Posts Tagged ‘Maintenance’

With remote systems, you need to specify the UNC name or IP address of the system you want to shut down or restart using the /M parameter. Thus, the basic syntax for shutdown, restart, and cancel delayed shutdown become

Shutdown remote system:

shutdown /s /t ShutdownDelay /l /f /m \\System

Restart remote system:

shutdown /r /t ShutdownDelay /l /f /m \\System

Cancel delayed shutdown of remote computer:

shutdown /a /m \\System

In this example, MAILER1 is restarted after a 30-second delay:

shutdown /r /t 30 /m \\Mailer1

In this example, the system with the IP address 192.168.1.101 is restarted immediately and running applications are forced to stop running:

shutdown /r /f /m \\192.168.1.101
Advertisements

The Recovery Console is a feature of the Windows 2000, Windows XP and Windows Server 2003 operating systems. It provides the means for administrators to perform a limited range of tasks using a command line interface. Its primary function is to enable administrators to recover from situations where Windows does not boot as far as presenting its graphical user interface. As such, the Recovery Console can be accessed either through the original installation media used to install Windows, or it can also be installed to the hard drive and added to theNTLDR menu.

The recovery console has a simple command line interpreter. Many of the available commands closely resemble the command-line commands that are normally available on Windows, namely attrib, copy, del, and so forth.

From the recovery console an administrator can:

  • create and remove directories, and copy, erase, display, and rename files
  • enable and disable services (which modifies the service control database in the registry, to take effect when the system is next bootstrapped)
  • write a new Master Boot Record to a disc, using the fixmbr command
  • write a new Volume Boot Record to a volume, using the fixboot command
  • format volumes
  • expand files from the compressed format in which they are stored on the installation CD-ROM
  • perform a full CHKDSK scan to repair corrupted disks and files, especially if the computer cannot be started properly

Filesystem access on the recovery console is by default severely limited. An administrator using the recovery console has only read-only access to all volumes except for the boot volume, and even on the boot volume only access to the root directory and to the Windows system directory (e.g. \WINNT). This can be changed by changing Security Policies to enable read/write access to the complete file system including copying files from removable media (i.e. floppy drives).

Although it appears in the list of commands available by using the help command, and in many articles about the Recovery Console (including those authored by Microsoft), the netcommand is not available. No protocol stacks are loaded, so there is no way to connect to a shared folder on a remote computer as implied.

Normal—Backs up the files you select, and marks the files as backed up.

Incremental—Backs up the files that changed since the last backup, and marks the files as backed up.

Differential—Backs up the files that changed since the last backup, but doesn’t mark the files as backed up.

Copy—Backs up the files you select, but doesn’t mark the files as backed up.

Daily—Backs up the files that changed that day, but doesn’t mark the files as backed up.

Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as hard disk drives, storage tapes, CDs, DVDs, RAID, and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.

The most common “data recovery” issue involves an operating system (OS) failure (typically on a single-disk, single-partition, single-OS system), where the goal is to simply copy all wanted files to another disk. This can be easily accomplished with a Live CD, most of which provide a means to 1) mount the system drive, 2) mount and backup disk or media drives, and 3) move the files from the system to the backup with a file manager or optical disc authoring software. Further, such cases can be mitigated by disk partitioning and consistently moving valuable data files to a different partition from the replaceable OS system files.

The second type involves a disk-level failure such as a compromised file system, disk partition, or a hard disk failure —in each of which the data cannot be easily read. Depending on the case, solutions involve repairing the file system, partition table or MBR, or hard disk recovery techniques ranging from software-based recovery of corrupted data to hardware replacement on a physically damaged disk. These last two typically indicate the permanent failure of the disk, thus “recovery” means sufficient repair for a one-time recovery of files.

A third type involves the process of retrieving files that have been “deleted” from a storage media, since the files are usually not erased in any way but are merely deleted from the directory listings.

Although there is some confusion as to the term, the term “data recovery” may be used to refer to such cases in the context of forensic purposes or spying.

Recovering data after physical damage

A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanical failures, such as head crashes and failed motors; tapes can simply break. Physical damage always causes at least some data loss, and in many cases the logical structures of the file system are damaged as well. This causes logical damage that must be dealt with before any files can be salvaged from the failed media.

Most physical damage cannot be repaired by end users. For example, opening a hard disk in a normal environment can allow airborne dust to settle on the platter and become caught between the platter and the read/write head, causing new head crashes that further damage the platter and thus compromise the recovery process. Furthermore, end users generally do not have the hardware or technical expertise required to make these repairs. Consequently, costly data recovery companies are often employed to salvage important data. These firms often use “Class 100” / ISO-5 cleanroom facilities to protect the media while repairs are being made. (Any data recovery firm without a pass certificate of ISO-5 or better will not be accepted by hard drive manufacturers for warranty purposes

Recovery techniques

Recovering data from physically-damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analysed for logical damage and will possibly allow for much of the original file system to be reconstructed.

Hardware repair

Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive, performing a live PCB swap (in which the System Area of the HDD is damaged on the target drive which is then instead read from the donor drive, the PCB then disconnected while still under power and transferred to the target drive), read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. Some data recovery companies have procedures that are highly technical in nature and are not recommended for an untrained individual. Any of them will almost certainly void the manufacturer’s warranty.

Disk imaging

The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete.

Open source tools such as DCFLdd or DOS tools such as HDClone can usually recover data from all but the physically-damaged sectors. Studies have shown that DCFLdd v1.3.4-1 installed on a Linux 2.4 Kernel system produces extra “bad sectors” when executed with certain parameters, resulting in the loss of information that is actually available. These studies state that when installed on a FreeBSD Kernel system, only the bad sectors are lost. DC3dd, a tool that has superseded DCFLdd, and ddrescue resolve this issue by accessing the hardware directly. Another tool that can correctly image damaged media is ILook IXImager.

Typically, Hard Disk Drive data recovery imaging has the following abilities: (1) Communicating with the hard drive by bypassing the BIOS and operating system which are very limited in their abilities to deal with drives that have “bad sectors” or take a long time to read. (2) Reading data from “bad sectors” rather than skipping them (by using various read commands and ECC to recreate damaged data). (3) Handling issues caused by unstable drives, such as resetting/repowering the drive when it stops responding or skipping sectors that take too long to read (read instability can be caused by minute mechanical wear and other issues). and (4) Pre-configuring drives by disabling certain features, such as SMART and G-List re-mapping, to minimize imaging time and the possibility of further drive degradation.

While Windows Vista may be Microsoft Corp’s most secure operating system ever, it’s far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall or for some wicked bot to tweak your browser settings without your knowledge.

But by making a few judicious changes using the security tools within Windows Vista — and in some cases by adding a few pieces of free software –you can lock down your operating system like a pro.

1. Use Windows Security Centre as a starting point

For a quick overview of your security settings, the Windows Security Center is where you’ll find the status of your system firewall, auto update, malware protection and other security settings. Click Start, Control Panel, SecurityCenter, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected.

For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out of date, the malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so you’ll want to install your own. For free antivirus,

I recommend Avast 4.8 Home Edition.

2. Use Windows Defender as a diagnostic tool

The malware section of Windows Vista also protects against spyware using Windows Defender. The antispyware protection in your antivirus program usually trumps the protection Microsoft provides, but there are several good reasons to keep Windows Defender enabled. One is that every antispyware program uses a different definition of what is and is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools, and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Start-u

p Programs is perhaps the most useful. Click on any name in the left window, and full details will appear in the right pane. By highlighting, you can remove, disable or enable any of the programs listed.

3. Disable the start-up menu

Windows Vista keeps track of all the documents and programs you launch in the start-up menu. This can be convenient for some users, but it can also compromise your privacy if you share a computer within an office or household. Fortunately, Windows Vista provides an easy way to tweak this setting

. To protect your privacy, follow these steps:

* Right-click on the task bar and select “Properties.”

* Click on the Start Menu tab.

* Uncheck “Store and display a list of recently opened files.”

* Uncheck “Store and display a list of recently opened programs.”

* Click “OK.”

4. Get two-way firewall protection

No desktop should be without a personal firewall, but even if the Security Center says you’re protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious — and that’s good. But outbound protection is not enabled by default. That’s a dangerous situation if some new malicious software finds its way onto your PC.

Microsoft did include the tools for Windows Vista to have a true two-way firewall, but finding the setting is a little complicated. (Hint: Don’t go looking the Windows Firewall settings dialog box.

To get two-way firewall protection in Windows Vista, do the following:

* Click on the Start button; in the search space, type “wf.msc” and press Enter.

* Click on the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules.

* Click on Windows Firewalls Properties. You should now see a dialog box with several tabs.

* For each profile — Domain, Private and Public — change the setting to

Block, and then click OK.

Even if you do this tweak, I recommend adding a more robust third-party firewall. I suggest either Comodo Firewall Pro or ZoneAlarm, both of which are free and fare very well in independent firewall testing.

5. Lock out unwanted guests

If you share your computer with others — and even if you don’t – Windows Vista includes a neat way to keep unwanted guests from guessing your systems administrator password. When you set up users and declare one user as administrator with full privileges, Windows Vista allows an outsider unlimited guesses at the password you chose. Here’s how to limit the guesses.

* Click Start, then type “Local Security Policy.”

* Click Account Lockout Policy.

* Choose Account Lockout Threshold.

* At the prompt, enter the number of invalid log-ins you’ll accept (say, three).

* Click OK and close.

6. Now audit your attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following:

* Click the Start button, type “secpol.msc,” and click the secpol icon.

* Click on Local Policies and then Audit Policy.

* Right-click on “Audit account log-on events policy,” and select Properties.

* Check the Failure box, and click OK.

* Right-click on “Audit log-on events policy” and select Properties.

* Check the Failure box and click OK.

* Close the Local Security Policy window.

You can then use the Event Viewer (by running eventvwr.msc) to view the logs under Windows Logs and Security.

7. Secure your Internet Explorer settings

The Windows Security Center will also report whether your Internet Explorer 7(or IE 8) security settings are at their recommended levels. If the screen shows this section as red, you can adjust the settings within the browser itself.

* Within Internet Explorer, click Tools in the menu bar.

* From the drop-down menu, click Internet Options.

* Choose the Security tab.

* Within the Security tab, click Custom Level.

Here you’ll see a window with all the security options for the browser. If any are below the recommended level (if, say, some malware reconfigured your browser settings), these options will be highlighted in red.

To change an individual setting, click the appropriate radio button. To reset them all, use the button near the bottom of the tab. You can also change the overall security setting for Internet Explorer from the default Medium-High setting to the recommended High or Medium, if you wish. Click OK to save and close.

8. Use OpenDNS Domain Name System (DNS) servers act as a phone book. When you type “pcworld.com” in the address bar, for instance, your browser sends that common

-name request to your Internet service provider’s DNS servers to be converted into a series of numbers, or an IP address.

Lately, DNS servers have come under attack, with criminals seeking to redirect common DNS preferences to servers that they control. One way to stop such abuse is to use OpenDNS.

Go to Start, Control Panel, Network and Internet, and then click Network and Sharing Center. Under the tasks listed on the left, click Manage Network Connections. In the Manage Network Connections window, do the following:

* Right-click on the icon representing your network card.

* Click Properties.

* Click Internet Protocol Version 4.

* Click the Properties button.

* Select the Use the following DNS server addresses radio button.

* Type in a primary address of 208.67.222.222.

* Type in a secondary address of 208.67.220.220.

* Click OK.

9. Live with User Account Control

One area where some people might want to see the Windows Security Center turn red is User Account Control (UAC), perhaps the most controversial security feature within Windows Vista. Designed to keep rogue remote software from automatically installing (among other things), UAC has a tendency to thwart legitimate software installations by interrupting the process several times with useless messages.

In Windows 7, you’ll be able to set UAC to the level you want. Until then, you do have some options. One is to disable UAC. I would caution against that, since UAC is meant to warn you of potential danger.

Instead, install TweakUAC, a free utility that enables you to turn UAC on or off as well as provides an intermediate “quiet” mode that keeps UAC on but suppresses administration-elevation prompts. With TweakUAC in quiet mode, UAC will appear to be off to those running as administrator accounts, while people with standard user accounts will still be prompted.

10. Check your work

Now that you’ve tweaked Windows Vista, you can keep tabs on your system’s security with the System Health Report. This diagnostic tool takes input from the Performance and Reliability Monitor and turns it into an information-packed report that can spotlight potential security problems.

* Open Control Panel.

* Click System.

* In the Tasks list, click Performance (near the bottom).

* In the resulting Tasks list, click Advanced tools (near the top).

* Click the last item on the resulting list — “Generate a system health report.”

The report will list any missing drivers that might be causing error codes, tell you whether your antivirus protection is installed and declare whether UAC is turned on. You may want to run this report once a month just to make sure everything is still good.

WINDOWS XP HIDDEN APPS

To run any of these apps go to Start > Run and type the executable name (ie charmap).

=========================================

1) Character Map = charmap.exe (very useful for finding unusual characters)

2) Disk Cleanup = cleanmgr.exe

3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)

4) Dr Watson = drwtsn32.exe (Troubleshooting tool)

5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)

6) Private character editor = eudcedit.exe (allows creation or modification of characters)

7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)

8) Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).

9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).

10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)

11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).

12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )

13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).

14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).

15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).

16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).

17) File siganture verification tool = sigverif.exe

18) Volume Contro = sndvol32.exe (I’ve included this for those people that lose it from the System Notification area).

19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).

20) Syskey = syskey.exe (Secures XP Account database – use with care, it’s virtually undocumented but it appears to encrypt all passwords, I’m not sure of the full implications).

21) Microsoft Telnet Client = telnet.exe

22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).

23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).

24) System configuration = msconfig.exe (can use to control starup programs)

25) gpedit.msc used to manage group policies, and permissions

Why Doesn’t Windows Remember My Folder View Settings?
If you’ve changed the view settings for a folder, but Windows “forgets” the settings when you open the folder again, or if Windows doesn’t seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.
To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.
Here is how:
Follow these steps, and then quit Registry Editor:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BagMRU Size, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 5000, and then click OK.
AND:
1. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type BagMRU Size, and then press ENTER.
4. On the Edit menu, click Modify.
5. Type 5000, and then click OK.
Note:
When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.

Why Doesn’t Windows Remember My Folder View Settings?

If you’ve changed the view settings for a folder, but Windows “forgets” the settings when you open the folder again, or if Windows doesn’t seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.

To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.

Here is how:

Follow these steps, and then quit Registry Editor:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following key in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell

3. On the Edit menu, point to New, and then click DWORD Value.

4. Type BagMRU Size, and then press ENTER.

5. On the Edit menu, click Modify.

6. Type 5000, and then click OK.

AND:

1. Locate and then click the following key in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam

2. On the Edit menu, point to New, and then click DWORD Value.

3. Type BagMRU Size, and then press ENTER.

4. On the Edit menu, click Modify.

5. Type 5000, and then click OK.

Note:

When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.

IRQ Priority Tweak

******************

[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]

You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.

You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there’s a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.

This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.

1. Copy the following (everything in the box) into notepad.

QUOTE

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

“ClearPageFileAtShutdown”=dword:00000001

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

“AutoEndTasks”=”1”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

“WaitToKillServiceTimeout”=”1000”

2. Save the file as shutdown.reg

3. Double click the file to import into your registry.

NOTE: If your anti-virus software warns you of a “malicious” script, this is normal if you have “Script Safe” or similar technology enabled.

Enabling automatic logon in Vista

Posted: September 14, 2009 in Tweaking, Vista
Tags: ,

If you are the primary user of your computer and you do not have any other users, or if everyone in your household uses the same username, you are the perfect candidate for enabling automatic logon. Automatic logon is a great technique that will save you time that is often wasted when your computer is waiting for you to type your password. Even if you do not have a password assigned to your account, you are still required by the logon welcome screen to click your name to sign in. Having to do these tasks yourself is unnecessary and a waste of time if you are a candidate for automatic logon.

Caution: Automatic logon can be a great feature but it can also create a security problem for your computer. If you use your computer for business, if you have data you prefer to keep safe from others, or both, I strongly recommend that you do not enable this feature. If you happen to step out of your office or if your laptop is stolen, you have left the door to your computer wide open. By enabling automatic logon, you are trading convenience for physical access security. However, you are not changing your network security, so your data is still safe from network attackers. The risk of someone remotely connecting to your computer is the same as if you did not have automatic logon enabled.

Enabling automatic logon is a quick and easy Registry hack. Follow these steps to speed up your sign-on with automatic logon:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. After Registry Editor has started, navigate through HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Locate the AutoAdminLogon entry. If the key does not exist, create it by right-clicking the Winlogon folder and selecting New and then Registry String.
  4. Right-click the AutoAdminLogon entry and select Modify. Set the Value to 1, Then press OK to save the new value.
  1. Locate the DefaultUserName entry or create it if it does not exist.
  2. Right-click DefaultUserName and select Modify. Set the value to the username that you primarily use to sign in to Windows. Press OK.
  3. Locate the DefaultPassword entry or create it if it does not exist.
  4. Right-click the DefaultPassword entry and set the Value to your password.
  5. Close Registry Editor and restart your computer.

After you reboot your computer, Windows Vista should automatically sign on to your account. You will notice that your computer will now get to the desktop much quicker than before. If you ever want to disable automatic logon, just go back into Registry Editor and set the AutoAdminLogon entry to 0.