2.6. Understanding Control Panel Applets

As in other Windows platforms, the Windows Server 2008 Control Panel serves as a control center for configuring hardware and operating system settings. Some Control Panel applets control fairly simple sets of options, while others are relatively complex. The following sections explain the more complex Control Panel applets and their functions. Applets that require no explanation (such as configuring the mouse, game controllers, and so on) are not included. In addition, note that not all applets appear in the Control Panel by default. The Wireless Link applet, for example, only appears on systems with infrared ports or similar wireless hardware.

You can configure the Start menu to display the Control Panel applets in the menu, enabling you to access individual Control Panel applets through the Start menu without having to open the Control Panel folder. To display the Control Panel applets on the Start menu, right-click the taskbar and choose Properties. Click the Advanced tab, select Expand Control Panel in the Start Menu Settings group, and click OK.

To open the Control Panel, click Start Control Panel. If you've configured the Start menu to expand the Control Panel and want to open the Control Panel folder, click Start, then right-click Control Panel and click Open. You also can open the Control Panel from My Computer.

2.6.1. Ease of Access applet

This applet enables you to configure interface and input/output functions designed to assist users with various physical challenges, such as limited vision. You can configure a variety of settings and features for the display, keyboard, mouse, and sound.

2.6.2. Add Hardware applet

The Add Hardware applet, when selected, runs the Add Hardware Wizard, which helps you add new hardware, remove hardware, unplug a device, and troubleshoot problems with devices. The wizard scans the system for changes and helps automate the process of installing drivers to support new devices.

If you choose to add or troubleshoot a device, Windows Server 2008 automatically performs a search for plug and play (PnP) hardware. If it finds and recognizes a new device, it takes you step-by-step through the process of installing support for the device. If it finds but can't recognize the device, the wizard prompts you to select the device from a list and manually specify the device's driver(s).

To troubleshoot a device, allow Windows Server 2008 to perform the hardware detection and then locate the device in the Choose a Hardware Device list and click Next. The wizard will help you perform steps to troubleshoot the device. To add a new device, choose Add a New Device from the list and then click Next. Follow the prompts to insert the Windows Server 2008 CD or provide a path to the appropriate driver files when prompted.

If you choose to uninstall a device, Windows Server 2008 presents a list of all devices. Select the device you want to remove, click Next, and follow the prompts to complete the process. If you're unplugging a device, Windows Server 2008 presents a list of devices that can be unplugged. Select the device, click Next, and follow the prompts (if any) to complete the process.

2.6.3. Default Programs applet

The Add or Remove Programs applet is no more. Much of the old functionality in the old applet in Windows Server 2003 has been integrated into Server Manager (role and features). Instead you now have the Default Programs applet. Windows Components are in Server Manager, split between roles and features (and no longer known as Windows Components).

The Default Programs applet is essentially a custom or third-party software installation and management interface. As you can see in Figure 2-31, the only application that I have installed on the example server is Skype. You do not have to do anything special when you install applications to ensure they end up being managed by the Default Programs applet.

Like the old application, the applet serves three main functions. It enables you to change the installation of or remove existing programs, install new programs, and turn Windows features on or off. The first two options are geared typically toward user-oriented applications. You use the latter option to add or remove features such as Indexing Service, Certificate Services, IIS, additional tools, and so on, to or from Windows Server 2008. The big difference between Windows Server 2008 and Windows Server 2003 is that on the latter you actually removed the application from the server, whereas now you can turn off the application without actually having to remove its bits and pieces from the server. At any time you want to add the application back, simply toggle the option "Turn Windows features on or off." However, you should know that only applications that support this API or that are Windows Server 2008 or Vista logo compliant support this feature.

Figure 2.31. Use Program and Features to add or remove or reconfigure and update programs.

The list of installed applications does not, by default, include updates and patches. To view these installed items, click the View Installed Updates option in the applet as shown in Figure 2-31.

2.6.4. Administrative Tools applet

The Administrative Tools applet in the Control Panel serves as a container for various administrative tools, including the Computer Management MMC snap-in, the Services snap-in, Event Viewer, and others. Each of these tools is covered where appropriate in this chapter or in other chapters.

2.6.5. Windows Update

This applet (see Figure 2-32) enables you to specify how or if the server uses the Automatic Updates feature. In most situations, you will likely not use automatic updates for a server because of the need to test and validate updates prior to rollout. You can use Windows Server Update Services (WSUS) in conjunction with Group Policy to carefully control how and when automatic updates are deployed to servers and client systems. See www.microsoft.com/technet/prodtechnol/windowsserver2008/technologies/featured/wsus/default.mspx for details on WSUS.

2.6.6. Date and Time applet

This applet is the same one that appears if you double-click the clock on the system tray. The resulting dialog box enables you to set the server's date, time, and time zone, all of which are self-explanatory.

Figure 2.32. You can configure Automatic Updates behavior for the server.

Having an accurate time on a server is extremely important for authentication purposes but is also important for error and event tracking, as well as security. For example, if you receive a denial-of-service attack from a particular dynamic IP address, knowing the time the attack occurred will enable you to track down the user of that IP at the specified time. Accurate timestamps are also important for reliable backup and restore operations.

Computers in a domain perform their own synchronization. Workstations and member servers automatically synchronize with the domain controller serving as the operations master in the domain. This DC should be checked and adjusted periodically for the accurate time, but a better option is to configure it to take its time from an Internet time source such as time.nist.gov. Domain members will then receive an accurate time when they synchronize with the DC.

You can configure time synchronization settings through Group Policy. You'll find the policies in the \Computer Configuration\Administrative Templates\System\Windows Time Service Group Policy branch. Use the Global Configuration Settings policy to enable and configure a wide variety of properties that determine the way the server handles the time samples it receives from time providers.

The policies in the Time Providers sub-branch control time synchronization from both a client and server standpoint:

• Enable Windows NTP Client. Enabling this policy allows the server to synchronize its time with the server specified in the Configure Windows NTP Client policy. Disable this policy if you don't want the server to synchronize its time.

• Configure Windows NTP Client. Enable this policy if you want the server to synchronize its time with a remote time server. When you enable the policy, you gain access to several properties that specify the time server, update frequency, server type, and other time synchronization aspects.

• Enable Windows NTP Server. Enable this policy if you want the server to act as a time server, enabling it to service NTP requests from other computers on the network.

You don't need Windows Server 2008 to host your own time server. Windows Server 200X, Windows XP, and Vista also offer the capability to act as a time server.

2.6.7. Display object . . . Personalization

The Display applet in no longer available on its own. It has been moved into the Personalization applet. It still, however, enables you to configure desktop settings such as wallpaper, background, color scheme, color depth, and desktop size (resolution). You also can configure a screen saver, enable and configure Web effects, and set general desktop effects and settings. If the system contains multiple display adapters, you can configure settings for each as well as configure how each adapter fits into the desktop.

2.6.8. Folder Options applet

The Folder Options applet in the Control Panel enables you to configure how Explorer folder windows appear and function. You can use it to enable/disable the active desktop, specify the type of window used for displaying folders (Web content or classic), and specify whether new folders open in the same window or in a new window, and so on. You also can configure other options such as file associations and offline files.

2.6.9. Internet Options applet

The Internet Options applet offers several property pages that enable you to configure settings for Internet Explorer and related programs such as Outlook Express and NetMeeting:

• General. Set the default home page, delete cached files, clear the URL history, and set general properties such as fonts, colors, languages, and accessibility features.

• Security. Use the Security page to configure security level for various zones. A zone is a group of Web sites that share a common security level. Click one of the predefined zones and click Sites to add or remove Web sites from the zone. Then use the slider on the Security page to set the security level for the zone or click Custom Level to specify individual settings for the way Internet Explorer handles cookies, ActiveX controls and plug-ins, scripts, file downloads, and so on.

• Privacy. Use the Privacy page to change the way Internet Explorer handles cookies, both globally and for individual Web sites.

• Content. Use the Content page to enable and configure Content Advisor, which helps guard against access to restricted sites (such as sites with adult content). You also use the Content page to configure certificates for use on secure Web sites and for e-mail. Use the Personal Information group on the Content page to create a profile with your name, address, phone number, and other information. Bear in mind that this information is visible to Web sites you visit unless you configure the security zones to prevent it.

• Connections. Use the Connections page to configure your Internet connection(s) and to specify how and when Internet Explorer uses auto-connect to connect to the Internet. Click Setup to run the Internet Connection Wizard to create a new Internet connection. Click LAN Settings to configure proxy server settings.

• Programs. This page enables you to associate specific programs with tasks such as e-mail, newsgroups, and so on.

• Advanced. This page contains several individual options that determine how Internet Explorer handles HTTP versions, multimedia, printing, security, and a variety of other properties.

2.6.10. Network and Sharing Center applet

The Network and Sharing Center applet in the Control Panel opens the Network and Sharing Center applet. This applet contains icons for each of your network connections, including LAN and dial-up connections. Click the "Manage network connections" link to configure the connection's protocols, bindings, clients, services, sharing, and other properties.

2.6.11. Power Options applet

The Power Options applet in the Control Panel controls power-saving features on the computer, such as turning off system peripherals after a specified idle time and setting up hibernation (suspend to disk). You can configure power settings and save the configuration as a power scheme, making it easy to switch between different groups of settings.

The UPS page of the Power Options property sheet controls the UPS service. If a UPS is connected to the computer via one of the computer's ports, the UPS page shows UPS status such as estimated runtime and battery condition. You can configure the UPS through the UPS page or select a different UPS.

2.6.12. Printers Control Panel applet

The Printers Control Panel applet opens the Printers folder, which contains an icon for each installed printer, as well as a wizard for adding local or remote printers.

2.6.13. System applet

The System applet provides access to general system properties. You also can open the System applet by right-clicking Computer and choosing Properties. The first page of the System property applet provides basic information about your system, including OS version, installed memory, CPU type, and registration information.

Clicking Advanced Systems Settings loads the Systems Properties dialog box. The first tab is the Computer Name page.

2.6.13.1. Computer Name

The Computer Name tab is the place to go to change the workgroup or domain to which the computer is assigned, as well as to change its computer name. You also can change the primary DNS suffix for the computer, as well as its NetBIOS name.

2.6.13.2. Hardware page

The Hardware page offers a handful of features for controlling the system's hardware and resource settings (see Figure 2-33). The Hardware Wizard was covered earlier in this chapter in the section "Add Hardware Applet." The Device Manager was covered earlier in the section "Device Manager."

Figure 2.33. Use the Hardware page to add, remove, and configure hardware and hardware profiles.

In Windows Server 2008, drivers can be signed digitally by Microsoft to certify that the driver has been tested and meets certain compatibility criteria defined by Microsoft. Clicking Windows Update Driver Settings opens a dialog box you can use to configure driver installation. You can choose between the following:

• Check for Drivers Automatically (Recommended).

• Ask Me Each Time I Connect a New Device Before Checking for Drivers.

• Never Check for Drivers When I Connect a Device.

You can configure driver signing behavior through Group Policy.

2.6.13.3. Advanced page

You can use the Advanced page of the System properties applet in the Control Panel to configure performance options for the computer, to view and set environment variables, and to configure system startup and recovery options.

2.6.13.4. User Profiles

User profiles store a given working environment, including desktop configuration, mapped drives and printers, and other properties. When a user logs on, the user profile applies the desktop configuration and other properties. User profiles are most useful for providing a consistent user interface for each user even when other users share the same computer. They're also useful for providing a consistent UI for users who log in from a variety of computers (roaming users).

You access user profiles through the Settings button in the User Profiles group of the Advanced tab in the System property sheet.

A user profile comprises a registry file and a set of folders. The registry file applies settings to the UI such as mapped drives, restrictions, desktop contents, screen colors and fonts, and so on, and is a cached copy of the HKEY_CURRENT_USER portion of the registry. The folders include the user's My Documents, My Pictures, and other folders stored under the Documents and Settings folder for the user.

The three types of profiles are personal, mandatory, and default. Personal profiles enable users to modify their working environments and retain those changes from one logon session to the next. Mandatory profiles enable certain configuration changes (subject to restrictions in the profile itself), but those changes are not saved for future logon sessions. The only difference between a personal profile and a mandatory profile is the profile's file extension. Personal profiles use a .dat extension for the registry file portion of the profile, and mandatory profiles use a .man extension.

A default profile is preconfigured by Windows Server 2008 and is applied for new users that log on with no pre-existing profile. The profile then is stored as the user's profile for later logon sessions.

You specify a user's profile through the user's account properties when you create or modify the account. You use the Local Users and Groups MMC console to create and modify local accounts and use the Active Directory Users and Computers console to create and modify domain accounts in the Active Directory. The Profile tab of the user's account properties (see Figure 2-34) specifies the path to the user's profile, the logon script, and other properties. When the user logs on, Windows Server 2008 applies the profile located on the specified path.

Figure 2.34. The Profile page defines the path to the user's profile.

2.6.13.4.1. Creating a profile

Windows Server 2008 provides no specific utility for creating user profiles. Instead, you first log on as the target user to a system with similar video hardware as the user's target workstation (because video settings are stored in the profile and you need to ensure compatibility). You configure the working environment as needed, mapping drives and printers, setting desktop schemes, and so on. When you log off, the profile is stored locally along with the user's folder structure.

2.6.13.4.2. Copying profiles

In order to copy a user profile from one location to another, you use the User Profiles page of the System object in the Control Panel. Open the User Profiles page on the system from which you're copying the profile. Select the profile from the list of profiles stored on the computer and click Copy To. Select the local folder or network share where you want the profile copied and click OK.

2.6.13.4.3. Supporting roaming users

A roaming profile is the same as a local personal profile except that the profile is stored on a network share accessible to the user at logon. You specify the UNC path to the user's profile in his or her account properties so that when the user logs on, the profile can be applied regardless of that user's logon location. If a profile exists on the specified path, Windows Server 2008 applies that profile at logon. If no profile exists on the specified path, Windows Server 2008 creates a new profile automatically, stores it on that path, and uses the profile for future logon sessions.

2.6.13.4.4. Creating a mandatory profile

You create a mandatory profile in the same way you create a personal profile, but with one additional step. After you create the profile and copy it to the target location (such as the user's local computer or a network share for a roaming profile), change the name of the profile's registry file from Ntuser.dat to Ntuser.man.

2.6.13.4.5. Performance options

Click Settings under the Performance group on the Advanced page to display the Performance Options dialog box. The Visual Effects tab enables you to configure a variety of interface options that can affect overall system performance. In the default configuration, 2008 disables all visual effects except visual styles on windows and buttons. Essentially all of the visual effects are eye candy and have no significant administrative benefit, so you should leave them turned off.

You can select options on the Advanced tab to optimize the system for applications or background services. In most cases, you'll select Applications for a Windows Server 2008 Workstation or Background Services for a Server.

The Performance Options dialog box also enables you to change the system's virtual memory allocation (size of the system's swap file) and space allocated to the registry files. Why change swap file size or location? The swap file is used to emulate memory (thus the term virtual memory), making the system appear as if it has more physical memory than it really does. As memory fills up, Windows Server 2008 moves memory pages to the swap file to create space in physical memory for new pages, or it swaps pages between physical and virtual memory when an existing page stored in the swap file is needed. Windows Server 2008 automatically selects a swap file size based on physical memory size, but in some cases, you might want to increase the swap file size to improve performance. You also might want to move the swap file from the default location to a different disk with greater capacity or better performance (such as moving from an IDE drive to a SCSI drive).

Click Change on the Advanced tab of the Performance Options dialog box to access the Virtual Memory dialog box, shown in Figure 2-35. Select a drive for the swap file, specify the initial and maximum sizes (Windows Server 2008 will resize as needed within the range), and click Set. Specify the maximum registry size in the field provided and click OK to apply the changes.

Figure 2.35. Use the Virtual Memory dialog box to control swap file size and registry size.

Changing the maximum registry size doesn't change the size of the registry. It imposes a maximum size that when reached, causes Windows Server 2008 to generate a warning message that the maximum registry size has been reached.

2.6.13.4.6. Environment Variables

Click Environment Variables on the Advanced tab to open the Environment Variables dialog box, which you can use to view, delete, and add environment variables. The variables you define in the upper half of the page apply to the user who currently is logged on. Variables defined in the bottom half apply to all users.

2.6.13.4.7. Startup/Shutdown options

The Startup and Recovery page (see Figure 2-36) enables you to configure boot options, how the system handles a system failure, and how debugging information is handled. The options in the System Startup group enable you to specify which boot option is selected by default and how long the boot menu is displayed. These settings are stored in the Boot.ini file, located in the root folder of the drive on which the boot loader is located. You can edit the file manually with a text editor to change values if you prefer.

Figure 2.36. Configure startup, recovery, and debugging options in the Startup and Recovery dialog box.

Click Settings in the Startup and Recovery group on the Advanced tab to display the Startup and Recovery dialog box.

The System Failure group of controls determines how Windows Server 2008 reacts when a system failure occurs. The system always attempts to write an event to the system log, if possible. If you need to see the blue screen of death after a system failure to gather information for troubleshooting, deselect Automatically Restart.

Use the Write Debugging Information group of controls to specify the action Windows Server 2008 takes to create a memory dump file when a system failure occurs. Microsoft support engineers can use the debugging information to determine the cause of the failure and recommend or develop a fix for the problem.

2.6.13.5. Remote tab

The Remote tab, shown in Figure 2-37, controls Remote Desktop/Terminal Services access to the server, as well as Remote Assistance.

The Remote Assistance group enables you to allow remote users to connect to the server through the Remote Assistance feature. If you click Advanced, you can enable or disable the option Allow This Computer to Be Controlled Remotely. When this option is enabled, a remote user is allowed remote control over the server; disabling the option allows the user to view the server but not control it. You can also set the period of time during which a Remote Assistance invitation can remain open.

You can send Remote Assistance requests with MSN Messenger or by e-mail.

Figure 2.37. Use the Remote tab to configure remote control features.

Remote Desktop is, essentially, a stripped-down version of Terminal Services. Enabling the Allow option in the Remote Desktop group allows remote users to initiate a Remote Desktop or Terminal Services connection to the server. Click Select Remote Users to specify the users that can log in through this service.

Windows XP and Vista include a built-in Remote Desktop client that you can use to connect to Windows Server 2008. In addition, users can employ a Terminal Services client to connect to the server through Remote Desktop. The Remote Desktop Web Connection ActiveX component enables Internet Explorer users to access a computer hosting Remote Desktop connections through their Web browser. Remote Desktop Web Connection is included with Windows XP and Vista and is available for download from Microsoft's Web site.

As handy as it is for remote control and management, Remote Desktop has security implications. You should read through Chapter 16 to ensure that you understand these security implications before enabling Remote Desktop on a server.

If you're having problems getting Terminal Services clients to connect to Windows Server 2008 running Terminal Services, be sure to enable the Allow Users to Connect Remotely to This Computer option on the Remote tab of the System Properties sheet. Disabling this option prevents Terminal Services clients from connecting, even if you've enabled access through Group Policy.