Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
After you identify your business needs and decide which features of Windows XP Professional to use, determine how to implement these features to simplify the management of users and computers in your organization. An important means to simplification is standardization. Standardizing desktop configurations makes it easier to install, update, manage, support, and replace computers that run Windows XP Professional. Standardizing users configuration settings, software, hardware, and preferences makes it easier to deploy operating system and application upgrades, and configuration changes can be guaranteed to work on all computers.
When users install their own operating system upgrades, applications, device drivers, settings, preferences, and hardware devices, a simple problem can become complex. Establishing standards for desktop configurations prevents many problems and makes it easier for support personnel to identify and resolve problems. Having a standard configuration that you can install on any computer minimizes downtime by ensuring that user settings, applications, drivers, and preferences are the same as before the problem occurred.
By running Windows XP Professional in a Windows 2000 Server domain, you can specify the level of control exercised over users of these computers. For example, by using Active Directory and Group Policy, you can manage desktops as follows:
Prevent users from installing applications that are not required for their jobs.
Make new or updated software available to users without visiting their workstations.
Customize desktop features or prevent users from making changes to their desktop settings.
Refresh policy settings from the server without requiring the user to log off or restart the computer.
Table 1-6 describes how you can use the desktop management features to manage computer and user settings.
| Task | Feature |
|---|---|
| Configure registry-based policy settings for computers and users. | Group Policy Administrative Templates |
| Manage local, domain, and network security. | Security Settings |
| Manage, install, upgrade, repair, or remove software. | Software Installation and Maintenance |
| Manage Internet Explorer configuration settings. | Internet Explorer Maintenance, MMC, Group Policy settings |
| Apply scripts during user logon/logoff and computer startup/shutdown. | Group Policy-based scripts |
| Manage users folders and files on the network. | Folder Redirection |
| Manage user profiles. | Roaming User Profiles |
| Make shared files and folders available offline. | Offline Files and Folders (in conjunction with Folder Redirection) |
If you deploy Windows XP Professional desktops in a domain that does not include Active Directory, you can still take advantage of some management features. For example, you can manage Windows XP Professional desktops locally by implementing the following IntelliMirror features:
Roaming User Profiles
Logon Scripts
Folder Redirection
Internet Explorer Maintenance
Administrative Templates (registry-based policy)
For desktop computers that are used for specific functions, such as running certain line-of-business applications, you can use a management structure that prevents users from installing any application or device or from modifying the desktop or changing settings. To improve security and manage data storage, you can use Folder Redirection to save all data to a server location instead of on the local computer.
You can also use Group Policy settings to manage configurations, restrict user access to certain features, and limit the customizations users can make to their computer environment. To configure a computer for a single application and no other tasks, you can remove desktop features such as the Start menu and set that application to start when the user logs on.
If users need to exercise a great deal of control over their desktops, and tightly managing them is not acceptable, you can use desktop management strategies to reduce support costs and user downtime. You can allow users to install approved applications and to change many settings that affect them while preventing them from making harmful system changes. For example, you might allow users to install or update printer drivers, but not to install unapproved hardware devices. To ensure that the user s profile and data are saved to a secure location where it can be backed up regularly and restored in the event of a computer failure, use Roaming User Profiles and Folder Redirection.
For more information about implementing the preceding desktop management strategies, see Managing Desktops in this book. For more information about implementing and using Folder Redirection and Offline Files and Folders for desktop management, see Managing Files and Folders in this book. For more information about implementing Group Policy to manage desktop computers, including creating organizational unit (OU) structures and determining Group Policy strategies, see the Change and Configuration Management Deployment Guide link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources
If your mobile users travel frequently or work from remote sites and use slow or intermittent network connectivity, you might want to give them more control over their computers than you allow users who use their computers primarily on-site where administrators can provide full support. For example, you might allow traveling users to install or update device drivers and applications but restrict them from performing tasks that can damage or disable their computers.
Mobile users who work mostly off-site, whether or not they are connected to your network, have less access to support personnel. Therefore, when you install applications for users who are seldom connected to the network or do not have a reliable fast connection to it, make sure that all necessary components are also installed. You can use scripts to make sure that all files associated with the installed applications are installed locally. A sample Visual Basic script can be found in the Implementing Common Desktop Management Scenarios white paper, available on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources To allow portable computer users to install software, make them members of the Power Users Security group. For more information about security groups, see Determining Security Strategies later in this chapter.
Users who connect to your network remotely might need to configure virtual private network (VPN) connections. To allow them to make necessary configuration changes, enable the following settings:
Delete remote access connections belonging to the user.
Rename connections belonging to the current user.
Display and enable the New Connection Wizard.
Display the Dial-up Preferences item on the Advanced menu.
Allow status statistics for an active connection.
Allow access to the following:
Current user s remote access connection properties.
Properties of the components of a local area network (LAN) connection.
Properties of the components of a remote access connection.
If mobile users rarely connect to your network, you might not want to use features such as Roaming User Profiles and Folder Redirection. However, these features help maintain a seamless work environment from any computer for users who frequently connect to the network or roam between portable and desktop computers.
For details about setting up portable computers and selecting features that best support mobile users, see Supporting Mobile Users in this book.
For more information about determining a desktop management strategy, see Managing Desktops in this book.
Determining how to connect clients to your network depends largely on where they are located and the type of network you are running. Those located within the corporate infrastructure can use a variety of network media, such as asynchronous transfer mode (ATM), Ethernet, or Token Ring; those outside of the corporate infrastructure need to use Routing and Remote Access or virtual private networking.
Windows XP Professional uses TCP/IP as its standard network protocol. For a Windows XP Professional based computer to connect to a NetWare or Macintosh server, you must use a protocol that is compatible with the server. NWLink is the Microsoft implementation of the Novell IPX/SPX protocol, which allows you to connect to NetWare file and print servers. However, the IPX/SPX protocol is not available on Windows XP 64-Bit Edition.
In the Properties dialog box for your network adapter, you can specify which protocols to install and enable. Windows XP Professional attempts to connect to remote servers by using the network protocols in the order specified in this dialog box.
| Note | Install only the necessary protocols. For example, installing and enabling Internetwork Packet Exchange (IPX) when you need only TCP/IP generates unnecessary IPX and Service Advertising Protocol (SAP) network traffic. |
Client computers running on TCP/IP networks can be assigned an IP address statically by the network administrator or dynamically by a Dynamic Host Configuration Protocol (DHCP) server.
Windows XP Professional uses DNS as the namespace provider whether you use static IP addresses or DHCP. Networks that include Microsoft Windows NT Server version 4.0 or earlier or client computers running versions of Windows earlier than Windows 2000 might require a combination of DHCP and WINS.
DNS is required for integration with Active Directory, and it provides the following advantages:
Interoperability with other DNS servers, including Novell NDS and UNIX Bind.
Integration with networking services, by using Windows Internet Name Service (WINS) and DHCP.
Dynamic registration of DNS names and IP addresses.
Incremental zone transfers and load balancing between servers.
Support for resource record types such as Services Locator (SRV) and Asynchronous Transfer Mode Addresses (ATMA) records.
DHCP allows Windows XP Professional based computers to receive IP addresses automatically. This helps to prevent configuration errors and address conflicts that can occur when previously assigned IP addresses are reused to configure new computers on the network. As computers and devices are removed from the network, their addresses are returned to the address pool and can be reallocated to other clients. The DHCP lease renewal process ensures that needed changes are made automatically when client configurations must be updated.
The advantages of using DHCP follow:
Conflicts caused by assigning duplicate IP addresses are eliminated.
DNS or WINS settings do not need to be manually configured if the DHCP server is configured to those settings.
Clients are assigned IP addresses regardless of the subnet to which they connect, so IP settings need not be manually changed for roaming users.
If you assign IP addresses statically, you need to have the following information for each client:
The IP address and subnet mask for each network adapter installed on each client computer.
The IP address for the default gateway.
Whether the client is using DNS or WINS.
The name of the client computer s DNS domain and the IP addresses for the DNS or WINS servers.
The IP address for the proxy server.
| Note | It is recommended that you assign static IP addresses to servers and dynamic ones to client computers. However, there are exceptions that might require you to assign static addresses to computers running Windows XP Professional. For example, a computer that runs an application that has the IP addresses hard-coded into it requires a static address. |
For more information about TCP/IP, DHCP, and DNS, see Configuring TCP/IP in this book. For more information about IP addressing, see Configuring IP Addressing and Name Resolution in this book.
Internetwork Packet Exchange (IPX) is the network protocol used by NetWare computers to control addressing and routing of packets within and among LANs. Windows XP Professional computers can connect to NetWare servers using Client Service for Netware. Windows XP Professional includes NWLink and Client Service for NetWare to transmit NetWare Core Protocol (NCP) packets to and from NetWare servers.
| Note | Although TCP/IP is used on some Novell NetWare-based networks, Client Service for NetWare does not support it. |
NWLink and Client Service for NetWare provide access to file and print resources on NetWare networks and servers that are running either Novell Directory Services (NDS) or bindery security. Client Service supports some NetWare tools applications. It does not support IP, including NetWare/IP.
You can install Client Service or the current network client by using Novell Client. However, you cannot use Novell Client to connect a computer running Windows XP Professional to a Windows 2000 Server based computer.
| Caution | Do not install both Client Service and Novell Client for Windows NT/2000 on the same computer running Windows XP Professional. Doing so can cause errors on the system. |
When upgrading to Windows XP Professional from Windows Me, Windows 98, or Windows NT 4.0 Workstation, Windows XP Professional upgrades Novell Client version 4.7 or earlier to the latest version of Novell Client, allowing for a seamless upgrade. All other versions of Novell Client should be removed before upgrading the operating system, then reinstall and reconfigure Novell Client.
You can also use Microsoft Services for NetWare on a Windows 2000 based server. Services for Netware uses Client Service to connect to a NetWare network or server.
The Windows XP Professional security model is based on the concepts of authentication and authorization. Authentication verifies a user s identity, and authorization verifies that the user has permission to access resources on the computer or the network. Windows XP Professional also includes encryption technologies, such as Encrypting File System (EFS) and public key technology, to protect confidential data on disk and across networks.
When the user logs on to a computer, a user name and password are required before the user can access resources on the local computer or the network. Windows XP Professional authentication enables single sign-on to all network resources, so that a user can log on to a client computer by using a single password or smart card and gain access to other computers in the domain without re-entering credential information. The Windows XP Professional authentication model protects your network against malicious attacks, such as:
Masquerade attacks. Because a user must prove identity, it is difficult to pose as another user.
Replay attacks. It is difficult to reuse stolen authentication information because Windows XP Professional authentication protocols use timestamps.
Identity interception. Intercepted identities cannot be used to access the network because all exchanges are encrypted.
Kerberos V5 is the primary security protocol within Windows 2000 domains. Windows XP Professional based clients use NTLM to authenticate to servers running Windows NT 4.0 and to access resources within a Windows NT domain.
Computers running Windows XP Professional that are not joined to a domain also use NTLM for authentication.
If you use Windows XP Professional on a network that includes Active Directory, you can use Group Policy settings to manage logon security, such as restricting access to computers and logging users off after a specified time. For more information about logon security, see Logon and Authentication in this book.
Authorization controls user access to resources. Using access control lists (ACLs), security groups, and NTFS file permissions, you can make sure that users have access only to needed resources, such as files, drives, network shares, printers, and applications.
Security groups, user rights, and permissions can be used to manage security for numerous resources while maintaining fine-grained control of files and folders and user rights. The four main security groups include:
Domain local groups
Global groups
Universal groups
Computer local groups
Using security groups can streamline the process of managing access to resources. You can assign users to security groups, and then grant permissions to those groups. You can add and remove users in security groups according to their need for access to new resources. To create local users and place them within local security groups, use the Computer Management snap-in of MMC or the User Accounts option in Control Panel.
Within the domain local and computer local security groups there are preconfigured security groups to which you can assign users.
Members of this group have total control of the local computer and have permissions to complete all tasks. A built-in account called Administrator is created and assigned to this group when Windows XP Professional is installed. When a computer is joined to a domain, the Domain Administrators group is added to the local Administrators group by default.
Members of this group have read/write permissions to other parts of the system in addition to their own profile folders, can install applications, and can perform many administrative tasks. Members of this group have the same level of permissions as Users and Power Users in Windows NT 4.0.
Members of this group are authenticated users with read-only permissions for most parts of the system. They have read/write access only within their own profile folders. Users cannot read other users data (unless it is in a shared folder), install applications that require modifying system directories or the registry, or perform administrative tasks. Users permissions under Windows XP Professional are more limited than under Windows NT 4.0.
Members of this group can log on using the built-in Guest account to perform limited tasks, including shutting down the computer. Users who do not have an account on the computer or whose account has been disabled (but not deleted) can log on using the Guest account. You can set rights and permissions for this account, which is a member of the built-in Guests group by default. The Guest account is enabled by default.
You can configure access control lists (ACLs) for resource groups or security groups and add or remove users or resources from these groups as needed. The ability to add and remove users makes user permissions easier to control and audit. It also reduces the need to change ACLs.
You can grant users permissions to access files and folders, and specify what tasks users can perform on them. You can also allow permissions to be inherited, so that permissions for a folder apply to all its subfolders and the files in them.
You can use Group Policy settings to assign permissions to resources and grant rights to users as follows:
To restrict which types of users can run certain applications. This reduces the risk of exposing the computer to unwanted applications, such as viruses.
To configure many rights and permissions for client computers. You can also configure rights and permissions on an individual computer to be used as the base image for desktop installations, to ensure standardized security management even if you do not use Active Directory.
Auditing features allow you to detect attempts to disable or circumvent protections on resources.
For more information about managing access to resources and applications, see Authorization and Access Control in this book. For more information about creating disk images for installation, see Automating and Customizing Installations in this book.
You can use preconfigured security templates that meet the security requirements for a given workstation or network. Security templates are files with preset security settings that can be applied to a local computer or to client computers in a domain by using Active Directory.
Security templates can be used without modification or customized for specific needs. For more information about using security templates, see Authorization and Access Control in this book.
You can use Encrypting File System (EFS) to encrypt data on your hard disk. For example, because portable computers are high-risk items for theft, you can use EFS to enhance security by encrypting data on the hard disks of your company s portable computers. This precaution protects data and authentication information against unauthorized access.
Before implementing EFS, it is important to understand the proper backup structure for EFS keys and to know how to restore them.
For more information about EFS, see Encrypting File System in this book.
The following sections can help you make decisions about configuring Windows XP Professional computers to make them easier to administer. Depending on the needs of your organization, you can include support for multiple language versions of the operating system and applications, specify what devices users can access, choose the file system that best suits your security and compatibility needs, and create logical disks that are more efficient to manage. Depending on the installation method you use, you can install applications along with the operating system to decrease the time it takes users to start their computers. You can enable accessibility options for users with disabilities and have those options available wherever users log on to the network.
Windows XP Professional supports companies that need to equip their users to work with various languages or in multiple locale settings. This includes organizations that:
Operate internationally and must support various regional and language options, such as time zones, currencies, or date formats.
Have employees or customers who speak different languages, or require language-dependent keyboards or input devices.
Develop an internal line of business applications to run internationally or in more than one language.
If you have roaming users who need to log on anywhere and edit a document in several languages, you need the appropriate language files installed or installable on demand, on a server or workstation. You can also use Terminal Services to allow users to initiate individual Terminal Services sessions in different languages.
For more information about multilingual feature support in Windows XP Professional, see Multilingual Solutions for Global Businesses in this book.
You can use Setup scripts to install regional and language options on your users computers. For more information about creating Setup scripts, see Automating and Customizing Installations in this book.
Windows XP Professional includes support for a range of hardware devices, including USB- and IEEE 1394 compliant devices. Device drivers for most devices are included with the operating system. Drivers can be configured to be dynamically updated by connecting to the Microsoft Windows Update Web site and downloading the most recent versions.
If you can connect to the Internet, the Dynamic Update feature can connect to Windows Update during setup to install device drivers that were not included on the Windows XP Professional operating system CD. For more information about Dynamic Update, see Planning for Dynamic Update later in this chapter.
You can add devices, such as mass storage and Plug and Play devices, to your installation. For more information about adding hardware devices to your installation, see Automating and Customizing Installations in this book. For more information about the types of hardware devices Windows XP Professional supports, and about configuring these devices, see Managing Devices in this book.
Windows XP Professional supports the FAT16, FAT32, and NTFS file systems. Because NTFS has all the basic capabilities of FAT16 and FAT32, with the added advantage of advanced storage features such as compression, improved security, and larger partitions and file sizes, it is the recommended file system for Windows XP Professional.
Some features that are available when you choose NTFS:
File encryption allows you to protect files and folders from unauthorized access.
Permissions can be set on individual files, as well as on folders.
Disk quotas allow you to monitor and control the amount of disk space used by individual users.
Better scalability allows you to use large volumes. The maximum volume size for NTFS is much greater than it is for FAT. Additionally, NTFS performance does not degrade as volume size increases, as it does in FAT systems.
Recovery logging of disk activities helps restore information quickly in the event of power failure or other system problems.
When you perform a clean installation of Windows XP Professional, it is recommended that you use NTFS. If you upgrade computers that use NTFS as the only file system, continue to use NTFS with Windows XP Professional.
Before you run Setup, you must decide whether to keep, convert, or reformat an existing partition. The default option for an existing partition is to keep the existing file system intact, thus preserving all files on that partition.
Windows XP Professional provides support for Windows 95, Windows 98, or Windows Me file systems, including FAT16 and FAT32 file systems. If you upgrade computers that use FAT or FAT32 as their file system, consider converting the partitions to NTFS.
| Warning | You cannot upgrade compressed Windows 98 volumes; you must uncompress them before you upgrade them to Windows XP Professional. |
Use the conversion option if you want to take advantage of NTFS features, such as security or disk compression, and you are not dual-booting with another operating system that needs access to the existing partition. You cannot convert an NTFS volume to FAT or FAT32. You must reformat the NTFS volume as FAT. However, when you convert a volume from FAT to NTFS, you cannot use the uninstall feature to roll back to a previous operating system installation.
| Warning | Once you convert to NTFS, you cannot revert to FAT or FAT32. |
You can reformat a partition during a clean installation only. If you decide to convert or reformat, select an appropriate file system (NTFS, FAT16, or FAT32). For more information about converting volumes to NTFS, see File Systems in this book.
| Caution | You can reformat a partition as either FAT or NTFS; however, reformatting a partition erases all files on that partition. Make sure to back up all files on the partition before you reformat it. |
NTFS is the recommended file system for Windows XP Professional. However, you might need a different file system to multiple-boot Windows XP Professional with an operating system that cannot access NTFS volumes. If you use NTFS to format a partition, only Windows XP, Windows 2000, and Windows NT 4.0 (with Service Pack 4) can access the volume.
If you plan to install Windows XP Professional and another operating system on the same computer, you must use a file system that all operating systems installed on the computer can access. For example, if the computer has Windows 95 and Windows XP Professional, you must use FAT on any partition that Windows 95 must access. However, if the computer has Windows NT 4.0 and Windows XP Professional, you can use FAT or NTFS because both operating systems can access all those file systems. However, certain features in the version of NTFS included with Windows XP Professional are not available when the computer runs Windows NT 4.0. For more information about file system compatibility and multiple booting, see Determining How Many Operating Systems to Install in this chapter.
| Warning | You can access NTFS volumes only when running Windows NT, Windows 2000, or Windows XP. |
Table 1-7 describes the size and domain limitations of each file system.
| Subject of Comparison | NTFS | FAT16 | FAT32 |
|---|---|---|---|
| Operating system compatibility | A computer running Windows 2000 or Windows XP can access files on an NTFS partition. A computer running Windows NT 4.0 with Service Pack 4 or later can access files on the partition, but some NTFS features, such as Disk Quotas, are not available. Other operating systems allow no access. | File access is available to computers running Microsoft MS DOS all versions of Windows, Windows NT, Windows XP, and OS/2. | File access is available only to computers running Microsoft Windows 95 OSR2, Windows 98, Windows Me, Windows 2000, and Windows XP. |
| Volume size | Recommended minimum volume size is approximately 10 MB. Recommended practical maximum for volumes is 2 terabytes. Much larger sizes are possible. Cannot be used on floppy disks. | Volumes up to 4 GB. Cannot be used on floppy disks. | Volumes from 512 MB to 2 terabytes. In Windows XP Professional, you can format a FAT32 volume only up to 32 GB. Cannot be used on floppy disks. |
| File size | Maximum file size 16 terabytes minus 64 KB (244 minus 64 KB) | Maximum file size 4 GB | Maximum file size 4 GB |
| Files per volume | 4,294,967,295 (232 minus 1 files) | 65,536 (216 files) | Approximately 4,177,920 |
If you also want to use MS DOS on your system, you must use FAT to format another partition, which is the MS DOS operating system s native file system. MS DOS does not recognize data on NTFS or FAT32 partitions.
For more information about FAT, NTFS, and other file systems supported in Windows XP Professional, see File Systems in this book.
| Warning | To format the active system partition you must use a file system that all the operating systems running on your computer recognize. You can have up to four primary partitions, but only the active one starts all the operating systems. |
Disk partitioning is a way of dividing hard disks into sections that function as separate units. Partitions can be set up to organize data or to install additional operating systems for multiple boot configurations. Partitioning involves dividing a disk into one or more areas, each formatted for use by a particular file system.
Depending on your existing hard disk configuration, you have the following options during setup:
If the hard disk is unpartitioned, you can create and size the Windows XP Professional partition.
If an existing partition is large enough, you can install Windows XP Professional on that partition.
If the existing partition is too small but you have adequate unpartitioned space, you can create a new Windows XP Professional partition in that space.
If the hard disk has an existing partition, you can delete it to create more unpartitioned disk space for the Windows XP Professional partition. Keep in mind that deleting an existing partition also erases any data on that partition.
| Caution | Before you change file systems on a partition or delete a partition, back up the information on that partition, because reformatting or deleting a partition deletes all existing data on that partition. |
If you install Windows XP Professional as part of a multiple-boot configuration, it is important to install Windows XP Professional on its own partition. Installing Windows XP Professional on the same partition as another operating system might overwrite files installed by the other operating system and overwrites the system directory unless you specify a different directory in which to install Windows XP Professional.
| Warning | If you install Windows XP Professional as part of a multiple-boot configuration, make sure that you install it after you install all other operating systems. If you install another operating system after Windows XP Professional, you might not be able to start Windows XP Professional. For more information about problems with starting your computer, see Troubleshooting Startup in this book. |
It is recommended that you install Windows XP Professional on a 2-gigabyte (GB) (that is, 2,048 megabytes) or larger partition. Although Windows XP Professional requires a minimum of 650 MB of free disk space for installation, using a larger installation partition provides flexibility for adding future updates, operating system tools, and other files.
During setup, you only need to create and size the partition on which you plan to install Windows XP Professional. After Windows XP Professional is installed, you can use the Disk Management snap-in to make changes or create new partitions on your hard disk.
For more information about Disk Management, see Disk Management in this book.
| Warning | Windows 2000, Windows XP Professional, and Windows XP 64-Bit Edition are the only operating systems that can access a dynamic disk. If you convert the disk that contains the system volume to dynamic, you cannot start the other operating systems. For more information about basic and dynamic disks, see Disk Management in this book. |
During setup, you can choose to install standard productivity applications such as Microsoft Office, as well as custom applications. If certain core applications need to be available to users at all times, you can install them along with the operating system. If you are automating installations by using RIS or Sysprep, you can install the applications on the disk image that you create; if you are doing unattended installations by using answer files, you can include applications and make them available from your distribution folder. For more information about adding applications to your installations, see Automating and Customizing Installations in this book.
If you use Active Directory, you can use the Software Installation and Maintenance feature of IntelliMirror to make applications available to users. You can assign critical applications to users and publish applications users might need to access.
When you publish applications, users can install the application by using Add or Remove Programs in Control Panel. For more information about using Software Installation and Maintenance to make applications available to your users, see the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit.
When you assign an application to a user, it appears to the user that the application is already installed, and a shortcut appears in the user s Start menu. When the user clicks the shortcut, the application is installed from a server share.
You can also use Systems Management Server (SMS) to automate the deployment and upgrade applications during and after installing the operating system. SMS is a good option for large-scale software-deployment projects because SMS can be set to run when it will cause minimal interruption to your business, such as at night or on weekends. For more information about SMS, see the documentation included with SMS.
Windows XP Professional includes multiple features and options that improve accessibility for people with disabilities. You can use the Accessibility wizard or individual Control Panel properties to set options to meet the needs of users with vision, mobility, hearing, and learning disabilities.
For users with vision impairments or learning disabilities, you can set size and color options for the display of text and screen elements, such as icons and windows. You can also adjust the size, color, speed, and motion of the mouse cursor to aid visibility on the screen. Options such as StickyKeys, BounceKeys, ToggleKeys, and MouseKeys benefit some users with mobility impairments. SoundSentry and ShowSounds can assist users with hearing impairments.
Accessibility tools such as Magnifier, Narrator, and On-Screen Keyboard allow users with disabilities to configure and use computers without additional hardware or software. These tools also allow some users with disabilities to roam multiple computers in their organization.
| Note | Accessibility features such as Narrator, Magnifier, and On-Screen Keyboard provide a minimum level of functionality for users with special needs. Most people with disabilities require tools with higher functionality. |
You can use Group Policy and set user profiles to make sure that accessibility features are available to users wherever they log on in your network. You can also enable some accessibility features when you run Setup by specifying them in your answer file.
For more information about accessibility features included with Windows XP Professional, see Accessibility for People with Disabilities in this book. For more information about customizing answer files for unattended Setup, see Automating and Customizing Installations in this book.