Archive for the ‘Technical’ Category

Adjusting Hidden Display Features – Windows 7 Tip Series

Technical | Posted by Tom Carpenter
May 18 2010

This is the first post in a new series I'm starting called the Windows 7 Tips Series. This first tip will help you improve your display for laptop computers (and possibly some desktops). The first part of the tip is related to the Microsoft ClearType text feature and the second is about color calibration.

ClearType Text Tuning

You can adjust the ClearType text feature so that the text looks good to you. After all, isn't that the whole point. I don't know about you, but I love books – and I mean printed books. However, I don't like the fonts used in some books and find them harder to read. At the same time, the boldness and size of the font can have a big impact. Of course, what I like, someone else may dislike.

To tune the ClearType text to your liking, follow these instructions:

1) Click Start

2) Type cttune and press Enter

3) Step through the wizard to adjust the ClearType engine to your liking

Color and Brightness Calibration

You can also adjust the gamma and brightness/contrast for your needs using a wizard. To launch the Display Color Calibration wizard:

1) Click Start

2) Type dccw and press Enter

3) Step through the wizard to adjust your display colors and settings

Hopefully these little tips will help you configure your display for a more pleasant experience. These two steps are now the first steps I take when setting up a new laptop computer and I've even used them a few times on my desktops.

Post to Twitter Tweet This Post

Tags: , ,
1 Comment »

Microsoft Windows 7 AppLocker – Automated Rules

Technical | Posted by Tom Carpenter
Apr 09 2010

AppLocker is one of the great new features in Windows 7, well, that is, if you have Enterprise Edition or Ultimate Edition. It's really sad that Microsoft didn't just allow any Windows 7 client to support this feature (and quite a statement to their true lack of concern for customer service these days).

My rant aside, did you know that you can automatically generate rules for the allowed applications instead of manually creating rules for each app? You sure can.

The best way to do it is to build a reference computer that has all of the applications installed that you want AppLocker to allow. Then, on this reference computer, open the local Group Policy editor (remember, the faithful GPEDIT.MSC?). Now, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Application Control Policies. Right-click on the Executable Rules node and select to Automatically Generate Rules.

After you've gone through the wizard selecting the rule types you want to generate, right-click on the Application Control Policies node and select to Export the Policy. You'll save the policy as an XML file. Now go to your Server 2008 R2 server and import the policy into the desired GPO. It really is that easy.

This method makes creating Windows 7 AppLocker rules a breeze.

Post to Twitter Tweet This Post

Tags: , ,
No Comments »

Windows 7 Batch Files – More of the Same

Technical | Posted by Tom Carpenter
Mar 19 2010

With every new release of Windows, the rumors start. "Windows 7 will destroy the command prompt," or "the command prompt will die in the next version of Windows." Of course, these rumors have never been true in the past and they are not true now. Windows 7 batch files work in the same basic way as batch files worked in Windows Vista, Windows XP and every NT-based system all the way back to Windows NT 3.1. Windows 7 batch files provide more of the same, but this is a good thing. You can use batch files for many tasks, including:

  • Information gathering
  • System configuration
  • Automation of administration
  • Simplification of redundant and mundane tasks
  • Just about anything else you can think of

 

Unlike the rumors, the truth is that Windows 7 batch files are more powerful than ever thanks to the introduction of new command line tools or commands in Windows 7. Here's just a sampling of the new tools that are included in Windows 7's command prompt:

  • PowerCfg - for power management configuration from the command prompt.
  • BCDEdit - OK, not new for 7, but who used Vista? This command is used to edit the boot configuration database.
  • TZUtil - for setting the timezone from the Windows 7 command prompt.
  • Defrag - a command line utility for full volume defragmentation (I still prefer CONTIG and Defraggler, but that's just me).

 

Additional tools were added or enhanced in the Windows 7 command prompt and are useful from within batch files. Traditional tools prove useful as well. For example, consider the following potential Windows 7 batch file:

@echo off
tasklist /FI "MEMUSAGE gt %1"

If you save the preceding text in a file named tbmem.bat, you can then run it as:

tbmem 10240

This command will then list any running processes using more than 10 MB (10240 KB) of memory. Instead of typing the full tasklist command, you can simply type the shortened batch file command. Windows 7 batch files can further shorten even more complex processes. I'm continually creating batch files that contain more than 20 lines. Now, if the exact same work were done outside of the batch file, I may be able to do it in less than 10 commands, but the batch files sure save me time over time.

This little post may get the gears turning again for some old timers (like myself) who used batch files in the good old DOS days and it may give some ideas to some GUI masters of the modern era. Either way, you should definitely take a fresh look at Windows 7 batch files to see where you can automate or improve your day-to-day work with the operating system.

Post to Twitter Tweet This Post

Tags: , , ,
No Comments »

Great Overview of Windows 7 Deployment Tools

Technical | Posted by Tom Carpenter
Jan 26 2010

A great new technet blog post was added yesterday that provides an overview of the deployment tools for Windows 7. You can see how to deploy from media, a network share or from a WDS (Windows Deployment Services) implementation. You'll find the blog post here: http://edge.technet.com/Media/Deploying-Windows-7/

I am in the process of shooting some videos on the Windows 7 deployment process, so watch out for my post about the video availability. I'm still toying around with the idea of a dedicated website for Windows 7-related videos, but for now I'll probably just HD YouTube the videos and link to them here.

 

Enjoy the new TechNet post.

Post to Twitter Tweet This Post

Tags: , ,
No Comments »

You Cannot Prevent a Wireless DoS Attack (wireless denial of service attack)

Technical | Posted by Tom Carpenter
Dec 28 2009

I'm not sure why it's such a big deal to me, but I get very frustrated by articles and blogs with titles like the following:

How to prevent wireless DoS attacks

I think it's because, um, YOU CAN'T! You simply cannot prevent a wireless DoS attack against the RF layer of the network.

Don't let wireless intrusion prevention system (WIPS) vendors fool you. You can detect a wireless denial of service (DoS) attack, but you cannot prevent it if it is an RF-level attack. Sure, if it's a frame level attack, you can prevent it through algorithms and dynamic network configuration management procedures. But if you're dealing with a physical level (RF) DoS attack, you can only remove it once the source is located – you cannot prevent it.

All I need is a 2.4 GHz RF generator and I can blanket the entire 2.4 GHz license free ISM band that is used by 802.11 b/g/n. With a 5 GHz RF generator, I could potentially do the same for the U-NII bands used by 802.11a/n. The point is that an RF generator or set of such generators can completely saturate the available spectrum with energy levels that prevent functional communications on any allowed channel. Dynamic channel management and "self-healing" solutions cannot help with this.

A good old fashioned human being with a spectrum analyzer is one of the best ways to locate a physical layer wireless DoS attack. WISP solutions may also be able to triangulate the source of the attack if sensors or multi-purpose access points (access points that both provide wireless functionality and sensing abilities) are used; however, it's not like the WIPS system can somehow zap the attacking device and kill it (though that's a nice thought for the future). The end result is that a physical layer DoS simply CANNOT be prevented. It can only be mitigated (i.e., the severity is reduced by detecting it quickly, locating it and eradicating it).

Personally, I find no greater joy in my IT work than tracking down an attacker and letting him see me with my spectrum analyzer as he flees in fear (and I memorize is license plate number to report him to the police). Would I really even want a software program and hardware set to take away that joy?

Inventors of the world, if you can find a true solution that truly prevents wireless denial of service attacks, you can make billions. Get started.

UPDATE: About an hour after first writing this post I was extremely annoyed by the following press release:

http://www.airtightnetworks.com/home/news/press-releases/pr/article/123/airtight-wireless-dos-attack-prevention-named-top-security-innovation-for-2009.html

Notice the press release uses the phrase DoS attack prevention, but then the actual press release admits frankly that all it does is "counter wireless DoS attacks". My point is still the same: On a wired network, you can immediately shut of the port from which a DoS attack is originating . This can be accomplished in just a few seconds. You cannot accomplish this today when a wireless DoS attack is launched against the entire unlicensed spectrum in which your wireless LAN operates. Please, vendors, just be honest and quit using the word prevent in relation to wireless DoS attacks!

Post to Twitter Tweet This Post

Tags: , , , , , ,
No Comments »

Windows 7 – Boot ini is Dead!

Technical | Posted by Tom Carpenter
Dec 17 2009

Starting with Windows Vista, thought it was missed by many IT professionals since Vista was largely ignored, the boot ini file is no longer used to store boot configuration information. Instead the boot configuration database (BCD) is used. Windows Server 2008 and now Windows 7 and Server 2008 R2 also use the new BCD. Instead of editing the boot ini file, you will use the command line command BCDEDIT to work with the BCD. To learn more about BCDEDIT, just launch a command prompt in administrative mode (right-click it on the Start menu and select Run as administrator) and type bcdedit /?. You'll see all the built-in help in its full glory.

You'll also see that you have to work with nasty long BCD entry identifiers. Thank God we have Quick Edit mode. If you haven't enabled Quick Edit mode (or you've disabled it since it's on by default in Windows 7), just right-click on the Command Prompt shortcut and select Properties. On the Options tab, check Quick Edit mode. Now you can highlight text, press Enter and then right-click anywhere to paste it into your command line. This will remove those nasty typos we make when entering long numbers like the BCD entry identifiers.

Here are a few BCDEDIT commands you should know about:

Viewing the BCD data set:

  bcdedit

Backup the BCD data set:

  bcdedit /export filename

Restore the BCD data set:

  bcdedit /import filename

Set the default OS:

  bcdedit /default {identifier}

Note that you can use the keyword current when setting the default if you're currently booted into the system you wish to be the default. For example:

  bcdedit /default {current}

Remember, in Windows 7 boot ini is dead, long live the BCD!
 

Post to Twitter Tweet This Post

Tags: ,
No Comments »

Windows 7 Application Compatibility List

News, Technical | Posted by Tom Carpenter
Dec 17 2009

The most up-to-date list of compatible (or incompatible) applications is now available at Microsoft's website. The Windows 7 Application Compatibility List for IT Pros is available for download at the Microsoft TechNet site. The list includes more than 7000 applications and covers both business apps and games. The Windows 7 Application Compatibility List is a Microsoft Excel file that rates apps from compatible to future compatibility to incompatible. If your application is on this list, it will save you lots of analysis time so take advantage of it. I know I am.

Post to Twitter Tweet This Post

Tags: ,
No Comments »

Viruses and Spyware and Wireless Clients

Technical | Posted by Tom Carpenter
Dec 12 2009

Many types of malware (malicious applications) exist that an intruder can place on a computer in order to obtain information that he could not get just by having regular file access to the computer.  The most common types of malware today are viruses and spyware.  Viruses are capable of disabling desktop PCs, taking web sites down, and even overloading email servers.  A wireless host connected to a public access network or on an unsecured corporate wireless network is a perfect place to put a virus.  The unsuspecting authorized user would then take the virus into the corporation where it could do its intended harm.

Trojan Horse applications (often called just “Trojans”) are specific types of viruses or malware that pose a serious threat to network security.  According to legend, the Greeks won the Trojan War by hiding in a hollow wooden horse to sneak into the fortified city of Troy.  In today's computer world, a Trojan Horse is described as a malicious, security-breaking program that is disguised as something benign or even useful.  For example, suppose a user downloads what appears to be a movie or music file, but when the file is opened, a dangerous program is executed.  This new executable erases the user’s hard disk, sends their credit card numbers and passwords to a stranger, or lets that stranger hijack the user’s computer to commit illegal denial of service (DoS) attacks.

Another specific type of virus is a worm.  Worms self-replicate and self-proliferate creating a very large-scale problem in a very short period of time.  Worms often come in the form of email worms that send themselves to everyone on a user’s email address book by disguising themselves as harmless attachments.  Worms often do most of their damage well before they are ever noticed.

Most worms, trojans, and other types of viruses can be caught and disinfected before they do damage by using properly installed, configured, and updated virus scanning software.  Tons of virus scanning applications exist on the market and it has recently been suggested that running two such applications simultaneously is worthwhile.  Considering the high risk associated with wireless LANs, such a belt-and-suspenders approach is worthwhile to consider.  Using at least one such scanning application should be required. Of course, you may need to pay close attention to the vendor’s requirements. Many vendors will not support their antimalware application running alongside other such applications.

Another distinct, and relatively new (in the grand history of computing), type of malware is spyware.  Spyware typically comes as a multi-featured software package that can:

 

  • Capture instant messenger traffic
  • Capture email traffic
  • Capture web site traffic and sites visited
  • Capture keystrokes and passwords
  • Be installed remotely and without an install dialog
  • Automatically form and publish web-based (HTTP) reports
     

One of the most used spyware applications the spying software available at spytech-web.com.  When combined with utilities like Hyena and VNC that can push the spyware to unsuspecting hosts and remotely execute and control them, spyware can be a powerful tool for gathering information.  A hacker can collect the gathered data by simply pointing his or her web browser to the authorized user’s IP address and proper port number (defined by the spyware application).

Many web sites are dedicated to virus details, removing viruses, and avoiding re-infection by a virus.  Two of the most popular such sources are www.symantec.com and www.mcafee.com   Spyware is often not detected as a virus because spyware is an installed application that looks like any other authorized program.  For this reason, companies have started making anti-spy software that works much like a virus scanner, but more specifically hunting down spyware.  Several companies produce products, such as Avast, that combine antivirus and anti-spyware into a single package.  Keep in mind that one can prevent malware from being placed on a wirelessly connected computer by using personal firewall software in most cases.

Windows Vista and Windows 7 come with the Windows Defender application. I personally run Avast and Windows Defender on my computers and have not had a single virus or spyware problem in 2009. And this is on computers that I use frequently for security and hacking research. Needless to say, this means I end up at cracking sites quite a lot. I am by no means perfectly protected with this combination, but I am far better off with my wireless clients configured with this protection.
 

Post to Twitter Tweet This Post

Tags: , ,
No Comments »

Absorption and Reflection in the Microwave and in Wireless LANs

Technical | Posted by Tom Carpenter
Nov 21 2009

I don’t know about you, but I like popcorn with a great movie. Of course, today we can get freshly popped popcorn in under four minutes thanks to the power of the microwave. Microwave ovens use the 2.4 GHz ISM frequency range (some use it all and some use just a portion) to pop that popcorn. The popcorn absorbs the RF energy by converting it to heat. Eventually, the heat builds up pressure and you hear that wonderful poppety pop pop sound coming from the microwave, which means you’ll be enjoying your movie and your popcorn in just a few minutes.

So, what does a microwave oven have to do with wireless LANs? Well, the answer to that question is twofold. First, it can be used as a teaching tool to understand concepts like absorption and reflection. Second, microwave ovens can cause interference with your wireless LAN in many scenarios.

As a teaching tool, the microwave oven can help you understand both absorption and reflection. When you put a glass of cold water in the microwave and turn the microwave on, the water heats up. Why? Because absorption occurs. Absorption, remember, is the conversion of RF energy to heat. Now, you can take out that glass of water and dip a nice tea bag in it to get some soothing hot tea.

Reflection is seen in the fact that very little of the output energy escapes from the microwave. Why? It is being reflected inward by the design of the internal unit. Place your cell phone in a microwave (without turning the microwave oven on, of course) and close the door. After a few seconds, open the door again – you’ll likely see that your phone is looking for service. Why? The design of the microwave keeps as much of the RF energy in as possible and that results in keeping the cell tower’s energy out as well.

Microwave ovens can cause interference simply because they operate in the same frequency space as 802.11, 802.11b and 802.11g devices. Many 802.11n devices may also attempt to communicate in the 2.4 GHz frequency space. While the microwave ovens do a good job of protecting you as a human (by keeping dangerous levels of RF energy inside the microwave), they certainly let plenty of the energy escape from the perspective of a nearby wireless LAN. Always test the microwaves in the area where you are installing a wireless LAN. It may dictate the channel you have to use.

After testing dozens of microwave ovens, I’ve determined that the average microwave oven leaks about as much RF energy as a consumer-grade (linksys) access point. The energy may be a little less focused, but it is spread over a larger range of the 2.4 GHz band. Watch out for this in your wireless LAN designs.

Post to Twitter Tweet This Post

Tags: , , , , ,
No Comments »

How to Configure DirectAccess for Windows 7 and Server 2008 R2

News, Technical | Posted by Tom Carpenter
Nov 06 2009

DirectAccess (which is properly spelled as one word and not two, such as Direct Access – even though Microsoft gets it wrong in their website meta tags – though possibly intentional) is one of the most touted new features in Windows 7. Sadly, it’s not really a Windows 7 feature alone. You must deploy Windows Server 2008 R2 in order to take advantage of the DirectAccess feature.

Microsoft has, however, provided a lab demo configuration document here:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8d47ed5f-d217-4d84-b698-f39360d82fac

You can use this document as a starting point to explore DirectAccess configuration processes even if you don’t have a Server 2008 R2 machine at this time. Now, for some really good news. If you just want to play with WIndows Server 2008 R2, get the evaluation VHD that works in Hyper-V here:

http://www.microsoft.com/downloads/details.aspx?familyid=9040A4BE-C3CF-44A5-9052-A70314452305&displaylang=en

Hopefully this information will help you get started with configuring DirectAccess. Remember, you must configure DirectAccess on the Server 2008 R2 server as well as the Windows 7 clients.

Post to Twitter Tweet This Post

Tags: , , , , ,
No Comments »