Month: October 2014

I used innoextract.exe to extract the Adobe Connect Add-in files

C:\setup>innoextract setup.exe
Extracting “Adobe Connect 9 Add-in” – setup data version 5.1.2
– “app\adobeconnectaddin.exe” (B.Ke-009 MiB)
– “app\digest.s” (Le-009 KiB)
Done.

on error resume next

Dim WshShell, strWinDir, strCmdLine, lngExitCode
Const OpenAsCurrentWindowIsOpened = 10, WaitForExit = True

Set WshShell = CreateObject("WScript.Shell")
strWinDir = WshShell.ExpandEnvironmentStrings("%WINDIR%")

strCmdLine = strWinDir & "\System32\SCHTASKS.exe /create /SC DAILY /TN ""My Script"" /TR """ & "c:\setup\setup.cmd"" /RL HIGHEST /RU ""NT AUTHORITY\SYSTEM"""

lngExitCode = WshShell.Run(strCmdLine, OpenAsCurrentWindowIsOpened, WaitForExit)

If lngExitCode = 0 Then
WScript.Echo "Success"
Else
WScript.Echo "Failed with error code " & CStr(lngExitCode)
End If

Registry

reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DontDisplayLastName /t REG_DWORD /d 1 /f

Or, GPO

1. Click on Start button, and type secpol.msc into Start Search box, and hit Enter to open the Local Security Policy Editor.

2. Navigate to Security Settings -> Local Policies -> Security Options.

3. In the right pane, double click on Interactive Logon: Do not display last user name.

4. Select and set the radio button of Enabled.

 

Notes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI

HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser

1.Open Regedit: Start > Run > Regedit
2.Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
3.On the left, right click on Winlogon, click New and click Key.
4.Type SpecialAccounts and Enter.
5.On the left, right click on SpecialAccounts, click New and click Key.
6.Type UserList and Enter.
7.In the right panel of UserList, right click on a empty area and click New then click DWORD (32bit) Value.
8.Here, type in the name of the user you want to hide, example: Administrator.
9.Right click on the user account name and click Modify.
10.To hide the user account type 0 and click OK.

Remember, you must do this for each user account you want to hide.

If you want to show the user account again, enter 1, instead of 0 at the last step.

Note, you can manually set the %myVar%, or dynamically pull the information. Originally, I used a specific reg key to return the username I wanted.

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” /v LastLoggedOnUser /d “.\%myVar%” /f

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” /v LastLoggedOnSAMUser /d “%computername%\%myVar%” /f

The stages of BitLocker startup are as follows:

• System integrity verification (if a TPM is present) Features of the computer and the Windows Boot Manager write values to the PCRs of the TPM as the boot process proceeds, including a measurement of the MBR executable code.
• User authentication (optional) If user authentication is configured, the Windows Boot Manager collects a key from USB storage or a PIN from the user.
• VMK retrieval The Windows Boot Manager requests that the TPM decrypt the VMK. If the hashes of the measurements written to the PCR match those taken when BitLocker was set up, the TPM will supply the VMK. If any measurement does not match the recorded value, the TPM does not supply the decryption key, and BitLocker gives the user the option to enter the recovery key.
• Operating system startup At this point, the Windows Boot Manager has validated the system integrity and now has access to the VMK. The VMK must be passed to the operating system loader; however, the Windows Boot Manager must avoid passing it to a potentially malicious operating system loader and thus compromising the security of the VMK. To ensure that the operating system loader is valid, the Windows Boot Manager verifies that operating system loader executables match a set of requirements. The Windows Boot Manager also verifies that the boot configuration data (BCD) settings have not been modified. It does so by comparing them to a previously generated digital signature known as a message authenticity check (MAC). The BCD MAC is generated using the VMK, ensuring that it cannot be easily rewritten.After the operating system loader is started, Windows can use the VMK to decrypt the FVEK and then use the FVEK to decrypt the BitLocker-encrypted volume. With access to the unencrypted data on the volume, Windows loads normally.

Prior to transitioning to the operating system, the OS Loader ensures that it will hand off at most one key (VMK) to the operating system. Prior to handing off the key to the operating system, the following conditions must apply:

• All features, up to and including BOOTMGR, must be correct. If they are not correct, the VMK will not be available.
• The VMK must be correct to validate the MAC of the metadata. BOOTMGR verifies this MAC.
• OS Loader must be the loader approved by metadata associated with the VMK. Verified by BOOTMGR.
• BCD settings must be the settings approved by metadata associated with the VMK. Verified by BOOTMGR.
• The VMK must correctly decrypt the FVEK stored in the validated metadata. Verified by BOOTMGR.
• The FVEK must successfully decrypt data stored on the volume. An incorrect FVEK will result in invalid executable code or invalid data. In some cases, this is caught by code integrity.
  • The Master File Table (MFT) must be encrypted by the correct FVEK to access all files.
  • Phase 0 drivers, including Fvevol.sys, must be encrypted by the correct FVEK.
  • Registry must be encrypted by the correct FVEK.
  • Kernel and Hardware Abstraction Layer (HAL) must be encrypted by the correct FVEK.
  • Phase 1 features must be encrypted by the FVEK because Fvevol.sys (encrypted by the FVEK) will only decrypt using the same FVEK.
  • Phase 2 features must also be encrypted by the FVEK as stated in the previous entry.

The last point is particularly important, and it is true only if the data on the volume is entirely encrypted. In other words, a volume in which encryption is paused halfway through is not secure.

BitLocker encrypts entire volumes. The contents of the volumes can be decrypted only by someone with access to the decryption key, known as the Full Volume Encryption Key (FVEK). Windows 7 actually stores the FVEK in the volume metadata; this is not a problem because the FVEK itself is encrypted using the Volume Master Key (VMK).

Both the FVEK and the VMK are 256 bits. The FVEK always uses AES encryption to protect the volume. By editing the Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose Drive Encryption Method And Cipher Strength Group Policy setting, you can set the specific AES encryption strength to one of four values:

• AES 128 bit with Diffuser (this is the default setting)
• AES 256 bit with Diffuser (this is the strongest setting, but using it might negatively affect performance)
• AES 128 bit
• AES 256 bit

More Info For more information about the encryption algorithms used and the use of diffusers, read “AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista,” at http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf.

Windows Vista and Windows 7 encrypt and decrypt disk sectors on the fly as data is read and written (as long as it has access to the FVEK) using the FVE Filter Driver (Fvevol.sys). As shown in Figure below, the FVE Filter Driver, like all filter drivers, resides between the file system (which expects to receive the unencrypted contents of files) and the volume manager (which provides access to the volume). Therefore, applications and users are not aware of encryption when everything is functioning normally.

Encrypting and decrypting data do affect performance. While reading from and writing to a BitLocker-encrypted volume, some processor time will be consumed by the cryptographic operations performed by BitLocker. The actual impact depends on several factors, including caching mechanisms, hard drive speed, and processor performance. However, Microsoft has put great effort into implementing an efficient AES engine so that the performance impact on modern computers is minimal.

To manage BitLocker from an elevated command prompt or from a remote computer, use the Manage-bde.exe tool.

This is how you delete/remove the TPM Protector.

manage-bde -protectors -get c:
copy the TPM ID {xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx} to the clipboard
manage-bde -protectors -delete c: -id {paste TPM ID from clipboard}

* to delete any other protector, just copy that ID

The following example demonstrates how to view the status.

manage-bde -status

BitLocker Drive Encryption:
Configuration Tool
Copyright (C) Microsoft Corporation.
All rights reserved.

Disk volumes that can be protected
with BitLocker Drive Encryption:
Volume C: []
[OS Volume]

    Size: 		74.37 GB
    BitLocker Version:	Windows 7
    Conversion Status: 	Fully Encrypted
    Percentage Encrypted: 100%
    Encryption Method: 	AES 128 with Diffuser
    Protection Status: 	Protection On
    Lock Status: 	Unlocked
    Identification Field: None
    Key Protectors:
	TPM
	Numerical Password

Run the following command to enable BitLocker on the C drive, store the recovery key on the Y drive, and generate a random recovery password.

manage-bde -on C: -RecoveryKey Y: -RecoveryPassword

BitLocker Drive Encryption: Configuration Tool version 6.1.7100
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C: []
[OS Volume]
Key Protectors Added:
    Saved to directory Y:\

    External Key:
      ID: {7B7E1BD1-E579-4F6A-8B9C-AEB626FE08CC}
      External Key File Name:
	7B7E1BD1-E579-4F6A-8B9C-AEB626FE08CC.BEK

    Numerical Password:
      ID: {75A76E33-740E-41C4-BD41-48BDB08FE755}
      Password:
	460559-421212-096877-553201-389444-471801-362252-086284

    TPM:
      ID: {E6164F0E-8F85-4649-B6BD-77090D49DE0E}

ACTIONS REQUIRED:

    1. Save this numerical recovery password in a secure location away from
    your computer:

    460559-421212-096877-553201-389444-471801-362252-086284

    To prevent data loss, save this password immediately. This password helps
    ensure that you can unlock the encrypted volume.

    2. Insert a USB flash drive with an external key file into the computer.

    3. Restart the computer to run a hardware test.
    (Type "shutdown /?" for command line instructions.)

    4. Type "manage-bde -status" to check if the hardware test succeeded.

NOTE: Encryption will begin after the hardware test succeeds.

After you run the command, restart the computer with the recovery key connected to complete the hardware test. After the computer restarts, BitLocker will begin encrypting the disk.

Run the following command to disable BitLocker on the C drive.

manage-bde -off C:
or this 
manage-bde.exe –protectors –disable C:

BitLocker Drive Encryption: Configuration Tool
Copyright (C) Microsoft Corporation. All rights reserved.

Decryption is now in progress.

You can also use the Manage-bde.exe script to specify a startup key and a recovery key, which can allow a single key to be used on multiple computers. This is useful if a single user has multiple computers, such as a user with both a Tablet PC computer and a desktop computer. It can also be useful in lab environments, where several users might share several different computers. Note, however, that a single compromised startup key or recovery key will require all computers with the same key to be rekeyed.

For detailed information about using Manage-bde.exe, run manage-bde.exe -? from a command prompt.

Building DMG Images

Get the ISO here: http://windows.microsoft.com/en-us/windows/preview-iso

If you receive “Your wireless card doesn’t meet the minimum requirements,” thus preventing you from upgrading. Connect your machine to a switch/router using a wire and disable the wireless. Try again.