19 Aralık 2012 Çarşamba

Windows gezgini son girilen yerleri silme

Bilgisayarımızda dolaşırken girmek istediğimiz klasöre bazen direk adresini yazarak girmek isteriz.

Örnek vermek gerekirse Cleaner programının kurulu olduğu dizine giriceksek Windows Gezginin adres çubuğunaC:\Program Files (x86)\CClaener adresini yapıştırıp Enter'a bastığımızda karşımıza direk klasör açılır.

Windows 7'de bu özelliği kullandıktan sonra önceden girilen adresler kaydediliyor ama silmek istediğimiz zaman biraz zorlanabiliyoruz.

Sonuç olarak önceden girdiğimiz adresler artık işinize yaramayabilir. Şimdi Windows Gezgininin önbelleğe aldığı adresleri nasıl silebiliriz onu görelim.

Resimde gördüğünüz gibi önceden giriş yapılan adresler gözüküyor.
Şimdi bilgisayarım'ı açın ve Bilgisayarım üzerine gelerek sağ tıklayın.

Açılan bu pencereden Geçmişi sil diyerek daha önceden girilen kayıtları temizleyebilirsiniz.


http://www.windows8li.com/2009/12/windows-7deki-windows-gezgini-on.html

4 Aralık 2012 Salı

The file is corrupt and cannot be opened




1. Open Excel 2010.
2. Click on File > Options.
3. Select Trust Center > Trust center settings.
4. Select Protected view.
5. Uncheck all the options under Protected View > OK.
6. Restart Excel 2010 and try to open Excel documents.

20 Kasım 2012 Salı

Seagate Distribütörleri

http://support.seagate.com/customer/tr-TR/warranty_validation.jsp
Garanti sorgulama sayfasıdır



DATAGATE BİLGİSAYAR
Ayazağa Köyü, Cendere Yolu No:9 Şişli-İSTANBUL 34396
Tel :             (212) 3312199 begin_of_the_skype_highlighting            (212) 3312199      end_of_the_skype_highlighting      
Faks : (212) 3321678
E-posta : mhd@datagate.com.tr
Web       : www.datagate.com.tr



ASBIS Türkiye
Barbaros Mah. Evren Caddesi No 56. Kat:1 34746 Yenisahra – Istanbul, Turkey
Tel :             (216) 4707440 begin_of_the_skype_highlighting            (216) 4707440      end_of_the_skype_highlighting      
Faks : (216) 4707458
E-posta : office@asbis.com.tr
Web       : www.asbis.com.tr



ARENA BİLGİSAYAR
Ramazanoğlu Mahallesi, Transtek Caddesi No:2 34906 Pendik / İstanbul
Tel :             (212) 3646700 begin_of_the_skype_highlighting            (212) 3646700      end_of_the_skype_highlighting      
E-posta : teknik@arena.com.tr
Web       : www.cercev-e.com



PENTA BİLGİSAYAR SİSTEMLERİ
Esenkent Mah. Yeni Organize Sanayi Bölgesi 1.Cadde No:8 34775 Ümraniye-İSTANBUL
Tel : (216) - 4440768
E-posta : teknik@penta.com.tr
Web       : www.penta.com.tr

Alıntıdır

http://www.akdeniz.org/marka-destek/seagate-turkiye-distributoru/ 


excerpt

3 Ekim 2012 Çarşamba

How to Export email from Outlook for import into Mac Apple Mail or Outlook for Mac


The process is very simple:

  1. Download and install MessageSave on your Windows PC and restart Outlook.
  2. Run "Export Messages" menu command to export your Outlook folders as MBOX files.
    Outlook 2010: Click on the small triangle under the MessageSave button, select "Apple Mac Export -> Export Messages".
    Outlook 2007 or older: Click on the "Tools -> MessageSave -> Apple Mac Export -> Export Messages" menu command
  3. Copy the MBOX files over to the Mac.
  4. Import the MBOX files into your Mac mail client ( Apple Mail, Outlook for Mac or Entourage ).
  5. That's it. You're done. View the demo to see how simple it is.
Note: MessageSave also supports exporting Contacts and Calendar in addition to migrating messages.
We offer a 40% discount to customers converting from Outlook to Mac. Order via this page today.
(Limited time offer. Valid only for customer migrating from Outlook to Mac.)

To import an MBOX file into Apple Mail:

  1. Copy the .mbox file to your Mac. A USB flash drive or an external hard drive is probably the easiest way to do that.
  2. Open Apple Mail.
  3. Invoke "File->Import Mailboxes" menu command.
  4. Check the "Files in mbox format" option and click "Continue".
  5. Select your MBOX files in the next window and click "Continue".
  6. That's it. You are done. Congratulations!
  7. View the video if you would like to see the entire process in action.

To import an MBOX file into Entourage:

  1. Copy the .mbox file to your Mac. A USB flash drive or an external hard drive is probably the easiest way to do that.
  2. Open Entourage.
  3. Simply drag and drop the mbox file(s) onto the Entourage Inbox (in the Entourage folder list).
  4. After that, you should see a small triangle to the left of the Inbox. Click on it to display the newly imported folder(s). Note: If you have a large number of messages, Entourage might take a bit of time processing your MBOX file.
  5. That's it. You are done. Congratulations!
  6. View the video if you would like to see the entire process in action.

To import an MBOX file into Outlook 2011 for Mac:

  1. Copy the .mbox file to your Mac. A USB flash drive or an external hard drive is probably the easiest way to do that.
  2. On your Mac, in Outlook 2011, select "Outlook 2011 -> File -> Import" menu command.
  3. Select "Contacts or messages from a Text file" option.
  4. Click on 'Continue' (Right arrow button).
  5. Select "Import messages from an MBOX-format text file".
  6. Click on 'Continue' (Right arrow button)
  7. Select the MBOX file(s) you'd like to import.
  8. Click on "Import" button.
  9. Click on "Finish" button.
  10. You will find the imported mailboxes under "ON MY COMPUTER". (Note: If "ON MY COMPUTER" section is in collapsed mode, click on the triangle next to it to expand it).

If you see that MBOX files are greyed out in the "Import Mail" window (Step 7 above)

  1. Download this application to the Mac.
  2. Double-click to unzip it.
  3. Double-click on the unzipped file "mbfr".
  4. Point it to the folder where your MBOX files are located.
  5. After that restart Outlook, and you should be able to select MBOX files in the "Import Mail" window.



Additional important notes about importing email

  • MBOX format is supported only when using MessageSave with Outlook 2002 or newer.
  • MessageSave only exports email messages, contacts and calendar from Windows Outlook. It does not export from Outlook 2011 for Mac. Import into Outlook 2011 for Mac is supported.
  • To import an mbox file into Entourage, simply drag and drop it onto one of the folders in the Entourage folder list. Be sure to drop it into a local (On My Computer) folder, as opposed to a folder on a server. (You will be able to move it later).
  • Apple Mail and Entourage might have trouble importing very large mbox files (over 3000 messages). If you hit this issue, try splitting your large Outlook folder into smaller folders with fewer than 3000 messages each. This is a Mail and Entourage issue, not MessageSave.
  • Apple Mail (and Thunderbird) have issues importing mbox files with very long names, or with certain characters, such as #, in the file name. If you see errors, try renaming your mbox file.
  • We have tested MessageSave on folders with tens of thousands of messages - it worked without a hitch. However, exporting large folders might take a bit of time. Also, the evaluation version is limited to processing 50 messages at a time. Be assured that the full version does not have this limit.
  • When you try to import the mbox file(s) into Apple Mail, the import dialog may display the mbox files as grayed out. Simply click "Choose" and Apple Mail will import the files.
  • In some cases, when you import a large MBOX file into Apple Mail, then look in the Imported folder, you would see only headers and no message bodies. This happens while the imported messages are still being processed. And if you try to open or move them during that time, import might abort. Please restart your mail application, import messages again and leave the machine as is for about 30 minutes. After that you should see the messages. Then you should see your messages fully imported.
Apple computers are becoming more and more popular. You see the silver MacBooks everywhere. Apple's ad campaigns seem to be working very well as more and more people are switching from Windows computers to Macs. With that, they often have a need to bring their mail over to the new platform.
Outlook is the most popular email client for Windows. MessageSave makes it very easy to export your Outlook email and import it into a Mac mail client, such as Apple Mail, Entourage, etc. MessageSave will work with any Outlook email account (PST or Exchange). MessageSave preserves attachments, sender email addresses, message timestamps, multiple languages. Download the trial version and see for yourself how easy it is. MessageSave supports exporting contacts and Calendar in addition to migrating messages.

Did you find this tip useful? Let us know.
Microsoft, Outlook and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Apple, Mac, Macintosh and Apple logo are trademarks or registered trademarks of Apple Inc. in the United States and/or other countries.

Windows 7 Profil Yenileme- Sıfırlama

Çözüme ulaşmak için yapılacak işlemler,
  • Clientı local admin accountu ile açın.
  • Eski dosyaların ( belgelerim, desktop vs.) bulunduğu profil C:\Users\kullaniciadi.domainadi  ( Kullanıcı adı ve domain adı yapınıza göre değişmektedir) şeklinde görünmektedir.
  •  Profili F2 tuşu ile ismini C:\Users\kullaniciadi adı şekline getirin.
  • Regedit’e girin.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList içerisinde sonunda “sid.bak” olan anahtarları silin.
  • Bilgisayarı restart edin ve kullanıcı ile logon olun.
  • Sorun giderilmiş olacaktır.

12 Eylül 2012 Çarşamba

T20 uygulama kaldırma

Tamamen Farklı Bu Yöntemle Orjinal T20 2.3.5 Android Mobil
İşletim Sisteminiz Root Olucak Ve Telefonunuzun Gizli Dosyalarına Girip Görünmeyen Yerlere Super User Yetkisi İle Girip System Korumalı Turkcell'in Fazla Şarz Yiyen Uygulamalarından Kurtulacaksınız
Evet Başlıyoruz İlk Önce Aşağıdaki Aşamaları İzleyin;
-Telefonunuzda arama kısmına * # * # 2846579 # * # * yazın.
-Projectmenu > background settings > log settings> log switch'i on yapın. Geri gelip "log level setting'i de verbose" yapın.
-Telefonu yeniden başlatın, telefon açılınca yukarıdaki işlemleri tekrar yapın(log setting olanları).
-Sonra ayarlar-uygulamalar-geliştirme usb hata ayıklaması ve sahte konumları etkinleştirin. En son bilgisayara bağlayıp usb flas kablosu ile baglayın. Sonra tıklabana.bat'ı bilgisayarda çalıştırın.
Devam Etmek İçin Çalıştırın... Şeklinde Bir Yazı Çıkacaktır Herhangi Bir Tuşa Basın Ve İşlemin Tamamlanmasını Bekleyin Telefonunuz Yeniden Başlıyacak Ve Açıldığında Super User Uygulaması Kendiliginden Yüklenmiş Olarak Duracak Artık RootExplorer Gibi Sistem Dosyalarına Girip Gereksiz Uygulamaları Kaldırabilirsiniz Bunun İçin Bu Forumda Birsürü Konu Var
NOT:Eğer Telefonunuz Sürücüleri Pcnizde Yüklü Değil İse HiSuite Programını Kurun Veya Telefonunuzu Usb Flas Kablosu İle Bağladıgınızda Depolama Açmadan Önce G sürücü sü gibi(değişiklik göstere bilir) bilgisayarım dan görüntüleyebileceğiniz bir sürücü gözükür o sürücü simgesine tıkladıktan sonra adb_driver şeklinde bir dosya var içinde telefonun sürücüleri vardır o dosyanın hepsini masaüstüne kopyalayıp bilgisayarım aygı yöneticisine telefonunuz açılmamış durumdayken tanıtabilirsiniz eğer zor olursa HiSuite Programı Tavsiyemdir Bütün Gerekli Driverları Hemen Yükler.
Gelelim Root Aracı Linkine Buyrun
http://www.multiupload.com/A7PB4WFQLI İndirme Sitesine Girdiğinizde Direct Dowload Derseniz Direk İnmeye Başlar Dosya


http://www.huaweidevice.com/resource/mini/201105239635/hi_suite_en/

24 Temmuz 2012 Salı

Enable TPM via Task Sequence on HP Boxes

Enable TPM via Task Sequence on HP Boxes

Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, :-)
Step One – Get the utility
The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html

Step Two – Create the file
This is how the file should look like and it should have the name TPMEnable.REPSET
image
If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.

Step Three – Create a Command and verify that it works
Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:
BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:"Password1"
So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.

Step Four – Getting stuff into the TS
Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini
So this is how it looks in my Task Sequence
image image
(No, sorry, my password for TPM is not 111-something, trust my…)
Now when I have the application I can open my Task Sequence and modify that like this:
image image
In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.
So, that was pretty easy, right :-)
Step Five – some more things…
Configure BitLocker:
image
This is my settings (also default)
Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…

http://itbloggen.se/cs/blogs/micke/archive/2010/10/18/enable-tpm-via-task-sequence-on-hp-boxes.aspx

Enable BitLocker on HP Laptops via OSD

Enable BitLocker on HP Laptops via OSD

Recently I’ve been at a customer site performing a Windows 7 migration. The decision was made to enable BitLocker on all laptop systems during the OSD process. It took some research, but here is the way we ended up doing it.

The low down:

The models we had to work with were: 6930p, 8530w, 8440p, and 8440w. We knew that all systems had a TPM chip that we could utilize for BitLocker so we did not have to worry about having a flash drive, or something else to keep the BitLocker key on. Also, we decided to publish the BitLocker recovery keys to AD. One thing to note, we built our base Windows 7 image using ConfigMgr with MDT 2010 Update 1 integration and utilizing the MDT Build & Capture TS. Anyone that uses this out of the box will realize only one partition is created and used, and the 100MB or 300MB System Reserved partition is not present for use with BitLocker. Continue reading and you’ll see out I overcame this.

The Steps:

Here are the steps that we followed to prepare AD for BitLocker: http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx I won’t go into it with any detail since we had the AD administrator complete these steps.
Now that we have AD ready, it was time to figure out how to manipulate the BIOS from the OS in an automated way to enable the TPM chip and set a BIOS password, which is required when utilizing TPM with BitLocker. I was able to stumble upon Mike Nystroms blog (http://itbloggen.se/cs/blogs/micke/archive/2010/10/18/enable-tpm-via-task-sequence-on-hp-boxes.aspx) to get a better understanding of the tools that HP provides to accomplish this task.
The next step is to get the BiosConfigUtility.exe command line utility from the HP System Software Manager product. The version I ended up using was the same one that Mike used in his blog, 2.14 Rev A. You can get SSM from here: ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and verify the models you are using are supported from here:ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html  After downloading SSM, I used 7-Zip to open the SSM executable (sp49507.exe) and extract out the BiosConfigUtility.
Utilizing the HP BiosConfigUtility, I was able to run the following command from an HP laptop to build my configuration file that I would use during OSD to configure TPM and set the BIOS password. From an elevated command prompt run the following to get a dump of all the possible BIOS settings: 
   1: BiosConfigUtility.exe /GetConfig:Config.txt
This will dump all of the settings from the BIOS that can be configured using the utility. There will be a lot of settings that can be removed from the file, that way we are only messing with TPM and setting the BIOS password. Here is what I ended up with for my config file, I saved it as TPMEnable.REPSET to follow the steps in Mike’s blog: TPM File

 

Putting it all Together:

Now we have AD prepped and our tool for configuring the TPM chip on HP laptops, it’s time to put it all in a Task Sequence.
I discovered that enabling BitLocker too early in the TS would result in falilures if I chose to not allow full disk encryption before continuing the TS. One example is state restore. When BitLocker is encrypting a disk, the available disk space drops to around 5GB. With the ConfigMgr believing this is the only amount of space left, the TS will typically fail. To avoid this as much as possible, I moved enabling BitLocker as the absolute last step in the TS.
First we’ll need to make a package for the BiosConfigUtility in ConfigMgr. I won’t go over these steps since they are pretty basic, but the only source files you’ll need in the package are: BiosConfigUtility.exe and the TPMEnable.REPSET configuration file. Replicate the package to your DP. Now create a new program with the command line to run the BiosConfigUtility that will configure the BIOS to enable TPM and set the BIOS password. Here is the command line I used:
   1: BiosConfigUtility.exe /setConfig:TPMEnable.REPSET /NewAdminPassword:”PASSWORD”
Obviously I didn’t use PASSWORD as the actual BIOS password in production, make sure to replace it with something stronger that meets the password requirements in your TPMEnable.REPSET configuration file.

The Task Sequence:

Let’s focus on the TS and getting the steps in the correct order for BitLocker to enable on laptop systems during the deployment of a new Windows 7 image.
As I mentioned earlier, I put enabling BitLocker as the last step in the TS. I also grouped the steps, which consists of 3 actual configuration steps and 2 reboots under a group named “Enable BitLocker”. I then went to the options tab of the group and added a condition for the group to only run if the system being imaged is a laptop. Since MDT 2010 Update 1 is integrated with ConfigMgr in my environment, I can simply use the "IsLaptop equals True” TS variable.
IsLaptop
Now let’s create the steps in the order we need to get BitLocker enabled. Here are the steps:
  • Create a new General Step to install software, choose the BiosConfigUtility package we created earlier and the program containing the command line to run the tool.
EnableTPM
  • Since the computer will need to restart to complete the process of enabling the TPM chip, add a Restart Computer step to reboot back into the OS, and not the Boot Image.
Restart
  • Now, this is where we will have to overcome the fact that we donot have a System Reserve partition for BitLocker to use on our hard drive. To get pas this, create a Run Command line step to run the following command:
       1: cmd /c “bdehdcfg.exe –target default –quiet”
    There is a built in utility in Windows to prepare a drive for BitLocker. That is exactly what this step is doing, creating the 300MB partition on the OS drive. Once you run this step, another reboot will be required. Note: be sure to check the box to Disable 64-bit file system redirection if deploying the x64 version of Windows 7.
Prepare Drive
  • The final step, after preparing the BitLocker partition and rebooting the system once more, is to actually enable BitLocker. To do this, create a final step in the group using the Enable BitLocker built-in step. Under Choose the drive to encrypt, make sure the radial button next to TPM only is selected. The under Choose where to create the recovery key, choose In Active Directory. I then chose to NOT wait for BitLocker to finish encrypting the drive before proceeding with the TS.
EnableBL

Wrap Up/Troubleshooting:

Performing these steps should successfully get BitLocker up and running on HP laptops in your environment. Obviously you can customize the steps here to apply to pretty much any model from any manufacturer.
Here are some things I’ve seen that have caused the BitLocker steps to fail:
  • The BDEHDCFG.EXE utility will fail to prepare the drive for BitLocker if the laptop is not on AC power. I always image on AC power, but accidently forgot to plug in a laptop today and learned this lesson the hard way.
  • When using the Auto-Apply driver step in the TS, make sure to NOT include the Infineon TPM driver from HP. This driver would cause the Enable BitLocker step in the TS to not be able to communicate with TPM through Windows 7. Once I removed this driver and let Windows use it’s built-in generic driver, everything started working fine and I could see the TPM device through the TPM interface from within Windows. 
http://myitforum.com/cs2/blogs/ericmorrison/archive/2011/05/11/enable-bitlocker-on-hp-laptops-via-osd.aspx

23 Temmuz 2012 Pazartesi

Mac OS X Single User Mode Root Access

Mac OS X Single User Mode Root Access

There's always the constant battle between user-friendliness and security. Apple has known about this vulnerability for some time now; and back in the days of OpenStep, a patch to that OS was released to fix this problem. Now is the era of Mac OS X, and even though that old OpenStep patch won't work for OS X, Apple could still easily release a similar patch, or better yet, a permanent fix that will be forever installed by default.

It is argued that Single User Mode should allow full root privileges to allow forgetful users to change their password. Yet, I believe this really won't happen in practice with OS X. The average Mac user might forget his or her password, but they probably wouldn't like going into the command line interface of Single User Mode. Rather, they'd boot from the Install CD and reset their password from within the nice, eye pleasing Aqua GUI. Besides, the sysadmins and power users (who might like the CLI more so than the average user) probably won't forget their passwords and would also prefer the security advantage of not having root open as such. So I feel having the ability to reset the password without knowing the password to begin with in Single User Mode is an unnecessary risk and is unnecessary in general.

Moreover, the current granting of root privileges in Single User Mode gives the user the direct ability to not only change the password, but to dump the password hash and crack it. Somebody could easily just obtain the administrative password that way, therefore giving them administrative privileges without even generating anything that would alert the sysadmins of a breach. Whereas if somebody was forced to reset the password to gain root privileges (like the Install CD does), the fact that the administrative password was changed would be a key off to the sysadmins that somebody breached their system.

In conclusion, Apple should work something out to make the Single User Mode require the root or administrative password before granting access into root. Furthermore, the Install CD should be the only method to reset the passwords without knowing the passwords to begin with.


Situation

Somebody's at a Mac running Mac OS X, and they've completely forgotten their user and/or administrative account password on it (or even worse, they never had an account to begin with and are trying to hack the system), so they can't just login at the login screen. If it has a keyboard attached to it, and those keys can be pressed, here's how someone can get into root access with just a couple taps of the keyboard and maybe the scribble of a pen.


Vulnerability

Single User Mode under Mac OS X gives root access privileges without requiring the root password. (Note: Single User Mode is not the vulnerability here; the vulnerability is the fact that root access is given without having to enter in any password whatsoever.)


Exploit

Step 1) Restart the computer (or turn it on if it's already off) while holding down the command and s keys at the same time. (If the computer is running Mac OS Public Beta, just press the s key.) They have root privileges at this moment, but now it's time to take advantage of these privileges.

Step 1.5) Type "/sbin/fsck -y". (Type this without the quotes, of course.) (This step really isn't necessary at all, but it just takes a second, and they might as well just do a quick check of the hard disk before mounting it.)

Step 2) Type "/sbin/mount -wu /" (This mounts the volume "/" with read/write access.)

Step 3) Type "/sbin/SystemStarter" (This starts the network services, which is necessary to gain access to NetInfo.)

Step 4) Here, one could now just type "passwd root" and override the existing root password with one of their own, or worse yet, someone could just get the current root password (and/or the administrative user account password) so the administrators of that computer don't know that their security has been compromised. One of the easiest ways to do this is to just type "nidump passwd ." and write down the root account's password hash. (The hash will be the text that looks like just a garbled mess of alphanumeric characters between two colons.)

Step 5) Now one can type up what they wrote down into a plain text file like the following example: "root:rQkFQ37SYveHw:0:0::0:0:System Administrator:/var/root:/bin/tcsh".

Step 6) Finally, they'll use a cracking program like John the Ripper for the PC, or the Meltino, a Classic Macintosh application, to crack the password hash.

And when it's finally cracked it, they've got the password!


Solution

A good makeshift fix for this can be found at http://users.ez-net.com/~jasonb/secureit.html.
(Version 1.05 of SecureIt has been verified to work under Mac OS X Build 4K78)

Step 1) Download the file: http://users.ez-net.com/~jasonb/secureit.tar.gz

Step 2) Open a terminal window, type "su", and type in the root password when prompted.

Step 3) Go to the directory to where you downloaded the secureit.tar.gz file to, and type "tar xvzf secureit.tar.gz".

Step 4) Type "cd secureit1_05" and then type "./install".

Step 5) You should now be prompted to type in the password that will be required for you to boot up into single user mode. This password does not have to be the same as your root password or any other password you might have, so you can be newly creative for this password.


Links

Information about NetInfo

The SecureIt 1.05 FAQ


http://www.securemac.com/macosxsingleuser.php

18 Temmuz 2012 Çarşamba

Enable BitLocker, Automatically save Keys to Active Directory

Companies have always been concerned about the security of data on their mobile users’ computers.  What happens if the computer is lost or stolen?  How can you be sure that the “stuff” on that computer does not fall into the wrong hands?  The answer is encryption, and there have been various options like GuardianEdgeCheckPoint Pointsec and TrueCrypt, but now with Windows 7 Enterprise and Ultimate, Microsoft has introduced a new alternative called BitLocker and BitLocker to Go that is built right into the Operating System.  Let me tell you about it and how to use it.
  1. About BitLocker
  2. Enable and Activate TPM chip
  3. Boot Order
  4. Enable BitLocker
  5. Automatically Store Keys in AD
  6. Access the BitLocker Recovery Keys
  7. BitLocker to Go (encrypt removable media)

About BitLocker

Before getting started, let me briefly cover just what BitLocker is.  Microsoft describes it as a way to protect your data from being lost or stolen by “putting a virtual lock on your files“.  While this is basically true, it is more than just locking the files, it’s really locking the file system that the files exist on, not just the files themselves.  That’s because BitLocker is a “full disk encryption” suite (FDE) that secures an entire partition and not just contents of directories like EFS does (Encrypted File System). It can also be called “Full Volume Encryption” (FVE) as it is actually encrypting a partition on the disk.
To boil it down further, encryption is just a way of scrambling data by using a secret code or “key” that would make that data unintelligible without that key.  Maybe think of it as something like Pig Latin for data, except that no one can decipher it unless they have your secret decoder key.  That key is usually stored in your computer in a place called a TPM chip (a “Trusted Platform Module“) that is built into most modern laptops, and if the hard drive is ever removed from the computer, or if the computer boots from something other than that hard drive (like a CD/DVD or USB drive) then the data on the disk cannot be read or copied – it is protected by BitLocker!
Here’s a brief video to tell you more.
BitLocker can also be used to encrypt removable media like a USB drive using “BitLocker to Go”.  The drive can then be used on any Windows 7 computer by simply plugging it in and entering the password you created when you encrypted it.  Earlier versions of Windows like Vista and XP can also read the disk (if it’s FAT, not NTFS).  When they attach the encrypted media, if they don’t already have it, they will be prompted to install the BitLocker to Go Reader which is included on the drive, and then they can copy files from the encrypted disk but are not able to write to it.  PCMAG has a nice and brief article on it too.
Here’s another video about BitLocker and this one is all about BitLocker to Go.

Enable and Activate TPM

As I mentioned earlier, in order to decrypt a “BitLocked” drive you must have the decryption key.  This key can be entered manually, which would be very cumbersome, or it can be presented from a USB flash drive that you connect to the computer, but better yet, the key can be stored in a TPM chip that is built in to the computer.  Microsoft has a nice overview of how keys are secured within TPM if you’d like some more details.  Before you can use the TPM chip, you must Enable it AND Activate it.  Most of the laptops I have done this on have required two reboots into the BIOS but you only need to do this the first time you want to enable BitLocker and then leave it alone.
For example, here’s how you do it on a Dell Latitude laptop.  Boot the laptop and press F2 (sometimes Delete) to enter the BIOS, then navigate to Security and select TPM Security.  The first time you open this you’ll only have the option to Enable TPM security by checking the box.  If you’ve been here before you may see additional options but the main thing is to ensure that the box IS checked.  You’ll be told that you need to restart for the changes to take effect so click OK, save your changes and restart.

You’ll want to enter the BOIS again so hit F2 (or Delete) to get into the BIOS System Setup and navigate back to TPM Security again.  This time you can Activate the chip.  Again, save your settings and reboot.

If you don’t have a TPM chip, you can still use BitLocker, but for this guide I will assume you will be using TPM.  HowToGeek has a nice guide on using a USB Startup Key for BitLocker instead of using TPM.

Set the Boot Order

It may not be obvious, but the way the TPM secures the encryption keys is by ensuring that the way your system boots up or starts is always the same as it was at the time you enabled BitLocker.  This means if you are encrypting your system drive (C:) it is important that you set the boot order so that the Hard Drive is always first.  If the computers tries to boot from CD/DVD or USB first then you the TPM chip will not release the keys to decrypt the drive and you’ll end up being unable to boot your system without manually entering the key.  It’s by design. If later you want to boot from other media you can still hit F12 or change the BIOS setting, just know that the disk will not automatically unlock and you will need the decryption key in order to access it.

I have seen it work fine when a “Diskette Drive” is listed first in the boot order, but laptops don’t have those anymore so the HDD ends up being first by natural selection. I find it best practice to force the HDD to be first by definition. Why? For example, if a user has a bootable disc in their computer like a Windows DVD, when their computer boots and reads from the DVD the user is prompted to “press any key to boot” from that disc. If they do not press any key the machine moves to the next boot option, presumably the hard drive, but I have seen some computers try booting next from the encrypted partition and not from the boot partition. This prompts the user to enter the decryption key and results in a call to tech support. If they remove the DVD and boot normally it works fine.
So, new rule: Set the BIOS boot order to load the HDD first. If you need to boot something else press F12 while booting to manually select it at that time.

Enable BitLocker

There isn’t really anything to “enable” in order to start using BitLocker itself on Windows 7, just right click any hard drive that you want to encrypt and select “Turn on BitLocker…”

Note: If you want to use BitLocker on Windows Server 2008 R2 computer, you do need to install the “BitLocker Drive Encryption” Feature as it is not there by default.
This will start up the wizard that’ll first check for a TPM chip.

If all goes well you should see this screen.  If not then you may need to step back and Activate your TPM chip in the BIOS.

You should now be able to click Next through the following couple of pages while the wizard does some setup for you.

When asked to save your key, I find it easiest to just save it to a file someplace (it just generates a text file), the catch is you cannot save it to the drive that you are encrypting!  You can put it on a different local drive if you have one, a network share or even put it on a USB flash drive if you like.  So click on Save the recovery key to a file and put it someplace.  It’ll tell you that the key has been saved and then you can continue.

At this point you are ready to encrypt your drive.  It’s a good idea however to run the BitLocker system check.  It will make sure that the TPM chip can present the decryption keys and you won’t have any issues after the drive is encrypted.  Running the check has helped me catch a few computers with a strange boot order or other problems before I got too deep.


Once your computer reboots, if the check passes you’ll see a balloon pop up from the system tray indicating that the disk is being encrypted.  Now you can just sit back, let BitLocker do it’s thing, and you are done!  If it fails, you might see something like this instead indicating that BitLocker can not be enabled, in which case you’ll have some troubleshooting to do.
While it is encrypting the drive you CAN shutdown or reboot your computer and it will resume the encryption without giving you any hassle.  Also, you may notice that the disk appears to be nearly full until the encryption is complete.  That’s nothing to worry about as once it is complete it will display the true free space of the drive.

The process does take a while and you may notice some slower than normal performance until it’s done, but once the disk is encrypted you should not notice any performance degradation.  In fact, a BitLocker disk should have less than a 5% difference when compared to performance statistics when it is not encrypted which is very comparable to other encryption solutions.

At this point you can call it a day for this computer.  You’ve got BitLocker working and the drive is encrypted.  If you are planning a moree wide-scale deployment of BitLocker, then read on…

Store Keys in AD

If you are looking at implementing or supporting BitLocker in a corporate environment, one of the most important things is to have possession of the BitLocker Recovery Keys.  If that computer ever dies or if you need to pull that hard drive from it’s current hardware then you will need that key in order to decrypt and read it.  Also, unless you configure a Group Policy to prevent it, users can enable BitLocker on their own, purposly or not, and they likely would never think to give you the key.  Rest assured that you can create a domain policy that will require the computer to store it’s key in Active Directory as a property of the computer account and it’s all done automatically!
Microsoft has a very comprehensive guide on how to do this on TechNet.

Prepare Active Directory

If you already have a Domain Controller running Windows 2008 or newer then you already have the ability to store this information in Active Directory.  If you do not, then you cna either add a 2008 DC which will update the schema for you, or just extend the AD schema to include BitLocker information.  If you are not sure, you can check if the required schema objects already exist or not.
If you want to store information about the TPM chip as well as BitLocker, StarrAndersen has provided a script that adds an access control entry (ACE) so that backing up TPM recovery information is possible.  Just log in to one of your Domain Controllers with a domain Administrator account and run the script (cscript Add-TPMSelfWriteACE.vbs).
One last thing to do is to delegate write permissions on the msTPM-OwnerInformation object to the “SELF” account.  Tom Acker has a great article on how to do this on the TechNet blog.  Essentially what you need to do is open the AD Users and Computers MMC, right click the OU where your computers are (or the domain root) and Delegate rights to the SELF account using a “custom task” to only the Computer objects.  You grant General, Property-specific and Create/deletion to the “Write msTPM-OwnerInformation” attribute.

Create Group Policy

Now that Active Directory is ready to store the BitLocker and TPM information, we need a policy that will cause the computers to actually write that information.  Below are the steps to configure Windows 7 and 2008 R2, but if you need Vista or 2008 you’ll find the instructions on TechNet here.
Create a new Group Policy and navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.  There you will see three more folders that contain the settings for how Windows 7 and 2008 R2 manage the BitLocker information for three different kinds of drives: Fixed, Operating System and Removable.

The core settings for all three are pretty similar, just Double click the Choose how BitLocker-protected drives can be recovered setting and Enable it.  Specify that you want to store Recovery passwords and key packages and check the option for Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives.  This prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.

You can repeat this for the other types of drives as well.  Read the included Help text to determine what is appropriate for your environment.
In the same Policy, now navigate to Computer Configuration\Administrative Templates\System\Trusted Platform Module Services.

Double-click Turn on TPM backup to Active Directory Domain Services, enable it and make sure Require TPM back to AD DS is checked.  This prevents the TPM owner password from being set or changed unless the computer is connected to the domain and AD DS backup succeeds.

When you’re done just close the Policy editor and link the GPO someplace in AD that you feel is appropriate.  Now you can test it out by making sure the policy is being applied to a new test workstation (gpresult /h res.htm && res.htm) and then enable BitLocker on it as described at the beginning of this article.  You should no longer be promoted for a place to save the Recovery key as it’ll automatically be stored in Active Directory.
Note: Computers that already have BitLocker enabled prior to getting these policies will not store their recovery keys or TPM information into AD because that only happens at the time of TPM Activation and when you actually enable BitLocker.  You can manually force a computer to store it’s information by using manage-bde -protectors -get c: to find the “numerical password” for the drive, then manage-bde -protectors -adbackup c: -id {NumericalPasswordGoesHere}. New activations will automatically store into AD, so you could disable BitLocker and then re-enable it to cause automatic storage.

Access the BitLocker Recovery Keys

To see the information that is being stored in AD, you need to install the BitLocker Recovery Password Viewer which is a component of Remote Server Administration Tools (RSAT). On your 2008 R2 Domain Controller(s) you simply start the “Add a feature” wizard and navigate to the RSAT/Feature Administration Tools and select the BitLocker Drive Encryption Administration Utilities.

Once the Viewer has been added, you can now open the Active Directory Users and Computers MMC and open the Properties page of any computer account to see the BitLocker recovery tab. There you will see all of the Recovery ID’s and Passwords that have been generated for all drives encrypted by that computer.

But what happens if you have a hard drive that has been encrypted but you do not know what computer it came from? When you attach the disk to a machine and attempt to read it, you’ll be presented with a message that says it’s encrypted and you’ll need the Recovery Password. It will also tell you what the Password ID is. You can then Search Active Directory for this ID to find the Recovery Password.

If the drive was encrypted by a computer in your domain, it’ll find the Recovery Password that you can use to be able to read/write to the encrypted partitions on that disk.

BitLocker to Go

Microsoft is well aware that not all data is going to be stored safely on your locally encrypted hard drives and that potentially sensitive data could be placed on a removable device like a USB Thumb drive.  For those cases, you can still use BitLocker to protect that data using what is being called BitLocker To Go (or BTG in some cases).  You can use Group Policy to allow or require removable drives to be encrypted with BTG, and instead of needing a TPM chip to access the contents, the user need only remember the password that they define.  And you can still store that password in Active Directory in case they forget it.
Rather than go into much detail on it here, you should check out Rocky Hacker’s MSDN Blog post on BitLocker to Go.
In case you are wondering, non-Windows 7 users can still access drives that are protected with BTG, but they use a utility called “BitLockerToGo Reader” which is included on the unencrypted portion of the removable drive, and this only allows them to read or copy contents from the device, not write to it.  This adds some security and is pretty convenient too.

Summary

I think Microsoft has done a great job with BitLocker to give users an easy and transparent way to protect data on their computers and removable drives.  It may require a little leg work on the part of the IT staff to set up the ideal environment to support it, but it is plausible to have the whole thing up and running in a matter of just a few hours.
For those of use (wisely) using SCCM to deploy your Windows 7 workstations, you can also enable BitLocker as a step in your OSD Task Sequence. For details, check out Teh Wei King’s blog post. And if you are using MDOP (Microsoft Desktop Optimization Pack) you should look into the pending release of MBAM (Microsoft BitLocker Administration and Monitoring), currently available in Beta on Microsoft Connect. Yay Automation!

http://blog.concurrency.com/infrastructure/enable-bitlocker-automatically-save-keys-to-active-directory/