March 27, 2008

How do I… Apply local Windows XP restrictions with the Group Policy Console

by Diana Huggins | Jan 19, 2006

Takeaway: In a domain environment, you can control workstations centrally with group policies from the domain. However, if you don't have a server, you can still use group policies locally in Microsoft Windows XP. Here's how, using the Group Policy Console.

People who read this, also read…

Keeping users focused, on track, and out of trouble is sometimes a dicey proposition. Since nothing is foolproof to a sufficiently talented fool, it's tough to keep users out of off-limit places and applications. Even though you have to be an administrator to make most system configuration changes, unwary users can still do damage to their machines. In addition, there's always the lure of the Internet Explorer icon right on users' desktops, tempting them away from work. And even the network sometimes proves to be a dangerous place for some users. The solution to these wayward users is to apply restrictions to what users can and can't do.

Click this tag search to find other How do I… articles and downloads.

This article is also available as a TechRepublic download.

This article was originally published on January 19, 2006.

Group policies

In a domain environment, you can use group policies to apply restrictions at several levels, including domain, site, and organizational unit (OU). For example, you can configure the interface to hide drives in My Computer, hide the Internet Explorer icon, disable Add/Remove Programs, and use a boatload of other restrictions to keep users focused and out of trouble. You can apply the restrictions on a per-user or per-group basis, giving you very granular control over who can do what, when, and where.

In a workgroup environment, however, accomplishing the same thing is a lot tougher because the local group policy is intended to apply to all users, regardless of account or group membership. But with a little finesse, you can apply restrictions to individual users.

The Group Policy console

You use the Group Policy console to apply restrictions. Before you go rushing off to lock down your users, however, keep this in mind: The changes you're going to make will initially affect the local administrator account on each computer. Don't apply any restrictions that will prevent you from later removing the restrictions from the administrator account. You might want to temporarily create an account with membership in the Administrators group to use in case you have problems and need to undo the restrictions.

Here's how to fool Windows XP Professional into using different restrictions for users:

  1. Log on as Administrator.
  2. Go to Start | Run and enter Gpedit.msc in the Open dialog box to start the Group Policy console shown in Figure A.
  3. Open the User Configuration/Administrative Templates branch and change settings as desired to enable restrictions as needed. The settings for each restriction vary.
  4. Close the Group Policy console and log off; then log on again as Administrator to apply the change.
  5. Log off and log on as another user to verify that the restrictions are applied. Log off and then log on as each of the other users, in turn, to whom you want to apply the restrictions.
  6. Log on as Administrator and copy the file %systemroot%\System32\GroupPolicy\User\registry.pol to a backup location and name it UserReg.pol. Copy the file %systemroot%\System32\GroupPolicy\Machine\registry.pol to the same backup location and name it MachineReg.pol.
  7. Open the Group Policy console and remove the restrictions applied in step four. In some cases, you might need to use the opposite setting from the one applied in step three. For example, if you selected Enable to apply a given restriction, choose Disable to remove the restriction, rather than Not Configured (which applies no change to the registry).
  8. Close the Group Policy console and then copy the backup UserReg.pol file created in step six back to %systemroot%\System32\GroupPolicy\User\registry.pol, making sure to rename the file Registry.pol. Copy the backup MachineReg.pol created in step six back to %systemroot%\System32\GroupPolicy\Machine\registry.pol, making sure to rename the file Registry.pol.
  9. Log off as administrator and log on as one of the restricted users to verify that the restrictions are in place. Log off and then log back on as administrator to verify that the restrictions are not applied to the administrator account. As long as you didn't use your own nonadministrator account to log on in step five, that account will not have the restrictions applied.

Figure A
Group Policy console

Filed under OS XP, tech hints by al

Permalink • Print • Comment

March 25, 2008

How To Convert a Wireless Router into an Access Point

March 10, 2008

I have long had a Wireless FAQ that explained how to re-purpose a wireless router as an access point (AP). But it occurred to me that some folks might be able to use a little more of a step-by-step, so here it is. I'm going to use the virtually ubiquitous Linksys WRT54G as the object of our conversion.

Step 1: Connect a computer that is set to obtain its IP address information automatically to a LAN port on the wireless router that you want to convert to an AP. If you don't know how to do this, Figure 1 shows the applicable Windows XP screens. (Get to the Network Connections window by Start > Settings > Network Connections.)

Checking for "Obtain an IP address automatically"
Click to enlarge image

Figure 1: Checking for "Obtain an IP address automatically"

Log into the admin page of the wireless router that you want to convert to an access point. From here on, I'll call this the "AP".

Step 2: For simple, one segment LANs, there must be only one DHCP server. Your LAN's router has a DHCP server and you don't want the two to conflict. So turn off the DHCP server on the AP. In Figure 2, you can see that the DHCP server in the WRT54G AP has been disabled.

Shut off the DHCP server; change the IP

Figure 2: Shut off the DHCP server; change the IP

Step 3: Find your LAN Router's DHCP server range. Figure 3 shows the Basic Network Settings page of the D-Link DGL-4300 that is my LAN's router. This is where the DHCP server controls happen to be. Different routers might have the DHCP server controls on a separate page, so you may have to poke around a little.

LAN router settings

Figure 3: LAN router settings

The 4300 normally has its Router IP Address set to 192.168.0.1 by default. But you can see in Figure 3, I changed it to 10.168.3.254. This shifted the DHCP server to the 10.168.3.X subnet instead of the 192.168.0.X. I also could have used 10.168.3.1 or any address as long as it wasn't between 10.168.3.100 and 10.168.3.249, which is the DHCP server's range.

The bottom line is that the my LAN router's DHCP server range is 10.168.3.100 to 10.168.3.249.

Step 4: Change the address of the AP to an unused LAN IP address. This will ensure that you can reach the admin pages of the AP to change settings when needed. Referring back to Figure 2, you can see that I set the AP to 10.168.3.250. Again, this could be any IP from 10.168.3.1 to 10.168.3.99 or 10.168.3.250 to 10.168.3.254, which are all outside the LAN DHCP server range.

Step 5: Connect the AP to the LAN. Unplug the computer you used to configure the AP and plug it back into one of your LAN router's switch ports. Now take an Ethernet cable, plug one end into another unused router switch port and the other end into one of the AP's LAN ports. Be sure to use a LAN port and not the WAN port. Figure 4 shows the proper connection for the WRT54G.

AP connection detail

Figure 4: AP connection detail

Step 6: Check the AP LAN connection. You should now be able to use any of your LAN's computers to reach the AP. So open a browser, enter the address generic viagra 50mg that you set for the AP in Step 4 (which is at 10.168.3.250 in this example) and you should get the login prompt.

If you don't get the prompt, recheck that you have the Ethernet cable running from LAN port to LAN port on your router's switch and the AP. The respective port lights on the router and AP should be lit.

Step 7: Check the AP wireless connection. Fire up a wireless notebook or other client and check that it properly associates and pulls an IP address from your LAN router's DHCP server. Congratulations! You now have a new AP!

Filed under internet, networking, tech hints by al

Permalink • Print • Comment

March 22, 2008

Carry an entire operating system in your pocket

Scott Dunn

By Scott Dunn

Running applications from a USB flash drive on a public computer is convenient but exposes you to malware and other limitations of the host PC.

By installing a Windows-like version of Linux on a flash drive, you can take a complete operating system wherever you go and work in a safe, secure environment, even in an Internet café.


Assessing your portable alternatives

Several months ago, in the Oct. 18, 2007, issue, I explained how to run free, portable applications from a USB flash drive (also known as a thumb drive, pen drive, memory stick) to simulate having a computer you can carry in your pocket.

Although keeping your favorite free applications and documents on a flash drive is handy, any use of a public computer (such as those found in a hotel business center or Internet café) exposes you and your data to risks from malware, which can threaten your security and privacy.

But what if your "pocket PC" included not just applications and data but an entire operating system, too? It would be even more like having a genuine computer in your pocket.

After my Oct. 18 article on flash-drive computing, some readers suggested using MojoPac as a way of carrying around Windows XP on a USB device. Unfortunately, MojoPac does not really give you an entire operating system.

Although MojoPac lets you take your own custom XP desktop with you — and helps keep your data and applications separate from the host PC — it's not a full installation of XP. MojoPac only works on a computer that's running Windows XP and then only if you have administrator access to that PC.

Some tools, such as BartPE (Bart's Preinstalled Environment) let you create a stripped-down version of XP that boots from either a CD or a USB device. However, these tools are usually designed to give you a way of booting a particular computer to troubleshoot it. They typically don't create a full version of XP that will run all your favorite applications on any PC.

A much simpler and more powerful solution is to install one of the many versions of Linux that are specifically designed to run from a bootable flash drive or CD.

Consider the advantages of carrying a portable Linux system in your pocket:

Reduced risk from infected host systems. Booting a computer from a flash drive means you have no interaction whatsoever with the host computer's operating system. For that reason, your removable media is far less likely to be infected by any virus or other malware that may be running on an Internet café's. (This is true even if the host computer itself is running Linux.) Naturally, you can still inadvertently download malware via an e-mail attachment or a browser exploit, but you face that risk any time.

Greater security. In part because there are fewer people trying to writing malware for it, Linux is considered a more secure operating system than Windows. Consequently, your removable drive is unlikely to face the same kinds of threats that you face when using a public machine running Windows.

Document privacy. Running a system off your own flash drive usually means you don't need to write to or read from the host system's hard drives. You won't have to extract encrypted files onto the system's desktop or shred them afterwards.

Computing your way. By running your own customize copy of an operating system, you don't have to put up with a different system configuration every time you use a different computer. All your customizations and settings go with you wherever you go.

Naturally, if you're traveling, you won't always be able to find a computer that can boot from a USB drive. If you find that you like running Linux on the road, it's easy to find versions of the OS that boot and run from a CD. However, reading programs and data from a CD is slower than it is from a flash drive.

Finally, if you're concerned about a flash drive catching a virus, install a free antivirus program that runs under Linux, such as Avast Linux Home Edition or AVG Anti-Virus. For further protection, you should consider buying a flash drive that has a read-only switch.

This is not your father's Linux

If the word Linux makes you cringe in fear at trying something new, relax. Despite its geeky reputation, today's versions of Linux sport a graphical user interface that's just as intuitive as the Windows you're used to. (See Figure 1.) In many cases, Linux can be customized to look even more like Windows.

Knoppix desktopFigure 1. The look and feel of Linux distributions such as Knoppix (shown here at reduced size) will seem familar to every Windows users.
__________

In most Linux builds, you'll find the equivalent of a Start menu, Task Bar, Control Panel, desktop icons, and more. You'll still have long filenames and move your files from folder to folder. You'll still be able to work with all the same spreadsheet, document, and graphics files as you do on your Windows machine.

If you already have a USB drive that you can spare, it won't cost you anything to try out this technique.

Here's what you need to get started:

1. A 1GB or larger USB flash drive. If you're going to be buying a new one, check out my advice in the Oct. 11, 2007, newsletter.

2. A computer capable of booting from a USB device or CD. Most computers built in recent years have this capability. If you find an Internet café PC that won't boot from external media, you can often press a key combination when the PC is booting that allows you to change the machine's BIOS options. A list of the key combinations used by more than 20 different manufacturers, and a short tutorial on changing the boot sequence, is provided at Andy Walker at his Cyberwalker site.

Next, you need to download and install a version of Linux suited for flash-drive computing. I installed and ran the latest builds of generic brands viagra online color=”#000099″>Knoppix, Slax, Puppy Linux, Pendrivelinux 2008, MCNLive Toronto, and gOS. Most of these distributions of the portable OS are available from the Pendrivelinux site.

My pick: Pendrivelinux 2008. From a user perspective, Pendrivelinux 2008 and MCNLive Toronto are nearly identical in look and feel. Both are very easy to install and, like many Linux variants, come with a considerable amount of software built in. Both include the KOffice suite of applications.

One difference in these two builds is that MCNLive includes the Opera browser, whereas Pendrivelinux includes Firefox and Thunderbird. The bundling of Firefox makes Pendrivelinux 2008 my Linux variant of choice (for now).

The best option for OpenOffice aficionados. If you're already using OpenOffice and want to stick with it, the Knoppix flavor of Linux includes that suite.

A word for Mac lovers. If you happen to be a Mac enthusiast, gOS provides an elegant imitation of the OS X interface.

The best way to set up your flash-drive OS

The Pendrivelinux Web site provides download and installation instructions for Knoppix, Pendrivelinux 2008, MCNLive Toronto, and gOS. Warning: Be sure to follow the steps carefully, as executing one of the batch files in the wrong way could damage your ability to boot from your PC's hard disk.

Once you have your flash drive set to boot up Linux, turn off your PC, insert the flash drive, and turn the power back on.

Many computers will display a boot menu when you press a function key such as F8, F9, or F12. To figure out which key triggers this menu on your PC, you may need to watch the startup screen carefully for information. On some systems, you may have to press Tab to clear your system's splash screen and get a list of keys for startup options.

The first time you boot from your flash drive, there may be some additional steps to take, as explained in the OS's installation instructions. These steps will ensure that your session settings are saved. You'll probably want to give the system a test run and verify that your configuration works before you take your drive traveling with you.

With all the software that comes with these installations, chances are you won't need to install any additional Linux applications at this point. This is especially true if you're accustomed to using online applications, such as Google Docs or Zoho.

One downside to using Linux on a remote computer is that you may have to boot from your flash drive on your main computer when you get home to transfer files. That's because Windows can't see the folders on your Linux desktop or its file structure.

Linux, on the other hand, will have no problem mounting your computer's hard drives. This enables you to copy files from your flash drive to a hard disk. Naturally, this quirk is not a problem if you're storing your documents online.

Although running a flash version of Linux is a safer, more secure way to do portable computing, you still need to exercise caution. Hardware keyloggers and network sniffers can capture passwords and other sensitive information you type using a public computer, regardless of your chosen operating system.

In addition, the small size of flash drives makes them easy to lose. Consequently, it's common sense to make a backup copy of your flash drive on a regular basis.

If you've been spending your computing life in the Windows world up until now, versions of Linux that run on removable media offer a great chance to explore some new possibilities. You may be surprised how convenient and simple it can be.

Filed under OS Ubuntu, tech hints by al

Permalink • Print • Comment

March 18, 2008

Turn off the CD AutoRun feature in Windows XP

Q:
How do you turn off the CD AutoRun feature in Windows XP? I see a tip on it for Windows 98 and ME, but what about XP? Please help!

A:
It's time to get back to the basics! You're right, we have done a tip on how to turn off the AutoRun feature in Windows 98 and ME and if you're interested in that, you can read female viagra does it work title=”http://www.worldstart.com/tips/tips.php/1347″>here. But, if you're an XP user, please keep reading!

In case I've already lost you, let me first explain what AutoRun really is. Basically, AutoRun works with your computer's CD ROM drive. When you insert a CD into the drive and you close the drive tray, your CD usually starts up on its own. Hence the name AutoRun! But what if you don't want it to do that? What if you just want the CD to sit there until you pick the program you want to open it up in? Does that sound like a better deal to you? Otherwise, the CD may open in a different program than you want and then you have to go through the process of stopping it, opening up the other program, starting it again, etc, etc. It's just not worth all of that sometimes! So, instead, you can turn off the AutoRun feature and do things the way you want them done. Let's see how!

Okay, now that we have that out of the way, here's how you can turn the AutoRun feature off in Windows XP. Please keep in mind that this tip works with your Registry Editor and you should only do this if you're 100 percent sure you can handle it. If not, please find some help. Here we go!

1.) Go to Start, Run and type in "regedit" (without the quotes). Click OK.

2.) Once you're there, double click on the entry that says HKEY_LOCAL_MACHINE.

3.) Next, double click on SYSTEM, then CurrentControlSet, then Services and finally Cdrom. That will bring up some text on your right hand side panel.

4.) Find the entry that says AutoRun and double click on it. You will then see the value data for the AutoRun. It will probably have the number 1 entered in, so go ahead and erase that and replace it with 0 (zero). Click OK.

5.) Now, just restart your computer and you'll be all set!

That wasn't too painful, was it?! So, from now on, when you use a CD in your computer, you can choose what you want it to do next. It all lies in your hands now!

Filed under OS XP, tech hints by al

Permalink • Print • Comment

March 6, 2008

IEFix

IEFix is a general purpose repair utility for Internet Explorer that repairs it by registering its core DLL files and reinstalling them by using the IE.INF file. IEFix is suitable for Windows 98/ME/2000 and XP systems.

IEFix can fix the following problems:

  • When you click a hyperlink in an e-mail message or on a Web page, you may experience one or more of the following issues:

    1.) Nothing happens.
    2.) The new window may be blank.
    3.) You may receive a scripting error message.

  • When you use the Print command or the Print Preview command in Internet Explorer, nothing happens.

  • When you try to connect to Web folders, you may receive the following error message: "The current operation could not be completed, because an unexpected error has occurred."

  • The Internet Options Advanced tab is completely blank.

  • The Internet Explorer About box version information is completely blank.

  • The address bar search does not work.

  • You're unable to type in text boxes on a search engine or on a Web site.

What IEFix Does

  • Registers the core Internet Explorer libraries.

  • Repairs Internet Explorer using the IE.INF method (in Windows XP).

  • Fixes the application path setting (in Windows XP).

Using IEFix for Yourself

  • Download IEFix right here and run it.

  • Click the Apply button.

  • You'll then be prompted for your operating system CD or your Service Pack Files location.

    1.) If you're using Windows XP, insert your operating system CD. For OEM systems, simply point to the operating system's source path when prompted. Mention the path as "C:\Windows\ServicePackFiles\i386."

    2.) If you don't have your Windows installation CD and if the installation source files are not present on your hard drive, you may click Cancel. IEFix will still continue with the DLL registration part.

    3.) Restart Windows.

IEFix is a great utility for the problems listed above. I hope it helps cheap female viagra you solve some of yours!

Filed under software, tech hints by al

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and the Semiologic theme and CMS • Sky Gold skin by Denis de Bernardy