Installing Windows XP

These recommendations are mainly for when installing a new copy of Windows XP, but many steps are also relevant to existing installations of XP.

  1. Only use a Windows XP CD that says “Includes Service Pack 2”

    You can get such a CD from a store, from Drew directly, or make your own from the ISO image file at \\\software\miscellaneous\ISOs.  Carnegie Mellon has a site license for Windows XP Professional.
    The original release of Windows XP (sometimes referred to as the OEM release) includes several network vulnerabilities.  Its critical that you NOT use such a CD for installing a new OS… if you do you run the risk of being hacked/infected before the installation even finishes, let alone before you can download/install patches.  Computing Services also scans continuously for unpatched machines and may remove your network access.  If you want to still use an OEM CD and install patches afterwards (necessary when reinstalling on some laptops, particularly non-English language laptops), see the Readme.txt file at \\\software\patches\winXP.
  2. Boot from CD

    Booting from CD might require editing the BIOS on the computer to boot from CD instead of hard drive. If it still doesn't boot from CD, the BIOS may need a firmware update to recognize that the XP CD is a bootable CD. See your computer vendor's website for BIOS updates.
  3. Install XP!

    If possible, I recommend copying your data off the computer before installing XP, then telling the XP installer to delete the partition entirely and create it again so that you're starting from a blank partition. (Alternatively, you can have multiple copies of XP on the same computer, even the same partition, so another option is to tell the installer to leave the existing partition intact and install to a different folder. After installation you'll have a boot menu of the various OSes detected. This menu is kept in the hidden read-only file c:\boot.ini, which you can edit indirectly from the system control panel, advanced, startup and recovery settings, edit, to remove lines for the old OS.)

    If you're reinstalling because of a security compromise, do NOT attempt to reinstall over the existing OS or to use repair/recovery. Either install to a new directory and then manually delete the old Windows directory, or install to a blank partition.

    PASSWORDS: It’s very important to set your computer's password to a 'safe' password, otherwise an infected or malicious computer on the network could infect/hack you by guessing your password. Password guessing is automated and efficient, using entire dictionaries including permutations. Some information on passwords is at If your computer is in a physically secure and trusted area, you might even be better off having NO password on the computer: Windows XP does not allow accounts with empty passwords to be used remotely, so it’s actually safer than having a password, from the point of view of network attacks.
  4. (If necessary…) reinstate your computer's network access

    If you're reinstalling because you were removed from the network for bandwidth/security/infection problems, then reinstate your computer by using another computer to visit the site to request a reactivation. You should receive an automated email acknowledging the request, and network access should resume in less than an hour. If your computer doesn’t show up on the list, email Drew the 'physical address' of the banned computer, found on that computer via Start menu, Run, CMD, ipconfig/all.
  5. (If necessary…) register your computer on the network

    If this is a new computer (or at least new to the Carnegie Mellon network), bring up a web browser and try to access any web page, like  You should be automatically redirected to the network registration web page which will ask for your Andrew userID and password and walk you through the registration of your computer.  For ‘Affiliation’, if you’re a Chemistry grad, staff, or faculty member select ‘Chemistry’.  If you’re a Chemistry undergrad, select ‘Undergraduate Students’.  Please put a description of the computer in the ‘User Comment’ field, including a location if it’s a desktop, such as ‘Dell Dimension 4300, room MI-438’.
  6. Run Windows Update

    This is located at the Start menu, All Programs, Windows Update. Only install the 'critical updates and service packs'- not the Windows XP or Driver Updates. After reboot, run it again to ensure that there are no additional updates.
  7. Check the setting of Automatic Updates

    This is located at the Start menu, Settings, Control Panel, Security Center, Automatic Updates.  Ensure that its set for ‘Automatic’.  This will allow updates to install even if no one is logged in. If the update requires a reboot, it will reboot automatically if no one is logged in. If someone is logged in, they'll be given an opportunity to defer the reboot. Most updates are released on the second Tuesday of the month.
  8. Install Symantec Antivirus

    You can download it from  Version 10 also includes spyware detection and removal.

    If your computer already had antivirus software installed, uninstall it and reboot before installing Symantec Antivirus.  The version we have is a site-licensed corporate version that does not expire.
  9. Set time server

    Doubleclick on the clock in the tray (lower right corner), set Time Zone to Eastern Time, set Internet Time Server to  This will keep the computer’s clock synchronized with the campus clock.  Being out of sync will cause problems with restricted web sites like, and being very out of sync can cause problems with Windows Update.

Some further common post-installation information: