Are You Truly Secure?

You must all be aware of the hack attacks and blunders of a national and international nature in recent news. Goes without mentioning that they could all have been avoided if only they had taken heed by adhering to simple preventative measures like keeping equipment up-to-date and paying attention to modern technological traditions. It’s not that the Chinese hackers are very smart, it’ only that the government keeps using Windows 2000, 2003 and XP when they’ve been warned over and over. We in the technology professions also know that stock markets do not have to collapse simply because they do not implement fail-over, load balancing, always-up-data-in-motion techniques, all of which are now commonplace. Please do let us know your thoughts. With loving kindness…

Imperial

Administrator Account on Microsoft Windows

UAC (User Account Control) is a Microsoft Windows feature for controlling the launching & execution of applications. However, the UAC system can be very cumbersome when administering Windows machines.

Scenario: Local account is member of “Administrators” but not the built-in Administrator account [Administrator account is disabled].

– Can change “Always notify”, “Never notify” settings of the UAC system
– At the “Default” third notch, cmd.exe launches in a regular under-priviledged context
– You have to invoke or run as Administrator to execute anything
– This makes working in Powershell quite difficult
– Example: You will not be able to import certain modules using “Import-Module”
– At lowest “Never notify” setting, cmd.exe launches as Administrator
– THIS DEFEATS THE PURPOSE OF USING THE UAC MECHANISM because you are essentially disabling UAC
– Machine has to restart each time UAC settings are changed
– Restarting a remote machine is tedious & always risks the machine not powering up or not regaining connection because changes to firewall, network adapter settings & so forth can occur

Conclusion
– If you choose to use UAC, leave the local built-in Administrator enabled & passworded.
– If you choose to not use UAC [by lowering the settings], you may use a custom account that is a “Member of” the “Administrators” group.
– If you choose to use a custom account [that is in the Administrators group], then you decide to log on with a domain account, you may still need to invoke the Administrator account to administer the local machine.
– You must only disable the local Administrator account if you are a seasoned professional with hyper-sensitivity to usage of the Administrator account because you have very first hand information that the most privileged, Administrator, is threatened.
– Because of reasons herein and from a systems administrator stance, you simply must keep the local built-in Administrator account enabled & passworded; any other local account is simply meaningless.

As of this composition, this was tested on Windows 7 Service Pack 1 only.

Outlook

The single biggest challenge with Microsoft Outlook are those PSTs (Personal Storage Tables), which are never kept in check by the ordinary user till they become unmanageable. It’s best to keep “.pst” files at 20 GB and under or you will run into serious trouble. The current limit is 50 GB as according to our friends at Microsoft.

The next big intellectual challenge with Outlook happens when someone, usually the user, fools around with the profile and data file settings then they lose their address book, contacts and, most of all, the auto-complete feature. The auto-complete feature refers to the lettering {email addresses} that automatically fills up as the user begins to type. Information contained in the auto-complete feature is very temporary and, perhaps, more popular than it’s more stable intermediate solution called “contacts” and permanent solution called “address book”. If you move “.pst” files around chances are you will screw up the auto-complete feature and you will have a tough time with the end user/customer. Personal Storage Tables {file extension is .pst} are databases and databases should always be treated with respect and delicate care.

The best free tool we have used to solve auto-complete, contacts and address book problems is called nk2edit.

Installing Windows on a Computer with No Optical/DVD Drive

Warning: This is a one-way trip; so, you are warned. As you may expect, all data currently on the hard drive will be deleted. We advise you to create a recovery USB stick just in case.  Creating recovery images is painstakingly slow process and may take the whole day. Steps are:

Windows logo {lower left corner of desktop} > Recovery > Create recovery > Insert a USB that is 8 giga-bytes or higher
> Create recovery image

The big battle is for the computer to recognize the USB drive, which will contain the Windows 7 or 8 payload. This means altering the UEFI {Unified Extended/Enhanced Firmware Interface} to legacy-like BIOS settings. Also, you have to do one procedure and restart the computer in order to do the other. If you don’t understand any of this, please find someone with a slight better understanding of how computers work.

Since the system {which means computer} has no optical drive {this is where you would normally place your CD or DVD}, the first thing you have to do is put a bootable Windows 7 image {which means Operating System} onto a USB drive. From any computer, preferably one with 64-bit version of Windows 7 or 8, do the following:

  1. Insert your USB flash drive into the USB port on the PC in question
  2. Format the USB stick as an NTFS volume. Make a note of the drive letter assigned to it {we will use the letter “F”}
  3. Start up a command prompt as an Administrator.
    Windows logo > cmd > runas /user:Administrator cmd > enter password when prompted
    {the Administrator account must be enabled}

Prepare the source image

  1. Change drives or point to the Windows 7 image and run the following:
    {you may mount the ISO using a PowerISO or extract the entire image to some folder/directory and point to that folder}

>cd E:  {if “E” is your where the image is mounted or cd somefolder} then type the following

> cd boot

>bootsect /nt60 F:

  1. After you’ve don the above, in Windows Explorer, copy the entire contents of the Windows 7 DVD to root directory of the USB stick.
  2. While you’re at it, you’ll probably want to grab the LAN or wireless driver from the ASUS support site and copy it onto the stick as well {don’t worry about mixing software with operating system content because it won’t interfere}. Keep in mind that Windows 7 & Windows 8 drivers are generally interchangeable but there may be issues, particularly because Windows 8 is a ‘touch-screen’ operating system.

If you have followed the above, the USB stick is now prepared. Don’t insert the USB stick yet. You now have to start monkeying with the UEFI configuration of the computer. The following steps may be out of sequence, depending on your needs and ability:

  1. Shut down the system if it’s running. If you reboot as normal, it will skip the POST and you won’t be able to boot into the UEFI interface. So we will interrupt the boot up process.
  2. Power on the system. While it’s booting, press F9 to enter the UEFI interface {may be F12 or some other function key, depending on the manufacturer of your computer}.
  3. Select Troubleshoot > then Advanced > elect UEFI Configuration.
  4. In the UEFI configuration, go to the Security page and set Secure Boot Control to Disabled > then Reboot.
  5. Go back into the UEFI interface as previously, then into the UEFI configuration. On the Boot page, change Launch CSM to Enabled.
  6. Insert the USB stick and reboot.
  7. Once again, go back into the UEFI interface just to check everything is correct. On the Boot page, you should now see the USB stick. Go to the Save & Exit page > Restart
  8. Select the USB stick from the list of one time boot options and you should find yourself booting into the Windows 7 installer.
  9. Since Windows 7 doesn’t support GPT, you’ll have to nuke all the partitions to proceed with the install. Yes, this means delete all the listed partitions, which includes the recovery and OEM partitions.> Click on Drive Options (advanced) > select each partition on the disk {normally Disk 0} and hit the Delete button.
  10. Proceed with the Custom installation of the operating system

Click on links below for attachment with these instructions:

Install Windows 7 on Asus S400C (No Optical-DVD Drive)

Install Windows 7 on Asus S400C (No Optical-DVD Drive)

We implemented these steps successfully but all original research & work belongs to its posters.

Fax Machine Issue

The most important thing to know when working on fax machines is that fax machines as affixed to your HP, Dell, Epson, Brother, Xerox, Ricoh printers are ANALOG DEVICES. On the other hand, phone lines are becoming more and more DIGITAL as supplied by telephone/cable/TV/ISP companies. In fact, it is safe to assume that digital phones are by now in the majority in North America. So, the first question when working on fax machines is, “Is the phone company issuing a digital or an analog signal?” If analog, you can connect a phone line to the back of the fax/printer with no problem. If a digital line comes in to the building, you have to somehow convert the digital signal to analog.  However, many times you will have an analog signal coming in from the ISP then it is converted to digital at your client’s or local site by some machine. In that case, you must bypass or circumvent the local digital PBX or box. This intermediary local PBX can be a point of frustration for many technicians who do not understand fax machines.

Just as a side note: Always dedicate a phone number or line for faxing only if you don’t want ping pong between receiving a phone call or fax. Yes, a fax number or line is the SAME as a phone number… No difference at all.  You can use your phone number as a fax number at any time, so long as you have a machine to receive the fax with. Usually, modern printers, particularly the all-in-one machines, will have a connection/input for faxing.