96-123 Chapter10

8/6/2019 96-123 Chapter10

http://slidepdf.com/reader/full/96-123-chapter10 1/28

8/6/2019 96-123 Chapter10


97 FAST TRACK- NOVEMBER 2010

System Maintenance and ManagementWindows 7 10

10.1.1 Hardware requirements for BitLocker Drive

Encryption

To use BitLocker Drive Encryption, your

computer has to meet certain hardware

requirements, which can vary depending on the

type of drive that you are encrypting.

Hardware requirements for the drive that Windows is installed onTo encrypt the drive that Windows is installed on (the operating system

drive), BitLocker stores its own encryption and decryption key in a hardware

device that is separate from your hard disk i.e. either Trusted Platform

Module (TPM) or a removable USB drive.

To turn on BitLocker Drive Encryption on the operating system drive,

your computer’s hard disk must:

Have at least two partitions. The partition on which Windows is installedmust be at least 400 MB. This is the drive that you are going to encrypt with

BitLocker. The other partition is the unencrypted active partition, which

is required for your computer to start. If your computer does not have two

partitions, BitLocker will give you an option to create them for you.

BitLocker automatically encryptswhatever new les you add to a drivethat is already encrypted with it.

Note

BitLocker Drive Encryption window

8/6/2019 96-123 Chapter10


98

System Maintenance and Management10 Windows 7

FAST TRACK - NOVEMBER 2010

Hardware requirements for data drives

You can use BitLocker to encrypt fixed data drives (such as internal hard

drives) and removable data drives (such as external hard drives and USB

flash drives). The data drive to be encrypted, must use one of exFAT, FAT16,

FAT32, or NTFS file systems and has be at least 128 MB.

10.1.2 Steps to Turn On/Off BitLocker:

l Click the Start button to view the Start Menu and then choose the Control

Panel option to open the Control Panel window.

l Now click on the ‘System and Security’ link in this window. This will have

the link for BitLocker drive encryption.l Click on the BitLocker Drive Encryption. By default the BitLocker Drive

Encryption is Off for the Hard Disk Drive.

l Click on ‘Turn On BitLocker’. This opens the BitLocker setup wizard.

Now just follow the instructions in the wizard.

To Turn it off, click on Turn Off BitLocker in the same window

The options presented after you click on 'Turn on Bitlocker'

8/6/2019 96-123 Chapter10




To decrypt the drive, click on ‘Decrypt the volume’.

To temporarily suspend BitLocker, click on ‘Suspend BitLocker Drive

Encryption’.

10.2 Make Windows UAC less AnnoyingWindows 7's User Account Control is a good idea in theory (more security),

but it is the single most annoying feature in Windows Vista and 7 for most

people as it asks your permission for almost everything( Any configuration

change) thus delaying your work. Fortunately Windows 7 displays fewer

warnings by default than Windows Vista used to, and lets you further

fine-tune UAC to suit your preferred balance between security and a pop-upfree life.

10.2.1 Disable UAC completely

l Go to control Panel -> Action Center -> Change user Account Control

Settings.

l Bring the Slider down to Never Notify to completely disable it and then

press OK.The problem with Disabling UAC is that you will end if making your

system less secure.

UAC can be customized by moving the slider.

8/6/2019 96-123 Chapter10


100



10.2.2 Auto-Accept UAC Prompts for Administrators Only

If you want to leave UAC enabled, but disable the prompts from showing

up under your administrator account, you can tweak a setting that will

“Elevate without prompting”, so you never see the prompt show up. This

is more secure than disabling UAC entirely, because it ensures that an

application started as a Regular User can’t perform an action that is meant

for Administrators. For instance, your web-browser can still run in protected

mode this way.

10.2.3 Disable the Blackout Screen (Secure Desktop)

The most annoying part of UAC for me is the screen that blacks outeverything other than the UAC prompt because it usually takes forever to

show up, and depending on your video card it can do weird things with your

desktop. To counter this, you can disable the secure desktop feature but leave

the UAC prompts the way they are. Of course, this is not the safest thing

around because it creates the hazard of some application/script fraudulently

clicking the prompt for you by hard coding. (Secure desktop prevents

applications from doing this)

10.2.4 Create Administrator Mode Shortcuts Without UAC Prompts

Instead of disabling UAC in any way, what we can do is set up a few shortcuts

that bypass UAC entirely. This is especially useful for applications that

need to be run in administrator-mode always (Like Matlab). You can do this

by using task scheduler to launch the applications, and then making task

scheduler run the task as an administrator.

10.2.5 Create UAC White List

There is no Exception list for UAC like the one Windows Firewall has. There

are however ways (other than disabling UAC) by which you can bypass the

UAC prompt for particular applications:

Task Scheduler is very useful if you want an application that runs on

start-up with elevated privileges.

To do this:l Open Control Panel > System Maintenance > Administrative

Tools > Schedule Tasks

The same can be accessed from:

Start > Administrative Tools > Task Scheduler

l From the scheduler, you need to Create a New Task.

8/6/2019 96-123 Chapter10


8/6/2019 96-123 Chapter10


102



Resource Monitor showing CPU and Memory diagnostics

Disk and Network Usage

8/6/2019 96-123 Chapter10




CPU time of individual processes with detailed information of threads

Memory allocation for various processes with advanced options

8/6/2019 96-123 Chapter10


104



individual threads.

With Resource Monitor, you can quickly identify the source of

performance and resource utilisation problems, reducing the time required

to troubleshoot complex issues. It can provide you detailed information

of process-specific CPU time and memory usage, services hosted within

Disk Activity of indivisual processes

Network Activity of processes with Open Connections and Listening Ports

8/6/2019 96-123 Chapter10




svchost.exe, modules, DLL’s, files and resources the process is accessing

and disk and network data analysis. In addition, you can end processes that

you think are created by malwares and even search online for information

about them.

10.4 Reliability Monitor

Windows Vista brought a handy utility called the Reliability Monitor, which

provided a timeline of system events that correlate with the overall stability

of the PC. These events included the installation or removal of software and

device drivers, application failures, and forced shutdowns. The Reliability

Monitor was especially useful as it allowed you to quickly trace problemsback to the system change that caused them.

Now with Windows 7, Reliability Monitor is integrated with Problem

Reports And Solutions to better correlate system changes, events, and

potential resolutions. Windows 7 also enhances Reliability Monitor by

giving the reliability data via the Windows Management Interface. You

Reliability History with critical events and Warnings

8/6/2019 96-123 Chapter10


106



can use WMI to gather reliability data remotely and then process it using

PowerShell scripts and WMI-related cmdlets. You can even create your own

PowerShell scripts to monitor reliability of network connected computers

and take appropriate action for systems that are unreliable without any need

for another feedback channel of human-error reporting.

10.5 Credential ManagerCredential Manager in

Windows 7 allows you to

store credentials, such as user

names and passwords that youuse to log on to websites or

other computers on a network.

By storing your credentials,

Windows can automatically

log you on to websites or other

Problem Summaries of Individual Crashes and problems

Credential Manager Window in Control Panel

8/6/2019 96-123 Chapter10




computers over the network.

Let's see how to Manage Credentials in Windows 7:

l Open Control Panel and Then Credential Manager

l Click on Add a Windows credential.

l Type the user name and password that you use for that computer or

website in the corresponding boxes, and then click OK.

You can perform other actions like Edit/Remove the credential from the

vault at any time.

Credentials are saved

in special folders on your

computer’s hard-disk calledvaults. The Vault contains

credentials for servers,

websites and programs that

windows can try to log you on

to automatically. Windows and programs (such as web browsers and email-

clients) can securely give the credentials in the vaults to other computers

and websites as and when required. It is recommended that you Backupyour vault.

l Click on Back up vault.l Browse the location where you want to store the Windows Vault backup.

Click Next.

l Press [CTRL]+[ALT]+[DELETE] to continue your backup.

l You will be prompted to provide password to protect the backup file.

Enter any Password and Click on Next.

A step during Addition of a Windows Credential

Store your Usernames and Passwords to Log on Automatically

8/6/2019 96-123 Chapter10


108



l Click Finish.You can then restore this vault on your computer at a later time or some

other computer.

l Click on Restore Vault in the Credential Manager window.

l Browse the location where your Windows Vault backup is stored. Click

Next.

l Press [CTRL]+[ALT]+[DELETE] to continue restoring your logon

credentials.l You will be prompted to provide a password for the the backup file. Enter

the password you gave while backing up and click on Next.

l Click Finish.

10.6 AppLockerIf you share your computer

with someone else, then you

might want to restrict their

access to your applications,

files or documents. Windows

7 comes with a new feature

called AppLocker that

ensures that other users

can only run the programs

you specify. Using this,you can easily block other

users' access to Executables,

Windows Installers, Scripts,

a specific publisher or path.

l Just open the Run dialog

Summary of a stored Credential

Applocker in Group Policy Editor.

8/6/2019 96-123 Chapter10




box and open Gpedit.msc.

l Then go to Computer Configuration > Windows Settings

> Security Settings > Application Control Policies

> AppLocker. Right click on the options that you wish to configure

(Executables, Installers, or Script) and create a new rule.

That should save you from a lot of headaches, especially if you are tired

of kids/ roommates / even spouses installing dubious software or running

applications that hinder your privacy. AppLocker also let IT pros control

what applications users can run on company terminals.

10.7 Automatically Delete Temporary FilesWindows 7 comes with the Disk Clean-up Wizard like Windows Vista and

XP, but that utility only deletes your temporary files if they are more than

one week old. You can automate the process by creating a simple batch file

and then making it run at start-up so that you never have to worry about

manually freeing up space from your Temp folder.

l Open Notepad and click on File > Save As

l

In the File Name dialog box, Type "tempclean.bat"l Change the entry in Save As Type dropdown box to "All files"

l Click on save.

l Then in your file, type the following:

Cd C:\Users\%username%\AppData\Local

Rmdir /S /Q Temp

l Then Save the File.

l Now Navigate to the folder where the file is saved.

l Right click on it and click on 'Create Shortcut'.

l Place this shortcut in your 'startup' folder in your Start Menu.

Every time you log in to Windows, the file will be executed and your

temporary files will be cleaned. This is very useful for netbooks and laptops

with limited hard-disk space. In case you get an access error while the file

is being executed, replace %username% in the file with your Windows

login username.

10.8 Remove Entries from 'Programs and Features' Add/Remove listIf your Add/Remove list is getting cluttered after you installed an application

that makes multiple entries in it (Visual Studio added more than 10 things

8/6/2019 96-123 Chapter10


110



while we were testing) and you have no intention of uninstalling it from

there, or you want to remove a Key logging/ Screen Capture program you

installed to monitor your kids from the programs list because you don't want

your smarties to simply uninstall it, there is a way to remove entries from

'Programs and Features' List.

l Open Run Dialog box with [Win]+[R]

l Type RegEdit and press [Enter] to Open Windows Registry Editor.

l Scroll to the entry:

l H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \

CurrentVersion\Uninstall

l In the left pane, there are programs installed on your computer, some

represented by their name, and some by random numbers and letters. Right

Pane shows you their display name.

l Find the key of the program you intend to hide.

l Back it up so that atleast you can uninstall it by restoring the key. Select itin the left pane. Then click on File > Export and save it with a name that

reminds you of what you are about to do.

l Now delete the key by right clicking it and Selecting Delete. This removes

the entry for that program from the Programs list. You can Restore it by

double clicking the reg file you just saved in the last step.

The registry entry of something you don't want to be visible in Programs list should be deleted.

8/6/2019 96-123 Chapter10




10.9 Action CenterAction Center in

Windows 7 consolidates

all the warning/error

messages and allows you

to view alerts and take

actions that can help

keep Windows running

smoothly. It lists all the

important messagesabout security and

maintenance settings

that need your attention

under one window.

Action Center showing various warning and error messages.

You can turn off various notications to reduce annoying messages popping

up from the system tray.

8/6/2019 96-123 Chapter10


112



If anything requires your attention, the Action Center icon appears in the

taskbar. Click on it and you’ll see both alerts for any problem and suggestions

to fix it. If you are an advanced user, Action Center enables to turn off all the

annoyances that Windows brings with it. You can turn off notifications

about UAC, Windows Update, Internet Security Settings, Network Firewall,

Spyware and related protection, Virus Protection, Windows Backup and

Windows Troubleshooting from the Action Center.

10.10 Windows FirewallWindows 7’s inbuilt firewall has more features than the one that came

with XP and Vista, and is also more customisable. It checks every bit of

information coming from the internet or a network and depending upon thesettings; it either blocks or allow the information to pass through to your

computer.

Here are some ways in which you can configure the Windows Firewall:

l Open Control Panel

l Now click System and Security link > Windows Firewall if it’s

Summary of rewall settings for your networks.

8/6/2019 96-123 Chapter10




the standard view, otherwise click on Windows Firewall in advanced view.

l On the left pane, there are various links like, Change notification

settings, Turn Windows Firewall on or off, Restore defaults and Advanced

Settings etc.

Change rewall settings for different network locations

Advanced view of windows rewall in Windows 7. It provides easy access to a lot of features which were troublesomein XP and Vista.

8/6/2019 96-123 Chapter10


114



l On the right pane, there are two

types of networks(Home or Work

and Public) link for which you can

set firewall settings.

l By default, the Firewall state is

ON for both the networks.

l To change Notification Settings,

Click on the Change Notification

settings link in the Left Pane

l To turn off the Windows

Firewall click on the Turn off Windows Firewall button

l To enable the default or

Recommended Settings, either

click on the Use Recommended Settings button on the right pane, or click on

the Restore default link on the left pane.

Overview of different proles

Summary of settings for different network proles

8/6/2019 96-123 Chapter10




l On the left pane, Select the Advance

Settings link to view or change settings.

l Click on the Inbound Rules link in

the left pane. This displays a list of all

Inbound Rules. When you click on an

enabled rule, a list of actions is shown in

the Actions Pane. You can click on Disable

Rule to disable the selected rule. You can

also Cut, Copy and Delete the rule.

l Click on Monitoring in the left pane

to monitor Active Networks settings,Firewall State settings, General Settings

and Logging settings etc.

10.11 Parental ControlsWindows7 comes with built-in advanced parental

controls that let you set limits as to when your

options in the left pane of Windows Firewall

Same procedure is for Enabling/Disabling the Outbound Rules.

Note

Congure inbound connection rules from this window

8/6/2019 96-123 Chapter10


116



Firewall rules for various applications

Quickly create rules for your rewall through this wizard

8/6/2019 96-123 Chapter10




children can use the computer, as well as what programs and games are

suitable for them. If you are using Windows Media Center to watch TV

shows or movies, you can even block objectionable content. Apart from

setting guidelines for your children when you're not looking over their

shoulders, these can also be used for varied applications limited only by

your imagination.

10.11.1 What can you control with Parental Controls?

You can use Parental Controls to set time limits for computer usage, and

restrictions on the games your kids can play and the programs they are

allowed to run.

l You can set time limits to control when children are allowed to log on

and use the computer. Time limits prevent children from logging on duringspecified hours like late-night and study time. You can even set different

logon hours for every day of the week, depending on their normal schedule.

They will automatically be logged off once their allotted time ends.

l You can control access to games that you want your children to refrain

from, choose an age-rating level, choose the types of content you want to block,

Monitoring network connections Summary

8/6/2019 96-123 Chapter10


118



and decide whether you want to allow or block unrated or specific games.

l You can prevent children from running specific programs, like your

development applications so that they don’t end up deleting the awesome

software you spent the past two weeks coding.

Parental Controls Window

Setting up Controls for your children

8/6/2019 96-123 Chapter10




10.11.2 Turn on Parental Controls for a standard user account

Before you get started, make sure each child that you want to set up Parental

Controls for has a standard user account because Parental Controls cannot

be applied to Administrator level user accounts.

l Open Parental Controls from the control panel or by typing it in the Start

Menu.

l Click on the standard user account that you want

to set Parental Controls for. You can set them up

from User Accounts in the Control Panel.

l Under Parental Controls, select the ‘On, enforce

current settings’ option.

10.11.3 Prevent children from using specic programs

You can use Parental Controls to determine which

specific programs your child can use. For example, if you use a program to

keep track of your expenses, you can prevent your child from opening it and

viewing those details.

Make sure that you select all ofthe programs that you want your

child to be able to run. ParentalControls will otherwise block anyprogram not selected in the list.

Tip

You can allow your kid to have access to only certain programs so that he need not meddle up your workapplications.

8/6/2019 96-123 Chapter10


120



l Open Parental

Controls from the

control panel or by

typing it in the Start

Menu.l Click on the

name of the

perso n(Sta nd a rd

User Account) you

want to prevent

from using specific

programs.

l If Parental

Controls are not switched on yet, select ‘On, enforce current settings’.

l Click on ‘Allow and block specific programs’.

l Click on ‘<User name of the account> can only use the programs I allow’.

Select the programs that you want to allow.

10.11.4 Control when children can use the computer

You can choose which hours your children can use the computer. You canindividually set which hours are allowed for each day of the week and block

all the rest.


Menu.

l Click on the account that you want to set time limits for.

After you have set up all the controls, the screen shows the summary.

Select the time blocks during which you don't want your kid using the computer

8/6/2019 96-123 Chapter10




l Click on ‘Time limits’.

l In the grid, select and drag the hours you want

to block or allow.

10.11.5 Specify which games children can play

You can use Parental Controls to control which

games your children are allowed to play on your

computer. You can block:

l All games.

l Specific games of your choosing.

l Specific games based on age ratings.l Specific games based on content ratings.

l These four methods can be

used in combination.

To block all games

l Open Parental Controls from

the control panel or by typing it inthe Start Menu.

l Click on the User Account you

want to prevent from playing

games.

l Click on ‘Games’.

l Under ‘Can <User name of the

account> play games?’, click No.

To block games by age rating

l Open Parental Controls from

the control panel or by typing it in

the Start Menu.

l Click on the User account you want to prevent from playing games.

l Click on ‘Games’.

l Under ‘Can <User Name> play games?’, click Yes.l Under ‘Block (or allow) games by rating and content types’, select ‘Set

game ratings’.

l Under ‘Which ratings are ok for person's name to play?’, select a ratings

level.

If your computer doesn't recognizea game, it won't be blockedby Parental Controls. You canhowever add that game to the listof blocked programs manually.

Note

Setting what games your kid should be allowed to play. Youcan have different settings for different kids.

8/6/2019 96-123 Chapter10


122



To block games by content

l Open Parental Controls

from the control panel or by

typing it in the Start Menu.

l Click on the User account

you want to prevent from

playing games.

l Click on Games.

l Under ‘Can <User name>

play games?’, Select Yes.

l Under Block (or allow)

games by rating and contenttypes, click on ‘Set game

ratings’.

l Under ‘Block these types

of content’, select the content

types that you want to block.

Select the maximum game rating suitable for your kid.

Select all the things you don't want to be present in the gamesyour kids can be given access to. This is for automatic lteringof games.

8/6/2019 96-123 Chapter10



To block specic games


Menu.

l Click on the User Account you want to prevent from playing games.

l Click on Games.

l Under ‘Can person's name play games?’, Select Yes.

l Under ‘Block (or allow) any game on your computer by name’, click on

‘Block or Allow specific games’.

l In the list of games, find the games that you want to block, and then select

Always Block.

The list is pretty detailed!

Documents

96-123 Chapter10