How to Copy Path of a File to the Clipboard in Windows 7 or Vista

Windows Vista and 7 provides a very useful option "Copy as Path" which appears whenever you right-click on a file/folder. All you have to do is hold down the shift key, and right-click the file... Choose the Copy as Path from the menu. This option automatically copies the full path of selected file/folder which can be used anywhere else.

Here’s an example of what’s on the clipboard after clicking that:

“"E:\CVX Mail\Mail 2007.pst"”

Note: This will also allow you to copy the path of a folder, file, image, ..... to the clipboard.

Read More

How to use GPO to remotely install software in Windows Server 2008

       You can use Group Policy to assign or to publish software to users or computers in a domain. Additionally, it is useful to be able to deploy software based on group membership. A Group Policy object (GPO) is usually applied only to members of an organizational unit (OU) to which the GPO is linked.

Create a Distribution Point
       To publish or assign a computer program, you must create a distribution point on the publishing server:

1. Log on to the server computer as an administrator.
2. Create a shared network folder where you will put the Microsoft Windows Installer package (.msi file) that you want to distribute.
3. Set permissions on the share to allow access to the distribution package.
4. Copy or install the package to the distribution point. For example, to distribute Microsoft Office XP, run the administrative installation (setup.exe /a) to copy the files to the distribution point.

Assign a Package
       To assign a program to computers that are running Windows Server 2003, Windows 2000, or Microsoft Windows XP Professional, or to users who are logging on to one of these workstations:

1. Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In the console tree, right-click your domain, and then click Properties.
3. Click the Group Policy tab, select the group policy object that you want, and then click Edit.
4. Under Computer Configuration, expand Software Settings.
5. Right-click Software installation, point to New, and then click Package.
6. In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\file server\share\file name.msi.
   
   Important Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
7. Click Open.
8. Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window.
9. Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in.
10. When the client computer starts, the managed software package is automatically installed.

Publish a Package
       To publish a package to computer users and make it available for installation from the Add or Remove Programs tool in Control Panel:

1. Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In the console tree, right-click your domain, and then click Properties.
3. Click the Group Policy tab, click the group policy object that you want, and then click Edit.
4. Under User Configuration, expand Software Settings.
5. Right-click Software installation, point to New, and then click Package.
6. In the Open dialog box, type the full UNC path of the shared installer package that you want. For example, \\file server\share\file name.msi.
   Important Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
7. Click Open.
8. Click Publish, and then click OK.
9. The package is listed in the right pane of the Group Policy window.
10. Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in.
11. Test the package:

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
         a. Log on to a workstation that is running Windows Vista or Windows 7 by using an account that you published the package to.
         b.In Windows 7, click Start, and then click Control Panel.
         c.Double-click Program and Feature, and then click Add New Programs.
         d.In the Add programs from your network list, click the program that you published, and then click Add. The program is installed.
         e.Click OK, and then click Close.

Note if you upgrade or modify the package, you can redeploy a software package

Read More

How to Disable USB Storage Devices ports in Windows 7

      USB storage devices are so common these days almost everyone owns USB storage device in shape of small flash drives, external hard disks, mobile phones, cameras, and lots of other portable devices. So if you want to secure your computer from stealing data, viruses or any other risks then simply disable the USB ports for USB storage devices / disk drives. To block the USB storage devices just follow the given steps below.

Note: this method just block the USB drives (Flash drives, External HDD, Mobile Phones, etc.) not the USB mouse, Keyboard, etc.

How to Disable USB ports
Press Windows + R from keyboard, type “regedit” in the “Run” window and hit Enter.

Explore the registry editor folders
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
in the right pane double click to open “Start” DWORD value as shown below.

Change its value to 4 and click “OK” button to save changes. Close the registry editor and plug in any USB storage device to check.

Read More

Clean-up Tool (FindFile)

       Management of information stored on our network drives is important for many reasons but a major reason is cost control. By nature, our storage continues to grow and many users acknowledge that some stored information is old or has little value. These unneeded files can be either deleted or archived, resulting in significant reductions in business unit expense. A complete storage review can be time consuming but even a cursory review could easily result in significant annual savings. Below are three search methods that can use to reduce your network storage.

• Size - largest files first. You can significantly reduce your storage by identifying and eliminating only a few files.
• Date - oldest files. These files may no longer be needed.
• Type - Certain file types are known to be large in size such as BMP, JPG and MP3 files.

       FileFind is a tool that can help you with all three of these search methods. FileFind is an Excel spreadsheet with macros that assists in managing your disk storage. Below are instructions for using this tool. Should you have problems, please contact your local IT group.
Note: Secure and efficient storage of data is critical to our business. The data belongs to Company and, as a steward of portions of that data, the storage space on the servers is there for your use. However, it is expected that each user be accountable for their own data storage or that of their group.

       Company highly recommends that you not store business data on your C: drive. Data stored in this manner is not secure, is not backed up, is difficult to share, and in many cases conflicts with company information protection guidelines.


Welcome!  If you are not yet a network member, please register.

Read More

Location-Aware Printing

Windows 7: Location-Aware Printing

Note: this feature is only available for mobile devices, and not on desktop computers.

       One of  Windows 7's new feature is it can automatically switch your default printer when you move between networks (for example, when you move your laptop from your home network to your business network).

To configure this feature, follow the instructions below:

• Click the Start menu and in the search field type Devices.
• Click the link for Devices and Printers.
• Select a printer and right-click Manage Default Printers 
• Select Change my default printer when I change networks
• Select a network, select the default printer you want to use when on that network and press the Add button.
• Do the same for each network that you joined your laptop to it.

When you connect to a network, Windows will automatically select the default printer that was specified for it. 

Read More

Scheduling to Shutdown Automatically

Windows 7: Scheduling Your Computer to Shut Down Automatically
      Do you leave your computer on for extended periods of time, and would like it if your computer would automatically shut down at a specific time of day. Follow the instructions below.

• Click the Start button, in the search box, type "scheduled tasks" then click the item in the search results.
• In the Task Scheduler console, in the Actions pane on the right, click "Create Basic Task ...".
• In the Basic Task Wizard dialog, enter a name for task, such as "Shutdown Computer" and include a optional description such as "Shuts down computer at 12:00 a.m. everyday", press the Next button.
• On the Task Trigger page, select "Daily" and press the Next button.
• On the Daily page, enter a start date and time that you want the task to first begin (e.g. 12/1/11 and 12:00 a.m.) and press the Next button.
• On the Action page, select the "Start a Program" and press the Next button.
• On the Start a Program page, in the Program/script field, type: %SYSTEMROOT%\SYSTEM32\SHUTDOWN.EXE
• Press the Next button, review the Summary page and press the Finish button.

     Based on the task that was defined above Windows will now automatically shut down at 12:00 a.m. each day. Although before it does the system will display a pop-up notification, "Windows will shut down in less than a minute."

Read More

Windows 7 Security

       Many organization implemented the BitLocker and would like to know how it works for the BitLocker. Today I would like to share the knowledge from Orin Thomas that I found on the TechNet Magazine by Oring Thomas. He said that there are several obvious basic steps to securing a computer: Keep it current with the latest operating-system and application updates, ensure you’ve installed the latest antispyware and antivirus software, and use complex passwords, changing them regularly. In this article I’ll cover some security tips that go beyond these basic strategies and help you better utilize the security features of Windows 7.

Prepare for BitLocker

     One of the most notable security improvements in Windows 7 is in BitLocker, the technology for hard-disk encryption and boot-environment integrity-protection that debuted in Windows Vista. In Windows 7, the Enterprise and Ultimate editions include BitLocker. The technology ensures that unauthorized users can’t recover data from the hard-disk drives of stolen or lost laptops, as long as the computer was powered off when it went missing.

     One challenge BitLocker presents, though, is recovering data after a hardware failure that locks protected volumes. So although BitLocker offers excellent protection, many IT professionals find it problematic because they tend to encounter it only when they must perform recovery operations.

     Data recovery requires access to the BitLocker keys or passwords associated with the locked volumes. While it’s relatively easy to keep track of these for a small number of computers, doing so for several hundred is much more challenging.

     Group Policy helps IT professionals configure BitLocker so it can be activated only when the recovery keys and passwords have been successfully backed up to Active Directory. Extracting this recovery data has been vastly simplified by improvements to the Active Directory Users and Computers console in Windows Server 2008 R2 and to the Remote ServerAdministration Tools for computers running Windows 7. Locating recovery passwords and keys is much easier than with the tools in Windows Vista.
     Instead of having to download, install and configure special tools, you can access BitLocker recovery keys and passwords from a BitLocker Recovery tab. You’ll see this when viewing computer account properties in Active Directory Users and Computers. Ensuring that BitLocker keys and passwords are backed up is a three-step process:

1. In the Group Policy for the computer accounts of the system BitLocker will protect, navigate to Computer Configuration | Windows Settings | Administrative Templates | Windows Components | BitLocker Drive Encryption.
2. Now, if the computer has only one storage drive, navigate to the Operating System Drives node and edit the Choose how BitLocker-protected operating system drives can be recovered policy. If the machine has more than one storage drive, you should also go to the Fixed Data Drives node and edit the Choose how BitLocker protected fixed data drives can be recovered policy. Note that although you can configure their settings identically, the policies apply to different drives.
3. To configure BitLocker so that passwords and keys are backed up to Active Directory when BitLocker protection is activated, make sure to enable the settings: Save BitLocker recovery information to AD DS for OS drives (or fixed data drives, where appropriate), Do not enable BitLocker until recovery information is stored in AD DS for OS drives (or fixed data drives, where appropriate)

     Keys and passwords will be backed up for protected volumes only after the policy is applied. Volumes configured for BitLocker protection prior to implementing the policy will not have their keys and passwords automatically stored in Active Directory. You’ll have to disable and re-enable BitLocker on these computers to ensure that this recovery information makes it to the AD DS database.


Configuring a Data Recovery Agent
     There’s another option available if you need to recover BitLocker protected volumes without entering unique passwords or pins for a particular computer account—a Data Recovery Agent (DRA). This is a special type of certificate associated with a user account that can be used to recover encrypted data.
     BitLocker data recovery agents are configured by editing group policy and specifying a DRA certificate through the Add Data Recovery Agent wizard, which I’ll discuss shortly. To use the wizard, though, there must be a DRA certificate available on an accessible file system or published in Active Directory. Computers that host the Active Directory Certificate Services role can issue the certificates.
     When you have to recover data, a user account that has the DRA certificate installed locally will be unable to unlock the BitLocker protected volume. You can access the Add Data Recovery Agent wizard by navigating to the Computer Configuration | Windows Settings | Security Settings | Public Key Policies node, right clicking on BitLocker Drive Encryption, and selecting the Add data recovery agent option.
     To use BitLocker with DRA, you must also select the Enable data recovery agent checkbox in the Choose how BitLocker-protected operating system drives can be recovered policies (as well as in the fixed data drives policy where appropriate). You can use both DRA and Active Directory key/password backups for the recovery of the same BitLocker-protected volumes.
     DRA recovery will work only on BitLocker-protected volumes where BitLocker was enabled after the policy was enforced. The advantage of this method over password/key recovery is that a DRA functions as a BitLocker master key. This lets you recover any protected volume encrypted under the influence of the policy, rather than having to locate a unique password or key for each volume to be recovered.


BitLocker To Go

     Many of today’s removable storage drives have the average storage capacity approaching that of most small and medium-size departmental-level file shares from ten years ago. This presents several challenges.
     First, when a removable storage device is lost or stolen, a significant amount of organizational data can be compromised. And perhaps a bigger problem is that while users will quickly make the IT department aware of a missing laptop computer, they don’t feel the same urgency when a USB storage device that may contain gigabytes of organizational data has gone missing.
     BitLocker To Go, a new feature introduced with Windows 7, lets you protect USB storage devices in a way similar to what BitLocker offers for operating-system and fixed drives. Through group policy, you can restrict computers in your organization so that they can only write data to removable storage devices protected by BitLocker To Go. This increases security by ensuring that if a user does lose a removable device, at least the data on it is encrypted and can’t be easily accessed by unauthorized third parties.
     The relevant BitLocker To Go policies are located in the Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Removable Data Drives node of a group policy object. These policies include:

• Control use of BitLocker on removable drives. This lets you configure how BitLocker is used on removable drives, including whether ordinary users can enable or disable the facility on removable devices. For example, you may want to let specific users store data on removable drives already configured with the protection capability, but block them from configuring their own devices with it.
• Deny write access to removable drives not protected by BitLocker. This policy lets you restrict users so they can only write data to devices protected by BitLocker To Go encryption. When this policy is enabled, an unauthorized person can’t easily access data written to a removable device, as it will be protected by encryption.
• Choose how BitLocker-protected removable drives can be recovered. This policy lets you configure a data recovery agent or save BitLocker To Go recovery information within Active Directory. This policy is important, because if you choose to implement BitLocker To Go to protect data on removable devices, you should have a strategy to recover data for the inevitable case where a user forgets his or her BitLocker To Go password.

     When you’ve configured BitLocker To Go for a removable storage device, a user must enter a password to unlock the device on another computer. When the password is entered, the user will have read/write access to the device on a computer running the Enterprise or Ultimate editions of Windows 7. You can also configure BitLocker To Go to allow the user read-only access to BitLocker To Go protected data on computers running other versions of Microsoft operating systems.
     If your organization is going to use BitLocker To Go, you’ll need some sort of data recovery strategy in the event of lost or forgotten passwords. Configuring BitLocker To Go recovery is similar to configuring BitLocker recovery. In this case, you’ll have to set the Computer Configuration | Windows Settings | Administrative Templates | Windows Components | BitLocker Drive Encryption | Removable Data Drives | Choose How BitLocker-Protected Drives Can Be Recovered policy.
     You can have the BitLocker To Go passwords backed up to Active Directory, where they’ll be available to administrators who have access to the Active Directory Users and Computers console and the computer account where the device was originally protected. You can also configure a policy so that data is protected with a DRA, allowing a user assigned the DRA certificate to recover data from the drives without necessitating the recovery of individual passwords.


Configuring AppLocker
     No anti-malware utility can catch every malicious program. AppLocker can add another layer of protection. This technology lets you create a list of applications known to be safe and limit execution to those that are on the list. While this type of approach to securing a computer would be cumbersome to someone who regularly runs new and unusual software, most organizations have a standard system environment where changes to applications occur more gradually, so allowing the execution of only green-lighted applications is more practical.
      You can extend this set of AppLocker authorization rules to include not only executable files but also scripts, DLLs, and files in MSI format. Unless the executable, script, DLL or installer is authorized by a rule, it won’t execute.
      AppLocker makes creating the rule list for authorized applications simple with a wizard that automates the process. This is one of the significant improvements of AppLocker over software restriction policies, a technology in prior Windows versions that has similar core functionality.
     AppLocker can also use rules that identify files using the file publisher’s digital signature, so you can create rules that include the current and future versions of the file. This saves administrators the chore of updating current rules after applying software updates. The revised executable file, script, installer or DLL will still be covered by the original rule. This wasn’t possible with software restriction policies, which forced admins to update rules when software configurations changed.
     To create a reference set of AppLocker policy rules you can apply to other computers, perform the following steps:

1. Configure a reference computer running Windows 7 with all the applications you want to execute in your environment.
2. Log on to the computer with a user account that has local Administrator privileges.
3. Start the Local Group Policy Editor by running Gpedit.msc from the Search programs and files textbox.
4. Navigate to Computer Configuration | Windows Settings | Security Settings | Application Control Policies | AppLocker | Executable Rules of the local GPO. Right click on the Executable Rules node and then click automatically generate new rules. This will launch the Automatically Generate Executable Rules wizard.
5. In the textbox labeled Folder that contains the files to be analyzed, enter c:\. In the textbox labeled Name to identify this set of rules, enter All Executables and then click Next.
6. On the Rule Preferences page, select Create publisher rules for files that are digitally signed, and in case a file isn’t signed, also select File hash: rules are created using a file’s hash. Ensure that the option Reduce the number of rules by grouping similar files isn’t selected, and then click Next.
7. Rule generation will take some time. When they’ve been generated, click Create. When prompted as to whether you want to create the default rules, click No. You don’t have to create these—by creating rules for all executables on the reference computer, you’ve created the equivalent of more-comprehensive default rules.
8. If the computer has applications stored on multiple volumes, repeat steps 5 through 7, entering the appropriate drive letter when running the automatically generated executable rules wizard.
9. Once rules have been generated, you can export the list of allowed applications in XML format by right-clicking on the AppLocker node, then clicking on Export Policy. You can also import these rules into other group policy objects, such as those that apply to portable computers in your organization. By applying these rules through policy, you can limit the execution of applications so only those present on the reference computer are allowed.
10. When configuring AppLocker, you need to ensure that the Application Identity service is enabled through the services console and that executable rules are enforced through policy. If this service is disabled, AppLocker policies will not apply. Although you can configure service startup status within Group Policy, you must limit which users have local administrator access so that they are unable to circumvent AppLocker. You enable executable rule enforcement by right-clicking on the Computer Configuration | Windows Settings | Security Settings | Application Control Policies | AppLocker node and then clicking on Policies. Enable the Configured option under Executable Rules and then ensure that Enforce Rules is selected.

      Hopefully this has helped you learn how to implement and recover BitLocker, to use BitLocker To Go and to configure AppLocker Policies. Using these technologies along with normal housekeeping tasks (such as ensuring that computers are kept current with updates, antivirus software and antispyware programs), will enhance the security of computers in your organization running Windows 7.

Read More

Backup service on Windows 7

     Setting up the backup service on Windows 7 is a easy task, while very important in case of system crashes and data loss. In this tutorial I will show you how to backup your Windows 7 documents and other personal files to a network hard drive. In this tutorial I am using Windows 7 Ultimate 64 bit edition and a Western Digital My Book network hard drive.

      To begin setting up your Windows 7 backup you will first need to go to the control panel. You can access the control panel by clicking on the start button. Once inside the Control Panel , go to the System and Security section and click on the Back up your computer link.You will now need to click on the Set up Backup link. Once inside the Set up backup window, you can now choose where to save your back up files. Inside this window you could choose to save your backup files to a external hard drive, but since we are saving to a network hard drive we will choose the Save on a network button. You will now need to select the location of you network hard drive. Click on the browse button which will allow you to search for your backup folder. Now enter the username and password that is set on your network hard drive and click the ok button to proceed.

      You will now notice that your network hard drive is in the list for places that you can store your backup files. Click on the next button to begin selecting the files that you want to back up. For this tutorial I will use the default option, which is to allow Windows to select the files that need to be backed up. 

     This back up will recover your videos, documents, music and pictures. It will also create a system image in case of system failure.     Finally click on the Save setting and run backup button to start the backup. The backup may take a while to perform. I also recommend running the backup service on a weekly basis, so you will never be that far behind if your computer system happens to crash. If you want a even more choices in Windows 7 backup, I also recommend using Acronis True Image Home 2011. 

By: Sumusca P.

Read More