Windows Client UPDATE—brought to you by the Windows & .NET Magazine Network
THIS ISSUE SPONSORED BY
Security Administrator Web Site
SPONSOR: SECURITY ADMINISTRATOR WEB SITE
WINDOWS IT SECURITY NEWS, BULLETINS, AND MORE!
When you suspect a hack or virus attack, don't waste time surfing the Web. The Security Administrator Web site delivers news, articles, discussion forums, FAQs, and hotfixes (in one easy-to-navigate Web site!), so you can mitigate the effects of today's disaster and prevent tomorrow's. Discover:
June 13, 2002—In this issue:
- Blocking AIM on Corporate Network Laptops Running Windows XP
2. READER CHALLENGE
- May 2002 Reader Challenge Winners
- June 2002 Reader Challenge
- Win a Free $200 Gift Certificate to RoadWired.com!
- Struggling with IIS and Web Administration Concerns?
- Tip: Controlling Font Size on Web Pages
- Featured Thread: No Internet Connection Available
5. NEW AND IMPROVED
- eBook for Windows 98 Maintenance
- Capture a Screen with One Key!
6. CONTACT US
- See this section for a list of ways to contact us.
(David Chernicoff, News Editor, [email protected])
Recently, my company's vice president of sales asked me whether we could block AOL Instant Messenger (AIM) on our corporate network. Unfortunately, the easy answer was no. Because our staff is distributed around the world, using AIM between far-flung users makes brief communications simple and inexpensive. On top of that, all of our sales department users have administrative rights on their laptop computers—a requirement that lets sales staff demonstrate the application they're selling. The fact that the sales staff laptop users aren't always attached to the corporate network makes using Group Policy Objects (GPOs) focused on software-allowed lists (the method we would use to block AIM) problematical.
After my brief discussion with the vice president, I realized that a way does exist to block AIM on a network. In our company, all the sales staff laptop users are running Windows XP, and there's a very simple way to use software restriction policies in XP.
I decided that when a sales-department laptop passed through IT's hands for a regular backup, we would configure the laptop with a local policy that did nothing but stop the AIM executable from running. By default, security restrictions apply to all users on a computer. Typically, you'd exempt local administrators from such restrictions because they have access to the local security policy editor and can change whatever they like. But because the local security policy editor isn't obvious to a typical user, I decided that hiding the AIM-blocking policy in plain sight was a workable plan. (The users in question aren't very technical, so I knew that they probably wouldn't figure out what we were doing.)
Within the AIM-blocking policy, we created a hash rule. In this particular case, the OS creates a hash, or cryptographic fingerprint, that identifies the program file that you want to prevent from running. The hash identifies the file even if someone moves the file to another location or tries to execute the file after a new OS installation.
Because we didn't apply rules to any other files, the hash rule stopped only the AIM executable. The users in the sales group had been told not to use AIM, so they really couldn't complain when the application didn't work for them. I watched a couple of users try to figure out what was going on, but after a short time they accepted that they weren't going to be able to run that application. Because the policy we applied is local, users can't run AIM even when they aren't on the corporate network. A few figured out how to create a new user account and run AIM from that account, but because those users aren't part of our corporate Active Directory (AD), they can use the user account they created only while traveling or at home, which suited us fine.
To experiment with these restrictions on your own XP computer, perform these steps:
- Click Start, then select Run.
- Type "secpol.msc" (don't type the quotation marks), then press Enter.
- Enable Software Restriction Policies.
- Right-click Additional Rules.
- Click New Hash Rule and fill in the boxes.
Remember that the rules apply to all users by default; you might want to exempt local administrators while experimenting with the security policy editor.
Editor's Note: We need your help to make this and other email newsletters from Windows & .NET Magazine as useful to you as they can be. To help us with our editorial planning, please answer the Windows & .NET Magazine Network Email Newsletter & Web Site Survey, available at the following URL. If you provide your email address at the end of the survey, we'll put your name in a drawing for a Windows & .NET Magazine T-shirt. Thank you! We appreciate your help.
2. READER CHALLENGE
XML WEB SERVICES CONNECTIONS TO CO-LOCATE WITH WINDOWS & .NET MAGAZINE LIVE!
(contributed by Kathy Ivens, [email protected])
Congratulations to Unis Ayub of Moorpark, California, United States, who wins first prize, a copy of my book, "Admin911: Windows 2000 Registry." Second prize, a copy of "Admin911: Windows 2000 Group Policy," by Roger Jennings, goes to John Elliott of Toronto, Ontario, Canada. Visit http://www.winnetmag.com/articles/print.cfm?articleid=25153 to read the answer to the May 2002 Reader Challenge.
Solve this month's Windows Client problem, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by June 21. You must include your full name, street mailing address, and phone number.
The author picks winners from the pool of correct answers. Because of the number of entries, I can't reply to all respondents. Look for the solution to this month's problem at http://www.winnetmag.com/articles/print.cfm?articleid=25540 on July 9.
I have a few friends who describe themselves as privacy freaks, and they go to a great deal of trouble to keep cookies out of their systems. These friends set tight parameters in Microsoft Internet Explorer (IE), and they run third-party software to defend against cookies. One friend told me he objects to cookies because, "Any Web site I visit can read the cookies and see where I've been, and see personal information I might have provided to a Web site." Another friend told me her daughter also logged on to their Windows XP computer, and if her daughter visited the same Web sites her mother did, she didn't want the Web sites to have access to the information in her mother's cookies. Both of these people run IE 6.0.
How much do you know about cookies? Here's a quiz to test your knowledge. You must answer all three questions correctly to win.
- My friend who doesn't want any Web site to see cookies that contain personal information that was input on a different Web site doesn't have to worry. Why not?
- My friend who doesn't want Web sites to read information from cookies associated with another user who logs on to the same computer doesn't have to worry. Why not?
- There are two types of cookies; name them and explain the difference between them.
(brought to you by Windows & .NET Magazine and its partners)
Visit the Connected Home Virtual Tour and browse through the latest home entertainment, home networking, and home automation options. Sign up for prize drawings, too, and you might win a free gift certificate to RoadWired.com. Take the tour today!
Discover Windows Web Solutions online, the Web site with articles, tips, and more to help you manage and overcome the security, performance, and maintenance concerns Web site administrators deal with every day. Don't miss this article: " 15 Tips for Troubleshooting VPN Connections". Check it out!
(contributed by David Chernicoff, [email protected])
I've noticed recently that Web-page designers seem to be competing to see how small a font they can use before readers need to break out a magnifying glass. Although small font sizes are only a minor annoyance when running in a low resolution (128 x 1024 or less), a small font size becomes a huge pain if you run a high-resolution setup (1600 x 1200 or greater), even on a large monitor.
Because these Web-page designers are trying to force a fixed font size on their viewers, using the View, Text Size menu option in Microsoft Internet Explorer (IE) 6.0 doesn't fix the problem. However, you can configure IE to ignore these attempts to give you headaches and take back control of the font size by performing these steps:
- Launch IE.
- Open Tools, Options, General.
- Click the Accessibility button.
- Select the Ignore Font Sizes on the Web page's check box.
- Click OK.
Following the above steps returns font-size control to you by overriding the font size that the Web page requests and using whatever font size you've chosen as the default on the View, Text Size menu. Another option if you have a wheel mouse is to place the cursor within the Web page and hold the Control key down. Move the wheel to either enlarge or diminish the font size (rather than to scroll the page).
Rod recently reinstalled Windows 2000 Professional from scratch. He installed Service Pack 2 (SP2) also. When he tries to connect to the first Web page after opening Microsoft Internet Explorer 5.0 (Rod opens it on a blank page), he gets the message, "No internet connection available. Hit Connect to try again." When he tries again, IE connects with no problem and remains connected until he closes IE. To read more about the problem or to help, join the discussion at the following URL:
5. NEW AND IMPROVED
(contributed by Judy Drennen, [email protected])
MEP Pinnacle Solutions announced "Clean Up Your Hard Drive," an eBook by Mike Powers. The eBook is written and designed to show not-so-savvy PC owners how to properly use and gain control of their Windows 98 OS. "Clean Up Your Hard Drive" installs easily on Windows XP, Windows 2000, Windows Me, and Windows 9x systems and requires Microsoft Internet Explorer (IE) 4.0 or later. The eBook provides links to resources readers might need. "Clean Up Your Hard Drive" is available on CD-ROM for $11.95 at the following Web site:
MEP Pinnacle Solutions announced "Clean Up Your Hard Drive," an eBook by Mike Powers. The eBook is written and designed to show not-so-savvy PC owners how to properly use and gain control of their Windows 98 OS. "Clean Up Your Hard Drive" installs easily on Windows XP, Windows 2000, Windows Me, and Windows 9x systems and requires Microsoft Internet Explorer (IE) 4.0 or later. The eBook provides links to resources readers might need. "Clean Up Your Hard Drive" is available on CD-ROM for $11.95 at the following Web site:American Systems announced Print Screen Deluxe 5.0, a program that captures the contents of a screen with a single stroke. Users can send the captured screen to a printer or save the image to disk as a graphics file. The program runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x. Print Screen Deluxe 5.0 costs $29.95 and is available from the American Systems Web site.
6. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR WINDOWS CLIENT UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR WINDOWS CLIENT UPDATE?
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.