Posts Tagged ‘Vista’

Enabling automatic logon in Vista

Posted: September 14, 2009 in Tweaking, Vista
Tags: ,
0

If you are the primary user of your computer and you do not have any other users, or if everyone in your household uses the same username, you are the perfect candidate for enabling automatic logon. Automatic logon is a great technique that will save you time that is often wasted when your computer is waiting for you to type your password. Even if you do not have a password assigned to your account, you are still required by the logon welcome screen to click your name to sign in. Having to do these tasks yourself is unnecessary and a waste of time if you are a candidate for automatic logon.

Caution: Automatic logon can be a great feature but it can also create a security problem for your computer. If you use your computer for business, if you have data you prefer to keep safe from others, or both, I strongly recommend that you do not enable this feature. If you happen to step out of your office or if your laptop is stolen, you have left the door to your computer wide open. By enabling automatic logon, you are trading convenience for physical access security. However, you are not changing your network security, so your data is still safe from network attackers. The risk of someone remotely connecting to your computer is the same as if you did not have automatic logon enabled.

Enabling automatic logon is a quick and easy Registry hack. Follow these steps to speed up your sign-on with automatic logon:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. After Registry Editor has started, navigate through HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Locate the AutoAdminLogon entry. If the key does not exist, create it by right-clicking the Winlogon folder and selecting New and then Registry String.
  4. Right-click the AutoAdminLogon entry and select Modify. Set the Value to 1, Then press OK to save the new value.
  1. Locate the DefaultUserName entry or create it if it does not exist.
  2. Right-click DefaultUserName and select Modify. Set the value to the username that you primarily use to sign in to Windows. Press OK.
  3. Locate the DefaultPassword entry or create it if it does not exist.
  4. Right-click the DefaultPassword entry and set the Value to your password.
  5. Close Registry Editor and restart your computer.

After you reboot your computer, Windows Vista should automatically sign on to your account. You will notice that your computer will now get to the desktop much quicker than before. If you ever want to disable automatic logon, just go back into Registry Editor and set the AutoAdminLogon entry to 0.

Advertisement

Hardware devices you can disable to Increase Boot up Time

Posted: August 27, 2009 in Bios, System Information, System Modifications, Vista
Tags: , ,
0

Each user uses (or May not use) devices differently depending on the system setup. Nonetheless, some classes of devices are more commonly disabled than others. Knowing which ones will help you make your decision as to which devices you should disable. The following classes of devices are frequently disabled:

  • Network adapters: Especially on notebook computers, there is often more than one network device. Disabling the network devices that you do not use will definitely save you some booting time.
  • FireWire: If you have 1394 connections, otherwise known as FireWire, you might consider disabling them. Unless you are using your FireWire port to connect your digital video recorder to your computer, or have other external FireWire devices, you have no need to have this device enabled.
  • Biometrics: Some of the latest computer hardware includes biometric sensor equipment such as a fingerprint scanner. If you do not use these security features, you can save time by disabling these devices, too.
  • Modems: Do you have a broadband connection? If so, consider disabling your modem. If you rarely use it, why not disable it? If you ever need to use it again, just re-enable it.
  • TPM security chips: Does your computer have a Trusted Platform Module (TPM)? These chips are typically used as a secure place to store an encryption key that would be used for something such as hard drive encryption. If you are not using any of these advanced security features of Windows Vista, disable these devices, too.
  • Multimedia devices: Your computer has lots of multimedia devices. Take a look at the “Sound, video, and game controllers” section in Device Manager. You will find a lot of device drivers that are loaded during your boot. Some are used by all users, but you will find a few that you do not use. For example, I do not use my game port or my MIDI device, so I disabled both of those.
  • PCMCIA cards: If you are a laptop user, consider disabling your PCMCIA card controller located under “PCMCIA adapters.” The PCMCIA (Personal Computer Memory Card International Association) slot is a special expansion slot that is rarely used today on laptops except for wireless and wired network cards and card reader attachments for compact flash and other solid-state memory cards. Most laptops now have built-in network adapters, and some even have built-in wireless adapters. If you do not use your PCMCIA adapter, it is yet another device you can safely disable.

Important

Do not disable any hardware devices located under the Disk Drives, Computer, Display Adapters, IDE Disk Controllers, and the System sections (except for the system speaker). These hardware devices are critical to the operation of your system.

Setting the default OS

Posted: August 27, 2009 in System Information, System Modifications, Vista
Tags: ,
0

In the preceding section, I set a new Timeout value that will cut down on the amount of time that is wasted before the operating system starts to load. That works great when your primary operating system is the default; but if it is not, you must remember to press a key at the right moment on every single boot. There is a much better way to handle the situation. Just make your primary operating system the default operating system in the Windows Boot Manager. This will allow you to benefit from the lower Timeout value and speed up the overall boot time.

Setting the default operating system is a little more difficult because you need to use the command-line Boot Configuration Editor, bcdedit.exe. The Boot Configuration Editor is part of Windows Vista, but it requires an account with administrative rights to run. Even if you are logged in with an account that has administrator rights but have user account control enabled, by default the tool will not run as administrator. Follow these steps to use the Boot Configuration Editor to set the default operating system:

  1. Click the Start button and navigate through All Programs and Accessories.
  2. Locate the Command Prompt shortcut and right-click it to bring up the context menu.
  3. Select Run as administrator from the context menu.
  4. When the command prompt has loaded, you are ready to use the bcdedit.exe command. First, you need to get the ID of the operating system that you want to set as the default. To do this, type bcdedit /enum all in the open command prompt window. Scroll through the list of different entries and look for the one with the description matching “Microsoft Windows” for Windows Vista.
  5. After you have found the correct entry, note its identifier. That is used in the next step.
  6. While still at the command prompt, run bcdedit /default (entry identifier). For example, I ran bcdedit /default {}.

The default operating system on the Window Boot Manager is now set. The next time you reboot, your changes will be in use.

Tip The Boot Configuration Editor is a powerful utility that you can also use to change many other settings of the Windows Boot Manager. Experiment with bcdedit.exe by running bcdedit /? from command prompt. This will show you all the other available options and flags that you can use with the Boot Configuration Editor.

Quick Boot feature of the BIOS

Posted: August 27, 2009 in Bios, System Information, System Modifications, Vista
Tags: , ,
1

All systems initialize in more or less the same way. During the POST mentioned earlier, the BIOS checks the hardware devices and counts the system memory. Out of all the different types of system memory, the random access memory, better known as RAM, takes the longest to be checked. Checking the RAM takes time, and on a machine that has large amounts of RAM, this calculation can take several seconds. For example, a machine that has 512MB of RAM may take up to 3 seconds just to check the memory. On top of the RAM counting, a few other tests need to be done because your computer wants to make sure that all the hardware in your computer is working properly.

The complete version of these tests is not needed every time that you boot and can be turned off to save time. Most system BIOSs offer a feature called Quick Boot. This feature enables the user to turn off the full version of the test and sometimes enables you to run a shorter quick check test instead. Other BIOSs allow you to turn off the Memory Check only, which will still cut down on a lot of time.

To turn on the Quick Boot feature or to turn off the Memory Check, just do the following:

  1. Enter the system BIOS again by pressing F2 or the correct system setup Enter key on the POST screen for your system.
  2. After you are in the BIOS setup, locate the text “Quick Boot” or “Memory Check,”. Navigate with the arrow keys until the option is highlighted.
    Use the Change Value keys to cycle through the options and select Enable for the Quick Boot feature or Disable if your system’s BIOS has the Memory Check feature.
  3. After you have made the change to the setting, exit the system BIOS by pressing the Escape key. Make sure you save the changes upon exit.

Use of the Quick Boot feature or the disabling of the Memory Check will not do any harm your system. In fact, some computer manufacturers even ship their computers with these settings already optimized for performance. The only downside to disabling the tests is in the rare situation in which your RAM self-destructs; the BIOS will not catch it, and you might receive errors from the operating system or your system could become unstable. If you notice that your system becomes unstable and crashes frequently or will not even boot, go back into the BIOS and re-enable the tests to find out whether your system’s memory is causing the problems.

Update Interval in Vista

Posted: August 27, 2009 in System Information, System Modifications, Vista
Tags: ,
0


Now that you have all your performance counters set up and displaying data, you need to select the interval time of how often the data will be updated. How often you want the counters to be updated depends on your purpose for monitoring your hardware. For example, if you are trying to track how much data your computer is sending through your network adapter every day or hour, it is not necessary to have that counter update every second. You will just be wasting CPU cycles because you are making the computer constantly update that performance counter. However, if you are interested in current memory or CPU utilization, you will want a much faster update time.

To change the update interval, perform the following steps:

  1. While in the Performance Monitor section of the Reliability and Performance Monitor, click the Properties button, which looks like a hand pointing to a notebook. Alternatively, you can press Ctrl+Q.
  2. After the System Monitor Properties window loads, click the General tab.
  3. Locate the Graph elements section and update the Sample Every text box. This number is in seconds.
  4. Click OK to close the window and save your changes.

Now Performance Monitor will poll the data sources at your specified interval.

Configuring Task Manager to display CPU utilization

Posted: August 26, 2009 in System Information, Vista
Tags: ,
0


When Windows Task Manager is started, a small histogram is displayed in the system tray that shows the CPU utilization. This little feature can be very useful if you would always like to keep an eye on your CPU utilization but do not want Task Manager always on top of all your windows. With a little bit of work, it is possible to start up the Windows Task Manager automatically on every start and run it minimized and hidden from the taskbar except for the system tray.

  1. Click the Start button, navigate to All Programs, and locate the Startup listing.
  2. Right-click Startup and select Open. A new window opens with the contents of your personal startup folder. Any shortcuts that you place in this folder will be automatically loaded when Windows starts.
  3. After the Startup folder is opened, right-click in the open white space, select New, and then navigate to Shortcut.
  4. When the new shortcut wizard loads, type taskmgr.exe in the text box asking for the location of the file, and then click Next.
  5. Type a name for the shortcut and click Finish.
  6. Now you are shown the startup folder again and a new icon for Task Manager. To make Task Manager start minimized, right-click the new icon and select Properties.
  7. Change the Run type where it says Normal Window to Minimized, and then click OK.
  8. Now the shortcut is all set up. However, there is one last change to make and you will need to open up Task Manager to do this. After you have opened up Windows Task Manager, click the Options menu bar item and select Hide When Minimized so that when the program starts, only the CPU histogram will be shown and the program will not appear on the taskbar.

Your system is now configured to start up the CPU meter on every boot in the system tray. Should you change your mind at a later time and no longer want the Task Manager CPU meter to show up, simply delete the shortcut from the Startup folder.

Hard-Drive Encryption

Posted: August 25, 2009 in Networking, System Information, Vista
Tags: , ,
0

Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. This can help prevent access to data by unauthorized persons and provides a layer of security againsthackers and other online threats.

The concept of hard-drive encryption is simple enough. When a file is written to the drive, it is automatically encrypted by specialized software. When a file is read from the drive, the software automatically decrypts it while leaving all other data on the drive encrypted. The encryption and decryption processes are transparent to all common applications such as word processors, databases,spreadsheets or imaging programs. A computer equipped with hard-drive encryption appears, from the user’s point of view, to function as any other computer would.

Windows Vista Enterprise and Ultimate editions offer a hard-drive encryption program called BitLocker that employs two-factor authentication.

Basics of Microsoft BitLocker Encryption

Posted: August 25, 2009 in Security, Vista
Tags:
0

When Microsoft introduced Windows Vista, one of its most anxiously anticipated features was its encryption capability called BitLocker. Many mistakenly refer to BitLocker as whole-disk encryption, but the more accurate description is full-volume encryption.

The distinction is important. A single physical disk can be partitioned into multiple volumes. Whole-disk encryption would encrypt all of the data on the entire physical disk drive, while full-volume encryption protects each volume or partition separately. BitLocker might be encrypting the volume designated as the C: drive, but the data on other volumes may still be unencrypted.

The initial release of BitLocker encrypted only the Windows Vista boot volume. Granted, that is better than nothing, but for larger hard drives with multiple volumes it also left a significant amount of data unprotected. With the release of Windows Server 2008 and Windows Vista SP1, Microsoft expanded the scope of BitLocker so that any of the volumes could be encrypted. The upcoming Windows 7 operating system broadens the reach of BitLocker even farther by including the ability to encrypt data on removable media such as USB flash drives.

How does Bitlocker work?

BitLocker requires that a small unencrypted partition be created which contains core operating system files that Windows needs to start the boot process. Microsoft created the BitLocker Drive Preparation tool to automate the creation of the second partition and the migration of the files necessary to create the split-load configuration that BitLocker relies on to boot the operating system.

Once the drive is properly partitioned and the data is encrypted with BitLocker, there is a process the system follows to boot the system and decrypt the data so you can use it. As with any encryption process, it relies on keys.

The sectors of data on the drive are encrypted using the FVEK (full-volume encryption key). However, the FVEK is stored locally in encrypted form and the user never interacts with or uses the FVEK directly. The key that users work with is the VMK (volume master key). The VMK is used to encrypt and decrypt the FVEK which, in turn, encrypts and decrypts the actual data sectors.

BitLocker relies on TPM to authenticate system hardware

By default, BitLocker relies on a TPM (Trusted Platform Module) chip. The TPM is a chip wired to the motherboard which can create a unique hash signature related to the hardware configuration of the system and securely store the encryption key. The TPM provides a virtually incorruptible method of authenticating the system hardware.

By itself, the TPM would not prevent an unauthorized user from accessing a BitLocker encrypted volume. In TPM-only mode, an attacker can still cold boot the system, and as long as the TPM could validate the hardware signature hash, BitLocker would decrypt the data and allow the system to boot. For that reason, an additional authentication factor should be used along with the TPM. The available options for BitLocker include:

  • TPM only
  • TPM plus a PIN
  • TPM plus a USB key
  • TPM plus a PIN and a USB key
  • USB key only

The last option, USB key only, is typically only used in situations where BitLocker is implemented on a system that is not equipped with a TPM chip. The option to enable BitLocker without a TPM has to be configured by modifying the security policy settings.

The USB key only and the TPM plus a PIN and USB key options have additional cost and administrative overhead in that USB keys must be provided and maintained. They are also easy to lose or misplace which could lead to an increase in support desk calls to retrieve lost encryption keys and gain access to BitLocker encrypted systems.

How to manage BitLocker keys

One of the most important aspects for enterprises to consider before encrypting data with BitLocker is how to store and manage recovery keys. In the event that a user forgets a PIN, loses a USB key or is unable to access their BitLocker-encrypted system for any reason, the support desk must have the ability to help them recover their data and gain access to their system.

Users can be supplied with a USB key containing the BitLocker recovery key to use as a backup when the need arises. For deployments that already use a USB key for BitLocker authentication, it would be an additional or backup USB key to use in the event of the primary USB key being lost or stolen. The downfall of this system is that the backup USB key would most likely be stored with the laptop and a thief that steals the laptop will also have the keys.

An alternate solution is to configure BitLocker to store a recovery key in Active Directory. An administrator can configure Group Policy to automatically generate a recovery key and store it in Active Directory when BitLocker is enabled. It is also possible to prevent BitLocker from encrypting any data until the recovery key is successfully backed up to Active Directory.

Modify the Send To menu in Vista

Posted: August 22, 2009 in System Modifications, Tweaking, Vista
Tags:
0

The Send To menu is one of the features of my context menus that I use the most. The ability to right-click any file and have a shortcut of it sent to the desktop is invaluable. How would you like to make it even more useful? It is very easy to add your own items to the Send To menu, such as folders that you can send files to. Do you have a folder that you store all your music in? How about a folder that you store all your digital photos in? Just follow these quick steps to add anything you want to your Send To context menu entry.

Tip :If you do not see any of the folders that are required in this section, you might have Hidden Files turned on. Because these folders are hidden by default, you will have to tell Windows to show all files.
  1. Click the Start button and select Computer.
  2. Click on your Windows drive and browse through Users\ Username \AppData\ Roaming\Microsoft\Windows\SendTo.
  3. You will see all the files that appear in the Send To menu. If you want to add an entry to the menu, just copy a shortcut to this folder.
  4. Let’s say that you want to add your Digital Photos folder to your Send To menu. Navigate to your Digital Photos folder, right-click it, and then select Send To desktop. This will create a shortcut to the folder and save it on your desktop. Next, cut and paste the shortcut that was created from your desktop into the SendTo folder.
  5. If you ever want to remove items from the Send To menu, just delete them from the SendTo folder.

It is that simple. You are now finished customizing your Send To menu.

Hacking the Context Menu in Vista

Posted: August 22, 2009 in Tweaking, Vista
Tags:
0

What is the context menu? It’s the menu that pops up when you right-click anywhere on your computer. Over the years, these menus have become more and more useful. However, with the extra entries in the context menu, they can become cluttered with options and features that you just don’t need. These next few sections will shown you how you can get your menus back under control as well as how you can take advantage of the new features to make your own context menu entries.

I will start off by removing items from the context menus and then move on to adding and customizing the components of the menus.

Removing items from the context menu

Over time, your context menus can become cluttered with program entries from old programs that you may not use any more. You might experience programs that take over all of your context menus. Compression apps such as WinZip or Picozip always end up adding program entries to all the context menus. I have Picozip installed on my computer and every time I right-click any file or folder, I see five entries from Picozip giving me different compression options. This can be a convenient feature, but if you don’t compress and extract zip files very often, you might not need the added convenience. Instead, you could remove these entries from your context menu, which will give your system a cleaner interface as well as a small performance boost if you have a lot of extra entries in your context menu.

Removing these programs from your context menus can be a little tricky because they can be spread in different places in the Registry. The only way to remove these types of entries is to edit the Registry directly. Follow these steps:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. When the Registry Editor appears, expand the HKEY_CLASSES_ROOT folder. You will now see a list of every file type that is set up on your computer.
  3. If the entry that you want to remove from the context menu appears in all context menus, such as the preceding WinZip example, you will have to expand the * folder. Otherwise, expand the folder with the file extension you want to modify.
  4. After expanding the correct folder, expand the Shellex and ContextMenuHandlers folders. Your registry path should be HKEY_CLASSES_ROOT\*\shellex\ ContextMenuHandlers.
  5. Look through the list until you find the entry that you want to remove. Right-click the entry and select Delete. You will find that identifying some of the programs is easy. For example, WinZip is labeled WinZip. However, you may run into some items that are listed using their application/class ID or a vague name. If so, do a Registry search of the class ID (Ctrl+F), which is formatted as {XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX}, to find other references that will give you clues to what the ID belongs to. If that does not work, try doing a search on Google to see if that turns up anything.
  6. After you are finished removing all the entries from your context menus, just close Registry Editor and you are finished. Your changes will be in effect immediately.
Older Entries
Newer Entries