytes, (it "can" be jury-rigged under Windows Millennium Edition to support
partitions of up to 8 TB). Windows 2000 Professional and XP Professional cannot
FORMAT a volume larger than 32 GB in size using their native FAT32 file system.

The FastFAT driver can mount and support volumes larger than 32 GB that use the
FAT32 file system, such as those created locally by Windows 98 or ME in dual boot
configuration, (subject to other limits listed here for Windows 98, ME and 2000 and here
for Windows XP), but you cannot CREATE one using the Format tool from within either
Windows 2000 Professional or XP Professional. If you attempt to format a FAT32
partition larger than 32 GB, the format fails near the end of the process with the
following error message: Logical Disk Manager: Volume size too big.

In summary, the advantages of the FAT32 file system are:

FAT32 allocates disk space much more efficiently than FAT16.

The root folder on a FAT32 drive is not restricted in the number of entries in the root
folder as was FAT16.

FAT32 is a more robust file system than FAT16 was. FAT32 has the ability to relocate
the root directory and use the backup copy of the FAT instead of the default copy. In
addition, the boot record on FAT32 drives has been expanded to include a backup of
critical data structures. This means that FAT32 volumes are less susceptible to a single
point of failure than FAT16 volumes.

Just as there were disadvantages to the FAT16 file system, so there are in FAT32 as well:

FAT32 volumes are not accessible from any other operating systems other than certain
Microsoft ones.

FAT32 partition sizes are limited to 32GB in size using the native FAT32 file system
format tools under Windows 2000 and Windows XP. (The maximum size is 127.5 GB
practical and 2TB standard theoretical.)

There is no native file level security, compression or encryption available in the FAT32
file system.

Below is a table of Microsoft Operating systems which support native access to the
FAT32 file system.
Operating System Supports FAT32
Windows XP Professional Yes
Windows XP Home Yes
Windows Millennium Edition Yes
Windows 98 and Second Edition Yes
Windows 95 OSR2 and OSR2.5 Yes
Windows NT4 Workstation No
Windows 95 Gold (Original Release) No
Windows NT3.5x Workstation No
MS-DOS (versions 3.3 and higher) No

[NOTES FROM THE FIELD] - There is no test requirement to memorize the FAT32
tables either, but again, it's good to understand the "how and why" of it. Also, it is never
a "best practice" to dual boot any workstation or server that has sensitive data on it with
any file system installed that cannot secure those files or any operating system that
threatens that security. This would include the FAT32 file system.

For answers to some common questions about the FAT32 File System, you can look up
Q253774 at the Microsoft PSS webpage.

For more information on the Limitations of FAT32 File System on Windows 98, ME and
2000, you can look up Q184006 at the Microsoft PSS webpage. You can find the
information for the limitations of the FAT32 File System in Windows XP information
available at Q314463. You will also find the maximum partition sizes, both practical and
theoretical listed there as well.

The maximum single file size on a FAT32 partition is 4 GB, regardless of the size of the
partition.

NTFS

NTFS is the preferred file system for all computers running Windows XP Professional.
The version of NTFS that is in use on Windows XP Professional is called NTFS 5.
(Windows 2000 uses version 5 as well.)

If you are running Windows NT 4.0 Service Pack 4 or later, you can read basic volumes
formatted by using NTFS 5 locally on dual boot systems. Windows 2000 and Windows
XP Professional can read NTFS 5 on both basic and dynamic volumes. (Computers
systems accessing either version of NTFS across networks are not affected. Version
differences are usually only considered in local / dual boot situations.)

The following NTFS features are available under version 5;

• File and Folder Permissions

• Encryption
 • Disk Quotas
• File Compression
• Mounted Drives
• Hard Links
• Distributed Link Tracking
• Sparse Files
• Multiple Data Streams
• POSIX Compliance
• NTFS Change Journal
• Indexing Service

Detailed information on these features can be found in both the Microsoft Windows XP
Professional Resource Kit Documentation and online.

If you are running Windows XP Professional in a dual boot scenario with a system
running Windows NT 4.0 Service Pack 4 or later, most of the NTFS 5 features are not
available. Most read and write operations are permitted provided as they do not attempt
to make use of most NTFS 5 features.

Issues that may occur under this type of configuration may include some of the
following:

• Windows NT4 cannot perform any operations that make use of reparse points.
• When you run Windows NT4 on a multiple-boot configuration that also runs
Windows XP Professional, Windows NT4 ignores disk quotas implemented by
Windows XP Professional.
• Windows NT4 cannot perform any operations on files encrypted by Windows XP
Professional.
• Windows NT4 cannot perform any operations on sparse files.
• Windows NT4 ignores the change journal setup under Windows XP Professional.

The NTFS file system can support drives up to 16 exabytes, in theory, but because
partition tables on basic disks (disks that include a master boot record) only support
partition sizes up to 2 terabytes, you would need to use dynamic volumes to create NTFS
partitions over 2 terabytes in size.

Windows XP Professional manages dynamic volumes in a special database instead of in

the partition table, so dynamic volumes are not subject to the 2-terabyte physical limit
imposed by the partition table. This is why dynamic NTFS volumes can be as large as the
maximum volume size supported by NTFS.

Default NTFS file system cluster sizes

Partition Size NTFS

7 MB-16 MB 512 bytes
17 MB-32 MB 512 bytes
33 MB-64 MB 512 bytes
65 MB-128 MB 512 bytes
129 MB-256 MB 512 bytes
257 MB-512 MB 512 bytes
513 MB-1,024 MB 1,024 bytes
1,025 MB-2 GB 2,048 bytes
2 GB-4 GB 4,096 bytes
4 GB-8 GB 4,096 bytes
8 GB-16 GB 4,096 bytes
16 GB-32 GB 4,096 bytes
32 GB-2 terabytes 4,096 bytes

In summary, the advantages of NTFS 5 are as follows:

• NTFS uses standard transaction logging and recovery techniques. By using the
log file and checkpoint information to automatically restore the consistency of the
file system in the event of a failure, NTFS, for the most part, maintains the
consistency of the data on the volume and the volume itself.
• NTFS supports compression on volumes, folders, and files. Files that are
compressed on an NTFS volume can be read and written by any Windows based
application without first being decompressed by another program. Decompression
happens automatically, (think of a ZIP utility on-the-fly) during the file read. The
file is compressed again when it is closed or saved.
• NTFS does not restrict the number of entries to 512 in the root folder.
• Windows 2000 and Windows XP can format partitions up to 2 terabytes using
NTFS.
• NTFS manages disk space efficiently by using smaller clusters (see the cluster
table).
• The boot sector is backed up to a sector at the end of the volume.
• You can set permissions on shares, folders, and files that specify which groups
and users have access, and what level of access is permitted on NTFS partitions.
• NTFS supports a native encryption system, (EFS), to prevent unauthorized access
to file contents.
• Reparse points enable new features such as volume mount points.
• Disk quotas can be set to limit the amount of usage allowed by end users.
• NTFS uses a change journal to track changes made to files.
• NTFS supports distributed link tracking to maintain the integrity of shortcuts and
OLE links.
• NTFS supports sparse files so that very large files can be written to disk while
requiring only a small amount of storage space.

There are also a few notable disadvantages to NTFS, as outlined below.

• NTFS volumes are not locally accessible from MS-DOS, Windows 95, Windows
98 and Windows Millennium Edition operating systems.
 • Many advanced features of NTFS included with version 5 are not available in
Windows NT.
• On small partitions with mostly small files, the overhead of managing the NTFS
file system can cause a slight performance drop in comparison to FAT.
• Floppy disks cannot be formatted as NTFS

[NOTES FROM THE FIELD] - There is no test requirement to memorize the NTFS
tables either, but again, it's good to understand the "how and why" of it. Also, it is never
a "best practice" to dual boot any workstation or server that has sensitive data on it with
any file system installed that cannot secure those files or any operating system that
threatens that security. This would include even NTFS if older versions and newer
versions of NTFS are running and one "degrades" the security strength of the other.

For more detailed answers to questions about the NTFS File System, you can look up the
information in the Microsoft Windows XP Professional Resource Kit Documentation,
which can also be found online.

NTFS stands for New Technology File System.

The maximum single file size on a NTFS partition is 16 EB (exabytes), in theory.

Well, that's a wrap for this week. On my way out the door I'd like to drop one more table
into your lap and a few more bullet points.

Default Cluster Sizes for partitions under Windows XP Professional

Partition Size FAT16 cluster size FAT32 cluster size NTFS cluster size
7 MB-16 MB 2 KB (FAT12) Not supported 512 bytes
17 MB-32 MB 512 bytes Not supported 512 bytes
33 MB-64 MB 1 KB 512 bytes 512 bytes
65 MB-128 MB 2 KB 1 KB 512 bytes
129 MB-256 MB 4 KB 2 KB 512 bytes
257 MB-512 MB 8 KB 4 KB 512 bytes
513 MB-1,024 MB 16 KB 4 KB 1 KB
1,025 MB-2 GB 32 KB 4 KB 2 KB
2 GB-4 GB 64 KB 4 KB 4 KB
4 GB-8 GB Not Supported 4 KB 4 KB
8 GB-16 GB Not Supported 8 KB 4 KB
16 GB-32 GB Not Supported 16 KB 4 KB
32 GB-2 TB Not Supported Not Supported 4 KB

Quick points and summary tidbits:

• FAT volumes smaller than 16 megabytes (MB) are formatted as FAT12.

• FAT12 is used only on floppy disks and on volumes smaller than 16 megabytes.
 • FAT16 volumes larger than 2 gigabytes (GB) are not locally accessible from
computers running MS-DOS, Windows 95, Windows 98, Windows Millennium
Edition and many other operating systems.
• FAT32 volumes can theoretically be as large as 2 terabytes, Windows 2000 and
Windows XP Professional limit the maximum size FAT32 volume that it can
format to 32 GB. (Windows 2000 and Windows XP Professional can read and
write to larger FAT32 volumes formatted locally by other operating systems.)
• The implementation of FAT32 in Windows 2000 limits the maximum number of
clusters on a FAT32 volume that can be mounted by Windows 2000 to 4,177,918.
This is the maximum number of clusters on a FAT32 volume that can be
formatted by Windows 98.
• NTFS volumes can theoretically be as large as 16 exabytes (EB), but the practical
limit is 2 terabytes.
• The user can specify the cluster size when an NTFS volume is formatted.
However, NTFS compression is not supported for cluster sizes larger than 4
kilobytes (KB).
• Not supported means "Not supported by Microsoft." In some "chance" cases, you
may be able to perform a function that is not normally supported.

Copyright Information
By Jason Zandri

<< Index | Next >>

In Microsoft Windows XP Professional , you will find one of three different accounts in
use on any given system.

• Local user accounts allow you to log on to the local system and access resources
there. If you needed to access any type of resource beyond the local system, you
would need to provide additional credentials in most cases. Local accounts
authenticate to the local security database.
 • Domain user accounts allow you to log on to the domain the user account belongs
to in order to access network resources. You may be able to access resources in
other domains depending on how the trust relationships are defined or if any
modifications have been made to them. Domain accounts authenticate to a domain
controller and to the domain security database.
• Built-in user accounts allow you to perform administrative tasks on the local
system and sometimes they can access local or network resources, depending on
their configuration on the network. This too, is dependant on how trust
relationships are defined or if any modifications have been made to them. The
only two accounts created by default on a stand alone Windows XP Professional
clean installation are Administrator and Guest.

[NOTES FROM THE FIELD] - The built-in Administrator account is enabled by

default and cannot be deleted from the system. The name of the account as well as the
password can be changed, however, and this is a recommended best practice. It is also
recommended that the default Administrator account never be used or used as
infrequently as possible and only when tasks need to be performed at an Administrative
level. If there is ever more than one Administrator on a workstation, each one should
have an account created for their use. In the event that you need to log administrative
events, this would be easier if there were a number of different administrator accounts
created rather than a single one.

The Guest account also cannot be deleted from the system, however it is DISABLED by
default and unless there is some required operational need it should stay disabled. The
only "need" for the Guest account would be a kiosk type terminal in a lobby of an office
building or hotel and in that event it could be used. If there is ever a short time need to
grant access to a temporary user to a system it's is always worth the "aggravation" to
create an account.

Using the Local Users and Groups Snap-in

You would normally need to be a local administrator to perform most system

configuration functions (even just taking a look at the current configuration settings) on a
Windows XP Professional system, and in some cases, there may be a local policy set by
some other administrator or if your system is in a Domain, a Domain policy setting,
which may prevent you from performing some actions.

To manage local users and groups you can use the Local Users and Groups MMC and
you can access this tool a number of different ways.

One way is to select Start, right-click My Computer, and then click Manage, which will
open the Computer Management MMC. Under the System tools icon, click Local Users
and Groups to open the Local Users and Groups MMC.
You can also type compmgmt.msc in the RUN box or from a command line to launch the
Computer Management MMC.

[NOTES FROM THE FIELD] - What your Start Menu options look like all depend on
how you have the menu set. If you are using the Classic Start Menu, you would not see
My Computer as a selection to right click on. Your options would be to click Start, select
Administrative Tools and then select Computer Management. Not a whole lot different,
but perhaps just enough to confuse you.

I seem to continually repeat this from article to article, but it is important to stress, the
Windows XP Professional exam rarely tests you on Classic anything. You need to know
how to get from Windows XP Professional settings to Classic and back, but in 90% of the
cases you're going to find instructions laid out in the Windows XP Professional vein. I
will do my best to point out alternatives in the [NOTES FROM THE FIELD] section as
I have done here.
If you want to directly open the Local Users and Groups MMC you can type lusrmgr.msc
from the RUN box or from a command line. This will run the tool independently from the
Computer Management MMC.

You can also launch the Control Panel and select the User Accounts icon as well.

[NOTES FROM THE FIELD] - User Accounts and the Local Users and Groups MMC
both function differently while performing the same task. I will cover the User Accounts
functionality separately.

Adding USERS with the Local Users and Groups MMC

Adding a user is as simple as selecting Users from the left pane, right clicking it and
choosing New User. You can also highlight Users by left clicking it and going up to
ACTION on the menu bar and selecting New User.

Depending on your current settings, all you may need to supply in order to create a user
account is a user account name. The full user name, description, and passwords are not
required by default.

To set a password where one isn't used or to change one that is currently set, you would
right click on the given account and choose SET PASSWORD.

You can also right click on the given account and choose ALL TASKS which leads you
to the single SET PASSWORD option as well.
You can also select the user with a single left click and go to ACTION in the menu to
bring up the same ALL TASKS / SET PASSWORD options as well.

[NOTES FROM THE FIELD] - Passwords are not required by default but are always
a recommended best practice.

There may be a local policy set by some other administrator or if your system is in a
Domain, a Domain policy setting, which may force you to use settings that are NOT
normally required by default.

For example, if you try to create an account that has a password policy in place and you
do not meet the minimum requirements for password creation, you will be presented with
an error message that looks like this;

Adding GROUPS with the Local Users and Groups MMC

Adding groups is performed in much the same manner. You can select Groups from the
left pane, right click it and choose New Group. You can also highlight Groups by left
clicking it and going up to ACTION on the menu and selecting New Group.
All that is required for creating a Group is the name. Descriptions do not need to be
entered for the group nor do you need to add any members.

Using USER ACCOUNTS in the Control Panel.

How USER ACCOUNTS in the Control Panel functions all depends on whether your
Windows XP Professional system is in a domain or not.

Also, how it looks depends on whether you are using the default Windows XP view or
the Classic interface.

This is the default Windows XP view.

Below is the Classic view.

When you are in a domain and you open the USER ACCOUNTS icon in the Control
Panel you are presented with the User Accounts view as shown below on the USER tab.
NOTES FROM THE FIELD] - The "domain" BUCKAROO in this example is the local
system and not a domain. NORTHAMERICA is a domain. The icons for a local account
have a computer/user icon. In the above image in the Password for backup section you
can see this. A DOMAIN icon in the Users for this computer section would have a
planet/user icon combination as shown below.

In order to see the properties of an account, you would select it and click on the
properties button to see the following window.
On the Group Membership tab of the USER property sheet you would see three
selections to choose from regarding group memberships.
The OTHER drop down window lists all of the LOCAL groups that the user could belong
to.

The OTHER drop down window lists only the local groups, regardless of whether you
have chosen a user account in the local accounts database or a domain account that is in
the domain.

You can change the password for a given account from the USER tab by selecting the
account and clicking the RESET PASSWORD button, which will bring up the RESET
PASSWORD window as shown below.
From the ADVANCED tab you can manage passwords that are in the local database.
By selecting the MANAGE PASSWORDS button you will open the Stored User Names
and Passwords where you can add, remove or view the properties of an account.
When you select the .NET PASSPORT WIZARD, the wizard will start and allow you to
add a .NET passport to one or more Windows XP Professional user accounts.

Selecting ADVANCED from the Advanced User Management section simply launches
the Local Users and Groups MMC as if you typed lusrmgr.msc from the RUN box or
from a command line.

The secure logon section is where you would require local users to press
CTRL+ALT+DEL to begin a session.

When you are not in a domain and you open the USER ACCOUNTS icon in the Control
Panel you are presented with the User Accounts view as shown below.
To change any of the listed accounts you would select CHANGE AN ACCOUNT and
select the account you wish to change. It's here that you can change the password, change
the icon (picture) that is associated with the account or to set up the account to use a
.NET passport.

The CREATE A NEW ACCOUNT option allows you to do just that.

The CHANGE THE WAY USERS LOG ON OR OFF option allows you to select either
FAST USER SWITCHING, (which is not allowed when the workstation is a member of
a domain) or using the standard USE THE WELCOME SCREEN option.
NOTES FROM THE FIELD] - Fast User Switching cannot be used if the Offline Files
option is enabled. Also, once your system is added to a domain you can no longer use
Fast User Switching, even if you log on to the workstation by using the local user
account database.

The TCP/IP Model

The TCP/IP suite of protocols maps to a four-layer conceptual model which is based off
of the seven layer Open System Interconnection (OSI) protocol model.

The detailed function of each layer of the Open System Interconnection (OSI) protocol
model is beyond the scope of this topic, however, the 60 second overview is as follows:

Physical Layer - Defines the interface between the medium and the device. This layer
also transmits bits (ones and zeros) and defines how the data is transmitted over the
physical medium. Some examples of Network Components found at this layer are
Multiplexers, Passive Hubs, Active Hubs, Repeaters and other types of signal Amplifiers.

Data Link Layer - This layer is actually divided into to sublayers, Logical Link Control,
which mainly handles error correction and flow control and Media Access Control, which
mainly handles the communication with the network adapter card. Some examples of
Network Components found at the Data Link layer are Bridges, Switches and certain
Advanced Cable Testers.

Network Layer - This OSI layer is responsible for translating logical network address
and names such as computernames to their MAC addresses and for addressing and
routing data packets over the network. If routers at this layer can’t forward the data
frames as large as the source node has sent, this OSI layer will break down the data into
smaller units that the devices can handle. Some examples of Protocols found at the
Network Layer are IP, ARP, RARP, ICMP, RIP, OSFP, IGMP, IPX, NWLink and
NetBEUI. Some examples of Network Components found at this layer are Brouters,
Routers, some types of ATM Switches and Frame Relay hardware.

Transport Layer - The Transport Layer adds an additional connection below the Session
layer and helps manage data flow control between nodes on the network. This layer
divides the data into packets on the sending node and the transport layer of the receiving
node reassembles the message from packets. The Transport Layer provides error-
checking to guarantee error-free data delivery by requesting retransmission if some
packets don’t arrive error-free. It also sends acknowledgment of successful transmissions
back to the sending node. Some examples of Protocols found at this layer are TCP, ARP,
RARP, SPX and NWLink. Some examples of Network Components found at the
Transport Layer are Gateways and certain types of Brouters.

Session Layer - This OSI layer, as the name implies, establishes, maintains and ends
sessions between transmitting nodes across the network and manages which node can
transmit data at a certain time and for how long. Some examples of Protocols found at
this layer are Names Pipes, NetBIOS Names, RPC and Mail Slots. Some examples of
Network Components found at the Session Layer are Gateways and certain types of
Proxy Servers.

Presentation Layer - The Presentation Layer technically performs the translation of the
data from the way applications understand it to the way networks understand it on the
transmission end and then back on the receiving node. It is responsible for protocol
conversions, data encryption / decryption, and data compression / decompression where
the network is considered. Some examples of Network Components found at the
Presentation Layer are Gateways and certain types of Redirectors. There are no Protocols
that normally operate in this layer.

Application - The Application Layer of the OSI model allows access to network services
for applications specifically written to run over the network, such as email and file
transfer programs such as FTP. There are many Protocols found at the Application Layer,
some of which include FTP, TFTP, BOOTP, SNMP, SMTP, TELNET, NCP, and SMB.

The TCP/IP suite four-layer conceptual model is as follows;

Network Interface Layer - This layer effectively puts the frames on the wire from the
sending node and pulls frames off the wire at the receiving node and basically correlates
to the Physical Layer of the OSI model.
Internet Layer - Internet layer protocol of the TCP/IP suite encapsulate packets into
Internet datagrams. There are four Internet protocols that operate at this layer. The
Internet Layer basically (but not entirely) correlates to the Network Layer of the OSI
model.

Internet Protocol provides connectionless packet delivery for all other protocols
and does not guarantee packet arrival or correct packet sequence nor does it
IP
acknowledge packet delivery. IP has the main responsibility of addressing and
routing packets between nodes and it does not try to recover from network errors.
Address Resolution Protocol maps IP addresses to a physical machine addresses
(MAC addresses) that are located on the LAN. IP broadcasts a special ARP inquiry
packet containing the IP address of the destination system. The system that owns
ARP
the IP address replies by sending its physical address to the requester. The MAC
sublayer communicates directly with the network adapter card and is responsible
for delivering error-free data between network.
Internet Control Message Protocol is a message control and error-reporting
ICMP protocol used between network nodes. Higher level protocols use the information
in these datagrams to recover from any transmission or other errors.
The Internet Group Management Protocol provides a way for nodes to report
their multicast group membership to nearby multicast routers. Multicasting
allows nodes to send content to multiple other nodes within that multicast
IGMP group by sending IP multicast traffic to a single MAC address but by allowing it
to be processed by multiple nodes. IGMP is part of the Network layer of the
OSI model. Windows XP Professional supports multicast for things such as
Windows 2000 Server NetShow Services.

Transport Layer - The two Transport layer protocols provide communication sessions
between computers and these sessions can be connection oriented or connectionless, as
outlined below. The Transport Layer basically (but not entirely) correlates to the
Transport Layer of the OSI model.

Transmission Control Protocol is a connection-oriented protocol that provides

reliable communication by assigning a sequence number to each segment of data
that is transmitted so that the receiving host can send an acknowledgment (ACK) to
TCP verify that the data was received. If an ACK is not received, the data is
retransmitted. TCP guarantees the delivery of packets, ensures proper sequencing of
the data, and provides a checksum feature that validates both the packet header and
its data for accuracy.
User Datagram Protocol is a connectionless protocol that does not guarantee the
delivery or the correct sequencing of packets. Applications that use UDP typically
UDP
transfer small amounts of data at once and the data sent is usually not considered
critical. TFTP (Trivial File Transfer Protocol) uses UDP.

Application Layer - The Application Layer is where applications that are specifically
written to operate over networks, gain their access. There are two TCP/IP services,
Winsock and the NetBIOS over TCP/IP (NetBT) interface, that network applications
most commonly use on Windows XP Professional networks. The Application Layer
basically (but not entirely) correlates to the Application Layer of the OSI model.

Winsock is the standard interface used for socket-based applications and TCP/IP
protocols. Winsock allows the network application to bind to a specific port and
Winsock
IP address on a node, initiate and accept a connection, send and receive data,
and close then close the connection.
NetBIOS over TCP/IP is the standard interface for NetBIOS services, including
name, datagram, and session services. It also provides a standard interface
between NetBIOS-based applications and TCP/IP protocols and is the network
NetBT
component that performs computer name to IP address mapping name
resolution. There are currently four NetBIOS over TCP/IP name resolution
methods: b-node, p-node, m-node and h-node.

Internet Protocol Addressing Overview

The Transmission Control Protocol/Internet Protocol is a network communication

protocol. It can be used as a communications protocol on private networks and it is the
default protocol in use on the internet. When you set up any system to have direct access
to the Internet, whether it is via dial-up or one of the high speed technologies in use
today, your system will need to utilize the TCP/IP protocol whether it is a Windows
based system or not.

Also, if the given system needs to communicate to other TCP/IP systems on the local
LAN or WAN it will need to utilize the TCP/IP protocol as well.

TCP/IP version 4 (IPv4) addresses are made of up four 8-bit fields (octets) and are 32-
bits in size total. Microsoft TCP/IP version 4 supports the standard classes of address,
which defines which bits are used for the network ID and which bits are used for the host
ID. There are five TCP/IP version 4 (IPv4) addresses, although for the most part, only the
A, B, and C classes are used. The system of IP address classes described here form the
basis for IP address assignment. Classless Inter-Domain Routing (CIDR) addressing is
now being used more often and I will cover that later in the article. Classless Inter-
Domain Routing is making the IP address classes in their current for "less defined", for
lack of a better term. Still, the classes form the base of any addressing scheme.

TCP/IP version 4 address are made of both a network ID and a host ID. The network ID
address identifies the physical network where the hosts exist. The host ID address
identifies the individual TCP/IP host on a network. The host ID must be unique on the
internal network, that is, no two nodes on a given network can have the same network ID
AND host ID.

[NOTES FROM THE FIELD] - You can have two hosts with the IP host name of
112.12.44 if one is on network 10 and another is on network 11. (The full IP addresses of
these hosts would be 10.112.12.44 and 11.112.12.44. The subnet mask would be
255.0.0.0.) You cannot assign both of these nodes the host address of 112.12.44 if they
are both on network 10 or both on network 11.

The "division" point between the network ID and the host ID is called the subnet mask.
The subnet mask is used to determine where the network number in an IP address ends
and the node number in an IP address begins.

The bits in a subnet mask are set consecutively from left to right and there can be no
"skips" in the setting structure. The subnet mask of 255.255.128.0 is valid because all
eight bits are set in the first two octets and the first bit of the next octet is also set.
(11111111.11111111.10000000.00000000). The subnet mask of 255.255.64.0 is not valid
because there is a "missing" bit that is not allowed.
(11111111.11111111.01000000.00000000).

[NOTES FROM THE FIELD] - The left most bit in a TCP/IP version 4 address is
called the Most Significant Bit (MSB) and has the highest value. The right most bit in a
TCP/IP version 4 address is called the Least Significant Bit (LSB) and has the lowest
value.

I have detailed subnet masks in a little more detail in a following section.

The value of the bits, in order from the Most Significant Bit (MSB) to the Least
Significant Bit (LSB) are 128, 64, 32, 16, 8, 4, 2, 1. These numerical designations are
what make up the TCP/IP version 4 address. Each set bit (noted by a "1") are added
together to give you the address. The TCP/IP version 4 address of 171.144.62.12 converts
to a binary number of 10101011.10010000.00111110.00001100 and a hexadecimal
number of AB.90.3E.0C

[NOTES FROM THE FIELD] - While it's important to know that the TCP/IP version 4
address converts to a binary number or a hexadecimal number it is not often used in day
to day operations of the MCSA/MCSE. It is more so for the Network Administrator. For
the 70-270 exam, concentrate on the different classes of addresses, how subnet masks
work, Classless Inter-Domain Routing (CIDR) addressing and a basic understanding of
the binary conversion of a TCP/IP version 4 address. Basically, know the Most
Significant Bit (MSB) and the Least Significant Bit (LSB) and the order of numbers.

The way I remember it was to remember that the Least Significant Bit (LSB) of each octet
was "1" and each place to the left of it doubled in value up to the end of the octet on the
far left. After the DOT I would start back to "1"

TCP/IP version 6 (IPv6) addresses are a set of specifications from the Internet
Engineering Task Force (IETF) and has been designed to overcome the current shortage
of addresses under TCP/IP version 4. TCP/IP version 6 also has some other built in
improvements that goes beyond the scope of the discussion here. The single most
important thing you will need to know for the 70-270 exam (a little more depth may be
needed for the upcoming Exam 70-275: Installing, Configuring and Administering
Microsoft .NET Server and Exam 70-276: Implementing and Administering a
Microsoft .NET Server Network Infrastructure) is that IPv6 addresses are 128 bits in
length as opposed to 32 bits under IPv4.

Classless Inter-Domain Routing (CIDR) is a newer way to allocate IP addresses that is

more flexible than with the original Class addressing scheme used in the past. This makes
it so that the utilization of the number of remaining available Internet addresses has been
increased. CIDR is now the routing system used by virtually all gateway hosts on the
Internet's backbone network.

The original Internet Protocol defines IP addresses in five classes, Classes A through E.
Each of these classes allowed the use of one portion of the 32-bit Internet address scheme
to the network address and the remaining portion to the nodes on the network. One of the
main reason for the IP address shortage was in the situation where many companies
needed more than 254 host machines that were allowed under the Class C scheme but far
fewer than the 65,533 host addresses of the Class B scheme. They would request a unique
B Class address but often ended up not using many of the addresses within their allotted
block. This meant that many addresses with their pool were unutilized. This is one of the
main reasons the IP address pool was drying up and for this reason the big push was on
for TCP/IP version 6 (IPv6) and its 128-bit address. Because many of the Internet
authorities realized that it would be some time before IPv6 was in widespread use,
Classless Inter-Domain Routing was born.

Using Classless Inter-Domain Routing, each IP address has a network prefix that
identifies either a collection of network gateways or an individual gateway. The length of
the network prefix is also specified as part of the IP address and varies depending on the
number of bits that are needed (rather than any arbitrary class assignment structure). A
destination IP address or route that describes many possible destinations has a shorter
prefix and is said to be less specific. A longer prefix describes a destination gateway
more specifically. Routers are required to use the most specific or longest network prefix
in the routing table when forwarding packets.

A Classless Inter-Domain Routing network address looks like this: 201.44.112.00/18

201.44.112.00 is the address of the network and the "18" says that the first 18 bits are the
network part of the address, leaving the last 14 bits for the address of the node.
(Effectively, the 18 is the subnet mask from the "old" style of address classes.) Classless
Inter-Domain Routing lets one routing table entry represent a collection of networks that
exist in the forward path that don't need to be specified on that particular gateway. This
collecting of networks in a single address is sometimes referred to as a supernet as by
their definition they mean the same thing.

Classless Inter-Domain Routing is supported by The Border Gateway Protocol, the

prevailing exterior (interdomain) gateway protocol. (The older exterior or interdomain
gateway protocols, Exterior Gateway Protocol and Routing Information Protocol, do not
support Classless Inter-Domain Routing.) Classless Inter-Domain Routing is also
supported by the OSPF interior or intradomain gateway protocol.
Subnet Masks - Implementing subnewtorks (commonly referred to as subnets in the
field) helps to control network traffic. Every node on the same physical Ethernet network
sees all the packets of data sent out on the network. Often this has the result of multiple
collisions causing network performance to be slow. Routers or gateways are used to
separate networks into subnets. Subnet masks on each of the nodes allow the nodes on the
same subnetwork to continue to communicate with one another and to the routers or
gateways they use to send their messages.

Subnet masks allows you to identify the network ID and the host (node) ID of an IP
address.

Given the following example of a default B Class subnet mask:

10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.00000000.00000000 255.255.000.000
--------------------------------------------------------
10010110.11010111.00000000.00000000 158.21.000.000

we can determine that the network ID is 158.21 and the host ID is 57.111

Network Address : 158.21.0.0

Subnet Address : 158.21.0.0

Subnet Mask : 255.255.0.0
Subnet bit mask : nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Subnet Bits : 16
Host Bits : 16
Possible Number of Subnets : 1
Hosts per Subnet : 65534

Additional bits can be added to the subnet mask for a given class of addresses to subnet
networks further.

Given the following example of a B Class address using an additional bit subnet mask:

10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.11110000.00000000 255.255.240.000 Subnet Mask
--------------------------------------------------------
10010110.11010111.00010000.00000000 150.215.016.000 Network address

Subnet Mask : 255.255.240.0

Subnet bit mask : nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
Subnet Bits : 20
Host Bits : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094

we can see that rather than having the single subnet and 65534 Hosts per Subnet allowed
under the default subnet mask we are able to have up to 16 subnets with up to 4094 Hosts
per Subnet by using a Subnet Mask of 255.255.240.000.

Selected Subnet : 158.21.0.0/255.255.240.0

Usable Addresses : 4094
Host range : 158.21.0.1 to 158.21.15.254
Broadcast : 158.21.15.255

Subnet Mask Subnets Host Range Broadcast

158.21.0.0 255.255.240.0 4094 158.21.0.1 to 158.21.15.254 158.21.15.255
158.21.16.0 255.255.240.0 4094 158.21.16.1 to 158.21.31.254 158.21.31.255
158.21.32.0 255.255.240.0 4094 158.21.32.1 to 158.21.47.254 158.21.47.255
158.21.48.0 255.255.240.0 4094 158.21.48.1 to 158.21.63.254 158.21.63.255
158.21.64.0 255.255.240.0 4094 158.21.64.1 to 158.21.79.254 158.21.79.255
158.21.80.0 255.255.240.0 4094 158.21.80.1 to 158.21.95.254 158.21.95.255
158.21.96.0 255.255.240.0 4094 158.21.96.1 to 158.21.111.254 158.21.111.255
158.21.112.0 255.255.240.0 4094 158.21.112.1 to 158.21.127.254 158.21.127.255
158.21.128.0 255.255.240.0 4094 158.21.128.1 to 158.21.143.254 158.21.143.255
158.21.144.0 255.255.240.0 4094 158.21.144.1 to 158.21.159.254 158.21.159.255
158.21.160.0 255.255.240.0 4094 158.21.160.1 to 158.21.175.254 158.21.175.255
158.21.176.0 255.255.240.0 4094 158.21.176.1 to 158.21.191.254 158.21.191.255
158.21.192.0 255.255.240.0 4094 158.21.192.1 to 158.21.207.254 158.21.207.255
158.21.208.0 255.255.240.0 4094 158.21.208.1 to 158.21.223.254 158.21.223.255
158.21.224.0 255.255.240.0 4094 158.21.224.1 to 158.21.239.254 158.21.239.255
158.21.240.0 255.255.240.0 4094 158.21.240.1 to 158.21.255.254 158.21.255.255

[NOTES FROM THE FIELD] - A subnet address cannot be all 0's or all 1's.

TCP/IP Class A Address Overview

The "A" class addressing scheme has an official start address of

0.0.0.0 and an official last address of 127.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting
information on this.

1.0.0.1 to 126.255.255.254 is the range of IP addresses that are

included in the "A" class addressing scheme that are the useable range
for node assignment

126.255.255.255 is a broadcast address and in most case cannot be

assigned. (There are exceptions to the rule.)

The local host will use 0.0.0.0 when it cannot reach a DHCP server
when it is set to use one and cannot assign itself an address using
APIPA.

1.0.0.1 to 126.255.255.254 is the useable range.

There are 126 Class A networks total, each allowed to have up to

16,777,214 hosts

The 127.x.x.x range is used for internal host loopback

There are three IP network addresses reserved for private networks.

10.0.0.0 - 10.255.255.255 with the subnet mask 255.0.0.0 is the
range for Class A IP addresses.

They can be used by anyone setting up internal IP networks, such as a

lab or home LAN behind a NAT or proxy server or a router. It is always
safe to use these because routers on the Internet will never forward
packets coming from these addresses.

These addresses are defined in RFC 1918.

While 10.0.0.0 - 10.255.255.255 addresses with the subnet mask

255.0.0.0 are available to only internal IP networks, they are still
considered part of the Class "A" range.

TCP/IP Class B Address Overview

The "B" class addressing scheme has an official start address of 128.0.0.0 and an
official last address of 191.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting information
on this.

128.0.0.1 to 191.255.255.254 is the range of IP addresses that are included in the

"B" class addressing scheme that are the useable range for node assignment.

The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is set to
use one and cannot assign itself an address using APIPA.

There are three IP network addresses reserved for private networks. 172.16.0.0 -
172.31.255.255 with the subnet mask 255.240.0.0 is the range for Class B IP
addresses.

They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.

These addresses are defined in RFC 1918.

While 172.16.0.0 - 172.31.255.255 addresses with the subnet mask 255.240.0.0 are
available to only internal IP networks, they are still considered part of the Class "B"
range.

TCP/IP Class C Address Overview

The "C" class addressing scheme has an official start address of 192.0.0.0 and an
official last address of 223.255.255.255.

Not all of these address can be used and you will OFTEN see conflicting information
on this.

192.0.0.1 to 223.255.255.254 is the range of IP addresses that are included in the

"C" class addressing scheme that are the useable range for node assignment.

The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is set to
use one and cannot assign itself an address using APIPA.

There are three IP network addresses reserved for private networks. 192.168.0.0 -
192.168.255.255 with the subnet mask 255.255.0.0 is the range for Class C IP
addresses.

They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.

These addresses are defined in RFC 1918.

While 192.168.0.0 - 192.168.255.255 addresses with the subnet mask 255.255.0.0

are available to only internal IP networks, they are still considered part of the Class
"C" range.

TCP/IP Class D Address Overview

The IP version 4 addresses of 224.0.0.0 through 239.255.255.255 are set aside

through IANA (Internet Assigned Numbers Authority) as a special class of addresses
for Multicast uses. At the present, ISPs are unable to allocate Class D address space
to their customers. These addresses must be allocated through IANA.

Class D addresses are only required if you wish to be a multicast source. You can still
receive multicast data without the need for a separate Class D address.

TCP/IP Class E Address Overview

The IP version 4 addresses of 240.0.0.0 to 254.255.255.255 are set aside through

IANA (Internet Assigned Numbers Authority) as a special class of addresses for
experimental and future use.
The IP address of 255.255.255.255 broadcasts to all hosts on the local network and
therefore, is not to be considered as part of the E class of IP addresses.