Monthly Archives: July 2009

Windows 7

Windows 7 System Maintenance Tool

Leave a comment

With Windows 7 Microsoft introduces a system maintenance tool. You are curious what it is doing, right?

It checks for:
– Broken shortcuts
– Unused desktop icons
Update:
– Troubleshooting history / Error reports taking up disk space
– System Timecorrection
– Disk Volume errors
 

And also collects system information:

 

Random Info: I took both screens with the new Windows 7 snipping tool, which will increase your productivity a lot. What I don’t like about it is the red border and it saves the file extension in uppercase-letters if you do not type them in.

Anyway, I think Microsoft should deliver all the tools we know from TuneUpUtilites. I do not want to buy additional software to do all the tweaks that are hidden in the registry.

They should include:

– Optimize performance / disable certain graphic elements

– Registry cleaner

– Cookie / Temp cleaner

– Clear History / Favorites / etc

– Advanced Defrag

What else would you like in there  if you could change the system maintenance tool ?

Update:

This is the latest system maintenance tool:

Windows 2003

Find All Locked Out Accounts

Leave a comment

Use Saved Queries to quickly locate all locked out user accounts.

You can use the Saved Queries feature of Windows Server 2003 to query Active Directory for any locked-out accounts. Just open the Active Directory Users and Computers console, right-click on Saved Queries in the console tree and select New –> Query. Type a name and description for the query, specify a query root (where in your namespace your query begins searching), and click the Define Query button. Since there’s no default option for finding locked-out accounts in the Common Queries box, select Custom Search instead to open the Find Custom Search box. Then select the Advanced tab and enter the following LDAP string in the Enter LDAP Query textbox:

 

(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))

 

Click OK twice to create and run the saved query.

 

The string works on Windows Server 2003 SP1.

 

Update: Here’s another LDAP query that finds all locked out accounts:
 
(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))
Windows 7

BitLocker To Go Encrypts Portable Flash Drives in Windows 7

Leave a comment

The BitLocker feature was introduced in Windows Vista and allowed you to encrypt the content of your hard drive.  Now in Windows 7 they offer BitLocker To Go which allows you to encrypt portable USB flash drives.

First open up My Computer and Right-click on the flash drive you want to encrypt and select Turn on BitLocker.

1

After BitLocker initialized the flash drive you will need to enter in a password to unlock the drive.  You can also set up a Smartcard which are usually used in a work environment so talk to you IT staff.

2 pw

Next you will be prompted to store the recovery key which is used in the event you lose your password or smartcard.  If you store it as a file make sure that it is not on the same drive that you’re encrypting.  

3 key

After the key has been saved as a file or printed you will see a confirmation message.

4 save confirm

Finally you will be ready to start encrypting the drive so just click the Start Encrypting button.

5 confirm

While it is encrypting there will be a progress screen displayed.

6 progress

A successful encryption of the USB flash drive. notice that the drive icon will change to show its encrypted with BitLocker.

7 complete 

Notice that the drive icon will change to show its encrypted with BitLocker where the gold lock indicates it is locked up and the gray lock is displayed after you have unlocked it.

 8 iconunlock

Right-click on that icon to bring up options to manage BitLocker encryption.

9 options

The next time you plug in the drive to a Windows 7 machine you will be prompted to enter the password to gain access to the drive.  You can also always have it unlocked on specific machines in the future.

enter 

You can also use the encrypted drive in Vista and XP.  Here we will look at how it looks in XP, when you plug it in you will be prompted for the password to launch BitLocker To Go Reader (the utility is installed automatically on the drive by Windows 7).

bitlocker XP

BitLocker To Go Reader is a Windows Explorer type navigation utility for showing the content of the drive.

bitlocker reading

With a BitLocker encrypted drive you will only be able to read and copy files.  If you need to add files or change them you will need to use a Windows 7 machine.

error

This is a great way to easily make sure sensitive data on your USB flash drive is safe.  Right now anyone who has Windows 7 RC1 Ultimate can use this feature.

etrust SCM

How to configure the LDAP settings in Gateway Security 8.1 to perform Invalid recipient protection and for authentication while logging into the user self managed quarantine folder.

Leave a comment
  

Description

This document contains procedures that will help you:

Configure the LDAP settings in Gateway Security 8.1 to perform Invalid Recipient Protection.

Successfully authenticate while logging into the user’s self-managed Quarantine folder.

Solution

  1. From the Manager console go to Filtering -> Settings -> Enterprise Settings -> LDAP template.

    2. Figure 1

  2. Click on the Add button to create a new LDAP Template and provide a name, then click Next.
  3. You can select the “All domains” option if you want to have one LDAP template for all the domains that Gateway Security is protecting or choose the specific domains.

    4. Figure 2

  4. You can either choose “Auto detect server” OR click the Add button to add a Valid LDAP server name or IP address. This might be your Domain controller, Exchange server, Lotus Domino, LDAP server, etc.

    5. Figure 3

  5. Give the authentication details to connect to the LDAP Server.
    If the LDAP server requires secure authentication, set the Secure type as ‘Use Secure Authentication’ and click Next.

    6. Figure 4

  6. Select the appropriate LDAP Server Type to load the LDAP attributes automatically, and then click Next.

    7. Figure 5

  7. Leave the default pool settings and click Next.
  8. From the Test window you can do the following:
    1. Test for a single email/Distribution list:
      Enter an email address or distribution list email in the appropriate field and click Send Query.
      Gateway Security will query the LDAP server using the LDAP attributes and return whether it is a valid email address or distribution list.
    2. Web Login Test:
      Enter the username and password that you want to use to login to the Quarantine folder and Gateway Security will verify if the specified login credentials are correct.

    9. Figure 6

  9. Click Next and Finish the LDAP template configuration.
  10. Click OK for Enterprise Settings and distribute the changes.
  11. Go to Filtering -> Settings -> Engine Specific Settings -> LDAP Usage and choose the LDAP template which you created in the Enterprise LDAP settings.
    To ensure that Gateway Security accepts incoming emails only for valid recipients, ensure that the option “Enable SMTP Invalid recipient’s protection” is enabled.

    12. Figure 7

  12. Click Ok and distribute the engine changes.
  13. Go to Filtering -> Settings -> Enterprise Settings ->Quarantine and choose the LDAP template that you want to use to authenticate the users when they try to log into their Quarantine folder.

    14. Figure 8

  14. Click Ok and distribute the changes.

 
Internet Explorer

Disable/Enable Click Sound in Internet Explorer (IE) for Windows XP/Server 2003/Vista

1 Comment

If you want to disable the click sound in Internet Explorer found in Microsoft Windows XP, Windows Server 2003 or Windows Vista, then follow these steps:

  1. Open the Start Menu / Settings / Control Panel
  2. Double click on the “Sounds” control panel. In this control panel, Scroll down in the events window until you reach “Windows Explorer” and under this you will find “Start Navigation“.
  3. Click on “Start Navigation” and you will see a .wav file appear in the “Name:” box. This is the sound that is associated with the click sound.
  4. In the “Name:” drop down menu, select (None) and then hit “OK“. This will set no sound to be played when you’re navigating on the web.

Keep in mind that this will remove the click sound from hitting buttons and links on all web sites you visit until you set it back. This is a safe change to make and does not affect any other functionality of your Windows Explorer browser.

Conclusion

In this article we have shown easy ways on how to disable the click sound in Internet Explorer and Windows Explorer found in Windows 95, Windows 98, Windows 2000, Windows XP, Windows Server 2003 and Windows Vista.  The changes are made using the Control Panel and don’t require any messy registry changes.

Windows 7

Disable Aero Shake in Windows 7

Leave a comment

One of the interesting new features in Windows 7 is the way you can grab a window by the title bar and “shake” it back and forth to minimize everything else. It’s a fun feature, but just in case you want to disable it we’ve got the solution for you.

Disable Aero Shake Manual Registry Hack

Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows

Once you are there, right-click on the Windows key and create a new key called Explorer.

Disable Aero Shake Regedit

Now right-click on the right-hand side, create a new 32-bit DWORD with the following settings:

  • Name: NoWindowMinimizingShortcuts
  • Value: 1

Disable Aero Shake Regedit

Once you’ve created this, you should log off and back on for the change to take effect.

Downloadable Registry Hack

Simply download, extract, and double-click on DisableAeroShake.reg to enter the information into the registry. To re-enable use the other file.

Download DisableAeroShake registry hack

etrust SCM

Which eSCM processes and folders should be excluded from antivirus realtime scanner?

Leave a comment

Description:

When you install CA Integrated Threat Management or eTrust Antivirus prior to installing eTrust Secure Content Manager r8, the Antivirus Realtime Scanner acts on data before eTrust Secure Content Manager r8 can analyze or use it. This may interfere with the functionally of the eTrust Secure Content Manager r8 engine.

To avoid conflicts between eTrust Antivirus and eTrust Secure Content Manager r8, you should identify the eTrust Secure Content Manager r8 processes that are running and add the processes to the eTrust Antivirus exclusions list.

Excluding eSCM Processes and Directories from Antivirus Realtime Scanning.

Solution:

Exclude the following process from the Antivirus realtime scanning

icihttp.exe
icismtp.exe
DCollSrv.exe
QmgrSrv.exe
CRepSrv.exe
ECSQDMN.exe
ECSSAFMGR.exe
eCCCleaner.exe
QMgr.exe
ManagerConsole.exe
iGateway.exe
servproc.exe
Exclude the following directories from the realtime scanning

:\Program Files\CA\eTrust SCM :\Program Files\CA\Ingres [EI] :\Program Files\CA\SharedComponents

 Other Relevant Information : Realtime scanner exclusions for machines running Microsoft Exchange: TEC393058 (SupportConnect, SupportOnline). https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC393058 Realtime scanner exclusions for machines running Notes: TEC400737 (SupportConnect, SupportOnline).
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC400737