|
|
Vista security feature makes dual booting difficult.
Security features introduced in Windows Vista will make setting up PCs to boot in either Linux or Windows far more difficult, according to security guru Bruce Schneier.
Not only that, it seems that it would make it far more difficult to recover data from a corrupted install of windows - or better yet...recover from a lost password!
Hopefully side by side installs of Vista will still be a method for recovering data.
Posted By: Steve Wiseman on Friday, April 28, 2006
Check out our administration tools for windows
Disable USB Drives
Once in a while I have a friend, or customer that needs to keep people from using the USB ports to copy data off of a system.
It is easy to lock a machine down, disable the floppy, and cdrom in the bios. Many times when you try to disable USB - it disables it entirely.
This can be a real pain on newer laptops or systems that don't even have a PS2 interface for the mouse or keyboard.
There is a simple registry change that will keep the USB storage drivers from starting when the system boots. Keeps people from walking up to a PC and copying data off with a USB key, but allows you to keep your scanner, keyboard, and mouse working.
As always - back your system up before messing around in the registry.
Just open regedit and browse to this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Notice the value 'Start'
Switch this value to 4, and USB storage devices are disabled.
Switch this value to 3, and USB storage devices are enabled.
For those of you that don't feel like messing around in the registry -
We wrote a program to do it for you (No spyware or junk - just freeware goodness)
Posted By: Steve Wiseman on Thursday, April 27, 2006
Check out our administration tools for windows
1978 Picture of Bill Gates & Company
A friend of mine sent me this very cool picture of Microsoft from around 1978:
If you can guess which one is Bill, you get a prize - just kidding ;)
Posted By: Steve Wiseman on Wednesday, April 26, 2006
Check out our administration tools for windows
Hide shared folders - based on users access level
There is something that has always annoyed me about the way windows shares are displayed to a user - they get to see all of them!
Yes I know about putting a $ after the share, such as c$, or admin$, but what about those shares that the president of the company wants to have - and doesn't want his employees to even know that they exist?
Finally Microsoft has put out a utility to fix this. It is called "Access-based Enumeration". It is only available for Windows 2003 SP1
The offical download page is located here:
Microsoft Access-Based Enumeration
Once you start the install, you get asked a simple question:
If you select all, then access based enumeration will be enabled for all current shares on the system - otherwise you will need to set them each individually.
Once the install is finished, a new tab appears when looking at the properties of a share:
Thats all there is! You can either turn it on or off.
Too bad they don't have this type of functionality for 2000, or 2003 without SP!
Posted By: Steve Wiseman on Monday, April 24, 2006
Check out our administration tools for windows
Run Internet Explorer in a secure sandbox
It seems that there is a new vulnerability found in Internet Explorer every day.
This stems from the fact that it was designed to allow ActiveX controls to install just about anything on your PC.
Even with the most robust antivirus programs installed on your computer, you are still at risk of getting bad software installed on your system.
There are a few remedies:
1. Get off the Internet totally and go outside and ride your bike
2. Dump Internet Explorer, and start using FireFox all the time
3. Only login as a user that does not have administrative, or Power User rights.
These alternatives can be really painful. Especially if you have users that need administrative rights for many of the applications they use. In the same vein, FireFox is not always the solution either - there are still too many sites that do not support it (Bastards).
I have come up with a compromise. It provides you the protection of a limited user account, but the ability to only run Internet Explorer in this sandbox. That way other applications that you know and trust suffer no ill consequences.
Let me start out by saying this will not keep all of the baddies out there from getting on your pc. When your hands are tied and you need administrative access, and must run IE - this is a decent compromise.
Here is how it works: It creates a shortcut to our reduced permissions application. This app in turn launches IE with the Power User, and Administrators groups removed from the process. Actually, the program that will execute anything with reduced permissions, but it is streamlined for IE.
First, download it from our site
(No spyware, or other crap included - complete freeware goodness)
If you execute it without any command line options you will get an automatic installer. It will create a 'secure' shortcut to Internet Explorer on your desktop:
If you want to run other programs this way, just create a shortcut to the ReducedPermissions.exe with the first argument the full path of the exe.
Lets take it for a test drive. Logged in as administrator, I surf to the Windows Update website:
It works the way it should - it lets me start running windows updates.
Now I do the same after launching IE with my 'Secure' icon
It's hard to read, but you can tell from the big red X that Internet explorer cannot run windows updates because it is lacking the sufficient privileges.
This is just one more step you can take to protect yourself while using IE.
Oh yea...and BTW - IE 7 has this type of functionality built in.
Let me know how it works for you.
Update:
It seems after some unspecified Microsoft update - IE refuses to run with reduced permissions! Currently it only seems to affect Windows 2003 - I Will post an update here if we find a way around it
Posted By: Steve Wiseman on Monday, April 24, 2006
Check out our administration tools for windows
|
 |
