Archive for the ‘Vista’ Category

Steps to enable BitLocker on your computer:

  1. Click Start Control Panel Security BitLocker Drive Encryption.
  2. If the User Account Control dialog box appears, verify that the proposed action is what you requested, and then click Continue.
  3. From the BitLocker Drive Encryption screen, click Turn On BitLocker on the Windows OS volume. If your TPM is not initialized, you will see the Initialize TPM Security Hardware Wizard. Follow the directions to switch on the TPM and reboot your computer. Once the TPM is initialized, click Turn On BitLocker on the system volume again.
  4. In the Save the recovery password dialog box, you will see the following options:
  • Save the password on a USB drive. Saves the password to a removable drive.
  • Save the password in a folder. Saves the password to a network drive or other location.
  • Print the password. Prints the password.
  1. Choose any of these options to preserve the recovery password.
  2. From the “Encrypt the selected disk volume” dialog box, confirm the Run BitLocker System check box is checked and click Continue.
  3. Confirm you want to reboot the computer by clicking Restart Now. The computer reboots and BitLocker ensures that the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem before encryption starts.
  4. If it is ready for encryption, the Encryption in Progress status bar is displayed. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the toolbar at the bottom of your screen.


BitLocker contains four main components: a single Microsoft TPM driver, an API called TPM Base Services (TBS), BitLocker Drive Encryption, and a WMI provider.

Like most hardware, a TPM chip needs a driver to expose its functionality to the operating system and, ultimately, to applications. By including the Microsoft TPM driver within Windows Vista, we gain increased stability and can more easily leverage the TPM’s security features. To use a TPM with BitLocker, you must allow Vista to use the Microsoft driver. The Microsoft driver works with TPM chips that are at version 1.2 or newer.

TPM Base Services (TBS) is an application programming interface (API) that allows applications to access the services provided by a TPM. In this aspect, even though it is part of the Windows operating system, BitLocker is an “application” that uses TBS. The advantage of this architecture is that other applications could also make use of the TPM. After Vista is in the marketplace for a while, I believe we will see other security applications that call on TBS. TBS also allows the TPM to be managed within Windows Vista from the TPM Management Console, instead of forcing users to navigate through endless BIOS screens.

BitLocker Drive Encryption, itself, is the OS component that encrypts and decrypts data on the volume, and uses the TPM to validate the pre-OS boot components. BitLocker has a number of options that can change its default behaviour, many of which are exposed through Group Policy settings.

BitLocker is also totally scriptable and manageable. In addition to Group Policy options, BitLocker and TBS both include Windows Management Interface (WMI) providers. WMI is the Windows implementation of Web-Based Enterprise Management (WBEM), so any WBEM console can also be used with BitLocker. More usefully, though, this WMI interface allows BitLocker to be scripted, and Vista includes a scripted utility called manage-bde.wsf, which allows you to configure and control BitLocker from the command line or a batch file, either locally or remotely.

It is also worth noting here, even though we talk about it in more detail later in the chapter, BitLocker integrates with Active Directory Domain Services to store TPM and BitLocker information that can be used for recovery.


If you are the primary user of your computer and you do not have any other users, or if everyone in your household uses the same username, you are the perfect candidate for enabling automatic logon. Automatic logon is a great technique that will save you time that is often wasted when your computer is waiting for you to type your password. Even if you do not have a password assigned to your account, you are still required by the logon welcome screen to click your name to sign in. Having to do these tasks yourself is unnecessary and a waste of time if you are a candidate for automatic logon.

Caution Automatic logon can be a great feature but it can also create a security problem for your computer. If you use your computer for business, if you have data you prefer to keep safe from others, or both, I strongly recommend that you do not enable this feature. If you happen to step out of your office or if your laptop is stolen, you have left the door to your computer wide open. By enabling automatic logon, you are trading convenience for physical access security. However, you are not changing your network security, so your data is still safe from network attackers. The risk of someone remotely connecting to your computer is the same as if you did not have automatic logon enabled.

Enabling automatic logon is a quick and easy Registry hack. Follow these steps to speed up your sign-on with automatic logon:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. After Registry Editor has started, navigate through HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Locate the AutoAdminLogon entry. If the key does not exist, create it by right-clicking the Winlogon folder and selecting New and then Registry String.
  4. Right-click the AutoAdminLogon entry and select Modify. Set the Value to 1. Then press OK to save the new value.
  5. Locate the DefaultUserName entry or create it if it does not exist.
  6. Right-click DefaultUserName and select Modify. Set the value to the username that you primarily use to sign in to Windows. Press OK.
  7. Locate the DefaultPassword entry or create it if it does not exist.
  8. Right-click the DefaultPassword entry and set the Value to your password.
  9. Close Registry Editor and restart your computer.

After you reboot your computer, Windows Vista should automatically sign on to your account. You will notice that your computer will now get to the desktop much quicker than before. If you ever want to disable automatic logon, just go back into Registry Editor and set the AutoAdminLogon entry to 0.

In this section, we’ll discuss the registry keys that are used for power management. You may edit any of them using one of the registry editors.

Note Changing registry entries responsible for power management won’t have an immediate effect. Windows only reads settings from the registry when you log on, when you click OK in Control Panel, or when a Powerprof.dll function is called on to read the registry.

The registry keys used for power management are listed below.

  • HKCU\AppEvents\EventLabels\LowBatteryAlarm – descriptive name of a low battery-power-alarm event
  • HKCU\AppEvents\EventLabels\CriticalBatteryAlarm – descriptive name of a critical battery-power-alarm event
  • HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Default, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Default – filenames of the WAV files that will play as a low and critical power-alarm events
  • HKCU\Control Panel\PowerCfg\CurrentPowerPolicy – index of current user and machine power policy
  • HKCU\Control Panel\PowerCfg\GlobalPowerPolicy\Policies – the user global power policy (binary encoded data)
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Name – name of power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Description – descriptive string for power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Policies – user power policy n, where n = 0, 1, 2, etc. (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID – index of the last power policy in the lists of user and machine power policies (for example, if there are six user power policies and six machine power policies in the registry, the value of this key is 5)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMax – the maximum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMin – the minimum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy\Policies – the machine global power policy (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\n\Policies – machine power policy n, where n = 0, 1, 2, etc. (binary encoded data)

While Windows Vista may be Microsoft Corp’s most secure operating system ever, it’s far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall or for some wicked bot to tweak your browser settings without your knowledge.

But by making a few judicious changes using the security tools within Windows Vista — and in some cases by adding a few pieces of free software –you can lock down your operating system like a pro.

1. Use Windows Security Centre as a starting point

For a quick overview of your security settings, the Windows Security Center is where you’ll find the status of your system firewall, auto update, malware protection and other security settings. Click Start, Control Panel, SecurityCenter, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected.

For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out of date, the malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so you’ll want to install your own. For free antivirus,

I recommend Avast 4.8 Home Edition.

2. Use Windows Defender as a diagnostic tool

The malware section of Windows Vista also protects against spyware using Windows Defender. The antispyware protection in your antivirus program usually trumps the protection Microsoft provides, but there are several good reasons to keep Windows Defender enabled. One is that every antispyware program uses a different definition of what is and is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools, and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Start-u

p Programs is perhaps the most useful. Click on any name in the left window, and full details will appear in the right pane. By highlighting, you can remove, disable or enable any of the programs listed.

3. Disable the start-up menu

Windows Vista keeps track of all the documents and programs you launch in the start-up menu. This can be convenient for some users, but it can also compromise your privacy if you share a computer within an office or household. Fortunately, Windows Vista provides an easy way to tweak this setting

. To protect your privacy, follow these steps:

* Right-click on the task bar and select “Properties.”

* Click on the Start Menu tab.

* Uncheck “Store and display a list of recently opened files.”

* Uncheck “Store and display a list of recently opened programs.”

* Click “OK.”

4. Get two-way firewall protection

No desktop should be without a personal firewall, but even if the Security Center says you’re protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious — and that’s good. But outbound protection is not enabled by default. That’s a dangerous situation if some new malicious software finds its way onto your PC.

Microsoft did include the tools for Windows Vista to have a true two-way firewall, but finding the setting is a little complicated. (Hint: Don’t go looking the Windows Firewall settings dialog box.

To get two-way firewall protection in Windows Vista, do the following:

* Click on the Start button; in the search space, type “wf.msc” and press Enter.

* Click on the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules.

* Click on Windows Firewalls Properties. You should now see a dialog box with several tabs.

* For each profile — Domain, Private and Public — change the setting to

Block, and then click OK.

Even if you do this tweak, I recommend adding a more robust third-party firewall. I suggest either Comodo Firewall Pro or ZoneAlarm, both of which are free and fare very well in independent firewall testing.

5. Lock out unwanted guests

If you share your computer with others — and even if you don’t – Windows Vista includes a neat way to keep unwanted guests from guessing your systems administrator password. When you set up users and declare one user as administrator with full privileges, Windows Vista allows an outsider unlimited guesses at the password you chose. Here’s how to limit the guesses.

* Click Start, then type “Local Security Policy.”

* Click Account Lockout Policy.

* Choose Account Lockout Threshold.

* At the prompt, enter the number of invalid log-ins you’ll accept (say, three).

* Click OK and close.

6. Now audit your attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following:

* Click the Start button, type “secpol.msc,” and click the secpol icon.

* Click on Local Policies and then Audit Policy.

* Right-click on “Audit account log-on events policy,” and select Properties.

* Check the Failure box, and click OK.

* Right-click on “Audit log-on events policy” and select Properties.

* Check the Failure box and click OK.

* Close the Local Security Policy window.

You can then use the Event Viewer (by running eventvwr.msc) to view the logs under Windows Logs and Security.

7. Secure your Internet Explorer settings

The Windows Security Center will also report whether your Internet Explorer 7(or IE 8) security settings are at their recommended levels. If the screen shows this section as red, you can adjust the settings within the browser itself.

* Within Internet Explorer, click Tools in the menu bar.

* From the drop-down menu, click Internet Options.

* Choose the Security tab.

* Within the Security tab, click Custom Level.

Here you’ll see a window with all the security options for the browser. If any are below the recommended level (if, say, some malware reconfigured your browser settings), these options will be highlighted in red.

To change an individual setting, click the appropriate radio button. To reset them all, use the button near the bottom of the tab. You can also change the overall security setting for Internet Explorer from the default Medium-High setting to the recommended High or Medium, if you wish. Click OK to save and close.

8. Use OpenDNS Domain Name System (DNS) servers act as a phone book. When you type “pcworld.com” in the address bar, for instance, your browser sends that common

-name request to your Internet service provider’s DNS servers to be converted into a series of numbers, or an IP address.

Lately, DNS servers have come under attack, with criminals seeking to redirect common DNS preferences to servers that they control. One way to stop such abuse is to use OpenDNS.

Go to Start, Control Panel, Network and Internet, and then click Network and Sharing Center. Under the tasks listed on the left, click Manage Network Connections. In the Manage Network Connections window, do the following:

* Right-click on the icon representing your network card.

* Click Properties.

* Click Internet Protocol Version 4.

* Click the Properties button.

* Select the Use the following DNS server addresses radio button.

* Type in a primary address of 208.67.222.222.

* Type in a secondary address of 208.67.220.220.

* Click OK.

9. Live with User Account Control

One area where some people might want to see the Windows Security Center turn red is User Account Control (UAC), perhaps the most controversial security feature within Windows Vista. Designed to keep rogue remote software from automatically installing (among other things), UAC has a tendency to thwart legitimate software installations by interrupting the process several times with useless messages.

In Windows 7, you’ll be able to set UAC to the level you want. Until then, you do have some options. One is to disable UAC. I would caution against that, since UAC is meant to warn you of potential danger.

Instead, install TweakUAC, a free utility that enables you to turn UAC on or off as well as provides an intermediate “quiet” mode that keeps UAC on but suppresses administration-elevation prompts. With TweakUAC in quiet mode, UAC will appear to be off to those running as administrator accounts, while people with standard user accounts will still be prompted.

10. Check your work

Now that you’ve tweaked Windows Vista, you can keep tabs on your system’s security with the System Health Report. This diagnostic tool takes input from the Performance and Reliability Monitor and turns it into an information-packed report that can spotlight potential security problems.

* Open Control Panel.

* Click System.

* In the Tasks list, click Performance (near the bottom).

* In the resulting Tasks list, click Advanced tools (near the top).

* Click the last item on the resulting list — “Generate a system health report.”

The report will list any missing drivers that might be causing error codes, tell you whether your antivirus protection is installed and declare whether UAC is turned on. You may want to run this report once a month just to make sure everything is still good.

Steps to Reset Vista Password

Posted: November 12, 2009 in Bios, Registry, Tricks, Vista
Tags: ,

1. Reboot the Windows Vista and boot up with Windows Vista installation DVD.

2. While the Windows Vista installation interface pops up, click the Repair You Computer link at the bottom-left corner.

3. Next, the System Recovery Options dialog box appears. There are few

options that related to repairing Windows Vista, looks like Recovery Console in Windows XP:

Startup Repair options are used to automatically fix problems that are preventing Windows Vista from starting.

System Restore to restore Windows Vista setting to an earlier point in time.

Windows Complete PC Restore to restore Windows Vista from a full system backup.

Windows Memory Diagnostic Tool could be the first Microsoft memory

tester toolkit that bundled with Windows setup media.

Command Prompt is the target option of this Vista hacking guide. Click

on this option now.

4. In the Vista Command Prompt, type mmc.exe and press ENTER key to

bring up the Microsoft Management Console.

5. Click on the File menu, select Add / Remove Snap-in option, locate and

select the Local Users and Groups on the left panel, and click Add button to

add it to the right panel.

6. Now, the Choose Target Machine dialog box pop up. Keep the default setting by clicking the Finish button – that means using the Local Users an

d Groups snap-in to manage this local computer, and not another computer in network.

7. Click OK button and return to MMC windows. Under the Root Console in

left panel, double-click Local Users and Group that was added earlier. Click on User folder, locate and right-click the target Vista logon account that found in the right panel.

Guess you should know what to do now. Select the Set Password from the right-click menu to set a new password / reset old password.

Malware – The generic term used for all forms of software designed with malicious intent. Viruses, worms, spyware etc. are all forms of malware. The term virus is often used when malware should really be used as it describes all forms of malicious software.

Virus – A computer virus acts very much like a human virus. Human viruses are spread, via thumb drives, floppy discs, network connections etc., to other PCs. Viruses need a host (like a free screensaver program) to spread. By pure definition: a virus has the ability to spread itself, via a host, to other computers.

Worm – A worm is much like a virus. The key difference is worms can spread between PCs without a host (free screensaver program, downloaded game etc.) These programsrely on computer networks and usually damage files and slow down networks in their path.

Trojan horse (Trojan) – A Trojan horse is a seemingly harmless program that looks to provide value. However, just as in Greek mythology, a Trojan horse has a secret agenda and acts as a backdoor to your computer. This backdoor can be accessed by a hacker to compromise your PC. Trojan horses are not self-replicating and spread due to users installing them manually on their PC.

Privacy-invasive software – A formal term used to describe software that invades your privacy. This software comes in different forms including spyware and adware.

Spyware – Spyware tracks a user’s activity by monitoring browsing habits and keyboard activity and can even take screenshots while you use your PC. This information is sent back to the creator or beneficiary of the spyware. Signs of spyware include: modified browser homepages, slow internet, and suspicious looking sites in place of legitimate sites (for example: banking sites.)

Adware – Like spyware, adware is software that may track visited websites and act as a key logger. Adware tracks this information to automatically display downloaded or installed adverts to a user. You may wonder why you are being offered “PC Super Anti Spyware 2011” when using your PC; this is adware at work. AIM, FlashGet, Deamon Tools, and RealPlayer are all examples of adware.

Backdoor – A backdoor is a point of access to a computer that does not require authentication. An unlocked house back door gives access to an otherwise secure home; a computer backdoor allows access to your PC without your knowledge or permission.

Key logger – Key loggers are used to monitor keyboard activity on a PC. These can be software-based (bundled with Trojan horses, adware, and spyware) or hardware-based (between the keyboard cable and the PC, acoustic etc.) Usually this information is retrieved across a local network, the internet, or from the physical device connected to the keyboard.

Firewall – A firewall both permits and blocks access to a network or PC. Firewalls are included with popular security software (e.g. AVG Internet Security and ESET Smart Security) and limit communication between your PC and devices that are not authorized to communicate with you.

Windows Firewall – Comes bundled with Windows XP, Vista, and 7. This is a great solution; however, due to a lack of comprehensive definition updates, Windows Firewall is not completely effective in blocking threats and allowing safe connections.

Antimalware / Antivirus / Antispyware – Software designed to remove or block malware (e.g. AVG Internet Security and ESET Smart Security.)

Enabling automatic logon in Vista

Posted: September 14, 2009 in Tweaking, Vista
Tags: ,

If you are the primary user of your computer and you do not have any other users, or if everyone in your household uses the same username, you are the perfect candidate for enabling automatic logon. Automatic logon is a great technique that will save you time that is often wasted when your computer is waiting for you to type your password. Even if you do not have a password assigned to your account, you are still required by the logon welcome screen to click your name to sign in. Having to do these tasks yourself is unnecessary and a waste of time if you are a candidate for automatic logon.

Caution: Automatic logon can be a great feature but it can also create a security problem for your computer. If you use your computer for business, if you have data you prefer to keep safe from others, or both, I strongly recommend that you do not enable this feature. If you happen to step out of your office or if your laptop is stolen, you have left the door to your computer wide open. By enabling automatic logon, you are trading convenience for physical access security. However, you are not changing your network security, so your data is still safe from network attackers. The risk of someone remotely connecting to your computer is the same as if you did not have automatic logon enabled.

Enabling automatic logon is a quick and easy Registry hack. Follow these steps to speed up your sign-on with automatic logon:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. After Registry Editor has started, navigate through HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Locate the AutoAdminLogon entry. If the key does not exist, create it by right-clicking the Winlogon folder and selecting New and then Registry String.
  4. Right-click the AutoAdminLogon entry and select Modify. Set the Value to 1, Then press OK to save the new value.
  1. Locate the DefaultUserName entry or create it if it does not exist.
  2. Right-click DefaultUserName and select Modify. Set the value to the username that you primarily use to sign in to Windows. Press OK.
  3. Locate the DefaultPassword entry or create it if it does not exist.
  4. Right-click the DefaultPassword entry and set the Value to your password.
  5. Close Registry Editor and restart your computer.

After you reboot your computer, Windows Vista should automatically sign on to your account. You will notice that your computer will now get to the desktop much quicker than before. If you ever want to disable automatic logon, just go back into Registry Editor and set the AutoAdminLogon entry to 0.

Each user uses (or May not use) devices differently depending on the system setup. Nonetheless, some classes of devices are more commonly disabled than others. Knowing which ones will help you make your decision as to which devices you should disable. The following classes of devices are frequently disabled:

  • Network adapters: Especially on notebook computers, there is often more than one network device. Disabling the network devices that you do not use will definitely save you some booting time.
  • FireWire: If you have 1394 connections, otherwise known as FireWire, you might consider disabling them. Unless you are using your FireWire port to connect your digital video recorder to your computer, or have other external FireWire devices, you have no need to have this device enabled.
  • Biometrics: Some of the latest computer hardware includes biometric sensor equipment such as a fingerprint scanner. If you do not use these security features, you can save time by disabling these devices, too.
  • Modems: Do you have a broadband connection? If so, consider disabling your modem. If you rarely use it, why not disable it? If you ever need to use it again, just re-enable it.
  • TPM security chips: Does your computer have a Trusted Platform Module (TPM)? These chips are typically used as a secure place to store an encryption key that would be used for something such as hard drive encryption. If you are not using any of these advanced security features of Windows Vista, disable these devices, too.
  • Multimedia devices: Your computer has lots of multimedia devices. Take a look at the “Sound, video, and game controllers” section in Device Manager. You will find a lot of device drivers that are loaded during your boot. Some are used by all users, but you will find a few that you do not use. For example, I do not use my game port or my MIDI device, so I disabled both of those.
  • PCMCIA cards: If you are a laptop user, consider disabling your PCMCIA card controller located under “PCMCIA adapters.” The PCMCIA (Personal Computer Memory Card International Association) slot is a special expansion slot that is rarely used today on laptops except for wireless and wired network cards and card reader attachments for compact flash and other solid-state memory cards. Most laptops now have built-in network adapters, and some even have built-in wireless adapters. If you do not use your PCMCIA adapter, it is yet another device you can safely disable.

Important

Do not disable any hardware devices located under the Disk Drives, Computer, Display Adapters, IDE Disk Controllers, and the System sections (except for the system speaker). These hardware devices are critical to the operation of your system.

In the preceding section, I set a new Timeout value that will cut down on the amount of time that is wasted before the operating system starts to load. That works great when your primary operating system is the default; but if it is not, you must remember to press a key at the right moment on every single boot. There is a much better way to handle the situation. Just make your primary operating system the default operating system in the Windows Boot Manager. This will allow you to benefit from the lower Timeout value and speed up the overall boot time.

Setting the default operating system is a little more difficult because you need to use the command-line Boot Configuration Editor, bcdedit.exe. The Boot Configuration Editor is part of Windows Vista, but it requires an account with administrative rights to run. Even if you are logged in with an account that has administrator rights but have user account control enabled, by default the tool will not run as administrator. Follow these steps to use the Boot Configuration Editor to set the default operating system:

  1. Click the Start button and navigate through All Programs and Accessories.
  2. Locate the Command Prompt shortcut and right-click it to bring up the context menu.
  3. Select Run as administrator from the context menu.
  4. When the command prompt has loaded, you are ready to use the bcdedit.exe command. First, you need to get the ID of the operating system that you want to set as the default. To do this, type bcdedit /enum all in the open command prompt window. Scroll through the list of different entries and look for the one with the description matching “Microsoft Windows” for Windows Vista.
  5. After you have found the correct entry, note its identifier. That is used in the next step.
  6. While still at the command prompt, run bcdedit /default (entry identifier). For example, I ran bcdedit /default {}.

The default operating system on the Window Boot Manager is now set. The next time you reboot, your changes will be in use.

Tip The Boot Configuration Editor is a powerful utility that you can also use to change many other settings of the Windows Boot Manager. Experiment with bcdedit.exe by running bcdedit /? from command prompt. This will show you all the other available options and flags that you can use with the Boot Configuration Editor.