Windows PC Clinic

Total Page:16

File Type:pdf, Size:1020Kb

Windows PC Clinic Windows PC Clinic: MIT 1. MIT Stuff 2. Go over separation of IST & CRON a) Mail & Passwords at MIT b) Everything else at CRON 3. Walk through IST site a) KB articles. b) Software site and walk through Certaid, Pharos, Sophos, VPN, Office MAINTENANCE 1. Physical Computer • clean screen with eyeglasses cloth. does not need solvent except in extraordinary • do not operate on soft surfaces. leave space for critical cooling: battery and logic board • no fluids sprayed directly. wipe keyboard/case with damp (not wet) cloth and Mild leaner • keep Martinis at safe distance • operating/storage teMperatures: 50-95 / -15-115 2. Battery • use it! 5-7 hours life. discharge 1/Month • note operating/storage teMps above. batteries very sensitive to hi teMps 3. Software • Everyone should be at Windows 10 (version 1909 or 2004) • OS should be fully patched. Go to Settings > Software Update > Check for Updates. • Major updates can take an hour – so do theM when convenient. • For security, keep ALL software up to date • Patches are reverse engineered by hackers quickly - so don’t wait. • Check for 3rd party updates: Download and use “PatchMyPC” to update and install great free software. • Visit your vendor site for computer / BIOS updates. 4. OptiMizing 1. Run Chkdsk at any sign of trouble, can’t save or open files. 2. Go to C drive’s properties (right click) > Tools > a. Check to clean drive b. OptiMize to defragment drive c. Run “Disk Cleanup” on the General tab. 3. Go Task Manager look for processes consuMing CPU. Check for unneeded processes especially if coMputer is running slow or hot. 4. In Task Manager go to the “Startup” tab and reMove unneeded iteMs (Skype, Cortana, Adobe stuff, etc..) 5. Run “sfc /scannow” in an elevated coMMand proMpt. For details see: https://www.dell.com/support/article/en-us/sln32294/how-do-i-run-the-systeM-file-checker-in- microsoft-windows?lang=en SECURING YOUR PC 1. cron.Mit.edu/security 2. Set good password and do not share it 3. If shared, set every user with own account 4. Enable Bitlocker: save key in cloud 5. Backups: encrypt Backup drive, reliable backup provider 6. Encrypt Flash drives if iMportant. 7. Keep firewall on 8. Anti-virus: sophos/malwarebytes 9. Smart web practices • no Flash • no porn, hacked SW sites, etc • no unexpected downloads, no unexpected password prompts • ignore ‘you are infected’ warnings PRIVACY 1. cron.Mit.edu/privacy 2. Internet surveillance: google and Facebook and countless others: Monetized surveillance 3. Behavioral/technical • always use a VPN. • behavioral: no Facebook, no YouTube, no google. Netflix, etc? read privacy • check stateMents, read terms of use. Proudly adopt open source alternatives. • legal; know the law, your rights, and vote/make difference: ACLU, EFF Certificates and DUO: Certaid for OS, Edge and Chrome. Firefox – go to ca.Mit.edu and see for details: http://kb.Mit.edu/confluence/display/istcontrib/Install+and+Delete+MIT+Personal+Certificate+in+Firefo x Certificates: • Serves as ‘proof’ of you being who you say you are and encrypt comMunication (password and duo). • Certificates are presented by your web browser when a site requests theM. Note that the certificate does not contain a password, but has other identifiers. • Use ‘LastPass’ to keep many web site passwords as a More secure alternative to the same one for all sites. • Certificates expire July 31 DUO: • Uses two factor authentication with something else you have (USB key or DUO app). If a service offers two factor, use it for Much iMproved security. • Download the DUO app for your phone/ tablet and register it at duo.Mit.edu. EMAIL • Use MIT email for work and school. • Use other eMail address for your private life and play. BACKUPS 1. CrashPlan a) Exclude Dropbox, OneDrive, VMs b) backs up only your files, no apps, no systeM files so if complete restore needed (eg: laptop returns wiped) one need rebuild from scratch 2. File History a) SysteM Image backup for complete (bare Metal) restore. b) Not encrypted (unless Bitlockered). Printers You can add the DUSP printers by running printer install scripts on a network share called: \\cronsmb1.Mit.edu\cronpc\printer. You only need to run the “.bat” (Windows Batch Files) to install then printers. In order to access this network share, the following conditions must be Met: 1. You Must be on campus and connected to the MIT Secure or MIT networks. 2. You Must access the batch files in File Expolorer (not ChroMe, Firefox, Edge, or IExplorer). 3. Your wireless connection must configured for a Private (non-public) network. See: https://support.Microsoft.com/en-us/windows/make-a-wi-fi-network-public-or-private-in- windows-10-0460117d-8d3e-a7ac-f003-7a0da607448d 4. When proMpted for your username, append @mit.edu (like your eMail, i.e. [email protected]) and use your MIT password. WHERE TO GET HELP 1. cron@Mit 2. Dell, Lenovo and Apple support directly until PC service is back. .
Recommended publications
  • Turning on Bitlocker Drive Encryption on Windows Computers Before You
    Turning on BitLocker drive encryption on Windows computers Before you start a couple of VERY important notes... a) Make sure you have backups before you start just in case anything goes wrong (as it’s much harder, usually impossible, to recover data from an encrypted drive - as you would hope and expect). b) Make sure you keep a safe copy of the encryption key And please provide a copy for the IT Office to store for use in the event of a problem or, if you choose to let Microsoft keep it, make sure you know your login details for Microsoft. If you forget the passwords and can not recover a copy of your key you will loose all your files (which is another reason to keep backups). If you reset BitLocker and a new encryption key is set - please remember to provide a copy to the IT Office Windows 7, 8 and 10 have BitLocker Built in, this can be used to encrypt the hard drive. It just needs to be activated following the steps shown below. 1) Enable BitLocker for a Drive The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the “Turn on BitLocker” command. If you don’t see this option on your context menu. Then click on the windows icon and where it says “Type here to search” type in “encryption” and click on “Manage BitLocker” from the list of options that appears. It’s just that simple. The wizard that pops up walks you through selecting several options, which we’ve broken down into the sections that follow.
    [Show full text]
  • Microsoft Windows FIPS 140 Validation Security Policy Document
    Secure Kernel Code Integrity Security Policy Document Microsoft Windows FIPS 140 Validation Microsoft Windows 10 (Creators Update, Fall Creators Update, April 2018 Update) Microsoft Windows Server (versions 1703, 1709, and 1803) Non-Proprietary Security Policy Document Version Number 1.4 Updated On April 4, 2019 © 2018 Microsoft. All Rights Reserved Page 1 of 24 This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision). Secure Kernel Code Integrity Security Policy Document The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • Solve Errors Caused by Corrupt System Files
    System File Corruption Errors Solved S 12/1 Repair Errors Caused by Missing or Corrupt System Files With the information in this article you can: • Find out whether corrupt system files could be causing all your PC problems • Manually replace missing system files using your Windows installation CD • Use System File Checker to repair broken Windows system files • Boost the memory available to Windows File Protection for complete system file protection Missing or corrupt system files can cause many problems when using your PC, from cryptic error messages to mysterious system crashes. If one of the key files needed by Windows has gone missing or become corrupt, you may think that the only way to rectify the situation is to re-install Windows. Fortunately, nothing that drastic is required, as Microsoft have included several tools with Windows that allow you to replace corrupt or missing files with new, fresh copies directly from your Windows installation CD. Now, whenever you find that an important .DLL file has been deleted or copied over, you won’t have to go to the trouble of completely re-installing your system – simply replace the offending file with a new copy. Stefan Johnson: “One missing file can lead to your system becoming unstable and frequently crashing. You may think that the only way to fix the problem is to re-install Windows, but you can easily replace the offending file with a fresh copy from your Windows installation CD.” • Solve errors caused by corrupt system files ................... S 12/2 • How to repair your missing system file errors ..............
    [Show full text]
  • Dell Migrate User's Guide
    Dell Migrate User's Guide August 2021 Rev. A03 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Contents Chapter 1: Introduction................................................................................................................. 5 Supported locales................................................................................................................................................................ 6 Chapter 2: Data Migration............................................................................................................. 7 Migrate and erase data from old PC...............................................................................................................................7 Check the network settings ...........................................................................................................................................19 Change the system locale............................................................................................................................................... 23 Device discovery
    [Show full text]
  • How to Cheat at Windows System Administration Using Command Line Scripts
    www.dbebooks.com - Free Books & magazines 405_Script_FM.qxd 9/5/06 11:37 AM Page i How to Cheat at Windows System Administration Using Command Line Scripts Pawan K. Bhardwaj 405_Script_FM.qxd 9/5/06 11:37 AM Page ii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or produc- tion (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
    [Show full text]
  • Copyrighted Material
    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
    [Show full text]
  • Non Corrupt Windows 8.1 Iso Download Fix: the Disc Image File Is Corrupted on Windows 10
    non corrupt windows 8.1 iso download Fix: The Disc Image File is Corrupted on Windows 10. The ‘ Disc image file is corrupted ’ error is typically caused by the third-party application that you are using to mount the ISO file, or damaged system files. Users have reported that when they try to mount an ISO image file using a third-party application like PowerISO or Windows Explorer, they are prompted with the said error. ISO files are often used to store Windows installation images or any other application. This error should not be overlooked as it can, sometimes, refer to a malfunctioning system. The error is most of the times resolved by applying a few plain solutions, however, if your issue persists even after applying the solutions given below, you will have to download the ISO image file again. You can solve your issue by following the solutions mentioned below. What causes the ‘The Disc Image File is Corrupted’ Error on Windows 10? As we mentioned, the causes of the error are often the following factors — Third-party application . The third-party application that you are using to mount the ISO image file can be sometimes the cause of the issue. System files corruption . Another factor that can cause the issue would be system files corruption. In such a case, you will have to use Windows built-in utilities to try to fix the issues. With that out of the way, you can isolate the error by implementing the following solutions. Please follow the given solutions in the same order as mentioned to ensure a hasty resolution.
    [Show full text]
  • Diskgenius User Guide (PDF)
    www.diskgenius.com DiskGenius® User Guide The information in this document is subject to change without notice. This document is not warranted to be error free. Copyright © 2010-2021 Eassos Ltd. All Rights Reserved 1 / 236 www.diskgenius.com CONTENTS Introduction ................................................................................................................................. 6 Partition Management ............................................................................................................. 6 Create New Partition ........................................................................................................ 6 Active Partition (Mark Partition as Active) .............................................................. 10 Delete Partition ................................................................................................................ 12 Format Partition ............................................................................................................... 14 Hide Partition .................................................................................................................... 15 Modify Partition Parameters ........................................................................................ 17 Resize Partition ................................................................................................................. 20 Split Partition ..................................................................................................................... 23 Extend
    [Show full text]
  • Bitleaker: 0 1 1 1 1 1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 0 1 0 0 1 Subverting Bitlocker with One Vulnerability1 1 1
    1 1 0 1 0 1 1 0 BitLeaker: 0 1 1 1 1 1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 0 1 0 0 1 Subverting BitLocker with One Vulnerability1 1 1 Seunghun Han, Jun-Hyeok Park (hanseunghun || parkparkqw)@nsr.re.kr Wook Shin, Junghwan Kang, Byungjoon Kim (wshin || ultract || bjkim)@nsr.re.kr Who Are We? - Senior security researcher at the Affiliated Institute of ETRI - Review board member of Black Hat Asia and KimchiCon - Speaker at USENIX Security, Black Hat Asia, HITBSecConf, BlueHat Shanghai, KimchiCon, BeVX, TyphoonCon and BECS - Author of “64-bit multi-core OS principles and structure, Vol.1&2” - a.k.a kkamagui, @kkamagui1 - Senior security researcher at the Affiliated Institute of ETRI - Speaker at Black Hat Asia 2018 ~ 2019 - Embedded system engineer - Interested in firmware security and IoT security - a.k.a davepark, @davepark312 Previous Works Goal of This Presentation - We present an attack vector, S3 Sleep, to subvert the Trusted Platform Modules (TPMs) - S3 sleeping state cuts off the power of CPU and peripheral devices - We found CVE-2018-6622, and it affects a discrete TPM (dTPM) and a firmware TPM (fTPM) - We introduce a new tool, BitLeaker - BitLeaker extracts the Volume Master Key (VMK) of BitLocker from TPMs - BitLeaker can mount a BitLocker-locked partition with the VMK DISCLAIMER - We do not explain BitLocker’s encryption algorithm - We focus on the protection mechanism for the VMK - Especially, the mechanism only with a TPM! - It is a default option of BitLocker - We do not consider combinations of a TPM and other options (PIN or USB startup
    [Show full text]
  • USB External Device Encryption Instructions Acceptable Use: HSC Security Practices Regarding the Encryption of External USB Devices
    USB External Device Encryption Instructions Acceptable Use: HSC Security Practices regarding the encryption of external USB devices • The Encrypted USB Storage Device may only be used for temporary storage and/or data transport of duplicate data. • A complex password must be used upon encryption, loss of the password will render the data on the USB unrecoverable. Further recovery safeguards are NOT APPLICABLE. Some things to note before getting started: • It is recommended that the USB device (Flash Drive/External HDD) be formatted to “NTFS” before saving data to the device and/or encrypting the device. Make sure that you have saved desired data from the USB Device before formatting the drive! There is no mechanism to restore the data from the USB Storage Device once it has been formatted. • The following steps must be performed on a Windows 10 [Ver. 1511] device or above that is connected to the Health domain for BitLocker encryption to work in our environment. Format the Device • Connect the USB device to the computer and locate the device in the File Explorer. • Right-click the external USB device, select “Format…”, and select the following options: o File system: NTFS o Volume label: *Something easily identifiable* o Format options: [Select] “Quick Format” Activate BitLocker • Locate the device in the File Explorer • Right-click the external USB device, select “Turn on BitLocker”, and select the following options: o Use a password to unlock the drive (This should be automatically selected if you are connected to the Health domain) o Enter a unique PIN, ensure that your new PIN meets the following requirements: .
    [Show full text]
  • INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8
    INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8 INFORMATION TECHNOLOGY CONCEPTS (391) —OPEN EVENT— REGIONAL – 2019 DO NOT WRITE ON TEST BOOKLET TOTAL POINTS _________ (100 points) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant must hand in this test booklet and all printouts. Failure to do so will result in disqualification. 2. No equipment, supplies, or materials other than those specified for this event are allowed in the testing area. No previous BPA tests and/or sample tests or facsimile (handwritten, photocopied, or keyed) are allowed in the testing area. 3. Electronic devices will be monitored according to ACT standards. No more than sixty (60) minutes testing time Property of Business Professionals of America. May be reproduced only for use in the Business Professionals of America Workplace Skills Assessment Program competition. INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 2 of 8 MULTIPLE CHOICE Identify the choice that best completes the statement or answers the question. Mark A if the statement is true. Mark B if the statement is false. 1. Which of the following appears on the right side of any Windows 8 screen when you move your pointer to a right corner? A. Live tile B. Memory Manager C. Charms bar D. System tray 2. Which element of the Windows 7 GUI gives windows a glassy appearance, but also consumes more hardware resources? A. Control panel B. Aero user interface C. Charms interface D. Logic interface 3. The top of a top-down hierarchical structure of subdirectories is called which of the following? A.
    [Show full text]
  • Bitlocker Management
    BitLocker Management Vista Full Volume Encryption Feature Overview BitLocker - Full Volume Encryption Vista Enterprise and Ultimate AD management & Key backup options Save recovery password to USB, Printer, or File Share TPM 1.2 – Enables Drive Tampering Protection WMI Interface Vista Tool compatibility MS Boot Loader, System Restore, Disk Management BitLocker Tools Manage-bde.wsf - RTM Add / Remove key protectors Tools from MS Premier Support Site: BitLocker Drive Preparation BitLocker Recovery Password Viewer BitLocker Repair Tool Searches HD for unlinked FVEKs BitLocker Group Policy Computer Config\Admin Templates\Windows Components\BitLocker Drive Encryption AD Key Backup Options Backup Recovery Password to AD Backup Key Package to AD Require Backup to AD before encryption is enabled Backup Recovery Password to Share Recovery Options Require Creation of Recovery Password - Default Require Creation of Recovery Key Package - Default BitLocker Group Policy Advanced Options Allow BitLocker without TPM Startup Key or Pin with TPM Encryption Method AES 128 Diffuser – Default Prevent Memory Overwrite on Restart – Disabled TPM Platform Validation –7 Default Metrics Rom Code MBR Code – not partition table Boot Manager TPM Group Policy Computer Config\Admin Templates\System\ Trusted Platform Module Backup TPM Owner information to AD Require backup 3 settings related to TPM blocked commands BDE Security and Compatibility BitLocker Tips AD Backup only occurs when BDE is enabled Or when TPM is initialized
    [Show full text]