Archive for the ‘System Information’ Category

Windows Server Security Tools for Admins

Posted: August 25, 2009 in Server, System Information
Tags:
0

Automating tasks or at least taking some of the hands-on effort out of the equation allows you to focus on other security issues in your Windows environment, like keeping up with all the patches Microsoft keeps releasing these days. Free tools can even allow you to do things you wouldn’t be able to justify otherwise. In turn, you end up with a more secure network and everyone wins. Now, whether they actually know or care is a different issue…

Since security and limited budgets are all the rage these days, here’s a set of free Windows server security tools you need to check out. While to think there’s life beyond the Sysinternals tools might seem unimaginable, there are indeed other tools available that can make your life a whole lot simpler,– and as with Sysinternals, they won’t cost you a dime.

Data backup, recovery, and destruction tools

  • Cobian Backup – backup software for those who have had it with Windows Backup and the commercial alternatives
  • Eraser – secure deletion for when the time comes to toss out those old drives
  • KillDisk – an alternative option for secure deletion
  • Recuva (Piriform) – data recovery for when you accidentally delete your Exchange Server Public folders

Malware protection tools

  • ClamWin – virus scanner so you can (finally) get some protection on your Windows servers

Monitoring, reporting and search tools

  • EventTracker Pulse (Prism Microsystems) – search engine for log data so you can gain insight into what’s happening on your Windows systems and other devices
  • OSSIM – security information management you can use for security anomaly detection, event correlation, and more (runs via VMware )
  • Paglo Crawler – search engine, monitoring, and reporting so you can gain insight into your IT assets such as network hosts and applications

Scanning and analysis tools

  • Angry IP Scanner – network scanner you can use to monitor your hosts and determine when rogue systems have joined the network and users are doing things they shouldn’t be doing
  • WireShark – the free network analyzer everyone loves – yet so many still haven’t heard of – that can be used to troubleshoot network and application problems

Testing tools

  • ReactOS – a binary-compatible OS to Windows based on XP and Server 2003 that can be used to test Windows applications, security tools, and so on
  • VirtualBox – virtual machine software you can use for testing new versions of Windows, patches, security tools, and more before you put them into production

Kill Processes from Command Prompt

Posted: August 22, 2009 in System Tricks, Tweaking, Vista, Windows XP
Tags:
0


I’m sure you are familiar with the traditional way to kill or end a process in Windowsusing Task Manager.  This method is effective but not nearly as fun as killing a process in Command Prompt.  Additionally, killing processes in Command Prompt provides much more control and the ability to end multiple processes at once.

All of this is possible with the TaskKill command. First, let’s cover the basics.  You can kill a process by the process ID (PID) or by image name (EXE filename).

Open up an Administrative level Command Prompt and run tasklist to see all of the running processes:

C:\>tasklist

Image Name                     PID Session Name        Mem Usage
========================= ======== ================ ============
firefox.exe                  26356 Console             139,352 K
regedit.exe                  24244 Console               9,768 K
cmd.exe                      18664 Console               2,380 K
conhost.exe                   2528 Console               7,852 K
notepad.exe                  17364 Console               7,892 K
notepad.exe                  24696 Console              22,028 K
notepad.exe                  25304 Console               5,852 K
explorer.exe                  2864 Console              72,232 K

In the example above you can see the image name and the PID for each process. If you want to kill the firefox process run:

C:\>Taskkill /IM firefox.exe /F

or

C:\>Taskkill /PID 26356 /F

The /f flag is kills the process forcefully.  Failure to use the /F flag will result in nothing happening in some cases.  One example is whenever I want to kill the explorer.exe process I have to use the /F flag or else the process just does not terminate.

If you have multiple instances of an image open such as multiple firefox.exe processes, running the taskkill /IM firefox.exe command will kill all instances. When you specify the PID only the specific instane of firefox will be terminated.

The real power of taskkill are the filtering options that allow you to use the following variables and operators.

Variables:

  • STATUS
  • IMAGENAME
  • PID
  • SESSION
  • CPUTIME
  • MEMUSAGE
  • USERNAME
  • MODULES
  • SERVICES
  • WINDOWTITLE

Operators:

  • eq (equals)
  • ne (not equal)
  • gt (greater than)
  • lt (less than)
  • ge (greater than or equal)
  • le (less than or equal)

“*” is the wildcard.

You can use the variables and operators with the /FI filtering flag.  For example, let’s say you want to end all processes that have a window title that starts with “Internet”:

C:\>taskkill /FI “WINDOWTITLE eq Internet*” /F

How about killing all processes running under the Steve account:

C:\>taskkill /FI “USERNAME eq Ignited” /F

It is also possible to kill a process running on a remote computer with taskkill.  Just run the following to kill notepad.exe on a remote computer called IgnitedDesktop:

C:\>taskkill /S IgnitedDesktop /U RemoteAccountName /P RemoteAccountPassword /IM notepad.exe /F

To learn more about taskkill run it with the /? command just like any other Windows command.

everything about svchost.exe

Posted: August 22, 2009 in System Information, Vista, Windows 7, Windows XP
Tags:
0


One of the most common questions about system processes is what is svchost.exe and why are there so many processes running? First appearing in Windows XP, svchost.exe hosts multiple services within one process.  This allows the operating system to save memory by reducing process overhead by cutting down on the number of processes that need to be running.

Every system service such as Windows Update, Event Log, Terminal Services, Audio Service, etc. runs within svchost.exe.  Depending on the access the services need, they are grouped together and are run in a number of processes which explains why you see so many in Task Manager running under different accounts such as System, Local Service and Network Service.

Identifying what services are running is different depending on the version of Windows you have.

Windows XP

In Windows XP at a command prompt run:

tasklist /svc

The tasklist utility will show you what processes are running under each svchost.exe process.

Windows Vista and Windows 7

Task manager in Windows Vista and Windows 7 has been enhanced so you can easily see what services are running inside a host process such as svchost.exe.

Click on the Start Button, type in taskmgr and hit Enter. When task manager loads, click on the Processes tab and click Show processes from all users to see all of the svchost.exe processes. Then, right click on a svchost.exe process and select Go to Service(s). You will be taken to the Services tab with all services running in that process highlighted.

All Versions of Windows

Microsoft Sysinternals has a great free utility called Process Explorer that is like a task manager on steroids.  It works on all versions of Windows and allows you to easily see services running inside of svchost.exe.  Download Process Explorer here.  Once you have it running right click on any process and select Properties. Then click on the Services tab and you will see all processes running inside the host process.

BitLocker Drive Encryption in Vista

Posted: August 21, 2009 in System Information, Vista
Tags:
0


In Windows XP and previous NT-based versions of Windows, Microsoft offered a feature

called Encrypting File System (EFS) that enabled users to encrypt important folders or

files. This prevents thieves from accessing sensitive data should your computer be physically

stolen: If the thief removes your hard drive and attaches it to a different computer,

any encrypted files cannot be read. EFS has proven to be a popular feature with businesses

that have many roaming executives with laptops, with IT administrators, and the

security conscious.

EFS is still present in Windows Vista and works as before, but it’s been augmented by a

new technology called BitLocker. Like EFS, the new BitLocker feature in Windows Vista

lets you encrypt data on your hard drive to protect it in the event of physical theft. But

BitLocker offers a few unique twists.

_ First, BitLocker is full-disk encryption, not per-file encryption. If you enable

BitLocker, it will encrypt the entire hard disk on which Windows Vista resides,

and all future files that are added to that drive are silently encrypted as well.

_ Second, BitLocker protects vital Windows system files during bootup: If

BitLocker discovers a security risk, such as a change to the BIOS or any startup

files (which might indicate that the hard drive was stolen and placed in a different

machine), it will lock the system until you enter your BitLocker recovery key

or password (discussed shortly).

_ Third, BitLocker works in conjunction with new Trusted Platform Module (TPM)

security hardware in some modern PCs to provide a more secure solution than is

possible with a software-only encryption routine. BitLocker may not be theoretically

impregnable, but in the real world the chances are that no hacker will ever

defeat a BitLocker-protected PC.

Vista Side Bar

Posted: August 21, 2009 in System Basics, System Information, Vista
0

Windows Sidebar is actually not displayed by default on all PCs. If the resolution of

your PC’s screen is 1024×768 or less, for example, Windows Sidebar will not display

by default. To enable Windows Sidebar on such a system, follow the instructions

in “Launching Windows Sidebar,” below. Then, right-click the Sidebar and choose

Properties. In the Windows Sidebar Properties dialog that appears, check the box

titled Start Sidebar when Windows starts if you’d like it enabled by default.

For others, however, Sidebar might not be a desirable feature. To disable Windows

Sidebar, right-click the Sidebar tray icon and choose Exit. (Do not right-click the Sidebar

itself and choose Close; that simply hides the Sidebar.) Then, uncheck the option box

asking whether you’d like to run Sidebar automatically when the system reboots.

10 Fast and Free Security Enhancements

Posted: August 20, 2009 in Security, System Information
Tags:
0


10 Fast and Free Security Enhancements

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.

3. Install a free spyware blocker. Our Editors’ Choice (“Spyware,” April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you’ll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you’re not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don’t assume that e-mail “From:” a particular person is actually from that person until you have further reason to believe it’s that person. Don’t assume that an attachment is what it says it is. Don’t give out your password to anyone, even if that person claims to be from “support.”

Change the Default Location for Installing Applications

Posted: August 20, 2009 in System Basics, System Information, System Modifications
0


As the size of hardrives increase, more people are using partitions to seperate and store groups of files.

XP uses the C:\Program Files directory as the default base directory into which new programs are installed. However, you can change the default installation drive and/ or directory by using a Registry hack.

Run the Registry Editor (regedit)and go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

Look for the value named ProgramFilesDir. by default,this value will be C:\Program Files. Edit the value to any valid drive or folder and XP will use that new location as the default installation directory for new programs.

Computer Acronyms

Posted: August 20, 2009 in System Basics, System Information
0


ADSL – Asymmetric Digital Subscriber Line

AGP – Accelerated Graphics Port

ALI – Acer Labs, Incorporated

ALU – Arithmetic Logic Unit

AMD – Advanced Micro Devices

APC – American Power Conversion

ASCII – American Standard Code for Information Interchange

ASIC – Application Specific Integrated Circuit

ASPI – Advanced SCSI Programming Interface

AT – Advanced Technology

ATI – ATI Technologies Inc.

ATX – Advanced Technology Extended

— B —

BFG – BFG Technologies

BIOS – Basic Input Output System

BNC – Barrel Nut Connector

— C —

CAS – Column Address Signal

CD – Compact Disk

CDR – Compact Disk Recorder

CDRW – Compact Disk Re-Writer

CD-ROM – Compact Disk – Read Only Memory

CFM – Cubic Feet per Minute (ft�/min)

CMOS – Complementary Metal Oxide Semiconductor

CPU – Central Processing Unit

CTX – CTX Technology Corporation (Commited to Excellence)

— D —

DDR – Double Data Rate

DDR-SDRAM – Double Data Rate – Synchronous Dynamic Random Access Memory

DFI – DFI Inc. (Design for Innovation)

DIMM – Dual Inline Memory Module

DRAM – Dynamic Random Access Memory

DPI – Dots Per Inch

DSL – See ASDL

DVD – Digital Versatile Disc

DVD-RAM – Digital Versatile Disk – Random Access Memory

— E —

ECC – Error Correction Code

ECS – Elitegroup Computer Systems

EDO – Extended Data Out

EEPROM – Electrically Erasable Programmable Read-Only Memory

EPROM – Erasable Programmable Read-Only Memory

EVGA – EVGA Corporation

— F —

FC-PGA – Flip Chip Pin Grid Array

FDC – Floppy Disk Controller

FDD – Floppy Disk Drive

FPS – Frame Per Second

FPU – Floating Point Unit

FSAA – Full Screen Anti-Aliasing

FS – For Sale

FSB – Front Side Bus

— G —

GB – Gigabytes

GBps – Gigabytes per second or Gigabits per second

GDI – Graphical Device Interface

GHz – GigaHertz

— H —

HDD – Hard Disk Drive

HIS – Hightech Information System Limited

HP – Hewlett-Packard Development Company

HSF – Heatsink-Fan

— I —

IBM – International Business Machines Corporation

IC – Integrated Circuit

IDE – Integrated Drive Electronics

IFS- Item for Sale

IRQ – Interrupt Request

ISA – Industry Standard Architecture

ISO – International Standards Organization

— J —

JBL – JBL (Jame B. Lansing) Speakers

JVC – JVC Company of America

– K —

Kbps – Kilobits Per Second

KBps – KiloBytes per second

— L —

LG – LG Electronics

LAN – Local Are Network

LCD – Liquid Crystal Display

LDT – Lightning Data Transport

LED – Light Emitting Diode

— M —

MAC – Media Access Control

MB � MotherBoard or Megabyte

MBps – Megabytes Per Second

Mbps – Megabits Per Second or Megabits Per Second

MHz – MegaHertz

MIPS – Million Instructions Per Second

MMX – Multi-Media Extensions

MSI – Micro Star International

— N —

NAS – Network Attached Storage

NAT – Network Address Translation

NEC – NEC Corporation

NIC – Network Interface Card

— O —

OC – Overclock (Over Clock)

OCZ – OCZ Technology

OEM – Original Equipment Manufacturer

— P —

PC – Personal Computer

PCB – Printed Circuit Board

PCI – Peripheral Component Interconnect

PDA – Personal Digital Assistant

PCMCIA – Peripheral Component Microchannel Interconnect Architecture

PGA – Professional Graphics Array

PLD – Programmable Logic Device

PM – Private Message / Private Messaging

PnP – Plug ‘n Play

PNY – PNY Technology

POST – Power On Self Test

PPPoA – Point-to-Point Protocol over ATM

PPPoE – Point-to-Point Protocol over Ethernet

PQI – PQI Corporation

PSU – Power Supply Unit

— R —

RAID – Redundant Array of Inexpensive Disks

RAM – Random Access Memory

RAMDAC – Random Access Memory Digital Analog Convertor

RDRAM – Rambus Dynamic Random Access Memory

ROM – Read Only Memory

RPM – Revolutions Per Minute

— S —

SASID – Self-scanned Amorphous Silicon Integrated Display

SCA – SCSI Configured Automatically

SCSI – Small Computer System Interface

SDRAM – Synchronous Dynamic Random Access Memory

SECC – Single Edge Contact Connector

SODIMM – Small Outline Dual Inline Memory Module

SPARC – Scalable Processor ArChitecture

SOHO – Small Office Home Office

SRAM – Static Random Access Memory

SSE – Streaming SIMD Extensions

SVGA – Super Video Graphics Array

S/PDIF – Sony/Philips Digital Interface

— T —

TB – Terabytes

TBps – Terabytes per second

Tbps – Terabits per second

TDK – TDK Electronics

TEC – Thermoelectric Cooler

TPC – TipidPC

TWAIN – Technology Without An Important Name

— U —

UART – Universal Asynchronous Receiver/Transmitter

USB – Universal Serial Bus

UTP – Unshieled Twisted Pair

— V —

VCD – Video CD

VPN – Virtual Private Network

— W —

WAN – Wide Area Network

WTB – Want to Buy

WYSIWYG – What You See Is What You Get

— X —

XGA – Extended Graphics Array

XFX – XFX Graphics, a Division of Pine

XMS – Extended Memory Specification

XT – Extended Technology

Create One-Click Shutdown and Reboot Shortcuts

Posted: August 20, 2009 in System Basics, System Information, System Tricks, Tricks
1


Create One-Click Shutdown and Reboot Shortcuts:

First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.

But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:

shutdown -r -t 01 -c “Rebooting your PC”

Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message “Rebooting your PC.” The shutdown command includes a variety of switches you can use to customize it. Table 1-3 lists all of them and describes their use.

I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:

shutdown -s -t 03 -c “Bye Bye m8!”

shutdown -r -t 03 -c “Ill be back m8 ;)!”

Switch

What it does

-s

Shuts down the PC.

-l

Logs off the current user.

-t nn

Indicates the duration of delay, in seconds, before performing the action.

-c “messagetext”

Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.

-f

Forces any running applications to shut down.

-r

Reboots the PC.

Keep Folders Hidden

Posted: August 20, 2009 in System Basics, System Tricks, Windows XP
0


Keep Folders Hidden

first create a new folder somewhere on your hard drive

when you name it hold down “Alt” and press “0160” this will create and invisible space so it will apper as if it has no name.

then right click in and select “Properties” select the tab “coustimize” and select “change icon” scroll along and you should a few blanc spaces click on any one and click ok when you hav saved the settings the folder will be invisible to hide all your personal files

Older Entries
Newer Entries