Windows 7 Architectural and Internal Security Improvements - Required Driver Signing

Drivers typically run as part of the kernel, which gives them almost unprotected access to system resources. As a result, drivers that have bugs or are poorly written, or malware drivers specifically written to abuse these privileges, can significantly affect a computer’s reliability and security.

To help reduce the impact of drivers, Microsoft introduced driver signing beginning with Microsoft Windows 2000. Signed drivers have a digital signature that indicates they have been approved by Microsoft and are likely to be free from major weaknesses that might affect system reliability. Administrators can configure Windows 2000 and later operating systems to block all unsigned drivers, which can dramatically decrease the risk of driver-related problems.

However, the large number of unsigned 32-bit drivers has made blocking unsigned drivers impractical for most organizations. As a result, most existing Windows computers allow unsigned drivers to be installed.

With 64-bit versions of Windows Vista and Windows 7, all kernel-mode drivers must be digitally signed. A kernel module that is corrupt or has been subject to tampering will not load. Any driver that is not properly signed cannot enter the kernel space and will fail to load. Although a signed driver is not a guarantee of security, it does help identify and prevent many malicious attacks while allowing Microsoft to help developers improve the overall quality of drivers and reduce the number of driver-related crashes.

Mandatory driver signing also helps improve the reliability of Windows Vista and Windows 7 because many system crashes result from vulnerabilities in kernel-mode drivers. Requiring the authors of these drivers to identify themselves makes it easier for Microsoft to determine the cause of system crashes and work with the responsible vendor to resolve the issue. System administrators also benefit from digitally signed and identified drivers because they get additional visibility into software inventory and install state on client computers. From a compatibility perspective, existing Windows Hardware Quality Labs–certified x64 kernel drivers are considered validly signed in Windows Vista and Windows 7.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows 7 Architectural and Internal Security Improvements - Kernel Patch Protection

64-bit versions of Windows Vista and Windows 7, like the 64-bit versions of Windows XP and Windows Server 2003, support Kernel Patch Protection technology. Kernel Patch Protection prevents unauthorized programs from patching the Windows kernel, giving you greater control over core aspects of the system that can affect overall performance, security, and reliability. Kernel Patch Protection detects changes to critical portions of kernel memory. If a change is made in an unsupported way (for example, a user-mode application does not call the proper operating system functions), Kernel Patch Protection creates a Stop error to halt the operating system. This prevents kernel-mode drivers from extending or replacing other kernel services and prevents third-party software from updating any part of the kernel.

Specifically, to prevent Kernel Patch Protection from generating a Stop error, 64-bit drivers must avoid the following practices:

• Modifying system service tables
• Modifying the interrupt descriptor table (IDT)
• Modifying the global descriptor table (GDT)
• Using kernel stacks that are not allocated by the kernel
• Updating any part of the kernel on AMD64-based systems

In practice, these factors are primarily significant to driver developers. No 64-bit driver should ever be released that can cause problems with Kernel Patch Protection, so administrators should never need to manage or troubleshoot Kernel Patch Protection. For detailed information, read “An Introduction to Kernel Patch Protection” at

Kernel Patch Protection, hardware-based Data Execution Prevention (DEP), and required driver signing are the primary reasons that 64-bit systems can be more secure than 32-bit systems.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows 7 Architectural and Internal Security Improvements - Windows Resource Protection

Any code that runs in Kernel Mode, including many types of drivers, can potentially corrupt kernel data in ways that surface later. Diagnosing and fixing these bugs can be difficult and time consuming. Corruption of the registry tends to have a disproportionate impact on overall reliability because this corruption can persist across reboots.

Windows Vista and Windows 7 protect system settings from corruption or inadvertent changes that can cause the system to run incorrectly or to not run at all. Windows Resource Protection (WRP), the follow-up to the Windows File Protection (WFP) feature found in previous Windows platforms, sets tight ACLs on critical system settings, files, and folders to protect them from changes by any source (including administrators) except a trusted installer. This prevents users from accidentally changing critical system settings that can render systems inoperable.

Windows Vista and Windows 7 also prevent poorly written drivers from corrupting the registry. This protection enables the memory-management feature to achieve protection the vast majority of the time, with low overhead. Protected resources include:

• Executable files, libraries, and other critical files installed by Windows.
• Critical folders.
• Essential registry keys installed by Windows.

WRP does not allow you to modify protected resources, even if you provide administrative credentials.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows 7 Architectural and Internal Security Improvements - Code Integrity

When Windows starts up, Code Integrity (CI) verifies that system files haven’t been maliciously modified and ensures that there are no unsigned drivers running in Kernel Mode. The bootloader checks the integrity of the kernel, the Hardware Abstraction Layer (HAL), and the boot-start drivers. After those files are verified, CI verifies the digital signatures of any binaries that are loaded into the kernel’s memory space. Additionally, CI verifies binaries loaded into protected processes and the cryptography dynamic-link libraries (DLLs). CI works automatically and does not require management.

CI is an example of a detective countermeasure because it can identify that the computer was compromised after the fact. Although it is always preferable to prevent attacks, detective countermeasures such as CI enable you to limit the damage caused by the attack by detecting the compromise so that you can repair the computer. You should also have a response plan in place to enable you to quickly repair a system that has had critical files compromised.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Architectural and Internal Security Improvements

Whenever possible, Windows Vista and Windows 7 security features have been designed to be transparent to end users and to require no administration time. Nonetheless, administrators and developers can benefit from understanding the architectural improvements. This section describes these architectural and internal improvements, as well as improvements that require additional applications or infrastructure.

Architectural and Internal Security Improvements in Windows Vista and Windows 7
Code Integrity : Detects malicious modifications to kernel files at startup.

Windows Resource Protection : Prevents potentially dangerous changes to system resources.
Kernel Patch Protection : Blocks potentially malicious changes that might compromise the integrity of the kernel on 64-bit systems.

Required Driver Signing : Requires drivers to be signed, which improves reliability and makes it more difficult to add malicious drivers. Mandatory on 64-bit systems.

Windows Service Hardening : Allows system services to access only those resources they normally need to access, reducing the impact of a compromised service.

Network Access Protection client : When used together with Windows Server 2008, helps to protect your network from clients who do not meet your security requirements.

Web Services for Management : Reduces risks associated with remote management by supporting encryption and authentication.

Crypto Next Generation services : Allows the addition of custom cryptographic algorithms to meet government requirements.

Data Execution Prevention : Reduces the risk of buffer overflow attacks by marking data sections of memory as nonexecutable.

Address Space Layout Randomization : Reduces the risk of buffer overflow attacks by assigning executable code to random memory locations.

New Logon Architecture : Simplifies development of custom logon mechanisms.

Rights Management Services client : Provides support for opening Rights Management Services protected documents when the proper applications are installed and the necessary infrastructure is in place.

Multiple Local Group Policy Objects : Allows administrators to apply multiple Local Group Policy Objects to a single computer, simplifying security configuration management for workgroup computers.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Credential Manager Enhancements

Windows Vista and Windows 7 include new tools to enable administrators to better support credential management for roaming users, including the Digital Identity Management Services (DIMS) and a new certificate enrollment process. Among other improvements, users can ow reset their own smart card PINs without calling the support center. Additionally, users can now back up and restore credentials stored in the Stored User Names And Passwords key ring.

To improve the security of Task Scheduler, Windows Vista and Windows 7 can use Servicefor-User (S4U) Kerberos extensions to store credentials for scheduled tasks instead of storing the credentials locally, where they might be compromised. This has the added benefit of preventing scheduled tasks from being affected by password expiration policies.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Encrypting File System

Encrypting File System (EFS) is a file encryption technology (supported only on NTFS volumes) that protects files from offline attacks, such as hard-disk theft. EFS is entirely transparent to end users because encrypted files behave exactly like unencrypted files. However, if a user does not have the correct decryption key, the file is impossible to open, even if an attacker bypasses the operating system security.

EFS is especially useful for securing sensitive data on portable PCs or on computers that several users share. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of ACLs. An attacker can steal a computer, remove the hard disk drives, place the drives in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key. Windows Vista and Windows 7 include the following new features for EFS:

• Storing both user and recovery keys on smart cards. If smart cards are used for logon, EFS operates in a Single Sign-On mode in which it uses the logon smart card for file encryption without further prompting for the PIN. New wizards guide users through the process of creating and selecting smart card keys, as well as the process of migrating their encryption keys from an old smart card to a new one. The command-line utilities for smart cards have also been enhanced to include these features. Storing encryption keys on smart cards provides especially strong protection for mobile and shared computer scenarios.

• Encrypting the system page file.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Firewall

Windows Vista and Windows 7 have an enhanced version of the Windows Firewall that was first included in Windows XP SP2. The Windows Firewall combines the functionality of a bidirectional host firewall and Internet Protocol security (IPsec) into a single, unified utility with a consistent user interface. Unlike a perimeter firewall, the Windows Firewall runs on each computer running Windows Vista or Windows 7 and provides local protection from network attacks that might pass through your perimeter network or originate inside your organization. It also provides computer-to-computer connection security that allows you to require authentication and data protection for all communications.

The Windows Firewall is a stateful firewall, so it inspects and filters all TCP/IP version 4 (IPv4) and TCP/IP version 6 (IPv6) traffic. Unsolicited incoming traffic is dropped unless it is a response to a request by the host (solicited traffic) or it is specifically allowed (that is, it has been added to the exceptions list or is permitted by an inbound rule). Outgoing traffic from interactive applications is allowed by default, but outgoing traffic from services is limited by the firewall to that which is required according to each service’s profile in Windows Service Hardening. You can specify traffic to be added to the exceptions list and create inbound and outbound rules according to application name, service name, port number, destination network, domain membership, or other criteria by configuring Windows Firewall with Advanced Security settings.

For traffic that is allowed, the Windows Firewall also allows you to request or require that computers authenticate each other before communicating and to use data integrity and data encryption while exchanging traffic.

In Windows Vista, the Windows Firewall has many new features, including the following:

• Management integration with IPsec. Windows XP and earlier operating systems used two separate interfaces, even though the Windows Firewall and IPsec had a significant amount of feature overlap.

• New user and command-line interfaces. Improved interfaces simplify management and enable automated, scripted control over firewall settings.

• Full IPv6 support. If your organization uses IPv6, you can now take advantage of Windows Firewall.

• Outbound filtering. You can filter traffic being sent from a client computer as well as traffic being received by the computer. This enables you to restrict which applications can send traffic and where they can send it. For example, you might filter management alerts so that they can be sent only to your internal network. The outbound filtering feature in the Windows Firewall is not intended to prevent an infected computer from communicating, which is generally not possible (the malware might simply disable the firewall). Rather, outbound filtering allows administrators to assign policies to machines to prohibit known behavior, such as preventing unauthorized peer-to-peer software from communicating.

• Windows Service Hardening. This feature limits the actions a service can take and also limits how the service communicates on the network, reducing the damage caused during a security compromise.

• Full Group Policy integration. This feature enables you to centrally configure the Windows Firewall on all computers in your Active Directory Domain Services (AD DS) domain.

• Filtering traffic by new properties. The Windows Firewall can filter traffic by using the following:
- AD DS groups (authorized users and authorized computers)
- Internet Control Message Protocol (ICMP) extensions
- IP address lists
- Port lists
- Service names
- Authenticated by IPsec
- Encrypted by IPsec
- Interface type

• IP address authentication. The Windows Firewall supports IP address authentication with the ability to have two rounds of authentication with different credentials in each, including user credentials if desired.

• Application-based IPsec policies. The Windows Firewall now supports applicationbased IPsec policies.

• Simplified IPsec policy This type of policy makes it much easier to deploy Server and Domain Isolation. When configured with a simplified policy, client computers make two connections to a destination: one unprotected connection and one connection with IPsec. The client computer will drop whichever connection does not receive a reply. With a single rule, then, client computers can adapt themselves to communicate with IPsec or in clear-text, whichever the destination supports.

One of the biggest challenges of protecting computers is that security settings can degrade over time. For example, support desk personnel might change a security setting while troubleshooting a problem and forget to correct it. Even if you enable Automatic Updates, a mobile computer might fail to download updates while disconnected from the network. To help you detect security vulnerabilities, use the Microsoft Baseline Security Analyzer (MBSA), available at MBSA can audit security settings on multiple computers on your network. MBSA is also a great way to verify security settings on new computers before deploying them.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Defender

Windows Defender is a feature of Windows Vista and Windows 7 that provides protection from spyware and other potentially unwanted software. Windows Defender is signature based, using descriptions that uniquely identify spyware and other potentially unwanted software to detect and remove known applications. Windows Defender regularly retrieves new signatures from Microsoft so that it can identify and remove newly created spyware and other potentially unwanted software. Microsoft does not charge for signature updates.

Additionally, Windows Defender real-time protection monitors critical touchpoints in the operating system for changes usually made by spyware. Real-time protection scans every file as it is opened and also monitors the Startup folder, Run keys in the registry, Windows addons, and other areas of the operating system for changes. If an application attempts to make a change to one of the protected areas of the operating system, Windows Defender prompts the user to take appropriate action.

Windows Defender can also run a scan on demand to detect and remove known spyware. By default, Windows Defender will scan Windows Vista computers daily at 2:00 A.M. for malware infections; however, you can configure this behavior. Although Windows Defender real-time protection attempts to prevent most infections, nightly scanning allows Windows Defender to detect and remove newly discovered malware that might have circumvented the defenses of real-time protection.

The Microsoft SpyNet Community enables Windows Defender to communicate discoveries about new applications and whether users identify applications as malware or legitimate. Depending on how you configure Windows Defender, it can provide feedback to the SpyNet Community about new applications and whether users choose to allow the application to be installed. Feedback from the SpyNet Community helps Microsoft and users distinguish malware from legitimate software, enabling Windows Defender to more accurately identify malware and reduce the number of false alarms. Providing private feedback to the SpyNet Community is optional; however, all users can benefit from the information gathered by the community.

In addition to these features, Windows Defender includes Software Explorer. Software Explorer provides users with control over many different types of applications, including applications that install themselves into the browser and into applications that start automatically. Software Explorer is primarily intended for users who manage their own computers. In enterprise environments, IT departments will typically handle software removal. Windows Defender can also be installed on Windows XP with SP2.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Data Theft

As mobile computers, network connectivity, and removable media have become more common, so has data theft. Many businesses and government organizations store extremely valuable data on their computers, and the cost of having the data fall into the wrong hands can be devastating.

Today, many organizations mitigate the risk of data theft by limiting access to data. For example, applications might not allow confidential files to be stored on mobile computers. Or, users simply might not be allowed to remove computers from the office. These limitations do successfully reduce the risk, but they also reduce employee productivity by not allowing the staff to benefit from mobile computing.

Windows Vista and Windows 7 provide data protection technologies designed to meet stricter security requirements while still allowing users to work with confidential data in a variety of locations. Consider the following common data theft scenarios and how Windows mitigates the risks of each.

Physical Theft of a Mobile Computer or a Hard Disk, or Recovering Data from a Recycled or Discarded Hard Disk
Operating systems can provide active protection for the data stored on your hard disk only while the operating system is running. In other words, file access control lists (ACLs), such as those provided by the New Technology File System (NTFS), cannot protect data if an attacker can physically access a computer or hard disk. In recent years, there have been many cases of stolen mobile computers whose confidential data was extracted from the hard disk. Data is often recovered from computers that are recycled (by assigning an existing computer to a new user) or discarded (at the end of a computer’s life), even if the hard disk has been formatted.

Windows Vista and Windows 7 reduce the risk of this type of data theft by allowing administrators to encrypt files stored on the disk. As with Windows XP, Windows Vista and Windows 7 support Encrypting File System (EFS). EFS enables administrators and users to selectively encrypt files or to mark an entire folder to encrypt all files it contains. In addition to the capabilities offered by Windows XP, Windows Vista and Windows 7 enable you to configure EFS using Group Policy settings so that you can centrally protect an entire domain without requiring users to understand encryption.

EFS cannot protect Windows system files, however. Protecting Windows from offline attack (booting from removable media to access the file system directly or moving the hard disk to a different computer) helps ensure the integrity of the operating system even if a computer is stolen. BitLocker Drive Encryption in Windows Vista provides encryption for the entire system volume—thus protecting not only the operating system but also any data stored on the same volume (drive letter). In Windows 7, administrators can use BitLocker to protect both system and non-system volumes (as well as removable media, described in the next section). BitLocker can work transparently with supported hardware, or it can require multifactor authentication by requiring users to enter a password before allowing the volume to be decrypted. Depending on your security requirements, you can use BitLocker with existing computer hardware by storing the decryption keys on removable media or even by having users type a personal identification number (PIN) or password before Windows boots.

Copying Confidential Files to Removable Media
Organizations with strict security requirements often limit access to confidential data to computers on the local network and then do not allow those computers to be removed from the facility. Historically, these organizations would remove floppy drives from the computers to prevent users from saving confidential files. Recently, however, there has been a huge increase in the types of removable media available. Specifically, mobile phones, PDAs, portable audio players, and USB drives often have several gigabytes of storage capacity. Because they are small and extremely common, they might be overlooked even if a facility has security staff available to search employees entering or leaving a building.

Windows Vista and Windows 7 enable you to use Group Policy settings to limit the risk of removable media. Using the Group Policy settings in Computer Configuration\Policies
\Administrative Templates\System\Device Installation\Device Installation Restrictions, administrators can:

• Allow installation of entire classes of devices (such as printers) using the Allow Installation Of Devices Using Drivers That Match These Device Setup Classes setting.

• Disallow all unsupported or unauthorized devices using the Prevent Installation Of Devices That Match Any Of These Device IDs setting.

• Disallow any kind of removable storage device using the Prevent Installation Of Removable Devices setting.

• Override these policies if necessary for troubleshooting or management purposes using the Allow Administrators To Override Device Installation Policy setting.

While Windows Vista focused on providing administrators with the control they needed to prevent users from saving files to removable media, Windows 7 includes technology to protect files when they are copied to removable media: BitLocker To Go. BitLocker To Go provides volume-level encryption for removable media. To decrypt the contents of removable media, a user must type a password or insert a smart card. Without the password or smart card, the contents of the BitLocker To Go–encrypted media are almost impossible to access.

Accidentally Printing, Copying, or Forwarding Confidential Documents
Often, users need to share confidential documents to collaborate efficiently. For example, a user might e-mail a document to another user for review. However, when the document is copied from your protected shared folder or intranet, you lose control of the document. Users might accidentally copy, forward, or print the document, where it can be found by a user who shouldn’t have access.

There’s no perfect solution to protect electronic documents from copying. However, the
Windows Rights Management Services (RMS) client, built into Windows Vista and Windows 7, enables computers to open RMS-encrypted documents and enforce the restrictions applied to the document. With an RMS infrastructure and an application that supports RMS, such as Microsoft Office, you can:

• Allow a user to view a document but not save a copy of it, print it, or forward it.

• Restrict users from copying and pasting text within a document.

• Make it very difficult to open the document using a client that does not enforce RMS protection.

Windows 7 provides built-in support for using RMS to protect XML Paper Specification (XPS) documents. To use RMS, you need an RMS infrastructure and supported applications in addition to Windows Vista or Windows 7.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Malware - Protecting Against Network Worms

Bundling, social engineering, and browser exploits all rely on the user to initiate a connection to a site that hosts malware, but worms can infect a computer without any interaction from the user. Network worms spread by sending network communications across a network to exploit vulnerability in remote computers and install the worm. After it is installed, the worm continues looking for new computers to infect.

If the worm attacks a Windows Vista or Windows 7 computer, Windows offers four levels of protection:

• Windows Firewall blocks all incoming traffic that has not been explicitly permitted (plus a few exceptions for core networking functionality in the domain and private profiles). This feature blocks the majority of all current worm attacks.

• If the worm attacks an updated vulnerability in a Microsoft feature, Automatic Updates—which is enabled by default—might have already addressed the security vulnerability.

• If the worm exploits a vulnerability in a service that uses Windows Service Hardening and attempts to take an action that the service profile does not allow (such as saving a file or adding the worm to the startup group), Windows will block the worm.

• If the worm exploits a vulnerability in a user application, limited privileges enabled by UAC block system-wide configuration changes.

The original release of Windows XP lacked all of these levels of protection. With Windows XP Service Pack 2 (SP2), Windows Firewall and Automatic Updates are enabled, but the other levels of protection offered by Windows Vista and Windows 7 are unavailable.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Malware - Protecting Against Browser Exploit Malware Installations

Historically, many malware installations occurred because the user visited a malicious Web site, and the Web site exploited a vulnerability in the Web browser to install the malware. In some cases, users received no warning that software was being installed. In other cases, users were prompted to confirm the installation, but the prompt might have been misleading or incomplete.

Windows 7 provides four layers of protection against this type of malware installation:

• Automatic Updates, enabled by default, helps keep Internet Explorer and the rest of the operating system up to date with security updates that can fix many security vulnerabilities. Automatic Updates can obtain security updates from either or from an internal WSUS server.

• Internet Explorer Protected Mode provides only extremely limited rights to processes launched by Internet Explorer, even if the user is logged on as an administrator. Any process launched from Internet Explorer has access only to the Temporary Internet Files directory. Any file written to that directory cannot be executed.

• For administrators, UAC prompts the user to confirm before computer-wide configuration changes are made. For standard users, the limited privileges block most permanent per-computer changes unless the user can provide administrative credentials.

• Windows Defender notifies the user if malware attempts to install itself as a browser helper object, start itself automatically after a reboot, or modify another monitored aspect of the operating system.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Malware Defense-in-Depth

Defense-in-depth is a proven technique of layered protection that reduces the exposure of vulnerabilities. For example, you might design a network with three layers of packet filtering: a packet-filtering router, a hardware firewall, and software firewalls on each of the hosts (such as Internet Connection Firewall). If an attacker manages to bypass one or two of the layers of protection, the hosts are still protected.

The real benefit of defense-in-depth is its ability to protect against human error. Whereas a single layer of defense is sufficient to protect you under normal circumstances, an administrator who disables the defense during troubleshooting, an accidental misconfiguration, or a newly discovered vulnerability can disable that single layer of defense. Defense-in-depth provides protection even when a single vulnerability exists.

Although most new Windows security features are preventive countermeasures that focus on directly mitigating risk by blocking vulnerabilities from being exploited, your defense in-depth strategy should also include detective and reactive countermeasures. Auditing and third-party intrusion-detection systems can help to analyze an attack after the fact, enabling administrators to block future attacks and possibly identify the attacker. Backups and a disaster recovery plan enable you to react to an attack and limit the potential data lost.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Malware - Protecting Against Bundling and Social Engineering

Two of the most common ways that malware becomes installed on a computer are bundling and social engineering. With bundling, malware is packaged with useful software. Often the user is not aware of the negative aspects of the bundled software. With social engineering, the user is tricked into installing the software. Typically, the user receives a misleading e-mail or browser pop-up containing instructions to open an attachment or visit a Web site.

Windows Vista and Windows 7 offer significantly improved protection against both bundling and social engineering. With the default settings, malware that attempts to install via bundling or social engineering must circumvent two levels of protection: UAC and Windows Defender.

UAC either prompts the user to confirm the installation of the software (if the user is logged on with an administrative account) or prompts the user for administrative credentials (if the user is logged on with a Standard account). This feature makes users aware that a process is trying to make significant changes and allows them to stop the process. Standard users are required to contact an administrator to continue the installation.

Windows Defender real-time protection blocks applications that are identified as malicious. Windows Defender also detects and stops changes the malware might attempt to make, such as configuring the malware to run automatically upon a reboot. Windows Defender notifies the user that an application has attempted to make a change and gives the user the opportunity to block or proceed with the installation.

With Windows XP and earlier versions of Windows, bundling and social engineering malware installations were likely to succeed because none of these protections was included with the operating system or service packs.

Windows Defender adds events to the System Event Log. Combined with event subscriptions or a tool such as Microsoft Systems Center Operations Manager (SCOM), you can easily aggregate and analyze Windows Defender events for your organization.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Windows Malware

Security threats have constantly changed to adapt to each new generation of operating system. In the past several years, the prevalence of malware (a broad term that encompasses viruses, worms, Trojan horses, and rootkits, as well as spyware and other potentially unwanted software) has soared.

Microsoft uses the term spyware and potentially unwanted software to refer to software that is unwanted but not unambiguously harmful. In this book, the definition of malware includes both clearly malicious viruses and worms and the more ambiguous spyware and potentially unwanted software.

Viruses, worms, and Trojan horses can spread from computer to computer by exploiting software vulnerabilities, guessing user credentials, or tricking users with social engineering techniques. Spyware and potentially unwanted software spread via these techniques and also by legitimate installations initiated by users. Users can install an application, unaware of the undesired functionality of the program or of a program that is bundled with the application. Because of the challenges in identifying malware, it might be impossible to eliminate the threat completely. However, Windows Vista and Windows 7 have many new security features to help protect computers from malware.

Many malware infections can be prevented by installing updates on a mobile computer or by adjusting the security configuration. Group Policy, Windows Server Update Services
(WSUS), and other management technologies have greatly simplified the task of rapidly distributing updates and security changes. However, these changes take effect only when client computers connect to the internal network. When users travel, mobile computers might go days, weeks, or months without connecting to the internal network. DirectAccess, a new technology introduced with Windows 7 and Windows Server 2008 R2, automatically connects computers to the internal network any time they have an Internet connection. Therefore, DirectAccess can keep Windows 7 mobile client computers up to date more regularly than earlier versions of Windows, giving IT the control they need to mitigate newly discovered vulnerabilities by distributing updates or configuration changes.

Originally introduced with Windows Vista, UAC limits the ability of malware to install by enabling IT professionals to deploy users as standard users rather than as administrators. This helps prevent users from making potentially dangerous changes to their computers without limiting their ability to control other aspects on their computers, such as time zone or power settings. For anyone who does log on as an administrator, UAC makes it more difficult for malware to have a computer-wide impact. Windows 7 includes improvements to UAC by reducing the number of prompts that users experience. Additionally, administrators can adjust consent prompt behavior. By making UAC more usable, Windows 7 reduces the cost of deploying Windows using a protected desktop environment. Similarly, the Protected Mode of Internet Explorer runs it without the necessary privileges to install software (or even write files outside of the Temporary Internet Files directory), thereby reducing the risk that Internet Explorer can be abused to install malware without the user’s consent.

Windows Defender detects many types of spyware and other potentially unwanted software and prompts the user before applications can make potentially malicious changes. In Windows 7, Windows Defender includes significantly improved performance for real-time monitoring. By reducing the performance penalty of real-time monitoring, more IT departments can leave real-time monitoring enabled, thus realizing the security benefits. Additionally, Windows Defender uses the Action Center to notify users of potential problems. Windows Service Hardening limits the damage attackers can do in the event that they are able to successfully compromise a service, thereby reducing the risk of attackers making permanent changes to the operating system or attacking other computers on the network. Although Windows 7 cannot eliminate malware, these new technologies can significantly reduce the impact of malware.

Windows 7 is designed to block many types of common malware installation techniques.
The sections that follow describe how Windows Vista and Windows 7 protect against malware that attempts to install without the user’s knowledge through bundling and social engineering, browser exploits, and network worms.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

Using Windows 7 Network Explorer

In previous versions of Windows, the Network link was prominently displayed right in the Start menu, providing you with a quick way to access resources on your home network. In Windows 7, Network does not appear on the Start menu by default. You can enable it via Taskbar and Start Menu Properties if you think you’re going to use it a lot (as we do), or you can simply enter network in Start Menu Search and choose the Network entry from the search results list that appears.

Either way, when you do so you’ll see the Network Explorer. Compared to the My Network Places view in Windows XP, the Network Explorer is quite an improvement. (It’s very similar to Network Explorer in Windows Vista, however.)

From the Network Explorer, you gain access to the following:

• Discovered computers: These are computers on the local network that offer folder and printer shares. You should be able to connect to any PCs on a Home or Work network, but only the local PC on a Public network. If you double-click on a discovered computer, you’ll see a list of the folder and printer shares available on that system, assuming you have the correct access privileges.

• Media devices: This includes digital media–oriented hardware devices, such as Xbox 360 video game consoles, Media Center Extenders, and other digital media receivers, as well as any shared media libraries on Windows-based PCs. Each of these items behaves a bit differently. For example, if you click a shared media library, Windows Media Player 11 will load and display the shared library. Doubleclick a Media Center Extender and Windows Media Center will launch, enabling you to configure connectivity between the two. And if you double-click an Xbox 360 or other digital media receiver, Windows Media Player will launch and present its Media Sharing interface so you can configure sharing with that device.

• Network infrastructure: Your broadband router will show up here as long as it’s compatible with modern networking technologies such as Universal Plug and Play (UPnP). Double-clicking this icon usually loads the device’s Web-based management console, which varies from manufacturer to manufacturer.

• Other devices: When Network Explorer detects other network devices but can’t correctly identify them, it places them in the Other Devices category and provides a generic icon. Windows Home Server causes such an icon to appear, for example. Double-clicking one of these icons triggers a UPnP event which, in the case of Windows Home Server, launches IE and displays the server’s Webbased welcome page.

Source of Information : Wiley Windows 7 Secrets

Introducing the Home Server

In late 2007, Microsoft’s PC maker and hardware partners began shipping specially designed home server products based around a new operating system called Windows Home Server. Code-named “Q” (and previously code-named “Quattro”), Windows Home Server is just what its name suggests, a home server product. It provides a central place to store and share documents, along with other useful services for the connected home. Windows Home Server is designed to be almost diabolically simple, and after 2½ years of active development, Microsoft decided that it had achieved an interface that was both simple enough for the most inexperienced user and powerful enough for even the most demanding power user.

Okay, maybe that’s a bit of a stretch; but given what it does—bring the power of Microsoft’s server operating system software into the home—Windows Home Server is pretty darned impressive. And if you’re in the Windows Home Server target market—that is, you have broadband Internet access and a home network with two or more PCs—this might just be the product for you. In many ways, it’s the ultimate add-on for Windows 7. From a mile-high view, Windows Home Server provides four basic services: centralized PC backup and restore, centralized PC and server health monitoring, document and media sharing, and remote access.

Truth be told, Windows power users don’t have to buy a prebuilt home server to get Windows Home Server, though we’ve both had excellent results doing so ourselves. Instead, if you’d like to purchase just the Windows Home Server software and install it on your own PC-based server, you can do so. Just visit an online electronics retailer such as and search for Windows Home Server. The software typically costs less than $100 in the United States.

Windows Home Server Evolution
The initial Windows Home Server generation, which is still current at the time of this writing, is based on Windows Server 2003, a previous generation version of Microsoft’s enterprise-class server OS. In addition to the initial release, Windows Home Server has also seen two major updates, Power Pack 1 (PP1) and Power Pack 2 (PP2). The first version of Windows Home Server provided all of the basics, which are still present in today’s product: PC backup and restore functionality, PC and server health monitoring, document and media sharing, remote access, and, as crucially, an extensibility model that enables developers to create add-ins, small software updates that enhance Windows Home Server’s capabilities in fun and interesting ways.

Windows Home Server PP1 was released in mid-2008. This update includes compatibility for 64-bit (x64) versions of Windows Vista (and Windows 7), server backup capabilities, improvements to remote access, and a number of other changes. Key among these is a fix for a data corruption bug that affected almost no users but was widely reported by the press.

Windows Home Server PP2 debuted in April 2009 and included features that made this product more interesting to the hardware makers that sell Home Servers. It adds support for the Italian language (in addition to the currently supported Chinese, English, French, German, Japanese, and Spanish languages), improves the SDK for developers, and vastly simplifies the “day one” experience (what used to be called OOBE, or out of box experience), reducing the number of steps a new user has to complete from 23 to 13. PP2 also includes a simplified and improved remote access experience, and enhanced media sharing, especially for Media Center users. Of course, Microsoft is also working on a next-generation Windows Home Server codenamed Veil, which will ship after Windows 7. Windows Home Server v2 will be based on the Windows Server 2008 R2 generation of server products that appeared alongside Windows 7 and will no doubt interact seamlessly with Windows 7 features like HomeGroups. Sadly, that product wasn’t ready for testing at the time of this writing.

In addition to Microsoft’s work on Windows Home Server, some key hardware partners have been working over the years to steadily improve their Windows Home Server machines with innovative hardware designs and interesting software solutions that extend core functionality through high-quality add-ins. Key among these is HP, whose MediaSmart Server line has proven to be the customer favorite in the United States, and for good reason: these machines consistently provide an even better experience than the stock Windows Home Server experience documented here. And yes, both Paul and Rafael rely on HP MediaSmart Servers in their own homes. These are excellent servers. HP currently markets two different MediaSmart families of servers. The high-end MediaSmart EX series is the mainstream Home Server and supports multiple internal hard drives. It’s shown in Figure 10-1. The HP MediaSmart Server LX series, meanwhile, is a one-hard-drive option that is aimed at the low end of the market, these servers can be expanded externally.

Source of Information : Wiley Windows 7 Secrets

Using Network Explorer in Windows 7

In previous versions of Windows, the Network link was prominently displayed right in the Start menu, providing you with a quick way to access resources on your home network. In Windows 7, Network does not appear on the Start menu by default. You can enable it via Taskbar and Start Menu Properties if you think you’re going to use it a lot (as we do), or you can simply enter network in Start Menu Search and choose the Network entry from the search results list that appears.

Either way, when you do so you’ll see the Network Explorer. Compared to the My Network Places view in Windows XP, the Network Explorer is quite an improvement. (It’s very similar to Network Explorer in Windows Vista, however.)

From the Network Explorer, you gain access to the following:
• Discovered computers: These are computers on the local network that offer folder and printer shares. You should be able to connect to any PCs on a Home or Work network, but only the local PC on a Public network. If you double-click on a discovered computer, you’ll see a list of the folder and printer shares available on that system, assuming you have the correct access privileges.

• Media devices: This includes digital media–oriented hardware devices, such as Xbox 360 video game consoles, Media Center Extenders, and other digital media receivers, as well as any shared media libraries on Windows-based PCs. Each of these items behaves a bit differently. For example, if you click a shared media library, Windows Media Player 11 will load and display the shared library. Doubleclick a Media Center Extender and Windows Media Center will launch, enabling you to configure connectivity between the two. And if you double-click an Xbox 360 or other digital media receiver, Windows Media Player will launch and present its Media Sharing interface so you can configure sharing with that device.

• Network infrastructure: Your broadband router will show up here as long as it’s compatible with modern networking technologies such as Universal Plug and Play (UPnP). Double-clicking this icon usually loads the device’s Web-based management console, which varies from manufacturer to manufacturer.

• Other devices: When Network Explorer detects other network devices but can’t correctly identify them, it places them in the Other Devices category and provides a generic icon. Windows Home Server causes such an icon to appear, for example. Double-clicking one of these icons triggers a UPnP event which, in the case of Windows Home Server, launches IE and displays the server’s Webbased welcome page.

Source of Information : Wiley Windows 7 Secrets

Windows 7 - XPS Print Output

Windows 7 includes support for a newer document file type called XPS, which stands for XML Paper Specification. This is a file format that represents printed output electronically. The idea is that you can view an XPS file on any computer that has an XPS viewer program, without having to have a copy of the application that created the document. For example, you can view the XPS version of a Microsoft Word document without having to have a copy of Word. If this sounds suspiciously like Adobe’s PDF file format, you’re right. XPS is Microsoft’s attempt to create a universal electronic document format. XPS has some advantages, but PDF is so widely used and understood that we suspect XPS doesn’t stand a chance. In any case, Windows 7 does come with built-in support for XPS. You can generate XPS documents simply by following these steps:

1. Edit and format a document in one of your applications. Be sure to save the document in the application’s native format, so that you can come back and change it later. You can’t edit an XPS file.

2. Use the application’s Print function. Most applications display the standard Windows print dialog. Select the Microsoft XPS Document Writer printer. Click Print.

3. When the Save the File As dialog box appears, select a location and name for the XPS document.

You can now distribute the XPS document to others to view and print as desired. Windows 7 and Vista have built-in XPS document viewers. On Windows 7 or Vista, just double-click an XPS file to open and view it.

Microsoft has created tools for viewing and creating XPS files on Windows XP, which you can get from; just search for “Get the XPS Viewer”. This tool requires the .NET Framework, so you may need to download and install that program as well. On other operating systems, you will need to download an XPS viewer program from some other source.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Advanced Printer Management

Windows 7 comes with a printer management tool that’s part of the Windows Management Console system. It’s intended primarily for network administrators who sometimes have to manage dozens of printers spread around an office. I won’t go into great detail on this tool here because it’s fairly self-explanatory, but I’ll show you how it works.

To run the tool, click Start, Control Panel, System and Security, Administrative Tools. Then, doubleclick Print Management. You might need to confirm the User Account Control prompt or enter an Administrator password, because this tool requires elevated privileges.

The left pane lets you choose views that include lists of all the printers installed on the local computer (or on a domain network), all printers that have documents pending, and so on. You can also create custom “filters” to select only printers with specific attributes.

Under the Print Servers section, the local computer is listed, and you can right-click the “Print Servers” title to add the names of other computers on your network (or named print server devices). You can use this feature to build a single panel that lists all your organization’s printers. Print servers that you add to this list will remain in the list the next time you run the printer management tool.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Printing from DOS Applications

If you are still using MS-DOS applications, printing is one of the more problematic areas. Many modern inexpensive inkjet and laser printers don’t support output from DOS programs because they don’t have enough built-in smarts to form the character images by themselves. If you need laser or inkjet output from a DOS application, be sure that any new printer you buy uses a page-description language supported by your application, such as PostScript, HP’s PCL, or one of the Epson text formats.

Furthermore, most DOS applications can print only to LPT ports. If you want to use a printer that is on a USB port or is out there somewhere on a LAN, you must share the printer (even if it’s just attached to your own computer and you’re not using a network), and then issue the command

net use lpt2: \\computername\sharename

from the Command Prompt window, replacing computername with your computer’s name and sharename with the name you used when you shared the printer. Direct your DOS program to use LPT2. (You can use LPT1, LPT2, or LPT3, but you must select an LPT port number that does not have an associated physical LPT port in your computer.)

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Printing Offline

If your printer is disconnected, you can still queue up documents for printing. You might want to do this while traveling, for instance, if you have a laptop and don’t want to drag a 50-pound laser printer along in your carry-on luggage. (It’s hard to get them through security.)

If you try this, however, you’ll quickly find that the Print Manager will beep, pop up messages to tell you about the missing printer, and otherwise make your life miserable. To silence it, Open the Devices and Printers window. Right-click the printer icon and select See What’s Printing. Then, in the queue window’s menu, click Printer, Use Printer Offline. The printer’s icon will turn a light-gray color to show that it’s been set for offline use, and Windows will now quietly and compliantly queue up anything you “print.”

Just don’t forget that you’ve done this or nothing will print even when you’ve reconnected your printer. You’ll end up yelling at your unresponsive printer, when it’s only doing what it was told. When you’ve reconnected the printer, repeat those steps and uncheck Use Printer Offline. This is a nifty feature, but available only for local printers, not printers shared by other computers.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 Printing Troubleshooting

No Output from Printer
If your print jobs never make it out the other end of the printer, open the Devices and Printers window and work through this checklist:

• First, ask yourself whether you printed to the correct printer. Check to see whether your default printer is the one from which you are expecting output. If you’re on a LAN, you can easily switch default printers and then forget that you made the switch.

• Right-click the printer icon and see whether the option Use Printer Online appears. If it does, select this item.

• Check to see whether the printer you’ve chosen is actually powered up, online, and ready to roll.

• If you’re using a network printer, check whether the station serving the printer is powered up and ready to serve print jobs.

• Then check the cabling. Is it tight?

• Does the printer need ink, toner, or paper? Are any error lights or other indicators on the printer itself flashing or otherwise indicating an error, such as a paper jam?

• Are you printing from an MS-DOS application? You may need to use the net use command to redirect an LPT port to your Windows printer. See “Printing from DOS Applications” earlier in this chapter for more information.

• If all else fails, restart Windows. It’s sad that we have to suggest this, but it sometimes does bring a zombie printer back to life.

Printer Produces Garbled Text
If your printed pages contain a lot of garbled text or weird symbols, check the following:

• You might have the wrong driver installed. Run the print test page and see whether it works. Open the Devices and Printers window (by choosing Start, Devices and Printers), open the printer’s Properties dialog box, and print a test page. If that works, you’re halfway home. If it doesn’t, try removing the printer and reinstalling it. Right-click the printer icon in the Devices and Printers window and choose Delete. Then add the printer again, and try printing.

• If the printer uses plug-in font cartridges, you also might have the wrong font cartridge installed in the printer, or your text might be formatted with the wrong font.

• Some printers have emulation modes that might conflict with one another. Check the manual. You may think you’re printing to a PostScript printer, but the printer could be in an HP emulation mode; in this case, your driver is sending PostScript, and the printer is expecting PCL.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Removing a Printer

You might want to remove a printer setup for several reasons:
• The physical printer has been removed from service.

• You don’t want to use a particular network printer anymore.

• You had several definitions of a physical printer using different default settings, and you want to remove one of them.

• You have a nonfunctioning or improperly functioning printer setup and want to remove it and start over by running the Add Printer Wizard.

In any of these cases, the approach is the same:

1. Be sure you are logged on with Administrator privileges.

2. Open the Devices and Printers window.

3. Be sure nothing is in the printer’s queue. You have to cancel all jobs in the printer’s queue before deleting the printer. If you don’t, Windows will try to delete all jobs in the queue for you, but it unfortunately isn’t always successful.

4. Right-click the printer icon you want to kill, and choose Remove Device.

5. Windows will ask you to confirm that you want to delete the printer. Click Yes. The printer icon or window disappears from the Devices and Printers window.

The removal process removes only the printer icon in the Devices and Printers window. The related driver files and font files are not deleted from your hard disk. Therefore, if you ever want to re-create the printer, you don’t have to insert disks or respond to prompts for the location of driver files. On the other hand, if you are having problems with the driver, deleting the icon and then reinstalling the printer won’t delete the bad driver. Use the New Driver tool on the Advanced tab of the Properties dialog box to solve the problem in this case.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Printer Properties

To make changes to a printer driver or its physical connection to your computer, or to define some of the default settings that will be supplied to every user, click Start, Devices and Printers. Rightclick the printer icon and select Printer Properties. (That’s Printer Properties, not just plain Properties.)

Each time you add a printer, Windows creates an icon for it in the Devices and Printers window. Although each is called a printer, it is actually just a “pointer” to the printer, much the way a shortcut represents a document or application on the Windows desktop. A given physical printer can have multiple icons, each with different default settings. For example, one could be set to print in landscape orientation on legal-size paper, whereas another printer could default to portrait orientation with letter-size paper. Of course, you can always adjust these settings when you go to print a document, but that can get tedious. If you create multiple printer icons for the same printer, with different, descriptive names, you can choose a setup just by selecting the appropriate printer icon.

Printer Properties Tabs
This tab lists the name, location, model number, and features of the printer. From this tab, you can print a test page. You also can click the Preferences button to change your personal printing preferences (the same settings described in the previous section) Some color printers may have settings for paper quality and color control and buttons for maintenance functions on this tab.

On this tab, you can alter whether the printer is shared with other network users and what the share name is.

Ports On this tab, you can select the printer’s connection port, add and delete ports, and in some cases configure the physical connection itself. This tab also lets you set up additional ports for network-connected printers.

This tab controls time availability, printer priority, driver file changes, spooling options, and advanced printing features such as booklet printing and page ordering. The first two settings are pertinent to larger networks and should be handled by a server administrator.
Booklet printing is worth looking into if you do lots of desktop publishing. Using this option, you can print pages laid out for stapling together small pamphlets. The New Driver button on the Advanced tab lets you replace the current driver with a better one, should this be necessary. The Printing Defaults button lets you set the default printing properties supplied to each user. They can then customize them as described in the previous section.

Color Management
On this tab, you can set optional color profiles on color printers, if this capability is supported.

This tab let you control who has access to print, manage printers, or manage documents from this printer.

Device Settings
The settings on this tab vary greatly among printers. For example, you can set paper size in each tray, tell Windows how much RAM is installed in the printer, and substitute fonts.

Lists the printer’s driver components.

This tab, if present, might contain options for inkjet nozzle cleaning, head cleaning, head alignment, and so on.

This tab, if present, contains information about your Bluetooth printer and connection in case you need to troubleshoot connection problems.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - Changing a Printer’s Properties

When you add a printer, the wizard adds an icon for it in the Devices and Printers window, and it’s ready to go. At that point, you can start using it, or you can adjust its preferences and properties to suit your taste. Each printer driver several sets of preference and properties dialogs, each with enough settings to choke a horse.

Different printers have different features, and your printer’s driver will dictate the particular set of options that will be available. Because of the variations possible, the following sections describe only the most general and common options. (In other words, your fancy new printer may have options we’ve never even heard of.) As I mentioned, there are several sets of printer properties and preferences, each of which serves a different purpose:

• Printing Preferences—These are the default settings that each application will start with when you use the application’s Print function. These include paper size, page orientation, and paper source. Although many applications have a Print Setup command that lets you make changes for an individual document, each application starts with the selections made in the printer’s Printing Preferences. Preferences are per-user settings. Each computer user can set his or her own printing preferences.

• Printer Properties—These are settings that apply to the printer itself, most of which tell Windows how to communicate with the printer, what capabilities and optional features it has, and so on. Printer properties also include settings that determine the initial printing preferences for each user.

• Print Server Properties—These are settings that apply to all printers used by the computer. They include paper size and form definitions.

Each printer has also a Properties dialog box, but on Windows 7, it’s of no use because of how the new Devices and Printers window is organized. (The Properties dialog is useful for most other devices.) It takes a little getting used to, because in all previous versions of Windows, to configure a printer you would rightclick its icon and select Properties.
In Windows 7, you must use the other three choices that I just mentioned.

If the Layout tab is not present, you should be able to set the default page orientation on the Paper/Quality or Effects tabs. If your printer’s preferences dialog looks like the one, as it does on at least some Hewlett-Packard laser printers, you must click on an icon to change the orientation. I have no idea why they’d make such an important setting so unobvious.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - What to Do If Your Printer Isn’t Listed

If your printer isn’t detected with Plug and Play and isn’t listed in the printer manufacturer and model selection list discussed in the previous section, you’ll have to find a driver elsewhere. First, your printer probably came with a CD-ROM containing driver software. In the printer manufacturer selection dialog box, click Have Disk, and then click Browse to find the Windows 7 driver files for your printer. Select the appropriate INF file and click OK. If you can’t find the disk or if it doesn’t contain a Windows 7 driver, don’t worry; there’s still hope. Windows Vista, XP, and Windows 2000 drivers are compatible, and your disk most likely has drivers for these OSs.

Virtually all printers manufactured since the late 1990s have Windows XP– or Windows 2000–compatible drivers, and many earlier printers are supported as well. The Windows Update button lets Windows download additional printer drivers from Microsoft, and this may well obtain the correct driver for you. If Windows Update doesn’t help, your next step should be to visit the printer manufacturer’s website. Check out their Product Support section, and look for a way to locate and download drivers. If you can find an appropriate driver, follow the manufacturer’s instructions for downloading it. It will probably come as a compressed or executable file that has to be expanded or run, and this will put the installation files into a folder on your hard drive. You can then use the “Have Disk” feature discussed earlier to point Windows to this folder.

If neither Microsoft nor the manufacturer provides a driver, hope is fading. Still, some off-brand printers or models are designed to be compatible with one of the popular printer types, such as the Apple LaserWriters, HP LaserJets, or one of the Epson series. Also, many printer models are very similar and can use the same driver (with mostly correct results). Check the product manual or manufacturer’s website to see if your printer supports an emulation mode. This might help you identify an alternative printer model, and you can try its driver. Assuming that you have obtained a printer driver, follow these instructions to install it:

1. If you obtained a driver by downloading it from the Internet, run the downloaded file. This will either install the drivers directly or “expand” or “unzip” a set of files into a location on your hard disk. Take note of the location.

2. Follow steps 1 through 4 in the preceding section.

3. Click the Have Disk button.

4. You’re now prompted to insert a disk. Click the Browse button. If you downloaded the driver, locate the folder in which the driver files were expanded or unzipped. If you have a CD, insert the CD, wait a few moments, then browse to the driver files on the CD.
The wizard is looking for a file with an .inf extension, which is the standard file extension the installer setup file provided with all drivers. You may have to hunt around a bit to find a folder with drivers for Windows 7, Vista, or XP.

5. When you have located the folder with INF files, click OK. You might have to choose a printer model from a list if multiple options exist.

6. Continue through the wizard dialog boxes as explained in the previous section.

Use the Internet to see if other people have run into the same problem and have found a solution. For instance, you might use Google to search for “Windows 7 printer driver manufacturer model”, substituting in the manufacturer’s name and model number. However, don’t download a driver from some random site: It could be infected with a virus. Download drivers only from a credible corporate or institutional website.

Source of Information : QUE Microsoft Windows in Depth

Windows 7 - If the Printer Isn’t Found

If your printer isn’t found automatically using the options in the preceding section, you have to fake out Plug and Play and go the manual route. To do so, follow these steps:

1. Open the Devices and Printers window by clicking Start, Devices and Printers. At the top of the Devices and Printers window, select Add a Printer.

2. Select Add a Local Printer.

3. Select the port to which the printer is connected. The choices are as follows:
• LPT1:, LPT2:, LPT3:—These are parallel port connections. Most computers have only one parallel port connection, LPT1. The higher-numbered ports will still appear in the list even if your computer doesn’t have them—be careful.

• COM1: through COM4:—If you know your printer is of the serial variety, it’s probably connected to COM1 or COM2. If COM1 is tied up for use with some other device, such as a modem, use COM2.

• File—If you select this port, when you subsequently print a document, you will be prompted for the name of a file into which the printer commands will be stored. The main use for this option is with a PostScript printer driver, to create a file for submission to a print shop.

• BTH001—This is for printing to a wireless Bluetooth printer if you have one connected to your computer.

• XPS—The XPS port provides another “save to file” function. This port directs print output to an XPS sharable document format file.

• Create a New Port—This is used to make connections to printers that are directly connected to your LAN and are to be controlled by your computer.

After selecting the correct port, click Next.

4. Select the manufacturer and model of your printer in the next dialog box, You can quickly jump to a manufacturer’s name by pressing the first letter of the name, such as H for HP. Then use the up- and down-arrow keys to home in on the correct one.

If you can’t find the appropriate model, you have three choices:
• If you have an Internet connection, click Windows Update to see if Microsoft has a driver available. This might well work.

• Get the manufacturer’s driver on a floppy disk or CD-ROM or download it via the Internet, open or run the downloaded file to expand its files, and then click Have Disk. Locate the driver (look for an INF file, the standard type for driver setup programs) and click OK.

• Choose a similar, compatible model and risk getting less-than-perfect output. This option can often be successful with dot-matrix printers and older inkjet and laser printers, but is less likely to work with modern cheap inkjet or laser printers that have no internal “smarts.”

If the wizard finds that the appropriate driver is already installed on your machine, you can elect to keep it or replace it. It’s up to you. If you think the replacement will be better, go for it. By contrast, if no driver is listed on the machine, you may be prompted to install it or insert a disk from the vendor. On the whole, manufacturer-provided drivers tend to be newer and better than the default ones provided with Windows.

When you have selected a printer manufacturer and model, click Next.

5. By default, the printer will be named using its full model name. You can change or shorten this if you wish. Then, click Next.

6. By default, the printer will be shared on your network. The default share name is the printer’s name as set in the previous step, but you can modify or shorten the share name if you wish. Some computers have trouble with names longer than 31 characters, so if you intend to share the printer, keep the name short and sweet. To help other users identify the printer, you can also type in a location and a comment. If you do not want to share the printer, click Do Not Share This Printer. Then, click Next.

7. If you want this printer to be your default (primary) printer, check Set As the Default Printer. Click Next. A User Account Control prompt may appear, confirming that you want to install the driver.

8. If you want be sure the printer is working, click Print a Test Page; otherwise, click Finish. When you’re finished, the icon for the printer appears in your Devices and Printers window.

If you have just set up a printer that’s connected to a serial (COM) port, right-click the printer’s icon and select Properties. View the Ports tab, highlight the correct COM port line (which should be checked), and click Configure Port. Select the proper data transfer rate in bits per second (baud rate), data bits, parity, stop bits, and flow control. For most serial printers, these settings should be 9600, 8, None, 1, and Xon/Xoff, respectively. Finally, click OK to save the changes.

If your printer is set up and working now, you can skip ahead to the section “Changing a Printer’s Properties.”

If the driver software isn’t “signed” with digital proof that it came from the manufacturer that it says it came from, Windows may warn you. Permit the software to be installed only if you know that it came directly from a reputable manufacturer. If it came from a website other than the manufacturer’s, you probably do not want to trust it. On a corporate network you may be prevented from installing any unsigned drivers.

Source of Information : QUE Microsoft Windows in Depth

The many complications and risks of tape

Magnetic tape technology was adopted for backup many years ago because it met most of the physical storage requirements, primarily by being ...