This articlerelies excessively onreferences toprimary sources. Please improve this article by addingsecondary or tertiary sources. Find sources: "Features new to Windows XP" – news ·newspapers ·books ·scholar ·JSTOR(August 2009) (Learn how and when to remove this message)

As the next version ofWindows NT afterWindows 2000, as well as the successor toWindows Me,Windows XP introduced many new features but it alsoremoved some others.

With the introduction ofWindows XP, the C++ based software-onlyGDI+ subsystem was introduced to replace certainGDI functions. GDI+ adds anti-aliased 2D graphics, textures, floating point coordinates, gradient shading, more complex path management, bicubic filtering, intrinsic support for modern graphics-file formats likeJPEG andPNG, and support for composition ofaffine transformations in the 2D view pipeline. GDI+ usesRGBA values to represent color. Use of these features is apparent in Windows XP's user interface (transparent desktop icon labels,drop shadows for icon labels on the desktop, shadows under menus, translucent blue selection rectangle inWindows Explorer, sliding task panes and taskbar buttons), and several of its applications such asMicrosoft Paint,Windows Picture and Fax Viewer,Photo Printing Wizard, My Pictures Slideshow screensaver, and their presence in the basic graphics layer greatly simplifies implementations of vector-graphics systems such asFlash orSVG. The GDI+ dynamic library can be shipped with an application and used under older versions of Windows. The total number of GDI handles per session is also raised in Windows XP from 16,384 to 65,536 (configurable through the registry).

Windows XP shipped withDirectX 8.1, which brings major new features to DirectX Graphics besides DirectX Audio (bothDirectSound andDirectMusic),DirectPlay,DirectInput andDirectShow. Direct3D introduced programmability in the form of vertex and pixelshaders, enabling developers to write code without worrying about superfluous hardware state, andfog,bump mapping andtexture mapping. DirectX 9 was released in 2003, which also sees major revisions to Direct3D, DirectSound, DirectMusic and DirectShow.^[1] Direct3D 9 added a new version of theHigh-Level Shader Language,^[2] support for floating-point texture formats,Multiple Render Targets, and texture lookups in the vertex shader. Windows XP can be upgraded to DirectX 9.0c (Shader Model 3.0).

Windows XP includesClearTypesubpixel rendering, which makes onscreen fonts smoother and more readable onliquid-crystal display (LCD) screens.^[3][4] Although ClearType has an effect onCRT monitors, its primary use is for LCD/TFT-based (laptop, notebook and modern 'flatscreen') displays. ClearType in Windows XP currently supports the RGB and BGR sub pixel structures. There are other parameters such as contrast that can be set via a ClearType Tuner powertoy that Microsoft makes available as a free download from its Typography website.^[5]

WithWindows XP, the Start button has an updated appearance and is larger, making it faster to mouse over to it and click it. To help the user access a wider range of common destinations more easily from a single location, theStart menu was expanded to two columns; the left column focuses on the user's installed applications, while the right column provides access to the user's documents, and system links which were previously located on the desktop. Links to the My Documents, My Pictures and otherspecial folders are brought to the fore. TheMy Computer andMy Network Places (Network Neighborhood in Windows 95 and 98) icons were also moved off the Desktop and into the Start menu, making it easier to access these icons while a number of applications are open and so that the desktop remains clean. Moreover, these links can be configured to expand as a cascading menu. Frequently used programs are automatically displayed in the left column, newly installed programs are highlighted, and the user may opt to "pin" programs to the start menu so that they are always accessible without having to navigate through the Programs folders. The default web browser and default email program are pinned to the Start menu. The Start menu is fully customizable, links can be added or removed; the number of frequently used programs to display can be set. TheAll Programs menu expands like the classic Start menu to utilize the entire screen but can be set to scroll programs. The user's name and user's account picture are also shown on the Start menu.

The taskbar buttons for running applications and Quick Launch have also been updated for Fitt's law. Locking thetaskbar not only prevents it from being accidentally resized or moved but elements such asQuick launch and other DeskBands are also locked from being accidentally moved. TheTaskbar grouping feature combines multiple buttons of the same application into a single button, which when clicked, pops up a menu listing all the grouped windows and their number. Advanced taskbar grouping options can be configured from theregistry.^[6] The user can choose to always show, always hide or hide some or all notification area icons if inactive for some time. A button allows the user to reveal all the icons. The Taskbar, if set to a thicker height also displays the day and date in the notification area.

There are significant changes made to Windows Explorer in Windows XP, both visually and functionally. Microsoft focused especially on making Windows Explorer more discoverable and task-based, as well as adding a number of features to reflect the growing use of a computer as a "digital hub".

The task pane is displayed on the left side of the window instead of the traditional folder tree view when the navigation pane is turned off. It presents the user with a list of common actions and destinations that are relevant to the current directory or file(s) selected. For instance, when in a directory containing mostly pictures, a set of "Picture tasks" is shown, offering the options to display these pictures as a slide show, to print them, or to go online to order prints. Conversely, a folder containing music files would offer options to play those files in a media player, or to go online to purchase music.

Every folder also has "File and Folder Tasks", offering options to create new folders, share a folder on the local network, publish files or folders to a web site using theWeb Publishing Wizard, and other common tasks like copying, renaming, moving, and deleting files or folders. File types that have identified themselves as being printable also have an option listed to print the file.

Underneath "File and Folder Tasks" is "Other Places", which always lists the parent folder of the folder being viewed and includes additional links to other common locations such as "My Computer", "Control Panel", and "My Documents" or previously navigated locations. These change depending on what folder the user was in.

Underneath "Other Places" is a "Details" area which gives additional information when a file or folder is selected – typically the file type, file size and date modified, but depending on the file type, author, image dimensions, attributes, or other details. If the file type has aThumbnail image handler installed, its preview also appears in the "Details" task pane. For music files, it might show the artist, album title, and the length of the song. The same information is also shown horizontally on thestatus bar.

The "Folders" button on the Windows Explorer toolbar toggles between the traditional navigation pane containing the tree view of folders, and the task pane. Users can also close the navigation pane by clicking the Close button in its right corner as well as turn off the task pane from Folder Options.

The navigation pane has been enhanced in Windows XP to support "simple folder view" which when turned on hides the dotted lines that connect folders and subfolders and makes folders browsable with single click while still keeping double clicking on in the right pane. Single clicking in simple folder view auto expands the folder and clicking another folder automatically expands that folder and collapses the previous one.

Windows XP introduced a large number ofmetadataproperties^[7] which are shown as columns in the "Details" view of Explorer, in the newTiles view in Explorer, on theSummary tab in a file's properties, in a file'stooltip and on the Explorer status bar when a single file is selected. Users also gain the ability to sort by any property which is turned on in "Details" view. Developers can write column handlershell extensions to further define their own properties by which files can be sorted. The column by which items are sorted is highlighted. Sorting files and folders can be in Ascending order or Descending order in all views, not justDetails view. To reverse the order, the user simply can perform the sort by the same property again. The sort order has also been made more intuitive compared to the one in Windows 2000. For file names containing numbers Windows Explorer now tries to sort based on numerical value rather than just comparing each number digit by digit for every character position in the file name.^[8] For instance, files containing "1", "2".."10" will be intuitively sorted with "10" appearing after "9" instead of appearing between "1" and "2".

The right pane of Windows Explorer has a "Show in Groups" feature which allows Explorer to separate its contents by headings based on any field which is used to sort the items. Items can thus be grouped by any detail which is turned on. "Show in Groups" is available in Thumbnails, Tiles, Icons and Details views.

Microsoft introduced animated "Search Companions" in an attempt to make searching more engaging and friendly; the default character is a puppy named Rover, with three other characters (Merlin the magician, Earl the surfer, and Courtney) also available. These search companions powered byMicrosoft Agent technology, bear a great deal of similarity toMicrosoft Office'sOffice Assistants, even incorporating "tricks" and sound effects. If the user wishes, they can also turn off the animated character entirely.

The search capability itself is fairly similar to Windows Me and Windows 2000, with some important additions. TheIndexing Service can extractExif properties, as well as some metadata for ASF, WMV and MP3 files under Windows XP via the IPropertyStorage interface using built-in Null Filter. Search can also be instructed to search only files that are categorically "Documents" or "Pictures, music and video" (searching by perceived type); this feature is noteworthy largely because of how Windows determines what types of files can be classified under these categories.^[9] Another important addition is that the "Look in" field accepts and expandsenvironment variables for abbreviated entry of long paths. Also, users can configure whether or not Windows XP searches for system and/or hidden files and folders. UsingTweak UI, the search user interface can be restored to the one used by Windows 2000.

Windows XP improves image preview by offering a Filmstrip view which shows images in a single horizontal row and a large preview of the currently selected image above it. "Back" and "Previous" buttons facilitate navigation through the pictures, and a pair of "Rotate" buttons offer 90-degree clockwise and counter-clockwise rotation of images. Filmstrip view like any other view can be turned on per folder. This view will be available if the new "Common Tasks" folder view is selected, not with "Windows Classic" folder view. Aside from the Filmstrip view mode, there is a 'Thumbnails' view, which displaysthumbnail-sized images in the folder and also displays images a subfolder may be containing (4 by default) overlaid on a large folder icon. A folder's thumbnail view can be customized from theCustomize tab accessible from its Properties, where users can also change the folder's icon and specify a template type (pictures, music, videos, documents) for that folder and optionally all its subfolders. The size and quality of thumbnails in "Thumbnails" view can be adjusted usingTweak UI or the registry.^[10]Exif metadata stored in the image is also shown in the file'sProperties ->Summary tab, in "Details" view and in any view on the status bar. Windows XP optionally caches the thumbnails in a "Thumbs.db" file in the same folder as the pictures so that thumbnails are generated faster the next time. Thumbnails can be forced to regenerate by right-clicking the image in Thumbnail or Filmstrip views and selecting "Refresh thumbnail".

AutoPlay examines newly discovered removablemedia and devices and, based on content such as pictures, music or video files, launches an appropriate application to play or display the content.^[11] AutoPlay (not to be confused withAutoRun) was created in order to simplify the use ofperipheral devices –MP3 players,memory cards,USB storage devices and others – by automatically starting the software needed to access and view the content on these devices. AutoPlay can be enhanced by AutoPlay-compatible software and hardware. It can be configured by the user to associate favourite applications with AutoPlay events and actions. These actions are calledAutoPlay Handlers and there are sets of Handlers associated with various types of content. New AutoPlay handlers can get added to the system when additional software is installed. The user can edit, delete or create AutoPlay handlers usingTweakUI. AutoPlay settings can be configured per-device in Windows XP from the device's properties.

When a user inserts an optical disc into a drive or attaches a USB camera, Windows detects the arrival and starts a process of examining the device or searching the medium. It is looking for properties of the device or content on the medium so that AutoPlay can present a set of meaningful options to the user. When the user makes a particular choice, they also have the option to make that selection automatic the next time Windows sees that content or device.^[12] The content types available vary with the type of drive selected.

• Windows XP introduced the notion of Perceived Types, making it easier for applications and shell extensions to register themselves with file types, even if the default program and its associated ProgID changes.^[13] Perceived Types also made it easier for end users to search files without specifying individual file extensions.
• Per-userRecycle Bin for NTFS volumes. In earlier versions of Windows NT, one user could see the other user's deleted files located in the Recycle Bin.
• Folder options to restore previously open folder windows at logon (restoring Explorer sessions)^[14]
• Customizable infotips on a per-file-class (file type) basis without writing shell extensions^[15]
• Windows Explorer is content-dependent, that is, it attempts to detect the dominant type of files in a folder and then selects the most appropriate view for the user automatically unless the user manually sets the view.
• To prevent applications from taking over the file associations already registered with the default program explicitly set by the user, Windows XP prevents programmatic file associations if the Open With dialog or File Types tab is used by users to override the default.
• A "Tiles" view was added, which displays the file's icon in a larger size (48 × 48), and places the file name, descriptive type, and additional information by which the items are sorted (typically the file size for data files, and the publisher name for applications) to the right.
• The toolbars can be locked to prevent them from being accidentally moved. This same capability was also added to Internet Explorer's toolbars.
• The "Line up icons" feature in the context menu has been replaced by an "Align to grid" feature which when turned on always lines up icons.
• For unknown/undefined file types which inexperienced users may get confused when double clicked, Windows XP can contact a web service which shows additional information about that file type and what program created or can open that file type.
• If an image named "Folder.jpg" is placed inside a folder, that image will be used as the thumbnail for that folder and asAlbum Art for media files inWindows Media Player.
• EFS-encrypted files can be shown in an alternate color (green by default) beginning with Windows XP.
• File and folder size information is shown in tooltips upon mouse hover. For folders, size and partial folder contents are shown.
• When opening more than 15 files in a single operation, i.e. by selecting multiple files and pressing enter, Windows XP warns the user that Windows Explorer may become unresponsive, but still allows the user to do so.
• Windows Explorer supports a very basic form of mass renaming items.
• Marquee-style progress bars.
• A hyperlink control in system supplied common controls.

Windows XP includesWindows Picture and Fax Viewer which is based onGDI+^[16] and is capable of viewing image formats supported by GDI+, namely,JPEG,BMP,PNG,GIF (including animated GIFs),ICO,WMF,EMF andTIFF format files. It supersedes part of the functions ofImaging for Windows in previous versions of Windows.

The Windows Picture and Fax Viewer is integrated with Windows Explorer for functions like slideshow, email, printing etc. and quickly starts up when an image is double clicked in Windows Explorer. It supports full file management from within the viewer itself, that is, right clicking the image shows the samecontext menu as the one shown when an image is right clicked inWindows Explorer. Images can be set as thedesktop wallpaper from the context menu. It supports successive viewing of all images in current folder and looping through images,^[17] that is, after viewing the last image in a directory, it again shows the first image and vice versa. By default, images smaller than the user's display resolution are shown at their actual size. If an image is larger than the display resolution, it is scaled to fit the screen (Best Fit).^[17] Images can be zoomed in or out depending on the viewing area. When this is done, scroll bars allow for viewing of all areas of the image. It hasStandard toolbar buttons forDelete,Print,Copy to andOpen with.^[17] TheCopy to button converts an image to a different format supported in GDI+, that is, JPEG, BMP, GIF, TIFF or PNG.^[18] ThePrint button starts thePhoto Printing Wizard which allows printing images with picture titles using various page layouts such as full page prints, wallet prints, contact/index sheets or certain fixed dimensions with the images cropped or rotated to fit the page. The wizard shows a preview of what the printed page will look like with the currently specified options.^[18] Windows Picture and Fax Viewer can also rotate images clockwise or anti-clockwise, start a slideshow of all or selected images in the folder, or e-mail them by selecting the "Send To Mail Recipient" option.^[18] Further options allow the image to be mailed full size, or in pixel dimensions of: 640 x 480, 800 x 600, and 1024 x 768. UsingTweak UI, the time between images during a slideshow can be adjusted.

Windows Picture and Fax Viewer recognizes embeddedICC V2 color profiles^[19] in JPG and TIFF files. GIF files are shown with full animation, even when zoomed. TIFF files can be annotated using theAnnotation Toolbar which appears at the bottom of the screen.^[20] Lines can be drawn on the TIFF image and text added to it. Areas of the image can be selected and concealed. The Windows Picture and Fax Viewer is also capable of viewing multi-page TIFF files.However TIFF images with JPEG compression are not fully supported.^[21] The last button on the standard toolbar opens the image for editing; by default, inMicrosoft Paint; however any editing application can be registered for this button in the viewer. Windows Picture and Fax Viewer saves and remembers its window position and size and supports keyboard shortcuts for all of its operations.

Raw image formats, which are the preferred formats in professional photography are not supported, however, Microsoft released a later update calledRAW Image Thumbnailer and Viewer for Windows XP for viewing certain raw image files.^[22]

• Windows XPincludes a new set of visual styles, known by its codename, "Luna". Available in three color schemes, the interface is more task-based than the basic one included since Windows 95, with options available in Explorer windows to interact with each file. The user can however choose to fully revert to the pre-Windows XP "classic" user interface. Developers can take advantage of visual styles through the use ofComctl32.dll v6.0 in their programs.^[23]
• Windows XP's Display Properties allows users to save their customizations asThemes. This feature was previously a part ofMicrosoft Plus!.
• Icon and cursor support for24-bit color depth with an 8-bit alpha channel.^[24] Microsoft contractedThe Iconfactory which created over 100 colorful icons for Microsoft to be included in Windows XP.^[25] The 10-icon resource limit has also been increased.^[26] For high DPI displays, Windows XP supports larger cursor sizes.^[27]
• Use ofbullets instead of asterisks inpassword fields of a TextBox control, i.e., "•••" instead of "***".
• Several informational, critical and warning messages in Windows XP are shown as balloon notifications which automatically fade away after predefined interval and condition, instead of showing them as dialog boxes which require interaction from the user.
• New configurable sound events forDevice Connect,Device Disconnect,Device Failed to Connect,Print Complete,New fax,Fax Error,System Notification,Windows Logon andWindows Logoff.
• A rich set of live orchestral recordings for the Windows XP tour theme music and system sounds was composed by composerBill Brown.^[28]
• The famous music that plays during theOut-of-box experience, the setup at first launch where the user could connect to the internet, choose whether to have automatic updates, and choose their username, is located at C:\Windows\system32\oobe\images\title.wma. The piece is named "Velkommen" and was composed by Stan LePard. However, many users did not hear the music as most sound card drivers would be installed after this setup process. This piece was also used in the tour forInternet Explorer 3 Starter Kit.^[29][30][31]
• Window ghosting that allows the user to minimize, move or close the main window even if the application is not responding.^[32]

TheText Services Framework (TSF), is aCOMframework andAPI introduced inWindows XP that supports advanced text input and text processing. The Text Services Framework is designed to offer advanced language andword processing features to applications. It supports features such as multilingual support, keyboard drivers,handwriting recognition,speech recognition, as well asspell checking and other text andnatural language processing functions. It is also downloadable for older Windows operating systems.^[33]

TheLanguage Bar is the coreuser interface for Text Services Framework. The language bar enables text services to add UI elements to the toolbar and enables these elements when an application has focus. From the Language Bar, users can select the input language, and control keyboard input, handwriting recognition and speech recognition. The language bar also provides a direct means to switch between installed languages, even when a non-TSF-enabled application has focus.

The Windows XPkernel is completely different from the kernel of the Windows 9x/Me line of operating systems. Although an upgrade of the Windows 2000 kernel, there are major scalability, stability and performance improvements, albeit transparent to the end user.^[34][35]

Windows XP includessimultaneous multithreading (hyperthreading) support. Simultaneous multithreading is a processor's ability to process more than one data thread per core at a time.

Windows XP supports a larger systemvirtual address space—1.3 GB—of which the contiguous virtual address space that can be used by device drivers is 960 MB. The Windows XP Memory Manager is redesigned to consume less paged pool, allowing for more caching and greater availability of paged pool for any component that needs it.

The total size ofmemory-mapped files in Windows 2000 was limited because the memory manager allocated the Prototype Page Table entries (PPTEs) for the entire file, even if an application created mapped views to only parts of the file. In Windows XP, the Prototype PTEs are only allocated when required by an application, allowing larger mapped files. A benefit of this, for example, is in case of making backups of large files on low memory systems. The paged pool limit of 470 MB has been lifted from the Memory Manager in Windows XP, with unmapped views dynamically reusable by the memory manager depending on pool usage.

Memory pages in working sets are trimmed more efficiently for multiprocessor systems depending on how recently they were accessed.Lock contention is reduced, as a number of unnecessary locks used in resource synchronizations (RAM allocation and mapping throughAddress Windowing Extensions, systempage table entries, charging non-paged/paged pool quotas, charging commitment of pages) have been removed. The dispatcher lock contention has been reduced and the Page Frame Number (PFN) lock has been optimized for increased parallelism and granularity. Windows XP uses push locks on theevent synchronization object if there is no contention as they support shared and exclusive acquisition. Push locks protect handle table entries in theExecutive, and in theObject Manager (to protect data structures andsecurity descriptors) and Memory Manager (to protectAWE-related locks). Windows XP uses theSYSENTER/SYSEXIT mechanisms which require fewer clock cycles to transition to and fromuser mode tokernel mode to speed upsystem calls.

The kernel page write protection limit in Windows XP is enabled on systems up to 256 MB of RAM beyond whichlarge pages are enabled for increased address translation performance.

Windows XP introduces theCreateMemoryResourceNotification function which can notify user mode processes of high or low memory availability so applications can allocate more memory or free up memory as necessary.^[36]

In versions of Windows prior to Windows XP, the registry size was limited to 80% of the paged pool size. In Windows XP, the registry is reimplemented outside of the paged pool; the registry hives are memory mapped by theCache Manager into the system cache, eliminating theregistry size limit. The registry size is now limited only by the available disk space. The System hive still has a maximum size, but it has been raised from 12 MB to 200 MB, eliminating the issue previous Windows versions faced^[37] of being unable to boot because of a large or fragmented System hive. TheConfiguration Manager has been updated to minimize the registry'smemory footprint andlock contention, reduce fragmentation and thus page faults when accessing the registry, and improved algorithms to speed up registry query processing. An in-memory security cache eliminates redundantsecurity descriptors.

Windows XP supports cross user session debugging, attaching the debugger to a non-crashing user-mode program, dumping the process memory space using thedump command, and then detaching the debugger without terminating it. Debugging can be done over a FireWire port and on a local system. The debug heap can be disabled and the standard heap be used when debugging.

Windows XP introduces support for Vectored Exception Handling. Vectored Exception Handling is made available to Windows programmers using languages such as C++ and Visual Basic. VEH does not replace Structured Exception Handling (SEH), rather VEH and SEH coexist with VEH handlers having priority over SEH handlers. Compared with SEH, VEH works more like a traditional notification callback scheme.

Applications can intercept an exception by calling theAddVectoredExceptionHandler API to watch or handle all exceptions. Vectored handlers can be chained in order in a linked list and they aren't tied to the stack frame, so they can be added anywhere in the call stack unlike SEH's try/catch blocks.

Heap leak detection can be enabled when processes exit and a debugger extension can be used to investigate leaks. Also introduced is a new heap performance-monitoring counter. Windows XP introduces a new low fragmentation heap policy (disabled by default) which allocates memory in distinct sizes for blocks less than 16KB to reduce heap fragmentation. The Low Fragmentation Heap can be enabled by default for all heaps using the LFH Heap Enabler utility.^[38]

There are new APIs forIRP cancellation and registering file system filtercallbacks to intercept the OS fast I/O functions. In low memory conditions, "must succeed" calls are denied, causing a slowdown but preventing abug check. I/O is throttled to fetch only one memory page at a time increasing overall scalability.

Windows XP includesNTFS 3.1, which expands theMaster File Table (MFT) entries with a redundant MFT record number, useful for recovering damaged MFT files. The NTFS conversion utility,Convert.exe, supports a new /CvtArea switch so that the NTFS metadata files can be written to a contiguous placeholder file, resulting in a less fragmented file system after conversion. NTFS 3.1 also supportssymbolic links although there are no tools or drivers shipped with Windows XP to create symbolic links.^[39]

Windows XP introduces the ability to mount NTFS read-only volumes. There are new APIs to preserve original short file names, to retrieve a list of mount points (drive letters and mounted folder paths) for the specified volume, and to enable applications to create very large files quickly by setting the valid data length on files without force-writing data with zeroes up to the VDL (SetFileValidData function). For instance, this function can be used to quickly create a fixed size virtual machine hard disk.^[40] The defaultaccess-control lists for newly created files are read-only for theUsers group and write permissions are given only to theAdministrators group, theSystem account and the owner.

The ability to boot in 30 seconds was a design goal for Windows XP, and Microsoft's developers made efforts to streamline the system as much as possible; The LogicalPrefetcher is a significant part of this; it monitors what files are loaded during boot, optimizes the locations of these files on disk so that less time is spent waiting for the hard drive's heads to move and issues largeasynchronous I/O requests that can be overlapped with device detection and initialization that occurs during boot. The prefetcher works by tracing frequently accessed paged data which is then used by theTask Scheduler to create a prefetch-instructions file at %WinDir%\Prefetch. Upon system boot or the launch of an application, any data and code in the trace that is not already in memory is prefetched from the disk. The previous prefetching results determine which scenario benefited more and what should be prefetched at the next boot or launch. The prefetcher also uses the same algorithms to reduce application startup times. To reduce disk seeking even further, theDisk Defragmenter is called in at idle time to optimize the layout of these specific files and metadata in a contiguous area. Boot and resume operations can be traced and analyzed using Bootvis.exe.

Windows XP includes aFast Logon Optimization feature that performs logon asynchronously without waiting for the network to be fully initialized ifroaming user profiles are not set up.^[41] Use of cached credentials avoids delays when logging on to adomain.Group Policy is applied in the background, and startup or logon scripts execute asynchronously by default.

Windows XP reconciles local androaminguser profiles using a copy of the contents of the registry. The user is no longer made to wait as in Windows 2000 until the profile is unloaded. Windows XP saves locked registry hives with open keys after 60 seconds so that roaming profile changes can be saved back to the server. The problem left is that the computer cannot recover the memory the profile uses until it can be unloaded. To make sure the user profiles are completely reconciled correctly during logoff, Microsoft has released theUser Profile Hive Cleanupservice for Windows XP, which they later included in Windows Vista.^[42]

Windows XP offers enhancements for usability, resilience against corruption and performance ofroaming user profiles.^[43] There are new Group Policies to prevent propagation of roaming user profile changes to the server, give administrators control over users' profile folders and preventing the use of roaming user profiles on specific computers. To accommodate the scenario where an older profile would overwrite a newer server profile due to Windows XP'sFast Logon feature, Windows XP ensures in such a situation that the user registry hive is copied from the server to the local profile.

Deletion of profiles marked for deletion at the next logoff does not fail for locked profiles. For workgroup computers, Windows XP no longer deletes the profiles of users belonging to theGuests group.

Windows XP includes some changes to the behavior ofOffline Files. The Offline Files Client-Side Cache can now be encrypted withEncrypting File System. Shared folders fromDFS namespaces can be made available offline.^[44] Also, roaming user profiles can be synchronized with the server even if Offline Files has marked the server as unavailable.^[45]

Beginning with Windows XP,folders redirected to the network are automatically made available offline usingOffline Files, although this can optionally be disabled through Group Policy.

For older Windows NT 4.0 and earlier systems with legacy directory structure, Windows XP allows redirecting theMy Documents folder to their home directory.

In Windows XP, there are some improvements made toSystem Restore compared toWindows Me.^[46] System Restore uses acopy-on-writefile system filter driver for taking snapshots. In Windows XP, System Restore is configurable per volume and the data stores are also stored per volume. On NTFS volumes, the Restore Points are stored using NTFS compression and protected using ACLs. ADisk Cleanup handler allows deleting all but the most recent Restore Point. Besides the Registry hives and system files,COM+ andWMI databases and theIIS metabase can also be restored. System Restore supports Group Policy. System Restore in Windows XP also works without issues withEFS-encrypted files.

Automated System Recovery is a feature that provides the ability to save and restore Windows and installed applications, thesystem state, and critical boot and system files from a special backup instead of a plain reinstall.^[47] ASR consists of two components - backup and restore. The Backup portion located inNTBackup backs up the system state (Windows Registry, COM+ class registration database,Active Directory and the SYSVOL directory share), and the volumes associated with operating system components required to start Windows after restore as well as their configuration (basic or dynamic).^[48] The Restore portion of ASR is accessed by pressing F2 from Windows XP Text mode Setup.^[49] Automated System Recovery can even restore programs and device drivers if they are added to the ASR Setup information disk.^[50] ASR does not restore data files.

A common issue in previous versions of Windows was that users frequently suffered fromDLL hell, where more than one version of the samedynamically linked library (DLL) was installed on the computer. As software relies on DLLs, using the wrong version could result in non-functional applications, or worse. Windows 98 Second Edition and Windows 2000 partially solved this problem fornative code by introducing side-by-side component sharing and DLL/COM redirection. These operating systems allowed loading a private version of the DLL if it was placed in the application's folder by the developer, instead of the system directory and must be registered properly with the system.

Windows XP improves upon this by introducing side-by-sideassemblies for COM+ 2.0, .NET, COM classic, and Win32 components (C Runtime, GDI+, Common Controls). The technology keeps multiple digitally signed versions of a shared DLL in a centralizedWinSxS folder and runs them on demand to the appropriate application keeping applications isolated from each other and not using common dependencies. Manifests and the assembly version number are used by the OS loader to determine the correct binding of assembly versions to applicationsinstead of globally registering these components. To achieve this, Windows XP introduces a new mode ofCOM object registration calledRegistration-free COM (or RegFree COM). It allows Component Object Model (COM)components to store activationmetadata and CLSID (Class ID) for the component without using theregistry. Instead, the metadata and CLSIDs of the classes implemented in the component are declared in an assembly manifest (described usingXML), stored either as a resource in the executable or as a separate file installed with the component.^[51] This allows multiple versions of the same component to be installed in different directories, described by their own manifests, as well asXCOPY deployment.^[52]

During application loading, the Windows loader searches for the manifest.^[53] If it is present, the loader adds information from it to the activation context^[52] When the COM class factory tries to instantiate a class, the activation context is first checked to see if an implementation for the CLSID can be found. Only if the lookup fails is theregistry scanned.^[52]

Windows Error Reporting collects and offers to send post-errordebug information (amemory dump) using the internet to the developer of an application thatcrashes or stops responding on a user's desktop. No data is sent without the user's consent. When a dump (or other error signature information) reaches the Microsoft server, it is analyzed and a solution is sent back to the user if one is available. Windows Error Reporting runs as aWindows service and can optionally be entirely disabled. Software and hardware manufacturers may access their error reports using Microsoft'sWinqual program.^[54] Software and hardware manufacturers can also close the loop with their customers by linking error signatures to Windows Error Reporting Responses. This allows distributing solutions as well as collecting extra information from customers (such as reproducing the steps they took before thecrash) and providing them with support links.

On old versions of Windows, when users upgrade a device driver, there is a chance the new driver is less stable, efficient or functional than the original. Reinstalling the old driver can be a major hassle and to avoid this quandary, Windows XP keeps a copy of an old driver when a new version is installed. If the new driver has problems, the user can return to the previous version. This feature does not work with printer drivers.^[55]

• Windows Driver Protection blocks known problematic drivers from installing or loading^[56]
• TheDriver Verifier introduced in Windows 2000 is a tool that replaces the default operating systemsubroutines with ones that are specifically developed to catchdevice driverbugs.^[57] Once enabled, it monitors and stresses drivers to detect illegalfunction calls or actions that may be causing system corruption. In Windows XP, new verification options have been added for DMA, I/O, SCSI and deadlock detection to Driver Verifier. Driver Verifier Manager, a GUI is introduced forDriver Verifier and includes the ability to automatically verify unsigned drivers.
• Last Known Good Configuration in Windows 2000 restored the hardware configuration in the registry control set indicated by theLastKnownGood key instead of the default. In Windows XP, it is extended to support restoring the device drivers too of the last working configuration, should a newly installed device driver make Windows unbootable.

As Windows XP merged the consumer and enterprise versions of Windows, it needed to support applications developed for the popular and consumer-orientedWindows 9x platform on the Windows NT kernel. Microsoft addressed this by improving compatibility with application-specifictweaks andshims and by providing tools such as the Application Compatibility Toolkit (AppCompat or ACT)^[58]to allow users to apply and automate these tweaks and shims on their own applications.^[59] Users canscript the Compatibility Layer usingbatch files.^[60] Windows XP Setup also includes a compatibility checker that warns users - before setup begins - of incompatible applications and device drivers or of applications that may need reinstallation.^[61]

The RTM release of Windows XP includes Windows Media Player version 8 (officially called Windows Media Player for Windows XP) and Windows Media 8 codecs. Windows Media Player for Windows XP introduced ID3 support for MP3s, editing media information from within the Library, adding lyrics for MP3 or WMA tracks, file name customization when ripping, new visualizations, support forHDCDs, ability to lock down the player in a corporate environment and DVD playback support (when appropriate codecs are installed separately).^[62] Windows Media Player also incorporates newer hardware support for portable devices by means of theMedia Transfer Protocol and theUser-Mode Driver Framework-basedWindows Portable Devices API.

The original RTM release of Windows XP includedWindows Movie Maker 1.1 which added non-compressedDV AVI recording of digital video sources. Windows Movie Maker 2 introduced numerous new transitions, effects, titles and credits, a task pane, resizable preview window with dimensions, improved capture and export options, anAutoMovie feature, saving the final video back to tape and custom WMV export profiles.^[63]

Windows XP includes advances in Broadcast Driver Architecture for receiving and capturing analog and digital TV broadcasts complete with signal demodulation, tuning, software de-multiplexing, electronic program guide store, IP data broadcasting etc.^[64]

Windows XP includes improvedFireWire (IEEE 1394) support (DVCPRO25 –525-60 and625-50) for digital video cameras and audio video devices.^[65] It introducesMSTape, aWDM driver forD-VHS and MPEG camcorder devices.^[66]

DirectShow 8 introduces theVideo Mixing Renderer-7 (VMR-7) filter which uses DirectDraw 7 for video rendering, replacing theOverlay Mixer. VMR-7 can mix multiple streams and graphics with alpha blending, allowing applications to draw text (such as closed captions) and graphics (such as channel logos or UI buttons) over the video without flickering, and support compositing to implement custom effects and transitions.^[67] VMR-7 also supports source color keying, overlay surface management, frame-stepping and improved multiple-monitor support. VMR-7 features a "windowless mode" for applications to easily host video playback within any window and a "renderless playback mode" for applications to access the composited image before it is rendered. DirectX 9 introduced the VMR-9 which usesDirect3D 9 instead of DirectDraw, allowing developers to transform video images using the Direct3D pixel shaders.^[68]

DirectShow 8 includesAVStream, a multimediaclass driver for video-only and audio-video kernel streaming.

• Windows Media Encoder 9 Series allows encodingWindows Media 9–based content.
• InstallingWindows Media Connect or Windows Media Player 11 adds aUPnP-based streaming media server.

Windows XP provides new and/or improved drivers and user interfaces for devices compared to Windows Me and 98.

Beginning with Windows XP Service Pack 1, genericUSB 2.0Enhanced Host Controller Interface drivers are installed.^[69] Windows XP also adds support for USB device classes such as Bluetooth,USB video device class, imaging (still image capture device class) andMedia Transfer Protocol with Windows Media Player 10.^[70]

For mass storage devices, Windows XP introduces hardware descriptors to distinguish between various storage types so that the operating system can set an appropriate default write caching policy.^[71] For example, for USB devices, it disables write caching by default so that surprise removal of these devices do not cause data loss.Device Manager provides a configuration setting whether to optimize devices for quick removal or for performance.

Windows XP supports bothTWAIN as well asWindows Image Acquisition-based scanners. Windows Image Acquisition in Windows XP adds support forAutomatic document feeder scanners, scroll-fed scanners without preview capabilities and multi-pageTIFF generation.^[72] For WIA video, a Snapshot filter driver is introduced which allows still frames to be captured from the video stream.

The Scanner and Camera Wizard based onWindows Image Acquisition and other common dialogs for WIA devices have been improved in Windows XP to show the media information and metadata, rotate images as necessary, categorize them into subfolders, capture images and video in case of a still or video camera, crop and scan images to a single or multi-pageTIFF in case of a scanner. The Picture Transfer Protocol (PTP) implementation has been updated to support all mandatory and optional commands in the PTP standard, and object tree support which allows secondary files associated with a parent file to be grouped and transferred concurrently.^[72] Windows Media Player 10 also adds theMedia Transfer Protocol for transferring media content from portable devices. Thus, for digital cameras, Windows XP supports acquiring photos using any of eitherWIA,PTP, USB Mass Storage Class orMTP protocols depending on what the camera manufacturer supports.

Windows XP includes technology fromRoxio which allows users to directly burn files to a compact disc throughWindows Explorer. Previously, end users had to install CD burning software. In Windows XP, CD andDVD-RAM (FAT32 only for DVD-RAM) burning has been directly integrated into the Windows interface. Data discs are created using the Joliet and ISO 9660 file systems and audio CDs using the Redbook standard.^[73] To prevent buffer underrun errors, Windows XP premasters a complete image of files to be burnt and then streams it to the disc burner.^[73] Users can burn files to a CD in the same way they write files to a floppy disk or to the hard drive via standard copy-paste or drag and drop methods. The burning functionality is also exposed as an API called theImage Mastering API. Windows XP's CD burning support does not do disk-to-disk copying ordisk images, although the API can be used programmatically to do these tasks. Creation of audio CDs is integrated intoWindows Media Player. Audio CDs are burnt usingtrack-at-once mode.^[73]CD-RW discs can be quick erased.

API support can be added to Windows XP for burning DVDs and Blu-ray Discs (Mastered-style burning and UDF) on write-once and rewritable DVD and Blu-ray media by installing theWindows Feature Pack for Storage which upgrades IMAPI to version 2.^[74][75] Note that this does not add DVD or Blu-ray burning features to Windows Explorer but third-party applications can use the APIs to support DVD and Blu-ray burning.

• Support for the Simple Boot Flag (SBF) specification which tells the BIOS to bypass or minimize startup checks if the operating system is Plug and Play capable.
• Wake-on-Battery support so that the system has time to power off or hibernate
• CardBusWake-on-LAN support
• Wake on LAN can be configured to limit wake up packets to just magic packets from thePower management tab of the NIC property page inDevice Manager.
• LCD dimming when on battery power
• Processor power and performance control including C-state (run in lower power state when idle) and throttling^[76]
• USB selective suspend feature
• Significantly noticeable fast boot and resume from hibernation^[77] compared to previous Windows versions owing tothe boot loader caching file and directory metadata sequentially and in large chunks in a most recently used manner, overlapping device and network initialization, faster boot disk enumeration and class drivers being initialized asynchronously. Hibernation is faster as memory pages are compressed using an improved algorithm, compression is overlapped with disk writes, unused memory pages are freed andDMA transfers are used during I/O.
• Faster resume from standby as the algorithm used by the Power Manager for notifying hardware and software of power state changes by dispatching powerIRPs has been rewritten to maximize parallelism, important system drivers (PCMCIA, keyboard, mouse) have been rewritten to eliminate blocking interactions,^[78] and worker thread stacks are locked in memory to prevent interruptions with power operations.
• Built-in support for processor power management technologies such as IntelSpeedStep and AMDPowerNow!.

• Support for audio devices based on theIntel High Definition Audio specification by means of aUniversal Audio Architecture (UAA) class driver.
• Multichannel audio output and playback of additional audio formats. Volume can be set for each speaker in a multichannel configuration.
• KMixer audio sampling rate supports a maximum of 200 kHz beginning with Windows XP SP1 compared to earlier versions of Windows.^[79]
• Restriction on number ofMME/WinMM device interfaces (waveIn, waveOut, midiIn, midiOut, mixer, and aux) is raised from 10 to 32.^[80][81]
• Hardware acceleration of DirectSound capture effects^[82] These includeAcoustic Echo Cancellation for USB microphones, noise suppression and array microphone support.
• USB audio devices support GFX (Global Effects Filters).^[83]
• Sound Blaster 2.0 emulation support inNTVDM
• Windows XP sets the volume levels on wave, CD Audio and MIDI sliders to 0 dB of attenuation. This prevents signal resolution degradation.^[84]

Windows XP includes FireWire 800 support (1394b) beginning with Service Pack 1.^[85]

As mentioned in theabove section, Windows XP includes improved support forFireWire cameras and audio video devices.^[65] S/PDIF audio and MPEG-2 video streams are supported across FireWire from audio video receivers or set-top boxes, DVD or D-VHS, speakers, or TV transmissions.^[65] Windows XP supports the AV/C (IEC 61883 protocol for isochronous real-time data transfer for audio-video applications.^[65] Windows XP also allows non-FireWire devices to be exposed as virtual FireWire devices. Direct memory access over the 1394 bus from the host to the target allows kernel debugging over FireWire.

Finally, there is support for TCP/IP networking andInternet Connection Sharing over the IEEE 1394 bus.^[86]

• Details tab inDevice Manager which displays various device identification strings such as device instance ID, hardware ID, service name, filters, firmware revision, power state mappings and capabilities etc.^[87]
• Windows XP's user interface forPlug and Play changed with all messages being shown in the notification area as balloon tips.
• The read-only attribute of files and folders is automatically removed when copying files from optical media using Windows Explorer.
• Improved mouse pointerballistics.^[88]
• DualView for multi-monitor setups.^[89] DualView allows two monitors to host the Windows desktop, while being driven off of a single display adapter.
• Support for readingUDF 2.01 upgradeable to UDF 2.50 by installing Windows Feature Pack for Storage.^[75]
• 48-bitLBA support for ATA/ATAPI disk drives^[90] and generic drivers forUltraDMA Mode 5 and 6 support beginning with Windows XP SP1.
• Executing user applications directly fromROM.
• Support for theexFAT file system can be added by installing KB955704.^[91]
• SupportsVBE display if vendor-specific graphics driver not installed, or in the safe mode.
• GDI can utilizes OpenGL 1.0 for 2D acceleration if vendor-specific graphics driver not installed, or in the safe mode.

Windows XP includes Windows Script Host 5.6, a major update to the WSH environment, which includes an improved object model to reduceboilerplate code, stronger security and several other improvements.^[92]

A new XML-based file format, theWindows Script File format (.WSF) has been introduced besides .VBS and .JS which can store in an XML node in the same file, extra information besides script code, such as digital signature blocks, runtimedirectives or instructions to import external code.^[92] The WSF schema can include jobs wrapped each by a unique <job> tag and an outer <package> tag. Tags in a WSF file allow including external files, importingconstants from a TLB, or storing the usage syntax in the <Runtime> element and displaying it using the newShowUsage method, or when invoked by the /? switch.^[92] The WSF format also supports hosting multiple WSH scripting languages, including cross function-calls. The WshShell object now supports a 'CurrentDirectory' read-write method.^[92]

Scripts can now bedigitally signed as well as verified programmatically using theScripting.Signer object in a script itself, provided a validcertificate is present on the system.^[92] Alternatively, thesigncode tool from the Platform SDK, which has been extended to support WSH filetypes, may be used at the command line.^[93] TheVerifyFile method can be used to authenticate the embedded signature's validity and check the script for modifications after signing. WSH can thus decide whether or not to execute the script after verification.^[92] Code stored in an in-memory string can also be signed by using theSign method. The signature block is stored in a commented section in the script file for backward compatibility with older WSH versions.^[92]

By usingSoftware Restriction Policies supported in Windows XP and later, a system may also be configured to execute only those scripts which have been digitally signed, thus preventing the execution of untrusted scripts.^[94]

Local scripts can also run on a remote machine with the new WScript.WshController object, which is powered byDCOM.^[92] Remote WSH can be enabled through a Group Policy Administrative Template or registry.^[92] Remote scripts always run throughwscript and are loaded into the remote machine'sServer process so they run non-interactively by default, but can be configured using DCOMCNFG to run in a security context that allows them to display the user interface.^[92] When the WSH automation server loads, an instance of theWshRemote object is created but the script runs only after calling the Execute method.^[92] Any external files called by the remote script must be located on the remote machine in the directory path specified by theExec method. The remote script can be monitored by using theStatus property.^[92]

WSH 5.6 introduces theExec method for the WshShell object to execute command-lineconsole applications and has access to the standard I/O streams (StdIn, StdOut, and StdErr) of the spawned process.^[92]

In earlier versions of Windows Script, to use arguments, one had to access the WshArguments collection object which could not be created externally and required that the person running the script know the order of the arguments, and their syntax and values.^[95] WSH 5.6 introduces named arguments on the command line which follow a /string:value or Boolean convention defined in 'Runtime' tag and are recognized irrespective of their order on the command line. Named arguments are grouped in the Named collection object and have the usual methods like Item, Count, Length as well as an Exists method.^[92] The 'ShowUsage' method for the WshArguments object mentioned earlier shows the argument information in a message box.^[92]

Windows XP includes a ScriptPW.Password COM automation object, implemented in the scriptpw.dll file which can be used to mask sensitive information like passwords from command line scripts.^[92]

Users can log into Windows XP Professional remotely through the Remote Desktop service. It is built onTerminal Services technology (RDP), and is similar to "Remote Assistance", but allows remote users to access local resources such as printers.^[96] Any Terminal Services client, a special "Remote Desktop Connection" client, or a web-based client using anActiveX control may be used to connect to the Remote Desktop.^[97] (Remote Desktop clients for earlier versions of Windows, Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0, or Windows 2000 have been made available by Microsoft.^[98]This permits earlier versions of Windows to connect to a Windows XP system running Remote Desktop, but not vice versa.)

There are several resources that users can redirect from the remote server machine to the local client, depending upon the capabilities of the client software used. For instance, "File System Redirection" allows users to use their local files on a remote desktop within the terminal session, while "Printer Redirection" allows users to use their local printer within the terminal session as they would with a locally or network shared printer. "Port Redirection" allows applications running within the terminal session to access local serial and parallel ports directly, and "Audio" allows users to run an audio program on the remote desktop and have the sound redirected to their local computer. Theclipboard can also be shared between the remote computer and the local computer. The RDPclient in Windows XP can be upgraded to 7.0. TheRemote Desktop Web Connection component ofInternet Information Services 5.1 also allows remote desktop functionality over the web through anActiveX control forInternet Explorer.^[99]

Remote Assistance allows a Windows XP user to temporarily take over a remote Windows XP computer over a network or the Internet to resolve issues.^[100][101] As it can be a hassle forsystem administrators to personally visit the affected computer, Remote Assistance allows them to diagnose and possibly even repair problems with a computer without ever personally visiting it. Remote Assistance allows sending invitations to the support person by email,Windows Messenger or saving the invitation as a file. The computer can be controlled by both, the support person connecting remotely as well as the one sending the invitation. Chat, audio-video conversations and file transfer are available.

Windows XP introduces Fast User Switching^[102] and a more end user friendly Welcome Screen with auser account picture which replaces the Classic logon prompt.Fast user switching allows another user to log in and use the system without having to log out the previous user and quit his or her applications. Previously (on both Windows Me and Windows 2000) only one user at a time could be logged in (except throughTerminal Services), which was a serious drawback to multi-user activity. Fast User Switching, like Terminal Services, requires more system resources than having only a single user logged in at a time and although more than one user can be logged in, only one user can be actively using their account at a time. This feature is not available when the Welcome Screen is turned off, such as when joined to aWindows Server Domain or with Novell Client installed.^[101][103] Even when the Welcome screen is enabled, users can switch to the Classic logon by pressing Ctrl+Alt+Del twice at the Welcome screen.^[104]

Windows XP introducedWindows Installer (MSI) 2.0. Windows Installer 2.0 brought major improvements such as installation and management of side by side andCLR assemblies, sandboxing MSI custom actions, improved event logging and hiding sensitive information in log files, per-user program isolation, digital signatures, improved patching (more robust patch conflict resolution and reduced unnecessary unversioned file copying and source prompts), Terminal Server support and integration with System Restore and Software Restriction Policies.^[105] Windows XP can be updated to Windows Installer 4.5.^[106]

Windows Disk Defragmenter was updated to alleviate several restrictions.^[36] It no longer relies on the Windows NT Cache Manager, which prevented the defragmenter from moving pieces of a file that cross a 256 KB boundary within the file. All parts of a stream including the cluster boundary for non-compressed files, reparse points, bitmaps, and attribute_lists,NTFS metadata files,EFS-encrypted files and the NTFSMaster File Table can be defragmented. The defragmenter supports NTFS volumes with cluster sizes larger than 4 kilobytes. A command-line tool,defrag.exe, has been included, providing access to the defragmenter fromcmd.exe andTask Scheduler. Users who are members of thePower Users group can schedule defragmentation.

Windows Task Manager incorporates a number of improvements in Windows XP. It has been updated to display process names longer than 15 characters in length on theProcesses tab, which used to be truncated in Windows 2000.^[107] Session ID and User name columns have been added on the Processes tab. TheDelete key can also be used to terminate processes on the Processes tab. A newNetworking tab shows statistics relating to each of the network adapters present in the computer. By default the adapter name, percentage of network utilization, link speed and state of the network adapter are shown, along with a chart of recent activity. More options can be shown by choosingSelect columns... from the View menu. TheUsers tab shows all users that currently have a session on the computer. On server computers there may be several users connected to the computer using Terminal Services. There may also be multiple users logged onto the computer at one time usingFast User Switching. Users can be disconnected or logged off from this tab. A Shutdown menu has been introduced that allows access to Standby, Hibernate, Turn off, Restart, Log Off and Switch User. Holding downCtrl while clickingNew Task opens a command prompt.

• Windows XP introducesWMIC.exe, theWindows Management Instrumentation console utility
• Beginning with Windows XP, WMI resides in a sharedservice host process calledWmiprvse.exe which can spawn multiple instances under different accounts: LocalSystem, NetworkService, or LocalService. Previously, WMI providers were loaded in-process with the WMI Service and a single WMI provider crashing led to the restart of the WMI core service,WinMgmt.exe.
• In Windows XP,MOF files are used to describe system ETW events.
• WMI Filters for Group Policy were introduced.^[108]

This sectionneeds expansion. You can help byadding to it.(January 2020)

Windows XP includes new command-line tools and WMI-basedscripts:^[109][110]

• schtasks.exe (Windows Task Scheduler)
• shutdown.exe (Shutdown commands)
• Sc.exe (Service Control Manager)
• gpupdate.exe and gpresult.exe (Group Policy)
• logman.exe, relog.exe, typeperf.exe and tracerpt.exe (Performance Monitor)
• Eventquery.vbs, eventcreate.exe, EventTriggers.exe (Event log)
• DSquery.exe, dsget.exe, dsadd.exe, dsmod.exe, dsmove.exe, dsrm.exe (Active Directory)
• diskpart.exe,Defrag.exe and fsutil.exe (Disk management, Defragmentation and file system management)
• bootcfg.exe (Boot.ini)
• openfiles.exe (Networking)
• powercfg.exe (Power management)
• tasklist.exe,taskkill.exe,getmac.exe,systeminfo.exe, driverquery.exe,reg.exe,regini.exe,IPseccmd.exe (Windows 2000Resource Kit).
• IIS*.vbs (IIS and Active Server Pages management)
• Prn*.vbs (Printing)
• Pagefileconfig.vbs (PageFile configuration)
• bitsadmin.exe, bindiff.exe,cabarc.exe, ftonline.exe, httpcfg.exe, ipseccmd.exe, netcap.exe, rasdiag.exe, spcheck.exe, tracepdb.exe (Newsupport tools)

• CHKDSK has performance improvements.^[111]
• Non-persistentShadow Copy (Volume Snapshot Service) support that uses acopy-on-write technique in order to create a snapshot and APIs to use the same
• MSConfig utility has been updated to configure advanced Boot.ini options graphically, enable or disableWindows services and launch built-in tools.
• NTBackup has a wizard-based interface for ease of use and supports backing uplocked (in-use) files usingShadow Copy. Media pools created by NTBackup can also be viewed from the backup utility itself without openingRemovable Storage Management.^[112]
• Microsoft Management Console 2.0 which introduced an automation object model, view extensions, visual style support, Console Taskpads etc.
• Increased number ofWMI providers and classes.
• UnifiedRegistry editor that combinesWindows 9x'sRegedit.exe andWindows NT'sRegedt32.exe. The Registry Editor now supports multiple instances if the-m switch is specified.
• IExpress as part ofInternet Explorer 6 to create self-extractingINF-based installation packages.^[113]
• Files and Settings Transfer Wizard andUser State Migration Tool
• Several deployment tools improvements including enhancements toSysprep,^[114] Setup Manager, introduction ofWinPE. For example, the Product Key stored in theAnswer file for Setup Manager or Sysprep can be stored encrypted.Sysprep can add updated drivers to an installation image with per-machine customizations. The time to preload Windows XP using Sysprep has been reduced using a scriptableWinBOM.ini file that drives Sysprep.
• Unattended installations are improved in Windows XP with far more comprehensive configuration options for various operating system components.
• Several improvements have been made to thePackage Installer (Update.exe) over Windows 2000.^[115]
• Increased number ofGroup Policies, including security policies and Resultant Set of Policy (RSoP) management console which allows administrators to see applied policies inlogging mode or simulate policy settings that will be applied before committing to changes to objects inplanning mode.
• ADesktop Cleanup Wizard was introduced to help users reduce clutter on their desktops, by looking at the shortcuts on the Desktop and moving any unused ones into a directory called "Unused Desktop Shortcuts". The Desktop Cleanup Wizard operates as ascheduled task that runs once a day to determine if it's been 60 days since the last time the wizard was run.^[116]
• Windows XP can be upgraded to from Windows 98, Windows Me, Windows NT 4.0 Workstation and Windows 2000 Professional. If performing an upgrade setup fromWindows 9x family, Windows XP takes a backup of the old installation so that the user can uninstall Windows XP or if setup fails at any point, the system goes back to the previous OS.^[117] If Setup completes successfully, users are asked whether they want to delete the backup. This feature is not available when upgrading from Windows 2000 Professional.
• Windows XP includes aShutdown Event Tracker (disabled by default) which when enabled from Group Policy allows administrators to document shutdown reasons and analyze the shutdown logs stored in the System log over time to develop an understanding of the cause for most shutdowns. Administrators can choose from a predefined set of reasons or enter their own reasons. Shutdown Event Tracker also takes a system state snapshot just before each shutdown to identify usage of system resources.
• Windows XP Setup includes a newQuick format option to quickly format large volumes without checking the entire volume for bad sectors.^[118]

InWindows 2000, an NTLM hash of the user's password was a requirement which technically allowed a potential malefactor to decrypt the Master Key and the NTLM hash directly from the Security Accounts Manager database.^[119] Windows XP improves DPAPI security by encrypting the Master Key using an SHA1 hash of the password.^[119] This also improves the security of data encrypted withEncrypting File System.

Windows XP PKI supports cross-certification and Bridge CA scenarios.User-type certificates can be auto-enrolled and renewed.^[120] Certificate requests for issuing new certificates or renewing expired ones can be pending until administrator approval or until issued by thecertificate authority and once approved, they install automatically. Root CA certificates now also auto-update viaMicrosoft Update. Windows XP also supports deltaCRLs (CRLs whose status has changed since the last full base compiled CRL) and base64-encoded CRLs for revocation checking and will use them by default. Windows XP can enroll version 2 certificate templates which have many configurable attributes.

Smart cards can be used to log into terminal server sessions (when connecting to a Windows Server 2003 or higher Terminal Server), withCAPICOM or with system tools such asnet.exe andrunas.exe. There are also numerous improvements to certificate status checking, chain building and revocation checking, path validation and discovery.^[121]

Windows XP includes severalEncrypting File System improvements^[122] The most notable improvement is that multiple user accounts can share access to encrypted files on a file-by-file basis. ADetails button in the Advanced file attributes dialog in the file's properties allows adding or removing additional users who can access the EFS-encrypted file, and viewing the certificate thumbprint and the Data Recovery Agent account. EFS certificates are autoenrolled in the CA and there is support for revocation checking on certificates used when sharing encrypted files. Unlike Windows 2000, there is no default local Data Recovery Agent and no requirement to have one, although a self-signed certificate for the recovery agent can be generated usingcipher.exe.

TheDPAPI Master Key can be protected using a domain-wide public key. A stronger FIPS 140-1 compliant algorithm such as 3DES can be used. Windows XP also warns the user if the EFS encrypted files are being copied to a file system such asFAT or unsupported location which does not support EFS, and thus the file is going to get decrypted.

Windows XP can also encrypt files on a remote server with NTFS if the server is trusted for delegation inActive Directory and the user's certificate and private key are loaded in the local profile on the server. If aroaming user profile is used, it will be copied locally. On aWebDAV server mapped by a drive letter, Windows XP can encrypt the file locally and transport it as a raw encrypted file to the WebDAV server using the HTTP PUT command. Similarly, EFS encrypted files can be downloaded raw from the WebDAV and decrypted locally. The command line utilitiescipher,copy andxcopy have been updated in Windows XP. EFS can also be completely disabled in Windows XP through Group Policy (for a domain) or through the registry (for a non-domain computer).

For faster cache validation, the time for how long the user session key and certificate chain are cached can be adjusted.^[123]

Starting with Windows XP, a password reset disk can be created using theForgotten Password wizard. This disk can be used to reset the password using thePassword Reset Wizard from the logon screen. The user's RSA private key is backed up using an offline public key whose matching private key is stored in one of two places: the password reset disk (if the computer is not a member of a domain) or inActive Directory (if it is a member of a domain). An attacker who can authenticate to Windows XP as LocalSystem still does not have access to a decryption key stored on the PC's hard drive. If the password is reset, the DPAPI master key is deleted and Windows XP blocks all access to the EFS encrypted files to prevent offline and rogue attacks and protect the encrypted files. If the user changes the password back to the original password, EFS encrypted files can be recovered.^[124]

Windows XP prompts for credentials upon authentication errors and allows saving those that useIntegrated Windows Authentication to a secure roamingkeyring store protected by theData Protection API. Saved credentials can be managed from theStored User Names and Passwords item in theUser accounts control panel. If a certificate authority is present, then users can a select anX.509 certificate when prompted for credentials. When that same resource is accessed again, the saved credentials will be used. Remote access/VPN connections also create temporary credentials in the keyring to make the experience seamless. Credential Manager also exposes an API forSingle Sign On.

Windows XP introduces Software Restriction Policies and theSafer API^[125][126] By use of Software Restriction Policies, a system may be configured to execute or install only those applications and scripts which have been digitally signed or have a certain trust level, thus preventing the execution of untrusted programs and scripts. Administrators can define a default rule using theLocal Security Policy snap-in, and exceptions to that rule. The types of rules include:Hash Rule,Path Rule,Certificate Rule andZone Rule which identify a file by its hash, path, software publisher's certificate or Internet Explorer-zone respectively. For example, anActiveX control can be restricted to run only for a particular domain by specifying a certificate rule-based software restriction policy.

• Each logon session receives its own set of drive letters. They cannot be shared.^[127]
• The Security permissions user interface is improved over Windows 2000. A new property sheet calledEffective Permissions evaluates implicit permissions against explicit permissions and assigned permissions against inherited permissions. When setting object permissions, the user names, groups andsecurity principals can be searched on the domain by specific criteria.
• The Secondary logon (Run As) feature allows running programs with a restricted token if theProtect my computer and data from unauthorized program activity option is checked.^[128]
• For non-domain computers, network logons and secondary logons (Run As) are disabled for user accounts with blank passwords. Only logons from the main physical console logon screen will be allowed for blank passwords.
• If theSecurity Account Manager (SAM) database is deleted from another OS, Windows XP will not allow bypassing the logon and will show an error message and then shut down the computer.
• Digest SSP for HTTP and LDAP queries between Windows and non-Windows systems where Kerberos is not available.
• IPsec configuration for server or domain isolation is simplified with the Simple Policy Update which reduces the number of IPsec filters from many hundreds of filters to only two filters.^[129]
• TheEveryone user group no longer includes theAnonymousSID.
• Windows XP introduced theLOCAL SERVICE andNETWORK SERVICE accounts to run certainWindows services in isolation so that the privileges and access assigned to services is reduced to just those needed for their roles.^[35] This way, any potential attack surface is reduced when an attacker is exploiting the service.
• AuthZ API which implements the NT kernelSecurity Reference Monitor in user mode for applications to protect objects.
• P3P support inInternet Explorer 6

Windows 2000 wireless support did not support seamless roaming and auto-configuration. Windows XP'sWireless Zero Configurationservice supports automatic wireless network configuration with re-authentication when necessary thus providing seamless roaming capability and setting the preferred order of connections. In the absence of a wireless access point, Windows XP can set up anad hoc wireless network. There is native support for WPA andWPA2 authentication in infrastructure networks with the latest service packs and/or updates applied. Windows XP includes aWireless Network Setup Wizard which supports theWindows Connect Now: USB Flash Drive (WCN-UFD) method to ease setting up the wireless network for inexperienced users.

Windows XP can connect to hotspots created using Wireless Provisioning Services.^[130]

In Windows XP,Internet Connection Sharing is integrated with UPnP, allowing remote discovery and control of the ICS host. It has a Quality of Service Packet Scheduler component.^[131] When an ICS client is on a relatively fast network and the ICS host is connected to the internet through a slow link, Windows may incorrectly calculate the optimal TCP receive window size based on the speed of the link between the client and the ICS host, potentially affecting traffic from the sender adversely. The ICS QoS component sets the TCP receive window size to the same as it would be if the receiver were directly connected to the slow link.

Internet Connection Sharing also includes a local DNS resolver in Windows XP to provide name resolution for all network clients on the home network, including non-Windows-based network devices. ICS is also location-aware, that is, when connected to a domain, the computer can have a Group Policy to restrict the use of ICS but when at home, ICS can be enabled.

When multiple applications are accessing the internet simultaneously without any QoS and the connection isn't fast enough, the TCP receive window size is set to the full window ofdata in transit that the first application uses in the connection until a steady state is reached. Subsequent connections made by other applications will take much longer to reach an optimal window size and the transmission rate of the second or third application will always be lower than that of the application that established the connection first. On such slow links, the QoS component in Windows XP automatically enables aDeficit round robin scheduling scheme, which creates a separate queue for each application and services these queues in a round-robin fashion.^[131]

IPv6 has to be installed and configured from the command line using thenetsh interface ipv6 context as there is no GUI support. After the network interface's link-local address is assigned,stateless autoconfiguration for local and global addresses can be performed by Windows XP. Static IPv6 addresses can be assigned if there is no IPv6 router on the local link. Transition mechanisms such as manually configured tunnels and 6to4 can be set up. Privacy extensions are enabled and used by default. 6to4 is automatically activated for public IPv4 addresses without a global IPv6 address. Other types of tunnels can be set up include: 6over4, Teredo, ISATAP, PortProxy. Teredo also helps traverse cone and restrictedNATs. Teredo host-specific relay is enabled when a global IPv6 address has been assigned, otherwise Teredo client functionality is enabled.

The Windows XP DNS resolver can only make DNS queries using IPv4, it does not use IPv6 itself as a transport to make the query.^[132] However, when a DNS query sends back both IPv4 and IPv6resource records, IPv6 addresses are preferred. Windows XP does not supportDHCPv6 andPPPv6/IPv6CP. An open source DHCPv6 implementation called Dibbler is available,^[133] althoughstateless autoconfiguration largely makes it unnecessary.

Windows XP includes the Background Intelligent Transfer Service, aWindows service that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth. BITS will only transfer data whenever there is bandwidth which is not being used by other applications, for example, when applications use 80% of the available bandwidth, BITS will use only the remaining 20%. BITS constantly monitors network traffic for any increase or decrease in network traffic andthrottles its own transfers to ensure that other foreground applications (such as aweb browser) get the bandwidth they need. BITS also supports resuming transfers in case of disruptions. BITS version 1.0 supports only downloads. From version 1.5, BITS supports both downloads and uploads. Uploads require theIIS web server, with BITS server extension, on the receiving side.

Windows XP components such asWindows Update use BITS to download updates so only idle bandwidth is used to download updates and downloading can be resumed in case network connectivity is interrupted. BITS uses a queue to manage file transfers and downloads files on behalf of requesting applications asynchronously, i.e., once an application requests the BITS service for a transfer, it will be free to do any other job, or even terminate. The transfer will continue in the background as long as the network connection is there and the job owner is logged in. BITS supports transfers over bothHTTP andHTTPS. If a network application begins to consume more bandwidth, BITS decreases its transfer rate to preserve the user's interactive experience, except forForeground priority downloads. BITS is exposed throughComponent Object Model (COM), making it possible to use with virtually anyprogramming language.

Windows XP has aFax Console to manage incoming, outgoing and archived faxes and settings. The Fax Monitor only appears in the notification area when a fax transmission or reception is in progress. If manual reception of faxes is enabled, it appears upon an incoming fax call. Archived faxes open inWindows Picture and Fax Viewer in TIFF format. Upon installingMicrosoft Outlook, the Fax Service automatically switches from theWindows Address Book to using Outlook's Address Book.

Windows XP introduces the Fax Service ExtendedCOM API for application developers to incorporate fax functionality.^[134]

TheAdvanced Networking Pack, later made part of SP2 introducedPeer-to-Peer Networking and the Peer Name Resolution Protocol (PNRP) to Windows XP. It operates over IPv6. The P2P architecture in Windows XP consists of the following components:

PNRP: This provides dynamic name publication and resolution of names to endpoints. PNRP is a distributed name resolution protocol allowing Internet hosts to publish "peer names" and corresponding IPv6 addresses and optionally other information. Other hosts can then resolve the peer name, retrieve the corresponding addresses and other information, and establish peer-to-peer connections.

With PNRP, peer names are composed of an "authority" and a "qualifier". The authority is identified by asecure hash of an associatedpublic key, or by a place-holder (the number zero) if the peer name is "unsecured". The qualifier is astring, allowing an authority to have different peer names for different services.^[135]

If a peer name is secure, the PNRP name records are signed by the publishing authority, and can be verified using its public key. Unsecured peer names can be published by anybody, without possible verification. Multiple entities can publish the same peer name. For example, if a peer name is associated with a group, any group member can publish addresses for the peer name. Peer names are published and resolved within a specified scope. The scope can be a local link, a site (e.g. a campus), or the whole Internet.

Graphing: PNRP also allows creating anoverlay network called aGraph. Each peer in the overlay network corresponds to a node in the graph. Nodes are resolved to addresses usingPNRP. All the nodes in a graph share book-keeping information responsible for the functioning of the network as a whole. For example, in a distributed resource management network, which node has what resource needs to be shared. Such information is shared asRecords, which are flooded to all the peers in a graph. Each peer stores the Record to a local database. A Record consists of a header and a body. The body contains data specific to the application that is using the API; the header contains metadata to describe the data in the body as name-value pairs serialized usingXML, in addition to author and version information. It can also contain an index of the body data, for fast searching. A node can connect to other nodes directly as well, for communication that need not be shared with the entire Graph.

Grouping: The Peer-to-Peer API also allows creation of a secureoverlay network called aGroup, consisting of all or a subset of nodes in a Graph. A Group can be shared by multiple applications, unlike a Graph. All peers in a Group must be identifiable by a unique named, registered usingPNRP, and have adigital signature certificate termed asGroup Member Certificate (GMC). All Records exchanged are digitally signed. Peers must be invited into a Group. The invitation contains the GMC that enables it to join the group.^[136]

Windows XP introduces a more simplified form of sharing files with local users in a multi-user environment and over the network calledSimple File Sharing. Simple File Sharing which is enabled by default for non-domain joined computers, disables the separateSecurity tab used to set advanced ACLs/permissions and enables a common interface for both - permissions on file system folders and sharing them.^[137] With Simple File Sharing enabled, theMy Documents folder or its subfolders can only be read and written to by itsOwner and by local Administrators.^[137] It is not shared on the network. By checking theMake this folder private option in its Properties, local Administrators are also denied permissions to theMy Documents folder.^[137] For sharing files with other user accounts on the same computer whenSimple File Sharing is enabled, Windows XP includes theShared Documents folder.

Simple File Sharing disables granular local and network sharing permissions. It shares the item with theEveryone group on the network with read only or write access, without asking for a password but forcingGuest user permissions.^[138]

InWindows XP, a "WebDAV mini-redirector" has been added which is preferred over the oldWeb folders client, by default. This newer client works as a systemservice at the network-redirector level (immediately above the file-system), allowingWebDAV shares to beassigned to a drive letter and used by any software, even through firewalls and NATs. Applications can open remote files on HTTP servers, edit the file, and save the changes back to the file (if the server allows). The redirector also allows WebDAV shares to be addressed viaUNC paths (e.g.http://host/path/ is converted to\\host\path\) for compatibility with Windows filesystem APIs. The WebDAV mini-redirector is known to have some limitations in authentication support.^[139]

• Internet Explorer 6 upgradeable toInternet Explorer 8 withWindows RSS Platform
• Outlook Express 6,Windows Address Book,NetMeeting 3.01 andMSN Explorer 6
• DHCP client alternate configuration to support more than one network or in the case when a DHCP server is not available
• The Windows XP DNS resolver has been improved with the addition of subnet prioritization.^[140] If the DNS resolution receives multiple IP address mappings (A resource records) from a DNS server, and some of the records have IP addresses from networks to which the computer is directly connected, the resolver places those resource records first. This behavior reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.^[141]
• Network bridging^[142] (IEEE 802.1D Transparent Bridging) allows a Windows XP computer to act as a bridge for different network mediums, eliminating the need to configure multiple IP subnets and routers to connect multiple network mediums together
• Network Setup Wizard for setting up the network on non-domain joined computers, an evolution of Windows Me's Home Networking Wizard.^[143] Windows XP also improves connection wizards for setting up internet or VPN connections or remote access to a network.
• NAT traversal APIs to abstractUPnP functions. UPnPIGD devices show up inNetwork Connections if the IGD Discovery and Control client is installed and double clicking their icon can initiate a connection to the Internet via the gateway device and show status information. NAT port mappings are also shown and can be set up.^[144]
• Built-inPPPoE protocol for individual authenticated access to remote servers.
• Connection Manager is the client dialer with the ability to connect to customized remote access connections and customized phone books of access numbers that can be created using the Connection Manager Administration Kit (CMAK). Connection Manager supports favorites to save settings for multiple network locations, client side logging and callback features and exposes more previously unavailable settings in the UI. There is support for split tunneling (although not secure) for VPN connections so VPN clients may access the internet.
• Windows Update usesbinary delta compression so the size of Windows XP updates to download is reduced.
• EAP-TLS support,PEAPv0/EAP-MSCHAPv2^[145] support beginning with Windows XP SP1.
• Improved support for infrared includingIrDA networking (IrCOMM modems, IrNET and P2P)^[146][147]
• Network connection status support tab which displays IP configuration and offers a 1-click "Repair" function to perform a series of steps that reset the network connection.
• Windows XP includes network diagnostic tools such asNetsh diag,netdiag.exe in thesupport tools and BasicNetwork Diagnostics integrated into the Help and Support Center^[148]
• There are newWinsock APIs for performance and IPv6 support.^[35] Network Location Awareness APIs are exposed throughWinsock for determining network states and notifying Winsock client applications of changes. Windows XP components such as Internet Connection Sharing, Windows Firewall and Network Setup Wizard make use of these network location APIs.
• Winsock has the ability to self-heal if a WinsockLSP uninstallation damages it.^[149] Also, users can manually reset and repair a corrupted Winsock stack using thenetsh winsock reset command.
• Support for PVC Encapsulation (RFC 2684)
• NDIS 5.1 has performance enhancements, Plug and Play and Power event notifications for miniport drivers, send cancellation and 64-bit statistic counters.Remote NDIS supports USB attached network devices.
• Expanded support for soft modems andHomePNA adapters.
• Notification when a network has limited or no connectivity.
• TAPI 3.1 exposesCOM interfaces. H.323v2 based IP telephony and IP multicast AV conferencingTelephony Service Providers are included. TAPI 3.1 also includesFile Terminals (record streaming data),Pluggable Terminals (add external terminal object), USB/HID Phone TSP (control a USB phone and use it as a streaming endpoint) and support for Auto Discovery of TAPI Servers. Several H.323 supplementary services have been implemented for richer call control features (Call Transfer, Call Hold, Call Diversion, Call Park and Pickup).
• Windows Messenger and RTC (Real-Time Communication) Client API to provideIM, presence, AV communications, whiteboarding, application sharing, Acoustic Echo Cancellation, media encryption, PC to phone and phone to PC services to applications.
• For computers in aworkgroup, theWindows Time Service in Windows XP supports a newInternet Time feature (NTP client), which updates the clock on the user's computer by synchronizing with an NTP time server on the Internet.^[150] This feature is useful for computers whosereal-time clock does not maintain the correct time.
• Microsoft Message Queuing 3.0 supports:^[151] Internet Messaging (referencing queues via HTTP,SOAP-formatted messages, MSMQ support forInternet Information Services), queue aliases, multicasting of messages, and additional support for programmatic maintenance and administration of queues and MSMQ itself. MSMQ 3 clients directly communicate withActive Directory usingLDAP.

• Internet Information Services 5.1
• COM+ 1.5^[152]
• Speech Application Programming Interface 5.1
• SAPI 5 support inMicrosoft Narrator
• Paint is based onGDI+ and therefore,^[153] images can be natively saved as JPEG, GIF, TIFF and PNG without requiring additional graphics filters (in addition to BMP). However,alpha channeltransparency is still not supported because the GDI+ version of Paint can only handle up to24-bit depth images. Support for acquiring images from a scanner or a digital camera was also added to Paint.
• WordPad has full Unicode support in Windows XP, enabling WordPad to support multiple languages. Windows XP SP1 ships with the RichEdit 4.1 control.^[154]
• General improvements to international support such as more locales, languages and scripts inUniscribe, expandedMUI support, improvedIMEs andNational Language Support
• Regional and Language Options group East Asian languages, and complex script & left-to-right languages together, installable by checking a single check-box option. There is font fallback support for East Asian languages.
• Windows XP introduces a new "Location" variable which can be set by the user and queried using the GetGeoInfo API to provide location specific services
• FullUnicode support in the RichEdit control shipped in Windows XP and used byWordPad.
• Support for tablet and pen-sensitive screens, portrait-oriented screens inWindows XP Tablet PC Edition. It also includes speech recognition to control the operating system and for text dictation in applications using the RichEdit control or theText Services Framework, handwriting recognition and digital ink support accessible through the Tablet PC Input Panel (TIP). Also included are applications to complement these features such asWindows Journal, Sticky Notes for note taking, a game calledInkBall and several additional downloadable Tablet PC applications, extras and powertoys.
• Microsoft Active Accessibility 2.0 API, adding support for Dynamic Annotation and MSAA Text.^[155] The newer accessibility API,Microsoft UI Automation can also be installed on Windows XP.
• Windows XP supports a total of 1 million card deals in its version ofFreeCell.^[156] Pinball has been updated to fix a high CPU utilization bug.^[157]
• Help and Support Center is very comprehensive with detailed step-by-step how-to and troubleshooting articles, glossary of terms and an index of all articles. Help and Support Center has Favorites, History and advanced search options. It includes the ability to search across multiple information sources including help sources on the Internet such as the Microsoft Knowledge Base. Users can share and install help content to and from other computers running Windows XP or Windows Server 2003 or switch to help for other supported operating system. Help and Support Center is alsoOEM-customizable.
• New set ofPowerToys to significantly enhance the operating system functions such as Alt-tab switching, fast user switching, slideshow generation, desktop slideshow, ClearType optimization, shell powertoys and accessories and customizing operating system settings.
• Ability to change theproduct key using theWindows Product Activation wizard.

Although Windows XP did not ship with the followingmajor Windows features out-of-the-box, these new features can be added to Windows XP by downloading these components which were incorporated in later versions of Windows.

• .NET Framework versions 1.0, 1.1, 2.0, 3.0, 3.5 and 4.0
• Windows Search 2.0, 3.0 and 4.0
• Windows Defender
• KMDF versions 1.0, 1.1, 1.5, 1.7 and 1.9 andUMDF versions 1.5, 1.7 and 1.9.
• Windows Services for UNIX
• XPS Essentials Pack
• Microsoft Virtual PC 2004 and 2007
• Windows Live Essentials 2009 and Wave 2.
• Windows PowerShell 1.0 and 2.0 and Windows Remote Management 1.0 and 2.0.

Beginning with Windows XP SP2, the audio volume taper is stored in the registry for on-screen keyboard and remote control applications and can be customized by third parties,^[158] and Internet Explorer has improved Group Policy settings support beyond security settings. (KB918997) for Windows XP SP2 and Windows XP SP3 add a Wireless LAN API for developers to create wireless client programs and manage profiles and connections. There isIEEE 802.1X support for wireless and wired connections. In case, aPKI is not available to issue certificates for a VPN connection, there is support for preshared key forIKE authentication.^[159] With KB912761 for Windows XP SP2 or on Windows XP SP3, users can configure whether EFS generates a self-signed certificate when a certificate authority is unavailable.Windows Firewall beginning with Windows XP SP2 also supports IPv6 stateful filtering. Applications and tools such as theTelnet client, FTP client,ping,nslookup,tracert, DNS resolver, file and print sharing,Internet Explorer,IIS have been updated to support IPv6.

• USB block storage devices can be made read-only so writing data is not possible.^[160]
• Sound events forBlocked pop-up window and theInformation bar in Internet Explorer were introduced.
• DirectX 9.0c (Shader Model 3.0) was introduced.
• A File System Filter Manager and minifilter drivers were installed.^[161] Compared to the legacy file system filters, they are easier to develop, offer better stability and can be loaded and unloaded at any time.^[162] They reduce recursive I/O on the kernel stack and can process only necessary operations. Legacy file system filter drivers attached to the file system stack directly and didn't have the aforementioned flexibility.
• Additional functionality for Offline Files via registry modifications was introduced.^[163] By editing the Registry, users can suppress error messages for file types that Offline Files cannot cache and which are excluded from synchronization.^[163] Offline Files for a user that are not on his primary computer (determined by matching the current user'sSID with the specified SID in the registry) can be set to purge at logoff. Administratively assigned offline files can also be prevented from being cached for non-primary users.^[163]
• Windows Media Player 9 Series with Windows Media Format Runtime 9.0 was included, with the ability to later update the Media Player and Format Runtime to versions 10 and 11.
• There is basic but production quality support in Windows XP forIPv6 andTeredo tunneling through the Advanced Networking Pack.
• Improved ACPI processor performance states for multi-core processors, for example,SpeedStep.^[164]
• Support forSSE3.
• Windows Movie Maker 2, a free download released in 2002, was introduced, replacing Windows Movie Maker 1.1.
• Support for DVCPRO50 and DVCPRO100 was installed.^[165]
• A YUV mixing mode in the VMR-7 and VMR-9 renderers which performs mixing in theYUV color space to save memory bandwidth was introduced.^[166]
• powercfg.exe, acommand-line utility allowing users to control settings related to power management, such as hibernation or creating power schemes, was introduced. Most of this functionality is available in a more user-friendly form in the Power Options dialog under Display Properties, however.
• Significant security-related changes toMSRPC,DCOM,^[167][168]MSDTC^[169] andWMI were introduced.
• Attachment Manager^[170] was introduced.
• Windows Installer 3.0, which also adds numerous improvements to patching such as patch uninstallation support throughAdd or Remove Programs, binary delta patches, patch sequencing to install patches in the correct order, installing multiple patches for different products in one transaction, eliminating source media requests for delta compression patches, patch elevation for limited user accounts, MSI source location list and inventory management APIs, and fixing numerous bugs, was included.^[171]
• BITS 2.0, part of Windows XP SP2, installed support for performing concurrent foreground downloads, using Server Message Block paths for remote names, downloading portions of a file, changing the prefix or complete name of a remote name, and limiting client bandwidth usage. BITS is upgradeable to version 2.5 in Windows XP.
• http.sys and the HTTP Server API, thekernel-mode HTTP server for applications, backported from Windows Server 2003, was included.
• Support forSecure Digital I/O host controllers and SD/MMC storage devices compliant with SDIO 1.0 beginning with Windows XP SP2 through a Microsoft-suppliedbus driver.^[172]

Windows XP Service Pack 2 added nativeBluetooth support. The Windows XP Bluetooth stack supports external or integrated Bluetoothdongles attached throughUSB.^[173] Windows XP SP2 and SP3 support Bluetooth 1.1 (but not 1.0), Bluetooth 2.0 and Bluetooth 2.0+EDR.^[174]The Bluetooth stack supports the following Bluetooth profiles natively: PAN,SPP, DUN, HID, and HCRP.^[173] Third-party stacks may replace the Windows XP stack and may support more profiles or newer versions of Bluetooth.

Windows XP Service Pack 2 introducedData Execution Prevention. This feature, present as NX (EVP) inAMD'sAMD64 processors and as XD (EDB) inIntel's processors, can flag certain parts of memory as containing data instead of executable code, which prevents overflow errors from resulting in arbitrary code execution. It is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via abuffer overflow, for example.^[175] DEP runs in two modes: hardware-enforced DEP forCPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support. Software-enforced DEP does not protect from execution of code in data pages, but instead from another type of attack (SEH overwrite). Hardware-enforced DEP enables theNX bit on compatible CPUs, through the automatic use ofPAEkernel in 32-bit Windows and the native support on 64-bit kernels. Software DEP, while unrelated to the NX bit, is what Microsoft calls their enforcement of "Safe Structured Exception Handling". Software DEP/SafeSEH simply checks when an exception is thrown to make sure that the exception is registered in a function table for the application, and requires the program to be built with it.

If DEP is enabledfor all applications, users gain additional resistance againstzero-day exploits. But not all applications are DEP-compliant and some will generate DEP exceptions. Therefore, DEP is not enforcedfor all applications by default in 32-bit versions of Windows and is only turned on for critical system components. Windows XP Service Pack 3 introduces additional NX APIs^[176] that allow software developers to enable NX hardware protection for their code, independent of system-wide compatibility enforcement settings. Developers can mark their applications as NX-compliant when built, which allows protection to be enforced when that application is installed and runs. This enables a higher percentage of NX-protected code in the software ecosystem on 32-bit platforms, where the default system compatibility policy for NX is configured to protect only operating system components.

Windows XP RTM introduced the Internet Connection Firewall.^[177] It was later upgraded toWindows Firewall in Windows XP Service Pack 2 with support for filtering IPv6 traffic as well.^[178][179] By default, Windows Firewall performs statefulpacket filtering of inbound solicited or unsolicited traffic on all types of network interfaces (LAN/WLAN,PPPoE, VPN, or dial-up connections). Like Internet Connection Sharing, the firewall has a location-aware policy, meaning it can be disabled in a corporate domain but enabled for a private home network. It has an option to disallow all exceptions which may be useful when connecting to a public network. The firewall can also be used as the edge firewall for ICS clients. When the firewall blocks a program, it displays a notification. Excepted traffic can be specified by TCP/UDP port, application filename and by scope (part of the network from which the excepted traffic originates). It supportsport mapping andICMP.Security log capabilities are included, which can recordIP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. Windows Firewall also supports configuration throughGroup Policy. Applications can use the Windows Firewall APIs to automatically add exceptions.

Windows Security Center provides users with the ability to view the status ofcomputer security settings and services. Windows Security Center also continually monitors these security settings, and informs the user via a pop-upnotification balloon if there is a problem. The Windows Security Center consists of three major components: Acontrol panel, aWindows Service, and anapplication programming interface that is provided byWindows Management Instrumentation. The control panel divides the monitored security settings into categories, the headings of which are displayed with color-coded backgrounds. The current state of these settings is determined by the Windows service which starts automatically when the computer starts, and takes responsibility for continually monitoring the system for changes. The settings are made available to the system through aWMI provider. Anti-malware and firewall software vendors can register with the Security Center through the WMI provider.Windows Update settings and status are also monitored and reported.

• TheWindows Imaging Component was installed.^[180]
• Management Console 3.0 was installed.
• MSI 3.1v2 was included.^[181]
• CredentialsSecurity Service Provider (CredSSP) in Windows XP SP3 (Disabled by default) which providesSingle sign-on andNetwork Level Authentication forRemote Desktop Services.
• ANetwork Access Protection client and Group Policy support for IEEE 802.1X authentication for wired network adapters was installed.
• BITS 2.5, part of Windows XP SP3, installed support for IPv6 and certificate-based client authentication for secure HTTP transports and custom HTTP headers.
• A later update, incorporated into Windows XP SP3, installed Network Diagnostics for Internet Explorer.^[182]
• SHA-2 hashing algorithms (SHA256, SHA384 and SHA512) to theCryptoAPI for validating X.509 certificates has been installed.
• Later hotfixes and Windows XP SP3 include support for SDHC cards, including those larger than 4 GB but up to 32 GB.^[183]
• Support forSSE4.

• Windows XP Media Center Edition 2005 includesMicrosoft Plus! Digital Media Edition components such as Audio Converter, CD Label Maker, Dancer and Party Mode and screensavers and themes fromMicrosoft Plus! for Windows XP.
• Windows Movie Maker 2.5, which includes DVD burning, was included.

• New features by Windows version:
  • XP
  • Vista
  • 7
  • 8
  • 10
  • 11
• Removed features by Windows version:
  • XP
  • Vista
  • 7
  • 8
  • 10
  • 11

• Windows XP
• Software features

• Webarchive template wayback links
• All articles with dead external links
• Articles with dead external links from July 2023
• Articles with permanently dead external links
• CS1 German-language sources (de)
• Articles with short description
• Short description is different from Wikidata
• Articles lacking reliable references from August 2009
• All articles lacking reliable references
• Use mdy dates from October 2024
• Articles to be expanded from January 2020
• All articles to be expanded