Managing System Properties

You use the System Properties dialog box to manage system properties. The following sections examine key areas of the operating system that can be configured using the System Properties dialog box.

The Computer Name Tab

The computer's network identification can be displayed and modified with the Computer Name tab of the System Properties dialog box, shown in Figure 1. As the figure shows, the Computer Name tab displays the full computer name of the system and the domain membership. The full computer name is essentially the Domain Name System (DNS) name of the computer, which also identifies the computer's place within the Active Directory hierarchy.

Figure 1: Use the Computer Name tab to display and configure system identification.

To access the Computer Name tab of the System Properties dialog box, follow these steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. Click the Computer Name tab.

The options on the Computer Name tab enable you to:

• Join a computer to a domain Click Network ID to start the Connect To A Domain Or Workgroup wizard, which guides you through modifying network access information for the computer. To join a computer to a domain, click Network ID and then click Next twice to accept the default options. Enter the name of your domain user account, the password for this account, and the name of the domain. Click Next and then follow the remaining prompts.

• Change a computer's name Click Change to change the computer name and the domain or workgroup associated with the computer.

Real World

For client computers to use the Domain Name System (DNS), the computer must have an appropriate computer name and a properly configured primary DNS suffix. Rather than using names that are cute or arbitrary, you should decide on a naming scheme that is meaningful to both users and administrators. In DNS, the computer's name serves as its host name, and the primary DNS suffix determines the domain to which it is assigned for name resolution purposes. Any unqualified host names that are used on a computer are resolved using the primary DNS suffix. For example, you are logged on to a computer with a primary DNS suffix of http://www.tech.cpandl.com and you ping CorpSvr28 at a command prompt. The computer directs the query to http://www.corpsvr28.tech.cpandl.com. By default, the primary DNS suffix is the domain in which the computer is a member. You can change a computer's primary DNS suffix if necessary. For example, if a computer's primary DNS suffix is http://www.seattle.tech.cpandl.com, you might want it to use the primary DNS suffix of http://www.cpandl.com to simplify name resolution in this large DNS hierarchy. To change a computer's primary DNS suffix, click Change on the Computer Name tab and then click More. Enter the desired primary DNS suffix in the text box provided and then close all open dialog boxes by clicking OK three times.

The Hardware Tab

The System Properties dialog box's Hardware tab provides access to Device Manager and Windows Update Driver settings. To access the Hardware tab of the System Properties dialog box, follow these steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. Click the Hardware tab.

The Device Manager, also included in the Computer Management console as an MMC snap-in. When you connect a new device, Windows Vista checks for drivers automatically using Windows Update. If you don't want a computer to check for drivers automatically, click the Windows Update Driver Settings button, and then, as appropriate, select either Ask Me Each Time I Connect A New Device Before Checking For Drivers or Never Check For Drivers When I Connect A Device, and then click OK.

Note

The Hardware tab no longer provides access to driver signing settings or hardware profiles. With Windows Vista, you configure driver signing settings through Active Directory–based Group Policy or Local Group Policy. Additionally, because Windows Vista uses a hardware-independent architecture, you can no longer configure hardware profiles on the Hardware tab.

The Advanced Tab

The System Properties dialog box's Advanced tab, shown in Figure 2, controls many of the key features of the Windows operating system, including application performance, virtual memory usage, user profile, environment variables, and startup and recovery.

Figure 2: The Advanced tab lets you configure advanced features, including performance options, environment variables, and startup and recovery.

Note

User profiles contain global user settings and configuration information. They are created the first time a user logs on to a local computer or domain and are different for local and domain accounts. A user's profile maintains the desktop environment so that it is the same each time the user logs on. You'll find an extensive discussion on user profiles in the chapter "Managing Existing User and Group Accounts" in Microsoft Windows Server 2003 Administrator's Pocket Consultant (Microsoft Press, 2003).

Setting Windows Performance

Many graphics enhancements have been added to the Windows Vista interface. These enhancements include many visual effects for menus, toolbars, windows, and the taskbar. You can configure Windows performance by completing the following steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. To display the Performance Options dialog box, click the Advanced tab in the System Properties dialog box and then click Settings on the Performance panel.

6. The Visual Effects tab is selected by default. You have the following options for controlling visual effects:

   • q Let Windows Choose What's Best For My Computer Enables the operating system to choose the performance options based on the hardware configuration. For a newer computer, this option will probably be identical to the Adjust For Best Appearance option. The key distinction, however, is that this option is chosen by Windows based on the available hardware and its performance capabilities.

   • q Adjust For Best Appearance When you optimize Windows for best appearance, you enable all visual effects for all graphical interfaces. Menus and the taskbar use transitions and shadows. Screen fonts have smooth edges. List boxes have smooth scrolling. Folders use Web views and more.

   • q Adjust For Best Performance When you optimize Windows for best performance, you turn off the resource-intensive visual effects, such as slide transitions and smooth edges for fonts, while maintaining a basic set of visual effects.

   • q Custom You can customize the visual effects by selecting or clearing the visual effects options in the Performance Options dialog box. If you clear all options, Windows does not use visual effects.

7. When you are finished changing visual effects, click Apply. Click OK twice to close the open dialog boxes.

Setting Application Performance

Application performance is related to processor scheduling caching options that you set for the Windows Vista system. Processor scheduling determines the responsiveness of applications that are running interactively (as opposed to background applications that might be running on the system as services). You control application performance by completing the following steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. To display the Performance Options dialog box, click the Advanced tab in the System Properties dialog box and then click Settings on the Performance panel.

6. The Performance Options dialog box has several tabs. Click the Advanced tab.

7. In the Processor Scheduling panel, you have the following options:

   • q Programs To give the active application the best response time and the greatest share of available resources, select Programs. Generally, you'll want to use this option for all Windows Vista workstations.

   • q Background Services To give background applications a better response time than the active application, select Background Services. Generally, you'll want to use this option for Windows Vista computers running as servers (meaning they have server-like roles and are not being used as Windows Vista workstations). For example, a Windows Vista computer may be the print server for the department.

8. Click OK.

Configuring Virtual Memory

Virtual memory enables you to use disk space to extend the amount of available RAM on a system. This feature of processors using Intel 386 and later writes RAM to disks using a process called paging. With paging, a set amount of RAM, such as 1024 MB, is written to the disk as a paging file, where it can be accessed from the disk when needed in place of physical RAM.

An initial paging file is created automatically for the drive containing the operating system. By default, other drives don't have paging files, so you must create these paging files manually if you want them. When you create a paging file, you set an initial size and a maximum size. Paging files are written to the volume as a file named PAGEFILE.SYS.

Real World

Windows Vista does a much better job than its predecessors do of automatically managing virtual memory. Typically, Windows Vista will allocate virtual memory at least as large as the total physical memory installed on the computer. This helps to ensure paging files don't become fragmented, which can result in poor system performance. If you want to manually manage virtual memory, you use a fixed virtual memory size in most cases. To do this, set the initial size and the maximum size to the same value. This ensures that the paging file is consistent and can be written to a single contiguous file (if possible, given the amount of space on the volume). In most cases, I recommend setting the total paging file size so that it's twice the physical RAM size on the system. For instance, on a computer with 1024 MB of RAM, you would ensure that the Total Paging File Size For Each Drive setting is at least 2048 MB.

You can manually configure virtual memory by completing the following steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. Click the Advanced tab in the System Properties dialog box.

6. Click Settings in the Performance section to display the Performance Options dialog box.

7. Click the Advanced tab and then click Change to display the Virtual Memory dialog box, shown in Figure 3. The following information is provided:

   • q Drive [Volume Label] and Paging File Size (MB) Shows how virtual memory is currently configured on the system. Each volume is listed with its associated paging file (if any). The paging file range shows the initial and maximum size values set for the paging file.

   • q Paging File Size For Each Drive Provides information on the currently selected drive and enables you to set its paging file size. Space Available indicates how much space is available on the drive.

   • q Total Paging File Size For All Drives Provides a recommended size for virtual RAM on the system and tells you the amount currently allocated. If this is the first time you're configuring virtual RAM, notice that the recommended amount has already been given to the system drive (in most instances).

   
   Figure 3: Virtual memory extends the amount of physical memory (RAM) on a system.

8. By default, Windows Vista manages the paging file size for all drives. If you want to manually configure virtual memory, clear the Automatically Manage Paging File Size For All Drives check box.

9. In the Drive list box, select the volume you want to work with.

10. Select Custom Size and then enter an initial size and a maximum size.

11. Click Set to save the changes.

12. Repeat steps 9–11 for each volume you want to configure.

13. Click OK and if prompted to overwrite an existing PAGEFILE.SYS file, click Yes.

14. If you updated the settings for a paging file that is currently in use, you'll see a prompt explaining that you need to restart the system for the changes to take effect. Click OK.

15. Click OK twice to close the open dialog boxes. When you close the System utility, you'll see a prompt asking if you want to restart the system. Click Restart.

You can have Windows Vista automatically manage virtual memory by following these steps:

1. Click the Advanced tab in the System Properties dialog box.

2. Click Settings in the Performance section to display the Performance Options dialog box.

3. Click the Advanced tab and then click Change to display the Virtual Memory dialog box.

4. Select the Automatically Manage Paging File Size For All Drives check box.

5. Click OK three times to close the open dialog boxes.

Tip

Clearing the pagefile on shutdown is a recommended security best practice. You can clear the pagefile on shutdown by enabling the Shutdown: Clear Virtual Memory Pagefile option. In Group Policy, this option is located under Local Policies\Security Options.

Configuring Data Execution Prevention

Data Execution Prevention (DEP) is a memory protection technology. DEP tells the computer's processor to mark all memory locations in an application as non-executable unless the location explicitly contains executable code. If code is executed from a memory page marked as non-executable, the processor can raise an exception and prevent it from executing. This prevents malicious code, such as a virus, from inserting itself into most areas of memory, because only specific areas of memory are marked as having executable code.

Note

32-bit versions of Windows support DEP as implemented by Advanced Micro Devices, Inc. (AMD) processors that provide the no-execute page-protection (NX) processor feature. Such processors support the related instructions and must be running in Physical Address Extension (PAE) mode. 64-bit versions of Windows also support the NX processor feature.

Using and configuring DEP You can determine whether a computer supports DEP by using the System utility. If a computer supports DEP, you can also configure it by completing the following steps:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System.

4. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

5. Click the Advanced tab in the System utility and then on the Performance panel, click Settings to display the Performance Options dialog box.

6. The Performance Options dialog box has several tabs. Click the Data Execution Prevention tab. The text at the bottom of this tab specifies whether the computer supports execution protection.

7. If a computer supports execution protection and is configured appropriately, you can configure DEP by using the following options:

   • q Turn On DEP For Essential Windows Programs And Services Only Enables DEP only for the operating system services, programs, and components. This is the default and recommended option for computers that support execution protection and are configured appropriately.

   • q Turn On DEP For All Programs Except Those I Select Configures DEP and allows for exceptions. Select this option and then click Add to specify programs that should run without execution protection. In this way, execution protection will work for all programs except those you have listed.

8. Click OK.

Understanding DEP compatibility To be compatible with DEP, applications must be able to explicitly mark memory with Execute permission. Applications that cannot do this will not be compatible with the NX processor feature. If you are experiencing memory-related problems running applications, you should determine the applications that are having problems and configure them as exceptions rather than completely disabling execution protection. In this way, you still get the benefits of memory protection and can selectively disable memory protection for programs that aren't running properly with the NX processor feature.

Execution protection is applied to both user-mode and kernel-mode programs. A user-mode execution protection exception results in a STATUS_ACCESS_VIOLATION exception. In most processes, this exception will be an unhandled exception and will result in termination of the process. This is the desired behavior because most programs violating these rules, such as a virus or worm, will be malicious in nature.

Unlike applications, execution protection for kernel-mode device drivers cannot be selectively disabled or enabled. Furthermore, on compliant 32-bit systems, execution protection is applied by default to the memory stack. On compliant 64-bit systems, execution protection is applied by default to the memory stack, the paged pool, and the session pool. A kernel-mode execution protection access violation for a device driver results in an ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY exception.

Configuring System and User Environment Variables

System and user environment variables are configured by means of the Environment Variables dialog box, shown in Figure 4. To access this dialog box, click the Advanced tab in the System Properties dialog box and then click the Environment Variables button.

Figure 4: The Environment Variables dialog box lets you configure system and user environment variables.

Creating an environment variable You can create environment variables by completing the following steps:

1. Click New under User Variables or under System Variables, whichever is appropriate. This opens the New User Variable dialog box or the New System Variable dialog box, respectively.

2. In the Variable Name field, type the variable name. Then in the Variable Value field, type the variable value.

3. Click OK.

Editing an environment variable You can edit an existing environment variable by completing the following steps:

1. Select the variable in the User Variables or System Variables list box.

2. Click Edit under User Variables or under System Variables, whichever is appropriate. The Edit User Variable dialog box or the Edit System Variable dialog box will open.

3. Type a new value in the Variable Value field and click OK.

Deleting an environment variable You can delete an environment variable by selecting it and clicking Delete.

Note

When you create or modify system environment variables, the changes take effect when you restart the computer. When you create or modify user environment variables, the changes take effect the next time the user logs on to the system.

Configuring System Startup and Recovery

System startup and recovery properties are configured by means of the Startup And Recovery dialog box, shown in Figure 5. To access this dialog box, click the Advanced tab in the System Properties dialog box and then click the Settings button under Startup And Recovery.

Figure 5: The Startup And Recovery dialog box lets you configure system startup and recovery procedures.

Setting startup options The System Startup area of the Startup And Recovery dialog box controls system startup. In a computer with multiple bootable operating systems, to set the default operating system, select one of the operating systems listed in the Default Operating System field. These options change the configuration settings used by the Windows Boot Manager.

At startup of a computer with multiple bootable operating systems, Windows Vista displays the startup configuration menu for 30 seconds by default. You can affect this by either of the following actions:

• Boot immediately to the default operating system by clearing the Time To Display List Of Operating Systems check box.

• Display the available options for a specific amount of time by selecting the Time To Display List Of Operating Systems check box and then setting a time delay in seconds.

Generally, on most systems you'll want to use a value of three to five seconds. This is long enough to be able to make a selection, yet short enough to expedite the system startup process.

When the system is in a recovery mode and booting, a list of recovery options might be displayed. As with the standard startup options, you can configure recovery startup options in one of two ways. You can set the computer to boot immediately using the default recovery option by clearing the Time To Display Recovery Options When Needed check box, or you can display the available options for a specific amount of time by selecting Time To Display Recovery Options When Needed and then setting a time delay in seconds.

Setting recovery options The System Failure and Write Debugging Information areas of the Startup And Recovery dialog box control system recovery. Recovery options enable administrators to control precisely what happens when the system encounters a fatal system error (also known as a STOP error). The available options for the System Failure area are as follows:

• Write An Event To The System Log Logs the error in the system log, which allows administrators to review the error later using the Event Viewer.

• Automatically Restart Check this option to have the system attempt to reboot when a fatal system error occurs.

Note

Configuring automatic reboots isn't always a good thing. Sometimes you might want the system to halt rather than reboot to ensure that the system gets proper attention. Otherwise, you would know that the system rebooted only when you viewed the system logs or if you happened to be in front of the system's monitor when it rebooted.

The Write Debugging Information selection menu enables you to choose the type of debugging information that you want to write to a dump file. The dump file can in turn be used to diagnose system failures. The options are as follows:

• None Use this option if you don't want to write debugging information.

• Small Memory Dump Use this option to dump the physical memory segment in which the error occurred. This dump is 64 KB in size.

• Kernel Memory Dump Use this option to dump the physical memory area being used by the Windows kernel. The dump file size depends on the size of the Windows kernel.

• Complete Memory Dump Use this option to dump all physical memory being used at the time of the failure. The maximum dump file size is the same as the total physical memory size.

If you elect to write a dump file, you must also set a location for it. The default dump locations are %SystemRoot%\Minidump for small memory dumps and %SystemRoot%\MEMORY.DMP for all other memory dumps. You'll usually want to select Overwrite Any Existing File as well. This option ensures that any existing dump files are overwritten if a new STOP error occurs.

Best Practices

The dump file can be created only if the system is properly configured. The system drive must have a sufficiently large memory-paging file (as set for virtual memory on the Advanced tab), and the drive where the dump file is written must have sufficient free space as well. For example, my system has 128 MB of RAM and requires a paging file on the system drive of the same size—128 MB. Because the same drive is used for the dump file, the drive must have at least 256 MB of free space to correctly create a complete dump of debugging information (that's 128 MB for the paging file and 128 MB for the dump file).

The System Protection Tab

The System Properties dialog box's System Protection tab, shown in Figure 6, provides access to manage the configuration of System Restore. In Windows Vista, System Restore includes Previous Versions as a subcomponent. The sections that follow discuss techniques for working with and configuring System Restore.

Figure 6: System Restore manages restore points on a per-drive basis.

Working with System Restore and Previous Versions

With System Restore enabled, a computer makes periodic snapshots of the system configuration. These snapshots are called restore points. These restore points include Windows settings, lists of programs that have been installed, and so on. If the computer has problems starting or isn't working properly because of a system configuration change, you can use a restore point to restore the system configuration to the point at which the snapshot was made. For example, suppose your system is working fine and then you install a new service pack release for Microsoft Office. Afterward, the computer generates errors and Office applications won't run. You try to uninstall the update, but that doesn't work, so you decide to run System Restore. Using System Restore, you can restore the system using a snapshot taken prior to the update.

Note

System Restore can provide several different types of restore points. One type, System Checkpoint, is scheduled by the operating system and occurs at regular intervals. Another type of snapshot, Installation Restore Point, is created automatically based on events that are triggered by the operating system when you install applications. Other snapshots, known as Manual Restore Points, are created manually by users. You should recommend that users create Manual Restore Points prior to performing an operation that might cause problems on the system.

System Restore manages restore points on a per-drive basis. Each drive with critical applications and system files should be monitored for configuration changes. By default, System Restore is enabled only for the System drive. You can modify the System Restore configuration by turning on monitoring of other drives as needed. If a drive isn't configured for System Restore monitoring, configuration changes are not tracked and the disk cannot be recovered if problems occur.

In Windows Vista, previous versions of files and folders are created automatically as part of a restore point. Any file or folder that was modified since the last restore point is saved and made available as a previous version. The only exceptions are for system files and folders. Previous versions are not available for system folders, such as C:\Windows.

You can use previous versions of files to restore files that were inadvertently modified, deleted, or damaged. When System Restore is enabled on a drive, Windows Vista automatically makes daily copies of files and folders that have changed on that drive. You can also create copies of files and folders that have changed by setting a restore point on the System Protection tab.

Note

Protection points are created daily for all drives being monitored by System Restore. However, only those versions of files that are actually different from the current version are stored as previous versions. You can enable or disable previous versions on a per-drive basis by enabling or disabling System Restore on that drive. Previous versions are saved as part of a volume's automatically or manually created protection points.

Configuring System Restore

You control how System Restore works using the System Restore tab of the System utility. The system process responsible for monitoring configuration and application changes is the System Restore Service. This service is configured for automatic startup and runs under the Local System account. System Restore won't work properly if this service isn't running or configured appropriately.

System Restore saves system checkpoint information for all monitored drives and requires at least 300 MB of disk space on the System volume to save restore points. System Restore reserves additional space for restore points as necessary, up to 10 percent of the total disk capacity, but this additional space is always available for user and application storage. System Restore frees up additional space for you as necessary. If System Restore runs out of available space, the operating system overwrites previously created restore points. You cannot configure the amount of disk space used by System Restore.

Complete the following steps to manage System Restore monitoring of a computer:

1. Click Start and then click Control Panel.

2. In Control Panel, click the System And Maintenance category heading link.

3. Click System. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

4. To enable System Restore for a volume, select the volume's check box. When you enable System Restore, restore points are created automatically as discussed previously. You can manually create a restore point by clicking the volume and then clicking Create.

5. To disable System Restore for a volume, clear the volume's check box and then confirm the action by clicking Yes. When you disable System Restore, all restore points on that volume are removed and you cannot undo this action.

6. When you are finished making configuration changes, click OK.

Restoring a Previous Version

When you right-click a file or folder for which previous versions are available and then select Properties, you see a Previous Versions tab. If you select this tab, you should see previous versions of the file or folder. You can then use:

• The Open button to open any of the previous versions

• The Copy button to create a copy of a previous version

• The Restore button to revert the file or folder to a selected previous version

There are several possible reasons you might not see a previous version of a file on your computer:

• System Restore might not be enabled on the volume. If System Restore isn't enabled on a volume, Windows Vista doesn't create previous versions and therefore folders don't have any previous versions.

• The file might be an offline file. Offline files are copies of network files. Client computers do not create previous versions of offline files. Previous versions may be available on the server where the file is stored, however.

• The file might be a system file. Previous Versions does not create copies of system files. Changes made to system files are tracked with restore points, and you must recover the computer to the restore point to go back to a previous state.

• The folder in which the file was stored has been deleted. In this case, you must open the properties for the folder that contained the folder that was deleted. Use this folder's Previous Versions tab to restore the folder and then access the folder to recover the previous version of the file you are looking for.

The Remote Tab

The System Properties dialog box's Remote tab controls Remote Assistance invitations and Remote Desktop connections.