Yearly archives: 2009

EFS Recovery – Problems with Ntbackup

If you are trying to perform EFS recovery by backing up encrypted files on a client machine and sending the backup file to a dedicated recovery workstation, remember this:

1) You need to be a local admin while performing the backup, and the restore, in order to back up the data stream even though you don’t have access to the encrypted files.

2) If a policy is disabling EFS on the recovery workstation, ntbackup won’t tell you that it can’t create the encrypted files because EFS is disabled. No. It will simply SKIP the files. So if you have files that get skipped, try to manually create a folder and encrypt it. It has to work else you will not be able to restore the backup properly..

Posted in Security, Windows | Leave a comment

Problems with EFS Configuration in GPOs?

Having issues similar to:

Trying to enable EFS on a specific OU, while it’s disable at the top of the structure or domain?
Recovery certificates from two different GPOs mixing up instead of being replaced?

Overall EFS GPOs looking like they aren’t merging properly?

Well, it’s not because EFS GPOs are supposed to behave like black magic. Turns out there’s a bug, Microsoft’s aware of it, but doesn’t think it would be a good idea to FIX IT on Windows XP and 2003.

Thankfully, all it means is you need to edit your GPOs from a Vista, 2008 or Windows 7 machine.

KB : EFS may not be enabled expectedly after you disable a policy and this policy turn off the EFS feature

Opening my EFS GPOs in Windows 7, switching the Allow/Don’t allow and applying the ‘change’ fixed my GPOs. A few minutes later, and stuff was behaving like it should’ve been… Can I have those wasted hours of my life back, Mr. Ballmer?

Posted in Active Directory, Windows | Leave a comment

New PGP Key !

Here’s my new PGP key, valid until August 1st, 2014. Yeah, I’m kind of sick of generating new ones yearly.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.9 (Darwin)

mQGiBEpzqR8RBADk2w/POIp9FYMdCUOcbRuP5fHEWGyxrAdb19KjTHoHH+L4fk2c
zy5IuvUhYZdC97mBr6S2Pg2bdXcxnSCtCIjeW78q6d6gmjoup0A5dvqNaK4xvWFo
m8LvBochSIl/LjMsyvL7Jbm4rwfKNJVm5aTe5ZcoT97QdI8IxAW10XaLuwCg53R8
F/Ty6yeY2pwxnE7HZGcggCsEAIUbFiGcapUJI1IraYqBQbtjXL8/sX5hqcIdJ3K8
k+LJclIswiR7YYvJPjtiHCe9pe/SnUrOCjN8eygjlQIgWpNYHcMbhobECBR4Q4MU
4CF20tndFmyZU5BkLeUzItn9WE4W4Ib/6Ny5dQYQ7cSipKV4HsOWNXM+onng6N82
/KvxA/9B+5L0e6y7paFbaWkuq9XvcP3UfW3HewAi3WlvChMQ5zWuDSfsgCfEmxIo
1zz9hai6lBcbZinD4pdcWtDI9lHztRoqiSmMMvcZr+TX76ykCERvF1uo++19uH2H
B3pXjTs4wdPZ2XyXfcDWJzl7IrciXLK3J91I+IfLrlYnqRZx3rRcR3VpbGxhdW1l
IFJvc3MgKFRoaXMga2V5IHdpbGwgYmUgdmFsaWQgdW50aWwgQXVndXN0IDFzdCwg
MjAxNC4pIDxndWlsbGF1bWVAYmluYXJ5ZmFjdG9yeS5jYT6IZgQTEQIAJgUCSnOp
HwIbIwUJCWdnoQYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJECFth7cSBE0ry3kA
oMt+O/tKLwELxFE6pct9Sl/bE17yAKCnJml9k4Gj8DyaBlYFnfMzRPkrWbkCDQRK
c6kfEAgAjuBEe96GS3/umwzbdxNBlnh0Fodshq30+aGcxyPOij5muUCeNkw2ieSF
xDefMjfjt2wLqhIms2cPPN0cH3Wg4ZvF1wI51UBfeIj1ivDk7K5EbMbyWsfADNP8
fqAMOpKlWKsSx3C03i0G6Dt+4QyqfT5b5k7SIaFdBRfAbqqdsJtPhn0Q/DbDWt2x
69AapRba7+xROB8I8O1jSH2kM7MiW4bpBIKmkKE4P5gBTk2aWPjhHLap9U4XKdQa
nS6ztLBDyMaH5a4xXKi5xCkWR77Qav9y8uXR8Rr9y7Yw0KTmy8WLRiCKtfNIMTTx
l5mH+vz8dkZhkxw6FstUBfjoVTXtSwADBQf+NLOh1U49bZnyNsRuzrfnoUehgnvk
SgAlWOQhJwEfV5Tv+ysT2+uoEXYrtJo95KPyNkyuzxqP62IFJCI00oHyk6nJZsGb
3Ge5xg8NRoPLfH4Q//wIcZ4sl3rlnZoU8LxmnpvitPAOdLwf5NZ47EIECIdUxt91
Nc7xTJGMhsZPIUmKaMomg/Sq3HS9Z+KQ1q/cp8zpHmV8Oq1EdQjNR/pzRCilz19g
oi8PaWiUkTzOm3bHrvcxf8ijY2RJsSzBdKCu3235Tc5ldXahmR+OPrEUEgiCjJxM
+xoxtkeD5AeOGYlqLD4pfSG/w+IkEaRLYRrV2o967L12eg7I3AZhMmDgOohPBBgR
AgAPBQJKc6kfAhsMBQkJZ2ehAAoJECFth7cSBE0rLQQAn0EzHFSISci9+FSf3psH
7ffGN/K7AJ93zwmaWzjTk0ZOgHXf7llzkZzRVA==
=9tWC
—–END PGP PUBLIC KEY BLOCK—–

Posted in Security | Leave a comment

0xC0000225 Error trying to install Windows 2008 R2 (Or other x64 Windows)

As I was attempting to play with Windows 2008 R2, which only comes in 64bit flavors, I received this error when trying to start the setup:

nothing useful nothing useful nothing useful 0xC0000225 blah blah blah blah blah

This was on the latest version of VirtualBox, on a 32bit host. At first I thought it was a bug in VirtualBox, since it didn’t support 64bit guests on 32bit hosts for so long, but it turns out that when I enabled IO APIC for that Virtual machine, everything worked fine !

Happy testing.

Posted in Windows | 72 Comments

Performance impact of clearing your swap file at shutdown

For security reasons, it might be advisable to clear your swap file at shutdown.

It doesn’t provide great security, and you really should be using full drive encryption anways.

But in case anyone is wondering, for a 1.5gig swap file, this option (ClearPageFileAtShutdown) seems to add about 30 to 40 seconds of time to the shutdown procedure as it overwrites the file with zeroes.

Now turn it back off and install Truecrypt!

Posted in Security, Windows | Leave a comment

Palm’s CES Announcements for 2009 – Replace my iPhone?

As an ex-Palm fan and user, it was with great (desperate?) optimism that I had been waiting for the January 8th announcement at CES.

Palm hyped it up by saying we’d finally get all the Palm new-ness we had been waiting for, but that had been said before. Rumors were circulating..Upgraded Treo pro running Nova… completely new device running Nova, which was rumored to be INCREDIBLE. Devices with touch screen and a full keyboard behind it… this could make sense as Palm said they wanted to “Bridge the gap between the iPhone and the Blackberry”.

I was willing to forget about the unreliability of the latest Palm devices I used. The T2’s digitizer… the removal of Graffiti, the Lifedrive’s complete failure..

Why?

Because I am currently stuck using an iPhone. I say stuck because in reality I would rather be using an Android device, but the G1/Dev1’s 3g frequencies are not compatible with 3g providers in Canada. (We’ll, there is only one Provider actually – Rogers). Also, using Palm devices had always been a great experience, until they became totally outdated, and mostly, until their high end devices were Windows mobile only. Why would someone get a Palm to run that sorry excuse for a mobile OS?

While I do enjoy the multimedia features of the iPhone, and the browser, the major problem with it, to me, is the control Apple has over the app store. I appreciate the app store, but I wish there was an official way of releasing apps without going through the store. Of course, my phone is jailbroken, however, I don’t think companies such as Iambic, who make incredible apps for the PalmOS platform, would spend hundreds of hours to make Agendus for iPhone without knowing in advance if it will be turned down or not, and releasing it as a jailbroken-only app is clearly not a good business plan. Also, the fact that the iPhone third party apps can’t sync with the desktop is a big letdown. “Cloud” computing is great and everything, but I’m not letting a different company host some of my data for every app I need to sync. It’s ok for To-do lists maybe, but what about Password sync? If at least all my data was in an Apple “Sync” account and not on every program maker’s servers, it would be so much nicer.

So the solution seemed relatively simple, but hard to obtain for a company that is cash-strapped as Palm is now, and seemed pretty unrealistic considering the streak of failures that Palm has called innovation. Palm needs to release a wicked device with an awesome touch screen, as precise as the iPhone, and a slide out keyboard. It needs to have better multimedia than Android, and great enterprise features, which the iPhone is lacking. A great Mail client, centralized management, built-in tethering.

And what do we get?

SOMETHING THAT LOOKS INCREDIBLE !

This is the first time in many years that I, and presumably thousands of other Palm fans are excited. The only downside is that it is not GSM/3g, but I am sure a GSM version will come eventually. Palm is back, and by the time my phone contract is over, I’ll buy one!

Posted in Gadgets | Leave a comment

Swedish Greys - a WordPress theme from Nordic Themepark.