First, you'll have to go into Server Manager and access the Features section. In Features, you will select to add a feature and then select the Desktop Experience feature. Once added, you will have to reboot the server. That's right! A reboot is required to add icons to your desktop.

Now this is really insane. Think about it. You can add your own icons for shortcuts on the desktop, but to get Computer and Network, you have to add the entire Desktop Experience feature. What a ridiculous decision Microsoft made here.

Now that I've expressed my suffering, we shall move on.

Once you've rebooted the server, simply right-click on the Desktop and select Personalize. From here, you can add the desktop icons you desire as usual.

OK. I'm over it now, but it's still ridiculous.

Tweet This Post

If you allow the transaction log of a database to become completely filled, users will be denied write access to the database until you clear the transaction log. Scheduling regular backups of the transaction log can prevent this from happening. When the log is full, users may still execute read-only SELECT statements against the database. You can also prevent the transaction log from filling up by enabling autogrowth on the transaction log.

Just as you can backup the database using SQL Server Management Studio (SSMS), you can backup a transaction log in the graphical interface. Just be sure to select the Backup Type of Transaction Log. The T-SQL command for backing up the transaction log for the AdventureWorks database is as follows:

BACKUP LOG AdventureWorks To DISK='C:\BACKUPS\AWorksTlog.bak';

The preceding content excerpted from SQL Server 2008 Administration by Tom Carpenter.

Tweet This Post

First, if you launch the Windows command line (cmd.exe) on a 64-bit edition of Windows 7 and then look at the Task Manager, you'll notice that the process entry for cmd.exe does not have an *32 after it. This indicates that the cmd.exe process is 64-bit. You may notice several entries in the Task Manager with the *32 after them. These entries are for 32-bit applications and processes.

Now, the question is this: are all the Windows 7 command line commands also 64-bit now? The answer there is: It depends?

You see many of us have old habits that die hard. As long as you use 64-bit commands, while in cmd.exe, you will be using 64-bit command line tools; however, if you run a 32-bit command that command will still run, but it will be in 32-bit mode.

To see this, open the task manager and then open the command prompt from the Start menu on your Windows 7 64-bit machine.

Now change to the C:\Windows\SysWOW64 directory in the command prompt window and then execute the more command with no parameters. It will appear to hang, but that's OK.

Look at the task manager and note the entry for the more.com command. It has an *32 after it.

You see, the files in the C:\Windows\SysWOW64 folder are 32-bit commands. There is even a 32-bit version of cmd.exe that you can launch from there.

The point is simply this: To ensure that you are running a true 64-bit command prompt, make sure that all of your commands are 64-bit and not just thecmd.exe.

Tweet This Post

Up to this point, I've only been telling you that a packet capture clearly shows the traffic generated by the IPv6 stack is significant when you consider dozens or hundreds of machines that may exist on a subnet. That's all about to change. I'm in the process of writing an article for Windows IT Pro magazine on the impact of IPv6 on a non-IPv6 network. In the process, I've built a lab of 24 virtual machines running Windows 7 with IPv6 out-of-the-box setup on an IPv4-only network infrastructure. I will be measuring the traffic generated by these machines.

Next, I will be enabling IPv6 on the infrastructure by doing the following:

-Enabling DHCPv6

-Enabling DNSv6

-Enable IPv6 on the Cisco routers(two will exist in the network)

Now, I will measure the network consumption when IPv4 is disabled on the network.

Finally, I'll measure the network consumption when IPv6 is enabled alongside IPv4 in both the Windows 7 clients and the infrastructure. When I'm done, I'll post the fast facts here and, of course, you'll be able to read all the details in Windows IT Pro magazine. I'll let you know the issue that will contain the article as soon as I find out.

Can you tell I'm excited about this lab fun I'm about to have?

Tweet This Post

ClearType Text Tuning

You can adjust the ClearType text feature so that the text looks good to you. After all, isn't that the whole point. I don't know about you, but I love books – and I mean printed books. However, I don't like the fonts used in some books and find them harder to read. At the same time, the boldness and size of the font can have a big impact. Of course, what I like, someone else may dislike.

To tune the ClearType text to your liking, follow these instructions:

1) Click Start

2) Type cttune and press Enter

3) Step through the wizard to adjust the ClearType engine to your liking

Color and Brightness Calibration

You can also adjust the gamma and brightness/contrast for your needs using a wizard. To launch the Display Color Calibration wizard:

1) Click Start

2) Type dccw and press Enter

3) Step through the wizard to adjust your display colors and settings

Hopefully these little tips will help you configure your display for a more pleasant experience. These two steps are now the first steps I take when setting up a new laptop computer and I've even used them a few times on my desktops.

Tweet This Post

My rant aside, did you know that you can automatically generate rules for the allowed applications instead of manually creating rules for each app? You sure can.

The best way to do it is to build a reference computer that has all of the applications installed that you want AppLocker to allow. Then, on this reference computer, open the local Group Policy editor (remember, the faithful GPEDIT.MSC?). Now, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Application Control Policies. Right-click on the Executable Rules node and select to Automatically Generate Rules.

After you've gone through the wizard selecting the rule types you want to generate, right-click on the Application Control Policies node and select to Export the Policy. You'll save the policy as an XML file. Now go to your Server 2008 R2 server and import the policy into the desired GPO. It really is that easy.

This method makes creating Windows 7 AppLocker rules a breeze.

Tweet This Post

• Information gathering
• System configuration
• Automation of administration
• Simplification of redundant and mundane tasks
• Just about anything else you can think of

Unlike the rumors, the truth is that Windows 7 batch files are more powerful than ever thanks to the introduction of new command line tools or commands in Windows 7. Here's just a sampling of the new tools that are included in Windows 7's command prompt:

• PowerCfg - for power management configuration from the command prompt.
• BCDEdit - OK, not new for 7, but who used Vista? This command is used to edit the boot configuration database.
• TZUtil - for setting the timezone from the Windows 7 command prompt.
• Defrag - a command line utility for full volume defragmentation (I still prefer CONTIG and Defraggler, but that's just me).

Additional tools were added or enhanced in the Windows 7 command prompt and are useful from within batch files. Traditional tools prove useful as well. For example, consider the following potential Windows 7 batch file:

@echo off
tasklist /FI "MEMUSAGE gt %1"

If you save the preceding text in a file named tbmem.bat, you can then run it as:

tbmem 10240

This command will then list any running processes using more than 10 MB (10240 KB) of memory. Instead of typing the full tasklist command, you can simply type the shortened batch file command. Windows 7 batch files can further shorten even more complex processes. I'm continually creating batch files that contain more than 20 lines. Now, if the exact same work were done outside of the batch file, I may be able to do it in less than 10 commands, but the batch files sure save me time over time.

This little post may get the gears turning again for some old timers (like myself) who used batch files in the good old DOS days and it may give some ideas to some GUI masters of the modern era. Either way, you should definitely take a fresh look at Windows 7 batch files to see where you can automate or improve your day-to-day work with the operating system.

Tweet This Post

I am in the process of shooting some videos on the Windows 7 deployment process, so watch out for my post about the video availability. I'm still toying around with the idea of a dedicated website for Windows 7-related videos, but for now I'll probably just HD YouTube the videos and link to them here.

Enjoy the new TechNet post.

Tweet This Post

How to prevent wireless DoS attacks

I think it's because, um, YOU CAN'T! You simply cannot prevent a wireless DoS attack against the RF layer of the network.

Don't let wireless intrusion prevention system (WIPS) vendors fool you. You can detect a wireless denial of service (DoS) attack, but you cannot prevent it if it is an RF-level attack. Sure, if it's a frame level attack, you can prevent it through algorithms and dynamic network configuration management procedures. But if you're dealing with a physical level (RF) DoS attack, you can only remove it once the source is located – you cannot prevent it.

All I need is a 2.4 GHz RF generator and I can blanket the entire 2.4 GHz license free ISM band that is used by 802.11 b/g/n. With a 5 GHz RF generator, I could potentially do the same for the U-NII bands used by 802.11a/n. The point is that an RF generator or set of such generators can completely saturate the available spectrum with energy levels that prevent functional communications on any allowed channel. Dynamic channel management and "self-healing" solutions cannot help with this.

A good old fashioned human being with a spectrum analyzer is one of the best ways to locate a physical layer wireless DoS attack. WISP solutions may also be able to triangulate the source of the attack if sensors or multi-purpose access points (access points that both provide wireless functionality and sensing abilities) are used; however, it's not like the WIPS system can somehow zap the attacking device and kill it (though that's a nice thought for the future). The end result is that a physical layer DoS simply CANNOT be prevented. It can only be mitigated (i.e., the severity is reduced by detecting it quickly, locating it and eradicating it).

Personally, I find no greater joy in my IT work than tracking down an attacker and letting him see me with my spectrum analyzer as he flees in fear (and I memorize is license plate number to report him to the police). Would I really even want a software program and hardware set to take away that joy?

Inventors of the world, if you can find a true solution that truly prevents wireless denial of service attacks, you can make billions. Get started.

UPDATE: About an hour after first writing this post I was extremely annoyed by the following press release:

http://www.airtightnetworks.com/home/news/press-releases/pr/article/123/airtight-wireless-dos-attack-prevention-named-top-security-innovation-for-2009.html

Notice the press release uses the phrase DoS attack prevention, but then the actual press release admits frankly that all it does is "counter wireless DoS attacks". My point is still the same: On a wired network, you can immediately shut of the port from which a DoS attack is originating . This can be accomplished in just a few seconds. You cannot accomplish this today when a wireless DoS attack is launched against the entire unlicensed spectrum in which your wireless LAN operates. Please, vendors, just be honest and quit using the word prevent in relation to wireless DoS attacks!

Tweet This Post

You'll also see that you have to work with nasty long BCD entry identifiers. Thank God we have Quick Edit mode. If you haven't enabled Quick Edit mode (or you've disabled it since it's on by default in Windows 7), just right-click on the Command Prompt shortcut and select Properties. On the Options tab, check Quick Edit mode. Now you can highlight text, press Enter and then right-click anywhere to paste it into your command line. This will remove those nasty typos we make when entering long numbers like the BCD entry identifiers.

Here are a few BCDEDIT commands you should know about:

Viewing the BCD data set:

  bcdedit

Backup the BCD data set:

  bcdedit /export filename

Restore the BCD data set:

  bcdedit /import filename

Set the default OS:

  bcdedit /default {identifier}

Note that you can use the keyword current when setting the default if you're currently booted into the system you wish to be the default. For example:

  bcdedit /default {current}

Remember, in Windows 7 boot ini is dead, long live the BCD!
 

Tweet This Post