============================================================ New Owner Notes Following Maintenance and Preparation By _Me_ -- _When_Performed;e.g.,_Feb-Mar_2012_ ------------------------------------------------------------ This document was created by _Me_ who performed the laptop diagnosis and maintenance for _Original_Owner_, father of previous owner _Previous_Owner_. Copies have been placed in directories "C:\WINDOWS/addins/HPQ/Documents" and "C:\Documents and Settings\All Users.WINDOWS\HPQ\Documents" under the filename "2012 Feb New Owner Notes.txt". ------------------------------------------------------------ A. User Access Definition and Rationale (Preventing Unauthorized Laptop Use) On this laptop, Windows XP (the Home Edition Service Pack 3 flavor, or XP-HE-SP3 for short) has been configured to require all users to log on and supply the required password of the user account they select for access to be granted. This choice of policy prevents anybody from using the computer if they can only get it to boot from its hard drive, even if they know about the effect the F8 key has early in XP's boot process. While this might stymie most potential unauthorized users, it does nothing to keep more sophisticated usurpers from simply booting some other system from a CD-ROM, DVD, or USB drive they just happen to have handy. Therefore, the BIOS has been configured to prevent such alternative booting as well as preventing just anybody from changing those settings. This is accomplished by defining, within the BIOS itself, the boot order appropriately and setting the BIOS administrative password. That password must be provided when attempting to invoke the BIOS Settings utility by pressing F10 at the right time during the Power On Self-Test (POST) phase that starts whenever the laptop is powered on. But why allow just anybody to boot even the hard drive if that can also be prevented? Since knowledge is power, or in this case, authorization to boot from anything at all, the BIOS user password has also been defined and can only be changed or disabled by someone who knows (or can guess!) the BIOS administrative password. If you, the new owner, don't want any or all of this user access policy, you can change it, soon, but before you decide to do that, you need to keep reading some more. ------------------------------------------------------------ B. User Account Definition and Rationale (An Administrator Security Primer) In addition to the XP-provided Administrator user, which no computer owner is permitted to access with the Home Edition of XP, I have established two user accounts for the owner's use: - SuperUser (usually displayed as Super User), which is a member of the Administrators group, and thus has full user privileges under XP-HE, and - NormalUser (displayed as Normal User), which is a member of the Users group, thus having a limited but much less risky subset of the XP-HE privileges. NormalUser was established to provide a much more secure and much less worrisome environment for the bulk of the owner's use of the system. I gave SuperUser a special red theme to help those who have been ordained administrators of XP on this laptop (through receipt of the password) to remember that SuperUser's dangerous powers must be borne in mind always while using the account. Windows NT, the primary basis upon which XP was defined, was designed with the assumption that all administrators would be competent to administer; i.e., would understand 1. The importance of security and its preferably flawless management, 2. The need to be very careful about what they ask for, because XP will be far more likely to carry out their privileged commands without question, and 3. Have, obviously, the requisite moral integrity to not abuse the privileges to access any confidential data on the system for which they have no legitimate need-to-know, nor misuse their status as a network host administrator (even though admins of Windows-HE hosts are implicitly less trustworthy than Windows-Pro admins, who are ... than IBM mainframe admins). Fat-fingered administrators get naturally selected sooner or later, usually with collateral damage to the user(s) of the computer(s) administered and possibly other people's computers as well. Because most Windows XP-HE owners routinely use the only user account (thus must it be in the Administrators group) for everything they do, any malware they allow to run (usually unknowingly) has whatever privileges it needs to wreak havoc on the entire system and often beyond the system. If you choose to reconfigure this box back into a single owner account setup, that's fine--it is your computer. Just remember always the risks of ALWAYS having great powers and even worse, the potential fallout from failing to keep just anyone from using the laptop, especially without your knowledge. Like it or not, you are now this laptop's primary administrator and as such you have a moral and very likely legal responsibility to ensure it cannot be subverted into a mail-spamming botnet participant or perhaps something much, much more offensive. I have now advised you in accordance with my responsibilities and fulfilled the corresponding obligation. ------------------------------------------------------------ C. Laptop Passwords and Associated Administrative Recommendations The BIOS user and administrative passwords have been set to "_BIOS_User_PW_" and "_BIOS_Admin_PW_" respectively. All three XP account passwords have been set to "_Temp_XP_PW_". You would be extremely wise to change them all as soon as possible. I've already described how to get into the BIOS Setup utility. Even without the manuals helpfully provided on the hard drive (and HPQ website if you do need some help understanding anything), you should be able to redefine the user and administrative passwords, then use F10 to save them and reboot. Once you have done that, I will no longer be empowered to use your laptop without your assistance. More importantly, nor will anyone who just happens to read this document, either. To change the XP user passwords, log on as SuperUser (note this old system is severely taxed by state-of-the-art system and application software demands, so expect some things to take quite a while). Once all the hour glasses stop popping in and out, click on Start, then Run (or just press the WinLogo and R keys at the same time). You should be able to pull-down and select "control userpasswords2" (if not, type in that command without the quotation marks), then launch it. In the ensuing dialog you can (and really, REALLY should) change any and all passwords to whatever you wish, but make them easy for you to remember and very hard for anyone else to crack. If you MUST write them down to be sure you can't ever be stuck with critical passwords you cannot recall, at least encode them in some unforgettable cipher (even backwards is slightly better than "cleartext"). It isn't hard, though, to devise a memory jogger that always reminds you what the actual password is but is meaningless to everyone else. ------------------------------------------------------------ D. Setting Up Networking You should configure your Internet connection next while still in this SuperUser session if you want to relieve unprivileged users from the worry, bother, and/or ability to redefine network configuration. Otherwise, wait until you're in session as NormalUser to configure the networking, which is currently limited to the built-in hardware that supports hardwired Ethernet (CAT-5 cable, plug type RJ-45) and hardwired plain old telephone service (POTS aka land line, plug type RJ-11). Please note I have not tested the POTS modem for FAX or ISP dial-up connection. ------------------------------------------------------------ E. Changing User Accounts Without Rebooting (Saves Time) Next, you need to switch to the NormalUser account. Left-click on Start, left-click on Log Off. You will be asked to choose between Switch User and Log Off. If you choose Switch User, XP won't complain, but neither will you be able to switch the display, keyboard, and mouse over to another user account without logging off because Microsoft wants you to pay them more to be able to do that by buying their upgrade to XP Professional. If Pro were installed and properly configured, Switch User would leave SuperUser logged on and any running programs SuperUser left running would continue (until a keyboard or mouse input became necessary, at which such a program would wait until SuperUser reconnects). Thus, to get where you're going now, you have to select Log Off, so any programs SuperUser launched that are still running will be terminated and SuperUser's session will be ended, freeing up the system resources it was using. That helps other users get better performance but at the cost of the logged off users needing to go through the entire session establishment again the next time they log back on. If you do not expect to log on as SuperUser again before you shutdown the laptop, logging off (or never logging on at all after booting up) makes good sense, assuming you have that choice. Either manner of Switching User returns the user to the user selection dialog. This time select NormalUser and enter the new password (or "_Temp_XP_PW_" if you haven't changed the password). Now a session for NormalUser is established and, after all the hour glasses have come and gone, you can start to personalize your normal place of doing business on your laptop. Please note I configured SuperUser and NormalUser to both use the same home directory, "C:\Documents and Settings\_New_Owner's_DirName_" so that interesting configuration won't possibly induce confusion in the future. ------------------------------------------------------------ F. Sharing Files and Directories Between Users If any normal user files need to be accessible to other users, XP Home Edition's dumbed-down access rules and tools require the normal user to move or copy such files or directories somewhere within "Shared Documents" (which is actually "C:\Documents and Settings\All Users.WINDOWS\Documents"). You will need to read up on how HE's data security works if you decide to create other normal user accounts for other people to use without worrying administrators might be able to compromise their confidential files. ------------------------------------------------------------ G. Compaq Technical Support HP/Compaq (HPQ) has a support web site for this (Presario 2200 CTO) laptop computer at: _Appropriate_Self-Help_Support_Page_URL_ and I have made this the Internet Explorer home page for SuperUser. The "Help and Support" desktop icon gets the user into the HPQ support software on the laptop. Some of its functions must go out via the Internet to vendor websites to work, though. In addition, while those tools that are similar to XP-provided tools tend to be more useful (especially in regards regards to Compaq-specific items), they are seldom as useful, up-to-date, or well-supported as AVG PC Tuneup (see Section I). I have placed the official Compaq manuals in the "HPQ\Documents" subdirectory tree of "Shared Documents" and you really, really should become familiar with their content. Be aware, however, they are dated and sometimes incorrect, sometimes rather seriously, about some things; e.g., the RAM specs. ------------------------------------------------------------ H. The Laptop's RAM Situation The laptop has 2 slots for 200-pin (SoDIMM) memory modules that can be as fast as DDR333 (aka PC2700), it turns out. It is also thus far unclear to me if the slots must be paired with the equivalent capacity modules, or mixing sizes will cause no problems. If mixing will work, you can simply install a 512 MB or 1 GB module into the empty slot to augment the PC-2700 256 MB module already installed, If you cannot get an authoritative answer to that question, and you can't find another 256 MB module somewhere, I recommend you replace the 256 SoDIMM with one or two 512 MB units (around $16 each) or one or two 1 GB modules (around $32 each) from the _Closest_MicroCenter_Or_Equivalent_, which has several dozen candidates in stock at the moment. Visit _Store_URL_ and _Describe_How_To_Navigate_To_The_Right_Page_ for the details. ------------------------------------------------------------- I. AVG PC Tuneup Trial Package As the only trial day permitted has expired now, I strongly urge you to REGISTER the software I installed to finish up the recovery, AVG PC Tuneup 2011, and USE IT REGULARLY to keep your system clean and humming (as best a single-core 256 MB RAM box CAN hum using current XP, IE, Flash, et al). At $35 @ 1 year or $45 @ 2 years, it pays for itself by enabling you to keep the software from overwhelming the laptop's hardware and saves time troubleshooting problems. ------------------------------------------------------------ J. Thoughts On Spending Cash To Make The Laptop More Usable If you can't afford a two year PC Tuneup license AND maxing out the laptop's RAM at 2 GB AND adding a wireless adapter, look at trade-offs as you weigh their relative values to you and price/performance in regard to how you expect to use the computer. Adding another 256 MB to double what you've got is probably the cheapest RAM upgrade unless you have to pay for shipping. If it comes to a choice between adding 256 MB or licensing PC Tuneup for one year, definitely get the RAM, as that will really speed things up, likely more than any magic the full capability of PC Tuneup could perform with only 256 MB to work with. I myself would start with a 1 GB SoDIMM (with or without the existing RAM) and one year license and not plan on any wireless networking. Then I'd determine if that is enough RAM by using the system for a while. If it's sufficient, then I'd look at the utility of WiFi ahead of maxing out the RAM with another 1 GB. In this evaluation of funding improvements, keep in mind this box cannot support post-XP flavors of Windows. It is forever stuck with XP, for which Microsoft will stop providing fixes in the not very distant future. Eventually, new versions of IE, Office, etc., will stop being tested on XP and so may start misbehaving or worse on this system. Loss of MS support is a Bad Thing if you access the Internet. This does not mean the box has an unacceptably limited useful life, however. ------------------------------------------------------------ K. Is Buying Hardware Worth It, Then? The Compaq hardware is very reliable and long-lived. Maybe it could be useful to you running XP without Internet access. However, it would be incredible running any decent and up to date GNU/Linux system once the RAM has been at least doubled. You could even make good use of it for a long time with just the 256 MB RAM it has if you don't need a Graphical User Interface (GUI) such as MS Windows or UNIX X Windows (which predated MS Windows by a decade or so). Both MS-DOS and UNIX (long before MS-DOS) started out without GUI support using what is called Command Line Interface (CLI), called "Command Prompt" in XP and is hidden in Start -> All Programs -> Accessories. In the UNIX world CLI is accessed using supplied components called Terminal Emulators. You may think you need to buy Office or you're stuck with Works for your word processing needs. But why buy Office if LibreOffice can almost certainly handle everything you need Office for? Money saved by using the outstanding free (as in liberty aka libre AND as in beer) software, used by organizations such as IBM and the Federal government, becomes money available for hardware or premium services. The liberty angle is more important than the beer angle even while most people have no idea that is so or why. Liberty means 1. The programming language(s) source code in which the software is developed and then fixed or enhanced cannot be withheld from you, and normally this includes all subsequent releases as well as documentation meant for the software developers, 2. Data file formats cannot be withheld from you--they are totally in the open, which means you can always export your data from one format to another (you're not "locked-in" to some vendor's top secret format; i.e., unable to switch, either easily or even at all, from the current vendor's product to another vendor's and, believe it or not, sometimes the same vendor's newer product), and 3. You are at liberty to migrate your software and data from your current hardware; e.g., this Compaq laptop, to another; e.g., an IBM mainframe (no hardware vendor lock-in). If you say I'm not a programmer, so what good is that to me, consider you could hire a programmer as needed to fix or enhance your software should no one else be willing do that for free as in beer and/or soon enough for your requirements. Microsoft won't change Office a way you really need? Tough (unless you have truckloads of discretionary funds sufficient to persuade them to do it). You can't hire a programmer to fix it because their software source code isn't available to you or the programmer. By the way, you can switch users without logging off on any GNU/Linux system at no additional charge. :-) ------------------------------------------------------------ L. Trying Out GNU/Linux On This Laptop I have included a sample DVD containing one of many GNU/Linux distributions. You can try it out without even touching anything on your hard drive (this is termed live booting, which means the files that would normally be on the hard drive stay on the boot device unless they need to be written to, in which case they are put into a pseudo-hard drive that actually resides in the RAM). Just use the BIOS Setup utility to allow the CD/DVD drive to be booted before the hard drive in the Boot Order section. If the laptop still has just 256 MB RAM, that pseudo-hard drive will really exacerbate the available RAM shortage, making the normal GUI environment painfully slow. Still, you can see what it has to offer by just letting the DVD boot up without any making changes to the boot-up parameters. If you only need to use the CLI environment, usually sufficient to fix something on the hard drive that is beyond XP's capabilities or you want to backup the entire drive without XP running and so changing the disk during the backup, then you need to interrupt the automatic boot-up processing. When the first screen appears, press the Tab key, then do that again when next screen appears. In the third screen, use the arrow keys to move the cursor in front of the "--" at the end of the parameters, then insert "VGA=9 " to get the best screen size for the standard CLI terminal emulator available without a starting the GUI. Insert "single " as well to cause the boot to stop in single user mode running as userid "root" which is the name of the UNIX administrator account. On the live DVD, root has no password, so just hit Enter when asked to provide it. Also, if you delete the "quiet " parameter, you will see all the messages about what is going on during the boot process-- very useful if something is preventing the GNU/Linux system from completing its initialization. After you have made all your changes, pressing Enter gets the ball rolling again. Visit the LinuxMint.com online facilities for help getting oriented to any and every thing not obvious. The more you read up, the better, just like when you're trying to get XP to be useful. ------------------------------------------------------------ M. Other Recommendations For Staying Out Of Unhappy Situations I also strongly recommend 1. Performing a full backup to external media as soon as possible, 2. Setting up daily incremental backups to external media, 3. Creating recovery (aka rescue) CDs based upon current software, and 4. Installing all software updates expeditiously. Only use the SuperUser account for system maintenance and installing software you either want all normal users to share or that won't first install as a normal user (there's way too much stuff that insists on privileges that are not really needed while increasing the risk of system compromise and corruption, unfortunately). Be especially careful installing browser add-ons as SuperUser. Both SuperUser and NormalUser have been configured to lock the active user session when no keyboard inputs (including pressing/releasing a shift key or normally any mouse motion) have happened for a while. This is set in Control Panel -> Display -> Screensaver which you can modify. SuperUser is set to disconnect after two minutes (NormalUser after four), so if you get interrupted and walk away without first locking the session [Windows_Logo + L keys], the risk of someone commandeering your NormalUser or, God forbid, SuperUser session is much reduced. Jiggling the cursor or pressing a shift key once a minute while reading or watching anything nontrivial prevents a lockout. You can change the delay if you know there's no risk but make sure you remember to change it back when risk returns. As an alternative, train yourself to ALWAYS lock the box via WinLogo+L before you stand up, then disable Screensaver locking (or even better, Screensaver altogether--let the power management display timeout blank the screen to prevent burnouts, since even when Screensaver is set to "blank", power management leaves more resources free for better purposes). ------------------------------------------------------------ N. XP Is Still Manifesting More Than Merely Annoying Behaviors? I expect many idiosyncrasies will disappear when the RAM is adequately increased. If GNU/Linux does not have the same problems XP is having, then such problems are most likely based in the software of the XP environment rather than the laptop's hardware. You may determine the XP Repair approach did not resolve all the XP problems and so a full XP Reinstallation over a completely wiped out ("reformatted") hard drive cannot be avoided. Be especially sure you backup the HPQ Updates in "C:\WINDOWS\addins\HPQ" for subsequent reinstallation before the drive is reformatted just in case HP has stopped keeping them available for download on the Internet. The reformatting and reinstallation must be done booting from the HPQ "Operating System CD" and, like the Repair process, puts the hard drive back at SP2 level. Then you must reinstall the HPQ Updates (which you made sure were successfully backed up to external media before reformatting the hard drive, right?). Next run the SP3 installation using the CD (not bootable) I have provided so you won't need to download them from the Web and get exposed to malware in the process. Now just redo what was done for the Repair starting with network configuration and using Microsoft Update to download and reinstall all remaining updates and extensions, etc., as is documented in the Detailed Technical Account which follows. I hope this laptop blesses you exceedingly abundantly! ============================================================ Detailed Technical Account of the Maintenance (For Consumption by Real Administrators) ------------------------------------------------------------ I undertook pro bono for a worthy friend the evaluation and, if possible, remediation of his daughter's Presario 2200 laptop of apparent viral damage which prevented successful networking reconfiguration and hopefully prepping it to be given to a friend of his as a reliable system. Trouble-shooting proved networking support was not defective. I successfully set up a point-to-point Cat-5 Ethernet connection to my netbook running GNU/LinuxMint XFCE 32-bit with IP routing disabled and a caching DNS server, then launched tshark to record all traffic on that link, which never showed anything strange attempting to utilize the Internet. After running CHKDSK under the HPQ XP-HE-SP2 OS CD's recovery console, I became fairly certain that the bad sectors it reported, some underneath XP-HE SP3 files, as well as lax maintenance were the problems, not malware. Whether or not a virus was afoot, it was certain an XP repair or reinstallation would be needed to restore those corrupted files. So I began preparing for a repair or reinstallation while investigating the drive's problems more fully. After remediating the bad sectors using XP CHKDSK while running under the CD's repair console environment, I began iteratively creating new files containing only nulls until no free sectors remained, then deleting those files and scanning the drive again. Each iteration did this running under the hard drive's XP system and then under a live Ubuntu GNU/Linux booted from a pen drive, using the badblocks tool to identify any bad sectors. I performed a half dozen iterations, and encountered no new bad sectors or I/O errors. The BIOS hard drive diagnostic tool agreed the drive had no issues. At that point, I concluded the sector defects were not spreading, the hard drive was likely reliable, and no malware was causing problems. Thus, I moved on to rebuilding the system on the hard drive while preparing it for the new owner. Using the three previously mentioned bootable systems as needed, I 1. Wiped all the user ("_Prev_UserID_") files and directories, 2. Backed up the hard drive (dd.bz2 and tar.bz2 to a 2 TB external hard drive), 3. Uninstalled all unnecessary software, 4. Cleared all unallocated sectors, 5. Backed up the hard drive again, 6. Until convinced the repair task was adequate for moving forward, iteratively a. Cleaned up or wiped all but essential user accounts / system customizations, b. Ran the OSCD Installer's Repair function, c. Explored the repaired hard drive system condition and behavior, and d. If another repair attempt was indicated, restored Step 5's dd.bz2 hard drive image 7. From the Mint netbook, a. Downloaded all HPQ updates into another pen drive, b. Copied them into a new "C:\WINDOWS\addins\HPQ" directory on the Presario, c. Installed them all (through HPQ's "C:\swsetup" hierarchy), and d. Reorganized the addins/HPQ subdirectories to clarify what was what, 8. Configured the Mint netbook as a NAT router into my home LAN via its WLAN port, 9. Fired up Windows Update which installed Microsoft Update (no COA questions were asked so MS believes the Presario is worthy of support), then downloaded and installed a couple hundred updates, including SP3, IE 8, the current .Net framework, and minimal Silverlight, 10. Installed the free AVG anti-virus package and performed all scans using all options, revealing just a couple dozen tracking cookies which it quarantined, 11. Downloaded the AVG PC Tuneup 2011 free-for-24-hours demo, then cleaned the system up as deeply and thoroughly possible, then tweaked things as seemed prudent, 12. Composed this document for all who have a need to know, 13. Uninstalled Silverlight and Indexing due to performance still being poor, 14. Ran a final CHKDSK within the hard drive's XP environment (deferred to the next reboot) that detected no new bad sectors, 15. Took a System Restore point named GoodToGo, 16. Revised this document as needed and printed a hard copy, 17. Made a final full hard drive dd.bz2 backup (19 GB) on the 2 TB external drive just in case, and 18. Informed _Original_Owner_ the laptop was ready for the new owner. ============================================================