Features new to Windows XP

With the introduction of Windows XP, the C++ based software-only GDI+ subsystem was introduced to replace certain GDI functions. GDI+ adds anti-aliased 2D graphics, textures, floating point coordinates, gradient shading, more complex path management, bicubic filtering, intrinsic support for modern graphics-file formats like JPEG and PNG, and support for composition of affine transformations in the 2D view pipeline. GDI+ uses RGBA values to represent color. Use of these features is apparent in Windows XP's user interface (transparent desktop icon labels, drop shadows for icon labels on the desktop, shadows under menus, translucent blue selection rectangle in Windows Explorer, sliding task panes and taskbar buttons), and several of its applications such as Microsoft Paint, Windows Picture and Fax Viewer, Photo Printing Wizard, My Pictures Slideshow screensaver, and their presence in the basic graphics layer greatly simplifies implementations of vector-graphics systems such as Flash or SVG. The GDI+ dynamic library can be shipped with an application and used under older versions of Windows. The total number of GDI handles per session is also raised in Windows XP from 16,384 to 65,536 (configurable through the registry).

Windows XP shipped with DirectX 8.1, which brings major new features to DirectX Graphics besides DirectX Audio (both DirectSound and DirectMusic), DirectPlay, DirectInput and DirectShow. Direct3D introduced programmability in the form of vertex and pixel shaders, enabling developers to write code without worrying about superfluous hardware state, and fog, bump mapping and texture mapping. DirectX 9 was released in 2003, which also sees major revisions to Direct3D, DirectSound, DirectMusic and DirectShow.^[1] Direct3D 9 added a new version of the High-Level Shader Language,^[2] support for floating-point texture formats, Multiple Render Targets, and texture lookups in the vertex shader. Windows XP can be upgraded to DirectX 9.0c (Shader Model 3.0).

Windows XP includes ClearType subpixel rendering, which makes onscreen fonts smoother and more readable on liquid-crystal display (LCD) screens.^[3][4] Although ClearType has an effect on CRT monitors, its primary use is for LCD/TFT-based (laptop, notebook and modern 'flatscreen') displays. ClearType in Windows XP currently supports the RGB and BGR sub pixel structures. There are other parameters such as contrast that can be set via a ClearType Tuner powertoy that Microsoft makes available as a free download from its Typography website.^[5]

With Windows XP, the Start button has an updated appearance and is larger, making it faster to mouse over to it and click it. To help the user access a wider range of common destinations more easily from a single location, the Start menu was expanded to two columns; the left column focuses on the user's installed applications, while the right column provides access to the user's documents, and system links which were previously located on the desktop. Links to the My Documents, My Pictures and other special folders are brought to the fore. The My Computer and My Network Places (Network Neighborhood in Windows 95 and 98) icons were also moved off the Desktop and into the Start menu, making it easier to access these icons while a number of applications are open and so that the desktop remains clean. Moreover, these links can be configured to expand as a cascading menu. Frequently used programs are automatically displayed in the left column, newly installed programs are highlighted, and the user may opt to "pin" programs to the start menu so that they are always accessible without having to navigate through the Programs folders. The default web browser and default email program are pinned to the Start menu. The Start menu is fully customizable, links can be added or removed; the number of frequently used programs to display can be set. The All Programs menu expands like the classic Start menu to utilize the entire screen but can be set to scroll programs. The user's name and user's account picture are also shown on the Start menu.

The taskbar buttons for running applications and Quick Launch have also been updated for Fitt's law. Locking the taskbar not only prevents it from being accidentally resized or moved but elements such as Quick launch and other DeskBands are also locked from being accidentally moved. The Taskbar grouping feature combines multiple buttons of the same application into a single button, which when clicked, pops up a menu listing all the grouped windows and their number. Advanced taskbar grouping options can be configured from the registry.^[6] The user can choose to always show, always hide or hide some or all notification area icons if inactive for some time. A button allows the user to reveal all the icons. The Taskbar, if set to a thicker height also displays the day and date in the notification area.

There are significant changes made to Windows Explorer in Windows XP, both visually and functionally. Microsoft focused especially on making Windows Explorer more discoverable and task-based, as well as adding a number of features to reflect the growing use of a computer as a "digital hub".

The task pane is displayed on the left side of the window instead of the traditional folder tree view when the navigation pane is turned off. It presents the user with a list of common actions and destinations that are relevant to the current directory or file(s) selected. For instance, when in a directory containing mostly pictures, a set of "Picture tasks" is shown, offering the options to display these pictures as a slide show, to print them, or to go online to order prints. Conversely, a folder containing music files would offer options to play those files in a media player, or to go online to purchase music.

Every folder also has "File and Folder Tasks", offering options to create new folders, share a folder on the local network, publish files or folders to a web site using the Web Publishing Wizard, and other common tasks like copying, renaming, moving, and deleting files or folders. File types that have identified themselves as being printable also have an option listed to print the file.

Underneath "File and Folder Tasks" is "Other Places", which always lists the parent folder of the folder being viewed and includes additional links to other common locations such as "My Computer", "Control Panel", and "My Documents" or previously navigated locations. These change depending on what folder the user was in.

Underneath "Other Places" is a "Details" area which gives additional information when a file or folder is selected – typically the file type, file size and date modified, but depending on the file type, author, image dimensions, attributes, or other details. If the file type has a Thumbnail image handler installed, its preview also appears in the "Details" task pane. For music files, it might show the artist, album title, and the length of the song. The same information is also shown horizontally on the status bar.

The "Folders" button on the Windows Explorer toolbar toggles between the traditional navigation pane containing the tree view of folders, and the task pane. Users can also close the navigation pane by clicking the Close button in its right corner as well as turn off the task pane from Folder Options.

The navigation pane has been enhanced in Windows XP to support "simple folder view" which when turned on hides the dotted lines that connect folders and subfolders and makes folders browsable with single click while still keeping double clicking on in the right pane. Single clicking in simple folder view auto expands the folder and clicking another folder automatically expands that folder and collapses the previous one.

Windows XP introduced a large number of metadata properties^[7] which are shown as columns in the "Details" view of Explorer, in the new Tiles view in Explorer, on the Summary tab in a file's properties, in a file's tooltip and on the Explorer status bar when a single file is selected. Users also gain the ability to sort by any property which is turned on in "Details" view. Developers can write column handler shell extensions to further define their own properties by which files can be sorted. The column by which items are sorted is highlighted. Sorting files and folders can be in Ascending order or Descending order in all views, not just Details view. To reverse the order, the user simply can perform the sort by the same property again. The sort order has also been made more intuitive compared to the one in Windows 2000. For file names containing numbers Windows Explorer now tries to sort based on numerical value rather than just comparing each number digit by digit for every character position in the file name.^[8] For instance, files containing "1", "2".."10" will be intuitively sorted with "10" appearing after "9" instead of appearing between "1" and "2".

The right pane of Windows Explorer has a "Show in Groups" feature which allows Explorer to separate its contents by headings based on any field which is used to sort the items. Items can thus be grouped by any detail which is turned on. "Show in Groups" is available in Thumbnails, Tiles, Icons and Details views.

Microsoft introduced animated "Search Companions" in an attempt to make searching more engaging and friendly; the default character is a puppy named Rover, with three other characters (Merlin the magician, Earl the surfer, and Courtney) also available. These search companions powered by Microsoft Agent technology, bear a great deal of similarity to Microsoft Office's Office Assistants, even incorporating "tricks" and sound effects. If the user wishes, they can also turn off the animated character entirely.

The search capability itself is fairly similar to Windows Me and Windows 2000, with some important additions. The Indexing Service can extract Exif properties, as well as some metadata for ASF, WMV and MP3 files under Windows XP via the IPropertyStorage interface using built-in Null Filter. Search can also be instructed to search only files that are categorically "Documents" or "Pictures, music and video" (searching by perceived type); this feature is noteworthy largely because of how Windows determines what types of files can be classified under these categories.^[9] Another important addition is that the "Look in" field accepts and expands environment variables for abbreviated entry of long paths. Also, users can configure whether or not Windows XP searches for system and/or hidden files and folders. Using Tweak UI, the search user interface can be restored to the one used by Windows 2000.

Windows XP improves image preview by offering a Filmstrip view which shows images in a single horizontal row and a large preview of the currently selected image above it. "Back" and "Previous" buttons facilitate navigation through the pictures, and a pair of "Rotate" buttons offer 90-degree clockwise and counter-clockwise rotation of images. Filmstrip view like any other view can be turned on per folder. This view will be available if the new "Common Tasks" folder view is selected, not with "Windows Classic" folder view. Aside from the Filmstrip view mode, there is a 'Thumbnails' view, which displays thumbnail-sized images in the folder and also displays images a subfolder may be containing (4 by default) overlaid on a large folder icon. A folder's thumbnail view can be customized from the Customize tab accessible from its Properties, where users can also change the folder's icon and specify a template type (pictures, music, videos, documents) for that folder and optionally all its subfolders. The size and quality of thumbnails in "Thumbnails" view can be adjusted using Tweak UI or the registry.^[10] Exif metadata stored in the image is also shown in the file's Properties -> Summary tab, in "Details" view and in any view on the status bar. Windows XP optionally caches the thumbnails in a "Thumbs.db" file in the same folder as the pictures so that thumbnails are generated faster the next time. Thumbnails can be forced to regenerate by right-clicking the image in Thumbnail or Filmstrip views and selecting "Refresh thumbnail".

AutoPlay examines newly discovered removable media and devices and, based on content such as pictures, music or video files, launches an appropriate application to play or display the content.^[11] AutoPlay (not to be confused with AutoRun) was created in order to simplify the use of peripheral devices – MP3 players, memory cards, USB storage devices and others – by automatically starting the software needed to access and view the content on these devices. AutoPlay can be enhanced by AutoPlay-compatible software and hardware. It can be configured by the user to associate favourite applications with AutoPlay events and actions. These actions are called AutoPlay Handlers and there are sets of Handlers associated with various types of content. New AutoPlay handlers can get added to the system when additional software is installed. The user can edit, delete or create AutoPlay handlers using TweakUI. AutoPlay settings can be configured per-device in Windows XP from the device's properties.

When a user inserts an optical disc into a drive or attaches a USB camera, Windows detects the arrival and starts a process of examining the device or searching the medium. It is looking for properties of the device or content on the medium so that AutoPlay can present a set of meaningful options to the user. When the user makes a particular choice, they also have the option to make that selection automatic the next time Windows sees that content or device.^[12] The content types available vary with the type of drive selected.

• Windows XP introduced the notion of Perceived Types, making it easier for applications and shell extensions to register themselves with file types, even if the default program and its associated ProgID changes.^[13] Perceived Types also made it easier for end users to search files without specifying individual file extensions.
• Per-user Recycle Bin for NTFS volumes. In earlier versions of Windows NT, one user could see the other user's deleted files located in the Recycle Bin.
• Folder options to restore previously open folder windows at logon (restoring Explorer sessions)^[14]
• Customizable infotips on a per-file-class (file type) basis without writing shell extensions^[15]
• Windows Explorer is content-dependent, that is, it attempts to detect the dominant type of files in a folder and then selects the most appropriate view for the user automatically unless the user manually sets the view.
• To prevent applications from taking over the file associations already registered with the default program explicitly set by the user, Windows XP prevents programmatic file associations if the Open With dialog or File Types tab is used by users to override the default.
• A "Tiles" view was added, which displays the file's icon in a larger size (48 × 48), and places the file name, descriptive type, and additional information by which the items are sorted (typically the file size for data files, and the publisher name for applications) to the right.
• The toolbars can be locked to prevent them from being accidentally moved. This same capability was also added to Internet Explorer's toolbars.
• The "Line up icons" feature in the context menu has been replaced by an "Align to grid" feature which when turned on always lines up icons.
• For unknown/undefined file types which inexperienced users may get confused when double clicked, Windows XP can contact a web service which shows additional information about that file type and what program created or can open that file type.
• If an image named "Folder.jpg" is placed inside a folder, that image will be used as the thumbnail for that folder and as Album Art for media files in Windows Media Player.
• EFS-encrypted files can be shown in an alternate color (green by default) beginning with Windows XP.
• File and folder size information is shown in tooltips upon mouse hover. For folders, size and partial folder contents are shown.
• When opening more than 15 files in a single operation, i.e. by selecting multiple files and pressing enter, Windows XP warns the user that Windows Explorer may become unresponsive, but still allows the user to do so.
• Windows Explorer supports a very basic form of mass renaming items.
• Marquee-style progress bars.
• A hyperlink control in system supplied common controls.

Windows XP includes Windows Picture and Fax Viewer which is based on GDI+^[16] and is capable of viewing image formats supported by GDI+, namely, JPEG, BMP, PNG, GIF (including animated GIFs), ICO, WMF, EMF and TIFF format files. It supersedes part of the functions of Imaging for Windows in previous versions of Windows.

The Windows Picture and Fax Viewer is integrated with Windows Explorer for functions like slideshow, email, printing etc. and quickly starts up when an image is double clicked in Windows Explorer. It supports full file management from within the viewer itself, that is, right clicking the image shows the same context menu as the one shown when an image is right clicked in Windows Explorer. Images can be set as the desktop wallpaper from the context menu. It supports successive viewing of all images in current folder and looping through images,^[17] that is, after viewing the last image in a directory, it again shows the first image and vice versa. By default, images smaller than the user's display resolution are shown at their actual size. If an image is larger than the display resolution, it is scaled to fit the screen (Best Fit).^[17] Images can be zoomed in or out depending on the viewing area. When this is done, scroll bars allow for viewing of all areas of the image. It has Standard toolbar buttons for Delete, Print, Copy to and Open with.^[17] The Copy to button converts an image to a different format supported in GDI+, that is, JPEG, BMP, GIF, TIFF or PNG.^[18] The Print button starts the Photo Printing Wizard which allows printing images with picture titles using various page layouts such as full page prints, wallet prints, contact/index sheets or certain fixed dimensions with the images cropped or rotated to fit the page. The wizard shows a preview of what the printed page will look like with the currently specified options.^[18] Windows Picture and Fax Viewer can also rotate images clockwise or anti-clockwise, start a slideshow of all or selected images in the folder, or e-mail them by selecting the "Send To Mail Recipient" option.^[18] Further options allow the image to be mailed full size, or in pixel dimensions of: 640 x 480, 800 x 600, and 1024 x 768. Using Tweak UI, the time between images during a slideshow can be adjusted.

Windows Picture and Fax Viewer recognizes embedded ICC V2 color profiles^[19] in JPG and TIFF files. GIF files are shown with full animation, even when zoomed. TIFF files can be annotated using the Annotation Toolbar which appears at the bottom of the screen.^[20] Lines can be drawn on the TIFF image and text added to it. Areas of the image can be selected and concealed. The Windows Picture and Fax Viewer is also capable of viewing multi-page TIFF files. However TIFF images with JPEG compression are not fully supported.^[21] The last button on the standard toolbar opens the image for editing; by default, in Microsoft Paint; however any editing application can be registered for this button in the viewer. Windows Picture and Fax Viewer saves and remembers its window position and size and supports keyboard shortcuts for all of its operations.

Raw image formats, which are the preferred formats in professional photography are not supported, however, Microsoft released a later update called RAW Image Thumbnailer and Viewer for Windows XP for viewing certain raw image files.^[22]

• Windows XP includes a new set of visual styles, known by its codename, "Luna". Available in three color schemes, the interface is more task-based than the basic one included since Windows 95, with options available in Explorer windows to interact with each file. The user can however choose to fully revert to the pre-Windows XP "classic" user interface. Developers can take advantage of visual styles through the use of Comctl32.dll v6.0 in their programs.^[23]
• Windows XP's Display Properties allows users to save their customizations as Themes. This feature was previously a part of Microsoft Plus!.
• Icon and cursor support for 24-bit color depth with an 8-bit alpha channel.^[24] Microsoft contracted The Iconfactory which created over 100 colorful icons for Microsoft to be included in Windows XP.^[25] The 10-icon resource limit has also been increased.^[26] For high DPI displays, Windows XP supports larger cursor sizes.^[27]
• Use of bullets instead of asterisks in password fields of a TextBox control, i.e., "•••" instead of "***".
• Several informational, critical and warning messages in Windows XP are shown as balloon notifications which automatically fade away after predefined interval and condition, instead of showing them as dialog boxes which require interaction from the user.
• New configurable sound events for Device Connect, Device Disconnect, Device Failed to Connect, Print Complete, New fax, Fax Error, System Notification, Windows Logon and Windows Logoff.
• A set of live orchestral recordings for the Windows XP tour theme music and system sounds was composed by composer Bill Brown.^[28]
• The music that plays during the Out-of-box experience, the setup at first launch where the user could connect to the internet, choose whether to have automatic updates, and choose their username, is located at C:\Windows\system32\oobe\images\title.wma. The piece is named "Windows Welcome music" or "Velkommen" and was composed by Stan LePard. This piece was also used in the tour for Internet Explorer 3 Starter Kit.^[29][30][31]
• Window ghosting that allows the user to minimize, move or close the main window even if the application is not responding.^[32]

The Text Services Framework (TSF), is a COM framework and API introduced in Windows XP that supports advanced text input and text processing. The Text Services Framework is designed to offer advanced language and word processing features to applications. It supports features such as multilingual support, keyboard drivers, handwriting recognition, speech recognition, as well as spell checking and other text and natural language processing functions. It is also downloadable for older Windows operating systems.^[33]

The Language Bar is the core user interface for Text Services Framework. The language bar enables text services to add UI elements to the toolbar and enables these elements when an application has focus. From the Language Bar, users can select the input language, and control keyboard input, handwriting recognition and speech recognition. The language bar also provides a direct means to switch between installed languages, even when a non-TSF-enabled application has focus.

The Windows XP kernel is completely different from the kernel of the Windows 9x/Me line of operating systems. Although an upgrade of the Windows 2000 kernel, there are major scalability, stability and performance improvements, albeit transparent to the end user.^[34][35]

Windows XP includes simultaneous multithreading (hyperthreading) support. Simultaneous multithreading is a processor's ability to process more than one data thread per core at a time.

Windows XP supports a larger system virtual address space—1.3 GB—of which the contiguous virtual address space that can be used by device drivers is 960 MB. The Windows XP Memory Manager is redesigned to consume less paged pool, allowing for more caching and greater availability of paged pool for any component that needs it.

The total size of memory-mapped files in Windows 2000 was limited because the memory manager allocated the Prototype Page Table entries (PPTEs) for the entire file, even if an application created mapped views to only parts of the file. In Windows XP, the Prototype PTEs are only allocated when required by an application, allowing larger mapped files. A benefit of this, for example, is in case of making backups of large files on low memory systems. The paged pool limit of 470 MB has been lifted from the Memory Manager in Windows XP, with unmapped views dynamically reusable by the memory manager depending on pool usage.

Memory pages in working sets are trimmed more efficiently for multiprocessor systems depending on how recently they were accessed. Lock contention is reduced, as a number of unnecessary locks used in resource synchronizations (RAM allocation and mapping through Address Windowing Extensions, system page table entries, charging non-paged/paged pool quotas, charging commitment of pages) have been removed. The dispatcher lock contention has been reduced and the Page Frame Number (PFN) lock has been optimized for increased parallelism and granularity. Windows XP uses push locks on the event synchronization object if there is no contention as they support shared and exclusive acquisition. Push locks protect handle table entries in the Executive, and in the Object Manager (to protect data structures and security descriptors) and Memory Manager (to protect AWE-related locks). Windows XP uses the SYSENTER/SYSEXIT mechanisms which require fewer clock cycles to transition to and from user mode to kernel mode to speed up system calls.

The kernel page write protection limit in Windows XP is enabled on systems up to 256 MB of RAM beyond which large pages are enabled for increased address translation performance.

Windows XP introduces the CreateMemoryResourceNotification function which can notify user mode processes of high or low memory availability so applications can allocate more memory or free up memory as necessary.^[36]

In versions of Windows prior to Windows XP, the registry size was limited to 80% of the paged pool size. In Windows XP, the registry is reimplemented outside of the paged pool; the registry hives are memory mapped by the Cache Manager into the system cache, eliminating the registry size limit. The registry size is now limited only by the available disk space. The System hive still has a maximum size, but it has been raised from 12 MB to 200 MB, eliminating the issue previous Windows versions faced^[37] of being unable to boot because of a large or fragmented System hive. The Configuration Manager has been updated to minimize the registry's memory footprint and lock contention, reduce fragmentation and thus page faults when accessing the registry, and improved algorithms to speed up registry query processing. An in-memory security cache eliminates redundant security descriptors.

Windows XP supports cross user session debugging, attaching the debugger to a non-crashing user-mode program, dumping the process memory space using the dump command, and then detaching the debugger without terminating it. Debugging can be done over a FireWire port and on a local system. The debug heap can be disabled and the standard heap be used when debugging.

Windows XP introduces support for Vectored Exception Handling. Vectored Exception Handling is made available to Windows programmers using languages such as C++ and Visual Basic. VEH does not replace Structured Exception Handling (SEH), rather VEH and SEH coexist with VEH handlers having priority over SEH handlers. Compared with SEH, VEH works more like a traditional notification callback scheme.

Applications can intercept an exception by calling the AddVectoredExceptionHandler API to watch or handle all exceptions. Vectored handlers can be chained in order in a linked list and they aren't tied to the stack frame, so they can be added anywhere in the call stack unlike SEH's try/catch blocks.

Heap leak detection can be enabled when processes exit and a debugger extension can be used to investigate leaks. Also introduced is a new heap performance-monitoring counter. Windows XP introduces a new low fragmentation heap policy (disabled by default) which allocates memory in distinct sizes for blocks less than 16KB to reduce heap fragmentation. The Low Fragmentation Heap can be enabled by default for all heaps using the LFH Heap Enabler utility.^[38]

There are new APIs for IRP cancellation and registering file system filter callbacks to intercept the OS fast I/O functions. In low memory conditions, "must succeed" calls are denied, causing a slowdown but preventing a bug check. I/O is throttled to fetch only one memory page at a time increasing overall scalability.

Windows XP includes NTFS 3.1, which expands the Master File Table (MFT) entries with a redundant MFT record number, useful for recovering damaged MFT files. The NTFS conversion utility, Convert.exe, supports a new /CvtArea switch so that the NTFS metadata files can be written to a contiguous placeholder file, resulting in a less fragmented file system after conversion. NTFS 3.1 also supports symbolic links although there are no tools or drivers shipped with Windows XP to create symbolic links.^[39]

Windows XP introduces the ability to mount NTFS read-only volumes. There are new APIs to preserve original short file names, to retrieve a list of mount points (drive letters and mounted folder paths) for the specified volume, and to enable applications to create very large files quickly by setting the valid data length on files without force-writing data with zeroes up to the VDL (SetFileValidData function). For instance, this function can be used to quickly create a fixed size virtual machine hard disk.^[40] The default access-control lists for newly created files are read-only for the Users group and write permissions are given only to the Administrators group, the System account and the owner.

The ability to boot in 30 seconds was a design goal for Windows XP, and Microsoft's developers made efforts to streamline the system as much as possible; The Logical Prefetcher is a significant part of this; it monitors what files are loaded during boot, optimizes the locations of these files on disk so that less time is spent waiting for the hard drive's heads to move and issues large asynchronous I/O requests that can be overlapped with device detection and initialization that occurs during boot. The prefetcher works by tracing frequently accessed paged data which is then used by the Task Scheduler to create a prefetch-instructions file at %WinDir%\Prefetch. Upon system boot or the launch of an application, any data and code in the trace that is not already in memory is prefetched from the disk. The previous prefetching results determine which scenario benefited more and what should be prefetched at the next boot or launch. The prefetcher also uses the same algorithms to reduce application startup times. To reduce disk seeking even further, the Disk Defragmenter is called in at idle time to optimize the layout of these specific files and metadata in a contiguous area. Boot and resume operations can be traced and analyzed using Bootvis.exe.

Windows XP includes a Fast Logon Optimization feature that performs logon asynchronously without waiting for the network to be fully initialized if roaming user profiles are not set up.^[41] Use of cached credentials avoids delays when logging on to a domain. Group Policy is applied in the background, and startup or logon scripts execute asynchronously by default.

Windows XP reconciles local and roaming user profiles using a copy of the contents of the registry. The user is no longer made to wait as in Windows 2000 until the profile is unloaded. Windows XP saves locked registry hives with open keys after 60 seconds so that roaming profile changes can be saved back to the server. The problem left is that the computer cannot recover the memory the profile uses until it can be unloaded. To make sure the user profiles are completely reconciled correctly during logoff, Microsoft has released the User Profile Hive Cleanup service for Windows XP, which they later included in Windows Vista.^[42][43]

Windows XP offers enhancements for usability, resilience against corruption and performance of roaming user profiles.^[44] There are new Group Policies to prevent propagation of roaming user profile changes to the server, give administrators control over users' profile folders and preventing the use of roaming user profiles on specific computers. To accommodate the scenario where an older profile would overwrite a newer server profile due to Windows XP's Fast Logon feature, Windows XP ensures in such a situation that the user registry hive is copied from the server to the local profile.

Deletion of profiles marked for deletion at the next logoff does not fail for locked profiles. For workgroup computers, Windows XP no longer deletes the profiles of users belonging to the Guests group.

Windows XP includes some changes to the behavior of Offline Files. The Offline Files Client-Side Cache can now be encrypted with Encrypting File System. Shared folders from DFS namespaces can be made available offline.^[45] Also, roaming user profiles can be synchronized with the server even if Offline Files has marked the server as unavailable.^[46]

Beginning with Windows XP, folders redirected to the network are automatically made available offline using Offline Files, although this can optionally be disabled through Group Policy.

For older Windows NT 4.0 and earlier systems with legacy directory structure, Windows XP allows redirecting the My Documents folder to their home directory.

In Windows XP, there are some improvements made to System Restore compared to Windows Me.^[47] System Restore uses a copy-on-write file system filter driver for taking snapshots. In Windows XP, System Restore is configurable per volume and the data stores are also stored per volume. On NTFS volumes, the Restore Points are stored using NTFS compression and protected using ACLs. A Disk Cleanup handler allows deleting all but the most recent Restore Point. Besides the Registry hives and system files, COM+ and WMI databases and the IIS metabase can also be restored. System Restore supports Group Policy. System Restore in Windows XP also works without issues with EFS-encrypted files.

Automated System Recovery is a feature that provides the ability to save and restore Windows and installed applications, the system state, and critical boot and system files from a special backup instead of a plain reinstall.^[48] ASR consists of two components - backup and restore. The Backup portion located in NTBackup backs up the system state (Windows Registry, COM+ class registration database, Active Directory and the SYSVOL directory share), and the volumes associated with operating system components required to start Windows after restore as well as their configuration (basic or dynamic).^[49] The Restore portion of ASR is accessed by pressing F2 from Windows XP Text mode Setup.^[50] Automated System Recovery can even restore programs and device drivers if they are added to the ASR Setup information disk.^[51] ASR does not restore data files.

A common issue in previous versions of Windows was that users frequently suffered from DLL hell, where more than one version of the same dynamically linked library (DLL) was installed on the computer. As software relies on DLLs, using the wrong version could result in non-functional applications, or worse. Windows 98 Second Edition and Windows 2000 partially solved this problem for native code by introducing side-by-side component sharing and DLL/COM redirection. These operating systems allowed loading a private version of the DLL if it was placed in the application's folder by the developer, instead of the system directory and must be registered properly with the system.

Windows XP improves upon this by introducing side-by-side assemblies for COM+ 2.0, .NET, COM classic, and Win32 components (C Runtime, GDI+, Common Controls). The technology keeps multiple digitally signed versions of a shared DLL in a centralized WinSxS folder and runs them on demand to the appropriate application keeping applications isolated from each other and not using common dependencies. Manifests and the assembly version number are used by the OS loader to determine the correct binding of assembly versions to applications instead of globally registering these components. To achieve this, Windows XP introduces a new mode of COM object registration called Registration-free COM (or RegFree COM). It allows Component Object Model (COM) components to store activation metadata and CLSID (Class ID) for the component without using the registry. Instead, the metadata and CLSIDs of the classes implemented in the component are declared in an assembly manifest (described using XML), stored either as a resource in the executable or as a separate file installed with the component.^[52] This allows multiple versions of the same component to be installed in different directories, described by their own manifests, as well as XCOPY deployment.^[53]

During application loading, the Windows loader searches for the manifest.^[54] If it is present, the loader adds information from it to the activation context^[53] When the COM class factory tries to instantiate a class, the activation context is first checked to see if an implementation for the CLSID can be found. Only if the lookup fails is the registry scanned.^[53]

Windows Error Reporting collects and offers to send post-error debug information (a memory dump) using the internet to the developer of an application that crashes or stops responding on a user's desktop. No data is sent without the user's consent. When a dump (or other error signature information) reaches the Microsoft server, it is analyzed and a solution is sent back to the user if one is available. Windows Error Reporting runs as a Windows service and can optionally be entirely disabled. Software and hardware manufacturers may access their error reports using Microsoft's Winqual program.^[55] Software and hardware manufacturers can also close the loop with their customers by linking error signatures to Windows Error Reporting Responses. This allows distributing solutions as well as collecting extra information from customers (such as reproducing the steps they took before the crash) and providing them with support links.

On old versions of Windows, when users upgrade a device driver, there is a chance the new driver is less stable, efficient or functional than the original. Reinstalling the old driver can be a major hassle and to avoid this quandary, Windows XP keeps a copy of an old driver when a new version is installed. If the new driver has problems, the user can return to the previous version. This feature does not work with printer drivers.^[56]

• Windows Driver Protection blocks known problematic drivers from installing or loading^[57]
• The Driver Verifier introduced in Windows 2000 is a tool that replaces the default operating system subroutines with ones that are specifically developed to catch device driver bugs.^[58] Once enabled, it monitors and stresses drivers to detect illegal function calls or actions that may be causing system corruption. In Windows XP, new verification options have been added for DMA, I/O, SCSI and deadlock detection to Driver Verifier. Driver Verifier Manager, a GUI is introduced for Driver Verifier and includes the ability to automatically verify unsigned drivers.
• Last Known Good Configuration in Windows 2000 restored the hardware configuration in the registry control set indicated by the LastKnownGood key instead of the default. In Windows XP, it is extended to support restoring the device drivers too of the last working configuration, should a newly installed device driver make Windows unbootable.

As Windows XP merged the consumer and enterprise versions of Windows, it needed to support applications developed for the popular and consumer-oriented Windows 9x platform on the Windows NT kernel. Microsoft addressed this by improving compatibility with application-specific tweaks and shims and by providing tools such as the Application Compatibility Toolkit (AppCompat or ACT)^[59] to allow users to apply and automate these tweaks and shims on their own applications.^[60] Users can script the Compatibility Layer using batch files.^[61] Windows XP Setup also includes a compatibility checker that warns users - before setup begins - of incompatible applications and device drivers or of applications that may need reinstallation.^[62]

The RTM release of Windows XP includes Windows Media Player version 8 (officially called Windows Media Player for Windows XP) and Windows Media 8 codecs. Windows Media Player for Windows XP introduced ID3 support for MP3s, editing media information from within the Library, adding lyrics for MP3 or WMA tracks, file name customization when ripping, new visualizations, support for HDCDs, ability to lock down the player in a corporate environment and DVD playback support (when appropriate codecs are installed separately).^[63] Windows Media Player also incorporates newer hardware support for portable devices by means of the Media Transfer Protocol and the User-Mode Driver Framework-based Windows Portable Devices API.

The original RTM release of Windows XP included Windows Movie Maker 1.1 which added non-compressed DV AVI recording of digital video sources. Windows Movie Maker 2 introduced numerous new transitions, effects, titles and credits, a task pane, resizable preview window with dimensions, improved capture and export options, an AutoMovie feature, saving the final video back to tape and custom WMV export profiles.^[64]

Windows XP includes advances in Broadcast Driver Architecture for receiving and capturing analog and digital TV broadcasts complete with signal demodulation, tuning, software de-multiplexing, electronic program guide store, IP data broadcasting etc.^[65]

Windows XP includes improved FireWire (IEEE 1394) support (DVCPRO25 – 525-60 and 625-50) for digital video cameras and audio video devices.^[66] It introduces MSTape, a WDM driver for D-VHS and MPEG camcorder devices.^[67]

DirectShow 8 introduces the Video Mixing Renderer-7 (VMR-7) filter which uses DirectDraw 7 for video rendering, replacing the Overlay Mixer. VMR-7 can mix multiple streams and graphics with alpha blending, allowing applications to draw text (such as closed captions) and graphics (such as channel logos or UI buttons) over the video without flickering, and support compositing to implement custom effects and transitions.^[68] VMR-7 also supports source color keying, overlay surface management, frame-stepping and improved multiple-monitor support. VMR-7 features a "windowless mode" for applications to easily host video playback within any window and a "renderless playback mode" for applications to access the composited image before it is rendered. DirectX 9 introduced the VMR-9 which uses Direct3D 9 instead of DirectDraw, allowing developers to transform video images using the Direct3D pixel shaders.^[69]

DirectShow 8 includes AVStream, a multimedia class driver for video-only and audio-video kernel streaming.

• Windows Media Encoder 9 Series allows encoding Windows Media 9–based content.
• Installing Windows Media Connect or Windows Media Player 11 adds a UPnP-based streaming media server.

Windows XP provides new and/or improved drivers and user interfaces for devices compared to Windows Me and 98.

Beginning with Windows XP Service Pack 1, generic USB 2.0 Enhanced Host Controller Interface drivers are installed.^[70] Windows XP also adds support for USB device classes such as Bluetooth, USB video device class, imaging (still image capture device class) and Media Transfer Protocol with Windows Media Player 10.^[71]

For mass storage devices, Windows XP introduces hardware descriptors to distinguish between various storage types so that the operating system can set an appropriate default write caching policy.^[72] For example, for USB devices, it disables write caching by default so that surprise removal of these devices do not cause data loss. Device Manager provides a configuration setting whether to optimize devices for quick removal or for performance.

Windows XP supports both TWAIN as well as Windows Image Acquisition-based scanners. Windows Image Acquisition in Windows XP adds support for Automatic document feeder scanners, scroll-fed scanners without preview capabilities and multi-page TIFF generation.^[73] For WIA video, a Snapshot filter driver is introduced which allows still frames to be captured from the video stream.

The Scanner and Camera Wizard based on Windows Image Acquisition and other common dialogs for WIA devices have been improved in Windows XP to show the media information and metadata, rotate images as necessary, categorize them into subfolders, capture images and video in case of a still or video camera, crop and scan images to a single or multi-page TIFF in case of a scanner. The Picture Transfer Protocol (PTP) implementation has been updated to support all mandatory and optional commands in the PTP standard, and object tree support which allows secondary files associated with a parent file to be grouped and transferred concurrently.^[73] Windows Media Player 10 also adds the Media Transfer Protocol for transferring media content from portable devices. Thus, for digital cameras, Windows XP supports acquiring photos using any of either WIA, PTP, USB Mass Storage Class or MTP protocols depending on what the camera manufacturer supports.

Windows XP includes technology from Roxio which allows users to directly burn files to a compact disc through Windows Explorer. Previously, end users had to install CD burning software. In Windows XP, CD and DVD-RAM (FAT32 only for DVD-RAM) burning has been directly integrated into the Windows interface. Data discs are created using the Joliet and ISO 9660 file systems and audio CDs using the Redbook standard.^[74] To prevent buffer underrun errors, Windows XP premasters a complete image of files to be burnt and then streams it to the disc burner.^[74] Users can burn files to a CD in the same way they write files to a floppy disk or to the hard drive via standard copy-paste or drag and drop methods. The burning functionality is also exposed as an API called the Image Mastering API. Windows XP's CD burning support does not do disk-to-disk copying or disk images, although the API can be used programmatically to do these tasks. Creation of audio CDs is integrated into Windows Media Player. Audio CDs are burnt using track-at-once mode.^[74] CD-RW discs can be quick erased.

API support can be added to Windows XP for burning DVDs and Blu-ray Discs (Mastered-style burning and UDF) on write-once and rewritable DVD and Blu-ray media by installing the Windows Feature Pack for Storage which upgrades IMAPI to version 2.^[75][76] Note that this does not add DVD or Blu-ray burning features to Windows Explorer but third-party applications can use the APIs to support DVD and Blu-ray burning.

• Support for the Simple Boot Flag (SBF) specification which tells the BIOS to bypass or minimize startup checks if the operating system is Plug and Play capable.
• Wake-on-Battery support so that the system has time to power off or hibernate
• CardBus Wake-on-LAN support
• Wake on LAN can be configured to limit wake up packets to just magic packets from the Power management tab of the NIC property page in Device Manager.
• LCD dimming when on battery power
• Processor power and performance control including C-state (run in lower power state when idle) and throttling^[77]
• USB selective suspend feature
• Significantly noticeable fast boot and resume from hibernation^[78] compared to previous Windows versions owing to the boot loader caching file and directory metadata sequentially and in large chunks in a most recently used manner, overlapping device and network initialization, faster boot disk enumeration and class drivers being initialized asynchronously. Hibernation is faster as memory pages are compressed using an improved algorithm, compression is overlapped with disk writes, unused memory pages are freed and DMA transfers are used during I/O.
• Faster resume from standby as the algorithm used by the Power Manager for notifying hardware and software of power state changes by dispatching power IRPs has been rewritten to maximize parallelism, important system drivers (PCMCIA, keyboard, mouse) have been rewritten to eliminate blocking interactions,^[79] and worker thread stacks are locked in memory to prevent interruptions with power operations.
• Built-in support for processor power management technologies such as Intel SpeedStep and AMD PowerNow!.

• Support for audio devices based on the Intel High Definition Audio specification by means of a Universal Audio Architecture (UAA) class driver.
• Multichannel audio output and playback of additional audio formats. Volume can be set for each speaker in a multichannel configuration.
• KMixer audio sampling rate supports a maximum of 200 kHz beginning with Windows XP SP1 compared to earlier versions of Windows.^[80]
• Restriction on number of MME/WinMM device interfaces (waveIn, waveOut, midiIn, midiOut, mixer, and aux) is raised from 10 to 32.^[81][82]
• Hardware acceleration of DirectSound capture effects^[83] These include Acoustic Echo Cancellation for USB microphones, noise suppression and array microphone support.
• USB audio devices support GFX (Global Effects Filters).^[84]
• Sound Blaster 2.0 emulation support in NTVDM
• Windows XP sets the volume levels on wave, CD Audio and MIDI sliders to 0 dB of attenuation. This prevents signal resolution degradation.^[85]

Windows XP includes FireWire 800 support (1394b) beginning with Service Pack 1.^[86]

As mentioned in the above section, Windows XP includes improved support for FireWire cameras and audio video devices.^[66] S/PDIF audio and MPEG-2 video streams are supported across FireWire from audio video receivers or set-top boxes, DVD or D-VHS, speakers, or TV transmissions.^[66] Windows XP supports the AV/C (IEC 61883 protocol for isochronous real-time data transfer for audio-video applications.^[66] Windows XP also allows non-FireWire devices to be exposed as virtual FireWire devices. Direct memory access over the 1394 bus from the host to the target allows kernel debugging over FireWire.

Finally, there is support for TCP/IP networking and Internet Connection Sharing over the IEEE 1394 bus.^[87]

• Details tab in Device Manager which displays various device identification strings such as device instance ID, hardware ID, service name, filters, firmware revision, power state mappings and capabilities etc.^[88]
• Windows XP's user interface for Plug and Play changed with all messages being shown in the notification area as balloon tips.
• The read-only attribute of files and folders is automatically removed when copying files from optical media using Windows Explorer.
• Improved mouse pointer ballistics.^[89]
• DualView for multi-monitor setups.^[90] DualView allows two monitors to host the Windows desktop, while being driven off of a single display adapter.
• Support for reading UDF 2.01 upgradeable to UDF 2.50 by installing Windows Feature Pack for Storage.^[76]
• 48-bit LBA support for ATA/ATAPI disk drives^[91] and generic drivers for UltraDMA Mode 5 and 6 support beginning with Windows XP SP1.
• Executing user applications directly from ROM.
• Support for the exFAT file system can be added by installing KB955704.^[92]
• Supports VBE display if vendor-specific graphics driver not installed, or in the safe mode.
• GDI can utilizes OpenGL 1.0 for 2D acceleration if vendor-specific graphics driver not installed, or in the safe mode.

Windows XP includes Windows Script Host 5.6, a major update to the WSH environment, which includes an improved object model to reduce boilerplate code, stronger security and several other improvements.^[93]

A new XML-based file format, the Windows Script File format (.WSF) has been introduced besides .VBS and .JS which can store in an XML node in the same file, extra information besides script code, such as digital signature blocks, runtime directives or instructions to import external code.^[93] The WSF schema can include jobs wrapped each by a unique <job> tag and an outer <package> tag. Tags in a WSF file allow including external files, importing constants from a TLB, or storing the usage syntax in the <Runtime> element and displaying it using the new ShowUsage method, or when invoked by the /? switch.^[93] The WSF format also supports hosting multiple WSH scripting languages, including cross function-calls. The WshShell object now supports a 'CurrentDirectory' read-write method.^[93]

Scripts can now be digitally signed as well as verified programmatically using the Scripting.Signer object in a script itself, provided a valid certificate is present on the system.^[93] Alternatively, the signcode tool from the Platform SDK, which has been extended to support WSH filetypes, may be used at the command line.^[94] The VerifyFile method can be used to authenticate the embedded signature's validity and check the script for modifications after signing. WSH can thus decide whether or not to execute the script after verification.^[93] Code stored in an in-memory string can also be signed by using the Sign method. The signature block is stored in a commented section in the script file for backward compatibility with older WSH versions.^[93]

By using Software Restriction Policies supported in Windows XP and later, a system may also be configured to execute only those scripts which have been digitally signed, thus preventing the execution of untrusted scripts.^[95]

Local scripts can also run on a remote machine with the new WScript.WshController object, which is powered by DCOM.^[93] Remote WSH can be enabled through a Group Policy Administrative Template or registry.^[93] Remote scripts always run through wscript and are loaded into the remote machine's Server process so they run non-interactively by default, but can be configured using DCOMCNFG to run in a security context that allows them to display the user interface.^[93] When the WSH automation server loads, an instance of the WshRemote object is created but the script runs only after calling the Execute method.^[93] Any external files called by the remote script must be located on the remote machine in the directory path specified by the Exec method. The remote script can be monitored by using the Status property.^[93]

WSH 5.6 introduces the Exec method for the WshShell object to execute command-line console applications and has access to the standard I/O streams (StdIn, StdOut, and StdErr) of the spawned process.^[93]

In earlier versions of Windows Script, to use arguments, one had to access the WshArguments collection object which could not be created externally and required that the person running the script know the order of the arguments, and their syntax and values.^[96] WSH 5.6 introduces named arguments on the command line which follow a /string:value or Boolean convention defined in 'Runtime' tag and are recognized irrespective of their order on the command line. Named arguments are grouped in the Named collection object and have the usual methods like Item, Count, Length as well as an Exists method.^[93] The 'ShowUsage' method for the WshArguments object mentioned earlier shows the argument information in a message box.^[93]

Windows XP includes a ScriptPW.Password COM automation object, implemented in the scriptpw.dll file which can be used to mask sensitive information like passwords from command line scripts.^[93]

Users can log into Windows XP Professional remotely through the Remote Desktop service. It is built on Terminal Services technology (RDP), and is similar to "Remote Assistance", but allows remote users to access local resources such as printers.^[97] Any Terminal Services client, a special "Remote Desktop Connection" client, or a web-based client using an ActiveX control may be used to connect to the Remote Desktop.^[98] (Remote Desktop clients for earlier versions of Windows, Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0, or Windows 2000 have been made available by Microsoft.^[99] This permits earlier versions of Windows to connect to a Windows XP system running Remote Desktop, but not vice versa.)

There are several resources that users can redirect from the remote server machine to the local client, depending upon the capabilities of the client software used. For instance, "File System Redirection" allows users to use their local files on a remote desktop within the terminal session, while "Printer Redirection" allows users to use their local printer within the terminal session as they would with a locally or network shared printer. "Port Redirection" allows applications running within the terminal session to access local serial and parallel ports directly, and "Audio" allows users to run an audio program on the remote desktop and have the sound redirected to their local computer. The clipboard can also be shared between the remote computer and the local computer. The RDP client in Windows XP can be upgraded to 7.0. The Remote Desktop Web Connection component of Internet Information Services 5.1 also allows remote desktop functionality over the web through an ActiveX control for Internet Explorer.^[100]

Remote Assistance allows a Windows XP user to temporarily take over a remote Windows XP computer over a network or the Internet to resolve issues.^[101][102] As it can be a hassle for system administrators to personally visit the affected computer, Remote Assistance allows them to diagnose and possibly even repair problems with a computer without ever personally visiting it. Remote Assistance allows sending invitations to the support person by email, Windows Messenger or saving the invitation as a file. The computer can be controlled by both, the support person connecting remotely as well as the one sending the invitation. Chat, audio-video conversations and file transfer are available.

Windows XP introduces Fast User Switching^[103] and a more end user friendly Welcome Screen with a user account picture which replaces the Classic logon prompt. Fast user switching allows another user to log in and use the system without having to log out the previous user and quit his or her applications. Previously (on both Windows Me and Windows 2000) only one user at a time could be logged in (except through Terminal Services), which was a serious drawback to multi-user activity. Fast User Switching, like Terminal Services, requires more system resources than having only a single user logged in at a time and although more than one user can be logged in, only one user can be actively using their account at a time. This feature is not available when the Welcome Screen is turned off, such as when joined to a Windows Server Domain or with Novell Client installed.^[102][104] Even when the Welcome screen is enabled, users can switch to the Classic logon by pressing Ctrl+Alt+Del twice at the Welcome screen.^[105]

Windows XP introduced Windows Installer (MSI) 2.0. Windows Installer 2.0 brought major improvements such as installation and management of side by side and CLR assemblies, sandboxing MSI custom actions, improved event logging and hiding sensitive information in log files, per-user program isolation, digital signatures, improved patching (more robust patch conflict resolution and reduced unnecessary unversioned file copying and source prompts), Terminal Server support and integration with System Restore and Software Restriction Policies.^[106] Windows XP can be updated to Windows Installer 4.5.^[107]

Windows Disk Defragmenter was updated to alleviate several restrictions.^[36] It no longer relies on the Windows NT Cache Manager, which prevented the defragmenter from moving pieces of a file that cross a 256 KB boundary within the file. All parts of a stream including the cluster boundary for non-compressed files, reparse points, bitmaps, and attribute_lists, NTFS metadata files, EFS-encrypted files and the NTFS Master File Table can be defragmented. The defragmenter supports NTFS volumes with cluster sizes larger than 4 kilobytes. A command-line tool, defrag.exe, has been included, providing access to the defragmenter from cmd.exe and Task Scheduler. Users who are members of the Power Users group can schedule defragmentation.

Windows Task Manager incorporates a number of improvements in Windows XP. It has been updated to display process names longer than 15 characters in length on the Processes tab, which used to be truncated in Windows 2000.^[108] Session ID and User name columns have been added on the Processes tab. The Delete key can also be used to terminate processes on the Processes tab. A new Networking tab shows statistics relating to each of the network adapters present in the computer. By default the adapter name, percentage of network utilization, link speed and state of the network adapter are shown, along with a chart of recent activity. More options can be shown by choosing Select columns... from the View menu. The Users tab shows all users that currently have a session on the computer. On server computers there may be several users connected to the computer using Terminal Services. There may also be multiple users logged onto the computer at one time using Fast User Switching. Users can be disconnected or logged off from this tab. A Shutdown menu has been introduced that allows access to Standby, Hibernate, Turn off, Restart, Log Off and Switch User. Holding down Ctrl while clicking New Task opens a command prompt.

• Windows XP introduces WMIC.exe, the Windows Management Instrumentation console utility
• Beginning with Windows XP, WMI resides in a shared service host process called Wmiprvse.exe which can spawn multiple instances under different accounts: LocalSystem, NetworkService, or LocalService. Previously, WMI providers were loaded in-process with the WMI Service and a single WMI provider crashing led to the restart of the WMI core service, WinMgmt.exe.
• In Windows XP, MOF files are used to describe system ETW events.
• WMI Filters for Group Policy were introduced.^[109]

This section needs expansion. You can help by adding to it. (January 2020)

Windows XP includes new command-line tools and WMI-based scripts:^[110][111]

• schtasks.exe (Windows Task Scheduler)
• shutdown.exe (Shutdown commands)
• Sc.exe (Service Control Manager)
• gpupdate.exe and gpresult.exe (Group Policy)
• logman.exe, relog.exe, typeperf.exe and tracerpt.exe (Performance Monitor)
• Eventquery.vbs, eventcreate.exe, EventTriggers.exe (Event log)
• DSquery.exe, dsget.exe, dsadd.exe, dsmod.exe, dsmove.exe, dsrm.exe (Active Directory)
• diskpart.exe, Defrag.exe and fsutil.exe (Disk management, Defragmentation and file system management)
• bootcfg.exe (Boot.ini)
• openfiles.exe (Networking)
• powercfg.exe (Power management)
• tasklist.exe, taskkill.exe, getmac.exe, systeminfo.exe, driverquery.exe, reg.exe, regini.exe, IPseccmd.exe (Windows 2000 Resource Kit).
• IIS*.vbs (IIS and Active Server Pages management)
• Prn*.vbs (Printing)
• Pagefileconfig.vbs (PageFile configuration)
• bitsadmin.exe, bindiff.exe, cabarc.exe, ftonline.exe, httpcfg.exe, ipseccmd.exe, netcap.exe, rasdiag.exe, spcheck.exe, tracepdb.exe (New support tools)

• CHKDSK has performance improvements.^[112]
• Non-persistent Shadow Copy (Volume Snapshot Service) support that uses a copy-on-write technique in order to create a snapshot and APIs to use the same
• MSConfig utility has been updated to configure advanced Boot.ini options graphically, enable or disable Windows services and launch built-in tools.
• NTBackup has a wizard-based interface for ease of use and supports backing up locked (in-use) files using Shadow Copy. Media pools created by NTBackup can also be viewed from the backup utility itself without opening Removable Storage Management.^[113]
• Microsoft Management Console 2.0 which introduced an automation object model, view extensions, visual style support, Console Taskpads etc.
• Increased number of WMI providers and classes.
• Unified Registry editor that combines Windows 9x's Regedit.exe and Windows NT's Regedt32.exe. The Registry Editor now supports multiple instances if the -m switch is specified.
• IExpress as part of Internet Explorer 6 to create self-extracting INF-based installation packages.^[114]
• Files and Settings Transfer Wizard and User State Migration Tool
• Several deployment tools improvements including enhancements to Sysprep,^[115] Setup Manager, introduction of WinPE. For example, the Product Key stored in the Answer file for Setup Manager or Sysprep can be stored encrypted. Sysprep can add updated drivers to an installation image with per-machine customizations. The time to preload Windows XP using Sysprep has been reduced using a scriptable WinBOM.ini file that drives Sysprep.
• Unattended installations are improved in Windows XP with far more comprehensive configuration options for various operating system components.
• Several improvements have been made to the Package Installer (Update.exe) over Windows 2000.^[116]
• Increased number of Group Policies, including security policies and Resultant Set of Policy (RSoP) management console which allows administrators to see applied policies in logging mode or simulate policy settings that will be applied before committing to changes to objects in planning mode.
• A Desktop Cleanup Wizard was introduced to help users reduce clutter on their desktops, by looking at the shortcuts on the Desktop and moving any unused ones into a directory called "Unused Desktop Shortcuts". The Desktop Cleanup Wizard operates as a scheduled task that runs once a day to determine if it's been 60 days since the last time the wizard was run.^[117]
• Windows XP can be upgraded to from Windows 98, Windows Me, Windows NT 4.0 Workstation and Windows 2000 Professional. If performing an upgrade setup from Windows 9x family, Windows XP takes a backup of the old installation so that the user can uninstall Windows XP or if setup fails at any point, the system goes back to the previous OS.^[118] If Setup completes successfully, users are asked whether they want to delete the backup. This feature is not available when upgrading from Windows 2000 Professional.
• Windows XP includes a Shutdown Event Tracker (disabled by default) which when enabled from Group Policy allows administrators to document shutdown reasons and analyze the shutdown logs stored in the System log over time to develop an understanding of the cause for most shutdowns. Administrators can choose from a predefined set of reasons or enter their own reasons. Shutdown Event Tracker also takes a system state snapshot just before each shutdown to identify usage of system resources.
• Windows XP Setup includes a new Quick format option to quickly format large volumes without checking the entire volume for bad sectors.^[119]

In Windows 2000, an NTLM hash of the user's password was a requirement which technically allowed a potential malefactor to decrypt the Master Key and the NTLM hash directly from the Security Accounts Manager database.^[120] Windows XP improves DPAPI security by encrypting the Master Key using an SHA1 hash of the password.^[120] This also improves the security of data encrypted with Encrypting File System.

Windows XP PKI supports cross-certification and Bridge CA scenarios. User-type certificates can be auto-enrolled and renewed.^[121] Certificate requests for issuing new certificates or renewing expired ones can be pending until administrator approval or until issued by the certificate authority and once approved, they install automatically. Root CA certificates now also auto-update via Microsoft Update. Windows XP also supports delta CRLs (CRLs whose status has changed since the last full base compiled CRL) and base64-encoded CRLs for revocation checking and will use them by default. Windows XP can enroll version 2 certificate templates which have many configurable attributes.

Smart cards can be used to log into terminal server sessions (when connecting to a Windows Server 2003 or higher Terminal Server), with CAPICOM or with system tools such as net.exe and runas.exe. There are also numerous improvements to certificate status checking, chain building and revocation checking, path validation and discovery.^[122]

Windows XP includes several Encrypting File System improvements^[123] The most notable improvement is that multiple user accounts can share access to encrypted files on a file-by-file basis. A Details button in the Advanced file attributes dialog in the file's properties allows adding or removing additional users who can access the EFS-encrypted file, and viewing the certificate thumbprint and the Data Recovery Agent account. EFS certificates are autoenrolled in the CA and there is support for revocation checking on certificates used when sharing encrypted files. Unlike Windows 2000, there is no default local Data Recovery Agent and no requirement to have one, although a self-signed certificate for the recovery agent can be generated using cipher.exe.

The DPAPI Master Key can be protected using a domain-wide public key. A stronger FIPS 140-1 compliant algorithm such as 3DES can be used. Windows XP also warns the user if the EFS encrypted files are being copied to a file system such as FAT or unsupported location which does not support EFS, and thus the file is going to get decrypted.

Windows XP can also encrypt files on a remote server with NTFS if the server is trusted for delegation in Active Directory and the user's certificate and private key are loaded in the local profile on the server. If a roaming user profile is used, it will be copied locally. On a WebDAV server mapped by a drive letter, Windows XP can encrypt the file locally and transport it as a raw encrypted file to the WebDAV server using the HTTP PUT command. Similarly, EFS encrypted files can be downloaded raw from the WebDAV and decrypted locally. The command line utilities cipher, copy and xcopy have been updated in Windows XP. EFS can also be completely disabled in Windows XP through Group Policy (for a domain) or through the registry (for a non-domain computer).

For faster cache validation, the time for how long the user session key and certificate chain are cached can be adjusted.^[124]

Starting with Windows XP, a password reset disk can be created using the Forgotten Password wizard. This disk can be used to reset the password using the Password Reset Wizard from the logon screen. The user's RSA private key is backed up using an offline public key whose matching private key is stored in one of two places: the password reset disk (if the computer is not a member of a domain) or in Active Directory (if it is a member of a domain). An attacker who can authenticate to Windows XP as LocalSystem still does not have access to a decryption key stored on the PC's hard drive. If the password is reset, the DPAPI master key is deleted and Windows XP blocks all access to the EFS encrypted files to prevent offline and rogue attacks and protect the encrypted files. If the user changes the password back to the original password, EFS encrypted files can be recovered.^[125]

Windows XP prompts for credentials upon authentication errors and allows saving those that use Integrated Windows Authentication to a secure roaming keyring store protected by the Data Protection API. Saved credentials can be managed from the Stored User Names and Passwords item in the User accounts control panel. If a certificate authority is present, then users can a select an X.509 certificate when prompted for credentials. When that same resource is accessed again, the saved credentials will be used. Remote access/VPN connections also create temporary credentials in the keyring to make the experience seamless. Credential Manager also exposes an API for Single Sign On.

Windows XP introduces Software Restriction Policies and the Safer API^[126][127] By use of Software Restriction Policies, a system may be configured to execute or install only those applications and scripts which have been digitally signed or have a certain trust level, thus preventing the execution of untrusted programs and scripts. Administrators can define a default rule using the Local Security Policy snap-in, and exceptions to that rule. The types of rules include: Hash Rule, Path Rule, Certificate Rule and Zone Rule which identify a file by its hash, path, software publisher's certificate or Internet Explorer-zone respectively. For example, an ActiveX control can be restricted to run only for a particular domain by specifying a certificate rule-based software restriction policy.

• Each logon session receives its own set of drive letters. They cannot be shared.^[128]
• The Security permissions user interface is improved over Windows 2000. A new property sheet called Effective Permissions evaluates implicit permissions against explicit permissions and assigned permissions against inherited permissions. When setting object permissions, the user names, groups and security principals can be searched on the domain by specific criteria.
• The Secondary logon (Run As) feature allows running programs with a restricted token if the Protect my computer and data from unauthorized program activity option is checked.^[129]
• For non-domain computers, network logons and secondary logons (Run As) are disabled for user accounts with blank passwords. Only logons from the main physical console logon screen will be allowed for blank passwords.
• If the Security Account Manager (SAM) database is deleted from another OS, Windows XP will not allow bypassing the logon and will show an error message and then shut down the computer.
• Digest SSP for HTTP and LDAP queries between Windows and non-Windows systems where Kerberos is not available.
• IPsec configuration for server or domain isolation is simplified with the Simple Policy Update which reduces the number of IPsec filters from many hundreds of filters to only two filters.^[130]
• The Everyone user group no longer includes the Anonymous SID.
• Windows XP introduced the LOCAL SERVICE and NETWORK SERVICE accounts to run certain Windows services in isolation so that the privileges and access assigned to services is reduced to just those needed for their roles.^[35] This way, any potential attack surface is reduced when an attacker is exploiting the service.
• AuthZ API which implements the NT kernel Security Reference Monitor in user mode for applications to protect objects.
• P3P support in Internet Explorer 6

Windows 2000 wireless support did not support seamless roaming and auto-configuration. Windows XP's Wireless Zero Configuration service supports automatic wireless network configuration with re-authentication when necessary thus providing seamless roaming capability and setting the preferred order of connections. In the absence of a wireless access point, Windows XP can set up an ad hoc wireless network. There is native support for WPA and WPA2 authentication in infrastructure networks with the latest service packs and/or updates applied. Windows XP includes a Wireless Network Setup Wizard which supports the Windows Connect Now: USB Flash Drive (WCN-UFD) method to ease setting up the wireless network for inexperienced users.

Windows XP can connect to hotspots created using Wireless Provisioning Services.^[131]

In Windows XP, Internet Connection Sharing is integrated with UPnP, allowing remote discovery and control of the ICS host. It has a Quality of Service Packet Scheduler component.^[132] When an ICS client is on a relatively fast network and the ICS host is connected to the internet through a slow link, Windows may incorrectly calculate the optimal TCP receive window size based on the speed of the link between the client and the ICS host, potentially affecting traffic from the sender adversely. The ICS QoS component sets the TCP receive window size to the same as it would be if the receiver were directly connected to the slow link.

Internet Connection Sharing also includes a local DNS resolver in Windows XP to provide name resolution for all network clients on the home network, including non-Windows-based network devices. ICS is also location-aware, that is, when connected to a domain, the computer can have a Group Policy to restrict the use of ICS but when at home, ICS can be enabled.

When multiple applications are accessing the internet simultaneously without any QoS and the connection isn't fast enough, the TCP receive window size is set to the full window of data in transit that the first application uses in the connection until a steady state is reached. Subsequent connections made by other applications will take much longer to reach an optimal window size and the transmission rate of the second or third application will always be lower than that of the application that established the connection first. On such slow links, the QoS component in Windows XP automatically enables a Deficit round robin scheduling scheme, which creates a separate queue for each application and services these queues in a round-robin fashion.^[132]

IPv6 has to be installed and configured from the command line using the netsh interface ipv6 context as there is no GUI support. After the network interface's link-local address is assigned, stateless autoconfiguration for local and global addresses can be performed by Windows XP. Static IPv6 addresses can be assigned if there is no IPv6 router on the local link. Transition mechanisms such as manually configured tunnels and 6to4 can be set up. Privacy extensions are enabled and used by default. 6to4 is automatically activated for public IPv4 addresses without a global IPv6 address. Other types of tunnels can be set up include: 6over4, Teredo, ISATAP, PortProxy. Teredo also helps traverse cone and restricted NATs. Teredo host-specific relay is enabled when a global IPv6 address has been assigned, otherwise Teredo client functionality is enabled.

The Windows XP DNS resolver can only make DNS queries using IPv4, it does not use IPv6 itself as a transport to make the query.^[133] However, when a DNS query sends back both IPv4 and IPv6 resource records, IPv6 addresses are preferred. Windows XP does not support DHCPv6 and PPPv6/IPv6CP. An open source DHCPv6 implementation called Dibbler is available,^[134] although stateless autoconfiguration largely makes it unnecessary.

Windows XP includes the Background Intelligent Transfer Service, a Windows service that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth. BITS will only transfer data whenever there is bandwidth which is not being used by other applications, for example, when applications use 80% of the available bandwidth, BITS will use only the remaining 20%. BITS constantly monitors network traffic for any increase or decrease in network traffic and throttles its own transfers to ensure that other foreground applications (such as a web browser) get the bandwidth they need. BITS also supports resuming transfers in case of disruptions. BITS version 1.0 supports only downloads. From version 1.5, BITS supports both downloads and uploads. Uploads require the IIS web server, with BITS server extension, on the receiving side.

Windows XP components such as Windows Update use BITS to download updates so only idle bandwidth is used to download updates and downloading can be resumed in case network connectivity is interrupted. BITS uses a queue to manage file transfers and downloads files on behalf of requesting applications asynchronously, i.e., once an application requests the BITS service for a transfer, it will be free to do any other job, or even terminate. The transfer will continue in the background as long as the network connection is there and the job owner is logged in. BITS supports transfers over both HTTP and HTTPS. If a network application begins to consume more bandwidth, BITS decreases its transfer rate to preserve the user's interactive experience, except for Foreground priority downloads. BITS is exposed through Component Object Model (COM), making it possible to use with virtually any programming language.

Windows XP has a Fax Console to manage incoming, outgoing and archived faxes and settings. The Fax Monitor only appears in the notification area when a fax transmission or reception is in progress. If manual reception of faxes is enabled, it appears upon an incoming fax call. Archived faxes open in Windows Picture and Fax Viewer in TIFF format. Upon installing Microsoft Outlook, the Fax Service automatically switches from the Windows Address Book to using Outlook's Address Book.

Windows XP introduces the Fax Service Extended COM API for application developers to incorporate fax functionality.^[135]

The Advanced Networking Pack, later made part of SP2 introduced Peer-to-Peer Networking and the Peer Name Resolution Protocol (PNRP) to Windows XP. It operates over IPv6. The P2P architecture in Windows XP consists of the following components:

PNRP: This provides dynamic name publication and resolution of names to endpoints. PNRP is a distributed name resolution protocol allowing Internet hosts to publish "peer names" and corresponding IPv6 addresses and optionally other information. Other hosts can then resolve the peer name, retrieve the corresponding addresses and other information, and establish peer-to-peer connections.

With PNRP, peer names are composed of an "authority" and a "qualifier". The authority is identified by a secure hash of an associated public key, or by a place-holder (the number zero) if the peer name is "unsecured". The qualifier is a string, allowing an authority to have different peer names for different services.^[136]

If a peer name is secure, the PNRP name records are signed by the publishing authority, and can be verified using its public key. Unsecured peer names can be published by anybody, without possible verification. Multiple entities can publish the same peer name. For example, if a peer name is associated with a group, any group member can publish addresses for the peer name. Peer names are published and resolved within a specified scope. The scope can be a local link, a site (e.g. a campus), or the whole Internet.

Graphing: PNRP also allows creating an overlay network called a Graph. Each peer in the overlay network corresponds to a node in the graph. Nodes are resolved to addresses using PNRP. All the nodes in a graph share book-keeping information responsible for the functioning of the network as a whole. For example, in a distributed resource management network, which node has what resource needs to be shared. Such information is shared as Records, which are flooded to all the peers in a graph. Each peer stores the Record to a local database. A Record consists of a header and a body. The body contains data specific to the application that is using the API; the header contains metadata to describe the data in the body as name-value pairs serialized using XML, in addition to author and version information. It can also contain an index of the body data, for fast searching. A node can connect to other nodes directly as well, for communication that need not be shared with the entire Graph.

Grouping: The Peer-to-Peer API also allows creation of a secure overlay network called a Group, consisting of all or a subset of nodes in a Graph. A Group can be shared by multiple applications, unlike a Graph. All peers in a Group must be identifiable by a unique named, registered using PNRP, and have a digital signature certificate termed as Group Member Certificate (GMC). All Records exchanged are digitally signed. Peers must be invited into a Group. The invitation contains the GMC that enables it to join the group.^[137]

Windows XP introduces a more simplified form of sharing files with local users in a multi-user environment and over the network called Simple File Sharing. Simple File Sharing which is enabled by default for non-domain joined computers, disables the separate Security tab used to set advanced ACLs/permissions and enables a common interface for both - permissions on file system folders and sharing them.^[138] With Simple File Sharing enabled, the My Documents folder or its subfolders can only be read and written to by its Owner and by local Administrators.^[138] It is not shared on the network. By checking the Make this folder private option in its Properties, local Administrators are also denied permissions to the My Documents folder.^[138] For sharing files with other user accounts on the same computer when Simple File Sharing is enabled, Windows XP includes the Shared Documents folder.

Simple File Sharing disables granular local and network sharing permissions. It shares the item with the Everyone group on the network with read only or write access, without asking for a password but forcing Guest user permissions.^[139]

In Windows XP, a "WebDAV mini-redirector" has been added which is preferred over the old Web folders client, by default. This newer client works as a system service at the network-redirector level (immediately above the file-system), allowing WebDAV shares to be assigned to a drive letter and used by any software, even through firewalls and NATs. Applications can open remote files on HTTP servers, edit the file, and save the changes back to the file (if the server allows). The redirector also allows WebDAV shares to be addressed via UNC paths (e.g. http://host/path/ is converted to \\host\path\) for compatibility with Windows filesystem APIs. The WebDAV mini-redirector is known to have some limitations in authentication support.^[140]

• Internet Explorer 6 upgradeable to Internet Explorer 8 with Windows RSS Platform
• Outlook Express 6, Windows Address Book, NetMeeting 3.01 and MSN Explorer 6
• DHCP client alternate configuration to support more than one network or in the case when a DHCP server is not available
• The Windows XP DNS resolver has been improved with the addition of subnet prioritization.^[141] If the DNS resolution receives multiple IP address mappings (A resource records) from a DNS server, and some of the records have IP addresses from networks to which the computer is directly connected, the resolver places those resource records first. This behavior reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.^[142]
• Network bridging^[143] (IEEE 802.1D Transparent Bridging) allows a Windows XP computer to act as a bridge for different network mediums, eliminating the need to configure multiple IP subnets and routers to connect multiple network mediums together
• Network Setup Wizard for setting up the network on non-domain joined computers, an evolution of Windows Me's Home Networking Wizard.^[144] Windows XP also improves connection wizards for setting up internet or VPN connections or remote access to a network.
• NAT traversal APIs to abstract UPnP functions. UPnP IGD devices show up in Network Connections if the IGD Discovery and Control client is installed and double clicking their icon can initiate a connection to the Internet via the gateway device and show status information. NAT port mappings are also shown and can be set up.^[145]
• Built-in PPPoE protocol for individual authenticated access to remote servers.
• Connection Manager is the client dialer with the ability to connect to customized remote access connections and customized phone books of access numbers that can be created using the Connection Manager Administration Kit (CMAK). Connection Manager supports favorites to save settings for multiple network locations, client side logging and callback features and exposes more previously unavailable settings in the UI. There is support for split tunneling (although not secure) for VPN connections so VPN clients may access the internet.
• Windows Update uses binary delta compression so the size of Windows XP updates to download is reduced.
• EAP-TLS support, PEAPv0/EAP-MSCHAPv2^[146] support beginning with Windows XP SP1.
• Improved support for infrared including IrDA networking (IrCOMM modems, IrNET and P2P)^[147][148]
• Network connection status support tab which displays IP configuration and offers a 1-click "Repair" function to perform a series of steps that reset the network connection.
• Windows XP includes network diagnostic tools such as Netsh diag, netdiag.exe in the support tools and Basic Network Diagnostics integrated into the Help and Support Center^[149]
• There are new Winsock APIs for performance and IPv6 support.^[35] Network Location Awareness APIs are exposed through Winsock for determining network states and notifying Winsock client applications of changes. Windows XP components such as Internet Connection Sharing, Windows Firewall and Network Setup Wizard make use of these network location APIs.
• Winsock has the ability to self-heal if a Winsock LSP uninstallation damages it.^[150] Also, users can manually reset and repair a corrupted Winsock stack using the netsh winsock reset command.
• Support for PVC Encapsulation (RFC 2684)
• NDIS 5.1 has performance enhancements, Plug and Play and Power event notifications for miniport drivers, send cancellation and 64-bit statistic counters. Remote NDIS supports USB attached network devices.
• Expanded support for soft modems and HomePNA adapters.
• Notification when a network has limited or no connectivity.
• TAPI 3.1 exposes COM interfaces. H.323v2 based IP telephony and IP multicast AV conferencing Telephony Service Providers are included. TAPI 3.1 also includes File Terminals (record streaming data), Pluggable Terminals (add external terminal object), USB/HID Phone TSP (control a USB phone and use it as a streaming endpoint) and support for Auto Discovery of TAPI Servers. Several H.323 supplementary services have been implemented for richer call control features (Call Transfer, Call Hold, Call Diversion, Call Park and Pickup).
• Windows Messenger and RTC (Real-Time Communication) Client API to provide IM, presence, AV communications, whiteboarding, application sharing, Acoustic Echo Cancellation, media encryption, PC to phone and phone to PC services to applications.
• For computers in a workgroup, the Windows Time Service in Windows XP supports a new Internet Time feature (NTP client), which updates the clock on the user's computer by synchronizing with an NTP time server on the Internet.^[151] This feature is useful for computers whose real-time clock does not maintain the correct time.
• Microsoft Message Queuing 3.0 supports:^[152] Internet Messaging (referencing queues via HTTP, SOAP-formatted messages, MSMQ support for Internet Information Services), queue aliases, multicasting of messages, and additional support for programmatic maintenance and administration of queues and MSMQ itself. MSMQ 3 clients directly communicate with Active Directory using LDAP.

• Internet Information Services 5.1
• COM+ 1.5^[153]
• Speech Application Programming Interface 5.1
• SAPI 5 support in Microsoft Narrator
• Paint is based on GDI+ and therefore,^[154] images can be natively saved as JPEG, GIF, TIFF and PNG without requiring additional graphics filters (in addition to BMP). However, alpha channel transparency is still not supported because the GDI+ version of Paint can only handle up to 24-bit depth images. Support for acquiring images from a scanner or a digital camera was also added to Paint.
• WordPad has full Unicode support in Windows XP, enabling WordPad to support multiple languages. Windows XP SP1 ships with the RichEdit 4.1 control.^[155]
• General improvements to international support such as more locales, languages and scripts in Uniscribe, expanded MUI support, improved IMEs and National Language Support
• Regional and Language Options group East Asian languages, and complex script & left-to-right languages together, installable by checking a single check-box option. There is font fallback support for East Asian languages.
• Windows XP introduces a new "Location" variable which can be set by the user and queried using the GetGeoInfo API to provide location specific services
• Full Unicode support in the RichEdit control shipped in Windows XP and used by WordPad.
• Support for tablet and pen-sensitive screens, portrait-oriented screens in Windows XP Tablet PC Edition. It also includes speech recognition to control the operating system and for text dictation in applications using the RichEdit control or the Text Services Framework, handwriting recognition and digital ink support accessible through the Tablet PC Input Panel (TIP). Also included are applications to complement these features such as Windows Journal, Sticky Notes for note taking, a game called InkBall and several additional downloadable Tablet PC applications, extras and powertoys.
• Microsoft Active Accessibility 2.0 API, adding support for Dynamic Annotation and MSAA Text.^[156] The newer accessibility API, Microsoft UI Automation can also be installed on Windows XP.
• Windows XP supports a total of 1 million card deals in its version of FreeCell.^[157] Pinball has been updated to fix a high CPU utilization bug.^[158]
• Help and Support Center is very comprehensive with detailed step-by-step how-to and troubleshooting articles, glossary of terms and an index of all articles. Help and Support Center has Favorites, History and advanced search options. It includes the ability to search across multiple information sources including help sources on the Internet such as the Microsoft Knowledge Base. Users can share and install help content to and from other computers running Windows XP or Windows Server 2003 or switch to help for other supported operating system. Help and Support Center is also OEM-customizable.
• New set of PowerToys to significantly enhance the operating system functions such as Alt-tab switching, fast user switching, slideshow generation, desktop slideshow, ClearType optimization, shell powertoys and accessories and customizing operating system settings.
• Ability to change the product key using the Windows Product Activation wizard.

Although Windows XP did not ship with the following major Windows features out-of-the-box, these new features can be added to Windows XP by downloading these components which were incorporated in later versions of Windows.

• .NET Framework versions 1.0, 1.1, 2.0, 3.0, 3.5 and 4.0
• Windows Search 2.0, 3.0 and 4.0
• Windows Defender
• KMDF versions 1.0, 1.1, 1.5, 1.7 and 1.9 and UMDF versions 1.5, 1.7 and 1.9.
• Windows Services for UNIX
• XPS Essentials Pack
• Microsoft Virtual PC 2004 and 2007
• Windows Live Essentials 2009 and Wave 2.
• Windows PowerShell 1.0 and 2.0 and Windows Remote Management 1.0 and 2.0.

Beginning with Windows XP SP2, the audio volume taper is stored in the registry for on-screen keyboard and remote control applications and can be customized by third parties,^[159] and Internet Explorer has improved Group Policy settings support beyond security settings. (KB918997) for Windows XP SP2 and Windows XP SP3 add a Wireless LAN API for developers to create wireless client programs and manage profiles and connections. There is IEEE 802.1X support for wireless and wired connections. In case, a PKI is not available to issue certificates for a VPN connection, there is support for preshared key for IKE authentication.^[160] With KB912761 for Windows XP SP2 or on Windows XP SP3, users can configure whether EFS generates a self-signed certificate when a certificate authority is unavailable. Windows Firewall beginning with Windows XP SP2 also supports IPv6 stateful filtering. Applications and tools such as the Telnet client, FTP client, ping, nslookup, tracert, DNS resolver, file and print sharing, Internet Explorer, IIS have been updated to support IPv6.

• USB block storage devices can be made write-protected so writing data is not possible.^[161]
• Sound events for Blocked pop-up window and the Information bar in Internet Explorer were introduced.
• DirectX 9.0c (Shader Model 3.0) was introduced.
• A File System Filter Manager and minifilter drivers were installed.^[162] Compared to the legacy file system filters, they are easier to develop, offer better stability and can be loaded and unloaded at any time.^[163] They reduce recursive I/O on the kernel stack and can process only necessary operations. Legacy file system filter drivers attached to the file system stack directly and didn't have the aforementioned flexibility.
• Additional functionality for Offline Files via registry modifications was introduced.^[164] By editing the Registry, users can suppress error messages for file types that Offline Files cannot cache and which are excluded from synchronization.^[164] Offline Files for a user that are not on his primary computer (determined by matching the current user's SID with the specified SID in the registry) can be set to purge at logoff. Administratively assigned offline files can also be prevented from being cached for non-primary users.^[164]
• Windows Media Player 9 Series with Windows Media Format Runtime 9.0 was included, with the ability to later update the Media Player and Format Runtime to versions 10 and 11.
• There is basic but production quality support in Windows XP for IPv6 and Teredo tunneling through the Advanced Networking Pack.
• Improved ACPI processor performance states for multi-core processors, for example, SpeedStep.^[165]
• Support for SSE3.
• Windows Movie Maker 2, a free download released in 2002, was introduced, replacing Windows Movie Maker 1.1.
• Support for DVCPRO50 and DVCPRO100 was installed.^[166]
• A YUV mixing mode in the VMR-7 and VMR-9 renderers which performs mixing in the YUV color space to save memory bandwidth was introduced.^[167]
• powercfg.exe, a command-line utility allowing users to control settings related to power management, such as hibernation or creating power schemes, was introduced. Most of this functionality is available in a more user-friendly form in the Power Options dialog under Display Properties, however.
• Significant security-related changes to MSRPC, DCOM,^[168][169] MSDTC^[170] and WMI were introduced.
• Attachment Manager^[171] was introduced.
• Windows Installer 3.0, which also adds numerous improvements to patching such as patch uninstallation support through Add or Remove Programs, binary delta patches, patch sequencing to install patches in the correct order, installing multiple patches for different products in one transaction, eliminating source media requests for delta compression patches, patch elevation for limited user accounts, MSI source location list and inventory management APIs, and fixing numerous bugs, was included.^[172]
• BITS 2.0, part of Windows XP SP2, installed support for performing concurrent foreground downloads, using Server Message Block paths for remote names, downloading portions of a file, changing the prefix or complete name of a remote name, and limiting client bandwidth usage. BITS is upgradeable to version 2.5 in Windows XP.
• http.sys and the HTTP Server API, the kernel-mode HTTP server for applications, backported from Windows Server 2003, was included.
• Support for Secure Digital I/O host controllers and SD/MMC storage devices compliant with SDIO 1.0 beginning with Windows XP SP2 through a Microsoft-supplied bus driver.^[173]

Windows XP Service Pack 2 added native Bluetooth support. The Windows XP Bluetooth stack supports external or integrated Bluetooth dongles attached through USB.^[174] Windows XP SP2 and SP3 support Bluetooth 1.1 (but not 1.0), Bluetooth 2.0 and Bluetooth 2.0+EDR.^[175] The Bluetooth stack supports the following Bluetooth profiles natively: PAN, SPP, DUN, HID, and HCRP.^[174] Third-party stacks may replace the Windows XP stack and may support more profiles or newer versions of Bluetooth.

Windows XP Service Pack 2 introduced Data Execution Prevention. This feature, present as NX (EVP) in AMD's AMD64 processors and as XD (EDB) in Intel's processors, can flag certain parts of memory as containing data instead of executable code, which prevents overflow errors from resulting in arbitrary code execution. It is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example.^[176] DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support. Software-enforced DEP does not protect from execution of code in data pages, but instead from another type of attack (SEH overwrite). Hardware-enforced DEP enables the NX bit on compatible CPUs, through the automatic use of PAE kernel in 32-bit Windows and the native support on 64-bit kernels. Software DEP, while unrelated to the NX bit, is what Microsoft calls their enforcement of "Safe Structured Exception Handling". Software DEP/SafeSEH simply checks when an exception is thrown to make sure that the exception is registered in a function table for the application, and requires the program to be built with it.

If DEP is enabled for all applications, users gain additional resistance against zero-day exploits. But not all applications are DEP-compliant and some will generate DEP exceptions. Therefore, DEP is not enforced for all applications by default in 32-bit versions of Windows and is only turned on for critical system components. Windows XP Service Pack 3 introduces additional NX APIs^[177] that allow software developers to enable NX hardware protection for their code, independent of system-wide compatibility enforcement settings. Developers can mark their applications as NX-compliant when built, which allows protection to be enforced when that application is installed and runs. This enables a higher percentage of NX-protected code in the software ecosystem on 32-bit platforms, where the default system compatibility policy for NX is configured to protect only operating system components.

Windows XP RTM introduced the Internet Connection Firewall.^[178] It was later upgraded to Windows Firewall in Windows XP Service Pack 2 with support for filtering IPv6 traffic as well.^[179][180] By default, Windows Firewall performs stateful packet filtering of inbound solicited or unsolicited traffic on all types of network interfaces (LAN/WLAN, PPPoE, VPN, or dial-up connections). Like Internet Connection Sharing, the firewall has a location-aware policy, meaning it can be disabled in a corporate domain but enabled for a private home network. It has an option to disallow all exceptions which may be useful when connecting to a public network. The firewall can also be used as the edge firewall for ICS clients. When the firewall blocks a program, it displays a notification. Excepted traffic can be specified by TCP/UDP port, application filename and by scope (part of the network from which the excepted traffic originates). It supports port mapping and ICMP. Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. Windows Firewall also supports configuration through Group Policy. Applications can use the Windows Firewall APIs to automatically add exceptions.

Windows Security Center provides users with the ability to view the status of computer security settings and services. Windows Security Center also continually monitors these security settings, and informs the user via a pop-up notification balloon if there is a problem. The Windows Security Center consists of three major components: A control panel, a Windows Service, and an application programming interface that is provided by Windows Management Instrumentation. The control panel divides the monitored security settings into categories, the headings of which are displayed with color-coded backgrounds. The current state of these settings is determined by the Windows service which starts automatically when the computer starts, and takes responsibility for continually monitoring the system for changes. The settings are made available to the system through a WMI provider. Anti-malware and firewall software vendors can register with the Security Center through the WMI provider. Windows Update settings and status are also monitored and reported.

• The Windows Imaging Component was installed.^[181]
• Management Console 3.0 was installed.
• MSI 3.1v2 was included.^[182]
• Credentials Security Service Provider (CredSSP) in Windows XP SP3 (Disabled by default) which provides Single sign-on and Network Level Authentication for Remote Desktop Services.
• A Network Access Protection client and Group Policy support for IEEE 802.1X authentication for wired network adapters was installed.
• BITS 2.5, part of Windows XP SP3, installed support for IPv6 and certificate-based client authentication for secure HTTP transports and custom HTTP headers.
• A later update, incorporated into Windows XP SP3, installed Network Diagnostics for Internet Explorer.^[183]
• SHA-2 hashing algorithms (SHA256, SHA384 and SHA512) to the CryptoAPI for validating X.509 certificates has been installed.
• Later hotfixes and Windows XP SP3 include support for SDHC cards, including those larger than 4 GB but up to 32 GB.^[184]
• Support for SSE4.

• Windows XP Media Center Edition 2005 includes Microsoft Plus! Digital Media Edition components such as Audio Converter, CD Label Maker, Dancer and Party Mode and screensavers and themes from Microsoft Plus! for Windows XP.
• Windows Movie Maker 2.5, which includes DVD burning, was included.

• New features by Windows version:
  • XP
  • Vista
  • 7
  • 8
  • 10
  • 11
• Removed features by Windows version:
  • XP
  • Vista
  • 7
  • 8
  • 10
  • 11