Category Archives: Windows 7

My favorite Windows 7 keyboard shortcuts

There are a number of ways that I am “old school.” I prefer a command prompt or the run box for quick tasks like pinging a host to check connectivity, or to open calc or mspaint. I will still occasionally write quick and dirty code in QuickBasic to parse a text file, or create a comma delimited file to import into Excel.

I also like to use keyboard shortcuts in Windows – if I don’t have to take my hand off the keyboard to use the mouse, why should I? Check out my list below and then tell me about any of your favorites that I missed.

Here are some of my favorites that are either still available or new in:

Windows 7

  • or Ctrl-Esc Open the Start Menu
  • -D Minimizes all open programs (also -M)
  • – Makes all open windows transparent so you can see your desktop
  • -E Opens Explorer (not IE) window
  • Alt-Tab Cycle through open programs – updated nicely for Windows 7
  • -Tab Cycle through open programs – in Flip 3-D
  • -P Projector – use an externally connected display
  • -R Open the Run Box
  • Alt-F4 Close active application
  • -L Lock the computer – quicker than Ctrl-Alt-Del then Alt-K
  • -T Cycles through items on the taskbar

IE 9 / Firefox

  • Ctrl-N Open a new Window
  • Ctrl-T Open a new Tab
  • Ctrl-F Find on open page

Classic Office Application Keyboard Shortcuts

  • Ctrl-A Select All
  • Ctrl-C Copy selected
  • Ctrl-X Cut selected
  • Ctrl-V Paste cut or copied items
  • Ctrl-Y Redo last action
  • Ctrl-Z or Alt-Bksp Undo previous action
  • Ctrl-Alt-1, 2, 3 Apply heading style 1, 2 or 3 to selection in Word
Tagged

Windows 7 Deployment – Cleaning the Start Menu

I’ve been working on a large Windows 7 deployment for a while and one of the nagging issues has been how to remove the default items in the start menu. Things like “Getting Started,” “Sticky Notes,” and the “Snipping Tool,” etc. The problem I have found is that even when they are removed from the source image and sysprep is run with the copyprofile option set to true, these items are not removed from the default profile.

This is what we want:

Not this:

So the solution I came up with is to add a batch file to the startup folder in the default profile that will add the following reg file:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count]
"HRZR_PGYFRFFVBA"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count]

The first part removes the “UserAssist” branches and the second part adds blank ones back in.

Since it is working on Current User, it should not require elevation.

There is also some good vbs code out there that will pin apps to the start menu once you have cleared it. Let me know how this goes for you!

Windows 7 – Boot Process Description

Overview

Good performance during Windows startup and shutdown is critical for a good user experience because many users consider the time that is required to boot a computer to be a primary benchmark of hardware and operating system performance.

Power-On

The power-on process consists of four main phases, some of which can be broken down further into sub-phases.

The first phase is the pre-OS phase which powers on the hardware. This phase can be broken down into four sub-phases:

  • TPM Initialization: A Trusted Platform Module (TPM) is a hardware component that uses its own internal firmware and logic circuits to add cryptographic functionality. It works with supporting software and firmware to prevent unauthorized access to a computer. The TPM contains a hardware engine to perform up to 2048-bit RSA encryption/decryption. The TPM uses its built-in RSA engine during digital signing and key wrapping operations.
  • System BIOS: initializes hardware BIOS (Basic Input/Output System) and runs POST (Power-On-Self-Test). The POST checks the BIOS and the CMOS RAM. If no issues, then POST continues to check the CPU, hardware devices such as the Video Card, the secondary storage devices such as the Hard Drive and CD/DVD Drives.
  • Load BIOS of other devices: Video cards, storage controllers, network interface cards may all have BIOS.
  • BIOS searches for boot device: If no device found, system displays a boot device error.

The second phase is the Firmware-OS phase which transitions control to the Windows Boot Loader. This phase loads the Master Boot Record (MBR) from the boot device. If the MBR is not found or corrupt, the system displays a non-system disk error or disk boot failure. If the MBR is found, it will access the file system on the boot drive for boot configuration data and look for disk encryption information.

The Firmware-OS phase passes control to the boot loader – which could be either a Full-Disk Encryption boot loader (Bitlocker, Safeboot, etc.) or the Windows OS boot loader if FDE is not in use.

Full-Disk Encryption Process

Full-Disk Encryption implementations may take various forms, but for the purposes of this discussion it is sufficient to know that FDE sits between the Operating System and the hardware and encrypts and decrypts every bit of data being read from and written to the hard drive. This requires processing power and therefore, time.

Most popular software implementations of FDE encrypt a volume using a symmetric Advanced Encryption Standard (AES) algorithm with 128-bit or 256-bit keys. The keys are stored or protected by the Trusted Platform Module (TPM) which uses multiple criteria (PIN, Password, Biometrics, hardware configuration) to make the keys available to the FDE software. Alternate storage methods and recovery overrides are typically available.

Wndows Boot Process

The Windows loader (WINLOAD.EXE) loads and executes the Windows 7 Kernel which initializes the system by calling the HAL Initialize process – display driver, system debugger, and then launches SMSS.EXE – the session manager.

SMSS.EXE loads the rest of the registry and configures the environment to run all of the various Windows process and subsystems such as the security subsystem, additional device drivers and services and creates the user session by launching WINLOGON.EXE.

Windows Logon Process

This section is excerpted from Microsoft Technet: http://technet.microsoft.com/en-us/library/cc780332%28WS.10%29.aspx

Local Logon

The following figure shows the local logon process.

Local Logon Process: see http://i.technet.microsoft.com/dynimg/IC196890.gif

The GINA specifies the Negotiate authentication package when it calls into the LSA. Negotiate must then choose an authentication package to process the logon. Negotiate sends the credentials to Kerberos, the default authentication package in Windows Server 2003. However, the Kerberos authentication package cannot process local logons, so it returns an error to Negotiate. Negotiate then calls NTLM to authenticate the user by comparing the received credentials with those hashed in the SAM.

If the credentials are valid, the LSA generates an access token for the user based upon user rights assigned to the user’s account and LsaLogonUser returns the logon success and the user’s access token to Winlogon and the GINA. The GINA then activates the user’s shell and Winlogon switches to the default desktop. If the credentials are invalid, the LSA returns a logon failure, the GINA displays an error message and prompts the user to present valid credentials, and Winlogon remains in the Winlogon desktop.

Domain Logon

Domain logons can only be performed from computers that are joined to a domain. Domain credentials consist of a user’s domain account user name, password, and the name of the domain. The local computer’s LSA chooses the appropriate authentication package to use based on the domain’s environment.

The following figure shows the process that occurs when the local computer can reach a domain controller to authenticate the user. If a domain controller is not available, a cached logon occurs.

Domain Logon Process: See http://i.technet.microsoft.com/dynimg/IC196891.gif

As with the local logon process, the Negotiate authentication package routes the authentication request to the default authentication package, Kerberos.

The domain client chooses Kerberos, and Kerberos validates the user’s credentials by contacting the domain controller. The LSA on the domain controller returns the logon success or failure to the local computer’s LSA. If the domain logon succeeds, the local LSA generates an access token for the user based upon user rights assigned to the user’s account, and LsaLogonUser returns the logon success and the user’s access token to Winlogon and the GINA. The GINA then activates the user’s shell, and Winlogon switches to the default desktop. If the credentials are invalid, the LSA returns a logon failure, the GINA displays an error message and prompts the user to present valid credentials, and Winlogon remains in the Winlogon desktop.

Cached Logons

Windows Server 2003 supports cached logons. The cached credentials of the last 10 users who have successfully logged on to a domain account can be used to log a user on locally if the authenticating domain controller becomes unavailable.

Using Microsoft USMT to migrate Symantec Enterprise Vault Files and Settings

This will detail how to migrate Symantec Enterprise Vault version 9 files and settings using Microsoft USMT 4.This requires the use of custom settings in both the miguser.xml and migapp.xml files.

MigApp.xml Addition:

Add the following section to the MigApp.xml. This will allow USMT to migrate all information under HKCU\Software\KVS\Enterprise Vault\Client in the registry.

<!-- Symantec Enterprise Vault -->
<component context="UserAndSystem" type="System">
      <displayName _locID="MMC_MigApp.SymEV">Symantec Enterprise Vault</displayName>
      <role role="Settings">
            <rules context="UserAndSystem">
                  <include>
                        <objectSet>
                              <pattern type="Registry">HKCU\Software\KVS\Enterprise Vault\Client\* [*]</pattern>
                        </objectSet>
                  </include>
            </rules>
      </role>
</component>

MigUser.xml Addition:

Add the following section to the MigUser.xml or add the <pattern type> line to an existing “Documents” section. This will allow USMT to migrate the Enterprise Vault cache files to their proper locations on the target PC.

<component type="Documents" context="System">
      <displayName>Migrate Symantec EV System Data</displayName>
      <role role="Data">
            <rules>
                  <include>
                        <objectSet>
                              <pattern type="File">%CSIDL_LOCAL_APPDATA%\KVS\Enterprise Vault\* [*]</pattern>
                        </objectSet>
                  </include>
            </rules>
      </role>
</component>

Testing:

To date, testing in has been successful with no additional data synchronizing with the EV servers post migration.

USMT – Local Group Migration – Removing Users from Local Administrators during migration

Moving from XP to 7 is a great time to enhance desktop security. One way to do this is to remove users from the Local Administrators group. USMT can automate this task!

Add the following XML to the config.xml file:

<ProfileControl>
     <localGroups>
          <mappings>
               <changeGroup from="Administrators" to="Users" appliesTo="AllUsers">
                    <include>
                         <pattern>*</pattern>
                    </include>
               </changeGroup>
          </mappings>
     </localGroups>
</ProfileControl>

This will move all users from the local Administrators group to the local Users group. Optionally, replace “Users” with “JunkUsers” or some other non-existant group and USMT will simply remove all users that existed on the old PC from the local Administrators group.