Windows PC Clinic

Windows PC Clinic:

MIT 1. MIT Stuff 2. Go over separation of IST & CRON a) Mail & Passwords at MIT b) Everything else at CRON 3. Walk through IST site a) KB articles. b) Software site and walk through Certaid, Pharos, Sophos, VPN, Office

MAINTENANCE 1. Physical Computer

• clean screen with eyeglasses cloth. does not need solvent except in extraordinary • do not operate on soft surfaces. leave space for critical cooling: battery and logic board • no fluids sprayed directly. wipe keyboard/case with damp (not wet) cloth and mild leaner • keep martinis at safe distance • operating/storage temperatures: 50-95 / -15-115

2. Battery

• use it! 5-7 hours life. discharge 1/month • note operating/storage temps above. batteries very sensitive to hi temps

3. Software

• Everyone should be at Windows 10 (version 1909 or 2004) • OS should be fully patched. Go to Settings > Software Update > Check for Updates. • Major updates can take an hour – so do them when convenient. • For security, keep ALL software up to date • Patches are reverse engineered by hackers quickly - so don’t wait. • Check for 3rd party updates: Download and use “PatchMyPC” to update and install great free software. • Visit your vendor site for computer / BIOS updates.

4. Optimizing

1. Run Chkdsk at any sign of trouble, can’t save or open files. 2. Go to C drive’s properties (right click) > Tools > a. Check to clean drive b. Optimize to defragment drive c. Run “Disk Cleanup” on the General tab. 3. Go Task Manager look for processes consuming CPU. Check for unneeded processes especially if computer is running slow or hot. 4. In Task Manager go to the “Startup” tab and remove unneeded items (Skype, Cortana, Adobe stuff, etc..) 5. Run “sfc /scannow” in an elevated command prompt. For details see: https://www.dell.com/support/article/en-us/sln32294/how-do-i-run-the-system-file-checker-in- microsoft-windows?lang=en

SECURING YOUR PC

1. cron.mit.edu/security 2. Set good password and do not share it 3. If shared, set every user with own account 4. Enable Bitlocker: save key in cloud 5. Backups: encrypt Backup drive, reliable backup provider 6. Encrypt Flash drives if important. 7. Keep firewall on 8. Anti-virus: sophos/malwarebytes 9. Smart web practices • no Flash • no porn, hacked SW sites, etc • no unexpected downloads, no unexpected password prompts • ignore ‘you are infected’ warnings

PRIVACY 1. cron.mit.edu/privacy

2. Internet surveillance: google and Facebook and countless others: monetized surveillance

3. Behavioral/technical

• always use a VPN. • behavioral: no Facebook, no YouTube, no google. Netflix, etc? read privacy • check statements, read terms of use. Proudly adopt open source alternatives. • legal; know the law, your rights, and vote/make difference: ACLU, EFF

Certificates and DUO: Certaid for OS, Edge and Chrome.

Firefox – go to ca.mit.edu and see for details: http://kb.mit.edu/confluence/display/istcontrib/Install+and+Delete+MIT+Personal+Certificate+in+Firefo x Certificates: • Serves as ‘proof’ of you being who you say you are and encrypt communication (password and duo). • Certificates are presented by your web browser when a site requests them. Note that the certificate does not contain a password, but has other identifiers. • Use ‘LastPass’ to keep many web site passwords as a more secure alternative to the same one for all sites. • Certificates expire July 31

DUO: • Uses two factor authentication with something else you have (USB key or DUO app). If a service offers two factor, use it for much improved security. • Download the DUO app for your phone/ tablet and register it at duo.mit.edu.

EMAIL • Use MIT email for work and school. • Use other email address for your private life and play.

BACKUPS 1. CrashPlan a) Exclude Dropbox, OneDrive, VMs b) backs up only your files, no apps, no system files so if complete restore needed (eg: laptop returns wiped) one need rebuild from scratch 2. File History a) System Image backup for complete (bare metal) restore. b) Not encrypted (unless Bitlockered).

Printers You can add the DUSP printers by running printer install scripts on a network share called: \\cronsmb1.mit.edu\cronpc\printer. You only need to run the “.bat” (Windows Batch Files) to install then printers. In order to access this network share, the following conditions must be met:

1. You must be on campus and connected to the MIT Secure or MIT networks. 2. You must access the batch files in File Expolorer (not Chrome, Firefox, Edge, or IExplorer). 3. Your wireless connection must configured for a Private (non-public) network. See: https://support.microsoft.com/en-us/windows/make-a-wi-fi-network-public-or-private-in- windows-10-0460117d-8d3e-a7ac-f003-7a0da607448d 4. When prompted for your username, append @mit.edu (like your email, i.e. [email protected]) and use your MIT password.

WHERE TO GET HELP 1. cron@mit 2. Dell, Lenovo and Apple support directly until PC service is back.