Windows 7 – Enable Administrator Account After Install

March 29th, 2010

When installing Windows 7, the administrator account is disabled by default.  This is a problem if you are using VMware to install the operating system because the default user account when installing a virtual machine with Windows is “Administrator.”  If you choose this rather than a different account, after the install you will be unable to log in for the first time to Windows.

The solution is to boot in Safe Mode (pressing F8 at boot up) as Administrator then re-enable the account.Hat tip to the HowtoGeek for the solution.

Here’s a video screenshot I took of the process.

NOTE: The administrator account is disabled for security reasons, it is advised that you disable it again after you create a normal account for the system or simply create a new user when booted into Safe Mode instead of enabling the administrator.  For anything that needs administrative rights with the administrator account disabled, right click the application and say “run as administrator”.

Posted in Uncategorized | No Comments »

Get Those Menus Back

September 10th, 2009

File menus still available in Windows Vista/7.  You can change the folder options to get the file menus back in Windows Explorer under Vista/7 but today I accidently found out you can also simply press the ALT key to display the menus, yay!

Still no way to turn them on in Office 2007 that I can find though, bother.

Posted in Uncategorized | No Comments »

Look Ma No CDs!

August 31st, 2009

If you use virtual machines on a daily basis like I do, hopefully you have come to build a library of ISO image on your system to be used by virtual machines instead of physical CDs for OS installations and such.  It’s so much easier to simply click on the CD I want rather than trying to find it in my cluttered office.  The problem comes when I need to install some software on my host computer (think MS Office).  Luckily there are nifty little tools to tell your OS to use that saved ISO file rather than looking for the physical CD.  If you are using Windows the one I use is Virtual CloneDrive.

 

If you’re using Mac OSX of course, the ability to do this is already part of the operating system, you just have to double click the ISO file and it will mount to your file system.  In Linux just use your mount command to do the same thing. 

Posted in Uncategorized | No Comments »

NTFS Read/Write Support (Mac OSX)

August 31st, 2009

Extending my last discussion of NTFS support for Linux, attaching NTFS to Mac OSX machines can be a headache as well!  While Mac OSX does include support to read from NTFS volumes, no such luck on writing to them.

 

Like most Linux apps, ntfs-3g can also be ported to Mac OSX.  And lucky for us there’s already a pre-built installer too for Mac OSX (yea!).  You can find it here (http://macntfs-3g.blogspot.com/).

 

WARNING!  When I installed this there was an NTFS formatted flash drive in my Mac Pro which got hosed (technical term) after the install.  The contents of the disk were not even viewable on Windows systems (booooo!).  Time to run some forensics on it to see if I can recover any of the data.

 

That being said, ntfs-3g worked just as advertised (apart from losing my flash data).  It overrides the Mac OSX NTFS support mechanism for its own.  The app places a new item to your System Preferences from which you can change settings, disable it in favor of the native NTFS support (read only), or uninstall it.

 

Why not simply format my disks in a FAT format you say?  Minimum file size of course, we can only go to 4 gig with FAT.  My needs for more stem from the use of large files created by virtual machines.

 

 

 

Posted in Uncategorized | No Comments »

Working with NTFS formatted disks on CentOS

August 3rd, 2009

Often in doing computer forensics I use open source/linux tools, they are powerful and free.  Doing this means that we often will require our Linux operating systems to be able to read the NTFS formatted disks from Windows systems.  Helix has many of these tools and NTFS support built-in (and I cannot recommend it enough) but other Linux distros like my favorite CentOS do not.  CentOS is my distro of choice over Fedora because in general it has proven more stable, albeit less flash sometimes.

 

To accomplish the NTFS support we can install the ntfs-3g package.  Unfortunately this is not a standard package in the CentOS install and does not reside on their native yum repositories.  If you are not familiar with yum, it’s an insanely easy way to install/update software on your Linux system (similar to apt if you are of the Debian/Ubuntu bent).  A repository is simply a web database of software ready to be installed on your system (similar to Windows Update for your Microsoft folks but for tons of different software).

 

Fortunately we can add third party repositories to our system so when we are running our yum installs it will not only check the distro’s native repository but any third party ones that we add to the system.   So the solution to add NTFS support for our CentOS system is to add a third party yum repository then install the ntfs-3g driver using yum.

 

The CentOS community gets us started on how to install the required third party repository we need (http://wiki.centos.org/AdditionalResources/Repositories/RPMForge).  I’ll summarize here (currently using CentOS 5.3):

 

Download the rpmforge-release package. Choose one of the two links below, depending on your architecture. If you are unsure of which one to use you can check your architecture with the command uname – i

 

i386 http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

x86_64 http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

 

Go to the directory where the package was installed (probably /root/Desktop) and type:

 

rpm -i rpmforge*

 

This will install and setup the third party repository, now to install the NTFS support I’ll summarize from the CentOS wiki again (http://wiki.centos.org/TipsAndTricks/NTFS):

 

Install the ntfs-3g package and its dependancies using yum from the command line:

 

yum install fuse fuse-ntfs-3g dkms dkms-fuse

 

At this point your done!  You should be able to freely mount NTFS formatted volumes (or images of them as is often the case in computer forensics) and use great tools for forensics like the amazing and fast file recovery tool foremost which can also be installed using your new repository:

 

yum install foremost 

 

Check out the man page for foremost after the install to see how to run it.

Posted in Uncategorized | 3 Comments »

so i was inspired…

July 30th, 2009

Brian Pence, Architect Evangelist from Microsoft, gave a presentation at school this week and inspired me to start a blog.  As I work through preparing to demonstrating technologies for students in my classes, it often requires lots of digging/configuring on my part to get things to work properly.  It involves testing different technologies, integrating them together, etc.  So this blog will spell out the things I come across as I prep for class or simply while poke at new technologies.  Hopefully it will save some pain of other IT professionals/students/teachers who are trying to solve the same problems as myself.

 

On the left there is a link where you can find pdf files of the slides I use when teaching that might be of use to some folks.

 

Likely technologies covered in the blog:

 

Microsoft Windows – Server 2008, Vista, Windows 7, IIS, PowerShell, Server Core, Active Directory, GPO, Exchange, Remote Desktop

 

Linux – CentOS, Fedora, Ubuntu, bash, Samba, OpenLDAP, Apache

 

Macintosh OS X

 

Virtualization –  VMware (Workstation, Server, ESX, ESXi, Fusion), HyperV, VirtualPC, VirtualBox, Parallels

 

Security/Forensics – Helix, Coroner’s Toolkit, Autopsy, Foremost, NAP/NAC, ISAData Center Operations – EMC

Posted in Uncategorized | No Comments »