This picture is just amazing photo from the launch of the Ares 1-X test launch going supersonic.
This picture is just amazing photo from the launch of the Ares 1-X test launch going supersonic.
Microsoft has just released the new RDP 7 client for Windows XP and Vista to take advantage of the new features when connecting to Windows 7 or Windows Server 2008 R2. Bellow is a summary of some of the new features:
Ares 1-X flight test was last night and the video is very impressive. Unfortunately the next launch of the Ares will not be until 2014 so for now just take a look at the video.
Its Here! Its Here! To my absolute pleasure my Dell 21.5” Widescreen HD Multi Touch Monitor (SX2210T) with Webcam and Microphone arrived last night. I waited for my daughter and wife to go to bed and then I had the absolute cracking the box open to see what it could do.
Below are a few photos and comments from the opening:
The box looks pretty standard but was glad that it looked a little bigger than I expected as that had to mean the monitor was bigger as well.
The monitor still in its Styrofoam case with all the cable and stuff on top. Best to open the box horizontally and not by tipping it up side down as this will result in crap going everywhere.
If there was any doubt how to install the monitor the plastic protector tells you to plug in the USB cabled and then the driver disk and Yes it was really that easy.
All the accessories including a very nice cleaning cloth (see on left) that I think will get a pretty strong workout.
The screen tilted back the maximum to 25deg. Surprisingly the base is actually a solid piece of metal and will twang if tapped with your finger. This gives the whole screen quite a bit of weight which it probably deliberate so that you don’t push the screen over when you touch the screen.
The new and old monitor side by side. Was not expecting the screen would be so glossy.
Two USB ports on the back on the monitor. There are another 2 underneath along with HDMI,SVGA and DVI.
Bezel around the edge is a little deep but this is for the camera sensor pick up for the device.
Monitor all setup on my desk.
This is a shot of the four soft keys on the right of the screen the overlay is actually very easy to understand and i had no problems with the menu interface. It might be hard to tell by the arrows, tick and cross are actually on the screen with the buttons around the side out of view.
I also had a chance to use the inbuilt Webcam and Microphone with Skype which pretty much worked as expected.
Overall this monitor is very good and at $499au it is very good value. The HDMI input option is feature also nice as I can use it as a monitor for a Blue-Ray DVD or a Xbox 360. Cool monitor and definitely recommend for anyone who wants to use a touch interface with their Windows 7 computer.
I will give it a 8.5 out of 10 mainly due to the glossy finish of the screen.
Definitely a good gift idea for your children and/or wife’s computer.
This article can be seen on the new web site http://www.grouppolicy.biz/tag/bitlocker-to-go/
One of the cool new feature in Windows 7 Ultimate and Enterprise is the ability to encrypt USB devices with a password to protect the data from falling into the wrong hands. One of the problem with this is that if a user were to ever forget the unlock key then they will need to remember where they kept the recovery file or paper print out of the 48 digit recovery key. Now for a consumer this feature this might be fine as you keep can keep the key in a fire proof safe or even a locked filing cabinet but if you are managing this in a corporate environment you might have to keep track of thousands or even ten’s of thousands of these devices to keep track of the recovery key.
Well there is where group policy can be your saviour…. of course!
In Part 1 of this “how to” I am going to show you how to setup the recovery key archiving into Active Directory. In Part 2 I will show you how to use Group Policy with Active Directory Certificate Services to enable a Data Recovery Agent so that all your devices can be recovery using a single EFS recovery agent account.
Using group policy you can mandate that all encrypted removable device must first have the recover key stored in Active Directory before they start to encrypt. This ensures that for any USB encrypted devices in your organisation that you will always have the ability to unlock the data on the drive even in case that someone forgets the unlock password.
Now before we begin there are a few pre-requisites that we need to cover to make sure this work.
1. You Active Directory must be running the Windows Server 2003 R2 scheme extensions. But I hear you say “you said that Group Policy Preferences doesn’t need schema changes to work” well yes… this is still true it is not a group policy requirement it is a BitLocker requirement.
2. You should install the “BitLocker Drive Encryption Administration Utilities” with Windows Server 2008 R2 or with the RSAT tools for Windows 7 (see image 1.) on at least one computer in your organisation. This computer can then be used to search for and view the recovery keys if you ever need them. This is a new tool with 2008 R2/Windows 7 and makes it MUCH easier to read the recovery keys than back in the 2003 R2/Vista days.
Image 1. Installing “BitLocker Drive Encryption Administration Utilities”
How to configured Group Policy to save the Recovery Key?
Now before I go on I will assume that you are already familiar with Group Policy so all I am going to cover is the key (pardon the pun) policies you need to ensure the recovery keys are backed up to AD DS for all your removable USB storage devices in your organisation.
Step 1. Edit the group policy that you have applied to all your workstations and navigate to Computer > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives. Here the two policies you need to enable are “Deny write access to removable drives not protected by BitLocker” and “Choose how BitLocker-protected Removable drives can be recovered” (see Image 2).
Image 2. Removable Data Drives BitLocker Drive Group Policy
Step 2. When you Enable the “Deny write access to removable drives not protected by BitLocker” also tick the “Do not allow write access to devices configured in another organization” option (see Image 3). This setting is important as it will make any non-BitLocker encrypted devices from being written to in your organisation thus bypassing the whole reason to use BitLocker.
Image 3. Deny write access to removable drives not protected by BitLocker
Step 3. Now Enable the “Choose how BitLocker-protected Removable drives can be recovered” and make sure that the “Save BitLocker recovery information to AD DS for removable data drives” and the “Do not enable BitLocker until recovery information is stored to AD DS for removable data drives” are both ticked (See image 4.). This setting ensures the computer has successfully saved recovery key into AD before encrypting a USB storage device.
Image 4. Choose how BitLocker-protected removable drives can be recovered
You may also want to consider ticking the “Omit recovery option form the BitLocker setup wizard” as this will prevent you users from saving the recovery key manually which might be desirable if you don’t trust them to store the key in a safe place.
Because of the “Do not enable BitLocker until recovery information is stored to AD DS for removable data drives” option has been ticked if the user tries to encrypt a new USB storage device when not connected to the corporate network then they will get the following error message (see image 5).
Image 5. Error saving recovery key
If the user is out of the office they will need to establishing a VPN connection or enable BitLocker on the device the next time they are in the Office. This would not be a problem if you have configured Direct Access but this is a post for another time.
Note: The loop hole to this is that if someone already had a BitLocker to Go encrypted device and plugs it into a computer they will be able to save information to the device. This does not mean the data will not be encrypted its just you wont have the recovery key if they forget the password to that particular device.
To help with this problem you can set the BitLocker identification field on all the computers in the organisation so they will reject all encrypted devices that don’t have the same identification field value. This setting is under Computer > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption called “Provide the unique identifiers for your organization” (see image 6.). This might sound like you can mandate outside memory sticks can’t be used in your organisation but if someone has set the identification field to the same value this would get around option.
Image 6. Provide the unique identifiers for your organization
How to recover the BitLocker recovery password in AD?
So you have deployed BitLocker to your organisation and you have told everyone to be careful to remember the passwords but of course your manger has come to you saying that they have forgotten the password for his USB memory stick and it has the only copy of some really important files on it that he has have for a meeting tomorrow.
What do you do?
Step 1. First we need to identify the USB devices Recovery key identifier by plugging it into a computer running Windows 7 Ultimate/Enterprise. You can then find this identifier by clicking on the “I forgot my password” option (see image 7.)
Image 7. I forgot my password
Step 2. Then write down the 8 characters of the recovery key identifier (See image 8.)
Image 8. Recovery key identifier
Step 3. Now go to the computer that you installed the “BitLocker Recovery Password Viewer” tool that I previously mentioned above launch “Active Directly Users and Computers” MMC snap-in with and account with Domain Admin privileges. Click on the domain name that will have the recovery key saved and then click “Action” and then “Find BitLocker Recovery Password…” (see image 9.).
Image 9. "Find BitLocker Recovery Password…”
Step 4. Now type the first 8 characters you wrote down in step 2. and click “Search” (See Image 10.). This will show you the Recovery Password in the Details pane that you will need to unlock the drive.
Image 10. Find BitLocker Recovery Password…”
Step 5. Now go back to the computer you have plugged the USB device into and click on “Type the recovery key” (see image 7.).
Step 6. Now type the 48 digit Recovery Password into the text box and click "Next” (see image 11.)
Image 11. Enter your recovery key
Step 7. Click OK and you will now be able to read the required file off this drive (See Image 12.).
Image 12. You cannot save file on this drive
Note: If you want to restore the drive back to normal you will need to go to the control panel and go into the “Manage BitLocker” option to “Turn off BitLocker” (see Image 13.) on the device and then go back and select the option to “Turn On BitLocker” again. This will completely reset the recovery key on the device making the one you just recovered totally invalid.
Image 13. Control Panel BitLocker Drive Encryption option
Part 2 can now be found here "How to configure Group Policy to use Data Recovery Agent to encrypt “Bitlocker to Go” drives – Part 2"
The firmware update for the HTC Snap from Telstra is now out on the HTC Australian support website Here . The firmware update process is straight forward and it take about 10 minutes to flash the device. As this device is only Windows Mobile standard the look and feel of the phone actually has not changed much and the UI with Windows Mobile 6.1 Standard already had the horizontal and vertical home screen. Two noticeable additions to the phone is that it now has myPhone and Windows Mobile Marketplace programs included with the OS. MyPhone enable users to backup the phone over the air and also find and/or wipe the device remotely if they were to ever lose the phone. The Windows Mobile Market place applications allows users to download applications over the air much like the iPhone App Store however right now there are not many applications that are support on the Windows Mobile Standard OS.