I am not expert on these things (encryption), but I have done some reading and found some issues with Encrypted File System I don’t like. I may not describe the issues correctly, so this is just my opinion more than anything.

1. In Windows 2000, don’t even bother. It can be bypassed with their recovery agent or administrator. So if you lose your laptop, the data can be accessed.

2. In XP, it is better and more secure. I think there is no data recovery agent, but I think a local administrator account on a non-domain install of XP will still have the private keys.

3. The private keys are on that hard drive!

4. You still see all the files. The file names are all viewable, and that may be a security risk for some companies. It’s better than nothing, but I don’t like that too much.

5. You can’t encrypt the whole system. Or a whole partition for that matter. You must encrypt a folder, and at that, only the files in that folder are encrypted.

6. Here’s the one I like least… with EFS, when you open a file, it is decrypted to a tmp file. This file is deleted once you finish with it, but as you know, files are not “wiped” from the drive when they delete, they just remove the pointer to it. So unless data is overwritten in that place of the drive, that data is accessible to anyone. If you had a spreadsheet with SSN’s or credit card numbers, and you just happen to lose your system to someone who knows what to do with it, you got a big problem!!

7. There’s more, I just can’t think of them.

Anyway, after doing some reading… I found that Bitlocker in Vista will be a very nice solution. But you have to buy Enterprise or Ultimate versions of Vista to get it. Bitlocker can encrypt the entire OS partition. Now that is nice! That is exaclty what we wanted! And if you set it up correctly, using a key or PIN at boot, it will make an extremely secure setup. One drawback, you can only encrypt the partition the OS is on, not other partitions. You’ll need to use normal EFS for them.

That’s nice, but I have Vista Business. And I don’t want to spend more money right now. Plus, on my main system and pretty much all my clients, they have 2000 and XP. Guess what I found to get me by? TrueCrypt. www.truecrypt.org. Nice product!! And it’s open-source and free!!!!

With TrueCrypt, you can password protect an entire partition with AES 256-bit encryption. You can use multiple ciphers and even key based access using a USB drive. (Bitlocker can do the USB drive thing too!) It’s a tiny program running in the systray. And in my case, I am just running a password authentication and 256bit AES on a separate partition, so my performance is pretty good too, though not as fast without encryption. Now, with XP I will be making redirections to My Documents to that private drive, and saving all my “work-in-progress” there. That, to me, operates reasonably, and pretty darn secure. I could do more to secure it, like use a key file on my usb key drive. Then you cannot get into any of my private data without the key drive inserted! But I need to test that first.

TrueCrypt can also create a virtual drive from a file.� That might be handy, but performance is just a little slower that way.� It cannot encrypt your OS partition though, which is a drag, but at least I can encrypt a separate partition and you cannot see the file system structure.� It has a lot of neat features. Definitely worth trying if you want lock down things.

All the logical fixes didn’t work. Reinstall, removed ide drivers, reinstalled again, no worky.

I was getting an Error code 39 (and 37 on another machine), and the DVD/CD drives would not show up in Windows.

“Windows cannot initialize the device driver for this hardware. (Code 37)”

The problem seems to be caused by CD Burner software that is not loading or installed properly. It’s odd because I’ve found this on several machines lately.  It occurred to me that there are a lot of programs now that can burn CD or DVD.  Itunes, or other music programs for one, they are very common now.  But there’s other things, like some accounting software that can backup to CD.  You have to watch for any of them that might install their own burning capability.

The solution was to remove the upperfilters and lowerfilters in the registry key below:

Find  "UpperFilters" and "LowerFilters" values in this key and delete them:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

After that, I uninstalled the device in Device Manager, and scanned for new hardware.  The drive came right back up!

More details on this page:

http://support.microsoft.com/default.aspx/kb/314060

In Windows Vista (mine is Business version) my Help and Support would not open. Said something about like:

“internet explorer cannot download from / help”

For some reason, Dreamweaver 8 install messed this up.� The fix was to tweak the file type association.� I just did� a simple registry update, but there might be other ways.

In the registry I had this:

[HKEY_CLASSES_ROOT.xml]

@="xmlfile"

"Content Type"="application/x-xml"

"PerceivedType"="text"

Under HKCR\.xml key, I had a Content Type of “application/x-xml” set.� I updated that to “text/xml”

So the final fix should look like this:

[HKEY_CLASSES_ROOT.xml]

@="xmlfile"

"Content Type"="text/xml"

"PerceivedType"="text"

And my Help and Support started to work!

All these years and I’ve never known how to determine what the “master browser” was on my networks. How many times do you see those event log errors about “such and such is not the master browser” or “unable to get a browse list”. Not that I know how to fix all that, but at least I can find out WHAT THE MASTER IS in the first place!

There’s a cool utility called: browstat

Run from command line. There is one stupid thing though, you need to determine your Netbios transport first. To do that, run: net config rdr

C:\>net config rdr

Computer name                        \\MYSERVER

Full Computer name                   myserver.yourdomain.com

User name                            administrator

Workstation active on

        NetbiosSmb (000000000000)

        NetBT_Tcpip_{0FCE584B-9B98-4D26-A241-1A070D06767A} (00188B3A1EE6)

        NetBT_Tcpip_{F55EF45C-33E5-4842-A4AC-8DFF82D07B76} (00188B3A1EE8)

Software version                     Windows 2000

Workstation domain                   YOURDOMAIN

Workstation Domain DNS Name          YOURDOMAIN.com

Logon domain                         YOURDOMAIN

COM Open Timeout (sec)               0

COM Send Count (byte)                16

COM Send Timeout (msec)              250

The command completed successfully.

So you can see… what a mess! You need this:

NetBT_Tcpip_{0FCE584B-9B98-4D26-A241-1A070D06767A}

And to get your master browser run this:

browstat getmaster NetBT_Tcpip_{0FCE584B-9B98-4D26-A241-1A070D06767A} YOURDOMAIN

It should return something like: Master Browser: MYSERVER

You can also run: browstat status YOURDOMAIN
This will list all kinds of useful info, including your transports.  It shows your backup servers, as well as your master browser.

Event ID 40960 and 40961

“The Security System detected an attempted downgrade attack for server…”

In my case, when we logged the user in and opened Windows Explorer to a network share, we received an error. “The system detected a possible attempt to compromise security.” Then in the event logs, we saw the errors above. Turned out, a previous administrator saved a logon password under this user account. To remedy, you must open Control Panel, User Accounts, and then the Advanced tab. Then click the Manage Passwords button. In there, you can set and modify network passwords for specific servers. (a feature I never knew existed!) Sure enough, the server we were connecting to was in that list and set to the name of an ex-admin. Removed that item, and problem solved!

We had some computers showing a set of numbers as the computer on a mapped drive. They happened to be some numbers auto-added by Dell setup, I think. But that’s not the issue. It’s just showing the wrong thing on a mapped drive.

For example: Running “net view” shows a server like so:

Server Name   Remark

\\server    8400238585

So on our mapped drive it looked like this:

N: Sharename on 8400238585 (Server)

That is so annoying!!!

The fix…

First, change the server comment so it makes sense. On the server:

Right click My Computer, select Manage.
Right click the top item (Computer Management),and select Properties.
Go to Network Identification, and type in the Description you would rather have.

You probably need to restart the Server service or even reboot that server to take effect. You can also do that to other servers from the same location, by right clicking the same item and selecting “Connect to another computer”.

You can also update this in the registry, can’t remember exactly where. But I think its a key called “srvcomment” under HKLM\Currentcontrolset\Services\lanmanserver.

You can also run this on the server:
net config server /srvcomment:”My new description”

Now, to fix XP you need to do this:
http://support.microsoft.com/kb/330193