If you are like me, you are still learning your way around the new Microsoft Windows 7 operating system. Well, I found a great article in the october 2009 TechNet Magazine that lists 77 tips for techies and operators…here are the first 10:
1. Pick Your Edition — Most users do not need the more expensive Ultimate Edition; stick with Professional unless you specifically need BitLocker.
2. Upgrading? Go 64-bit — As the second major Windows release to fully support 64-bit, the x64 architecture has definitely arrived on the desktop. Don’t buy new 32-bit hardware unless it’s a netbook.
3. Use Windows XP Mode — Yes, it’s only an embedded Virtual PC with a full copy of WinXP—but it’s an embedded Virtual PC with a full copy of Windows XP! This is the first profoundly intelligent use of desktop virtualization we’ve seen—and a great way to move to Windows 7 without giving up full Windows XP compatibility.
4. Use Windows PowerShell v2 — More than just a shell, this is the administration tool you’ve always wanted: Parallel, distributed processing for administrative tasks! Manage 100 machines literally as easily as you manage one with the new Remoting feature. Windows PowerShell v2 ships for the first time in Windows 7, and within six months will be available for older versions of Windows.
5. Use AppLocker — We’ve been fans of Software Restriction Policies since Windows XP, and AppLocker finally makes application whitelisting possible. Use it to enhance or even replace your anti-virus software, ensuring that only the software you want to run will run.
6. Shift to and from Explorer and CommandPrompt — The classic Windows power toy Open Command Prompt Here is now an integral part of Windows 7 Explorer. Hold down the shift key then right-click a folder to add this option to the property menu. While you’re in a command prompt, if you want to open an Explorer window with the focus of the window on the current directory, enter start.
7. Record Problems — The Problem Steps Recorder (PSR) is a great new feature that helps in troubleshooting a system (see Figure 1). At times, Remote Assistance may not be possible. However, if a person types psr in their Instant Search, it will launch the recorder. Now they can perform the actions needed to recreate the problem and each click will record the screen and the step. They can even add comments. Once complete, the PSR compiles the whole thing into an MHTML file and zips it up so that it can be e-mailed for analysis to the network admin (or family problem solver, depending on how it’s being used.
8. Make Training Videos — Use a tool like Camtasia to record short, two to three minute video tutorials to help your users find relocated features, operate the new Taskbar and so forth. Get them excited about Windows 7—and prepared for it.
9. Start Thinking About Windows Server 2008 R2 — Some of Windows 7’s more compelling features, like BranchCache, work in conjunction with the new server OS. The R2 upgrade path is pretty straightforward, so there’s little reason not to take advantage of the synergies if you can afford upgrade licenses.
10. Prepare Those XP Machines — There’s no in-place upgrade from Windows XP to Windows 7, so start planning to migrate user data now, in advance of a Windows 7 upgrade deployment.
For the complete list, click here http://technet.microsoft.com/en-us/magazine/gg394259.aspx.
I also recommend that you visit the www.TechNetMagazine.com website and sign up for their free newsletters.
Finally, i have included a snapshot of 14 Windows 7 keyboard shortcuts included in the article above…enjoy!
A free InfraGard Maryland training seminar:
Date and Time: Monday, October 4, 2010, 8:30am-1:00pm in Ocean City
Location: Holiday Inn, Oceanfront @ 67th Street, 6600 Coastal Hwy., Ocean City, MD 21842
AN AUTHORITATIVE “NEED_TO_KNOW” ON THE STATE-OF-THE-THREATS MATRIX FOR THE HOSPITALITY INDUSTRY – with Lessons Learned from Mumbai & BEYOND
Jointly presented by the Federal Bureau of Investigation (FBI) and InfraGard’s Maryland Chapter, with the U.S. Department of Homeland Security (DHS), the Maryland Coordination & Analysis Center (MCAC) and Eastern Maryland Regional Information Center.
Major General Kalugin, The former Chief of KGB Foreign Counter-Intelligence whose job it was to penetrate all hostile intelligence and security forces worldwide. Now one of Russia’s “Most Wanted,” General Kalugin just celebrated his 7th year as a U.S. Citizen. He is the ultimate insider, whose fascinating autobiography, SPYMASTER*, documents secrets from his 32-year career.
Carl D. “Dave” Dalton, Former 29-year veteran LAPD, a sought-after source in the Security Industry for executive protection, high-profile/high-risk event security, emergency & disaster preparedness, Mr. Dalton has weathered unimaginable events: from the LA 1984 Summer Olympics and first-ever Papal visit in 1987, to the 1992 LA Riots; the Northridge Earthquake; firestorms, floods, and mudslides; epic structural fires; and major crime scenes. Heavily involved in the community in various key Security & Emergency Preparedness roles, he was personally invited by the Government of the People’s Republic of China to help prepare the Chinese National Police and Military to provide security for the 2008 Beijing Summer Olympics.
Darryl Kramer, Public-Private Sector Partnership Coordinator, Department of Homeland Security’s Office of Intelligence & Analysis. Mr. Kramer draws on a deeply informed and credentialed background in military and other sectors to bring a substantial breadth of understanding and resourcefulness in speaking to a State of the Threats Briefing and overview of the DHS Public-Private Sector partnering program – how it works, & how businesses can benefit.
Registration & Attendance: This invaluable event is FREE to Attend
REGISTER NOW at http://secureeastmd.eventbrite.com
Can YOU answer the following questions?
- What happens to my business if my sensitive business information falls someone else’s possession?
- What would it cost me to be without some or all of my sensitive business information?
- Could I recreate lost sensitive business information and what would cost?
- What would be the implications to my business if I could no longer trust accuracy or completeness of my sensitive business information?
If you can’t answer these questions, then you need this workshop sponsored by the Maryland InfraGard Chapter (IMMA) and the Small Busness Adminstration!!
The NIST Computer Security Division has developed a workshop to the small business owner increase information system security.
Learn how to define information security (IS) for your organization.
Hear examples of common types of threats and understand how determine the extent to which your organization should proactively address threats.
Learn common Best Practices and procedures to operate securely.
Hear a basic explanation of current technologies used in reducing vulnerabilities and learn of resources freely available to organization.
For additional information visit:
Date: August 20, 2010
Session I from 8:00 am – 12:00 pm*
Session II from 1:00 pm – 5:00 pm*
*50 seats per Session
Location: Baltimore City Community College, 710 East Lombard Street, Room 30, Baltimore, MD
Registration Fee: FREE
Register Online: http://cybersecuritymd.eventbrite.com
Parking is available nearby at 701 Lombard St. or 55 Market Place, Baltimore, MD for
$13.00 per day.
Questions about registration ?
E-mail Lauren.F.Schuler@infragard.org or call 443-436-7725.
Questions about the class content?
See http://csrc.nist.gov/groups/SMA/sbc/ or contact Richard Kissel at firstname.lastname@example.org .
Have you noticed a lull in the amount of spam your agency has been seeing? I did for a while. Well, a recent article by Government Computer News may explain what is happening.
In a March 5, 2009 article entitled “Spammers retool for a renewed assault” they lay out a very scary explanation for the recent drop in spam and paint a not so comfortable description about what spammers are planning–here’s a quote:
“The bot masters are trying to build their botnets back up,” Masiello said. “There is a lot of variance even on a daily basis on how much spam is being sent and received…they are likely going to be used for ID theft, mostly,” Masiello said. But the data also could be used to tailor fraudulent e-mails that could be convincing enough to entice even wary recipients to visit malicious Web sites or download malicious code.”
While spammers will continue to react and adapt to whatever tecnical means we have to prevent their attacks from harming our systems and data, there are three simple and very effective things you can do to thwart these evil doers:
- SPAM/VIRUS SCANNING TOOLS: This is your agency’s first line of defense against spam-initiated virus, spyware, and trojan attacks. While it’s hard to find an agency that is not using virus and spam scanning tools, periodically check to a) make sure your users have not turned off those tools, and b) that their tool definitions are up to date. On the network side, make sure your enterprise scanning tools are configured for maximum protection and that definitions are kept up to date with current spammer tactics.
- PERSONAL REMINDERS: You hear it all the time, 80-90% of information security issues are because of what “people” do (or fail to do). And, I hope you’re not counting on your agency’s annual IT security training to get them to protect themselves and your systems. An old adage frommy Navy training days used to say “if you want them to listen, you gotta tell’em seven times, in seven different ways.” This continues to be good advice. You are going to have to continually remind users to not open any attachments or click on any links in emails from people they do not know. Some ways include: a short email to all your users once every 30-45 days and include an example of a targeted spam email; place a note in agency newsletters; or have leadership mention it at stand-ups/watch turnover.
- OUTBOUND SCANNING AND IP BLOCKING: While most agencies are filtering inbound spam email and IP addresses, i’d guess that many of them are NOT doing the same on OUTBOUND emails and IP addresses. A good layered defense takes into account the chance that something may get past your inbound scanners. It’s a good practice to also scan and filter OUTBOUND emails and IP connections to make sure that trojan isn’t “calling home”; there are a number of websites out there to help you set this up.
As always, your thoughts and comments are welcomed…r/Chuck