Have you ever had a password box for a network resource and you can’t click the option to save your username and password? Well there is a way to get around this, and it’s fairly simple as well.

1. Go to Start and in the Search box, type in User Accounts and hit Enter.
2. On the left hand side, click Manage your network passwords.
3. This is where you can add/change passwords for different network resources and folders. To add one, select Add.
4. Fill out the dialog with the appropriate information; server name, username and password.
5. Click OK and close your dialogs open on screen.

Give it a go - see if you can access your network path without entering a single username or password!

.

When Tweak-XP Pro, it gave you options to lock, restart, shutdown and tell your computer to sleep, all from desktop shortcuts. Using the new underlying open-ness of the code in Internet Explorer (techy’s, the function of API’s and things like that), you can have shortcuts on your desktop which do similar things like clearing your history and Temporary Internet Files.

1. Right click your desktop (or other folder where you want these shortcuts), and select New, then Shortcut.
2. For each shortcut that you want, copy and paste one of the following into the Location box you see.
• Clear Temporary Internet Files:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
  
• Clear Cookies:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
  
• Clear History:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
  
• Clear Form Data:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
  
• Clear Saved Passwords:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
  
• Delete All:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
  
• Delete All and Clear Add-ons Settings:
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
  
3. Click Next, then enter the name of the shortcut accordingly (so you don’t forget what it does).
4. Click Finish.

You could drag and drop these onto your Quick Launch bar (just right of the Start menu), or even have them in your Startup folder, thus clearing all selected data when you first logon; after all, there’s nothing like starting fresh first time you login in the morning

Source: TweakVista

Once you’ve installed a new program or application, you might find that every time you run that application, it’ll ask you for registration details, even though you’ve already registered. This is because of UAC, and I’ll explain why.

The registry key that contains your registration details isn’t being applied to the actual registry because UAC (User Account Controls) is running the virtual registry, to stop any kind of damage being done. This means that the actual registry doesn’t contain the registration details that the application requires.

The way to resolve this is either disable UAC, or run the application that has the registration problem as an administrator. Most users are “standard users” (to make Windows more secure, and virtualising things which might cause problems, like system files and the registry), but running a program as an administrator removes this protection.

You can usually do this by:

1. Find the application you wish to run as the administrator (thus enabling registry entries for program registration) in the Start menu.
2. Right click the icon, and select Run as administrator.
3. You will most likely be given a username and password field. Type “administrator” as the username (if it’s not already there), and then type in the administrators password.

After this, it’ll run as if the administrator user is running the application, even though a standard user might be logged on.

If you live in a house or work in a place where your friends or co-workers are constantly trying to access your files or pictures, or trying to hack into your account - don’t let them! Other than that, it’s a security method to deter people from guessing your password. Using an Account Lockout Policy (as a lot of network administrators do), it locks out people from trying to attempt your password by locking the screen out so they can’t type anything in for a set period of time. Besides all - “brute force attacks” where a hacking tool tries to guess your password through a number of different ways, renders this entirely useless.

To set this up:

1. Click on  Start then Run (or press the Windows key + R) and type in secpol.msc then press OK.
2. In the left hand pane, click the small arrow next to Account Policies, then click on the link to Account Lockout Policy.
3. In the right hand pane, you’ll have the following options - editing these are really easy, just follow my lead.

   

   1.   Account lockout threshold: Double click on this, and change it to how many times an incorrect password
         can be entered before the logon screen locks.
   2.   Account lockout duration: How long the logon screen will lock for (so nobody can enter passwords).
   3.   Reset account lockout counter after: If an account lockout threshold is defined, this reset time must be less
         than or equal to the Account lockout duration.

4. Reboot your machine, and these new settings will come into effect next time you logon.

In 2002, Microsoft Chief Software Architect Bill Gates issued a now famous e-mail entitled ‘Trustworthy Computing’ which was sent to every single Microsoft employee at the company. Within it, he expressed his desire to create a platform ‘that is as available, reliable and secure as electricity, water services and telephony.’ Come 2007 and Trustworthy Computing was only further emphasised by the inclusion and introduction of the TPM. A TPM (Trusted Platform Module) ensures that all data is encrypted securely and that the data has not been edited in any way during boot; this is used in conjunction with an encryption key which has to be made available to the system during boot to ensure data integrity. If anything untoward is detected, or the TPM suspects data integrity may have been comprimised, it blocks startup of your PC and prompts for a ‘Recovery Password’ which will be set during this guide.

The TPM was originally to be included on Motherboards as an installable module but has now been fully integrated into brands available today, but, unlike Microsoft may have you believe, you can use Windows BitLocker without installing a TPM Module. Follow the guide below to discover how you can enable and use enhanced EFS Encryption with a USB Flash Disk and a few hours of your time.

Please note: Only users of Vista Ultimate and Vista Enterprise can use Windows BitLocker. If you are using any other version of Windows Vista, you cannot use the following feature.

Requirements: The following requirements must be met to achieve this guide aim:

• Microsoft Windows Vista Ultimate or Enterprise editions.
• USB Flash Disk
• Microsoft Windows BitLocker Driver Preparation Tool (Available via Windows Ultimate Extras in Windows Update)
• A backup of your system and files
• At keast 1.5GB of free hard drive space (Please defragment your hard disk before beginning this guide)
• Windows BitLocker Encryption is only usable on a ‘Simple’ setup. You cannot use Windows Vista’s software RAID features with Windows BitLocker but you can use it with a hardware RAID as this is not viewable within the Operating System.

Step 1 - Beginning The Encryption ProcessTo begin the encryption process, navigate to ‘Control Panel - Security‘ within the Control Panel and select ‘Protect your computer by encrypting data on your disk.‘ This will require that you either select continue when prompted by UAC or enter your Administrator password if set.

You will recieve the following messages:

“The drive configuration is unsuitable for BitLocker Drive Encryption. To use BitLocker, please re-partition your hard drive according to the BitLocker requirements.”

“A TPM was not found. A TPM is required to turn on BitLocker. If your computer has a TPM, contact that computer manufacturer for BitLocker-compatible BIOS.”

As previously stated, you do not require a TPM to enable and use Windows BitLocker. The requirement is simply a setting within Windows’ Group Policy, which in turn is stored within the Windows Registry. To remove the TPM requirement, we require to edit a Group Policy setting; Step Two explains the process below.

Step 2 - Editing Window’s Group PolicyTo edit Window’s Group Policy settings, we require to load the MMC module. To do this, type ‘gpedit.msc‘ into Start Search. Click the relevant icon and wait for the Group Policy Editor to load. Now we will edit the Windows BitLocker Driver Encryption component of Group Policy to remove the ‘requirement’ of TPM. Navigate the following path within the Group Policy Editor: Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - BitLocker Drive Encryption.

Select the BitLocker Drive Encryption folder. The right-hand panel should display an entry entitled ‘Control Panel Setup: Enable Advanced Startup Options’. Double-click this entry and you will be presented with a dialogue box. Select the ‘Enabled‘ option from the triad of options at the top of the dialogue box and ensure that the option ‘Allow BitLocker without a compatible TPM.‘ is selected. Select ‘OK‘ and exit the Group Policy Editor.

Once again navigate to ‘Control Panel - Security’ and once again select ‘Protect your computer by encrypting data on your hard disk.’ The TPM warning will not be displayed as you have allowed the use of a non-TPM device to be used. In my guide, it is a USB Flash Disk.

Step 3 - Using The Windows BitLocker Drive Preparation ToolUsing Start Search once again, type ‘BitLocker‘ into the field and select the ‘BitLocker Drive Preparation Tool’ from the listed results. This will launch the Windows BitLocker Drive Encryption Wizard. The Wizard resizes your Operating System partition and prepares a new partition. Depending on the fragmentation status of your hard disk, this may be a long process.

Your PC will be restarted during this process and you can login as normal. Navigate one final time to ‘Control Panel - Security’ and select ‘Protect your computer by encrypting data on your hard disk.’ Select ‘Turn On BitLocker’. You will then be asked to save your Startup Key to a location; a USB Flash Disk. Insert and select the device. Click ‘Save’.

Next you will be prompted to save a ‘Recovery Password’. This is used to unblock your PC’s boot process if anything untoward is detected and the Operating System believes that data may have been edited maliciously. It is recommended that you save the password in at least one location and keep the password very safe. If you cannot locate the password when needed, you cannot recover it. You can save the Recovery Password on the USB Flash Disk also, alongside the Startup Key, but I recommend you also print a copy of the password for future reference if required.

Step 4 - Running Windows BitLocker System CheckOnce you have backed up your passwords to safe locations, click ‘Next’ and you will be presented with the final page of the process. Ensure that the ‘Run BitLocker System Check’ checkbox is selected, and if not, select it to ensure that the computer can retrieve and decryt your encryption key correctly. Once it has been verified that the data can be retrieved successfully, the encryption process will begin annd your PC will be restarted.

Please ensure that the USB Flash Disk remains inserted when your PC restarts so that it can be read to begin the encryption of your hard disk. Windows BitLocker Driver Encryption has been successfully enabled and configured and you can rest assured that your data will be better secured against theft.

Thanks to Windows Vista Magazine.

If you haven’t activated Windows, you’ll eventually hit Reduced Functionality Mode. This is a serious problem, as all you can do in this mode is activate Windows… and if you’re not running a genuine copy of Windows then this is where you hit all manner of problems.

This is the screen you’ll be faced with, and the only external application you can use is Windows Internet Explorer. We cn use this to our advantage of course.

1. On the “Activate Windows now” screen shown above, click Access your computer with reduced functionality.
2. Once Internet Explorer loads, hit the Alt key to bring up the menu bar.
3. Click on File and then select Open.
4. On the open dialog, type in c:\windows\explorer.exe and hit OK.

   

5. You will now see the first of many open confirmations that Internet Explorer will prompt you with. Hit OK on the first. You can tick the box so that you won’t see this annoying message again.

   

6. Click Run on the next prompt.

   

7. Finally, hit Run yet again.

   

Windows Explorer will now be open, and you will see the taskbar and the Start menu and the other frills that you would ordinarly be accustomed to. You can now follow the “Run Vista without activation” article to extend activation.

Big thanks to Steve for the screenies.

It’s really simple to change your password. Simply logon to the account you want to change the password with, then complete the following:

1. Hold Ctrl+Alt and press Delete.
2. Select Change a password.
3. In the second box down, type in the old password.
4. In the third box down, type in the new password.
5. In the fourth box down, type in the new password again.
6. Press the blue circular button.
7. Press the Cancel button.

Windows has this nifty utility which lets you save your password onto a disk in case you ever forget it. You can save your password on external drives, flash disks, even iPods and memory sticks.

To create your password reset disk:

1. Login to the account that you wish to backup the password from.
2. Go to Start then Control Panel then double click on User Accounts.
3. In the left hand pane, select Create a password reset disk.
4. A new wizard will pop open - click Next.
5. Select the drive where you want to save your password to from the drop-down menu then click Next.
6. Type in your user account’s password, the account that you want backing up then hit Next.

   The wizard will make the encrypted password file and save it onto the disk you selected. Select Finish to end the wizard.

To restore your password from a reset disk:

1. Try and login using whatever password you can remember - after a few tries, the Reset password message will appear.
2. The wizard will open - click Next.
3. Choose from the drop-down menu which drive your encrypted password file is on, then select Next.
4. The password change will be accepted and you will login successfully.

This one is really easy - miss having the administrator on the Welcome screen? You can really easily put it back on there with a command from Run.

1. Go to Start, and in the Search box type in cmd.
2. Right click the Command Prompt at the top of the Start menu and select “Run as administrator”.
3. At the command prompt, type in net user administrator /active:yes then press Enter.
4. Log off and you should see the administrator sitting there on your Welcome login screen.

There are two parts to this which you need to complete; one in Windows Defender and the other in the services menu. This ensures that nothing about Windows Defender works and that even the background tasks are disabled and turned off.

VistaBase does not recommend that you alter these settings as Microsoft Update provides your computer with important updates that make your computer safer and more secure.

1. Go to Start, All Programs, then Windows Defender.
2. Select the Tools option at the top of the screen.
3. Under “Settings”, click the Options button.
4. Untick the “Automatically scan my computer” checkbox, the “Use real-time protection” checkbox, untick the “Use Windows Defender” and the “Allow everyone to use Windows Defender” checkboxes.
5. Click the Save button. If prompted for administrators access, click Allow or enter in the password.
6. Close Windows Defender. If the icon remains in the taskbar, right click it and select Exit, then click Yes.
7. Go to Start then Run (or press the Windows key +R).
8. Type in services.msc then press OK.
9. Scroll all the way down the page, then double click on Windows Defender.
10. Under the startup type, select Disabled.
11. Under service status, make sure the service is stopped.
12. Apply then OK, then close the Services console.

You may need to restart for full effect, but this will stop Windows Defender from scanning anything on your machine and should save you a good chunk of memory.

If you feel that Automatic Updates are too intrusive and you want to turn them off, do the following:

VistaBase does not recommend that you alter these settings as Microsoft Update provides your computer with important updates that make your computer safer and more secure.

1. Go to Start, All Programs then Windows Update.
2. In the left hand pane, select Change settings.
3. Either turn the updates on or off depending on what you think is best.
4. Make sure you change the “Include recommended updates when downloading, installing, or notifying me about updates” check box.
5. Close all the windows down.

Windows Vista has many different in built tools which protect against software piracy, and if you get caught out then some functionality gets reduced. You can’t update, you won’t be able to get Windows Ultimate Extras if you have the Ultimate Edition, and Windows Aero won’t work.

To ensure that you have a genuine copy of Windows Vista, validate now. Alternate methods are available here.

BitLocker is split into two areas - hardware and software. Some computers have a TPM chip inside the computer which holds a secure key which BitLocker uses to secure the hard disk. Some computers don’t have a TPM chip but still stores the secure key on the hard disk itself. BitLocker isn’t easy to set up, but here’s a quick overview to getting there.

1. Go to Start , then Run (or press Windows key + R), type in gpedit.msc then press OK.
2. In the left hand pane, select Computer Configuration then Administrative Templates, then Windows Components.
3. Expand the menu to select BitLocker Drive Encryption.
4. Now look for Control Panel Setup: Enable advanced startup options
5. If you highlight this option and then look on the left hand side of the window you will see a description of what this does.
6. You’ll see a link marked ‘Properties’. Click on this link to open the properties window.
7. In the properties window click the radio button next to the ‘Enable’ option and then click OK
8. Finally Go to Control Panel and click on the Bitlocker Icon. You should see a link now for enabling BitLocker.

Source: John Barnett

When Internet Explorer 7 runs in Protected Mode whilst UAC is on, anything to do with IE7 is essentially cut-off from the computer, so if a virus gets picked up then it can’t infest the rest of the machine or the user’s files. Microsoft created “integrity” which defines the permission levels of certain folders from the standard security layout. UAC runs on this premiss, by having to tell Internet Explorer that it’s allowed to write to a file or folder which has higher permissions.

Basically, sometimes because of this architectural structuring, the Favourites folder can’t be seen by IE7 which is why you can’t save, or sometimes see your Favourites. This article only relates to Windows Vista, as Windows XP and Windows Server 2003 isn’t affected by this.

1. Go to Start, Run then enter cmd, then hold down Ctrl+Shift and hit Enter.
2. Navigate to where your Favourites are. Do this in Windows Explorer first, once you have found it then click in the address bar and copy the address.
3. In the Command Prompt, type cd then right click at the prompt and press Paste, then press Enter. You should now be in the Favourites folder, except in a command prompt window.
4. Copy the bold statement here: icacls favorites /setintegritylevel (OI)(CI)low then using the same pasting method as above, paste into the command prompt and press Enter.
5. You should now close the command prompt and restart your machine, and your Favourites should have returned.

Source: Windows-Now

Download now (Alternative link if above doesn’t work - some router’s/firewall’s don’t like subdomains)
Compatible with: Windows 2000 Professional, All versions of Windows XP, Windows Server 2003 and Windows Vista (32-bit only)

The Report Abuse Desktop Client is an application written by myself and provided by MSBLOG enabling younger users of the Internet to report online abuse or suspicious activity of online sexual predators. It’s free to mirror and distribute, and recommended for those who have a family computer or for families with children who use the Internet. It has an auto-update feature in it as well so it’ll still update easily.

   
(Click to enlarge)

The Virtual Global Taskforce (VGT) and the Internet Watch Foundation (IWF) are online organisations set up and moderated by the world’s policing authorities from the USA, England, Australia and Interpol. It provides the ability for users who feel they are being targeted by online sexual predators to report information to make sure that the online community is safer. Already, Microsoft have incorporated the VGT as a tab in Windows Live Messenger, and they’ve shutdown the MSN Chatrooms but this isn’t enough for outside Microsoft and their products.

Yeh, it may be more secure than Windows XP and all the other operating systems out but you still have the option to automatically login if the computer is soley yours and nobody else uses it.

1. Go to  Start then Run (or press the Windows key + R), type in control userpasswords2 then press OK.
2. At the top of the dialog box, untick the option saying “Users must enter a username and password to use this computer”.
3. Click Apply - a new dialog comes up.
4. Enter the username and password (twice) of the user you wish to auto-login with.
5. Click OK and OK again.

Next time you restart your computer, it will automatically login. When you logoff however, a username and password may still be needed to login. If you forget… just restart!

When you run a program or application in “elevated mode”, it means that you are running it under the credentials of the administrator, rather than the current user. The current user might not be able to use the settings or functions in the application ordinarily, but with administrative credentials it makes it far easier to distribute security rights to programs without logging them out.

1. Click on Start .
2. In the Start search, type the name of the application you want to run in elevated mode, such as Notepad, Microsoft Word or the application name like mstsc.exe.
3. Hold Ctrl+Shift on your keyboard, then press Enter.

You’ll receive a UAC prompt asking for credentials or whether you want to run the program - click Allow and you’re on your way.

By default, Windows Internet Explorer runs in Protected Mode, which is designed to run everything in an elevated area so that you can browse and leave temporary files behind which can’t affect the actual computer or operating system files. It seriously reduces the risks of an attacker reading or writing damaging data to your computer because IE7 runs as if it’s in a super-restricted user account which can’t do anything.

 It’s highly recommended that you don’t turn off Protected Mode as this is another core security feature within Windows and in doing so, may seriously increase your computer to attacks from the Internet.

 This only applies to Windows Internet Explorer for Windows Vista. IE7 for Windows XP and Windows Server 2003 do not have Protected Mode unlike Vista.

1. Click Start , select Run (or press the Windows key + R) and type in gpedit.msc then hit OK.
2. Browse to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.
3. Double click on Turn off the Security Settings Check feature and select Enable, then click Apply then OK.
4. Close the Group Policy Editor, then open Internet Explorer from the Start menu.
5. Press Alt then select Tools then Internet Options.
6. Click the Security tab (the second tab across) then ensure that Enable Protected Mode is unticked. Apply then OK.
7. Close and restart Internet Explorer, and in the bottom status bar, it should read Protected Mode: Off.

By default, you cannot login as the administrator from the first login screen in Windows Vista. If you boot up in Safe Mode then you have the option to, but sometimes you don’t actually want to have to do that just to change settings on your computer. This shows you how.

1. Click the Start and click on Run (or press the Windows key + R)
2. Type in regedit and press OK. If it asks you to open this via UAP, then click Allow.
3. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
4. In the right hand pane, right click the mouse and select New then Key. A new folder should appear in the left hand pane.
5. Name this new key SpecialAccounts and press Enter.
6. Right click the mouse on the new SpecialAccounts key in the left hand pane, select New then Key again to make a “sub-key”.
7. Name this new key UserList and then press Enter. In this new UserList key, right click in the right hand pane and select New then DWORD (32-bit) and name this Administrator then press Enter.
8. Double click on the new DWORD you just made, and set the value to 1 then press OK.
9. Restart the computer to see the effects - from the Welcome screen you should be able to login as the administrator any time you wish.

Update for Windows Vista 5381 and above
This may not work for 5381 and above, including Beta 2. However, you can still sign in as the administrator as long as you enable the Administrator in the Computer Manager (click Start , Run, type in compmgmt.msc, hit OK. Under “Local Users and Groups”, select Users, double click on the Administrator then make sure you enable the account.) This will enable you to connect remotely as the administrator. Also, booting in safe mode works!

Microsoft’s next major operating system looks different from the Windows you may be used to. But the parts of it you can’t see might be even more important. It has just been over 10 years since Microsoft launched Windows 98 to great fanfare (whoa… a task bar?) and as Microsoft prepares its next major operating system launch, scheduled for roughly the start of 2007, an appropriate theme song might be “The Security Blues”Microsoft is focusing a lot of effort on securing users from the legion of viruses, worms and other malicious attacks that have become such a problem in the last decade. But security isn’t the only focal point of Windows Vista. Also included are additional gaming features, a stronger desktop search function, a reworking of the graphical user interface, compatibility with high-definition TV and other multimedia tie-ins.

UAC (User Account Controls) can be very useful, however when there is a single user on the machine and nobody else, it can become a pain. Also if you are the systems administrator and your account behaves as if you are a standard user, this can increase the amount of time it takes you to fix a problem.

 Method 1 (Beta 1 - RC1)

1. Type in msconfig into Run and press OK.
2. On the Tools tab on the right hand side, scroll down and highlight Disable UAP and press Launch.
3. If the Command Shell window opens, simply type in exit, or save your work and type in shutdown /r to restart the machine (which is necessary for the disabling of UAC to work).

 Method 2 (Beta 2 - RTM)

1. Click Start and then click on Control Panel then User Accounts.
2. You will see a green entry that says User Accounts with an icon next to it, click on it.
3. Click on “Turn User Account Control on or off”. If UAC prompts, click Continue/Allow.
4. Uncheck Use User Account Control (UAC) to help protect your computer
5. Click on OK, you will be prompted to reboot.

 This could well put your computer at risk. Ideally it’s best left turned on so that existing testers can keep testing the functions of UAC, and that novice users can’t change system-wide settings.

To enable it again, follow the same procedure, except (Method 1) select Enable UAC and carry on with the restart to re-enable it - and (Method 2) by checking the same box again, applying then restarting.

BitLocker (previously codenamed “Secure Startup”) is a brand new security feature in Windows Vista which is software as well as future hardware. It basically ensures that your data and files on your computer will be secure and non-readable when the operating system is absent, and helps prevent unauthorised access by encrypting the entire hard drive, or hard drives attached to your computer.

If you have a TPM (trusted platform module) chip attached to your BIOS chip, this enables even more protection on startup, and constant protection as soon as you turn your machine on. However, if you don’t have one of these chips, you an still use the software available on the computer. If you have a USB flash drive, you can use this as a “startup password” which enables seamless protection. BitLocker has two main modes:

TPM Mode: all done invisibly to the user and Windows starts without any change. However, if the TPM chip is changed, modified or removed, BitLocker will enter “panic mode” which then displays a prompt of which you have to enter your master PIN or password.

Startup key: enabling a user to setup a key or password of which can be in the form of a USB flash disk (plug in the USB drive every time you logon) or in the form of a password prompt.

Machines who do not have a hardware chip can go for the option of having a USB flash drive of which unlocks the system on startup.

This is a new security feature in Vista which tells the user before they click anything which options will need to be authorised by using User Account Controls, either from an administrator’s password or a dialog prompt asking you for authorising (simply selecting Allow or Permit buttons.)

If you have authorisation, then you can click on this without any problems whatsoever. However this shield (shown below) indicates that the feature you are clicking on has restrictions to some accounts and normal users cannot access that feature, because it could either jeopardise the security of the computer or could alter the way the computer runs or looks.

All these require an administrative authorisation, therefore is protected with UAC.

To advance on the basic user settings in Windows XP of “guest”, “limited user” and “administrator”, Microsoft have created a new service and technology called User Account Controls (UAC). UAC is mainly part of the new design of the operating system to protect the computer from malicious code as well as the user changing system-wide settings to reduce the performance or security of the computer.

It is implemented to protect the settings made by the administrator, and restricting the other user groups in what settings they can change and what settings they can save. By default, UAC is enabled for all users and will ask for either an administrator to authorise the action (a simple OK button if you are logged on as the administrator) or an administrator password if you are any other user group. The best bet, is that if it’s a shared computer, then leave UAC on but otherwise you can edit it to make the administrator’s life much easier.

1) Go to the Start  menu, Control Panel, then Administrative Tools and open up the Local Security Policy (or Start , Run, secpol.msc then OK)
2) Expand the Local Policies folder, then the Security Options in the left hand pane.
3) Where it says “User Account Protection” at the bottom, you can change these settings to the following:

No prompt: Nothing will be displayed regardless of what happens.
Prompt for credentials: If you are a user, it will ask an administrator to authorise using a password.
Prompt for consent: This will display either an “allow” or “disallow” box giving the user the right to decide.
Enable: The selected option will be enabled.
Disable: The selected option will be… well, disabled!

If you want full security, select either Prompt for credentials and Enable wherever applicable. If you want to disable UAC, select either Disable or No prompt wherever applicable.

 Some applications trigger the firewall prompt “keep blocking this app” although they don’t need to open local ports. Which behaviour exactly triggers a prompt?
 Windows Firewall prompt gets displayed when an application is listening on a TCP socket or binding to a non-wildcard UDP port and that application does not match any rule in the firewall policy.

 Does the Windows Firewall team have a blog?
 They don’t currently have a blog dedicated to Windows Firewall, but there are two networking blogs that contain information about Windows Firewall - http://blogs.technet.com/ianhamer and http://blogs.technet.com/jleznek.

 Can be firewall settings separated for low privileged administrator and high privileged administrator?
 The firewall settings are set globally for the machine.

 The user interface for the Windows XP Firewall looked like it was bolted on as an afterthought. Any plans for an rapid-access icon on the taskbar in Vista so that power users can get to the firewall settings quickly?
 There is no added taskbar access for the Firewall It is available in the Control Panel, through Windows Security Center, and in Administrative Tools (access to the Windows Firewall with Advanced Security MMC)
 Will there be more features in Windows Firewall like some of the features Sygate Personal Firewall has?
 We are mostly feature complete for Windows Vista. If there are particular features that you are interested in, they would like to hear about them for future planning purposes.

 Will the new Windows Firewall check outgoing traffic by default?
 No, but it can always be configured to perform outbound filtering.

 Will there be an option to remove Windows Firewall completely, and not just disable it?
 The Windows Firewall service is performing other system critical functions in the operating system like Windows Service Hardening. If you remove/disable this service, you end up with a less secure operating system so this is not a supported feature. The correct way is to simply disable Windows Firewall if you want to replace it with a third party firewall.

 Can we expect a backport for Windows XP?
 At this time, there are no plans to backport the new functionality.

 How do you test if the new Windows Firewall is really secure?
 That’s a great question:
    1 Throughout the planning design and coding phases they use security development guidelines developed at Microsoft;
    2 For the testing phase, the Windows Firewall undergoes internal & external security testing focused testing.

 Can the Firewall block access to/from a single website/IP address?
 Yes, you can create firewall rules to block access to a single IP Address.

 What exactly is the network categorisation dialog trying to achieve? At least on build 5365 you could just close it (without selecting private or public) and nothing appeared to happen What do you need the information for?
 Windows Firewall with Advanced Security is a host-based firewall that filters both incoming and outgoing traffic. Windows Firewall with Advanced Security uses the Network Location-Aware feature is to let Windows Vista administrators define a level of protection based on the network to which the user connects. As mobile users roam from their corporate network to a Private network, or to a Public network such as an Internet cafe, Windows Firewall with Advanced Security can enable and disable connectivity or features such as:
• File and Print Sharing
• eHome Media Center Extender
• Windows Connect Now Devices
• PnP-X (plug and play for networked devices)
• Network Explorer
• Peer To Peer Discovery

To achieve this, Windows Firewall with Advanced Security uses three separate profiles for filtering traffic. The computer automatically detects the network connection and uses the appropriate profile. Windows Firewall with Advanced Security supports the following profiles:

Domain - The domain profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to an Active Directory domain in which the computer is a member. For example, you might configure rules for the domain profile for the programs needed by a managed computer in an enterprise network. The Network Location Service controls when settings for a profile apply.

Private - The private profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to a private network. For example, a mobile user might take their computer home and connect it behind a private gateway device (such as a router) on their home network. When Windows detects the network, a dialog box will appear.

Public - The public profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected directly to the Internet. For example, a laptop computer might be taken on the road and connect to the Internet using a public broadband or wireless Internet Service Provider (ISP) or hotspot. Because the laptop connects directly to the Internet, this profile should contain more restrictive settings than the domain or private profile. Again, an end-user with administrator privileges selects whether a connection is Private or Public. If a user does not have administrator privileges and connects to any new network, Windows Vista uses the Public profile, which contains the most restrictive settings

 I wanted to know what is the difference between System Restore from Windows XP and now the new Windows Vista? What features have been added and enhanced?
 There have been lots of changes in the firewall since Windows XP SP2. Here are some of the favourites:
    1 Outbound filtering
    2 Filtering on services
    3 Integration between IPSec and firewall (e.g. allow only secure or encrypted traffic)
    4 New MMC snap-in with advanced security options
    5 New APIs

 Does it apply to the IPv6 protocol also?
 Yes - it fully supports IPv6.

 Can you explain or give me a link to Windows Service hardening so I can understand and context it?
 Windows Service Hardening is a feature for services providers. Since services in Windows Vista can be identified by their unique SID and Windows Firewall can allow/block traffic to services based on their SIDs, services can be sand-boxed to only allow the traffic they were designed to support.

 If the Firewall service fails, will the Firewall go in to lockdown by default and deny all inbound requests?
 Correct, if the firewall service fails, the system goes into a lockdown state similarly to the state its in when the system boots up.

 Is the Windows Firewall team a separate team or a subgroup of the Security Team at Microsoft?
 The Firewall team is part of the security division at Microsoft,

 Is it possible to configure firewall “per user”?
 The Windows Firewall policy is configured per computer, not per user

 There is a demonstration relating to this article. Click here to view it.

A number of people have asked which anti-virus works with Windows Vista, and it’s difficult because anti-virus software (of which usually have spyware catchers, spam filters and firewalls in-built as standard) needs to know how an operating system fully works before it can do it’s job to the full potential. A lot of new technologies have been introduced into Vista, including a possible new storage engine which will be available after the release of Vista; however anti-virus companies are working on new products that will fully work with Vista.

These should work for Windows Vista RC2 and RTM (the final version)
 CA Anti-Virus 2007
 F-Secure Anti-Virus for Windows Vista 7.00
 AVG Anti-Virus Free
 PC-cillin Internet Security 14.57 for Windows Vista
 Windows Live OneCare 1.5 (32-bit only)
 Symantec AntiVirus Corporate Edition for Windows Vista
 avast! Antivirus and Windows Vista

These should work for Windows Vista Beta 2 and above
 ClamWin
 NOD32 (x86) (may have to be run as Administrator only)
 eTrust AntiVirus for Vista
 eTrust EZ Antivirus
 Avast 4.7 (x86)
 SAV 10.2.0.244
 Symantec AntiVirus 10.0.2
 Windows Live Safety Center (via Windows Internet Explorer 7)
 Avast! Home Edition 4.6 (may have to turn off the Internet Shield to get the Internet to work though)
 Avast 4.0 Free (take a Custom install, and select “Standard Shield” for the best performance)
 eTrust Enterprise 8.0 Public Beta Trial
 McAfee VirusScan Enterprise 8.5i
 Windows Live OneCare
 SAV 10.02

These should work for builds 5308 up to 5381:
 ClamWin
 NOD32 (x86) (may have to be run as Administrator only)
 Symantec Beta (must have Symantec license though)
 McAfee VirusScan Enterprise 8.5i
 Avast! Home Edition 4.6 (may have to turn off the Internet Shield to get the Internet to work though)
 eTrust Enterprise 8.0 Public Beta Trial
 Windows Live OneCare
 McAfee 9

These should work for builds 5231 up to 5270:
 Avast Home Edition (x86, x64) (with Web Shield off)
 Symantec Corporate 9 (Security Center won’t detect it)
 NOD32
 TrendMicro Small Business (x86)
 AVG Free Edition (might not install for all users)
 SAV10 
 AVG Antivirus 7.0 Professional
 Norman Virus Control 5.81
 Windows Live OneCare
 McAfee 9
 McAfee VirusScan 8.0
 Grisoft AVG

The following works for build 5112 up to 5219:
 KAV
 Nod32 (x86)
 SAV9 (x86)
 SAV8.1 (x86)
 AVG 7.0 Pro
 TrendMicro Small Business (x86)
 TrendMicro Client/Server Suite (x86)
 Mcafee Enterprise 8.0i (x86)
 Sophos Enterprise (x86)
 VirusBuster Personal Home 2005 (x86)
 Bitdefender Pro Client 8 (x86, x64)
 Panda Titanium Antivirus 2005 (x86)
 Avast Home 4.6
 AVG 7.0 Free (updating may not work properly)
 CA’s eTrust AV 7.1 (under XP Compatibility, x64)
 Norton AV 2003 (works except for Auto Protect)
 Norton Antivirus
 SAV10 (x86)
 AVG 7.0 (only for a few users)
 McAfee 9.0
 McAfee Virus scan 9.1
 Windows Live OneCare (it only works for XP SP2)
 Nod32 (x64)
 Norman Virus Control 5.8 (x86)
 Trend Micro Internet Security 2005 (x86)
 PC-Cillin 2006 (and previous versions)
 F-Secure 2006 beta
 Panda AV 7.x

If anyone can add to these, please comment in this post and state clearly about which anti-virus’ work and which don’t, any workarounds for software which works with a bit of tweaking, and for which version of Windows Vista it runs/doesn’t run on.