Wipe your Deleted Data Away: Using cipher.exe

Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. An updated version of the Cipher tool has been released for Windows 2000, and is included with Windows XP. The updated version adds another security option. This new option is the ability to overwrite data that you have deleted so that it cannot be recovered and accessed.

When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a low-level disk editor or data-recovery software.

If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such data.

Most Windows 2000 and XP Professional users are aware of the ability to encrypt data at the file level, using the Encrypting File System (EFS). It’s easy to do through the graphical interface—as easy as checking a checkbox on the Advanced File Attributes property sheet. However, many IT pros aren’t aware that encryption can also be performed at the command line.

The cipher.exe utility is included with Microsoft’s most recent NT-based operating systems. It allows you to do the same tasks—encrypt and decrypt—that you can do through the GUI, but also allows you to do much more—all through the command line. Administrators and power users can take advantage of the cipher tool’s power to gather encryption information and more quickly perform encryption tasks.

This Daily Drill Down will introduce you to the cipher tool and walk you through the steps of using its various switches.

Why a command line encryption tool?
What’s the need for a command line encryption tool if it’s so easy to encrypt and decrypt files using the GUI (other than the fact that some of us just like the character-based interface)? While encryption and decryption are easy attributes to set through a file or folder’s property sheet, there are other encryption-related tasks that are difficult (or impossible) to accomplish through the GUI.

For example, what if a user wants to create a new file encryption key? You might think you could generate a new key pair by requesting a new EFS certificate. You would do this by invoking the Certificate Request Wizard via the Certificates MMC (if you’re in an Active Directory domain) or via the certification authority’s Web page. But the problem with this method is that the file encryption key that is generated by EFS is wrapped with the user’s public key during the encryption process. As a workaround, the cipher tool allows you to create a new encryption key by typing cipher /k.

What if you want to encrypt files that are already encrypted? There’s no way to do that through the graphical interface; you must first decrypt the file before you’re allowed to change its attribute back to encrypted. With the cipher tool, you can force encryption on all files and folders, including those that are already encrypted.

---

Tip
The original version of cipher.exe that was released with Windows 2000 does not include the data overwrite function. This was added in a version of the cipher tool that Microsoft released in June 2001 (and included in Windows 2000 SP3). The drive-wiping function is included in the cipher tool that comes with Windows XP.

---

The cipher.exe command is an external command that is available in the below Microsoft operating systems.

Windows 2000
Windows XP
Windows Vista
Windows 7

Syntax

Displays or alters the encryption of directories [files] on NTFS partitions.

CIPHER [/E | /D] [/S:dir] [/A] [/I] [/F] [/Q] [/H] [/K] [pathname [...]]

CIPHER /W:directory

CIPHER /X[:efsfile] [filename]

/E	Encrypts the specified directories. Directories will be marked so that files added afterward will be encrypted.
/D	Decrypts the specified directories. Directories will be marked so that files added afterward will not be encrypted.
/S	Performs the specified operation on directories in the given directory and all subdirectories.
/A	Operation for files as well as directories. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory.
/I	Continues performing the specified operation even after errors have occurred. By default, CIPHER stops when an error is encountered.
/F	Forces the encryption operation on all specified objects, even those that are already encrypted. Already-encrypted objects are skipped by default.
/Q	Reports only the most essential information.
/H	Displays files with the hidden or system attributes. These files are omitted by default.
/K	Create new file encryption key for the user running CIPHER. If this option is chosen, all the other options will be ignored.
/W	Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed.
/X	Backup EFS certificate and keys into file filename. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up.
dir	A directory path.
pathname	Specifies a pattern, file or directory.
efsfile	An encrypted file path.

Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.

To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command. Use the following steps:

1. Quit all programs.
2. Click Start, click Run, type cmd, and then press ENTER.
3. Type cipher /w:driveletter:\foldername, and then press ENTER. Specify the drive and the folder that identifies the volume that contains the deleted data that you want to overwrite. Data that is not allocated to files or folders will be overwritten. This permanently removes the data. This can take a long time if you are overwriting a large space.

   The /w switch is used to overwrite data in unallocated space on the disk.

   Note With mount points in Windows 2000, you can mount a volume on any empty folder on an NTFS volume. When you do this, the mounted volume does not have a drive letter of its own. The only way to address that volume is by using the path where you created the mount point. Therefore, the /w switch requests a path of a folder, and from that, it determines the associated volume to wipe. Because of the way the file system works, the whole volume must be wiped. A file can be written anywhere on the volume at any time. A folder does not address a specific physical location on disk but is a logical container for file entries in the volume's table of contents (MFT or FAT). To make sure that there is no leftover data in unallocated space, all unallocated space on the volume must be wiped.

For more details, look into following links:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cipher.mspx?mfr=true

http://support.microsoft.com/kb/315672

http://www.computerhope.com/cipher.htm

http://www.techrepublic.com/article/use-cipherexe-for-command-line-encryption/5030732

http://www.windowsecurity.com/articles/using-cipherexe.html

Connect To VPN Before Logging In To Windows

In this post, we’ll look at two scenarios that involve establishing a VPN connection before logging in to Windows. In the first case, we need to authenticate to a domain to login. In the second case, the connection needs to be established automatically without a user.

NOTE: This article pertains to the built-in VPN client in Windows. There is however some discussion of Cisco clients in the comments below.

Scenario 1: Authenticating to A Domain At Login

Windows XP

At the Log On to Windows dialogue box, fill in the User name and Password fields.  Select your domain from the Log on to drop down. Then check the Log on using dial-up connection checkbox. (Click Options >> to reveal the Log on to drop down and dial-up checkbox if they are hidden.) Click OK.

The Network Connections dialog box will appear. Select your VPN connection from the drop down. Click Connect. The standard VPN Connect box will appear. Connect as normal. Once the VPN connection is established, the original Log On to Windows user name and password will be applied and you’ll be logged in.

Note: In the process above, you may receive a dialogue box asking for area code and other dialing options. Just humor Windows and fill it out. It won’t matter.

IMPORTANT: The “Anyone who uses this computer” radio button must have been checked when the VPN connection was created. Otherwise the VPN will not be present in the  Network Connectionsdrop down. If this is the case, just log on as a local administrator and recreate the connection.

Windows 7

At the login screen, click the Switch User button. A Network logon button will appear in the lower right corner next to the power button. Click this button and you will be presented with buttons for available network connections. Click on the button for your VPN. Enter your Username and Password, and click the arrow button (or press Enter).

IMPORTANT: The “Allow other people to use this connection” checkbox must have been checked when the VPN connection was created. Otherwise the VPN will not be present among the available network connections. If this is the case, just log on as a local administrator and recreate the connection.

Scenario 2: VPN Connection Without User Interaction

Credit where credit is due: The process in this scenario 2 section is drawn from this blog entry, which I stumbled upon early in my research of this topic.

Windows XP

What we’re going to do is install a system service that is started at boot and calls a batch file. The batch file will invoke a command that will start the VPN.

You will need three files available from Windows Server 2003 Resource Kit Tools. At the time of this writing, the download is available from Microsoft here. Run the executable to unpack and install the tools. Note the directory where the installer puts the tools.

1. Put the commandrasdial connection-name username password into a batch file and name itautoexnt.bat.

• Connection-name is the name you gave the VPN connection when you created it.
• The “Anyone who uses this computer” radio button must have been checked when the VPN connection was created.
• Documentation on the rasdial command can be found here.

2. In the directory created by the Resource Kit Tools installer, locate autoexnt.exe, instexnt.exe, andservmess.dll. Move those files and autoexnt.bat to %SystemRoot%\System32\.

3. From a command prompt, run instexnt.exe install to install the service.

• Documentation on the AutoExNT service can be found here.

You’re done. Next time the machine boots, it will automatically establish the given VPN connection.

Windows 7 (64-bit)

Follow the process outlined above, but in step 2, transfer the files to %SystemRoot%\SysWOW64\.

• The files must be transferred to this directory because they are 32-bit. 32-bit executables go in the SysWOW64 directory, and 64-bit executables go in the System32 directory. A discussion of why it works like that can be found here.

Windows 7 (32-bit) and Vista (32 & 64-bit)

I have not tested this on Windows 7 32-bit or on any version of Vista, though I imagine it would work just the same.

Drag and Drop Not Working in Windows 7

Applies To: Windows | Windows 7 | Performance and Maintenance

Scenario:-

I have a new problem that has cropped up just in the last week or two. I can no longer drag and drop my files and folders in Windows Explorer. I have Windows 7 on a HP Notebook. It came installed on the computer last December when I bought it (09). I've never had an issue with it since then, and I'm not sure how to find the settings to enable drag and drop or re-enable it. I know I've done it before on this machine, many times- and just noticed it first in  Thunderbird, (my email desktop application) then in explorer. I did recently install the SP1 (spelling??) a few weeks ago, and have installed a few other odds and ends programs, but I'm pretty sure drag and drop was working okay until a few days ago. 

Any help would be appreciated. As a genealogy writer, that's a must have feature. 

Most Helpful Reply in this webpage: http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/drag-and-drop-not-working-in-windows-7/f6dcfa11-8c51-e011-8dfc-68b599b31bf5

In Windows Explorer, click a file with the left mouse button and keep the button held down. Then press the Escape key. Drag and drop is miraculously re-enabled.


I got this from http://it.thelibrarie.com/weblog/2010/06/drag-and-drop-stops-working/

Windows Tips and Tricks: Master the Taskbar and Start menu

The taskbar and Start menu are so much more than simple program launchers. Help them help you work more efficiently in Windows 7.

In Windows 7, the Start menu and the taskbar have become both easier to use and more sophisticated. However, they also offer a slew of additional capabilities and customization options that aren’t obvious when you first look at them. I’ll first walk through the plethora of options for each, and then dive into how to use them more effectively.

The Start Menu

The Start menu, at its most basic.The Start menu is so named because that’s where you go to start applications, restart or shut down Windows, and perform other basic application management chores. When you start up a new system, or perform a clean install of Windows, this is the Start menu you see.

Lots of people happily use the Start menu in this state, which is very XP-like. Unlike XP, though, the applications are sorted alphabetically. This tends to give recent XP converts heartburn, but you can change this behavior when you customize the Start menu. My personal preference is alphabetical sort, which you could do in XP by context clicking on the All Programs section and sorting.

I’ve customized my Start menu to work more effectively for me.At right is my Start menu, as I use it.

The first thing you’ll notice is the size--more programs are visible on the basic Start menu, without having to go to the dreaded "All Programs" section. Also notice that Downloads, Games, and Computer are pop-out menus. I use those particular folders frequently, so I find that using them as pop-outs on the Start menu is preferable to launching the actual Window, then clicking something else.

Now let's customize the Start menu. If you context-click (right-click) on the Start menu button, one of the two options is Properties. Click on that option, and the following window appears. (The other option merely opens Windows Explorer.)

Customization begins here for both Start menu and the Taskbar.You'll see a pair of settings here that you should enable: (1) Store and display recently opened programs in the Start menu, and (2) Store and display recently opened items in the Start menu and taskbar. These are put under "Privacy" because you may not want them enabled for a shared system, but for most users, turning these options on (if they're not already on by default) is a no-brainer.

Now click the Customize button.

You’ll see a fixed-size window (you can’t make it bigger), with a lot of different options. Here’s a summary of the changes I made to my own Start menu. I’m only going to list those changes, not what I kept at default settings.

• Number of recent programs / recent items to display (under "Start menu size"). The default is 10; I set it to 20, since I have a large display. If you’re running on a relatively low-resolution monitor (like a laptop), you may want to keep the number at 10.
• Computer. I enabled "Display as a menu." The various drives and top folders appear on a fly-out menu. Saves a click.
• Downloads. The default is "Don’t display," but I like it as a link, which lets me get to the Downloads folder with one click.
• Games. I display this in the Start menu as a fly-out menu. That’s a much quicker way to launch games that are in the Windows games folder.
• Network. I don’t often access this folder, but when I do, I want to get to it quickly, so enabling it as a link is fine.
• Recent Items. I turned this on, but it's one of those items you may want leave disabled on a shared system. On the other hand, it’s very handy to have quick access to recent files, without needing to find the Jump List for the individual application that may be associated with the files.
• Run command. This avoids having to type "Run" in the search box.
• System administrative tools. By default, this display option is turned off. I like having access to system management tools. It has some useful stuff that’s hard to find, so enabling this tools display is often helpful when you need to troubleshoot a problem.

Note that I leave "Sort All Programs menu by name" enabled (that’s the default.) If you uncheck it, the Start menu will sort programs by most recently installed. (If you change it after you’ve installed a bunch of apps, it will remain sorted alphabetically for a time, until you install more apps.) What you won’t get is the old Windows XP behavior, where you could manually reorder the icons in the Start menu. Some users may not like this.

The policy editor lets you change many Windows settings, including the Start menu and Taskbar.If you’re so inclined, you can change many more settings by running the Windows 7 Group Policy Editor, but be cautious when using the policy editor.

Start Menu Shortcuts and Tips

Now that you’ve customized the Start menu to your preferences, it’s time to look at some additional shortcuts and tips on using the Start menu.

If you have a lot of programs installed, consider using the keyboard instead of hunting for them in the All Programs window. All you have to do is hold down the Windows logo key and the R key at the same time. This brings up the run box. If you type the name of the program, it will run. However, this assumes you know the exact name of the application. For example, if you want to run Word, you have to type "winword.exe". What, you didn’t know the actual Word program name is winword.exe?

This is what I see when I type the letters “wor” in the Start menu search bar.If you know part of the name, but not the whole name, use the Start menu search function. Press the Windows logo key and just start typing "wor". If you wait just a moment for the search function to do its job, you’ll see quite a list.

Here, your version of Word appears as the top choice. But a variety of other apps, shortcuts, and document names have popped up as well, so you can click on whichever of those you want. On the other hand, when I hit the Enter key after typing "wor" (minus the quote marks, of course), then the top item in the list is opened--in this case, Microsoft Word. Simple and efficient.

Note that you will have to type more characters than you think you need on occasion. If you type "ex," then hit enter you’ll likely run Internet Explorer. If your intent was to run Excel, you’ll need to type "exc" at a minimum.

Now it’s time to move on to the Windows taskbar.

Customizing the Windows Taskbar

The Windows Taskbar has evolved from being a simple indicator of open applications to a much more active user interface entity in its own right. The key features of the taskbar, as you probably have discovered, are Jump Lists and Aero Peek. However, before examining taskbar features, it’s worth spending some time customizing the taskbar. Like the Start menu, the taskbar can be configured to behave more to your liking.

My taskbar on a light day.First, let’s take a look at my taskbar (click on the mini-image for a full-size view). This is actually relatively uncluttered for me--I often have many more windows and apps open.

Taskbar Property Sheet is where you begin your journey in customizing the taskbar.Right-click on any empty space in the taskbar and click Properties. The taskbar and Start menu properties sheet will pop up, with the taskbar tab active.

This is the default setting--taskbar locked, at the bottom of the window and Aero Peek enabled. I strongly suggest you leave Aero Peek turned on--it’s one of the most useful features of the Windows 7 taskbar. When it comes to the way you view icons, applications and files in the taskbar, though, it's mostly up to your personal preference.

The default is to have just unlabeled icons. If you run more than one instance, or have multiple documents open in a particular app, you’ll see a layered icon. You will never see more than three layers, though. So you won’t know if you’ve got more than three docs open or three instances of a particular app running. You also won’t know the names of the documents without hovering over the icons.

If this bugs you, you can change the taskbar buttons to Combine when taskbar is full in the Taskbar button pulldown. Windows will combine certain sets of objects when the taskbar fills up. Note that what's visible in the taskbar may vary, depending on what types of documents or folders you open, and the number of each type.

If you choose never combine, what’s visible in the taskbar becomes smaller and smaller, until they’re very small icons.

Other options on the primary properties page include "Lock the taskbar" (default is the bottom of the screen), "Auto-hide the taskbar" (useful on laptops or other screens relatively light on pixel real estate) and "Use small icons" (also useful on smaller screens.)

If you click on Customize, you’ll get a screen that allows you to alter the behavior of taskbar and notification icons. The notification area (the tiny up arrow on the right side of the taskbar) is where all the old tray apps that load on startup live now. You can, if you want, enable them all to be visible in the tray, so you can have that really cluttered, Windows XP look. I tend to have most of them set to notification only.

Taskbar tips and tricks

Pinning: Pinning a program to the taskbar is easy--just drag the icon to the taskbar. Note that you can’t pin a folder to the taskbar--but then, you never could. In the olden days, you could pin a folder to the Quick Launch bar, which wasn’t the same thing as the taskbar. If you really, really want to pin folders to the taskbar, you can find hacks out in the wild. One way is documented on Sevenforums. But I’ve found Jump Lists to be much more useful.

The magic of middle-click: The middle button on your mouse has two key functions when using the taskbar. Middle-clicking on a taskbar icon will launch a new instance of an application. This is very handy in apps like Excel, which will default to one instance with multiple pages when you open a second or subsequent Excel document. Of course, some apps, like Skype, won’t let you open a second instance, but I often use this for Excel, or to simply open a new instance of another app.

Middle-clicking has another function, too. If you hover over an icon, and multiple document pages are shown, middle-clicking on one of them will close that document. I often use this to close excess open file folders.

Keyboard magic: Keyboard shortcuts are a big productivity booster for some users. While I find myself not using them much these days, other people love them. Paul Thurrott’s Windows site has acomprehensive list of taskbar keyboard shortcuts.

Context-clicking magic: Remember the right mouse button! Right-clicking on the taskbar opens up a host of interesting options. You can activate a number of different toolbars, including some that are added by applications. The Zune toolbar, for example, puts a miniature control app on the taskbar when you’re running the Zune app. You can also start the Task Manager, making it easier to access than the old control-alt-delete three-fingered salute. You can close all the windows, which is the same as clicking the tiny box at the extreme right of the taskbar, but slightly easier for me to access. And you can alter window behavior (cascading, side-by-side, and so on). Finally, you can unlock the taskbar, which allows you to make it bigger, or move it somewhere else, if you prefer.

The Windows 7 Start menu and taskbar are powerful user interface tools that allow you to efficiently access applications and offer a host of nifty features and shortcuts. Spend a little time customizing and learning the ins and outs of both, and you'll become a more efficient and productive Windows user.