21-3 "TAKING A HAMMER TO A TOSHIBA"

Toshiba TECRA S1

Here we are taking apart this prehistoric laptop.  Sorry, no hammers were used.

268 pages of Google Doc PDF Toshiba goodness.

Manual

Just getting to the good stuff.

3 minutes into the process.

A picture of someone taking a picture of what I was taking a picture of.

Getting rid of the heatsink/fan combo.

Now you can see the CPU.

CPU harvesting from a donor laptop.  Too bad its a Pentium M.  (Ancient)

This is what you get after spending 20 minutes trying to get to the touchpad.  Stupid plastic connectors.

20-4

I guess I'm pretty lucky.  Both Autoruns by TechNet and the "msconfig.exe" recognize 36 start-up items.

20-3

WDC.exe is a hot key program that is running from my ASUS software package.

WimaxConsle.exe is a small console that allows me to switch from 802.11 to 802.16.  Basically from the Wireless G and N standards to the WiMax or 4G.  Again its part of my ASUS software package.

WiMAXCU.exe*32  You guessed it.  The samething as above.  Hasn't given me any problems, so why try to fix something thats not broken.

winampa.ex*32  WinAmp!!  If you had a computer back in the early to mid 90's you know that it really kicks the Llamas (insert word)!  It's a media player.

winlogon.exe  used for user authorization and Windows activation checks

WinPatrol.exe*32  Program I installed doing these blogs!  Actually useful.  Monitors changes made to your system.

wisptis.exe  Just what it says, for Pen and Touch Input Components

wuauclt.exe  WooT!  Windows Update!

Zune.exe  Im listening to music right now.  And no I don't have an I-PseudoPod!

ZuneLauncher.exe  Yup, auto launches the Zune app when I connect my Zune to my laptop.

20-2

I already have Webroot installed on my computer, so I went ahead and did this lab with it instead of AVG.

Its already setup to scan daily, and most of the stuff found are usually cookies.

Real Problem 19-2

Ophcrack

While its a free program and you do get some free rainbow tables, these tables are for the simplest passwords.  It uses the SAM database in the Windows system32 folder to get the hashes created for storing user passwords.  It then basically runs through every hash contained in its rainbow tables and looks for a match.  A matched hash equals a cracked password.

For the more complex passwords, you'll need to get the larger tables.  These range in size from 8 GB all the up to around 160 GB.  The prices also go through the roof, $1,000 for the entire bundle.

Active Password Changer still accesses the SAM database on a Windows machine.  But instead of crack the password, it allows you to reset the password.  This program has a free trial download which can be burned to a CD or made into a bootable USB.  For the beefier version which includes a Windows Preinstallation Environment, expect to pay around $50 bucks.  The one big draw back about resetting passwords is that you can potentially lose access to data.  To be specific, if you used Windows to encrypt files or folders, you will lose the key to decrypt them.

Windows Password Reset

ITS THE SAME THING AS ACTIVE PASSWORD CHANGER!  Same type of application style I mean.  Gives you a bootable CD and a GUI to reset user passwords.


My recommendation.......NONE.  Use the "Make a password reset disc" option already included with Windows.  No money lost, no data lost.  Simple.

19-4

1. Using Windows Vista, create a Standard user account and log on using that account. Can
you view the contents of the Documents folder for an account with Administrator privileges?



Here's what happens.

2. Using the Standard account, try to install a program. What message do you receive?

3. What happens if you try to create a new account while logged on under the Standard account?

SWITCHES AND ROUTERS

For this lab we set up a basic network with a pair of switches, a crossover cable, and enough ethernet cable for all of us!  Started off by getting power to the switches, making the physical connections from the desktops to the switches, then from switch to switch with the crossover cable.  Next we all had to configure are desktops with static ip addresses with the correct subnet of Brads choosing!

After that it was time to ping till our fingers bled!  J/K.

Time to switch to wireless router mode.  No joke.

Your basic D Link router here.  To configure just type in the devices IP address into a web browser, then you  will need to log on to the device.  (Make sure you are using a wired connection to configure.)

Once logged in setting up a DHCP server is simple enough, if you know were to look.

17-3

Find three switches by different manufacturers that support Gigabit Ethernet and have at
least five ports. Print the Web pages describing each switch.

D-Link

Netgear

Linksys



Find three network adapters by different manufacturers to install in the desktop computers
that support Gigabit Ethernet. Print Web pages for each NIC.


TRENDnet

Rosewill

Netgear



Before making a decision on the hardware, the biggest thing I would want to know would be what operating system is being used.  Mostly for NIC drivers.

Out of the above hardware I would recommend The D-Link switch.  Mostly because I'm familiar with this brand.  Other than that all these switches had the same features.  As for the NIC, I would recommend the Rosewill card.  This is based mostly on the driver support offered for both Linux and Windows operating systems.





5. What is the total price of the upgrade, including one switch and four network
adapters?

17-1

If you are connected to the Internet or a network, answer these questions:


1. What is the hardware device used to make this connection (network card, onboard port,
wireless)? List the device’s name as Windows sees it.

See screenshot.

2. If you are connected to a LAN, what is the MAC address of the NIC? Print the screen
that shows the address.

See screenshot

3. What is the IP address of your PC?

See screenshot.

4. What Windows utilities did you use to answer the first three questions?

Basically just went to Control Panel> Network and Internet > Network Connections and then right clicked on the active connection.  Selected Status, then clicked Details.

Follow the screen shots!

16-1

1. What are other parameters for the sfc command besides /scannow?

2. Explain the purpose of the findstr command when finding the log file.

The findstr command can look for matches based on file names, or even inside files.  Here is a screenshot of all the different switches.

3. Can a filename other than sfcdetails.txt be used in the findstr command line? Explain
your answer.

Yes other files can be used.  The findstr command is an hold over command from MSDOS, not a sub command of sfc.  Again, look at the screenshot!

4. What is the purpose of the edit command?

You guessed it, it edits text files!  But, 64 bit operating systems do not have this command. Sorry!

5. Explain the purpose of the takeown command when replacing a system file.

takeown gives the Administrator ownership of a file.  With ownership, an admin is able to edit previously protected system files.

6. Explain why the icacls command is needed in the process.

Command Prompts why of doing Access Control Lists.  If you are trying to give someone access to a file in command prompt, icacls is your friend!

7. List some ways that you can locate a known good copy of the corrupted system file.


The installation disc, a recovery disc/partition.

15-7

Well, this list was outrageously long.  So I went ahead and posted my Safe Mode boot log to Google Docs and here is the link.

Its the same document as the one from 15-4, but you can see the entire document.  The drivers that weren't loaded are pretty obvious.

Safe Mode Boot Log

15-4

Here are some of the differences in drivers that are loaded between a normal bootup and safe mode bootup.  Both logs were obtained with ntbtlog.txt, the normal boot is on the left side and the safe mode boot is on the right side.  I put them side by side for better comparison than just typing out the differences.

15-3

Booting to the Recovery Environment.  Follow the pictures!

Was unable to copy any files to removable media.  Said Unable to locate specified file.

14-6

New Microsoft Management Console creation time!  Easy enough.  Click on the Start Button and inside the search box type in "mmc" and hit Enter.  Make sure you have admin privies!  A new window called Console1 will appear.  Time to add some stuff to this new console.

Click File and select Add/Remove Snap-In.  Inside this new window in the left pane, scroll and find Device Manager, select it then hit Add.  After you hit Add, it will ask you what computer to monitor, select the current computer option (its the default one).  Do the same thing with Event Viewer.

Save it and put a shortcut on the desktop!

14-5

Time to play around with the registry.  Open up the Start Menu and in the search box type in "regedit" and hit Enter.  Time to change the name of the Recycle Bin to Trash Can, but first I'll back up the registry key that I will be editing.  To do so I selected the branch that I want to save, clicked on File, then Export.  In here I made sure I checked the "Selected Branch" option for export, named the file, and selected the RegBackUp folder I created on the desktop seen below.

Time to actually change to name!  The highlighted key above is the one for the Recycle Bin.  Inside the right pane, double click on the key that says (Default) (value not set).  Entered Trash Can inside of Value Data text box.

Then right click on the Desktop and select Refresh.  The Recycle Bin is now the Trash Can.

To undo this, just double click the key that we just changed and delete the string in the Value Data text box and hit OK.  Again, right click on the Desktop and select Refresh.

14-3

First you need to open Task Scheduler.  Just click the start button and type "tas" into the search box.  Task Scheduler should be one of the returned results, if not, go to All Programs, Accessories, System Tools, and BINGO, there it is.

Once you have Task Scheduler open, look in the far right hand pane, and double click Create Basic Task.  This is what you'll see next.  I went ahead and named the task Notepad and gave it a description.  After that, click Next.

Here I selected "When the computer starts" because we want Notepad to startup whenever ANYONE logs on.  Next.

Now we select the action.  Since we want to start Notepad, we select "Start a program".  Next we have to actually select the program.  To do so, you need to know where the executable file is for that specific program.

Verify your Task Creation and click Finish.

Now for the Command Prompt program, we are going to put a shortcut inside the statup folder.  To get to this folder, we have to do a little digging in Windows 7.

Here is the path to the startup folder.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Now to get here, you will have to make sure that you are displaying hidden files and folders and protected system files/folders.  You will also need to have administrator permissions to make any changes.  Once you get to the folder, you need to find the Command Prompt application.  The easiest way to do this is open the Start menu, click Accessories, and right click on Command Prompt.  On the menu that appears, click on "Open file location".  Next, right click on Command Prompt again and select create shortcut.  Windows 7 will prompt you that you cannot create a shortcut inside the current folder and ask if you want to place it on your desktop.  Select yes.  Now all you need to do is drag and drop your newly created shortcut into the startup folder.  Again, administrator privies are needed.

Now to verify that both of these things work as intended.  Just log off and right back on, or you can reboot, it shouldn't matter.

A little error here.  For the task scheduler event of notepad, the trigger should be changed to log on of any user, not startup.

14-2

Did the whole "msconfig" in the search box thing and disabled all non-Microsoft start up items.

Next, I rebooted, downloaded and installed WinPatrol.  As you can see on the picture, WinPatrol was the only thing on the start up page.  REBOOT!

After enabling all the startup items I had previously disabled, I rebooted.  This is what happened next.

For every item that I had enabled after installing WinPatrol, I got one of these messages.  Probably around 10-15 of these for me.  A good program that helps you monitor what is getting added to your startup folder, and help keep that log on load time to minimum.