Since Windows Vista administrative share is not enabled by default, probably because of security reasons, therefore I will show you how to activate the administrative share. Clearly, this trick is for people who use their computers at home (except professionals who can connect to the VPN and corporate network and log on to a Microsoft). Launch First the Registry Editor using the module with real-time search from Start menu and then type "regedit" and click on search. Once you are inside the register go to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System From there, make a right click on the "System" and, in the context menu that appears, click on "New" then "Key DWORD 32 -bit", if you have Windows Vista 64 then type "Key DWORD 64 -bit" A new key appears. Select it and press F2 to change it's name.Name it"LocalAccountTokenFilterPolicy" and then double mouse click on the key and change it's value to "1" Now, you can access hidden resources, here are some examples of use:
A Windows XP PC can access C$, D$, etc. on a Windows Vista
A Windows Vista PC (registry key unmodified) may reach C$, D$, etc. on a Windows Vista
A Windows Vista PC (registry key amended) does not have access to C$, D$, etc. on a Windows Vista (registry key unchanged)
If you want to access to these resources, even if you made good changes to the registry, you must have a valid user account with the necessary rights.
WELCOME GUEST ENJOY YOUR STAY HERE...
TELL A FRIEND ABOUT US..
Showing posts with label windows vista. Show all posts
Showing posts with label windows vista. Show all posts
Monday, September 14, 2009
Disable Data Execution Prevention (DEP) in Vista.
Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files. DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you. It is as such a security feature.
Type cmd in Vista's search bar. Rt click on search results 'cmd' and click on Run as Administrator. Then copy paste
bcdedit.exe /set {current} nx AlwaysOff
and hit enter. Reboot.
To enable back DEP, type instead:
bcdedit.exe /set {current} nx AlwaysOn
Thats it !
Type cmd in Vista's search bar. Rt click on search results 'cmd' and click on Run as Administrator. Then copy paste
bcdedit.exe /set {current} nx AlwaysOff
and hit enter. Reboot.
To enable back DEP, type instead:
bcdedit.exe /set {current} nx AlwaysOn
Thats it !
Sunday, September 13, 2009
svchost.exe procees explored
You are no doubt reading this article because you are wondering why on earth there are nearly a dozen processes running with the name svchost.exe. You can't kill them, and you don't remember starting them... so what are they? So What Is It? According to Microsoft: "svchost.exe is a generic host process name for services that run from dynamic-link libraries". Could we have that in english please? Some time ago, Microsoft started moving all of the functionality from internal Windows services into.dll files instead of.exe files. From a programming perspective this makes more sense for reusability... but the problem is that you can't launch a.dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born. Why Are There So Many svchost.exes Running? If you've ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows... so they are separated out. Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. Another svchost.exe instance might run all the services related to the user interface, and so on. So What Can I Do About It? You can trim down unneeded services by disabling or stopping the services that don't absolutely need to be running. Additionally, if you are noticing very heavy CPU usage on a single svchost.exe instance you can restart the services running under that instance. The biggest problem is identifying what services are being run on a particular svchost.exe instance... we'll cover that below. If you are curious what we're talking about, just open up Task Manager and check the "Show processes from all users" box:
Checking From the Command Line (Vista or XP Pro) If you want to see what services are being hosted by a particular svchost.exe instance, you can use the tasklist command from the command prompt in order to see the list of services.
tasklist /SVC
The problem with using the command line method is that you don't necessarily know what these cryptic names refer to. Checking in Task Manager in Vista You can right-click on a particular svchost.exe process, and then choose the "Go to Service" option.
This will flip over to the Services tab, where the services running under that svchost.exe process will be selected:
The great thing about doing it this way is that you can see the real name under the Description column, so you can choose to disable the service if you don't want it running. Using Process Explorer in Vista or XP You can use the excellent Process Explorer utility from Microsoft/Sysinternals to see what services are running as a part of a svchost.exe process. Hovering your mouse over one of the processes will show you a popup list of all the services:
Or you can double-click on a svchost.exe instance and select the Services tab, where you can choose to stop one of the services if you choose.
Disabling Services Open up Services from the administrative tools section of Control Panel, or type services.msc into the start menu search or run box. Find the service in the list that you'd like to disable, and either double-click on it or right-click and choose Properties.
Change the Startup Type to Disabled, and then click the Stop button to immediately stop it.
You could also use the command prompt to disable the service if you choose. In this command "trkwks" is the Service name from the above dialog, but if you go back to the tasklist command at the beginning of this article you'll notice you can find it there as well.
sc config trkwks start= disabled Hopefully this helps somebody!
Checking From the Command Line (Vista or XP Pro) If you want to see what services are being hosted by a particular svchost.exe instance, you can use the tasklist command from the command prompt in order to see the list of services.
tasklist /SVC
The problem with using the command line method is that you don't necessarily know what these cryptic names refer to. Checking in Task Manager in Vista You can right-click on a particular svchost.exe process, and then choose the "Go to Service" option.
This will flip over to the Services tab, where the services running under that svchost.exe process will be selected:
The great thing about doing it this way is that you can see the real name under the Description column, so you can choose to disable the service if you don't want it running. Using Process Explorer in Vista or XP You can use the excellent Process Explorer utility from Microsoft/Sysinternals to see what services are running as a part of a svchost.exe process. Hovering your mouse over one of the processes will show you a popup list of all the services:
Or you can double-click on a svchost.exe instance and select the Services tab, where you can choose to stop one of the services if you choose.
Disabling Services Open up Services from the administrative tools section of Control Panel, or type services.msc into the start menu search or run box. Find the service in the list that you'd like to disable, and either double-click on it or right-click and choose Properties.
Change the Startup Type to Disabled, and then click the Stop button to immediately stop it.
You could also use the command prompt to disable the service if you choose. In this command "trkwks" is the Service name from the above dialog, but if you go back to the tasklist command at the beginning of this article you'll notice you can find it there as well.
sc config trkwks start= disabled Hopefully this helps somebody!
Undo an Accidental Move or Delete With a Keyboard Shortcut
Have you ever accidentally deleted the wrong file, or duplicated files while trying to select them with the mouse? Those types of mistakes can be extremely frustrating, but there's a really, really simple way to reverse them. All you have to do is use the Ctrl+Z keyboard shortcut, or use Edit \ Undo on the menu.
This is especially handy when you are trying to select a bunch of files, and accidentally move the mouse and copy them into the same folder instead:
Once you do that, just immediately use the Ctrl+Z shortcut and the files will be removed, although you will get the regular delete confirmation dialog:
This can be confusing, but since the accidentally copied file is now going to be removed permanently, it makes sense that you'll have to accept the deletion. Also note that this works in any version of Windows.
This is especially handy when you are trying to select a bunch of files, and accidentally move the mouse and copy them into the same folder instead:
Once you do that, just immediately use the Ctrl+Z shortcut and the files will be removed, although you will get the regular delete confirmation dialog:
This can be confusing, but since the accidentally copied file is now going to be removed permanently, it makes sense that you'll have to accept the deletion. Also note that this works in any version of Windows.
Saturday, September 12, 2009
Show your name on SYSTEM CLOCK
This tip is absolutely and completely useless, and will even make applications that depend on timestamps have issues. It's mostly just to be used as a cool trick you can show off to your friends, so we're going to show you how it works. The way this trick works is by modifying the regional settings for the time format. Instead of using just AM or PM, you can put up to 12 characters of text in that field.
Start by opening Regional and Language Options from the start menu search box or the control panel.
On the Formats tab you'll see the "Customize this format" button, which you'll need to choose.
Select the Time tab, and then here's where we can make whatever settings we want.
I chose to set mine to "AM - Geek" so I could still see AM or PM, but you can choose any 12 characters for either field. Keep in mind that the PM symbol is only going to display during the "PM" hours. This does change more than just the displayed clock, so I'd advise not using this on a computer you do actual work on. Using the F5 key in notepad shows the "Geek" text as well:
It's one of those things that's interesting to know... just not very useful. It does work in XP as well.
Start by opening Regional and Language Options from the start menu search box or the control panel.
On the Formats tab you'll see the "Customize this format" button, which you'll need to choose.
Select the Time tab, and then here's where we can make whatever settings we want.
I chose to set mine to "AM - Geek" so I could still see AM or PM, but you can choose any 12 characters for either field. Keep in mind that the PM symbol is only going to display during the "PM" hours. This does change more than just the displayed clock, so I'd advise not using this on a computer you do actual work on. Using the F5 key in notepad shows the "Geek" text as well:
It's one of those things that's interesting to know... just not very useful. It does work in XP as well.
Wednesday, September 9, 2009
How to detect computer & email monitoring or spying software
Computer Monitoring
So now, if you still think someone is spying on you, here's what you can do! The good thing right now is that neither Windows XP SP3 nor Windows Vista support multiple concurrent connections while someone is logged into the console (there is a hack for this, but I would not worry about). What this means is that if you're logged into your XP or Vista computer (like you are now if you're reading this), and someone were to connect to it using the BUILT-IN REMOTE DESKTOP feature of Windows, your screen would become locked and it would tell tell you who is connected. So why is that useful? It's useful because it means that in order for someone to connect to YOUR session without you noticing or your screen being taken over, they have use third-party software and it's a lot easier to detect third-party software than a normal process in Windows. So now we're looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software. First, the easy thing to do is to simply check in your Start Menu All Programs and check whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times IT people are sloppy and figure that a normal user won't know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service. That brings us to the second point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.
Check all of your icons (even the hidden ones) and see what is running. If you find something you've not heard of, do a quick Google search to see what pops up. It's usually quite hard to remove something from the taskbar, so if there is something installed to monitor your computer, it should be there. However, if someone really sneaky installed it and nothing shows up there, you can try another way. Again, because these are third-party apps, they have to connect to Windows XP or Vista on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, XP and Vista come with a built-in Firewall that blocks many of the incoming ports for security reasons. If you're not running an FTP site, why should your port 23 be open, right? So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start , Control Panel , and Windows Firewall .
Click on the Exceptions tab and you'll see see a list of programs with check boxes next to them. The ones that are checked are "open" and the unchecked or unlisted ones are "closed". Go through the list and see if there is a program you're not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!
The only other way I can think of to see if someone is connected to your computer is to see if there are any processes running under a different name! If you go to the Windows Task Manager (press Cntr + Shift + Esc together) and go to the Processes tab, you'll see a column titled User Name .
Scroll through all the processes and you should only see your user name, Local Service, Network Service, and System. Anything else means someone is logged into the computer!
Email & Web Site Monitoring
To check whether your email is being monitored is quite simple. Always, when you send an email from Outlook or some email client on your computer, it has to connect to the email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server. If you're going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here's how. For IE, go to Tools , then Internet Options . Click on the Connections tab and choose LAN Settings .
If the Proxy Server box is checked and it has a local IP address with a port number, then that means you're going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it. For your email, you're checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools , Email Accounts , and click Change or Properties, and find the values for POP and SMTP server.
If you're working in a big corporate environment, it's more than likely that the Internet and email are being monitored. You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems!
So now, if you still think someone is spying on you, here's what you can do! The good thing right now is that neither Windows XP SP3 nor Windows Vista support multiple concurrent connections while someone is logged into the console (there is a hack for this, but I would not worry about). What this means is that if you're logged into your XP or Vista computer (like you are now if you're reading this), and someone were to connect to it using the BUILT-IN REMOTE DESKTOP feature of Windows, your screen would become locked and it would tell tell you who is connected. So why is that useful? It's useful because it means that in order for someone to connect to YOUR session without you noticing or your screen being taken over, they have use third-party software and it's a lot easier to detect third-party software than a normal process in Windows. So now we're looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software. First, the easy thing to do is to simply check in your Start Menu All Programs and check whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times IT people are sloppy and figure that a normal user won't know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service. That brings us to the second point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.
Check all of your icons (even the hidden ones) and see what is running. If you find something you've not heard of, do a quick Google search to see what pops up. It's usually quite hard to remove something from the taskbar, so if there is something installed to monitor your computer, it should be there. However, if someone really sneaky installed it and nothing shows up there, you can try another way. Again, because these are third-party apps, they have to connect to Windows XP or Vista on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, XP and Vista come with a built-in Firewall that blocks many of the incoming ports for security reasons. If you're not running an FTP site, why should your port 23 be open, right? So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start , Control Panel , and Windows Firewall .
Click on the Exceptions tab and you'll see see a list of programs with check boxes next to them. The ones that are checked are "open" and the unchecked or unlisted ones are "closed". Go through the list and see if there is a program you're not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!
The only other way I can think of to see if someone is connected to your computer is to see if there are any processes running under a different name! If you go to the Windows Task Manager (press Cntr + Shift + Esc together) and go to the Processes tab, you'll see a column titled User Name .
Scroll through all the processes and you should only see your user name, Local Service, Network Service, and System. Anything else means someone is logged into the computer!
Email & Web Site Monitoring
To check whether your email is being monitored is quite simple. Always, when you send an email from Outlook or some email client on your computer, it has to connect to the email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server. If you're going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here's how. For IE, go to Tools , then Internet Options . Click on the Connections tab and choose LAN Settings .
If the Proxy Server box is checked and it has a local IP address with a port number, then that means you're going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it. For your email, you're checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools , Email Accounts , and click Change or Properties, and find the values for POP and SMTP server.
If you're working in a big corporate environment, it's more than likely that the Internet and email are being monitored. You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems!
Tuesday, September 1, 2009
How To: Manage Your Passwords With Credential Manager in Windows 7 or in Vista
Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 , Windows XP and also includes in new generation operating systems Windows Vista and in Windows 7 .Single sign-on (SSO) is an approach that attempts to reduce the time users spend performing logon tasks and the number of passwords users must remember.Credential Manager is a central store for all of your usernames, passwords, and X.509 certificates. It's based on a secure client-side credential- caching mechanism.
To use Credential Manager in Windows Vista:
Open Control Panel.
Open User Accounts.
Click Manage My Network Passwords on the Related Tasks panel (on the left side of the window). You'll get a dialog box listing all of your stored usernames and passwords.
Add another username and password, or remove the existing ones or change their properties.
To use Credential Manager in Windows 7:
Microsoft's new generation operating system Windows 7(code named as Vienna) will include a system for managing the online IDs, logons, and passwords that you must manage for all of the Web sites you visit. Dubbed Windows Credentials , this feature utilizes a KeyRing for storing online credentials and a Credential Manager user interface. These settings can be backed up to and restored from a secure online vault. To access Credential Manager in Windows 7 go to Control Panel -> User Accounts -> Credential Manager Download Windows 7 if you doesn't have it
To use Credential Manager in Windows Vista:
Open Control Panel.
Open User Accounts.
Click Manage My Network Passwords on the Related Tasks panel (on the left side of the window). You'll get a dialog box listing all of your stored usernames and passwords.
Add another username and password, or remove the existing ones or change their properties.
To use Credential Manager in Windows 7:
Microsoft's new generation operating system Windows 7(code named as Vienna) will include a system for managing the online IDs, logons, and passwords that you must manage for all of the Web sites you visit. Dubbed Windows Credentials , this feature utilizes a KeyRing for storing online credentials and a Credential Manager user interface. These settings can be backed up to and restored from a secure online vault. To access Credential Manager in Windows 7 go to Control Panel -> User Accounts -> Credential Manager Download Windows 7 if you doesn't have it
Tuesday, August 25, 2009
Reduce Windows Animation Speed in Windows Vista
Windows Vista comes with several new enhancements, however for these added features you have to pay the price of slow processing speed for even the fastest of computers. The main reason is the visual upgrades, which though looks good can drastically reduce the performance of your system. If your system can not take the load of Window Vista and you still want to use it for considerable performance, you may tweak Windows Vista for certain optimizations. For example; when you minimize, maximize or close any windows/applications, the animation speed to perform these tasks is a default setting which is not under the control of the user. Never the less, you can make this transition run slower while holding the SHIFT key button; after performing the following registry hack as shown below: 1. Click on the Start button and type regedit in the Start Search field, then press enter. 2. If User Account Control prompts you for consent, click on Continue. 3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM 4. In the right hand pane, right click on an empty space and from the context menu that appears choose “New > DWORD (32-bit) Value”. 5. Give the new DWORD (32-bit) Value a name of AnimationsShiftKey. 6. Double click on the “AnimationsShiftKey” value and give it a value of 1. 7. Close the Registry Editor and log off of Windows and log back in for this to take effect. If you have successfully edited the registry, you will notice that the animation speed has become slower when compared to previous without holding the SHIFT key. Enjoy!
Subscribe to:
Posts (Atom)
MY STATS
