Supporting Mobile Users

  • Article

For organizations that support mobile users, important considerations are hardware, power management, and security on portable computers. In addition, some administrative concerns are relevant to roaming users in organizations that use roaming user profiles or Folder Redirection. Microsoft Windows XP Professional can be configured and administered to provide support for mobile users, and it includes features and tools that are designed specifically for portable computer users.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see https://www.microsoft.com/mspress/books/6795.asp.

Bb457105.3squares(en-us,TechNet.10).gif

On This Page

Related Information
Overview of Windows XP Professional Support for Mobile Users
Setting Up a Portable Computer
Managing Hardware on Portable Computers
Configuring Power Management
Configuring Roaming User Profiles and Folder Redirection
Configuring Offline Files for Portable Computers
Securing Portable Computers
Using Infrared Hardware and Video Devices with Portable Computers
Wireless Networking
Additional Resources

  • For more information about IntelliMirror management technologies such as Offline Files, Folder Redirection, and roaming user profiles, see Chapter 6, “Managing Files and Folders.”

Overview of Windows XP Professional Support for Mobile Users

Windows XP Professional offers several new features for mobile users. In addition, several Microsoft Windows NT version 4.0 and Microsoft Windows 2000 features, as well as processes such as starting, hibernating, standby, and resuming, are enhanced in Windows XP Professional to increase functionality for mobile users.

Fast system startup

Windows XP Professional provides improved system boot and resume performance, resulting in fast system startup. The standby feature reduces power consumption by turning off the display, hard disk, and other system components while preserving the contents of memory. Standby also allows you to return to work quickly after waking the system. The hibernate feature saves the entire system state to the hard disk and turns off the computer. When the system restarts from hibernation, the desktop and all applications are restored to their previous state.

Folder Redirection

Folder Redirection allows the administrator to direct the contents of special shell folders, such as My Documents, to an alternate location on a server or a network share. When Folder Redirection is applied to these special folders, the redirection is transparent to the user; he or she can continue to work with documents on the server as if the documents are on the local drive. Folder Redirection is best used in conjunction with Offline Files.

Offline Files

The Offline Files feature allows users to disconnect from the network and work as if they are still connected. When the computer is offline, files and folders appear in the same directory that they appear in online. By using Offline Files, users can continue to work with copies of files that are available on a network when they are not connected to the network. Offline Files stores the data in the computer’s cache to make network files available offline. When users reconnect to the network, Offline Files synchronizes the files stored on the local drive with the files on the network.

Hibernation

The hibernation feature allows the Microsoft Windows desktop to be restored quickly after a computer is shut down. When a computer is put into hibernation, the current system state is saved to the hard disk before the computer is turned off. Then, when a user restarts the computer, Windows restarts any programs that were running when the computer entered hibernation, and it restores all previous network connections.

ACPI and APM support

Windows XP Professional supports the Advanced Configuration and Power Interface (ACPI) specification for robust power management and system configuration. Windows XP Professional also provides some power management features for portable computers with a legacy Advanced Power Management (APM) version 1.2–based BIOS.

Enhanced battery life

Windows XP Professional provides several new features to enhance battery life. Windows XP Professional automatically dims a laptop’s display when it is switched to battery power and turns off the display panel when the laptop’s lid is closed. In addition, Windows XP Professional features intelligent processor throttling to reduce CPU power consumption. Windows XP Professional also provides more accurate estimates of remaining battery life.

Processor performance control

Windows XP Professional provides native support for processor performance control technologies such as Intel SpeedStep Technology, AMD PowerNow!™, and Transmeta LongRun™. Windows XP Professional also features an adaptive processor performance control algorithm that dynamically balances system performance and power consumption, based on the current CPU workload and remaining battery life.

Battery and processor metrics

Windows XP Professional displays information about processor performance and battery activity in System Monitor. The processor performance data available includes the current processor frequency and power consumption. Battery information provided includes the charge and discharge rates, voltage, and remaining capacity.

Wake-on-critical battery

Windows XP Professional supports wake-on-critical battery for portable computers that implement this feature. This allows a computer to awaken from standby when battery power becomes critically low and switch to hibernation to prevent data loss.

Dynamic configuration of hot added devices

When you insert and remove devices such as CardBus cards or Universal Serial Bus (USB) devices, Windows XP Professional detects and configures them without requiring you to restart the computer.

Hot and cold docking or undocking

With your portable computer fully powered, you can dock to a docking station and undock from a docking station without shutting down the computer.

Table 7-1 lists the new or enhanced features in Windows XP Professional that support mobile users and indicates which of these features are available in Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows NT Workstation 4.0, and Microsoft Windows 2000 Professional.

Table 7-1 Mobile User Profile Computing Features in Windows XP Professional

Windows XP Professional Feature

Windows 95

Windows 98

Windows NT 4.0

Windows 2000 Professional

Windows XP Professional

Offline Files

 

 

 

X

X

Folder
Redirection

 

 

 

X

X

Roaming User Profiles

 

 

X

X

X

Briefcase

X

X

X

X

X

Hibernate

 

 

 

X

X

Power
management

X

X

 

X

X

ACPI support

 

X

 

X

X

APM support

X

X

 

X

X

Standby (APM and ACPI only)

X

X

 

X

X

Battery management (APM and ACPI only)

 

X

 

X

X

Dynamic
configuration of PC Cards

X

X

 

X

X

Hot and cold docking or
undocking

X

X

 

X

X

Hot insertion and removal of devices in
hot-swappable module bays

 

X

 

X

X

Setting Up a Portable Computer

Before you can make use of mobile computing in your organization, you need to identify the critical operating system components, properties, and features that you will need to configure on your portable computers. You must also ensure that you address critical configuration issues that are specific to portable computers.

Check BIOS Compatibility

Windows XP Professional supports the Advanced Configuration and Power Interface (ACPI) specification, which enables reliable system configuration and power management features. If a portable computer has an ACPI-compliant BIOS, use the Windows Catalog to verify that it is compatible with Windows XP Professional. If it is not, upgrade the BIOS to the latest available version. If you upgrade to an ACPI-based BIOS on your portable computer after you install Windows XP Professional, and your old BIOS was either not ACPI-compliant or not compatible with Windows XP Professional, you must reinstall Windows XP Professional to enable ACPI and the power management features that it supports. For more information about hardware compatibility, see the Windows Catalog at https://www.microsoft.com/windows/catalog.

If a portable computer has an APM-based BIOS, run the Apmstat.exe support tool to determine whether the BIOS has any known problems. If the APM BIOS is known to be compatible with Windows XP Professional, APM power management is enabled by default. You can install Apmstat by running Setup.exe, which is located in the \Support\ Tools folder on the Windows XP Professional operating system CD.

Grant Installation and Configuration Rights

If you configure a portable computer for a user who travels frequently, add this user to the Power Users group. The user can then install, uninstall, and configure software. If a hardware device fails or needs to be reinstalled while not connected to the network, a member of the Power Users group can reinstall the device, but only if the driver package meets the following conditions:

  • Is present on the system (that is, it does not need to be installed from media, such as a CD provided by a vendor).

  • Is digitally signed. For more information about driver signing, see Chapter 9, “Managing Devices.”

  • Can be installed without any user interface.

If a user must be able to add hardware even if the driver package does not meet these conditions, add this user to the Administrators group.

All other types of users should be members of the Users group, which does not allow them to install, uninstall, or configure software and hardware, except when the preceding three conditions are true. In general, no Users should be members of the Administrators group unless they need to install, uninstall, and configure non–Plug and Play hardware and drivers. For more information about driver signing or configuring hardware and drivers, see Chapter 9, “Managing Devices.”

Verify Hardware Configuration

After you install new hardware on a portable computer, you need to verify that all devices function when the computer is both docked and undocked. Log on in turn as a member of the Power Users and Users groups to test the devices, as well as the docking and undocking functionality. This testing is necessary because some hardware can be fully installed only by a member of the Administrators group. When members of the Power Users or Users group add the devices, the driver packages might not be installed.

Windows XP Professional uses one hardware profile to load drivers when the portable computer is docked (the Docked Profile) and another when the computer is undocked (the Undocked Profile). Verify that the properties are set correctly for both the Docked Profile and the Undocked Profile. For more information about docked and undocked profiles, see “Managing Hardware on Portable Computers” later in this chapter.

Configure Power Management Options

Windows power management is based on the concept of power schemes. A power scheme is a group of preset power options that are passed to the operating system to control a computer’s power management behavior. Power schemes are presented to the user in Power Options in Control Panel.

The power policy used when the computer is powered by AC (utility) power can be different than the policy that is used when the computer is powered by a battery.

Verify that the power schemes that are available are appropriate for the target user environments. The most useful power schemes for portable computers are Portable/Laptop, Presentation, and Max Battery. Using the default power scheme settings might not always be the best configuration. You might need to explore the best configuration for the user’s needs.

Install Applications

All software and software components must be installed locally and run locally on portable computers. You must therefore make sure that you do not have any partially installed programs or distributed programs installed on a portable computer that is frequently used offline. Only Administrators can install software for personal digital assistants (PDA) because some PDA software cannot be installed by members of the Power Users group. Also, only members of the Administrators group can use the Internet Connection Wizard to configure an Internet connection.

Configure Offline File Storing

If you have files and folders that you want to make available offline for mobile users, enable and configure file-storing settings on the server or network share. This is particularly important for folders such as My Documents that have been redirected to a network share or a server. Also, make sure that you have configured all offline files settings, including synchronization settings, on the portable computer.

If a user uses an e-mail program or a Web browser, be sure to configure the e-mail program and the Web browser for offline content.

Configure Security

Because portable computers are vulnerable to theft, you must ensure that they are configured securely. Format all hard disks as NTFS and apply the appropriate permissions to files and folders that contain sensitive data. Also, encrypt files and folders that contain sensitive data, and require users to use strong passwords for logging on both locally and on the network. You might also want to encrypt the Offline Files cache so that any network files made available offline are also encrypted. For more information about encrypting files and folders, see Chapter 18, “Using Encrypting File System.”

Configure Roaming User Profiles and Folder Redirection

If you are supporting roaming desktop users or portable computer users who are connected directly to a network most of the time, configuring roaming user profiles and Folder Redirection can provide a number of advantages, such as fast computer replacement and the storage of backup copies of data on the network. If portable computers in your organization are rarely connected to the network or are connected remotely most of the time, however, do not use roaming user profiles or Folder Redirection. For more information about roaming user profiles and Folder Redirection, see “Configuring Roaming User Profiles and Folder Redirection” later in this chapter.

Managing Hardware on Portable Computers

The Plug and Play support in Windows XP Professional allows devices to be configured on the system without the computer having to be restarted. You can therefore add or remove a device from the computer while it is running, and Windows XP Professional will automatically allocate resources, install or uninstall the appropriate device drivers, and enable or disable the device. Full Plug and Play support is useful for portable computers because the device configuration on portable computers changes frequently to accommodate the user’s environment (docked or undocked) and the user’s needs (such as working remotely online or working offline). For portable computers that are ACPI-enabled, Plug and Play makes the following functionality possible:

  • Dynamic configuration of devices, such as PC Cards and CardBus

  • Hot swapping of Integrated Drive Electronics (IDE) devices in device bays, such as hard disks, floppy drives, and CD-ROM drives

  • Hot docking and undocking

For more information about installing, configuring, and troubleshooting devices, see Chapter 9, “Managing Devices.”

Warning Full Plug and Play support is possible only if both the device and the device drivers support Plug and Play, and the computer is ACPI-based.

Hardware Profile Creation

Windows XP Professional uses hardware profiles to determine which drivers to load when the system hardware changes. Hardware profiles are an important feature for portable computers that use a docking station. Windows XP Professional uses one hardware profile to load drivers when the portable computer is docked (the Docked Profile) and another (the Undocked Profile) when the computer is undocked. Windows XP Professional creates these two hardware profiles for portable computers when the computer is docked and undocked.

The hardware profiles are created when Windows XP Professional queries the BIOS for a dock serial ID and then assigns names for the docked and undocked configurations. You do not need to reconfigure the Docked Profile or the Undocked Profile if your system is Plug and Play–compliant. If a portable computer is fully Plug and Play–compliant, you need only these hardware profiles, and you do not need to designate which profile to use when the computer starts. The computer detects the docked or undocked state and uses the appropriate profile.

If a portable computer is not fully Plug and Play–compliant, you might need to create a new hardware profile. You can then configure the profile by enabling and disabling devices. For more information about configuring hardware profiles, see Windows XP Professional Help and Support Center.

Dynamic Device Configuration

With dynamic device configuration, portable computer users can add or remove PC Cards, CardBus cards, USB and IEEE 1394 devices, and so forth without restarting the computer. The device and the device drivers must support Plug and Play for users to take advantage of dynamic configuration.

Warning Some ACPI-enabled computers might not be fully ACPI-compliant or support hot addition and removal of devices in hot-swappable module bays. Removing such devices on these computers without first shutting down the system can physically damage the device.

Docking and Undocking

Docking and undocking of portable computers can be done either hot or cold. In a cold dock or undock, the computer is shut down before it is inserted into or removed from the docking station. In a hot dock or undock, the computer is running, with or without programs and documents open, when it is inserted into or removed from the docking station. Computer manufacturers can design the docking stations and BIOS of their mobile computers in different ways resulting in different docking and undocking behaviors. For specific information about the docking and undocking behavior of your portable computers, see the manufacturer’s documentation.

Hot Docking and Undocking

Hot docking and hot undocking can be performed only on computers that are ACPI-enabled. To hot dock a system, insert the fully powered system into the docking station. To hot undock a system, click Eject PC on the Start menu before removing the system from the docking station. The Eject PC command appears only if a computer is ACPI-enabled.

Removing a portable computer without using the Eject PC command is not recommended. Use the Eject PC command to perform a hot undock. Note that undocking a portable computer while it is in standby or hibernation is not recommended. If a system is in standby or hibernation, first resume the system, and then follow the hot undock procedure. Some portable computer manufacturers support other methods of hot undocking. See manufacturer documentation for details about a given system.

Caution Data loss or system instability can occur if a user does not use the Eject PC command before undocking in a fully powered state or from standby or hibernation.

You can use Group Policy to disable hot undocking, in which case the Eject PC command does not appear on ACPI-enabled computers. For more information about using Group Policy to control undocking privileges, see “Securely Undocking Portable Computers” later in this chapter.

Cold Docking and Undocking

Cold docking takes place when the computer is completely shut down before it is docked or undocked. It is recommended that you use cold docking and undocking if you have an APM-based system or other non-ACPI–based computer. To perform a cold dock, insert the computer into the docking station while the computer is shut down. To perform a cold undock, shut down the computer, and then remove or eject it from the docking station. When you shut down the computer before a cold dock or undock, you must use the shut down command. Do not use the hibernate or stand by commands.

Configuring Power Management

Configuring power management allows you to control how a computer consumes energy. Windows XP Professional supports the Advanced Configuration and Power Interface (ACPI) specification. The ACPI architecture is designed to provide for Operating System–Directed Power Management (OSPM). Windows XP Professional also supports the legacy Advanced Power Management (APM) version 1.2 BIOS architecture; however, APM provides only limited power management support.

If you do not have an APM-based or ACPI-based computer, it might still be possible to manage some aspects of power consumption. For example, depending on the capabilities of your hardware, you can reduce the power consumed by the computer by setting timers to turn the display or disk drives off.

ACPI Power Management

Using features supported by ACPI, Windows XP Professional allows the operating system to direct and manage power usage on a systemwide basis. The operating system’s power policy determines what devices to turn off and when to put the computer into a low-power state. Power policy is based on a combination of application requirements, the user’s preferences, and the computer’s hardware capabilities. To conserve energy and prolong battery life, when the computer is idle the operating system can turn off devices such as the display panel or hard disk drive, or it can put the computer into a low-power sleep state such as standby or hibernation.

Each device class on the computer has a power policy owner. The policy owner for a particular device class is the component that is best aware of how the device is used. Typically this is the device class driver. Each policy owner must manage power appropriately for its class and work consistently with the operating system’s policy for putting the computer into a low-power state. For example, a network adapter might sense that no network cable is plugged in, and therefore request that the operating system put the adapter in a low-power state because it is not being used.

To use the ACPI power management features in Windows XP Professional, your computer must have an ACPI-compliant BIOS that is compatible with Windows XP Professional.

During setup, Windows XP Professional determines which hardware abstraction layer (HAL) to install on the computer. If the computer has an ACPI-compliant BIOS, an ACPI HAL is installed and you are able to use ACPI power management features. If the computer does not have an ACPI-compliant BIOS, a non-ACPI HAL is installed and ACPI power management features are not available.

Note The HAL directs information from the operating system and device drivers to specific devices.

To determine which HAL to install, Windows XP Professional performs the following process during setup:

  1. Windows XP Professional checks the ACPI BIOS tables during startup. These tables list the devices that are installed on the computer and their power management capabilities.

    If this information is missing or if the information is in the wrong form, a non-ACPI HAL is installed.

  2. If the tables are correct, Setup determines whether the computer’s BIOS is known to be incompatible with the ACPI standard.

    If the BIOS is on the incompatible list, a non-ACPI HAL is installed.

  3. If the BIOS is not on the incompatible BIOS list, Setup checks the BIOS date.

    If the BIOS is not on the incompatible BIOS list and the BIOS date is later than 1/1/99, an ACPI HAL is installed.

  4. If the BIOS is not on the incompatible BIOS list and the BIOS date is earlier than 1/1/99, Setup determines whether the BIOS is known to be compatible with Windows XP Professional.

    If the BIOS is compatible, an ACPI HAL is installed.

    If the BIOS is not compatible, an earlier HAL is installed.

For more information about BIOS compatibility, see the Windows Catalog at https://www.microsoft.com/windows/catalog.

You can use Device Manager to determine whether your computer is operating in ACPI mode.

To determine whether Windows XP Professional is running in ACPI mode

  1. In Control Panel, click Performance and Maintenance, and then click System.

  2. In the System Properties dialog box, click the Hardware tab, and then click Device Manager.

  3. In the details pane, click Computer.

    If Advanced Configuration and Power Interface (ACPI) PC is listed under Computer, the computer is operating in ACPI mode.

If you have an ACPI BIOS but Windows XP Professional is not installed in the ACPI mode, your ACPI BIOS might be noncompliant. Check with your computer manufacturer to see whether a more recent, ACPI-compatible BIOS is available. If Windows XP Professional is installed in non-ACPI mode on your computer and you upgrade to a new BIOS version, you must reinstall Windows XP Professional to enable ACPI mode.

You must be a member of the Administrators group to view the Hal.dll file to determine which hardware abstraction layer is installed.

APM Power Management

Windows XP Professional support of APM power management is intended to provide compatibility with legacy notebook computers. The APM power management system is not designed to run on desktop computers because power management support for the APM system is limited to battery status, suspend, resume, and auto-hibernate functions.

APM does not work with every APM-compatible system running Windows XP Professional. Microsoft has tested APM-capable systems to determine how well each system and BIOS combination supports APM.

Mobile systems can support APM if they meet the following criteria:

  • Hardware must meet basic Windows XP Professional requirements.

  • An ACPI-compliant BIOS is not available for end-user system upgrade.

  • The APM 1.2-compliant BIOS is not on the “Disable APM List” for a particular BIOS version number and date.

  • All user-defined CMOS power control features are disabled or minimized, time-outs are set to Off or to the longest possible time allowed, and the APM BIOS is enabled.

Determining APM BIOS Compatibility

For you to use APM-based power management features with Windows XP Professional, the APM-based BIOS on your computer must be compatible with Windows XP Professional.

Windows XP Professional supports APM version 1.2 on portable computers. The portable computer, however, must have an APM-compatible BIOS for APM features to work properly. Windows XP Professional determines whether a BIOS is APM-compatible during setup, and on the basis of this determination, does one of the following:

  • Installs APM support (Ntapm.sys and Apmbatt.sys), and enables APM if the computer’s BIOS is found on the auto-enable APM list.

  • Does not install or enable APM support if the computer’s BIOS is found on the disable APM list. APM on these systems does not work reliably, and if used, data loss might occur.

  • Installs APM support, but does not enable APM support if the computer’s BIOS is not on the auto-enable APM list or the disable APM list. APM might work properly, but you must enable APM in the Windows XP Professional graphical user interface (GUI). For more information about enabling APM, see “Configuring APM BIOS” later in this chapter.

    Warning APM must be enabled in the BIOS before Windows XP Professional is installed. If APM is disabled in the BIOS before installation, Windows XP Professional does not install power management support even if the APM BIOS is on the auto-enable APM list.

If APM is not enabled after you install Windows XP Professional, either the computer’s BIOS is on the disable APM list, or it is not on the auto-enable APM list. You can determine whether either of these is the case by using the Apmstat.exe tool, which is included with the Windows XP Professional Support Tools on the Microsoft Windows XP Professional operating system CD.

To determine APM BIOS compatibility by using Apmstat.exe

  1. At the command prompt, type:

    apmstat

    Caution If Apmstat.exe reports that an APM BIOS is known to be incompatible or that an APM BIOS is known to have problems, do not attempt to circumvent Windows XP Professional Setup by forcing it to install APM support. This might cause a computer to behave erratically and even lose data. Also, if an APM BIOS is known to be incompatible, make sure that APM is disabled in the BIOS.

If Apmstat.exe reports that an APM BIOS is not known to be compatible and it is not known to be incompatible, you might still be able to use APM, but you must enable and configure APM so that it works properly on your computer.

To verify that APM support is installed on a computer

  1. In Control Panel, click Performance and Maintenance, and then click System.

  2. Click the Hardware tab, and then click Device Manager.

  3. On the View menu, click Show hidden devices.

    If NT Apm/Legacy Support is listed in the details pane, APM support is installed.

To enable APM

  1. In Control Panel, click Performance Maintenance, and then click Power Options.

  2. Click the APM tab.

  3. Under Advanced Power Management, select the Enable Advanced Power Management support check box.

    Note The APM tab is present only if an APM BIOS is detected that is either APM 1.2–compliant or that might work with APM even if it is not APM 1.2–compliant. It is not recommended that you enable APM support on a computer that has a BIOS that is not APM-compliant. If problems occur after you enable APM support, disable APM and contact the computer manufacturer for an updated BIOS. The APM tab is not present if a computer has multiple processors because Windows XP Professional does not install APM support on multiprocessor computers.

Configuring APM BIOS

To utilize APM power management on your system, you must configure an APM-based BIOS so that power management works properly with Windows XP Professional. This might involve configuring the APM BIOS in the following way:

  1. Set BIOS time-outs to the maximum time or disable them. This allows the operating system (instead of the BIOS) to control time-outs. Because some APM BIOSs turn off or refuse to function if all time-outs are disabled, you might want to set time-outs to the maximum allowed time instead of disabling them.

  2. Make sure that screen blanking is turned off in the BIOS. Typically, you can turn off screen blanking in the BIOS by disabling the time-out for the display or by setting the time-out to the maximum value. Screen blanking reduces power to the display, which causes the computer to appear to be shut down.

Activating a pointing device typically wakes the system and restores power to the display. However, USB and other external pointing devices do not wake the system or restore power to the display.

Do not use a supplemental video card with a portable computer if you use APM. Use only the video card included with the portable computer. The APM BIOS might not detect a video card that is added to the system or a video card that is in a docking station. If the adapter is not discovered by the APM BIOS, the suspend feature does not work.

Power Management Schemes and Options

Whether you have an ACPI-based or an APM-based computer, several power management options are available for you to configure. These include choosing and configuring a power scheme, enabling the battery status indicator, configuring the power and sleep buttons, and setting low-battery alarms.

Configuring Power Schemes

Using power schemes, you can configure how and when a computer turns off devices, enters a suspend state, or changes processor performance levels on mobile systems that support this function. You can configure these settings according to the power source in use—whether the computer is plugged into a wall outlet or powered by battery. Depending on the hardware capability, you might be able to configure some of these settings even if the computer is not ACPI- or APM-enabled.

The following default power schemes are available in Windows XP Professional: Home/Office Desk, Portable/Laptop, Presentation, Always On, Minimal Power Management, and Max Battery. You can customize any scheme, or add or delete new schemes to fit a specific situation.

For more information about configuring the standby feature and the hibernate feature, see “Configuring Hibernation and Standby” later in this chapter.

The default power scheme on portable computers is Portable/Laptop; the Home/Office Desk scheme does not optimize battery power. You might need to change the power scheme based on how the computer is used. For example, you might choose the Presentation scheme to prevent the computer from turning off the display during a presentation.

To configure a power scheme

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Power Schemes tab.

  3. Select a power scheme. You can then change the settings in the power scheme to best meet your needs.

Configuring Hibernation and Standby

When a computer enters hibernation, the current state of the computer is saved to disk, and the power to the computer is turned off. When a computer wakes from hibernation, it reads the current state data from the disk and restores the system to the state that it was in before it entered hibernation. All programs that were running are restarted, and network connections are restored.

Hibernation is enabled by default. All ACPI-compatible and most APM-compatible computers can be set to enter hibernation.

Because the contents of the computer’s memory are written to disk when the computer enters hibernation, you must have at least as much available disk space as you have memory.

To disable hibernation

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Hibernate tab.

  3. Clear the Enable hibernate support check box.

    Note You must have the proper hardware to use hibernation. If the Hibernate tab is not available, the computer does not support hibernation.

When a computer enters standby, the computer’s state is saved to memory and most circuitry and devices are turned off. When a computer resumes from standby, the state is restored from memory and power is restored to all devices. If power is interrupted when the computer is in standby, data might be lost. All installed devices and device driver software must properly support power management for standby to be available.

To provide security, you can have the computer prompt the user for a user name and password after it resumes from hibernate or standby. Password protection is enabled by default.

To disable password protection when a computer resumes from standby

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Advanced tab.

  3. Clear the Prompt for password when computer goes off standby check box.

    Note When you must turn off your portable computer to comply with airline regulations, you must shut down the computer rather than allowing it to remain in standby. While in standby, the operating system can reactivate itself to run preprogrammed tasks or to conserve battery power. For more information about shutting down a computer, see Windows XP Professional Help and Support Center.

Configuring the Group Policy Refresh Interval for Hibernation or Standby

You can configure the refresh interval by using Group Policy, which controls how often policies are applied on the computer. By default, the refresh interval is 90 minutes, but it can be set to any value between 0 and 64,800 minutes. You can also set an interval offset, which is a random period of time that is applied to the refresh interval. Randomizing the refresh interval prevents clients with the same refresh interval from overloading the server by simultaneously requesting policy updates. By default, the interval offset is 30 minutes, meaning that a random time between 0 and 30 minutes is applied to the refresh interval.

In some cases, Group Policy refresh settings can prevent a computer from entering hibernation or standby. This is because a policy update resets the hibernation or standby timer (as moving the mouse or pressing a key does). For example, if a computer is set to enter hibernation or standby after being idle for 45 minutes but the Group Policy refresh interval is set at 30 minutes, the hibernation or standby timer never reaches 45 minutes. To ensure that the standby timer reaches 45 minutes (or whatever time you set), set the Group Policy refresh interval so that it is greater than the hibernation setting or standby setting in Power Options. You can also configure Group Policy so that it does not apply settings while the computer is being used.

To change the Group Policy refresh interval and the interval offset for User Configuration settings

  1. In the Run dialog box, type gpedit.msc.

  2. In the details pane of Group Policy, under User Configuration, open the Administrative Templates folder, and then open the System folder.

  3. Click Group Policy.

  4. In the details pane, double-click Group Policy refresh interval for users.

  5. Click Enabled.

  6. Change the settings for the refresh interval and the interval offset.

To change the Group Policy refresh interval and interval offset for Computer Configuration settings

  1. In the details pane of Group Policy, under Computer Configuration, open the Administrative Templates folder, and then open the System folder.

  2. Click Group Policy.

  3. In the details pane, double-click Group Policy refresh interval for computers.

  4. Click Enabled.

  5. Change the settings for the refresh interval and the interval offset.

To disable policy updates while a computer is running

  1. In the Run dialog box, type gpedit.msc.

  2. In the details pane of Group Policy, under Computer Configuration, open the Administrative Templates folder, and then open the System folder.

  3. Click Group Policy.

  4. In the details pane, double-click Turn off background refresh of Group Policy.

  5. Click Enabled.

Configuring Battery Monitoring and Management

Windows XP Professional allows you to monitor and manage a portable computer’s battery by using Power Meter. Windows XP Professional can also monitor multiple batteries. Battery monitoring and management are available only on ACPI-enabled and APM-enabled computers.

By default, the battery status icon will appear on the taskbar whenever the computer is operating on battery power. You must enable the battery status icon to make it appear on the taskbar at all times. This icon gives users direct access to the power meter feature, allows selection of the current power scheme, and offers direct access to power properties by means of the Power Options Control Panel option.

To add the battery status icon to the taskbar

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Advanced tab.

  3. Select the Always show icon on the taskbar check box.

    Note The display icon changes from a battery to a plug depending on the computer’s power source—battery power or wall outlet. The display also changes to indicate that the battery is charging or fully charged and shows the remaining battery capacity when the computer is operating on battery power.

If your portable computer uses multiple batteries, you can also configure the battery meter to display the status of multiple batteries.

To configure the battery meter for multiple-battery computers

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Power Meter tab.

  3. Click Show details for each battery.

You can set alarms to indicate low-battery and critical-battery levels. You can select visual and audible alarm notifications, specify an action to take such as making a change in power state (standby, hibernation, shutdown), and specify the execution of a program to be run.

To configure alarms to indicate low-battery and critical-battery levels

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Alarms tab.

  3. Set the battery activation levels that you want.

  4. Click Alarm Action to configure the behaviors of an activated alarm.

Configuring Power Button, Sleep Button, and Lid Switch Behavior

ACPI-enabled mobile computers can have up to three buttons for controlling system power: a Power button, a Sleep button, and a Lid Switch. Windows XP Professional allows you to configure the action of each button as follows:

  • Do nothing

  • Ask me what to do

  • Sleep

  • Hibernate

  • Shut down

To configure power system button functionality

  1. In Control Panel, click Performance and Maintenance, and then click Power Options.

  2. Click the Advanced tab.

  3. Under When I close the lid of my portable computer, select a lid-switch action.

  4. Under When I press the power button on my computer, select a power-button action.

Under When I press the sleep button on my computer, select a sleep-button action.

Enabling Devices to Wake the Computer

On ACPI-compatible systems, Windows XP Professional can enable some devices to wake the system from hibernation or standby. Windows XP Professional supports wake events such as modem wakeon-ring, wakeon-LAN, and wakeon-critical battery. Windows XP Professional also supports wakeon-LAN for CardBus network adapters. Note that for the wake features to function, they must be supported by the appropriate computer hardware.

To enable a device to wake the computer

  1. In Control Panel, click Performance and Maintenance, and then click System.

  2. Click the Hardware tab, and then click Device Manager.

  3. Select the device that you want to wake the system, and then double-click to open the Properties dialog box.

  4. On the Power Management tab, click Allow this device to bring the computer out of standby.

    If no Power Management tab appears, the device does not support system wake.

Hiding Power Options

You can prevent users from configuring power options by specifying Control Panel settings in Group Policy. You can disable Control Panel entirely, hide specific Control Panel tools, and show specific Control Panel options. Hiding Power Options can be beneficial if you have configured the power options and you do not want users to change those options. However, if you hide Power Options, users have no means to reconfigure power management settings if they need to be changed while they are away from the office. For example, portable computer users frequently use the Portable/Laptop power scheme. When they use the portable computer for a presentation, however, it is recommended that they switch to the Presentation scheme to prevent the portable computer from turning off the display or entering standby or hibernation during the presentation. Users cannot change power schemes or any other power option if Power Options is not available.

To hide Power Options by using Group Policy settings

  1. In the Run dialog box, type gpedit.msc.

  2. In the Group Policy console tree, under User Configuration, open Administrative Templates.

  3. Click the Control Panel folder.

  4. In the details pane, double-click Hide specified control panel applets.

  5. In the Hide specified Control Panel applets Properties dialog box, click Enabled, and then click Show.

  6. Click Add.

  7. Type either the name of the Control Panel utility (power options) or its associated .cpl file (powercfg.cpl).

    Typically, Power Options appears in the Show Contents dialog box, under List of disallowed control panel applets.

To disable Control Panel by using Group Policy settings

  1. In the Run dialog box, type gpedit.msc.

  2. In the Group Policy console tree, under User Configuration, open the Administrative Templates folder.

  3. Click the Control Panel folder.

  4. In the details pane, double-click Prohibit access to the Control Panel.

  5. Click Enabled.

    Warning Disabling Control Panel in Group Policy prevents Control.exe from starting. This removes Control Panel from the Start menu and removes the Control Panel folder from My Computer.

Configuring Roaming User Profiles and Folder Redirection

A user profile is a group of settings and files that defines the environment that the system loads when a user logs on.

A user profile contains:

  • A portion of the registry that stores registry settings such as Windows Explorer settings, persistent network connections, taskbar settings, network printer connections, user-defined Control Panel and Accessories settings, and application settings.

  • A set of profile folders that store information such as shortcut links, desktop icons, and startup applications.

User profiles are located by default on the local computer; one profile is created for each user who has logged on to that computer. When administrators configure profiles to roam, the data and settings in a user’s profile are copied to a network server when the user logs off of the computer. The data and settings are then available to the user no matter where he or she next logs on to the network.

While useful for mobile users, roaming user profiles are also beneficial for users who always use the same computer. Roaming user profiles provide a transparent way for such users to back up their profiles to a network server, thus protecting the information from individual system failure. If a user’s primary workstation needs to be replaced, the new computer receives the user’s profile from the server as soon as the user logs on.

You can use roaming user profiles together with Remote OS Installation and Software Installation and Maintenance when you replace a computer. If a computer system fails and loses its data, you can use Remote OS Installation to install Windows XP Professional, use Software Installation and Maintenance to restore applications, and use roaming user profiles to restore critical information. Because a network copy of the data exists, you can easily reestablish links to critical information.

Roaming user profiles are configured by means of the user object contained in the Active Directory directory service on the domain controller. For more information about configuring roaming user profiles on Microsoft Windows 2000 Server, see the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit.

Roaming user profile considerations for mobile users

The following guidelines can be used when planning profile configurations for users of mobile computers:

  • If the user regularly connects to the network via fast link, consider using a roaming user profile.

  • If the user rarely connects via fast link, use a local profile. By default, roaming user profiles do not roam over slow links. For example, if a user in the field generally connects via a dial-up connection but comes into the office twice a year and connects via the LAN, a roaming profile offers little advantage because the server copy would be up-to-date only on those two occasions.

  • If the user roams to LAN-connected computers in the domain and also has a laptop computer, use a roaming user profile for the user. For the laptop computer, enable the Group Policy setting Only allow local user profiles. Note that a Computer Configuration Group Policy setting takes precedence over a User Configuration setting, so the user will receive his or her User setting on desktop computers but will receive the Computer setting on the laptop computer.

Roaming User Profiles in Windows XP Professional

Windows XP Professional includes new Group Policy settings, support for Windows XP Professional fast network logon, and more robust roaming. These features increase the usability, resilience, and performance of roaming user profiles.

New Group Policy Settings

The Group Policy settings that you use to manage user profiles have been moved to their own folders in the Group Policy snap-in, under Computer Configuration\Administrative Templates\System\User Profiles and User Configuration\Administrative Templates\System\User Profiles. In addition, three new Computer Configuration settings are available with Windows XP Professional.

Prevent roaming-profile changes from propagating to the server

Determines whether changes users make to their roaming profiles are merged with the server copy of the profile. If this policy is set, users receive their roaming profiles when they log on, but any changes they make to their profiles will not be merged to their roaming profiles when they log off.

Add the Administrators security group to roaming user profiles

In Windows XP Professional, the default file permissions for newly generated roaming profiles are full control for the user and no file access for the Administrators group. By default, an administrator must take ownership of a user’s profile folder to gain access to it. Because taking ownership is an audited event, this increases the security of the profile folder. This policy allows the Administrators group to have full control of the user’s profile directories, as in Windows NT 4.0.

Only allow local user profiles

Determines whether roaming user profiles are available on a particular computer. By default, when a roaming profile user logs on, his or her roaming profile is copied from the server to the local computer. If the user has already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off of this computer, the local copy of his or her profile, including any changes that have been made, is merged with the server copy.

Using the Group Policy setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.

Support for Windows XP Professional Fast Network Logon

To speed the startup and logon process, Windows XP Professional does not require that the network be fully initialized before a client computer can start up or before a user can log on. If a user has previously logged on to a particular client computer, he or she is subsequently logged on using credentials cached on that computer.

When a user switches from using a local profile to using a roaming profile, Windows XP Professional copies relevant portions of the user’s registry from the server instead of from the local computer, to prevent an older local copy from overwriting the server copy. Thereafter, whenever the roaming user logs on, the computer always waits for the network, so the profile can be downloaded from the server.

When fast network logon is enabled (as it is by default in Windows XP Professional), if administrators remove the profile path from a user’s object, it is recommended that they also either rename or delete the corresponding profile folder. If they do not and an administrator later reenters the same path, the user will receive the older copy of the registry from the server.

More Robust Roaming

In Windows 2000, certain applications and services keep registry keys open after the user logs off, preventing Windows from unloading the user’s registry. When this occurs, profiles become locked and changes that users have made to their profiles are not saved to the server. This situation creates three problems for users:

  • The user experience is affected because users might wonder why changes have not been saved when they log on to another computer.

  • Because locked profiles are never unloaded, they use excessive memory on computers on which many users must log on (such as terminal servers).

  • Profiles that are marked for deletion when users log off (to clean up the computer or for temporary profiles) are not deleted.

Windows XP Professional provides the following solutions to these problems:

  • Sixty seconds after a user logs off, Windows XP Professional saves the user’s registry and roams the profile correctly. In Windows 2000, if the profile is locked when a user logs off, Windows polls the profile for 60 seconds and then quits.

  • When the application or service closes the registry key that unlocks the profile, Windows XP Professional unloads the user’s registry, freeing the memory used by the profile.

  • If a profile is marked for deletion when the user logs off, it is deleted when the reference count drops to zero. If the application does not release the registry key, Windows XP Professional deletes all profiles marked for deletion the next time the computer starts.

Combining Folder Redirection with Roaming User Profiles

The Folder Redirection feature of IntelliMirror allows an administrator to redirect the location of certain folders in the user profile to a network location. Combining Folder Redirection with roaming user profiles allows you to decrease logon and logoff times for roaming and mobile users. A common practice is to redirect My Documents and My Pictures, and allow Application Data, Desktop, and Start Menu to roam with the profile. In addition to the benefits of improved availability and secure backup that having the data on the network provides, users also realize performance gains over low-speed network connections and in subsequent logon sessions. Because only some of their documents are copied, performance is improved when users’ profiles are copied from the server. Not all the data in the user profile is transferred to the desktop each time the user logs on—only the data that user accesses during a session.

When you combine the use of Folder Redirection and roaming user profiles, you can also provide fast computer replacement. If a user’s computer needs to be replaced, the user’s data can quickly be reestablished from the server location(s) to a replacement computer.

Note When implementing roaming user profiles or Folder Redirection for users of laptop computers, keep in mind that the user must log on at least once over a fast link for these features to apply. If an administrator configures the laptop in the office, he or she should make sure the user of the laptop logs on to it while still connected via fast link before taking it into the field. An alternative is to use Group Policy to change the slow link speed temporarily.

Note that Folder Redirection can be used with all types of user profiles: local, roaming, or mandatory. Using Folder Redirection with local profiles can provide some of the benefits of roaming profiles (such as having a user’s data available at any computer, and maintaining data on the server) without the need to implement roaming profiles. Using Folder Redirection with a local profile, however, means that only the user’s documents and files are available from all computers. To allow settings and configurations to move with the user, you need to use roaming profiles.

For more information about using Group Policy to configure Folder Redirection on an Active Directory network, see the Step-by-Step Guide to User Data and User Settings link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. For more information about alternate means of configuring Folder Redirection for non–Active Directory environments, see Chapter 6, “Managing Files and Folders.”

Table 7-2 lists the folders in a user profile, provides the default behavior for each folder, and indicates whether the folder can be redirected using Folder Redirection. For more information about selecting which folders to redirect and which to leave in the profile, see Chapter 6, “Managing Files and Folders.”

Table 7-2 Default Behavior of Profile Folders

Folder Name

Description

Roams with Profile by Default

Can Be

Redirected Using Folder Redirection

Application Data*

Stores application state data, such as toolbar settings and other non-registry-based settings. Application vendors decide what to store here.

Yes

Yes

Cookies

Contains user’s Microsoft Internet Explorer cookies.

Yes

No

Desktop

Contains user-specific contents of the desktop.

Yes

Yes

Favorites

Contains user’s Internet Explorer favorites.

Yes

No

Local
Settings*

Contains temporary files and per-user non-roaming application data. It is a container for application settings and data that do not roam with the profile, and cannot be redirected. This information is usually computer-specific or too large to roam effectively. Application vendors can also opt to store temporary data here in addition to or instead of in the Application Data folder.

No

No

History*

Contains the Internet Explorer history. This is a subfolder under Local Settings.

No

No

Temp*

Contains temporary files. This is a subfolder under Local Settings.

No

No

Temporary Internet Files*

Contains the Internet Explorer offline cache. This is a subfolder under Local Settings.

No

No

My Documents (and its subfolders My Pictures, My Music, My Videos)

The default location for documents that the user creates. Applications need to be written to save files here by default.

Yes

Yes

NetHood*

Contains shortcuts to My Network Places items.

Yes

No

PrintHood*

Contains shortcuts to printer folder items.

Yes

No

Recent*

Contains shortcuts to the most recently used documents, such as Most Recently Used (MRU) lists in applications.

Yes

No

Send To*

Contains shortcuts to document storage locations and applications.

Yes

No

Start Menu

Contains shortcuts to program items.

Yes

Yes

Templates*

Contains shortcuts to per-user customized template items, such as templates that a user creates in Microsoft Word or Microsoft Excel.

Yes

No

*These folders are hidden by default.

To view hidden folders

  1. In My Computer, on the tools menu, select Tools, and then click Folder Options.

  2. Select the View tab, and click Show Hidden Files and Folders.

Configuring Offline Files for Portable Computers

By using Offline Files, users can disconnect from the network and work as if still connected. When the computer is offline, the files and folders appear in the same directory that they appear in online—as if they are still in the same location on the network. This allows the user working offline to edit files. The next time the user connects to the network, the offline changes are synchronized with the network share. Any changes that were made while the user was working offline are updated to the network.

Offline Files is especially useful for mobile users with portable computers because they can use it to access their files when they are not connected to the network. Thus users can always open, update, and work with current versions of network files when they are not connected to the network.

Offline Files stores the data in the computer’s cache to make network files available offline. The cache is a portion of disk space that a computer accesses when it is not connected to the network. The view of shared network items that you make available offline is the same as the view online, even if users lose a connection to the network or remove a portable computer from the docking station. Users have the same access permissions to those files and folders that they have when they are connected to the network.

If two users on the network make changes to the same file, they can save their own version of the file to the network, keep the other user’s version, or save both.

You can make shared files or folders available for offline use from any computer that shares files by using server message block (SMB)–based file and printer sharing, which includes any computer running Windows 2000, Windows 95, Windows 98, or Windows NT 4.0. The Offline Files feature is not available on Novell NetWare networks. When configuring a shared folder, you have the option to choose whether all the files in the folder are automatically available offline, or whether a user must explicitly mark a file to be available offline.

Offline Files is a stand-alone technology, which means that you do not need to pair it with Folder Redirection and set up and configure network shares. However, pairing the two technologies works well. By default, any folder that is redirected is available offline as well.

In Windows XP Professional, all the files in a redirected folder, including subfolders, are automatically made available offline. You can disable automatic caching of redirected folders by using the Group Policy setting Do not automatically make redirected folders available offline, under User Configuration\Administrative Templates\Network\Offline Files.

Note In Windows 2000 Professional, redirected folders are not automatically made available offline. To make folders available offline, administrators use the policy setting Administratively assigned offline files, or the users manually make all files available offline.

Configuring Files on a Network Share for Offline Use

Before you can have offline access to the files on a shared network folder, you must specify how the files in the folder are stored in a cache on the client computer—in this case, the user’s portable computer. For nonexecutable files, such as word processing documents, spreadsheets, and bitmaps, there are two options for storing files: automatic caching, and manual caching.

Automatic Caching

Automatic caching makes a file available offline by creating a locally stored copy of the file when a user opens the file on a portable computer. Automatically stored files might not always be available in the cache because Offline Files might remove, or purge, them when the cache becomes full. Offline Files will purge files based on frequency of use. Automatic caching is most useful when you have an unreliable or unpredictable network connection. For example, if a user is working on an automatically stored file and the portable computer is disconnected from the network, the user can continue working on the file without interruption. To make a file available offline at all times, you can use My Computer to mark the file as Always available offline. For more information about making files available offline, see Chapter 6, “Managing Files and Folders.”

Manual Caching

Manual caching makes a file or a folder available offline, but only when it is pinned, that is, manually marked on the user’s computer. A manually stored file or folder that is not pinned on the user’s computer is not available offline. Manual caching is useful for users who need access to a file or folder all the time or for users who need access to entire folders, especially folders that contain documents created by or modified by other users. For example, manual caching works well for users who frequently use a portable computer away from the office without a network connection but still need access to many files on the network. In this case, you can manually pin folders on the user’s portable computer to make those folders available to the user when away from the office. Automatic caching is not ideal in this case because the files in the network folder are not locally stored unless the portable computer user opens each file while the portable computer is connected to the network share.

To configure automatic or manual caching on a shared network folder

  1. Right-click the shared folder that you want to configure, click Properties, and then click the Sharing tab.

  2. In the Properties dialog box, click Caching.

  3. In the Setting box, select a type of storing.

    On the Setting box menu, you can also choose Automatic caching of programs and documents, which is useful if a user runs programs from the network. This option stores a copy of a network program on the user’s hard disk so that the user can run the program offline. However, users of portable computers must be careful when using this feature because only the program files that are executed are stored on the local computer. For example, if you run Microsoft Word from a network share but you do not use the spelling checker, the spelling checker is not stored. If you then run Word offline and try to run the spelling checker, the tool is not available. To avoid this problem, you can load all programs and associated tools locally on a portable computer and not use the Automatic caching of programs and documents option.

Configuring Synchronization for Offline Files

Synchronization ensures that any changes made to offline files and folders are propagated back to the network and that any changes that have occurred on the network are propagated to the user’s computer. Some synchronization features and options relate specifically to portable computers. For more information about all synchronization options, see Chapter 6, “Managing Files and Folders.”

For synchronization to occur, the hard disk on a user’s portable computer must be turned on so that files can be copied from the network to the local cache and files in the local cache can be copied to the network. Synchronization might not be an optimum use of power for a portable computer running on battery power. However, certain options allow you to set synchronization to occur when a computer runs on battery power. You can also use Group Policy to synchronize all offline files before logging off.

Synchronizing Offline Files by Using Group Policy

To ensure that all offline files are fully synchronized, you must enable the Group Policy setting Synchronize all offline files before logging off in the Administrative Templates\Network\Offline Files folder. When this Group Policy setting is enabled, all files in the user’s redirected folder are available when the user is working offline. If this setting is not enabled, the system performs only a quick synchronization, and as a result only files that were used recently are cached. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.

Enabling Synchronization During an Idle State

By default, offline files are not synchronized when a computer is in an idle state and using battery power. This is because portable computers rely on a low-power idle state to conserve battery power, and you might not want to use battery power to synchronize files. You can change the default so that synchronization occurs when the computer is idle and running on battery power.

To enable synchronization when a computer running on battery power is idle

  1. In All Programs, point to Accessories, click Synchronize, and then click Setup.

  2. In the Synchronization Settings dialog box, click the On Idle tab, and then click Advanced.

  3. In the Idle Settings dialog box, clear the Prevent synchronization when my computer is running on battery power check box.

Preventing Scheduled Synchronization

You can schedule synchronization to occur on specific days and at specific times. Because a scheduled synchronization is often a low-priority task that consumes power, Windows XP Professional allows you to prevent scheduled synchronization from occurring when a computer is running on battery power.

To prevent scheduled synchronization from occurring when a computer is running on battery power

  1. In All Programs, point to Accessories, click Synchronize, and then click Setup.

  2. In the Synchronization Settings dialog box, click the Scheduled tab.

  3. Click a scheduled task, and then click Edit.

  4. On the Settings tab, under Power Management, select the Don’t start the task if the computer is running on batteries check box.

If a scheduled synchronization is in progress and a portable computer is switched from alternating current to battery power, you can have Windows XP Professional cancel synchronization. This might occur if scheduled synchronization starts on a docked portable computer that is using a wireless network connection and the user performs a hot undock.

To stop scheduled synchronization when the computer is running on battery power

  1. In All Programs, point to Accessories, and then click Synchronize.

  2. In the Items to Synchronize dialog box, click Setup.

  3. Click the Scheduled tab.

  4. Click a scheduled task, and then click Edit.

  5. On the Settings tab, under Power xManagement, select the Stop the task if battery mode begins check box.

Enabling Automatic Connection During Scheduled Synchronization

If a computer is not connected to a network when a synchronization is scheduled to start, you can configure Windows XP Professional to connect so that synchronization can occur. In this case, Windows attempts to connect to the designated network, detects that the computer is not connected to the network, and then informs the user that the network is not available. By default, Windows does not connect if there is no network connection at the time of synchronization. Although you might use this option for portable computer users who are normally connected to the network, you might not want to enable it for users who frequently use the portable computer while it is disconnected from the network.

To enable automatic connection for scheduled synchronization

  1. In All Programs, point to Accessories, click Synchronize, and then click Setup.

  2. On the Scheduled tab, under Current synchronization tasks, click a scheduled task, and then click Edit.

  3. On the Synchronization Items tab, select If my computer is not connected when this scheduled synchronization begins, automatically connect for me.

Windows does not provide a system-wide definition or threshold for a slow link. Instead, it allows every system component to define a slow link according to its own capabilities and requirements. For example, one component might define a slow link as 28.8 kilobits per second (Kbps) while another might define it as 56 Kbps. For Offline Files and synchronization in an Active Directory environment, you can use Group Policy settings to define file synchronization behavior over a slow link. The default slow link threshold value is 64 Kbps.

A slow-link connection affects synchronization by preventing the following:

  • Automatic transition of shared network folders from an offline to an online state

  • Copying of newly added files from the network share to the user’s computer

In Windows XP Professional and Windows 2000 Server or later, you can use the Configure slow link Group Policy setting located in Computer Configuration\Administrative Templates\Network\Offline Files to define the threshold value at which Offline Files considers a network connection to be slow.

For more information about the Group Policy settings associated with Offline Files, see Chapter 6, “Managing Files and Folders.”

Transitioning from an offline state to an online state

After a network share has been offline to a user—for example, if a server goes offline and is then brought back online, or a user undocks a portable computer and then docks it—the share becomes available online for the user if the following three conditions are true:

  • No offline files from that network share are open on the user’s computer.

  • None of the offline files from that network share have changes that need to be synchronized.

  • The network connection is not considered a slow link.

When these conditions are true and a user opens a file on the network share, the user is working online on that network share. Any changes that the user makes are saved to both the file on the network share and the file stored in the Offline Files folder. If any one of the conditions is not true and a user opens a file on the network share, the user is still working offline even though the network share is available. Any changes that the user makes are saved only to the offline version of the file.

When a user first connects to a network over a slow-link connection, the user is only working offline on any shared network folders even though the online folders are available. To start working online with a shared network folder, the user must synchronize the shared network folder. Synchronization shifts the folder to an online state and pushes any offline files that have changed to the shared network folder. To pull files from the shared network folder to the Offline Files folder, the user must perform a second synchronization, which pulls files that have changed from the network share to the Offline Files folder.

Note When you use a slow-link connection, a second synchronization does not pull newly created files from the network share to the Offline Files folder. To make new files on the network share available offline during a slow-link connection, you must pin the files.

Making network shares available without synchronization

Slow-link connections can prevent a network share from coming online even though the network share is available. Although you can bring the network share online by synchronizing it, this method might not be ideal. For example, when a user’s portable computer is disconnected from the network and the user requires access to a file on a shared network folder that has been made available offline, a file to which the user has made several changes offline might not be ready to synchronize with the network share. Or, the user might be in a hurry and does not want to take the time to synchronize files. The user wants only to connect to the network, get the new file from the network share, and then log off. Windows XP Professional provides a way for the user to make a folder available online without synchronizing offline files.

To make a folder available online without synchronizing offline files

  1. In the notification area, click the Offline Files icon to open the Offline Files Status dialog box.

  2. Select Work online without synchronizing changes.

    Note The Offline Files icon appears in the notification area when users are working offline.

Securing Offline Files

Windows XP Professional provides several methods of protection for offline files. The Offline Files folder, including the Offline Files database and the stored offline files, is secured against unauthorized access by administrator permissions. Additionally, the same permissions that protect their network counterparts protect offline files and folders. Windows XP Professional also supports encryption of offline files.

Offline Files Folder Security

Offline files are stored (cached) in the Offline Files folder. Each computer has only one Offline Files folder, even if the computer is shared by multiple users, and all offline files are stored in this folder. By default, this folder is protected by administrator permissions so that unauthorized users cannot view the contents. However, these permissions are applied to the folder only if the folder is located on a drive that is formatted to use NTFS. Windows XP Professional notifies you of this limitation when you first cache an offline file on a FAT or FAT32 drive. For more information about file system security, see Chapter 13, “Working with File Systems.”

Offline File and Folder Permissions

In addition to the protection afforded by the permissions on the actual Offline Files folder, offline files and folders retain the permissions set for them on the network share. This type of security is important if multiple users share a single computer. For example, if a user creates a file on a network share, changes its permissions so that only that user has access to the file, and then makes the file available offline, another user who tries to open the offline version of the file on the user’s computer is denied access, just as if the second user tried to open the file directly on the network share.

This type of security is applied to offline files regardless of the formatting of the user’s hard disk. Thus, if you set permissions on a file on a network share that is formatted to use NTFS and you make that file available offline on a computer that has a FAT or FAT32 drive, the permissions carry over to the offline version of the file, even though the drive is formatted to use FAT or FAT32.

Encrypting Offline Files

You can secure data on portable computers by encrypting the offline files. Windows XP Professional provides Encrypting File System (EFS) support for Offline Files. The local cache of Offline Files can be encrypted if the cache directory resides on an NTFS volume. When the cache is encrypted, the local copy of a cached file is automatically encrypted.

To encrypt offline files

  1. In Folder Options, click the Offline Files tab.

  2. Select the Encrypt Offline files to secure data check box.

You can also use Group Policy to apply this option to groups of users. In the Group Policy snap-in, go to Computer Configuration\Administrative Templates\Network\ Offline Files.

Offline files stored on local hard disks are secured by EFS; however, the files are encrypted in the system context and the encryption applies to all users of the local computer. If both the local computer and the remote computer where the files are stored are encrypted, files are encrypted at all times. If the local computer is encrypted but the remote location of the files is not, the files are encrypted while they are stored locally.

If the remote location is encrypted and the local computer is not, however, you are warned when you try to make a file available offline that it will not be encrypted on the local computer. You can override the default and make the files available; when you attempt to synchronize the files, the local copy will be deleted.

Managing the Offline Files Folder

Portable computer users who frequently work offline might accumulate hundreds of files in the Offline Files folder on their hard disk. Because many of these files might be out of date, rarely used, or no longer needed offline, you might want to delete them from the Offline Files folder (the cache) to maximize the available disk space. Users might also want to delete files in the Offline Files folder if a network share has been deleted or is no longer available. In addition to deleting individual files, you can reinitialize the Offline Files cache, which deletes the entire contents of the Offline Files folder and resets the Offline Files database. Reinitializing the Offline Files cache is useful when you transfer a computer to a new user or when a user has been working offline with sensitive or proprietary documents and you want to ensure that they are no longer available offline or that they are not in the cache.

You can safely remove offline files from the cache without affecting network files or folders by deleting files from the Offline Files folder or by reinitializing the cache. Do not delete or move any files directly from the systemroot\CSC folder. For more information about deleting offline files from the cache without affecting network files or folders, see Chapter 6, “Managing Files and Folders.”

Securing Portable Computers

Because portable computers are vulnerable to theft, it is important that you provide security for portable computers and the data that is stored on them. You can do this by formatting hard disks to use NTFS so that permissions can be set and encryption can be enabled on files and folders by means of Encrypting File System. You can also add portable computer users to the Power Users group so that they have maximum control of the portable computer without having full control of the system. Ensuring that users use strong passwords to log on to their portable computers and that administrators use strong passwords for the local administrator account is another important security measure. Also, Group Policy settings can be used to restrict access to the computer and any data that is stored on it. For more information about these security features, see Chapter 16, “Understanding Logon and Authentication,” Chapter 6, “Managing Files and Folders,” and Chapter 18, “Using Encrypting File System.”

Securely Undocking Portable Computers

Portable computers can be undocked in two ways, depending on the type of docking station, the type of portable computer, and the permissions and Group Policy settings that have been implemented on the computer. A portable computer can be undocked in the following circumstances:

  • While the portable computer is shut down and the power is off, a user physically ejects it or removes it from the docking station (a cold undock).

  • While the portable computer is running, a user uses the Eject PC command in Windows XP Professional to eject the computer from the docking station, before physically removing the computer (a hot undock).

To prevent an unauthorized user from undocking a portable computer from a docking station, the portable computer or docking station must include some type of physical lock. Portable computers might simply use a keyed lock that must be manually unlocked to prevent undocking by unauthorized users. Docking stations can include a lock as well, some of which can be programmatically controlled. For example, some docking stations allow administrators to require that an authorized user log on and select Eject PC before freeing the lock and allowing physical removal of the portable computer from the docking station.

You can choose a local Group Policy setting that controls who has undocking privileges on a portable computer. If a user has undocking privileges, he or she is able to use the Eject PC command. If the user does not have undocking privileges, the Eject PC command is not available. However, any program can call the application programming interface (API) that controls the Eject PC command, which means that any program can have its own button or menu item that tries to eject a portable computer. If a user tries to use such a button or menu item and does not have undocking privileges, the command fails.

By default, undocking permissions are granted to a user during a clean installation of Windows XP Professional and during an upgrade from Windows 95, Windows 98, or Windows NT 4.0. To prevent a user from undocking, you must use Group Policy to set undocking privileges.

To set undocking privileges by using Group Policy

  1. In the Run dialog box, type gpedit.msc.

  2. In the details pane of Group Policy, under Computer Configuration, open Windows Settings, Security Settings, Local Policies, and open the User Rights Assignment folder.

  3. In the details pane, right-click Remove computer from docking station, and then click Properties.

  4. In the Properties dialog box, click Add to add users and groups to the list.

    – or –

    Click Remove to remove users and groups from the list.

    Warning Restricting undocking privileges offers no security benefits if the docking station in question does not provide a programmatically controlled locking mechanism.

Windows XP Professional BIOS Security

Some computers allow you to implement system security or device security at the BIOS level. Typically, equipment manufacturers implement this type of security by requiring a password at startup while the BIOS is loading. If the user enters an incorrect password, the BIOS does not finish loading and the computer does not start; or the BIOS might finish loading, but it does not transfer control of the computer to Windows XP Professional. Although this type of security is designed to control access to the computer at startup, it might also control access when the computer resumes from a low-power state such as standby or hibernation. In these cases, users might have to enter the BIOS password when the system resumes from either standby or hibernation.

To implement BIOS security on a portable computer, contact the portable computer manufacturer to verify that it operates properly with the standby and hibernate features of Windows XP Professional. Also be aware that BIOS security can supercede Windows XP Professional security by preventing Windows XP Professional from taking control of the computer or other devices.

Using Infrared Hardware and Video Devices with Portable Computers

You can use infrared hardware and video devices with portable computers. Some devices and device types, however, have known compatibility problems with Windows XP Professional or have conflicts and limitations when they are used with Windows XP Professional.

Using Infrared Devices with Portable Computers

Windows XP Professional supports the IrTran-P image exchange protocol, which allows a computer to receive images and files from a digital camera or other digital image capture device. However, Microsoft ActiveSync version 3.0, the desktop synchronization technology for Microsoft Windows CE–based handheld computers, disables the IrTran-P service. If you must use ActiveSync 3.0 and the IrTran-P service, you need to toggle between the two services to use them. You can toggle between these services either by using Wireless Link in Control Panel or by using ActiveSync 3.0.

Note By default, the IrTran-P protocol is turned on in Windows, meaning that you can download images and files from a digital camera to a computer.

To turn IrTran-P protocol on and off

  1. In Control Panel, click Printers and Other Hardware, and then click Wireless Link.

  2. On the Image Transfer tab, select Use Wireless Link to transfer images from a digital camera to your computer to turn on the IrTran-P protocol.

    – or –

    Clear Use Wireless Link to transfer images from a digital camera to your computer to turn off the IrTran-P protocol.

To turn ActiveSync 3.0 on and off

  1. Open ActiveSync 3.0.

  2. On the Tools menu, click Options.

  3. On the Rules tab, select Open ActiveSync when my mobile device connects to turn on ActiveSync.

    – or –

    Clear Open ActiveSync when my mobile device connects to turn off ActiveSync.

Windows XP Professional also supports the IrDial protocol, which gives infrared devices access to the Internet and other networks by using the Point-to-Point Protocol (PPP). Cellular telephones that use IrDial do not require special installation and configuration because IrDial network connections are managed entirely by using the Network Connections folder.

To configure a connection for IrDial

  1. Double-click the connection that you want to configure.

  2. Click Properties.

  3. Under Connect Using, select Infrared Modem Port, and then click OK.

  4. Enter your user name and your password, and then click Dial.

For more information about infrared device configuration and Wireless Link in Control Panel, see Windows XP Professional Help and Support Center, or see Chapter 9, “Managing Devices,” and Chapter 25, “Connecting Remote Offices.”

Using Video Devices with Portable Computers

You can use the Windows XP Professional multiple monitor feature with a docked portable computer, but only if the docking station allows you to install Peripheral Component Interconnect (PCI) or Accelerated Graphics Port (AGP) video adapters. Also, the on-board video adapter (the one that is a part of the portable computer’s motherboard) must be designated as the VGA display device. Typically, this is not a problem, although the BIOS on some computers allows you to choose the video adapter that you want to use as the VGA device. In this case, you must designate the on-board video adapter.

Windows XP Professional does not support hot undocking of portable computers while they are using multiple monitors. To perform a hot undock on a computer using multiple monitors, you must first stop using all but one monitor. You can do this by detaching the secondary display before performing the hot undock.

To detach a secondary monitor

  1. In Control Panel, click Appearance and Themes, and then click the Display icon.

  2. Click the Settings tab, double-click the secondary monitor, and then click Attach.

  3. Click Apply to detach the monitor.

    Typically, the secondary monitor turns off, leaving the primary monitor running.

After you detach the secondary monitor, you can perform a hot undock.

Wireless Networking

With the rapid growth of wireless networking, users can access data from anywhere in the world, using a wide range of devices. Wireless networks offer additional benefits by reducing or eliminating the high cost of laying expensive fiber and cabling and by providing backup functionality for wired networks. Microsoft Windows XP Professional provides extensive support for wireless networking technology so that businesses can extend the capabilities of their enterprise networks to wireless devices.

Wireless networking for Windows XP Professional can be categorized by the size of the area over which data can be transmitted. Wireless Personal Area Networking (WPAN) operates over a small coverage area (approximately 10 meters). Wireless Local Area Networking (WLAN) operates to a larger coverage area (approximately 100 meters). This chapter provides an overview of WPANs and WLANs and describes how you can use the wireless networking support in Windows XP Professional to exchange data over WPANs and WLANS. It does not discuss wireless wide area networks (WWANs) or wireless metropolitan area networks (WMANs).

WPAN

A Wireless Personal Area Network (WPAN) includes data communication technology that allows devices that are in very close proximity to each other to access resources and exchange data, without the use of cables. These devices can automatically create an ad hoc network, an informal network of devices, often by using wireless connectivity. Because of their small size and limited processing power, WPAN devices lend themselves well to ad hoc networking. In an ad hoc network scenario, the wireless devices connect to each other directly rather than through wireless access points, which are used in infrastructure networks. In infrastructure networks, wireless stations (devices with radio network cards, such as portable computers) connect to wireless access points rather than directly to each other. These access points function as bridges between the devices and the existing network backbone.

The key WPAN technology supported in Windows XP Professional is Infrared Data Association (IrDA). IrDA is a WPAN technology that allows users with infrared-enabled devices to transfer files and images and to establish dial-up network connections and LAN access network connections.

Infrared Data Association

IrDA specifies a networking protocol that allows computers, printers, mobile phones, personal digital assistants, digital cameras, and other devices to exchange information over short distances by using infrared light. Infrared light is electromagnetic radiation covering a spectrum of wavelengths between 850 and 900 nanometers. These wavelengths are somewhat longer than visible light and are invisible to the human eye.

Because of the propagation properties of light, a clear line of sight is required between the devices communicating by infrared light. The clear line of sight requirement has some advantages (for example, when making a purchase with a mobile device, the required proximity between the devices ensures that you are communicating with the correct payment device) and some drawbacks (for example, you cannot connect a phone in your pocket to a portable computer on a desk), but there are numerous clear advantages to using infrared light for communication:

  • Infrared light offers large bandwidth.

  • The exchange of data by means of infrared light is not regulated by the FCC or any other governmental agency.

  • Infrared light does not interfere with radio frequency (RF) wireless networks.

  • All infrared radiation is confined to a room, preventing easy eavesdropping.

IrDA is a short-range, half duplex, asynchronous serial transmission technology. Furthermore, IrDA specifies three distinct modes of transmission for different data transmission rates: Serial Ir (SIR), Fast Ir (FIR), and Very Fast Ir (VFIR). The SIR specification defines a maximum data rate of 115.2 kilobits per second (Kbps). FIR specifies a data rate of 4 megabits per second (Mbps), and VFIR specifies a data rate of 16 Mbps. A number of intermediate speeds are also available. For more information about the intermediate speeds that are available over infrared, see the Driver Development Kits link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

IrDA User Profiles

The IrDA implementation in Windows XP Professional supports the following five user profiles:

  • File transfer (IrOBEX) enables easy file transfer between IrDA devices.

  • Printing (IrLPT) enables printing directly from IrDA devices to IrDA printers.

  • Image transfer (IrTran-P) enables point-and-shoot, one-step image transfer between digital cameras and Windows devices.

  • Dial-up networking (IrCOMM) enables dial-up Internet access through IR-enabled cellular phones.

  • LAN access and peer-to-peer networking (IrNET) enables network access through IR access points or through a direct network connection between two Windows devices.

These supported profiles provide the following advantages:

  • IrDA does not require use of cable.

    It is impossible to mismatch connectors and wiring with IrDA. The speed and configuration parameters are negotiated transparently at connect time and a common set is used for connection. IrDA at 16 Mbps is compatible with IrDA at 9.6 Kbps. Also, the IrDA connector is completely sealed, inexpensive, and available from multiple vendors.

  • IrDA and WinSock provide a common user-space API.

    The combination of IrDA and Windows Sockets (WinSock) presents the application programmer with a powerful yet simple Win32 user-space API that exposes multiple, fully error-corrected data streams. Serial and parallel ports are the only other point-to-point technologies that have a commonly available user-space API. IrDA defines rich functionality that does not exist with serial and parallel cables, and it borrows from the very successful client/server connection and programming model defined by the TCP/IP family of protocols and the WinSock APIs.

  • The open protocols of IrDA support other devices.

    WinSock exposes the IrDA TinyTP protocol to the application writer. A device that implements the TinyTP protocol can easily exchange data with Windows applications.

  • IrDA is uniquely suited for ad hoc point-to-point networking.

    The core IrDA services are similar to those exposed by the popular TCP protocol. Applications running on two different computers can easily open multiple reliable connections to send and receive data. As with TCP, client applications connect to a server application by specifying a device address (TCP host) and an application address (TCP port). Thus, the combination of IrDA and WinSock supports easy-to-use, zero configuration, ad hoc point-to-point networking.

For more information about installing, configuring, and using IrDA for wireless networking in Windows XP Professional, see “Wireless Networking” in Windows XP Professional Help and Support Center.

Additional Resources

These resources contain additional information related to this chapter.

  • Chapter 25, “Connecting Remote Offices”

  • Chapter 6, “Managing Files and Folders”

  • Chapter 9, “Managing Devices”

  • “Desktop Configuration Management” in the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit

  • “Wireless Networking” in Windows XP Professional Help and Support Center.

  • “Securing Mobile Computers” in the Microsoft Windows Security Resource Kit

  • Chapter 20, “Implementing Security for Mobile Computers”

  • Chapter 21, “Wireless Networking”