
System Utilities in Windows
This is a guide on system utilities in Windows.
Credential Manager
In this demonstration, we'd like to introduce Credential Manager. And we've never really had anything even remotely like this in the Microsoft world until very recently. [Video description begins] The Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Devices and Printers. The presenter points to the Credential Manager link. [Video description ends] In Google Chrome, there is a place where I can manage my passwords and I can see my passwords, which means, if I get your password to your Google account, there's the potential for me to be able to have your passwords to everything, which is deeply concerning to me, right? That's a thing that's easily exploited through social engineering, misplaced trust, any number of ways, a simple keylogger.
In Credential Manager today, [Video description begins] He clicks the Credential Manager link. The Manage your credentials page opens. There are two options: Web Credentials, which is selected, and Windows Credentials. A list of web passwords associated with his Hotmail account displays. [Video description ends] I can see those things so, if you had my password for this account, you would also be able to show my password to GitHub, to Hotmail, to Facebook and, of course, you know what it is you're looking at here. [Video description begins] He expands the node associated with the GitHub website. Information such as the site's address, the account he accessed the site with, and his password, displays. The password displays as a series of dots, but has a Show link associated with it. He expands the Hotmail login and Facebook nodes. Similar information displays. [Video description ends] These are the websites, these are the separate authentication buckets out there on the public Internet that I frequent. And so, when that little dialog box came up after authentication that said, do you want to save the password for this site, I said yes. And now those credentials are available to me here.
Now, the thing is, in the past, the credentials, your Windows credentials at the very least, and many of these other web-based credentials, were never stored anywhere as plaintext. The hash of the password was stored. The hash of the password was transmitted across the wire, but the password itself never was. Now, I can get a cleartext of all your passwords right in here and, potentially, it's of concern to me, not because of the technology but because of people, which is a very different thing. Now, in addition to these kinds of credentials being stored in here, and providing a centralized location for the management of that, which is a real problem today, right, as the Internet has grown, as our use of it has grown, the one central problem that we have yet addressed to figure out is a single credential that is trusted everywhere across the public Internet. There simply isn't such a thing as say, an Internet driver's license or an Internet passport. Microsoft, of course, tried with its .NET Passport some years ago, as you may well remember.
And we have federated services, which gives us a great deal of flexibility as well as single sign-on opportunities, but those relationships are always relationships between the entities involved. They are not endemic across the public Internet and so, the complexity of managing user accounts and passwords for every credit card you have, for your bank account, for the DMV when you renew your registration every year, it's really become a problem. And tools like this, like the Web Credentials interface that we see here in the Control Panel Credential Manager applet, are going to become increasingly important. [Video description begins] He points to the list of web passwords and associated information that displays. [Video description ends] Which means that they're going to increasingly come under attack because this is where the gold is, right? Here's the keys to the kingdom.
Over here, just adjacent to the Web Credentials, is the Windows Credentials, [Video description begins] He clicks the Windows Credentials tab. Credentials are sorted into categories such as Windows Credentials, Certificate-Based Credentials, and Generic Credentials. [Video description ends] and this is my Active Directory User account, my Active Directory authentication, my domain membership. I see the Autodiscover service there, as well as my Office 365, addresses, etc. [Video description begins] He points to some of the credentials listed in the Generic Credentials section. [Video description ends] And you will all note that I have two Microsoft Online emails, which I have had since Bill Clinton's second term in office, and then which I've had since W's first term in office, and so I always welcome everybody and anybody to feel free to email me at anytime.
If we had some kind of Internet driver's license, what kind of form might it take? Well, if we look just right near the top of the page here, Add a certificate-based credential, [Video description begins] He points to the Add a certificate-based credential link alongside the Certificate-Based Credentials section header. [Video description ends] the public key infrastructure of third-party certificate providers has created a worldwide web of trust. When I go to Verisign, when I go to GlobalSign, when I go to any one of the 165 certificate manufacturers trusted by Windows Live, and I buy a certificate from them, I know that that certificate is going to be broadly trusted across the planet. I know that it's going to provide on-the-wire encryption of my data, It's going to ensure the integrity of the data, and it's going to authenticate me.
It's going to prove to the party I'm speaking to, that I am who I am. They're going to have confidence in me, right, because that's not a credential that's readily forged here at the dawn of quantum computing. Now, a few years from now, it might be a different story but, for right now, if you have yet to look at public key infrastructures, certificate-based authentication mechanisms, and the nature of key pairs, public and private key pairs, the Diffie-Hellman model, I encourage you to take a good long look at that stuff. Set up your own Certificate Services infrastructure. You've got a Windows server license, you have everything you need to do that. This is a look at Credential Manager in Windows 10.
Programs and Features
In this demonstration, we'd like to take a look at the Programs and Features applet in the Control Panel, and this is where I can manage the installed applications and native Windows features. One of the questions that arises sometimes is, why is the Windows footprint so big? When we think about needing 4.5GB, 4.5GB of disk space to install Windows 10, a lot of folks want to know why. What's taking up all that space? Well, one of the things is what we call Features on Demand support.
And so, if I launch the Programs and Features applet, [Video description begins] The Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Devices and Printers. The presenter clicks Programs and Features. The Uninstall or change a program page opens. A list of programs, such as iTunes, Dell SupportAssist, and Adobe Acrobat Reader DC, displays. [Video description ends] There is a choice here, in the left-hand navigation pane, to Turn Windows features on or off. [Video description begins] The presenter points to the Turn Windows features on or off link in the navigation pane. [Video description ends]
And, if I make that selection, I get the features dialog box, [Video description begins] He clicks the link. The Windows Features window opens. A list of features displays, each with an associated checkbox. [Video description ends] and I see the list of features that I can enable here; .NET Framework 3.5, .NET Framework 4.7, [Video description begins] He points to the .NET Framework 3.5 (includes .NET 2.0 and 3.0) and .NET Framework 4.7 Advanced Services checkboxes, which are selected. [Video description ends] Active Directory Lightweight Directory Services which, if you've been in this business a while, we used to call that ADAM, Active Directory and Application Mode. [Video description begins] Active Directory Lightweight Directory services is not selected at this stage. [Video description ends]
Containers; everybody that's in the software development business today is in the process of containerizing, that's now a verb, [Video description begins] He points to the Containers checkbox, which is selected. [Video description ends] their product and, the reality is, what we see with that is that, if you have a development cycle that takes say a 100 weeks, you can cut that development cycle and your QA testing down to something like 15 weeks. Now, that's more than a little progress, that's a huge savings. That's an edge over your competition and a huge advantage in the marketplace in getting your product to market. And so we see that there's this whole list. It's quite a list, right? [Video description begins] Other options include Hyper-V, Internet Information Services, and Media Features. [Video description ends]
And the reality is that, for me to be able to come in here, and let's say I want to enable the Telnet Client, because the Telnet Client is no longer included automatically, right? It's the sort of thing we'd want to be deprecating frankly, but let's say I have some need for it. I come in here, I select the Telnet Client, [Video description begins] He selects the Telnet Client checkbox. [Video description ends] the list is alphabetized, and Windows Features tells me it's Searching for required files. [Video description begins] He clicks Okay. A Windows Features dialog box opens. A message notes that it is searching for the required files. A progress indicator bar also displays. [Video description ends]
Now, ladies and gentlemen, what does that tell you? It tells me that the underlying binaries that I require for this feature set are already present on the disk. [Video description begins] The message updates, noting that the changes are being applied. [Video description ends] Why do I need 4.65 GBs for an installation of Windows 10 Enterprise edition with Office? Because everything I need to enable this vast array of features is present on the disk from the time of install, and we call that Features on Demand. [Video description begins] A message displays, noting that the requested changes have been completed. [Video description ends]
Now, if you are interested in minimizing the footprint of the installation, you can remove these features, right? I can write a little PowerShell script that actually removes the underlying binaries and frees up the disk space. Not a hard thing to do and folks are doing that, they're stripping the installations down, so as to minimize the impact and reduce the attack surface, because the more that's on the disk, the more doors you have that come into the place, the more likely it is that somebody is going to find a way to use one of those doors. Now, in addition to being able to add the native features, [Video description begins] He clicks Close on the Windows Features dialog box. The Uninstall or change a program page displays. [Video description ends] we can remove applications that have been installed.
And so there is this choice, Uninstall or change a program, and that's as simple a thing as here's, what would I like to remove? [Video description begins] He points to the page header. [Video description ends] While we're here and we're doing this, I ought to get rid of something that I'm not really using and, boy, I'll tell you, I use everything. Now, Bonjour looks like it would be a good choice, right, but that, in fact, supports my iPhone. So, if I were to remove one of these, right, it would as simple as selecting the item in the list. [Video description begins] He selects Bonjour from the list of programs. [Video description ends] Here, this is an easy one to take out and throw back in again. [Video description begins] He selects Google Chrome, then clicks the Uninstall button on the toolbar. A User Account Control prompt opens, asking for confirmation for the app to make changes to his device. [Video description ends]
Do I want to allow this to make changes? Yes, that's the UAC prompt coming up on me there. I will also delete the browsing data [Video description begins] He clicks Yes. The Uninstall Google Chrome prompt opens, requesting confirmation to uninstall the program. He selects the Also delete your browsing data checkbox and then clicks Uninstall. [Video description ends] and then that'll run and, when it's done, I'm told Google Chrome has been uninstalled and I can respond to the Google survey there. [Video description begins] Google Chrome Help opens in a browser tab. A message displays, noting that Google Chrome has been uninstalled. Below the message is a survey related to the performance of Google Chrome. He minimizes the browser. The Uninstall or change a program page displays. [Video description ends]
The last thing here is the choice to Install a program from the network. Now, this requires a network infrastructure. [Video description begins] He points to the Install a program from the network link in the navigation pane. [Video description ends] Essentially, what I need is out on the network someplace and, here, you can see I have a share out on one of the file servers. [Video description begins] He opens a File Explorer window. This PC is selected in the navigation pane. A number of files and devices are listed. He points to a shared network drive in the Network locations section. [Video description ends]
So, I've launched the File Explorer window, and in the File Explorer window, there's a network location share. And, if I open that share, this is a share that's out on one of the file servers. [Video description begins] He double-clicks the drive to open it. The contents of the drive are made up of a variety of files and folders. [Video description ends] What I would do, prior to the users being able to take advantage of this feature, is out here. I would create a software distribution point, so I'll create a directory called SoftwareDistPnt [Video description begins] He right-clicks the content pane and a shortcut menu opens with options such as View, New, and Properties. He selects New and a flyout menu opens. He selects Folder. A New Folder displays. He names the folder SoftwareD-I-S-T-P-N-T. [Video description ends] and then, into that directory, I will copy all the executables, any INF files, CFG, whatever it happens to be for the application. The default choice today is MSI package files. We would want these to be MSI package files to streamline that process, but there's a number of things that you can do to tweak it out for other install types.
The software distribution point is created, the executables are copied there. The last thing to do would be to right-click the software distribution point, go into the Properties, and share that folder out, so that people could get to it. [Video description begins] He right-clicks the folder and selects Properties from the shortcut menu. The SoftwareD-I-S-T-P-N-T Properties dialog box opens. The General tab is selected. Information for the folder, such as its type, location, and size, displays. He clicks Cancel to close the dialog box. [Video description ends] The permission sets for your users, should be set to Read and Read and Execute, in order for them to be able to execute the installation from the network location. Additionally, I would then use group policy to publish those apps out to the individual clients, and so the users would see the list of applications that are available for them to install.
This is a look at the Programs and Features applet in Windows 10.
HomeGroups
In this demonstration, we'd like to show you how to set up HomeGroup. And so I access the Control Panel and, from the time of Windows Vista through 7, there was a HomeGroup applet. You may notice there is no HomeGroup applet. HomeGroup has been deprecated in Windows 10. Now, what it was was an easy way for you to share your media in the home, and what could be more useful to us than that? And so, today there, and I can show you here, in less than five minutes, how to set up what is essentially HomeGroup, because it is just so wonderfully usable.
Now, in the past and for anybody looking to take the A+ 220-1002 exam, you would want to get a Windows 7 machine or a Vista machine, an 8 machine, and try your hand at HomeGroup, if you haven't already. We're living in the postmedia age. We should be able to stream our content. If we're having a party here at the house, my smart TV should be able to roll through a slideshow of all the pictures of every party we've ever had. And so, at some point in the evening, every guest sees themselves on the big screen, right? That's the world we're living in, and the tools to do that are still really quite accessible. And, in fact, I might suggest that this methodology is, in fact, superior. And it's superior because it uses native 128-bit encryption, and does not require a password. Passwords can be captured, passwords can be broken, passwords can be guessed. We don't have that problem here.
So, let's take a look; [Video description begins] The Windows 10 Control Panel - All Control Panel Items page displays. Links include Administrative Tools, Color Management, and Devices and Printers. [Video description ends] again, there's no more applet for this but, if I were to launch the Start menu and then go to Settings, here I can see the Windows settings in the Windows 10 interface, [Video description begins] The presenter clicks the Start button and types "settings" in the search field. He selects Settings from the list of suggestions that displays. The Windows Settings page opens. It includes a number of categories, such as System, Devices, and Phone. [Video description ends] And I can see, when I hit Network and Internet that, currently, my network is identified as a Public network. [Video description begins] He selects the Network and Internet category. The Network and Internet page opens. Status is selected in the navigation pane. The Status page displays the connection status, which is Ethernet 2 Public network. [Video description ends] Now, that's no good.
First of all, it's a private network, right? We sit behind the firewalls here at the house, the cable modem, and then our own firewalls. And I know all the devices that are on this network, even the wireless part of the network, because you have to get within 35 feet of the house to get a signal. And, where I live, it's 20 minutes one way for a quart of milk, so if you're within 35 feet of the house, I know you're there. There's a choice here to Change connection properties. And so I'll select that Change connection properties, [Video description begins] He clicks the Change connection properties link on the Status page. The Network 2 page opens. It has options to change the network profile and set the connection as metered. [Video description ends] and I will reset the Network profile to Private. [Video description begins] The Network profile section has two radio buttons: Public, which is selected, and Private. He selects the Private radio button. [Video description ends] And that was a requirement to use HomeGroup, and it's going to be the requirement for this workaround as well.
There's a choice right below Private, to Configure firewall and security settings [Video description begins] He clicks the Configure firewall and security settings link in the Network profile section. A prompt displays, requesting confirmation to switch apps from Settings to Windows Defender Security Center. [Video description ends] and, if I hit that, I open the Windows Defender Security settings. [Video description begins] He clicks Yes. The Windows Defender Security Center window opens. The Firewall and network protection page displays. Options for the Domain network, Private network, and Public network display. The firewall is off for the Domain and Private networks, but on for the Public network. [Video description ends]
Once we've identified the network as private, meeting the old requirements for HomeGroup, if I come back to Settings and I select Status, [Video description begins] He closes the Windows Defender Security Center window and clicks the back arrow on the Network 2 page. He returns to Network and Ethernet settings. Ethernet is selected in the navigation pane. He selects Status from the navigation pane. The Status page opens. [Video description ends] I can see that I am connected and that the network now identifies itself as Private. [Video description begins] A message displays, stating that he is connected to the Internet. He points to the Network status, which is: Ethernet 2 Private network. [Video description ends]
Excellent; with that network now private, if I select Ethernet from the navigation bar at the left, [Video description begins] He selects Ethernet in the navigation pane. The Ethernet page opens. A status displays, noting that Network 2 is connected. [Video description ends] there is a choice to Change advanced sharing options. [Video description begins] He points to the Related settings section, which contains options such as Change adapter options and Change advanced sharing options. [Video description ends] And, if I go in there to Change advanced sharing options, there's a couple of settings that we need to tweak out, [Video description begins] He clicks Change advanced sharing options. The Change sharing options for different network profiles page opens. It includes options to change the settings for each network profile, public folder sharing, and media streaming. [Video description ends] and those are found down here. [Video description begins] He points to the Public folder sharing, Media streaming, and File sharing connections sections. [Video description ends]
Now, right off the bat, there's the File sharing connections. Windows uses 128-bit encryption to help to protect file sharing. Some devices won't support it. You have to use 40, 56-bit encryption. [Video description begins] He points to the message in the File sharing connections section. [Video description ends] Now, under no circumstances should anybody be using 40 or 56-bit encryption. With a Windows 7 laptop with 2GB of RAM, I can crack those in less than an hour, and any script kiddie that can download from the dark web can do it too. 128-bit encryption is also crackable today, but that takes some effort; real effort and time. [Video description begins] The Use 128-bit encryption to help protect file sharing connections (recommended) radio button is selected. The other radio button is: Enable file sharing for devices that use 40- or 56-bit encryption. [Video description ends] It's unlikely anybody's going to have enough time to do that in your home.
And remember, we're talking about the home network here, this is not something you would do in your business, and so 128-bit is okay for me at home today. In my business, I enforce 256-bit encryption. No but, because 128-bit, it's not that long ago that the only people that could crack 128-bit encryption were the usual suspects, right, the Russians, the Chinese, the Israelis, us, that is to say the United States, and a few others. But, as we all got better at that, so did the bad guys. So, in our businesses today, guys, everything should be 256. Now, there's the choice here, Choose media streaming options. [Video description begins] He clicks the Choose media streaming options link in the Media streaming section. The Choose media streaming options for computers and devices page opens. At this stage, media streaming is not turned on. [Video description ends]
Do I want to turn media streaming on? Yes, I do. [Video description begins] He clicks the Turn on media streaming button. Additional options, such as naming the media library and selecting devices to access shared media, display. [Video description ends] We have allowed, All devices to access your shared media. [Video description begins] He points to the Allowed checkbox associated with the Media programs on this PC and remote connections option, which is selected. [Video description ends] Now that's all devices; that's every smart TV, every phone that anybody brings into the house and connects to the network, etc. I can show devices on the Local network or on All networks. [Video description begins] He opens the Show devices on the drop-down list. The options are: All networks and Local network. He selects All networks. [Video description ends]
And, in point of fact, we do have more than one network here in the house which may add some complexity to it. [Video description begins] He clicks the Choose default settings link below the Name your media library option. The Default media streaming settings dialog box opens. It has options to choose what media is streamed by default to all devices on the network. [Video description ends] If you have children in your home and you're concerned about ratings, you can create a ratings system here, or apply a ratings system. [Video description begins] He points to the Choose parental ratings section. There are radio buttons for All ratings, which is selected, and Only. The Only radio button has a list of checkboxes associated with it, which include Music: Unrated, Pictures: Unrated, and Recorded TV: Unrated. He closes the dialog box. [Video description ends] If I happen to have other devices on at this time, they should show up in that, in this list, [Video description begins] He points to the Show devices on drop-down list. [Video description ends] and that's about it. We are done with that, we can close out of this. [Video description begins] He closes the Choose media streaming options for computers and devices page and returns to the Ethernet page. He closes the Ethernet page and returns to This PC in the File Explorer window. [Video description ends]
And here I have my Libraries selected, my Documents, Downloads, Music, Pictures, and Videos in a File Explorer window. [Video description begins] He points to the libraries in the Folders section. [Video description ends] If I right-click these selected directories, there is a choice to Give access to [Video description begins] He points to the Give access to option in the shortcut menu. A flyout menu opens with two options: Remove access and Specific people. [Video description ends] and, in the earlier versions of HomeGroup, there would be HomeGroup settings here. Those settings do not exist here; HomeGroup is deprecated in Windows 10. I'm going to give access to Specific people, [Video description begins] He selects Specific people. A Network access window opens. Choose people on your network to share with page displays. There is an option to add users to an access list. [Video description ends] and the Microsoft guidance on this is, if you're only streaming from a single machine, you give everyone Read permissions, and that's all they need. [Video description begins] He types "everyone" in the text box and clicks Add. The associated Permission Level drop-down list for Everyone is set to Read. [Video description ends]
Now, legitimately, if we were collaborating on documents and there was an expectation that you and I would both be editing the same Word document, I could up this permission level to Read/Write, or I could Remove other permissions that I had specified at earlier times. [Video description begins] He opens the Permission Level drop-down list for Everyone. The options are Read, Read/Write, and Remove. [Video description ends] But, for our purposes right now, that'll do. [Video description begins] He accepts the Read setting. [Video description ends] And that's it. That's your workaround to get something that looks and feels...it certainly does the job of what HomeGroup did, only I ensure that the data traverses the wire in an encrypted fashion and I don't have a dependency on passwords.
That's a look at what has become of HomeGroup in Windows 10 and what it was in the last few iterations of the operating system.
Sound, Devices and Printers
In this demonstration, we'd like to take a look at sounds, devices, and printers. And here, in the Control Panel, there is the Devices and Printers applet for managing all the connected devices on the machine. [Video description begins] The Windows 10 Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Autoplay. The presenter points to the Devices and Printers link. [Video description ends] And, of course, the reality is that the advent of USB has simplified this in ways that I could never have imagined when I started in this business, because there was a time that it was very different. So, it's worth mentioning, I think, that if you do the search on the Start menu.
So, in the lower left-hand corner I'm going to launch the Start menu, [Video description begins] He clicks the Start button. The Start menu displays a list of apps and app tiles. [Video description ends] and then I'm going to type in "devices and printers," but there's no devices and printers come up. [Video description begins] He types "devices" in the search field. He points to the list of search results. The Best match option is Printers and scanners. [Video description ends] This is in Windows 10 here. I get Printers and scanners. And, if I go to Printers and scanners, [Video description begins] He minimizes the Control Panel. The Printers and scanners page displays in the Settings window. It has options to add printers and scanners, as well as a list of printers and scanners that are available on the presenter's PC. [Video description ends] I get a Windows 10 interface for the management of printers, scanners, and then the other devices appear in the left-hand navigation pane. [Video description begins] He points to the Devices section in the navigation pane. Options include Bluetooth and other devices, Mouse, and Pen and Windows Ink. [Video description ends] And this looks very different, I think.
If we go into Devices and Printers here, you can see this looks like 2004, right, very 2004, [Video description begins] He maximizes the Control Panel window and clicks the Devices and Printers link. The Devices and Printers page opens. There are sections for Devices, Printers, and Unspecified. Each device is represented by a thumbnail icon of the device along with the device name. [Video description ends] and I can do all the things in here that I would expect I should be able to do, right? I can add printers, I can add devices, I can clear a printer queue. [Video description begins] He points to the Add a device and Add a printer options on the toolbar. [Video description ends] One of the most common things, I think, that happens is jobs are misdirected to a printer or, rather, to a print device, and you need to clear the queues on those. And so we can do that here, we can specify default printers here. [Video description begins] He points to the Printers section, which includes a fax machine, a physical printer, and options such as Send To OneNote 2016. [Video description ends] If we take a look, I have the Office Inkjet printer which, in point of fact, is the only print device I have. [Video description begins] He right-clicks HP Officejet 4630 series. A shortcut menu opens. Options include Open, Open in a new window, and See what's printing. [Video description ends]
And, for those of you whose ears are particularly sensitive, or who have had this conversation before, you will note that, as I talk about these, I'm making the distinction between the software interface, which we refer to as the printer, and then the device that does the actual physical printing, the print device. I can see the queues here, I can Set as the default printer, and I can specify Printing preferences. Do I use the fax or do I use the print portion of the device? [Video description begins] He points to the See what's printing, Set as default printer, and Printing preferences options in the shortcut menu. In each case, a flyout menu opens which allows him to select either the fax or print option for his HP printer. [Video description ends] In point of fact, I don't have a telephone line attached to that device, I don't have a need for a fax these days, and so there is, even though the device performs more than one task, the other task is not available to it because the underlying infrastructure is not there, right? I can access the Printer properties here and delete the print queue. [Video description begins] He points to the Printer properties and Delete print queue options in the shortcut menu. Each has a similar flyout menu as the previous options. [Video description ends]
I meant to type five copies, I want five copies of this thing and, instead, I've managed to type 500 somehow. Well, I don't want that, and so I've purged the queue, right? That's one of the ways that that can be done. If we take a look at the Printer properties, [Video description begins] He selects Printer properties - HP Officejet 4630 series. The HP Officejet 4630 series Properties dialog box opens. The General tab is selected. Other tabs include Sharing, Ports, and Advanced. [Video description ends] and I'll do that just by selecting it from the menu, we can change the Properties by selecting Change Properties, [Video description begins] He clicks the Change Properties button. The dialog box refreshes. [Video description ends] and that's a change from earlier versions of the operating system. In earlier iterations of Windows, if I came in here and I changed anything, even accidentally, and then hit OK, well, that's it, right, I'm stuck with that.
Here's where I can share the printer here so it's available to everybody, update the drivers. [Video description begins] He clicks the Sharing tab and points to the Share this printer checkbox, which is not currently selected. There is also a Driver section, which contains an Additional Drivers button. [Video description ends] Now, see on the Ports tab here, and this is the third tab in the HP Officejet 4630 series Properties dialog box, I see the COM ports, the old serial ports, the printer ports. [Video description begins] He clicks the Ports tab. A list of ports, such as LPT3, COM1, and COM2, displays. Each port has an associated checkbox. [Video description ends] And this used to take a lot of time. USBs, and a number of other technologies that are now built into the operating system, save us from the conflicts of the I/O conflicts that we used to have to deal with. [Video description begins] The USB001 checkbox is selected. [Video description ends] It's a much better world to live in.
Now, in addition to being able to manage devices and printers here, [Video description begins] He clicks Cancel to close the printer properties dialog box. [Video description ends] if I look in the upper left-hand corner, there's the Andrea USB-SA Headset, which is both an input and output device. [Video description begins] He points to the Andrea Comm USB-SA Headset in the Devices section. [Video description ends] The earpiece, of course, I can hear what's coming through the stream and, with the microphone, I can respond to that stream. Traditionally, if I open the Start menu and I type "manage audio," I see I have a Manage audio devices choice. And, if I open that up, [Video description begins] He clicks the Start button and types "manage A-U-D" in the search field. He selects Manage audio devices from the Best match section in the list of search results. The Sound dialog box opens. The Playback tab is selected and a list of playback devices displays. Other tabs include Recording and Sounds. [Video description ends] and this is also if I were to minimize this window [Video description begins] He minimizes the Devices and Printers page. The Printers and scanners page displays in the Settings window. He clicks Bluetooth and other devices in the navigation pane. The Bluetooth and other devices page opens. He points to the Andrea Comm USB-SA Headset listed in the Audio section. [Video description ends] and look back here; Bluetooth and other devices, there I can see the Headset.
Again, I see Sound settings over here. If I hit Sound settings, notice the distinction. [Video description begins] He clicks the Sound settings link in the Related settings section. The Sound page opens. There are options to select an output and input device, and set the volume. He opens the Sound dialog box from the taskbar. The Playback tab is selected. [Video description ends] This is a very traditional Windows dialog box, while the Settings page is designed not for a desktop environment but for tablet, phone, desktop, anywhere you go, which, of course, that's the world we're living in today. And then, in here, I can do things like access the Properties of the speaker, [Video description begins] He selects Speakers from the playback devices in the dialog box, then clicks Properties. The Speakers Properties dialog box opens on the General tab. Other tabs include Levels, Enhancements, and Advanced. [Video description ends] I can set Levels, [Video description begins] He clicks the Levels tab. Sliders to set the levels for the speakers and microphone display. [Video description ends] I can specify Enhancements to the sound, I can boost the bass, [Video description begins] He clicks the Enhancement tab. A list of enhancements displays, each with an associated checkbox. He points to the Bass Boost checkbox. [Video description ends] specify the bit rate or, rather, the sample rate and bit depth to be used when running in shared mode. [Video description begins] He clicks the Advanced tab. Options to set the default format and exclusive mode display. The sample rate and bit depth for shared mode drop-down list is set to: 16 bit, 48000 Hz (DVD Quality). [Video description ends]
This is a look at managing audio devices, printers, and other devices in Windows.
Bitlocker
In this demonstration, we want to take a look at enabling BitLocker Drive Encryption. [Video description begins] The Windows 10 Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Autoplay. [Video description ends] I can see here, in the Control Panel with the view set to Large icons in the upper right-hand corner, there is the BitLocker Drive Encryption applet. [Video description begins] The presenter points to the View by drop-down list, which is set to Large icons. He clicks the BitLocker Drive Encryption link. The BitLocker Drive Encryption page opens. A list of drives displays, sorted into Operating system drive and Fixed data drives sections. [Video description ends]
Now, the first thing that you should note when we enter the BitLocker Drive Encryption applet is that BitLocker is enabled on a per volume basis, or on a per disk basis. And, so here, we have a C drive, and that's the Operating system drive, [Video description begins] He points to the C drive in the Operating system drive section. [Video description ends] and then there are two Fixed data drives, the D drive and the E drive, [Video description begins] He points to the D, Cold Storage, and E, Hot Storage, drives in the Fixed data drives section. [Video description ends] and I see that BitLocker is off for those. [Video description begins] All drives have a status of BitLocker off at this stage. [Video description ends] Now, it's worth mentioning that BitLocker is not available in all versions of Windows 10. It is available in the Professional edition, the Enterprise edition, and the Education edition. Home edition? No support there for BitLocker Drive Encryption.
And, when we think about BitLocker Drive Encryption, we're talking about a full-volume, full-disk encryption. In this example, if I were to Turn on BitLocker for the Operating system drive, all of the contents of the operating system would be encrypted. Now, that process is transparent to the user. Those files, as they're needed, they'll be called, they'll be transparently decrypted and presented to the user in cleartext, or to other applications that require them in cleartext. But, should the machine fall out of your scope of management, nobody ought to be able to get at the data that's on that drive. [Video description begins] He clicks the Turn on BitLocker link associated with the C drive. The BitLocker Drive Encryption (C:) wizard opens. A warning message displays, noting that the C drive can't use a Trusted Platform Module and that an administrator needs to allow BitLocker to work without a TPM. [Video description ends]
Now, you'll note that when I try to enable BitLocker here, I'm told that this device can't use a TPM, a Trusted Platform Module. Your administrator must set the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for operating system volumes. Now, this goes to the heart of the technical requirements. [Video description begins] He closes the BitLocker Drive Encryption (C:) wizard. [Video description ends] What you don't get, preboot execution security, unless you have a piece of firmware soldered to the motherboard. Right, there's a chip, TPM module, that contains a piece of firmware. Firmware, of course, is just software that lives on a chip, and that's where we secure the trust chain, in that physical chip with things like the recovery keys and the decryption keys, so that we can securely access the data on the drive, knowing that the machine has started up integrally.
And what I mean by that is, now I'm just going to come down here to Fixed data drives, and you'll note that when I hit BitLocker Drive Encryption for the Fixed data drive, BitLocker initializes, and we'll watch that run for a second. [Video description begins] He clicks the Turn on BitLocker link associated with the Cold Storage (D:) drive in the Fixed data drives section. The BitLocker Drive Encryption (D:) wizard opens. A progress bar displays as BitLocker initializes the drive. [Video description ends] Now, for the Fixed data drives, no additional group policy need be set because they're just data drives, but the preboot execution security of the operating system is essential. What do I mean by that? Well, hacking is not just software. If I have access to the machine, I can open the case and I can solder my own components to the motherboard and inject my own instruction sets ahead of yours and Microsoft's. That's where the TPM comes in.
The TPM is going to ensure that nobody has done that, that the components that were present when BitLocker was established are the only components that are there. Does that make sense? Now, for the data drives, that doesn't matter, because they're just data drives, you can't boot the machine from them. [Video description begins] The Choose how you want to unlock this drive page opens in the wizard. There are options to unlock the drive with a password or a smart card. [Video description ends] Do I want to Use a password to unlock the drive? [Video description begins] He selects the Use a password to unlock the drive checkbox. Text boxes to enter and reenter a password become available. [Video description ends] Do I want to use a smart card to unlock the drive? [Video description begins] He points to the Use my smart card to unlock the drive checkbox. [Video description ends] And I could go ahead and I could specify these here. We'll go ahead and specify, and the password is. And that, of course, is not good enough these days, and so we will also need a number and symbol, and so I will go ahead and append one of each of those, [Video description begins] He types a password in the Enter your password and Reenter your password text boxes. [Video description ends] and that should meet the requirements.
Now, if you forget your password, you can use your recovery key to access the drive. [Video description begins] He clicks Next. How do you want to back up your recovery key page? [Video description ends] What do you want to do? There's no choice here, my friends. BitLocker wants you to save it to a USB flash drive, it wants you to save it to a file, it wants you to print the recovery key, [Video description begins] He points to the Save to a USB flash drive, Save to a file, and Print the recovery key options. [Video description ends] it wants you to do all three of those things [Video description begins] He clicks Save to a file. A Save BitLocker recovery key as the dialog box opens. This PC is selected from the navigation pane and a list of folders displays. [Video description ends] and you would be wise to do just that. And I'm warned there, you shouldn't save it on the same machine. [Video description begins] He selects Pictures from the navigation pane. A prompt displays, asking if he's sure he wants to save the recovery key on this PC. He clicks Yes. The dialog box closes and the wizard displays. He clicks Print the recovery key. A Print dialog box opens. He selects Microsoft Print to PDF from the Select Printer list and clicks Print. A Save Print Output As dialog box opens. Documents are selected from the PC section of the navigation pane. [Video description ends]
Clearly you should not but, for our purposes, I'm going to drop it right here. [Video description begins] He types "bitlocker R-E-Ckey" in the File name text box. He selects Pictures from the navigation pane and clicks Save. The dialog box closes and he returns to the wizard. [Video description ends] And I went ahead and I threw the Toshiba drive in there, [Video description begins] He points to the TOSHIBA EXT (G:) drive which now displays in the Removable data drives - BitLocker To Go section of the BitLocker Drive Encryption page. [Video description ends] and so I'm going to go ahead and save it over there as well, [Video description begins] He clicks Save to a USB flash drive in the wizard. The Save a recovery key to a USB flash drive dialog box opens. The Toshiba drive is already selected. He clicks Save and the dialog box closes. [Video description ends] although it would have let me proceed at that point. [Video description begins] He clicks Next in the wizard. Choose how much of your drive to encrypt the page opens. There are options to encrypt either used disk space or the entire drive. [Video description ends]
How much of the drive? Choose how much of your drive to encrypt. Encrypt used disk space only or Encrypt entire drive [Video description begins] He points to the Encrypt used disk space only (faster and best for new PCs and drives) radio button, which is selected. [Video description ends] and, because the drive is already in use, I'm going to say, Encrypt the entire drive. [Video description begins] He selects the Encrypt entire drive (slower but best for PCs and drives already in use) radio button. He clicks Next. The Choose which encryption mode to use page opens. There are options to select either a new or compatible encryption mode. [Video description ends] I'm going to use the New encryption mode, which is best for fixed drives, [Video description begins] He points to the New encryption mode (best for fixed drives on this device) radio button, which is selected. The other radio button is: Compatible mode (best for drives that can be moved from this device). He clicks Next. Are you ready to encrypt this drive page? A message notes that the drive can be unlocked with a password, that encryption may take a while depending on the size of the drive, and that files won't be protected until encryption is complete. [Video description ends] and we'll go ahead and Start encrypting. [Video description begins] He points to the Start encrypting button. [Video description ends] And now that's going to take a while to run but, when it's done, should this machine ever fall out of my hands, I can turn confidently to management and say, no-one is going to get their hands on our data.
This is a look at BitLocker Drive Encryption.
Network and Sharing Center
In this demonstration, I'd like to take a look at the configuration of the Network and Sharing Center, which is another of the Control Panel applets or System Utilities. Here, in the Control Panel, the applets are listed alphabetically. [Video description begins] The Windows 10 Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Autoplay. The presenter points to the Network and Sharing Center link. [Video description ends] I have them in a Large icon view, as I can see from the view display in the upper right-hand corner of this window [Video description begins] He points to the View by drop-down list, which is set to Large icons. [Video description ends] and, if I come down to Network and Sharing Center and launch the applet, I have a Windows 10 interface, right, the simplified interface that we tend to see today as the front end for much of our management. And here, I can see I have an Internet connection. [Video description begins] He clicks Network and Sharing Center. The associated page opens with options to view basic network information and set up connections. A list of active networks displays, along with options to change networking settings. [Video description ends]
I can see the connections that I have, whether I'm on a public network, a private network, or I'm connected to my domain. Over in the right-hand, or rather, all right, we'll cut that. Over in the left-hand navigation pane, there are a few choices; to change the adapter settings, or to Change advanced sharing settings. [Video description begins] He points to the Change adapter settings and Change advanced sharing settings links in the navigation pane. [Video description ends] Now, let's look at advanced sharing settings first, just to kind of knock that out of the way. And, what I see, when I launch or navigate into that menu option, [Video description begins] He clicks Change advanced sharing settings. The Advanced sharing settings page opens with options to change sharing options for different network profiles. Sharing options for different network profiles display, along with public folder sharing, media streaming, and file sharing connection options for all networks. [Video description ends] are the network profiles that are configurable in Windows Defender Firewall.
And, again, that's Windows Defender Firewall as of Windows 10; previously, Windows Firewall. And there's the Private network profile, the Public network profile or Guest profile, one and the same, and the Domain profile. And the Domain profile is not something the user can choose. A user can tell the machine, when it first identifies the network, that it's on a public network in Starbucks. You can never tell the machine it's on the domain, it knows it's on the domain. If there's a domain controller there and it can authenticate to that domain controller, it's going to invoke the domain profile, you don't have any control over that. Out in the worldwide world, when you're on your own private network at home, you can specify, when you first connect, that it's a private network and then the rules for that network apply. [Video description begins] He expands the Private network profile node. Network discovery, and file and print sharing options display. [Video description ends]
Now, here in the house, I may well want Network discovery enabled because I have a wealth of devices here that I'd want to be able to make available to this work machine so as to facilitate my life, right? Anything I can do to make my life easier, I'm going to do, and I encourage you to do the same. [Video description begins] The Turn on network discovery radio button is selected. It has an associated Turn on automatic setup of network connected devices checkbox, which is also selected. [Video description ends] File and printer sharing, I want that on when I'm in the house. And so I can come in here and I can enable that for this profile, the Private profile. [Video description begins] The File and printer sharing section has two radio buttons: Turn on file and printer sharing and Turn off file and printer sharing. He selects Turn on file and printer sharing. [Video description ends]
And then, of course, you can do the similar tweaks to either the Guest or Public profile and, finally, to the Domain profile. I'm going to back out of here, [Video description begins] He expands the Guest or Public and Domain network profile nodes. Both have the same Network discovery and File and printer sharing options. He clicks the back arrow on the navigation bar to return to the Network and Sharing Center. [Video description ends] and then there's the choice for Change adapter settings. [Video description begins] He clicks the Change adapter settings link in the navigation pane. The Network Connections page opens. A list of connections, such as Cisco AnyConnect Secure and Ethernet 2, displays. [Video description ends] Now, this is where all the action's at, and this is where we do much of the configuration. Or rather I should say, this is where we can find the end result of our configuration.
And the configuration itself is commonly assigned to the machine as part of an automated setup script that runs at installation. So, when I buy my OEM hardware maybe, and then I flatten the image that's on there from the manufacturer with my volume license image, I have a set of files that provide configuration settings. Now, what kind of configuration settings are in here? I'm going to right-click on the Ethernet adapter and navigate to the Properties choice. And here, I see that there's two tabs here, the Networking and Sharing tab. [Video description begins] He right-clicks the Ethernet 2 connection and selects Properties from the shortcut menu. The Ethernet 2 Properties dialog box opens. The Networking tab is selected and a list of items used by the connection, such as the QoS Packet Scheduler, displays. He clicks the Sharing tab. Internet connection sharing options display. [Video description ends] And I'm going to look at the Sharing tab first, the second tab.
And that tab says Allow other network users to connect through this computer's Internet connection. [Video description begins] He points to the first checkbox in the Internet Connection Sharing section. [Video description ends] If I were in a situation where this machine maybe had a cellphone attached to it; the power is out, it's New Orleans, Katrina's just hit. There's no power but their cell tower's still functioning. I could connect my phone to my laptop and use that connection to get out to the public Internet, right, my data connection; but nobody else there has the ability to do that. I could have everybody come to my machine, use my machine as a hub to connect to the hotspot on the phone and out to the public Internet; dig it, right? Potentially very useful in these kinds of scenarios. Here, on the Networking tab, if I switch over to that first tab, I notice there's a number of client services here. [Video description begins] He clicks the Networking tab. A list of items used by the connection displays. [Video description ends]
Most of these, we don't configure very much, the Client for Microsoft Networks, no. But Internet Protocol Version 4 and Internet Protocol Version 6 if you're using that, that's where the configuration comes in. [Video description begins] He points to the Internet Protocol Version 4 (TCP/IPv4) checkbox, then points to the Internet Protocol Version 6 (TCP/IPv6) checkbox. Both checkboxes are selected. [Video description ends] This is what you'll be called upon, commonly, to fix or address a reference. [Video description begins] With the Internet Protocol Version 4 (TCP/IPv4) option highlighted, he clicks the Properties button. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box opens and the General tab is selected. There are options to get an IP address and DNS server address automatically, or type in specific addresses. There is also an Alternate Configuration tab. [Video description ends]
Now, in our example here, this machine is a client machine. So, it's a DHCP client, it gets all of its configuration from the DHCP server. These same configuration settings on your servers are commonly manually assigned, and there's two things that I want to highlight here. There's the Alternate configuration, which we'll take a look at last, and then down at the bottom here, there's the Advanced choice. And, if I hit the Advanced choice, what I see on the IP Settings tab, that I am, in fact, DHCP Enabled, which is what I want to see, I can add a Default gateway, [Video description begins] He clicks Advanced. The Advanced TCP/IP Settings dialog box opens on the IP Settings tab. There are sections for IP address and Default gateway. There are also tabs for DNS and WINS. He points to the IP addresses section, where it states that DHCP is enabled. He points to the Add button in the Default gateway section. [Video description ends] I can click on the DNS tab, and I can specify DNS settings; like, in a multi-domain environment, I might want to append multiple DNS suffixes. [Video description begins] He clicks the DNS tab. There are options to add and edit DNS server addresses, as well as additional options to resolve unqualified names on connections with TCP/IP enabled. He points to the Append these DNS suffixes (in order) radio button, which is selected. This is followed by a list of suffixes. [Video description ends]
One would hope that we're not using WINS anymore, right? [Video description begins] He clicks the WINS tab. Options include adding WINS addresses. [Video description ends] You should never have to program a WINS server address anymore, I would hope. If you're still using WINS, shoot me an email I would love to know why you are. And then, finally, the Alternate configuration is, if I can't get an IP address from DHCP and I don't want to give myself an APIPA address, right, a 169.254 address, then what address would I prefer this machine to use? [Video description begins] He closes the Advanced TCP/IP Settings dialog box and returns to the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box. He clicks the Alternate Configuration tab. There are options to use an automatic or user configured private IP address. [Video description ends]
And so you could configure all of this as a backup, essentially, but this only is used if communication with the DHCP server fails. [Video description begins] He selects the User configured radio button. A number of options, such as IP address, Subnet mask, and Default gateway, become available. [Video description ends] Lastly, I'd like to point out that one of the things we can do in here, of course, is Disable or Enable these connections. [Video description begins] He closes the dialog boxes and returns to the Network Connections page. He right-clicks Ethernet 2 and selects Disable from the shortcut menu. He right-clicks Ethernet 2 again, and selects Enable from the shortcut menu. [Video description ends]
This is a look at the Network and Sharing Center.
Device Manager
In this demonstration, I'd like to talk a little bit about Device Manager. And so, I've launched the Control Panel [Video description begins] The Windows 10 Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Autoplay. [Video description ends] and I've set the view in the upper right-hand corner to Large icons, [Video description begins] The presenter points to the View by drop-down list, which is set to Large icons. [Video description ends] and these are alphabetized and so I can go right to Device Manager, click Device Manager, and open it up. [Video description begins] He points to the listed apps, then clicks the Device Manager link. The Device Manager window opens. A list of devices, including Audio inputs and outputs, Keyboards, and Portable Devices, displays. [Video description ends]
And I'll maximize, in the upper-right corner, that window, the Device Manager window, and so we have a nice clean look. [Video description begins] He clicks Maximize and the window displays in full screen. [Video description ends] And the only thing I can see right now is the Device Manager window. And, at the very top of that tree, I see the name of the local machine, right, the one that I'm. [Video description begins] He points to the node in the device tree. [Video description ends] And, if I right-click at the top of that tree, I have one choice, Scan for hardware changes. [Video description begins] He points to the option in the shortcut menu that opens. [Video description ends] Now, you might be sitting there thinking to yourself, why would you ever come in here and scan for hardware changes. Because you know that, every time the machine reboots, it does a scan for hardware changes itself.
And so, if I shut the machine down to add a piece of hardware or swap out a piece of hardware, it should find that new hardware on the reboot, right? And generally, that's exactly what happens. But, sometimes, you might have a problem with a corrupt driver. Let's say, for example, that the driver for our mouse had been corrupted by some block-level corruption on the disk and so, in the list of devices, I can find Mice and other pointing devices, which are described as Human Interface Devices. [Video description begins] He expands the Mice and other pointing devices nodes. The HID-compliant mouse option displays. [Video description ends] And, if I right-click that Human Interface Device, there is a choice for Uninstall the device. [Video description begins] He right-clicks a HID-compliant mouse and points to the Uninstall device option in the shortcut menu. Other options include Update driver and Disable device. [Video description ends]
If I had a case of a corrupt driver, what would I probably do, is I would probably go ahead and uninstall the device. And then what should happen, virtually immediately, is the machine itself will detect the device, right, because the physical device is still there. I've uninstalled the driver, but the physical device is still there. Or, if it doesn't, I can then go ahead and Scan for hardware changes. Got it? [Video description begins] He right-clicks the MLMURPHY1US node and points to the Scan for hardware changes option in the shortcut menu. [Video description ends] Then it should find the device, and then it will either prompt me to provide the driver or it'll go right out to the Microsoft Windows Update site and find the latest driver for that particular device, assuming that the device is recognized. That's the big problem that we run into with this, is that sometimes the device is not recognized and, in those cases, you go out to the manufacturer website, you download the driver, and then you update the driver manually.
And so there's a choice here if I right-click that HID-compliant mouse again to Update driver. And I have this wonderful little wizard that will walk me through the process. Do I search automatically or do I browse my computer for the driver software? [Video description begins] He right-clicks HID-compliant mouse and selects Update driver from the shortcut menu. The Update Drivers - HID-compliant mouse wizard opens. There are options to search for drivers automatically, or to browse the computer for driver software. [Video description ends] Now, if this were a case where the hardware had failed to be recognized and I was manually providing the drivers, I would, of course, say browse my computer, [Video description begins] He clicks Browse my computer for driver software. The Browse for drivers on your computer page opens. There are options to select a location to search for the drivers. [Video description ends] and then I would point out on the local machine to where I had those drivers, [Video description begins] He clicks the Browse button. A Browse For Folder dialog box opens. A tree of folders on the computer displays. Documents are selected from the This PC node. [Video description ends] provide them to the Device Manager, and it would go ahead and install the device and the latest version of the drivers. [Video description begins] He clicks Cancel and the dialog box closes. [Video description ends]
For our purposes, I'm going to go back and just show the automatic search. And look what it says immediately; Searching online for drivers. [Video description begins] He clicks the back arrow on the Browse for drivers on your computer page. How do you want to search for drivers page displays? He clicks Search automatically for updated driver software. The Searching online for drivers page opens. A progress bar displays. [Video description ends] And so, it goes out, checks with the Microsoft Updates site, validates the signature and the hash on the driver that's currently installed against that identical driver file out there at the Microsoft website. [Video description begins] He points to the message that displays in the wizard. [Video description ends] Given that they are identical, it tells me, The best drivers for your device are already installed.
If there was a difference, a delta, between what was on the disk and out there on the website, it would automatically pull that driver down, replacing the local driver with the one that it had downloaded. There is a great deal of information in here that, if this is new to you, can be confusing and worthless, frankly. [Video description begins] He closes the wizard and expands the Human Interface Devices node in the Device Manager tree. Various HID-compliant and USB devices display. [Video description ends] And so I want to encourage you not to get bogged down in the details with this. What this is for is for scanning for hardware changes, updating drivers, disabling devices, uninstalling devices. That's what it's for. If I look at the Properties for the Human Interface Device with a funny name, consumer control device, I don't know what that is; what could that possibly be? [Video description begins] He right-clicks a HID-compliant consumer control device and selects Properties from the shortcut menu. The HID-compliant consumer control device Properties dialog box opens. The General tab is selected and information, such as the device type and manufacturer, displays. There are also tabs for Driver, Details, and Events. [Video description ends]
And I look in the Events page, I see that it's a service, the HID service. [Video description begins] He clicks the Events tab. A list of events, each with a timestamp and a description, displays. He points to the description on the second event, which is as follows: Device configured (hidserv.inf). [Video description ends] Now, maybe I've never seen that before and it's a legitimate Microsoft Windows service. However, you and I both know that malware authors disguise their malicious applications as standard Windows services, right, so they show up as host processes, they show up as Windows service processes, they show up as HID server processes. So how, and of course, down here I have all this other information that, for most of us, is not very valuable, right? What can I do with that? I don't know. [Video description begins] He points to an alpha-numeric sequence in the Information section for the service. [Video description ends] So don't get bogged down in the details. If you were to go out and do a little research on this, you would be able to determine, in short order.
And what I'm going to do is move over to File Explorer for just a moment. [Video description begins] He opens a File Explorer window from the taskbar. Local Disk (C:) is selected under This PC in the navigation pane. A list of folders for programs such as Adobe, HP Photo Creations, and Microsoft Office, displayed within the ProgramFiles (x86) folder. [Video description ends] If, in fact, this were a piece of malicious software, and I were to view hidden files and folders in the file system, and I drilled down into Program files or Program files x86, maybe, more likely, it will be in Program files, [Video description begins] He points to ProgramFiles (x86) in the breadcrumb navigation, then clicks Local Disk (C:) in the address bar. He then opens the ProgramFiles folder. A list of additional folders displays. [Video description ends] I would find a folder called HID Server, if it were malware, hiding there like that. But, because it's not, because it's a legitimate service, no such folder exists. And so I feel confident that that is, in fact, the official Microsoft service. Use Device Manager, my friends, to manage your devices and don't let yourself go down rabbit holes without good cause.
This is a look at Device Manager.
Sync Center
In this demonstration, I'd like to show off the Sync Center a little bit, and that's the Synchronization Center, right? If I take a look here in the Control Panel, I come into the Sync Center [Video description begins] The Windows 10 Control Panel is open on the All Control Panel Items page. Links include Administrative Tools, Color Management, and Autoplay. The presenter clicks Sync Center. The Sync Center page opens. View sync partnership is selected in the navigation pane. An Unspecified section displays, containing three items: Conflicts, Sync Results, and Sync Setup. [Video description ends] and, here at work, what our guys did was they set up a synchronization between the OneDrive folder up in the Cloud and particular directories on the local machine, your library directories; Documents, Downloads, Videos, etc.
Now, the only thing is that's a particular setup and I can see there's no conflicts; sync results are good. The sync setup is good, and I know that just because everything's green. [Video description begins] Each item in the Unspecified section has a circular green icon containing a pair of curved yellow arrows associated with it. [Video description ends] If I take a look here at Set up new sync partnerships; this is in the navigation pane to the left, there's nothing I can do, it won't let me do anything. [Video description begins] He clicks Set up new sync partnerships in the navigation pane. The Set up new sync partnerships page opens. A message notes that there are currently no new sync partnerships that can be set up on the presenter's PC. [Video description ends]
And that's because there's a dependency here on offline files and folders being enabled. And so, if I look in the left-hand navigation pane at Manage offline files, I see the Offline Files dialog box opens. There's only one tab, the General tab, and it says here, Enable offline files. [Video description begins] He clicks Manage offline files in the navigation pane. An Offline Files dialog box opens on the General tabbed page. There are options to enable and view offline files. [Video description ends] So, these are not currently enabled [Video description begins] He points to the Enable offline files button. A message below the button notes that Offline Files is currently disabled. [Video description ends] and so, the very first thing that we're going to do is we're going to enable those offline files. [Video description begins] He clicks Enable offline files. The button changes to Disable offline files, and the message below the button notes that Offline Files is enabled, but not yet active. A PC restart is required to activate Offline Files. [Video description ends]
Now, in order for those changes to take effect, the computer must reboot. [Video description begins] He clicks OK and the dialog box closes. A prompt displays, asking if he wants to restart his PC now. [Video description ends] And so, I'm going to stop the recording. I'll wait through the reboot, and you won't have to. Like no time passed at all for you, right, and we're back and I've rebooted here. [Video description begins] He clicks Yes. The display changes to his Windows 10 desktop. [Video description ends] The Control Panel, I'll re-enter the Control Panel into the Sync Center [Video description begins] He opens the Sync Center from the taskbar. View sync partnership is selected in the navigation pane and the three Unspecified items display. [Video description ends] and now, if I hit Manage offline files, the first thing that I should notice is that the Enable choice is now a Disable choice, [Video description begins] He clicks Manage offline files in the navigation pane. The Offline Files dialog box opens. He points to the Disable offline files button. [Video description ends] and there are these additional tabs up here. [Video description begins] He points to the newly added tabs, which are: Disk Usage, Encryption, and Network. [Video description ends]
There's this tab for Encryption, [Video description begins] He clicks the Encryption tab. A message displays, noting that his offline files are not encrypted. [Video description ends] if I want to keep these files encrypted on disk, I can go ahead and encrypt them there. [Video description begins] He points to the Encrypt button. [Video description ends] There's also a Disk Usage choice, [Video description begins] He clicks the Disk Usage tab. Usage data for all offline files and temporary files displays, represented as percentages of total disk space. [Video description ends] and I can change the limits for offline files and temporary files, specifying what percentage of the disk space is available for these dedicated uses. [Video description begins] He clicks the Change limits button. An Offline Files Disk Usage Limits dialog box opens. There are sliders that can set the maximum disk space for both offline and temporary files. At this stage, both sliders are set to a 38 GB limit. [Video description ends]
And now this looks pretty good. [Video description begins] He closes the Offline Files Disk Usage Limits and Offline Files dialog boxes. The Sync Center displays. [Video description ends] If I take a look at Set up new sync partnerships from the navigation bar on the left, things look real good. There's my Offline Files; network files are available offline [Video description begins] He clicks Set up new sync partnerships in the navigation pane. A Folders section now displays. An Offline Files folder is listed. He points to the note below the folder name. [Video description ends] but we're not done yet because, additionally, I must set up the folders on the remote file servers to allow the download of those offline files.
And so I'm going to RDP into this server over here where I have a folder called sync, and I'm going to right-click that folder and go into its Properties [Video description begins] He opens a File Explorer window from the taskbar. Local Disk (C:) is selected under This PC. The Share folder is open. A list of files and folders displays. He selects the sync folder. He right-clicks the sync folder and selects Properties from the shortcut menu. The sync Properties dialog box opens with the General tab selected. Information, such as the type, location, and size of the folder displays. Other tabs include Sharing, Security, and Previous Versions. [Video description ends] and, on the Sharing tab, I'm going to choose Advanced Sharing [Video description begins] He clicks the Sharing tab. Options display in Network File and Folder Sharing and Advanced Sharing sections. He clicks Advanced Sharing in the Advanced Sharing section. An Advanced Sharing dialog box opens. A number of sharing options display, though almost all of them are unavailable. [Video description ends] and we'll go ahead and share that folder.
Now, when we do that, a number of other settings become available, [Video description begins] He selects the Share this folder checkbox. The options in the Settings section are now available. [Video description ends] and so I'm going to go into caching. [Video description begins] He clicks the Caching button. An Offline Settings dialog box opens. It has options to select the files and programs that can be made available to offline users. [Video description ends] And how do I want this to work? Do I want all the files and programs that users specify? If they say they want it, then they get it. [Video description begins] He points to the Only the files and programs that users specify are available offline radio button, which is selected. The radio button has an associated Enable BranchCache checkbox, which is clear. [Video description ends]
Do I not permit the synchronization of this directory down to the user's local machine? [Video description begins] He selects the No files or programs from the shared folder are available offline radio button. [Video description ends] Or do I limit it to all files and programs that users open from the shared folder are automatically cached locally, worked from locally and then, when an Internet connection is available again or a network connection is available again, the deltas, the changes are uploaded to the file server? And I can optimize that for performance, [Video description begins] He selects All files and programs that users open from the shared folder are automatically available offline. The radio button has an associated Optimize for performance checkbox, which is selected. [Video description ends] that is to say I want to balance the demands of bandwidth versus latency, and we'll say OK. [Video description begins] He clicks OK and the Offline Settings dialog box closes. The Advanced Sharing dialog box displays. He clicks OK and the dialog box closes. [Video description ends]
And now we've configured the Synchronization Center in Windows 10. [Video description begins] He clicks Close and the sync Properties dialog box closes. He returns to the File Explorer window. [Video description ends]