Upload
ashish-chandra
View
217
Download
0
Embed Size (px)
Citation preview
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 1/28
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 2/28
97 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
10.1.1 Hardware requirements for BitLocker Drive
Encryption
To use BitLocker Drive Encryption, your
computer has to meet certain hardware
requirements, which can vary depending on the
type of drive that you are encrypting.
Hardware requirements for the drive that Windows is installed onTo encrypt the drive that Windows is installed on (the operating system
drive), BitLocker stores its own encryption and decryption key in a hardware
device that is separate from your hard disk i.e. either Trusted Platform
Module (TPM) or a removable USB drive.
To turn on BitLocker Drive Encryption on the operating system drive,
your computer’s hard disk must:
Have at least two partitions. The partition on which Windows is installedmust be at least 400 MB. This is the drive that you are going to encrypt with
BitLocker. The other partition is the unencrypted active partition, which
is required for your computer to start. If your computer does not have two
partitions, BitLocker will give you an option to create them for you.
BitLocker automatically encryptswhatever new les you add to a drivethat is already encrypted with it.
Note
BitLocker Drive Encryption window
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 3/28
98
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
Hardware requirements for data drives
You can use BitLocker to encrypt fixed data drives (such as internal hard
drives) and removable data drives (such as external hard drives and USB
flash drives). The data drive to be encrypted, must use one of exFAT, FAT16,
FAT32, or NTFS file systems and has be at least 128 MB.
10.1.2 Steps to Turn On/Off BitLocker:
l Click the Start button to view the Start Menu and then choose the Control
Panel option to open the Control Panel window.
l Now click on the ‘System and Security’ link in this window. This will have
the link for BitLocker drive encryption.l Click on the BitLocker Drive Encryption. By default the BitLocker Drive
Encryption is Off for the Hard Disk Drive.
l Click on ‘Turn On BitLocker’. This opens the BitLocker setup wizard.
Now just follow the instructions in the wizard.
To Turn it off, click on Turn Off BitLocker in the same window
The options presented after you click on 'Turn on Bitlocker'
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 4/28
99 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
To decrypt the drive, click on ‘Decrypt the volume’.
To temporarily suspend BitLocker, click on ‘Suspend BitLocker Drive
Encryption’.
10.2 Make Windows UAC less AnnoyingWindows 7's User Account Control is a good idea in theory (more security),
but it is the single most annoying feature in Windows Vista and 7 for most
people as it asks your permission for almost everything( Any configuration
change) thus delaying your work. Fortunately Windows 7 displays fewer
warnings by default than Windows Vista used to, and lets you further
fine-tune UAC to suit your preferred balance between security and a pop-upfree life.
10.2.1 Disable UAC completely
l Go to control Panel -> Action Center -> Change user Account Control
Settings.
l Bring the Slider down to Never Notify to completely disable it and then
press OK.The problem with Disabling UAC is that you will end if making your
system less secure.
UAC can be customized by moving the slider.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 5/28
100
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
10.2.2 Auto-Accept UAC Prompts for Administrators Only
If you want to leave UAC enabled, but disable the prompts from showing
up under your administrator account, you can tweak a setting that will
“Elevate without prompting”, so you never see the prompt show up. This
is more secure than disabling UAC entirely, because it ensures that an
application started as a Regular User can’t perform an action that is meant
for Administrators. For instance, your web-browser can still run in protected
mode this way.
10.2.3 Disable the Blackout Screen (Secure Desktop)
The most annoying part of UAC for me is the screen that blacks outeverything other than the UAC prompt because it usually takes forever to
show up, and depending on your video card it can do weird things with your
desktop. To counter this, you can disable the secure desktop feature but leave
the UAC prompts the way they are. Of course, this is not the safest thing
around because it creates the hazard of some application/script fraudulently
clicking the prompt for you by hard coding. (Secure desktop prevents
applications from doing this)
10.2.4 Create Administrator Mode Shortcuts Without UAC Prompts
Instead of disabling UAC in any way, what we can do is set up a few shortcuts
that bypass UAC entirely. This is especially useful for applications that
need to be run in administrator-mode always (Like Matlab). You can do this
by using task scheduler to launch the applications, and then making task
scheduler run the task as an administrator.
10.2.5 Create UAC White List
There is no Exception list for UAC like the one Windows Firewall has. There
are however ways (other than disabling UAC) by which you can bypass the
UAC prompt for particular applications:
Task Scheduler is very useful if you want an application that runs on
start-up with elevated privileges.
To do this:l Open Control Panel > System Maintenance > Administrative
Tools > Schedule Tasks
The same can be accessed from:
Start > Administrative Tools > Task Scheduler
l From the scheduler, you need to Create a New Task.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 6/28
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 7/28
102
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
Resource Monitor showing CPU and Memory diagnostics
Disk and Network Usage
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 8/28
103 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
CPU time of individual processes with detailed information of threads
Memory allocation for various processes with advanced options
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 9/28
104
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
individual threads.
With Resource Monitor, you can quickly identify the source of
performance and resource utilisation problems, reducing the time required
to troubleshoot complex issues. It can provide you detailed information
of process-specific CPU time and memory usage, services hosted within
Disk Activity of indivisual processes
Network Activity of processes with Open Connections and Listening Ports
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 10/28
105 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
svchost.exe, modules, DLL’s, files and resources the process is accessing
and disk and network data analysis. In addition, you can end processes that
you think are created by malwares and even search online for information
about them.
10.4 Reliability Monitor
Windows Vista brought a handy utility called the Reliability Monitor, which
provided a timeline of system events that correlate with the overall stability
of the PC. These events included the installation or removal of software and
device drivers, application failures, and forced shutdowns. The Reliability
Monitor was especially useful as it allowed you to quickly trace problemsback to the system change that caused them.
Now with Windows 7, Reliability Monitor is integrated with Problem
Reports And Solutions to better correlate system changes, events, and
potential resolutions. Windows 7 also enhances Reliability Monitor by
giving the reliability data via the Windows Management Interface. You
Reliability History with critical events and Warnings
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 11/28
106
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
can use WMI to gather reliability data remotely and then process it using
PowerShell scripts and WMI-related cmdlets. You can even create your own
PowerShell scripts to monitor reliability of network connected computers
and take appropriate action for systems that are unreliable without any need
for another feedback channel of human-error reporting.
10.5 Credential ManagerCredential Manager in
Windows 7 allows you to
store credentials, such as user
names and passwords that youuse to log on to websites or
other computers on a network.
By storing your credentials,
Windows can automatically
log you on to websites or other
Problem Summaries of Individual Crashes and problems
Credential Manager Window in Control Panel
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 12/28
107 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
computers over the network.
Let's see how to Manage Credentials in Windows 7:
l Open Control Panel and Then Credential Manager
l Click on Add a Windows credential.
l Type the user name and password that you use for that computer or
website in the corresponding boxes, and then click OK.
You can perform other actions like Edit/Remove the credential from the
vault at any time.
Credentials are saved
in special folders on your
computer’s hard-disk calledvaults. The Vault contains
credentials for servers,
websites and programs that
windows can try to log you on
to automatically. Windows and programs (such as web browsers and email-
clients) can securely give the credentials in the vaults to other computers
and websites as and when required. It is recommended that you Backupyour vault.
l Click on Back up vault.l Browse the location where you want to store the Windows Vault backup.
Click Next.
l Press [CTRL]+[ALT]+[DELETE] to continue your backup.
l You will be prompted to provide password to protect the backup file.
Enter any Password and Click on Next.
A step during Addition of a Windows Credential
Store your Usernames and Passwords to Log on Automatically
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 13/28
108
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
l Click Finish.You can then restore this vault on your computer at a later time or some
other computer.
l Click on Restore Vault in the Credential Manager window.
l Browse the location where your Windows Vault backup is stored. Click
Next.
l Press [CTRL]+[ALT]+[DELETE] to continue restoring your logon
credentials.l You will be prompted to provide a password for the the backup file. Enter
the password you gave while backing up and click on Next.
l Click Finish.
10.6 AppLockerIf you share your computer
with someone else, then you
might want to restrict their
access to your applications,
files or documents. Windows
7 comes with a new feature
called AppLocker that
ensures that other users
can only run the programs
you specify. Using this,you can easily block other
users' access to Executables,
Windows Installers, Scripts,
a specific publisher or path.
l Just open the Run dialog
Summary of a stored Credential
Applocker in Group Policy Editor.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 14/28
109 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
box and open Gpedit.msc.
l Then go to Computer Configuration > Windows Settings
> Security Settings > Application Control Policies
> AppLocker. Right click on the options that you wish to configure
(Executables, Installers, or Script) and create a new rule.
That should save you from a lot of headaches, especially if you are tired
of kids/ roommates / even spouses installing dubious software or running
applications that hinder your privacy. AppLocker also let IT pros control
what applications users can run on company terminals.
10.7 Automatically Delete Temporary FilesWindows 7 comes with the Disk Clean-up Wizard like Windows Vista and
XP, but that utility only deletes your temporary files if they are more than
one week old. You can automate the process by creating a simple batch file
and then making it run at start-up so that you never have to worry about
manually freeing up space from your Temp folder.
l Open Notepad and click on File > Save As
l
In the File Name dialog box, Type "tempclean.bat"l Change the entry in Save As Type dropdown box to "All files"
l Click on save.
l Then in your file, type the following:
Cd C:\Users\%username%\AppData\Local
Rmdir /S /Q Temp
l Then Save the File.
l Now Navigate to the folder where the file is saved.
l Right click on it and click on 'Create Shortcut'.
l Place this shortcut in your 'startup' folder in your Start Menu.
Every time you log in to Windows, the file will be executed and your
temporary files will be cleaned. This is very useful for netbooks and laptops
with limited hard-disk space. In case you get an access error while the file
is being executed, replace %username% in the file with your Windows
login username.
10.8 Remove Entries from 'Programs and Features' Add/Remove listIf your Add/Remove list is getting cluttered after you installed an application
that makes multiple entries in it (Visual Studio added more than 10 things
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 15/28
110
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
while we were testing) and you have no intention of uninstalling it from
there, or you want to remove a Key logging/ Screen Capture program you
installed to monitor your kids from the programs list because you don't want
your smarties to simply uninstall it, there is a way to remove entries from
'Programs and Features' List.
l Open Run Dialog box with [Win]+[R]
l Type RegEdit and press [Enter] to Open Windows Registry Editor.
l Scroll to the entry:
l H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \
CurrentVersion\Uninstall
l In the left pane, there are programs installed on your computer, some
represented by their name, and some by random numbers and letters. Right
Pane shows you their display name.
l Find the key of the program you intend to hide.
l Back it up so that atleast you can uninstall it by restoring the key. Select itin the left pane. Then click on File > Export and save it with a name that
reminds you of what you are about to do.
l Now delete the key by right clicking it and Selecting Delete. This removes
the entry for that program from the Programs list. You can Restore it by
double clicking the reg file you just saved in the last step.
The registry entry of something you don't want to be visible in Programs list should be deleted.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 16/28
111 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
10.9 Action CenterAction Center in
Windows 7 consolidates
all the warning/error
messages and allows you
to view alerts and take
actions that can help
keep Windows running
smoothly. It lists all the
important messagesabout security and
maintenance settings
that need your attention
under one window.
Action Center showing various warning and error messages.
You can turn off various notications to reduce annoying messages popping
up from the system tray.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 17/28
112
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
If anything requires your attention, the Action Center icon appears in the
taskbar. Click on it and you’ll see both alerts for any problem and suggestions
to fix it. If you are an advanced user, Action Center enables to turn off all the
annoyances that Windows brings with it. You can turn off notifications
about UAC, Windows Update, Internet Security Settings, Network Firewall,
Spyware and related protection, Virus Protection, Windows Backup and
Windows Troubleshooting from the Action Center.
10.10 Windows FirewallWindows 7’s inbuilt firewall has more features than the one that came
with XP and Vista, and is also more customisable. It checks every bit of
information coming from the internet or a network and depending upon thesettings; it either blocks or allow the information to pass through to your
computer.
Here are some ways in which you can configure the Windows Firewall:
l Open Control Panel
l Now click System and Security link > Windows Firewall if it’s
Summary of rewall settings for your networks.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 18/28
113 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
the standard view, otherwise click on Windows Firewall in advanced view.
l On the left pane, there are various links like, Change notification
settings, Turn Windows Firewall on or off, Restore defaults and Advanced
Settings etc.
Change rewall settings for different network locations
Advanced view of windows rewall in Windows 7. It provides easy access to a lot of features which were troublesomein XP and Vista.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 19/28
114
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
l On the right pane, there are two
types of networks(Home or Work
and Public) link for which you can
set firewall settings.
l By default, the Firewall state is
ON for both the networks.
l To change Notification Settings,
Click on the Change Notification
settings link in the Left Pane
l To turn off the Windows
Firewall click on the Turn off Windows Firewall button
l To enable the default or
Recommended Settings, either
click on the Use Recommended Settings button on the right pane, or click on
the Restore default link on the left pane.
Overview of different proles
Summary of settings for different network proles
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 20/28
115 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
l On the left pane, Select the Advance
Settings link to view or change settings.
l Click on the Inbound Rules link in
the left pane. This displays a list of all
Inbound Rules. When you click on an
enabled rule, a list of actions is shown in
the Actions Pane. You can click on Disable
Rule to disable the selected rule. You can
also Cut, Copy and Delete the rule.
l Click on Monitoring in the left pane
to monitor Active Networks settings,Firewall State settings, General Settings
and Logging settings etc.
10.11 Parental ControlsWindows7 comes with built-in advanced parental
controls that let you set limits as to when your
options in the left pane of Windows Firewall
Same procedure is for Enabling/Disabling the Outbound Rules.
Note
Congure inbound connection rules from this window
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 21/28
116
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
Firewall rules for various applications
Quickly create rules for your rewall through this wizard
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 22/28
117 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
children can use the computer, as well as what programs and games are
suitable for them. If you are using Windows Media Center to watch TV
shows or movies, you can even block objectionable content. Apart from
setting guidelines for your children when you're not looking over their
shoulders, these can also be used for varied applications limited only by
your imagination.
10.11.1 What can you control with Parental Controls?
You can use Parental Controls to set time limits for computer usage, and
restrictions on the games your kids can play and the programs they are
allowed to run.
l You can set time limits to control when children are allowed to log on
and use the computer. Time limits prevent children from logging on duringspecified hours like late-night and study time. You can even set different
logon hours for every day of the week, depending on their normal schedule.
They will automatically be logged off once their allotted time ends.
l You can control access to games that you want your children to refrain
from, choose an age-rating level, choose the types of content you want to block,
Monitoring network connections Summary
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 23/28
118
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
and decide whether you want to allow or block unrated or specific games.
l You can prevent children from running specific programs, like your
development applications so that they don’t end up deleting the awesome
software you spent the past two weeks coding.
Parental Controls Window
Setting up Controls for your children
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 24/28
119 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
10.11.2 Turn on Parental Controls for a standard user account
Before you get started, make sure each child that you want to set up Parental
Controls for has a standard user account because Parental Controls cannot
be applied to Administrator level user accounts.
l Open Parental Controls from the control panel or by typing it in the Start
Menu.
l Click on the standard user account that you want
to set Parental Controls for. You can set them up
from User Accounts in the Control Panel.
l Under Parental Controls, select the ‘On, enforce
current settings’ option.
10.11.3 Prevent children from using specic programs
You can use Parental Controls to determine which
specific programs your child can use. For example, if you use a program to
keep track of your expenses, you can prevent your child from opening it and
viewing those details.
Make sure that you select all ofthe programs that you want your
child to be able to run. ParentalControls will otherwise block anyprogram not selected in the list.
Tip
You can allow your kid to have access to only certain programs so that he need not meddle up your workapplications.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 25/28
120
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
l Open Parental
Controls from the
control panel or by
typing it in the Start
Menu.l Click on the
name of the
perso n(Sta nd a rd
User Account) you
want to prevent
from using specific
programs.
l If Parental
Controls are not switched on yet, select ‘On, enforce current settings’.
l Click on ‘Allow and block specific programs’.
l Click on ‘<User name of the account> can only use the programs I allow’.
Select the programs that you want to allow.
10.11.4 Control when children can use the computer
You can choose which hours your children can use the computer. You canindividually set which hours are allowed for each day of the week and block
all the rest.
l Open Parental Controls from the control panel or by typing it in the Start
Menu.
l Click on the account that you want to set time limits for.
After you have set up all the controls, the screen shows the summary.
Select the time blocks during which you don't want your kid using the computer
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 26/28
121 FAST TRACK- NOVEMBER 2010
System Maintenance and ManagementWindows 7 10
l Click on ‘Time limits’.
l In the grid, select and drag the hours you want
to block or allow.
10.11.5 Specify which games children can play
You can use Parental Controls to control which
games your children are allowed to play on your
computer. You can block:
l All games.
l Specific games of your choosing.
l Specific games based on age ratings.l Specific games based on content ratings.
l These four methods can be
used in combination.
To block all games
l Open Parental Controls from
the control panel or by typing it inthe Start Menu.
l Click on the User Account you
want to prevent from playing
games.
l Click on ‘Games’.
l Under ‘Can <User name of the
account> play games?’, click No.
To block games by age rating
l Open Parental Controls from
the control panel or by typing it in
the Start Menu.
l Click on the User account you want to prevent from playing games.
l Click on ‘Games’.
l Under ‘Can <User Name> play games?’, click Yes.l Under ‘Block (or allow) games by rating and content types’, select ‘Set
game ratings’.
l Under ‘Which ratings are ok for person's name to play?’, select a ratings
level.
If your computer doesn't recognizea game, it won't be blockedby Parental Controls. You canhowever add that game to the listof blocked programs manually.
Note
Setting what games your kid should be allowed to play. Youcan have different settings for different kids.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 27/28
122
System Maintenance and Management10 Windows 7
FAST TRACK - NOVEMBER 2010
To block games by content
l Open Parental Controls
from the control panel or by
typing it in the Start Menu.
l Click on the User account
you want to prevent from
playing games.
l Click on Games.
l Under ‘Can <User name>
play games?’, Select Yes.
l Under Block (or allow)
games by rating and contenttypes, click on ‘Set game
ratings’.
l Under ‘Block these types
of content’, select the content
types that you want to block.
Select the maximum game rating suitable for your kid.
Select all the things you don't want to be present in the gamesyour kids can be given access to. This is for automatic lteringof games.
8/6/2019 96-123 Chapter10
http://slidepdf.com/reader/full/96-123-chapter10 28/28
System Maintenance and ManagementWindows 7 10
To block specic games
l Open Parental Controls from the control panel or by typing it in the Start
Menu.
l Click on the User Account you want to prevent from playing games.
l Click on Games.
l Under ‘Can person's name play games?’, Select Yes.
l Under ‘Block (or allow) any game on your computer by name’, click on
‘Block or Allow specific games’.
l In the list of games, find the games that you want to block, and then select
Always Block.
The list is pretty detailed!