|
Thank you. A quite simple thing I still know from Windows 2000 where you always had to use it to show the 'Run as administrator' menu item.
One more note: When you are logged in on a domain with Win 7 Pro, you are always prompted for a local administrator account name.
|
|
|
|
|
Excellent! Thanks so much.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Jochen Arndt wrote: <Update>
This is not necessary when logged in on a domain with Win 7 Pro.
Then there is always an input field for a local administrator account name.
</Update>
I haven't found this to be true in the 18+ months I have been Administering Windows 7 Enterprise and Windows Server 2008 R2 systems.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
It's just my experience here with 7 Pro. But there are some points that may be the source for this behaviour:
- Domain server is running Samba
- Actually logged in on domain with an user account (not logged in locally)
- Local profiles (no roaming)
- There is no client specific administrator account on the Samba server (only the account required to enter the domain)
|
|
|
|
|
Hi,
I have always ran every computer I owned, or have Control over, in Administrator Mode.
We have a network of a (typical) three Computers. We trust eachother, and we want All of us to be able to Read, Modify, Delete and Write to All Files.
That works fine with our own Software,This has not caused even one problem, until MS Office Arrived. It stores by default, documents in unpredictable locations.
For Backup and Storage Purposes, we want the Whole Lot to be located in One Directory Location on One Computer, to which MS Office Defaults. We want to set up our Own Directory Methods, where Office is not giving easy options and second guessing the last folder. We are looking for a Solution where MS Office ALWAYS browses from the Virtual Disk Root, regardles who is signed on!
Regards, 
Bram van Kampen
|
|
|
|
|
You can change the default file locations in options
|
|
|
|
|
On a customer site, a "normal" (i.e. non-administrative) user cannot access the sound settings (mmsys.cpl) of the computer, whereas an admin can. From the error message the user receives, my impression was that a group policy causes the problem. Do you know which group policy can do so (the customer's admins do not know that...)?
|
|
|
|
|
Could try GPEDIT.MSC and check the local policies on the system. Easy way to rule out a GPO. Lots of stuff could cause a sound error, but I'd lean towards a corrupt driver. Possibly from a bad image that was used?
Question: Is the option grayed out, or does the error pop, and what error is it/
Something worth reading, albeit it's invincible!
|
|
|
|
|
|
I'm considering installing a second NIC so that I can be connected to the web and a VPN at the same time.
If I were to open a browser, how does the system decide which network to use for the browser's communications?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
hmm.. InternetOptions?
|
|
|
|
|
Change the default gateway on each card. You can give each a separate static IP address as well. Go into the IPV4 properties of each adapter to accomplish this.
In the preferences of the VPN client. You should be able to choose which one to use. Or consider using the ROUTE ADD command with the address you to VPN too.
Something worth reading, albeit it's invincible!
|
|
|
|
|
My company just rolled out a beta win7x64 corporate image. I've been using it since Tuesday. I am getting errors that point me towards there being memory fragmentation at the system level.
In particular, the JVM won't run because it can't allocate object heap space and VirtualBox will fail loading a 1GB ram VM, when I have the following (rough) memory stats in resource monitor:
in use:1.9GB Modified: 100MB Standby: 3.1GB Free .9GB
The free memory creeps down until it's gone, the standby never reduces, and I get a error saying there is no memory and the VM kicks the bucket. I need help finding out what is fragging memory so I can convince my IT that it is a problem, and give them a clue where to look.
So, does anyone know any good tools for finding the cause?
Opacity, the new Transparency.
|
|
|
|
|
Try here[^] for the Win 7 SDK, as I think they included a memory testing utility in it.
Other option would be to try and use BootVis to see if a driver is not releasing from bootup or what not.
Try clearing the startup programs and opening Taskbar and seeing what's running for processes/services.
fyi...I've even seen svchost.exe' fill up on RAM from leftover Window's Updates.
Something worth reading, albeit it's invincible!
|
|
|
|
|
Thanks, I will give it a try.
Opacity, the new Transparency.
|
|
|
|
|
hi,
I got a problem with browser credential forwarder. In my network I have ISA server 2004 which configure to control internet access of client machine. The rule that I configure is allow all user to access internet. the only setting that I set is allow user must be authenticate. All of my user are logon using domain credential.
The problem occur because sometime user A could access to website but sometime could not. As I check with the ISA log, I found that the browser did not forward user credential by default. that is why my firewall ISA do not allow the traffic.
so, how could i changed any setting to allow the browser always send credential forwarder to my ISA server to avoid any problem of accessing the internet?
thank,
|
|
|
|
|
Make sure they have "Automatic logon with current username and password" is enabled. To find this open Internet Options, Security, Custom Level, Scroll down to the bottom, and there it shall be.
Another spot to check would be to change "automatically detect settings" in LAN connections in Internet Options. This has caused me grief in the past.
Something worth reading, albeit it's invincible!
|
|
|
|
|
So, I've got a system equipped with a card reader (that I can boot from), a solid-state drive, and 2 conventional hard drives. I want to install Ubuntu on it and have all of it (except the boot partition because it can't) be fully encrypted.
Just so there's no confusion here:
- Full disk encryption: the use of disk encryption software or hardware to ensure that every (or almost every) bit persisted in storage is encrypted and unreadable to unauthorized users. That means anything on the disk that can be covered by encryption will be covered by encryption.
- Linux newbie: Yes. That's me.
- The setup I'm trying to achieve: (Click to see the diagram. [^])
I've already done this successfully using Windows BitLocker on the same system (though I had to apply some blunt-force trauma to get it to do what I want, and it boots without prompting for a password). The same seems to take a bit more work under Ubuntu since the official installers won't perform full-disk encryption without forcing me to type the same passphrase for every partition that needs to be decrypted.
From what I've read elsewhere, I've got a general idea what I have to do (install normally, move directories, change mount points, modify fstab and cryptab), but nothing concrete.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
|
I've read the first two before posting, but the third one pretty much describes the same thing. The problem I have with the official installer's behavior is that it requires typing in a password for every single encrypted device even and doesn't give the option to use a single password to decrypt all of them—hence my desire to introduce a "key partition" in a removable medium to handle automatically decrypting them; I would only have to type in the password for the key partition achieving a convenient 2-factor authentication setup.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
There are systems (like MobileArmor/DataArmor, which I used previously) that encrypt under the OS. My company uses one by McAffee that is smart enough to log me into Win7 without a 2 password requirement, though Win7 handles login from locked system.
I'd google FIPS 140-2 and linux.
Here is an open source system that rides under linux[^]
I suspect there are others. FIPS 140-2 is one of the NIST certifications for encryption sw. It was the standard a DoD project I worked on used. Good luck.
Opacity, the new Transparency.
|
|
|
|
|
Lee, Gun-Woon,
Just to pitch in my two cents... You may not be able to achieve what you want with a solution other than TrueCrypt. The only reason I say that is because you made it very clear that you want...
Lee, Gun-Woon wrote: "...every (or almost every) bit persisted in storage is encrypted and unreadable to unauthorized users."
However, you very likely already know that there are elements on the disk that cannot be encrypted (ie: boot partition). There is one additional element that cannot be encrypted using any FDE software that boots from the same disk (or any that I am aware of) - the partition definitions (ie: start and stop LBAs).
The reason TrueCrypt is excellent in a situation like this is because it can create an altogether hidden operating system[^]. Their methods are rather tactful and if your situation requires security that can thwart others' attempts at getting to your data *even after you give them the pre-boot authentication password*, than this is what you want.
Now, about your BitLocker setup. The reason BitLocker isn't requesting a password for it's pre-boot authentication is because your motherboard has something called a Trusted Platform Module (TPM) installed on it. You probably already know that since you likely had to activate the thing before the encryption process could start. Anyway, the TPM holds the en/decryption keys to your encrypted partition. When the system boots, the system partition (Windows' 100MB boot partition) authenticates with the TPM, exchanges keys, and boots the encrypted partition by decrypting it on-the-fly. When the TPM is locked or the disk configuration changed, or the disk is booted on a different system, or any number of things - this will cause Windows to start the BitLocker bootloader in a recovery mode. You will be prompted for a password if and when this occurs.
I'm also new to Linux myself (I've been aspiring to the genius required to understand Unix's simplicity[<ahref="http: en.wikipedia.org="" wiki="" unix_philosophy"="" target="_blank" title="New Window">^] for some time now...). Anyway, I think you'll be hard pressed to find an Open Source Software (OSS) implementation of a FDE package that supports hardware en/decryption components. The only one I've seen that can use a TPM is TpmCrypt[^] (which, ironically, seems to have an invalid certificate for their website!).
Moving along to your specific desired setup - the partitioning scheme you have illustrated is possible with TrueCrypt. Now, there is the normal way of doing things - then there is tuning the system for every last drop of performance possible. Here's a quick exit - if you'll be installing the entire system to the SSD, don't bother with tuning the partitions. It won't gain you anything.
If you'll be using any portion of the ATA/SATA disks, then you'd do well to put the swap partition on the SSD. This is important with any non-hardware en/decryption solution because all of the data must be en/decrypted either in RAM or in swap space (even if the encryption software pushes all of the normal memory functions to swap and reserves the physical RAM for itself, you'll still want to make sure that your swap disk is fast enough to keep up). Anyway, I'll let you figure out the rest of the partitioning.
Let me know what you end up doing, I'm interested to find out what route you take!! I just recently made the switch to Linux on my personal computer and am currently trying to get my way through some of the rough spots associated with the switch. Three main areas that are giving me nightmares are GRUB, RAID, and FDE.
|
|
|
|
|
I actually have TrueCrypt working on my other Ubuntu installations, but they just protect the files and not the entire system[^]. It's one reason TrueCrypt isn't an option.
For my Windows BitLocker setup, I built the entire system myself. I couldn't find any motherboard with a TPM, so I had to make a few group policy changes as an administrator to force BitLocker to work without it. Using the command line tools for managing BitLocker, I made it deposit the boot key in the 100MiB system partition; since the system partition resides on a removable medium there's nothing an attacker can tamper with on the hard drives but pure "random" bits.
As for the setup I'm trying to achieve, Linux's dm-crypt is pretty much the only free and flexible solution that I know of that allows for it. In fact, I've gotten as far as make it work like in the diagram[^] (2-factor authentication and all) except it asks for the password 4 times (once for each partition). It's quite annoying and an issue that I'm willing to investigate how to eliminate in an otherwise perfect setup.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
|
Why must you "do away" with "My Documents?"
Why don't you simply not store anything there?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
