Saturday, October 30, 2010

Make Local Devices and Resources Available in a Remote Session

Applies To: Windows Server 2008 R2
Remote Desktop Services provides users the ability to access their local devices and resources in remote sessions. Users can access resources such as local drives, printers, the Clipboard, and supported Plug and Play devices. This is usually referred to as redirection.
In Windows Server 2008 and Windows Server 2008 R2, redirection has been enhanced and expanded. Now you can redirect Windows Portable Devices, specifically media players based on the Media Transfer Protocol (MTP) and digital cameras based on the Picture Transfer Protocol (PTP).
Users can specify which types of devices and resources they would like to redirect to the remote computer on the Local Resourcestab of Remote Desktop Connection.
You can specify which local devices and resources will be available to users for remote sessions by using a connection on the RD Session Host server. You can enable or disable the redirection of the following:
  • Drives
  • Printers
  • LPT Port
  • COM Port
  • Clipboard
  • Audio
  • Supported Plug and Play devices
noteNote
Remote Desktop Services in Windows Server 2008 R2 supports redirection of some additional supported Plug and Play devices. These additional supported Plug and Play devices exclude the various kinds of Plug and Play devices that are already supported in other categories, such as Drives, Printers, or Smart Cards. For example, a USB thumb drive that gets installed as a drive letter on the client computer will be listed as available for redirection under the Drives category, and a USB Plug and Play printer attached to the client computer will be redirected under the Printers category.
If you disable redirection of the Clipboard, for example, users connecting remotely to the RD Session Host server on this connection will not be able to redirect their Clipboard in their remote session, even if they select the Clipboard check box on the Local Resources tab under Options in Remote Desktop Connection. If you enable redirection of a local device or resource on the RD Session Host server, users will still have to specify that they want to redirect that type of local device or resource by making the appropriate selection on the Local Resources tab under Options in Remote Desktop Connection.
Use the following procedure to enable or disable the redirection of local devices and resources for the connection on the RD Session Host server.
Membership in the local Administrators group, or equivalent, on the RD Session Host server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships athttp://go.microsoft.com/fwlink/?LinkId=83477.
To enable or disable the redirection of local devices and resources
  1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  2. Under Connections, right-click the name of the connection, and then click Properties.
  3. In the Properties dialog box for the connection, click the Client Settings tab.
  4. Under Redirection, do one of the following for a given local device or resource category:
    • Select the check box to disable redirection of that type of local device or resource.
    • Clear the check box to enable redirection of that type of local device or resource.
  5. Click OK.
You can also configure which local devices and resources will be available to users in their remote sessions by applying Group Policy settings.
The following is a list of some of the Remote Desktop Services-specific Group Policy settings that are related to local device and resource redirection.

 

Group Policy setting nameGroup Policy setting location
Allow audio and video playback redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow clipboard redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow COM port redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow drive redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow LPT port redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow supported Plug and Play device redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow client printer redirection
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
These Group Policy settings can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
noteNote
These Group Policy settings will take precedence over the settings configured in Remote Desktop Session Host Configuration and over the settings specified by the user in Remote Desktop Connection. If both the Computer Configuration and the User Configuration policy settings are configured, the Computer Configuration policy settings take precedence.
For more information about Group Policy settings for Remote Desktop Services, see the Remote Desktop Services Technical Reference (http://go.microsoft.com/fwlink/?LinkId=138134).
For more information about Remote Desktop Services, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkId=138055).

Monday, October 25, 2010

ThinkPoint - Fake Microsoft Security Essentials Alert

What is ThinkPoint?

ThinkPoint is a malicious computer security tool that is being promoted via fake Microsoft Security Essentials Alert. Previously, this alert is endorsing only five (5) application but recently it included Think Point as an addition to the family. To get users attention, this unwanted program will pop-up a security window and scan viruses on itself instead of your legally installed AV program. After that, several dozens of Trojans, viruses and spyware will be displayed attempting to scare computer users. This is an attempt to persuade the into obtaining the registered version of ThinkPoint Antivirus.
To get rid of annoyances brought about by this fake AV software, you must first remove ThinkPoint itself. Only an effective anti-malware program can detect and remove compromised files from the computer and totally render it clean and bring back to its previous normal working state. Just follow the remove procedure stated below and remove ThinkPoint completely.

TypeRogue
Sub-TypeFakeAV
Aliases 
OS AffectedWindows
Detected ByMalwareBytes

What are the Symptoms of ThinkPoint Infection?

Image of ThinkPoint
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\thinkpoint.exe”
The threat will drop the following malicious files:
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Local Settings\Temp\[random]

How to Remove ThinkPoint Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8- From the selections, Select SafeMode
2. End ThinkPoint Process
- Press Ctrl+Alt+Del from the keyboard to open Task Manager
- Go to process Tab
- Select ‘hotfix.exe’ and click on End Process
- Close Task Manager
3. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
4. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
5. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

Automatic Removal of ThinkPoint

1. Download and run MalwareBytes AntiMalware to remove this computer threat.

Wednesday, October 20, 2010

“Multiple Networks” and the Internet stopped working in Windows Vista after waking up a computer


  • Open the Network and Sharing Center.

  • Click the Customize link for the first network.

  • While leaving the Set Network Location window open, click the Manage network connections link back on the Network and Sharing Center.

  • On the Network Connections window, right-click the connection that’s connected to the Internet andDisable it.

  • Go back to the Set Network Location window and click the Merge or delete network locations link at the bottom.

  • On the Merge or Delete Network Locations window, delete the entries and then close the windows.

  • Go back to the Network Connections window, right-click on the connection and select Enable
  • Monday, October 11, 2010

    Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista


    In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store.
    1. Connect to your OWA site by going to https://host.domainname.com/exchange

    VistaScreen1.jpg
    You should see a screen like the above due to the fact that your self-signed cert is not trusted.
    2. Choose "Continue to this website (not recommended)".
    VistaScreen2.jpg
    You should then be presented with your OWA logon page.

    3. Click on “Certificate Error” beside the address bar and select view certificates.ViewCertscreen.jpg
    VistaScreen3.jpg

    If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as administrator and load the page again.
    4. Once you have the install certificate button available, select "Install Certificate".
    5. This will launch the Certificate Import Wizard. Make sure to Choose the option “Place all certificates in the following store” and select browse.
    Vistascreen4.jpg
    6. Select Trusted Root Certification Authorities and click Ok.
    Vistascreen5.jpg
    * In some cases you have to check show physical stores, then select “Local Computer” under Trusted Root Certification Authorities.
    image
    7. Click Finish on Completing the Certificate Import Wizard
    Vistascreen6.jpg

    8. Click yes on the security warning to install the certificate
    Vistascreen7.jpg
    9. If you want to verify the Certificate has been installed you can load the certificates snap in and you should see it under Certificates –Current User-Trusted Root Certification Authorities-Certificates.
    VistaScreen8.jpg

    Note: You can also copy it to the local computers certificate store so it applies for all users that use the machine.
    If you install the certificate but then cannot see it please read the following KB article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;932156


    A couple of notes for more advanced users:
    (1) You can create a group policy object and import this certificate into "Computer Settings\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities".  Link the GPO at the domain level to have it apply to all computers in the organization.
    (2) You can set up a certification authority on your SBS server, deploy the CA certificate via GPO as described above, and re-sign your web site certificate with the CA.  Installing Certificate Services is somewhat complicated, but it can be convenient to centralize (and mostly automate) the process of issuing and revoking certificates.

    How to use bcdedit command tool?

    1. Click Start Menu then at Start Search type cmd then press CTRL+SHIFT+Enter
    or go to All Programs >> Accessories >> right click command prompt and select run as Administrator.

    2. type bcdedit 
        It displays list if boot entries.



    A boot entry consists of 4 main elements:
    1. Identifier
    The identifier is how the system has named the boot entry.
    2. Device
    The device is the drive or virtual image that the system will use to boot the boot entry.
    3. Path
    The path is the location on the device where the bootloader file is found.
    4. Description
    The description is the friendly name we give to our boot entry, e.g. "Windows 7"
    You see next to the identifiers their UUIDs in {}. The UUID is the unique codename that the system gives to each boot entry and cannot be changed.

    The standard identifier UUIDs are explained below:
    {bootmgr} = the boot manager
    {current} = the OS you selected to boot at startup.
    {default} = the default OS selected to boot the PC.
    {ntldr} = Windows Legacy OS Loader (for windows xp)
    there are others like {memdiag} or {ramdisk} but they can't be of much use right now.

    warning   Warning
    IMPORTANT: make a backup of your bcd file first. To do that, type:

    bcdedit /export C:\SAVEDBCD

    This will create a file c:\savebcd which is your boot entry backup.
    If you mess up, you can always undo changes by:

    bcdedit /import c:\savedbcd



    Now to see how we can control the above entries, here are some examples:
    bcdedit /set {current} description "My edited Windows Boot Entry"
    NOTE: This changes the title of the boot menu entry "{current}".

    bcdedit /set {ntldr} device partition=E:
    NOTE: This tells bcd that Windows XP partition is drive E:

    bcdedit /set {ntldr} path \ntldr
    NOTE: This tells bcd that the ntldr file which is the winxp bootloader is on root folder "\" (of drive e: as stated above)

    bcdedit /displayorder {ntldr} /addfirst
    NOTE: This places Windows XP as the first OS on the menu list.

    bcdedit /default {ntldr} 
    NOTE: This places Windows XP as the default OS to boot first with.

    bcdedit /displayorder {33342343-3424-2342342342-2344} /addlast
    NOTE: This tells bcd that the boot entry with UUID 3334... should be the last entry on the menu.
    You can copy your existing VISTA or Windows 7 boot entry to another identical. Then you can change settings on the new entry to experiment. You will always have the first entry available, so it's safe to play with.
    bcdedit /copy {current} /d "New Windows 7 boot entry I just copied!"
    this will give you a line:
    NOTE: The entry was successfully copied to {4c21825f-e04b-11dd-b760-00195b61617a}. The {4c21825f-e04b-11dd-b760-00195b61617a} is the UUID of the new entry that the system just created. Yours will be different than mine! This is its identifier and you should use this to address that entry. Example:

    bcdedit /set {4c21825f-e04b-11dd-b760-00195b61617a} numpoc 2
    NOTE: This adds the 2 CPU Core support during boot, like you do in msconfig.

    bcdedit /deletevalue {4c21825f-e04b-11dd-b760-00195b61617a} numproc
    NOTE: This deletes the numproc parameter from entry {4c21825f....}

    bcdedit /delete {4c21825f-e04b-11dd-b760-00195b61617a} 
    NOTE: This deletes the boot entry {4c21825f....} completely. In order to delete an {ntldr} entry, you must use the /f switch to force deletion: bcdedit /delete {ntldr} /f
    You can always type just bcdedit to see your current settings.

    What else can I do with BCDEDIT?

    You can use BCDEDIT to alter any boot parameter , like you would in msconfig, only more. BCDEDIT works from booting with installation dvd too, so it can be handy for recovery purposes.
    bcdedit /timeout 5
    NOTE: This sets the wait-to-select-OS menu timeout at startup to 5 seconds . You will notice that I didn't give a UUID above. If you omit the UUID, it applies automatically to the relavant UUID. So: bcdedit /timeout 5 is identical tobcdedit /set {bootmgr} timeout 5
    Some more advanced examples:
    bcdedit /set {current} detecthal yes
    bcdedit /set {current} detecthal no
    NOTE: The above commands sets the detecthal to yes or no for entry {current}
    To create a new boot entry to load Windows XP from a partition on your disk: 
    NOTE: The example below uses F: as the Windows XP partition. Replace with your xp drive letter.
    bcdedit /create {ntldr} /d "Windows XP"

    bcdedit /set {ntldr} device partition=F:

    bcdedit /set {ntldr} path \ntldr

    bcdedit /displayorder {ntldr} /addlast
    Note   Note
    Final note: BCDEDIT works from installation boot dvd too. If you mess up with a setting and you cannot boot, just boot from DVD and enter Repair Computer, then go to command prompt and there you go. You can play again with bcdedit to restore your system back.


    ------------------------------------------------------------------------------------------------------------
    To change the description of the Windows Boot Manager:


    bcdedit /set {current} Description "Vista Ultimate" 

    Friday, October 8, 2010

    Slow Startup For Internet Explorer 7 (connecting...)

    Disable the add-ons by clicking Tools >> Manage Add-ons >> Enable or Disable Add-ons.

    Monday, October 4, 2010

    Acer Aspire One BIOS Recovery

    The BIOS is now also available from Acer european server. There is actually a text file included which recommends to flash the BIOS from DOS via a bootable USB stick.

    Also available from here if above does not work

    BIOS 3310 • Download

    First format an USB stick with FAT.

    Download the latest BIOS, and put both FLASHIT.EXE and the BIOS file in the root directory of the stick. Rename the BIOS file to ZG5IA32.FD, that's important. Do not remove the USB stick.

    Turn off the Acer Aspire One, make sure both battery and AC adapter are connected. 
    Press Fn+Esc, keep it pressed and press the power button to turn on. 
    Release Fn+Esc after a few seconds, the power button will be blinking. 
    Press the power button once. 
    The Acer Aspire One will now initiate the BIOS flash, do not interrupt it under any circumstances. After a while the power button will stop blinking, and the Acer Aspire One will reboot shortly after. Wait patiently.

    The BIOS has been flashed and all settings reset to default.

    If for some reason you made a mistake during the procedure and it doesn't reboot by itself wait 5 minutes before turning it off, just to be safe that it isn't still flashing the BIOS.

    Saturday, October 2, 2010

    Install the Windows Fax driver or service to use Internet Fax in Office 2010

    Windows 7

    In Control Panel, click Programs, and then click Programs and Features.
    NOTE In Classic view, double-click Programs and Features.

    Click Turn Windows features on or off.
    In the Windows Features dialog box, under Print and Document Services, select the Windows Fax and Scan check box.
    Click OK.


    Windows Vista

    The Windows Fax Printer Driver is included in the following editions of Windows Vista: Business, Enterprise, and Ultimate.

    In Control Panel, click Programs, and then click Programs and Features.
    NOTE In Classic view, double-click Programs and Features.

    Click Turn Windows features on or off.
    In the Windows Features dialog box, select the Windows Fax and Scan check box.
    Click OK.


    Windows XP

    In Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Component.
    NOTE In Classic view, double-click Add or Remove Programs.

    In the Windows Component Wizard, select the Fax Services check box.
    Click Next.


    Windows Server 2008

    To create a fax server, you must install the Fax Server role. This installs the Fax Server role page, Fax Service Manager, Windows Fax and Scan (with faxing capabilities only), the Fax service, and the Fax printer.

    In Control Panel, under Programs, click Turn Windows features on or off.
    Right-click Roles, and then click Add Roles.
    In the Add Roles Wizard, under Select Server Roles, click Fax Server role.
    NOTE If Print Services are not installed, you are prompted to install it.

    Click the users or groups that you want to send faxes.
    Click who you want to have access to the fax server inbox.
    Click Install.


    Windows 2003

    The Fax Service is included in all editions of Windows Server 2003 except the Web edition.

    In Control Panel, click Add/Remove Programs.
    In the Add/Remove Programs dialog box, click Add or Remove Windows Components.
    In the Windows Component Wizard, select the Fax Services check box, and then click Next.
    If you want to share the fax printer so that everybody in the network can send and receive faxes, click Yes.
    Click Finish.