Deploying Windows XP Part I: Planning

Published: June 01, 2001 | Updated: August 08, 2001


This paper provides planning guidance for deploying the Microsoft® Windows® XP Professional operating system in a corporate environment. It addresses the top issues to consider in a deployment plan, including evaluating existing hardware and applications, assessing your network infrastructure, configuring computers for desktop or mobile use, determining networking standards, securing computing resources, assessing hardware and application compatibility, deciding whether to upgrade or do a clean installation and taking advantage of updates delivered over the Web.


Wes Miller, Program Manager, Microsoft Corporation.

John Kaiser, Technical Editor, Microsoft Corporation.

Some material in this paper also appears in the upcoming Windows XP Professional Resource Kit.

On This Page

Defining Project Scope and Objectives
Evaluating Current Network and Desktop Environments
Designing the Desktop Configuration for Windows XP Professional
Conducting a Windows XP Professional Pilot Deployment
Rolling Out the Full-Scale Deployment
Appendix: Deployment Project Planning Tools
Related Links


This paper introduces the essential elements in planning a successful deployment of the Microsoft® Windows® XP Professional operating system, the successor to Windows 2000 Professional and Windows Millennium Edition (Windows Me). Intended for organizations moving from the Windows NT® 4.0 or Windows 9.x operating systems, this guidance will also be useful to anyone seeking to deploy Windows XP Professional in a medium or large organization.

Deploying Windows XP Professional requires careful planning. A typical plan includes five principal stages, as shown in Figure 1 below.

Figure 1: Deploying Windows XP Professional

Figure 1: Deploying Windows XP Professional

This paper introduces each of these areas and provides in-depth prescriptive guidance for the stages that require the most planning: evaluating your current environment and designing a configuration for Windows XP Professional.

Defining Project Scope and Objectives

The first step in the deployment process is to define your project goals and objectives, ensuring they are consistent with the long-term goals of your organization and the needs of your employees.

A project plan should clearly identify specific phases of your deployment process and provide a clear and functional outline, clarifying the scope of the project, the people or groups affected, and the time frame involved.

In documenting your project scope, define the features of Windows XP Professional that you will deploy in order to meet your business objectives and overall goals.

Some of the things to consider when determining a project scope are:

  • Deployment numbers (computers, departments, networks, locations).

  • Deployment scope (operating system upgrade only, application server, and hardware upgrades, deploying the Microsoft Active Directory™ service, and so on).

  • Desktop standardization, administration, and security initiatives.

Evaluating Current Network and Desktop Environments

Before designing a desktop environment built around Windows XP, review your current network operating systems, infrastructure, and conventions. At a minimum, assess and document the following information:

  • Business organization and geographical requirements.

  • Application requirements (includes inventory of software and hardware).

  • Any existing Windows NT domain architecture, such as the number of domains and system policies in effect.

  • Service Packs and hotfixes applied to servers.

  • Interoperability (presence of NetWare, UNIX, or Linux-based computers).

  • Network and application standards — current and future.

  • User types (roaming, mobile, remote, task-based, knowledge-based, and so on.)

  • Software standards.

  • Hardware standards.

  • Support issues.

  • Naming conventions.

  • Security policy.

Tools such as Microsoft Systems Management Server (SMS) can be used to track hardware and software inventory. For more information about deployment procedures using SMS, see the white paper Using Systems Management Server to Deploy Windows 2000 at

System Requirements and Compatibility

Make sure that your hardware is compatible with Windows XP Professional, and that all the computers on which you plan to install the operating system are capable of supporting the installation. Table 1 shows the minimum and recommended hardware requirements for installing Windows XP Professional.

Table 1 Windows XP Professional Hardware Requirements

Minimum requirements

Recommended requirements

Intel Pentium (or compatible) 233 MHz or higher processor

Intel Pentium II (or compatible) 300 MHz or higher processor.

64 MB of RAM

128 MB (4 GB maximum) of RAM

2-GB hard disk with 650 MB of free disk space (additional disk space required if installing over a network)

2 GB of free hard disk space

VGA-compatible or higher display adapter

SVGA display adapter and Plug and Play monitor

Keyboard, mouse, or other pointing device

Keyboard, mouse, or other pointing device

CD-ROM or DVD-ROM drive (required for CD installations)

CD-ROM or DVD-ROM drive 12x or faster

Network adapter (required for network installation)

Network adapter

Note: Windows XP Professional supports single and dual CPU systems.

If you need to upgrade hardware or software before you can upgrade your users to Windows XP Professional, upgrading hardware or software needs to be the first task in your deployment process. Upgrade devices, remote access services, and your organization's applications first.

Checking the BIOS

Before deploying Windows XP Professional, check that your computers have the latest available BIOS version that it is compatible with Windows XP Professional. You can obtain an updated BIOS from the manufacturer.

If your computers do not have Advanced Configuration and Power Interface (ACPI) functionality, you might need to update the BIOS.

Note: Microsoft does not provide technical support for BIOS upgrades. Contact the manufacturer for BIOS upgrade instructions. For more information about BIOS issues, see BIOS Compatibility and Windows 2000 at

Hardware Compatibility List

For the most up-to-date list of supported hardware, see the Microsoft Hardware Compatibility List Web site at It contains a list of hardware devices that have passed the Hardware Compatibility Tests (HCT) for the latest beta version of Windows XP. This list is neither complete nor comprehensive; there are many devices that use compatible device identifiers or emulate other devices that work on Windows XP.

Note: This list continues to be updated as Windows XP moves closer to being completed.

Hardware Compatibility with Windows Me, Windows 98, Windows 95, and Windows 3.x

Many updated drivers ship with the Windows XP Professional operating system CD. However, when critical device drivers, such as hard drive controllers, are not compatible with Windows XP Professional or cannot be found, Setup halts the upgrade until updated drivers are obtained.

Earlier 16-bit device drivers for Windows Me, Windows 95, Windows 98, and Windows 3.x were based on the virtual device driver (VxD) model. The VxD model is not supported in Windows XP Professional.

An upgrade does not migrate drivers from Windows 98 or Windows Me to Windows XP Professional. If the driver does not exist in Windows XP Professional for a particular device, you might need to download an updated driver from the device manufacturer.

Application Compatibility

Because there are new technologies in Windows 2000 Professional and Windows XP Professional, you will need to test your business applications for compatibility with the new operating system. Even if you currently use Windows NT 4.0, you will need to test applications to make sure that they work as well on Windows XP Professional as they do in your existing environment. Some applications might not take advantage of enhancements included with Windows XP Professional, such as improved security features.

Identify all the applications that your organization currently uses, including custom software. As you identify applications, prioritize them and note which ones are required for each business unit in your organization. Remember to include operational and administrative tools, including antivirus, compression, backup, and remote-control programs.

Windows 95- or Windows 98-based Applications

Some applications written for Windows 95 or Windows 98 might not run properly on Windows XP Professional without modification. There are four ways to address problems with applications that do not run properly on Windows XP Professional:

  • Reinstall the applications after the upgrade if they are compatible with Windows XP Professional.

  • Create a new Windows XP Professional–based standard configuration with compatible versions of the applications.

  • Use migration dynamic-link libraries (DLLs) for each application that is not migrated during the upgrade.

  • Use the Run in Compatibility Mode Tool (APPCOMPAT).

System Issues During Migration from Windows Me, Windows 98, or Windows 95

System tools in Windows 98 and Windows 95, such as ScanDisk and DriveSpace, cannot be upgraded to Windows XP Professional. Also, other network clients cannot be upgraded to Windows XP Professional, so new versions of these clients must be acquired to complete the upgrade.

Windows NT 4.0- or Windows NT 3.5-based Applications

Because Windows NT Workstation version 4.0 and 3.51 share common attributes with Windows XP Professional, almost all applications that run on Windows NT Workstation 4.0 and 3.51 run without modification on Windows XP Professional. However, a few applications are affected by the differences between Windows NT Workstation 4.0 and Windows XP Professional.

One example is antivirus software. Due to changes between the version of the NTFS file system included with Windows NT 4.0 and the version of NTFS included with Windows XP Professional, file system filters used by antivirus software no longer function between the two file systems. Another example is networking software of other manufactures (such as other TCP/IP or Internetwork Packet Exchange/Sequenced Packet Exchange [IPX/SPX] protocol stacks) written for Windows NT Workstation 4.0.The following features and applications cannot be properly upgraded to Windows XP Professional:

  • Applications that depend on file-system filters, for example antivirus software, disk tools, and disk quota software.

  • Custom power-management solutions and tools. Windows XP Professional support for Advanced Configuration and Power Interface (ACPI) and Advanced Power Management (APM) replaces these. Remove such custom solutions and tools before upgrading.

  • Custom Plug and Play solutions. These are no longer necessary, because Windows XP Professional provides full Plug and Play support. Remove all custom Plug and Play solutions before upgrading.

  • Fault-tolerant options, such as disk mirrors.

  • Other network clients and services.

  • Virus scanners.

  • Uninterruptible power supplies.

Note: You must remove virus scanners, other network services, and other client software before starting the Windows XP Professional Setup program.

Using Check Upgrade Only Mode

Windows XP Professional Setup includes a Check Upgrade Only mode, which can be used to test the upgrade process before you do an actual upgrade. Check Upgrade Only mode produces a report that flags potential problems that might be encountered during the actual upgrade, such as hardware compatibility issues or software that might not be migrated during the upgrade. To run Setup in Check Upgrade Only mode, run Winnt32.exe, from the i386 folder, with the command-line switch -checkupgradeonly.

The Upgrade Report is a summary of potential hardware and software upgrade issues. The entries in the report include:

  • Microsoft MS-DOS® configuration. This includes entries in Autoexec.bat and Config.sys that are incompatible with Windows XP Professional. These entries might be associated with older hardware and software that is incompatible with Windows XP Professional. It also suggests that more technical information is provided in the Setupact.log file, located in the Windows folder.

  • Plug and Play hardware. This includes hardware that might not be supported by Windows XP Professional without additional files.

  • Software incompatible with Windows XP Professional. This includes upgrade packs that are required for some programs because they do not support Windows XP Professional, or because they can introduce problems with Windows XP Professional Control Panel. Before upgrading to Windows XP Professional, gain disk space by using Add or Remove Programs in Control Panel to remove programs not being used.

  • Software to reinstall. This includes upgrade packs that are recommended for programs because they use different files and settings in Windows XP Professional. If an upgrade cannot be obtained, remove the program before upgrading by using Add or Remove Programs in Control Panel. After upgrading to Windows XP Professional, reinstall or upgrade the program.

The Upgrade Report also displays links to Microsoft Windows XP Professional Web sites, including the Hardware Compatibility List, in addition to Add or Remove Programs in Control Panel where appropriate.

If you have applications that have been identified while running in Check Upgrade Only mode as incompatible, you must remove the conflicting applications before installing Windows XP Professional.

When upgrading from Windows NT Workstation, most applications can migrate. Certain proprietary applications, such as applications that were custom-made for your business, might not migrate. For more information on testing for compatibility of such programs, see "Application Compatibility," earlier in this paper.

Incompatibility Preventing an Upgrade

If an incompatibility prevents the upgrade from continuing, a wizard appears to inform the user. You can view details about the incompatibility, if available. Unless you can fix the problem by supplying a missing file (using the Have Disk button), you must quit Setup and fix the problem before rerunning Winnt32.exe.

Incompatibility Warning During an Upgrade

If the incompatibility does not prevent a successful upgrade to Windows XP Professional, you are warned that this application might not function correctly with Windows XP Professional. At this point, you can choose to quit, or to continue the upgrade. The Have Disk button is also supported in this case.

Assessing Network Infrastructure

Assess your network infrastructure by identifying existing network protocols, network bandwidth, and the network hardware. Table 2 covers how these issues affect your deployment plan.

Table 2 Basic attributes for assessing your network infrastructure


Effect on Project Plan

Network protocols

Network protocols determine how you customize several of the networking sections of answer files, such as [NetAdapter], [NetProtocols], and [NetServices].

Network bandwidth

Network bandwidth affects which method of installation to use. For example, in low-bandwidth networks or on computers that are not part of a network, you might need to use a local installation method. For high-bandwidth network connections, you might choose to install Windows XP Professional using a remote-boot CD-ROM or a network-based disk image.

Network servers

The servers you have in your network affect the installation tools available to you. If you have an existing Windows 2000 Server in place, you can use a wider range of tools to automate and customize client installations, including RIS.

Next, collect information about both the hardware and software in your network infrastructure. This should include the logical organization of your network, name- and address-resolution methods, naming conventions, and network services in use. Documenting the location of network sites and the available bandwidth between them can help you decide which installation method to use.

Document the structure of your network, including server operating systems, file and print servers, directory services, domain and tree structures, server protocols, and file structure. You should also include information about network administration procedures, including backup and recovery strategies, anti-virus measures, and data storage and access policies. If you use multiple server operating systems, note how you manage security and users' access to resources.

You should also include network security measures in your assessment of the network. Include information about how you manage client authentication, user and group access to resources, and Internet security. Document firewall and proxy configurations.

Create physical and logical diagrams of your network to organize the information you gather. The physical network diagram should include the following information:

  • Physical communication links, including cables, and the paths of analog and digital lines.

  • Server names, IP addresses, and domain membership.

  • Location of printers, hubs, switches, routers, bridges, proxy servers, and other network devices.

  • Wide area network (WAN) communication links, their speed, and available bandwidth between sites. If you have slow or heavily used connections, it is important to note them.

The logical network diagram can include the following information:

  • Domain architecture.

  • Server roles, including primary and backup domain controllers, Windows Internet Name Service (WINS), and DNS servers.

  • Trust relationships and any policy restrictions that might affect your deployment.

Designing the Desktop Configuration for Windows XP Professional

After you have completed the preliminary steps explained earlier in this document, you are ready to begin customizing how Windows XP Professional will be deployed on users' desktops or mobile computers.

The objective: Design, build, test, and approve a configuration. The design phase typically consists of the following stages outlined in Table 3.

Table 3 Designing desktop configuration for Windows XP Professional

Design stage


Logical design

Determine the fundamental features and framework of the preferred Windows XP Professional configuration.

Lab test

Build and configure the preferred configuration and conduct integration testing in a controlled environment.

Implementation design

Evaluate and select Windows XP Professional automated installation methods and strategies.

Pilot design

Approve the pilot Windows XP Professional configuration and implementation process.

Choosing how to implement an automated deployment throughout an organization will be among your most important decisions. Windows XP Professional includes a host of tools designed to meet specific business and technical objectives in addition to the requirements of your network and its users. For more information about these tools, see the white paper "Implementing Windows XP Deployment" at

Planning a Preferred Client Configuration

After you determine your business needs and have decided which features of Windows XP Professional to use, you need to determine how to implement these features to simplify managing users and computers in your organization. Standardizing desktop configurations makes it easier to install, update, manage, support, and replace computers running Windows XP Professional. If users have standardized configuration settings, software, hardware, and preferences, it is easier to deploy operating system and application upgrades and configuration changes that can be guaranteed to work on all computers.

Standard desktop configurations also make it easier for support personnel to identify and resolve problems that users may encounter. Problems can occur when users install operating system upgrades, applications, device drivers, settings, preferences, and hardware devices that have not been approved for use in the organization. Creating standards helps eliminate these potential problem areas. If a computer fails, having a standard configuration that you can install on a new computer minimizes downtime by ensuring that users have the same settings, applications, drivers, and preferences that they had before the problem occurred.

Determining Desktop Management Strategies

The most important decision in developing a management strategy is deploying Active Directory in a server environment running Windows 2000 Server. Once deployed, Active Directory enables many of the cost-saving advances in network management, such as Microsoft IntelliMirror® management technologies and Group Policy.

With Active Directory and Group Policy, you can do the following:

  • Prevent users from installing applications that are not required for their jobs.

  • Make new or updated software available to users without visiting their workstations.

  • Customize desktop features or prevent users from making changes to their desktop settings.

  • Refresh policy settings from the server without requiring the user to log off or restart the computer.

You can use the following features to manage computer and user settings:

  • Roaming User Profiles. This feature allows the data and settings in a user's profile to be copied to a network server when the user logs off and made available to the user anywhere on the network. It provides a transparent way to back up the user's profile to a network server, protecting this information in case the user's computer fails. This is especially useful for mobile users who travel throughout the network or log in remotely.

  • Offline Files and Folders. Administrators can make files that reside on a network share available to a local computer when it is disconnected from the server. This allows users without constant network access, such as remote and mobile users, to continue working on their files even when they are not connected to the network. Users can also have their file synchronized with the network copy when they reconnect.

  • Software Installation and Maintenance. Administrators can assign or publish software to users according to their job needs. Windows Installer allows administrators to centrally manage software installation and repair installations.

  • Folder Redirection. Administrators can redirect certain folders, such as My Documents, from the user's desktop to a server. This feature offers improved protection for user data by ensuring that local data is also redirected or copied to a network share, providing a central location for administrator-managed backups. It speeds up the logon process when using Roaming User Profiles by preventing large data transfers over the network.

  • Group Policy and Administrative Templates. Allows administrators to configure settings to govern the behavior of services, applications, and operating system components.

  • Group Policy-based scripts. With the Scripts extensions, you can assign scripts to run when the computer starts or shuts down, or when users log on or off their computers.

  • Internet Explorer Maintenance. Administrators use Internet Explorer Maintenance to manage and customize Microsoft Internet Explorer on Windows XP. With the Internet Explorer Administration Kit (IEAK), administrators can standardize versioning across your organization, centrally distribute and manage browser installations, configure automatic connection profiles for users' machines, and customize virtually any aspect of Internet Explorer, including features, security, communications settings, and other important elements.

  • Security Settings. You can define a security configuration within a Group Policy Object. A security configuration consists of settings applied to one or more security areas supported on Windows XP. The specified security configuration is then applied to computers as part of the Group Policy application. Security in Group Policy complements existing system security tools, such as the Security tab on the Properties page of an object, file, or folder, and Local Users and Groups in Computer Management. You can continue to use existing tools to change specific settings whenever necessary.

If you deploy computers running Windows XP Professional in a domain that does not include Active Directory, you can manage desktops locally by implementing the following features:

  • Roaming User Profiles and Logon Scripts. When using either a Windows NT 4.0 domain or Active Directory, both roaming user profiles and logon scripts are configured on the user object.

  • Folder Redirection. You can redirect special folders to alternate locations, either to a local or network location. You do this by modifying the values under the following registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.

  • Internet Explorer Maintenance. Instead of using Group Policy to control Internet Explorer settings, administrators can use the IEAK to apply settings to Internet Explorer clients using auto-configuration packages. The IEAK can be downloaded from the Microsoft IEAK Web site at

  • Administrative Templates (registry-based policy). Domain-based Group Policy processing requires that the User and/or Computer objects be located in Active Directory. If the User or Computer objects are located in a Windows NT 4.0 domain, then Windows NT 4.0 System Policy will be processed for whichever of these objects is located in that domain — this could be the Computer or User object, or both. System Policy is defined as the policy mechanism used natively in Windows NT 4.0; it is a set of registry settings that together define the computer resources available to a group of users or an individual.

For more information about IntelliMirror features in Windows 2000, see:

Choosing Desktop Computer Configurations

IntelliMirror gives administrators a great deal of flexibility in managing different types of users throughout an organization. You may wish to enforce tight control over the functionality of computers for certain users who perform specific tasks, such as front-line employees. To configure a computer for a single application and no other tasks, you can remove desktop features, such as the Start menu, and set an application to start when the user logs on.

For desktop computers that are used for specific functions, such as running certain line-of-business applications, you can use a management structure that prevents users from installing any application or device or from modifying the desktop or changing settings. To improve security and manage data storage, you can use Folder Redirection to save all data to a server location, instead of on the local computer.

You can also use Group Policy settings to manage configurations, restrict user access to certain features, and limit the customizations users can make to their computer environment. For example, Windows XP now allows administrators to set a configuration for Microsoft Windows Media™ Player and restrict its use to specific corporate communications, if desired.

If users need a great deal of control over their desktops, and tightly managing them is not acceptable, you can use desktop management strategies to reduce support costs and user downtime. You can allow users to install approved applications and to change many settings that affect them while preventing them from making harmful system changes. For example, you might allow users to install or update printer drivers, but not to install unapproved hardware devices. To ensure that the user's profile and data are saved to a secure location where it can be backed up regularly and restored in the event of a computer failure, use Roaming User Profiles and Folder Redirection.

Choosing Configurations for Mobile Computers

If your mobile users travel frequently or work from remote sites you might want to give them more control over their computers. For example, you might allow traveling users to install or update device drivers and applications but restrict them from performing tasks that can damage or disable their computers.

Mobile users who work mostly offsite, whether or not they are connected to your network, have less access to support personnel. Therefore, when you install applications for users who are rarely connected to the network or do not have a reliable fast connection to it, make sure that all necessary components are also installed. You can use scripts to make sure that all files associated with the installed applications are installed locally. A sample Microsoft Visual Basic® script can be found in the white paper "Implementing Common Desktop Management Scenarios" at

You can also allow members of the Users and Guest groups to install applications that might affect protected directories in the system by enabling the Group Policy setting Always install with elevated privileges.

Note: The Group Policy setting Always install with elevated privileges must be enabled in both Computer Configuration and User Configuration to take effect.

Determining a Client Connectivity Strategy

Determining how to connect clients to your network depends largely on where they are located and the type of network you are running. Those located within the corporate infrastructure can use a variety of network media, such as asynchronous transfer mode (ATM), Ethernet, or Token Ring; those outside the corporate infrastructure need to use Routing and Remote Access or virtual private networking (VPN).

Windows XP Professional uses TCP/IP as its standard network protocol. For a Windows XP Professional–based computer to connect to NetWare or Macintosh servers, administrators must use a protocol that is compatible with the server. NWLink is the Microsoft implementation of the Novell IPX/SPX protocol, which allows administrators to connect to NetWare file and print servers.

Note: Install only the necessary protocols. For example, installing and enabling IPX when you need only TCP/IP generates unnecessary IPX and Service Advertising Protocol (SAP) network traffic.

Users who connect to your network remotely might need to configure VPN connections. To allow them to make necessary configuration changes, enable the following settings:

  • Delete remote access connections belonging to the user.

  • Rename connections belonging to the current user.

  • Display and enable the Network Connection wizard.

  • Display the Dial-up Preferences item on the Advanced menu.

  • Allow status statistics for an active connection.

    Allow access to the following:

    • Current user's remote access connection properties.

    • Properties of the components of a local area network (LAN) connection.

    • Properties of the components of a remote access connection.

If mobile users rarely connect to your network, you might not want to use features such as Roaming User Profiles and Folder Redirection. However, these features help maintain a seamless work environment from any computer for users who frequently connect to the network or roam between mobile and desktop computers.

TCP/IP Networks

Client computers running on TCP/IP networks can be assigned an IP address statically by the network administrator or dynamically by a Dynamic Host Configuration Protocol (DHCP) server.

Windows XP Professional uses DNS dynamic update as the namespace provider whether you use static IP addresses or DHCP. Networks that include Windows NT Server 4.0 or earlier or client computers running versions of Windows earlier than Windows 2000 require a combination of DHCP and WINS.

DNS is required for integration with Active Directory, and it provides the following advantages:

  • Interoperability with other DNS servers, including Novell NDS and UNIX Bind.

  • Integration with networking services, including WINS and DHCP.

  • Dynamic registration of DNS names and IP addresses.

  • Incremental zone transfers and load balancing between servers.

  • Support for resource record types, such as Services Locator and ATM address records.

DHCP allows Windows XP Professional–based computers to receive IP addresses automatically. This helps to prevent configuration errors and address conflicts that can occur when previously assigned IP addresses are reused to configure new computers on the network. As computers and devices are removed from the network, their addresses are returned to the address pool and can be reallocated to other clients. The DHCP lease renewal process ensures that needed changes are made automatically when client configurations must be updated.

The advantages of using DHCP follow:

  • Conflicts caused by assigning duplicate IP addresses are eliminated.

  • DNS or WINS settings do not need to be manually configured if the DHCP server is configured to those settings.

  • Clients are assigned IP addresses regardless of the subnet to which they connect, so IP settings need not be manually changed for roaming users.

If you assign IP addresses statically, you need to have the following information for each client:

  • The IP address and subnet mask for each network adapter installed in each client computer.

  • The IP address for the default gateway.

  • If the client is using DNS or WINS.

  • The name of the client computer's DNS domain and the IP addresses for the DNS or WINS servers.

  • The IP address for the proxy server.

Note: It is recommended that you assign static IP addresses to servers and dynamic ones to client computers. However, there are exceptions that might require you to assign static addresses to computers running Windows XP Professional. For example, a computer that runs an application that has the IP addresses hard coded into it requires a static address.

IPX Protocol

IPX is the network protocol used by NetWare computers to control addressing and routing of packets within and among LANs. Windows XP Professional computers can connect to NetWare servers using Client Service for Netware. Windows XP Professional includes NWLink and Client Service for NetWare to transmit NCP packets to and from NetWare servers.

NWLink and Client Service for NetWare provide access to file and print resources on NetWare networks and servers that are running either NDS directory or bindery security. Client Service supports some NetWare tools applications. It does not support the NWIP or IP.

You can install Client Service or the current network client from, Novell Client. However, you cannot use Novell Client to connect a computer running Windows XP Professional to a Windows 2000 Server–based computer.

Note: Do not install both Client Service and Novell Client for Windows NT/2000 on the same computer running Windows XP Professional. Doing so can cause errors on the system.

When upgrading to Windows XP Professional from Windows 98, Windows Me, or Windows NT 4.0 Workstation, Windows XP Professional upgrades the Novell Client, version 4.7 or earlier, to the latest version of the Novell Client, allowing for a seamless upgrade. All other versions of the Novell Client should be removed before upgrading the operating system, then reinstalled and reconfigured.

You can also use Microsoft Services for NetWare on Windows 2000 Server.

Determining Security Strategies

The Windows XP Professional security model is based on the concepts of authentication and authorization. Authentication verifies a user's identity, and authorization verifies that the user has permission to access resources on the computer or the network. Windows XP Professional also includes encryption technologies, such as the Encrypting File System (EFS) and public key technology, to protect confidential data on disk and across networks.


When the user logs on to a computer, a user name and password are required before the user can access resources on the local computer or the network. Windows XP Professional authentication enables single sign-on to all network resources, so that a user can log on to a client computer by using a single password or smart card and gain access to other computers in the domain without re-entering credential information. The Windows XP Professional authentication model protects your network against malicious attacks, such as:

  • Masquerade attacks. Because a user must prove identity, it is difficult to pose as another user.

  • Replay attacks. It is difficult to reuse stolen authentication information, because Windows XP Professional authentication protocols use timestamps.

  • Identity interception. Intercepted identities cannot be used to access the network, because all exchanges are encrypted.

Kerberos V5 is the primary security protocol within Windows 2000 domains. Windows XP Professional clients use NTLM to authenticate to servers running Windows NT 4.0 and to access resources within a Windows NT domain. Computers running Windows XP Professional that are not joined to a domain also use NTLM for authentication.

If you use Windows XP Professional on a network that includes Active Directory, you can use Group Policy settings to manage logon security, such as restricting access to computers and logging users off after a specified time. You can use the preconfigured security templates that meet the security requirements for a given workstation or network. Security templates are files with preset security settings that can be applied to a local computer or imported to a Group Policy object in Active Directory.

Security templates can be used without modification or customized for specific needs.


Authorization controls user access to resources. Using access control lists (ACLs), security groups, and NTFS permissions, you can make sure that users only have access to needed resources, such as files, drives, network shares, printers, and applications. Security groups, user rights, and permissions can be used to manage security for numerous resources while maintaining fine-grained control of files and folders and user rights.

Security Groups

Using security groups can streamline the process of managing access to resources. You can assign users to security groups, and then grant permissions to those groups. You can add and remove users from the security groups according to their need for access to new resources. To create local users and place them within local security groups, use the Computer Management snap-in of MMC. You can grant users permissions to access files and folders, and specify what tasks users can perform on them. You can also allow permissions to be inherited, so that permissions for a folder apply to all its subfolders and the files in them.

Within the domain local and computer local security groups there are preconfigured security groups to which you can assign users. These include:

  • Administrators. Members of this group have total control of the local computer and have permissions to complete all tasks. A built-in account called Administrator is created and assigned to this group when Windows XP Professional is installed. When a computer is joined to a domain, the Domain Administrators group is added to the local Administrators group by default.

  • Power Users. Members of this group have read/write permissions to other parts of the system in addition to their own profile folders, can install applications, and can perform many administrative tasks. Members of this group have the same level of permissions as Users and Power Users in Windows NT 4.0.

  • Users. Members of this group are authenticated users with read-only permissions for most parts of the system. They have read/write access only within their own profile folders. Users cannot read other users' data (unless it is in a shared folder), install applications that require modifying system directories or the registry, or perform administrative tasks. Users' permissions under Windows XP Professional are more limited than under Windows NT 4.0.

  • Guests. Members of this group can log on using the built-in Guest account to perform limited tasks, including shutting down the computer. Users who do not have an account on the computer or whose account has been disabled (but not deleted) can log on using the Guest account. You can set rights and permissions for this account, which, by default, is a member of the built-in Guests group. The Guest account is disabled by default.

You can configure access control lists (ACLs) for resource groups or security groups and add or remove users or resources from these groups as needed. The process of adding and removing users makes user permissions easier to control and audit. It also reduces the need to change ACLs.

You can grant users permissions to access files and folders, and specify what tasks users can perform on them. You can also allow permissions to be inherited, so that permissions for a folder apply to all its subfolders and the files in them.

Group Policy

You can use Group Policy settings to assign permissions to resources and grant rights to users as follows:

  • To require that certain applications run only within specified security contexts. This reduces the risk of exposing the computer to unwanted applications, such as viruses.

  • To configure many rights and permissions for client computers. You can also configure rights and permissions on an individual computer to be used as the base image for desktop installations, to ensure standardized security management even if you do not use Active Directory.

Auditing features allow you to detect attempts to disable or circumvent protections on resources.

You can use the preconfigured security templates that meet the security requirements for a given workstation or network. Security templates are files with preset security settings that can be applied to a local computer or imported to a Group Policy object in Active Directory. Security templates can be used without modification or customized for specific needs.


You can use Encrypting File System (EFS) to encrypt data on your hard disk. For example, because portable computers are high-risk items for theft, you can use EFS to enhance security by encrypting data on the hard disks of your company's portable computers. This precaution protects data and authentication information against unauthorized access.

Determining Client Administration and Configuration Strategies

Depending on the needs of your organization, you can include support for multiple language versions of the operating system and applications, specify what devices users can access, choose the file system that best suits your security and compatibility needs, and create logical disks that are more efficient to manage. Depending on the installation method you use, you can install applications along with the operating system to decrease the time it takes users to start their computers. You can enable accessibility options for users with disabilities and have those options available wherever users log on to the network.

Multilingual Options

Windows XP Professional supports companies that need to allow their users to work with various languages or in multiple locale settings. This includes organizations that:

  • Operate internationally and must support various Regional and Language Options, such as time zones, currencies, or date formats.

  • Have employees or customers who speak different languages, or require language-dependent keyboards or input devices.

  • Develop an internal line of business applications to run internationally or in more than one language.

If you have roaming users who need to log on anywhere and edit a document in several languages, you need the appropriate language files installed or installable on demand, on a server or workstation. You can also use Terminal Services to allow users to initiate individual Terminal Services sessions in different languages.

Hardware Devices

Windows XP Professional includes support for a range of hardware devices, including USB– and IEEE 1394–compliant devices. Device drivers for most devices are included with the operating system. Drivers can be configured to be dynamically updated by connecting to Windows Update and downloading the most recent versions.

If you can connect to Internet, the Dynamic Update feature can connect to Windows Update during Setup to install device drivers that were not included on the operating system CD. For more information about Dynamic Update, see Planning for Dynamic Update, later in this document.

You can add devices, such as mass storage and Plug and Play devices, to your installation.

File Systems

Windows XP Professional supports the FAT16, FAT32, and NTFS. Because NTFS has all the basic capabilities of FAT16 and FAT32, with the added advantage of advanced storage features such as compression, improved security, and larger partitions and file sizes, it is the recommended file system for Windows XP Professional.

Some features you can use when you choose NTFS:

  • File encryption allows you to protect files and folders from unauthorized access.

  • Permissions can be set on folders and individual files.

  • Recovery logging of disk activities helps restore information quickly in the event of power failure or other system problems.

  • Disk quotas allow you to monitor and control the amount of disk space used by individual users.

Better scalability allows you to use large volumes. The maximum volume size for NTFS is much greater than that for FAT. Additionally, NTFS performance does not degrade as volume size increases, as it does in FAT systems.

If you are performing a clean installation of Windows XP Professional, it is recommended that you use NTFS. If you are upgrading computers that use NTFS as the only file system, you should continue to use NTFS with Windows XP Professional.

Windows XP Professional provides support for existing Windows 95, Windows 98, or Windows Me file systems, including FAT16 and FAT32 file systems. If you are upgrading computers that use FAT or FAT32 as their file system, consider reformatting or converting the partitions to NTFS. You can convert FAT volumes to NTFS during Setup; however, you will not be able to uninstall Windows XP Professional and revert to the previous operating system if you choose this option.

Note: Compressed Windows 98 volumes cannot be upgraded, and need to be uncompressed before upgrading to Windows XP Professional.

If you plan to install Windows XP Professional and another operating system on the same computer, you need to use a file system that can be accessed by all the operating systems installed on the computer. For example, if the computer will contain Windows 95 and Windows XP Professional, you need to use FAT on any partition that Windows 95 needs access to. If the computer will contain Windows NT 4.0 and Windows XP Professional, however, you can use FAT, FAT32, or NTFS, because both operating systems can access all these file systems. In this case, however, certain features in the version of NTFS included with Windows XP Professional will not be available when running Windows NT 4.0.

Note: You can access NTFS volumes only when running Windows NT, Windows 2000, or Windows XP Professional.

Table 4 lists the size and domain limitations of each file system.

Table 4 Comparison of NTFS and FAT file systems

Subject of comparison




Operating system compatibility

A computer running Windows 2000 or Windows XP Professional can access files on an NTFS partition. A computer running Windows NT 4.0 with Service Pack 4 or later can access files on the partition, but some NTFS features, such as Disk Quotas, are not available. Other operating systems allow no access.

Access is available through MS-DOS, all versions of Windows, Windows NT, Windows XP Professional, and OS/2.

Access is available only under Windows 95 OSR2, Windows 98, Windows Me, Windows 2000, and Windows XP Professional.

Volume size capabilities

Recommended minimum volume size is approximately 10 MB.
Recommended practical maximum for volumes is 2 terabytes (TB). Much larger sizes are possible.
Cannot be used on floppy disks.

Volumes up to 4 GB.
Cannot be used on floppy disks.

Volumes from 512 MB to 2 TB.
In Windows XP Professional, you can format a FAT32 volume only up to 32 GB.
Cannot be used on floppy disks.

File size capabilities

Maximum file size 16 TB minus 64 KB (2(44) minus 64 KB).

Maximum file size 4 GB.

Maximum file size 4 GB.

Files per volume

4,294,967,295 (2(32) minus 1files).

65,536 (2(16) files).

Approximately 4,194,304 (2(22) files).

If you also want to use MS-DOS on your system, you need another partition formatted with FAT, which is the MS-DOS operating system's native file system. MS-DOS cannot recognize data on NTFS or FAT32 partitions.

Note: To format the active system partition you must use a file system that all the operating systems running on your computer recognize. You can have up to four primary partitions, but only the active one starts all the operating systems.

Applications to Install

During setup, you can choose to install standard productivity applications, such as Microsoft Office, in addition to custom applications. If certain core applications need to be available to users at all times, you can install them along with the operating system. If you are automating installations by using RIS or System Preparation (Sysprep), you can install the applications on the disk image that you create; if you are doing unattended installations using answer files, you can include applications and make them available from your distribution folder.

If you use Active Directory, you can use the Software Installation and Maintenance feature of IntelliMirror to make applications available to users. You can assign critical applications to users and publish applications users might need to access.

  • Publishing an application. When you publish applications, users can install the application by using Add or Remove Programs in Control Panel.

  • Assigning an application to a user. When you assign an application to a user, it appears to the user that the application is already installed, and a shortcut appears in the user's Start menu. When the user clicks the shortcut, the application is installed from a server share.

  • Automating deployment and upgrades. You can also use Systems Management Server (SMS) to automate the deployment and upgrade applications during and after installing the operating system. SMS is a good option for large-scale software-deployment projects, because SMS can be set to run when it will cause minimal interruption to your business, such as at night or on weekends. For more information about deployment procedures using SMS, see the white paper Using Systems Management Server to Deploy Windows 2000 and the documentation included with SMS.

Accessibility Options

Windows XP Professional includes multiple features and options that improve accessibility for people with disabilities. You can use the Accessibility Wizard or individual Control Panel properties to set options to meet the needs of users with vision, mobility, hearing, and learning disabilities.

For users with vision impairments and some learning disabilities, you can set size and color options for the display of text and screen elements (such as icons and windows). You can adjust the size, color, speed, and motion of the mouse cursor to aid visibility on the screen as well. Options such as StickyKeys, BounceKeys, ToggleKeys, and MouseKeys benefit some users with mobility impairments. SoundSentry and ShowSounds can assist users with hearing impairments.

Accessibility utilities such as Magnifier, Narrator, and On-Screen Keyboard also allow users with disabilities to configure and use computers without additional hardware or software. These utilities also allow some users with disabilities to roam among multiple computers in their organization.

Note: Accessibility features such as Narrator, Magnifier, and On-Screen Keyboard are designed to provide a minimum level of functionality for users with special needs. Most people with disabilities require utilities with higher functionality for daily use.

You can use Group Policy and set user profiles to make sure that accessibility features are available to users who need them, no matter where in your network they log on. You can also enable some accessibility features during Setup by specifying them in your answer file.

Upgrading vs. Clean Installation

Windows XP Professional provides upgrade paths from Windows 2000 Professional, Windows NT 4.0, Windows 98, and Windows Me. If you are using Windows 95, Windows 3.x or another operating system, you need to choose a clean install.

During an upgrade, existing user settings are retained, in addition to installed applications. If you perform a clean installation, the operating system files are installed in a new folder, and you must reinstall all your applications and reset user preferences, such as desktop and application settings.

You need to choose a clean installation of Windows XP Professional in the following cases:

  • No operating system is installed on the computer.

  • The installed operating system does not support an upgrade to Windows XP Professional.

  • The computer has more than one partition and needs to support a multiple-boot configuration using Windows XP Professional and the current operating system.

  • A clean installation is preferred.

The most basic advantage of a clean installation is that all your systems can begin with the same configuration. All applications, files, and settings are reset. You can use a single disk image or answer file to make sure that all the desktops in your organization are standardized. In this way, you can avoid many of the support problems that are caused by irregular configurations.

Note: Installing multiple operating systems on the same partition is not supported and can prevent one or both operating systems from working properly.

Upgrading from Windows 98 or Windows Me

Upgrading from Windows 98 or Windows Me to Windows XP Professional might require some additional planning because of differences in the registry structure and the structure of the setup process. For more information about software compatibility issues, see Application Compatibility earlier in this paper.

Upgrading from Windows 2000 or Windows NT Workstation 4.0

Windows 2000 and Windows NT Workstation 4.0 provide the easiest upgrade path to Windows XP Professional because they share a common operating system structure and core features, such as support file systems, security concepts, device driver requirements, and registry structure.

If you upgrade or install Windows XP Professional on a Windows NT Workstation 4.0–based computer that uses NTFS, the installation process automatically upgrades the file system to Windows XP Professional NTFS. If you install or upgrade to Windows XP Professional and the current file system is FAT, you will be asked if you want to upgrade to the NTFS file system.

Planning for Dynamic Update

Dynamic Update is a feature in Windows XP Professional Setup that works with Windows Update to download critical fixes and drivers needed during the Setup process. Dynamic Update provides important updates to files required for Setup to minimize difficulties during Setup. Dynamic Update also provides access to device drivers that were not included on the Windows XP Professional operating system CD-ROM to ensure that devices required for Setup work.

Note: Dynamic Update only provides new device drivers that were not included on the operating system CD-ROM. Updates to existing drivers are not downloaded during Dynamic Update, but can be obtained by connecting to Windows Update after Setup is complete.

The following types of files are downloaded by Dynamic Update:

  • Replacement files. Dynamic Update replaces files from the Windows XP Professional operating system CD-ROM that require critical fixes or updates. Files that are replacements include DLLs required by Setup. Only replacements for existing files are downloaded: No new files are downloaded.

  • Device drivers. Dynamic Update downloads new drivers for devices that are connected to the computer and are required for Setup. Only drivers that are not included on the operating system CD-ROM are downloaded. Drivers that require critical fixes can be downloaded, but updates to existing drivers are not available for download.

Using Dynamic Update

For Dynamic Update to run during Setup, the computer needs an Internet connection (or the ability to connect to a network share containing updates downloaded from the Windows Update corporate catalog) and Internet Explorer 4.01 or later versions of the files WINENET.dll and SHLWAPI.dll. If either of these requirements are not met, Dynamic Update will not connect to Windows Update or download the required files.

The user will be asked if Setup should look for updates. If the user chooses Yes, Dynamic Update connects to the Windows Update site and searches for new drivers and replacement Setup files. In unattended installations, Dynamic Update is enabled by default, but can be disabled by using the following setting:


Winnt32.exe checks for required disk space, memory, and other Setup requirements. If it does not meet all these requirements, Setup does not complete and the Dynamic Update step is not completed. If the computer meets the Setup requirements, Winnt32 checks the size of the Dynamic Update download to determine if there is enough space to download the file.

The estimated size of the download is based on the size of the CAB files, and cannot determine the total amount of disk space required for the downloaded files. Winnt32.exe checks the size of the files again once they are extracted from the downloaded CAB files.

Using the Windows Update Corporate Site for Dynamic Update

If you are rolling out Windows XP Professional to a large number of computers, you might not want each of them connecting to Windows Update to download device drivers and replacement Setup files. By using the Windows Update Corporate Site for Dynamic Update, you can download the needed files and place them on a share within your network where client computers can connect during Setup. This saves bandwidth, but also allows you to have more control over what files are copied to each computer. This process also allows you to choose device drivers, including updates to existing drivers, to include during the Dynamic Update phase of Setup.

To download the Dynamic Update package, see the Windows Update Corporate Web site at The download is an executable file. Run this file to expand the Dynamic Update CAB files onto the network share folder.

You can point to the network share containing the Dynamic Update files by running Winnt.exe with the /DUShare switch, or by specifying the location of the share in your answer file.

Planning for Windows Product Activation

Windows Product Activation (WPA) deters piracy by requiring your Windows XP Professional installation to be activated. Product Activation is based on a requirement that each unique installation have a unique product key.

WPA Not Required for Volume License Programs

Microsoft recognizes that large enterprises and even small businesses have unique deployment needs, and that activation could complicate deployment. Therefore, Microsoft does not require activation for customers who acquire their licenses for Windows XP through one of Microsoft's volume licensing programs, such as Microsoft Open License or Microsoft Select License. It's important to note that Microsoft offers a volume licensing solution for very small customers. For example, a customer can buy into the Microsoft Open License program by making an initial purchase of just five licenses, such as two licenses for Windows XP and three licenses for Office XP.

How Product Activation Works

WPA ties your product key (and thus your Product ID, or PID) to your computer by creating an installation ID. The installation ID is made up of your PID and a PC identifier, called a hardware ID, or HWID. The installation ID is sent to a Microsoft license clearing-house, which checks that Microsoft manufactured that PID and that the PID has not been used to install the operating system on more hardware than is defined by the product's End User License Agreement (EULA). For Windows XP Professional, the EULA states that you can install the software on one computer. If this check fails, activation of Windows XP Professional fails. If this check passes, your computer is sent a confirmation ID, which activates your version of Windows XP. After Windows is activated, you never need to perform Product Activation again, unless you significantly overhaul the hardware in your computer. For beta versions, you must activate your installation within 14 days after installing Windows XP Professional. When Windows XP Professional is released, customers will have 30 days to activate.

If the Product Key is used to install Windows on a second computer, the activation fails. In addition, if WPA detects that the current installation of Windows is running on a different computer than it was originally activated on, you must activate it again. In this way, WPA stops the casual copying of Windows.

Conducting a Windows XP Professional Pilot Deployment

Before rolling out your deployment project, you need to test it for functionality in a controlled environment.

Before you begin testing your deployment project, create:

  • A test plan that describes the tests you will run and the expected results

  • A schedule for performing tests and who will run each test.

The test plan must specify the criteria and priority for each test. Prioritizing your tests can help you avoid slowing down your deployment because of minor failures that can be easily corrected later; it can also help you identify larger problems that might require redesigning your deployment plan.

The testing phase is essential, because a single error condition can be duplicated to all computers in your environment if it is not corrected before you deploy the image. It is recommended that you roll out the deployment to a small group of users after you test the project. Piloting the installation allows you to assess the success of the deployment project in a production environment before rolling it out to all users.

Create a test lab that is not connected to your network but mirrors, as closely as possible, your organization's network and hardware configurations. Set up your hardware, software, and network services as they are in your users' environment.

Perform comprehensive testing on each hardware platform, testing both application installation and operation. This can greatly increase the confidence of the project teams and the business-decision makers, resulting in a higher-quality deployment.

To pilot the project, roll out the deployment to a small group of users. The primary purpose of pilot projects is not to test Windows XP Professional. Instead, the aim of your early pilots is to get user feedback for the project team. This feedback is used to further determine the features that you need to enable or disable in Windows XP Professional. This is particularly relevant if you upgrade from Windows 98 or Windows Me, which do not include features such as domain-based computer accounts, local security, and file system security. For pilots, choose a user population that represents a cross-section of your business, in terms of job function and computer proficiency.

Install pilot systems by using the same method that you plan to use for the final rollout. After you make the necessary decisions about how to implement Windows XP Professional, use a final pilot to test the installation process.

The pilot process provides a small-scale test of the eventual full-scale rollout, so you can use the results of the pilot, including any problems encountered, to finalize your rollout plan. Compile the pilot results and use the data to estimate upgrade times, the number of concurrent upgrades you can sustain, and peak loads on the user support functions.

Rolling Out the Full-Scale Deployment

When deploying Windows XP Professional across a company-wide network, you will need to choose an automated installation method. For more information about automated deployment options, see Implementing the Windows XP Deployment available at

For the final deployment, the steps involved are very similar to the pilot deployment. To ensure a smooth migration of all your users during full-scale deployment, you must:

  • Set up the distribution servers.

  • Notify the users of the upcoming installation.

  • Train the users on Windows XP Professional.

  • Customize the user installation scripts.

  • If needed, upgrade the hardware on the client computers and remove any software that doesn't comply with company policy.

  • If required as part of the plan, back up critical data and configuration files on the client computers.

  • Conduct virus scan, disk scan, and hard disk defragmentation as required by the project plan.

  • Temporarily reset the user password and ID for each computer. This allows technicians easy access to the client computer so they can make sure that the login scripts and environment operate correctly.

  • Make sure that the client computers are fully operational and the network is running.


The first step in the deployment process is to define your project goals and objectives, ensuring they are consistent with the long-term goals of your organization and the needs of your employees.

A project plan should clearly identify specific phases of your deployment process and provide a clear and functional outline, clarifying the scope of the project, the people or groups affected, and the time frame involved.

Based on experiences of actual deployments, this paper shows the recommended stages for planning a deployment, focusing on the areas that require the most work: evaluating your current environment and designing a configuration for Windows XP Professional.

For a review and summary of the tools available for automated deployment, see the companion paper Deploying Windows XP Part II: Implementing at

Appendix: Deployment Project Planning Tools

Deploying Windows XP Professional is a considerable project management task made easier by using Microsoft Project 2000 and Microsoft Visio® 2000 drawing and diagramming software. Microsoft Project has a built-in deployment template to help manage all phases of the deployment, beginning with a visioning plan that involves communicating the business benefits to key stakeholders. As shown in Figure 2 below, Microsoft Project provides detailed steps for deploying Windows 2000, procedures that remain applicable to deploying Windows XP.

Figure 2: Microsoft Project guides you through the deployment planning steps

Figure 2: Microsoft Project guides you through the deployment planning steps

In addition, you can use Visio to visually map your network infrastructure, a benefit that is particularly useful in planning an Active Directory structure. Visio finds all the objects you have in the directory, presents them to you, and enables you to diagram them down to "class" and "property" levels of detail.

For more information about using Microsoft Project and Microsoft Visio 2000 as deployment tools, see:

For details about deploying Windows XP Professional, see the documentation located in the Deploy.chm file provided in Support\Tools\ on the Windows XP Professional CD.

See also the following deployment-related papers:

For details about hardware compatibility, see the Microsoft Hardware Compatibility List Web site at

For the latest information on Windows XP, check out our Web site at

Windows 2000 Resources

The following Windows 2000 deployment resources are also useful in determining how to move to Windows XP from a Windows NT 4.0 or Windows 9.x environment: