Thursday, September 11, 2014

How to Create and Run Virtual Machines With Hyper-V

run-linux-in-hyper-v-on-windows-8.1

Hyper-V is a virtual machine feature built into Windows. It was originally part of Windows Server 2008, but made the leap the to desktop with Windows 8. Hyper-V allows you to create virtual machines without any additional software.
This feature isn’t available on Windows 7, and it requires the Professional or Enterprise editions of Windows 8 or 8.1. It also requires a CPU with hardware virtualization support like Intel VT or AMD-V, features found in most modern CPUs.

Install Hyper-V

Hyper-V isn’t installed by default on Windows 8 Professional and Enterprise systems, so you’ll have to install it before you can use it. Thankfully, you don’t need a Windows disc to install it — you just need to click a few checkboxes.
Tap the Windows key, type “Windows features” to perform a search, and then click the “Turn Windows features on or off” shortcut. Check the Hyper-V checkbox in the list and click OK to install it. Restart your computer when prompted.
install-hyper-v-on-windows-8-or-8.1

Open Hyper-V Manager

To actually use Hyper-V, you’ll need to launch the Hyper-V Manager application. You’ll find it in your list of installed programs, and you can also launch it by searching for Hyper-V.
The Hyper-V Manager application refers to a “virtualization server,” which gives away its heritage as a tool for servers. It can be used to run virtual machines on your own computer — in that case, your local computer functions as a local virtualization server.
launch-hyper-v-manager

Set Up Networking

Click the name of your local computer in Hyper-V Manager to find the options for your current computer.
You’ll probably want to give the virtual machine access to the Internet and local network, so you’ll need to create a virtual switch. Click the Virtual Switch Manager link first.
virtual-switch-manager
Select External in the list to give virtual machines access to the external network, and click Create Virtual Switch.
virtual-switch-manager-create-external-switch
Give the virtual switch a name afterward and click OK. The default options should be fine here, although you should ensure the External network connection is correct. Be sure to select the network adapter that’s actually connected to the Internet, whether it’s Wi-Fi or wired Ethernet.
give-virtual-machine-networking-in-hyper-v

Create a Virtual Machine

Click New > Virtual Machine in the Actions pane to create a new virtual machine.
create-new-virtual-machine-in-hyper-v-manager
RELATED ARTICLE
Beginner Geek: How to Create and Use Virtual Machines
Virtual machines allow you to run an operating system in a window on your desktop. Use them to run software... [Read Article]
The New Virtual Machine Wizard window will appear. Use the options to name your virtual machine and configure its basic hardware. This should all be fairly self-explanatory if you’ve ever used another virtual machine program before. When you reach the Configure Networking pane, you’ll need to select the virtual switch you configured earlier — if you didn’t configure one, the only option you’ll see here is “Not Connected,” which means your virtual machine won’t be connected to the network unless you add a network adapter to its virtual hardware later.
hyper-v-new-virtual-machine-wizard
If you have an ISO file containing your guest operating system’s installation files, you can select it at the end of the process. Hyper-V will insert the ISO file into the virtual machine’s virtual disc drive so you can boot it afterwards and immediately start installing your guest operating system of choice.
install-operating-system-from-iso-file

Boot the Virtual Machine

Your new virtual machine will appear in the Hyper-V Manager list. Select it and “Start” it — click Start in the sidebar, click Action > Start, or right-click it and select Start. The virtual machine will boot up.
hyper-v-manager-start-virtual-machine
Next, right-click the virtual machine and click Connect to connect to it. Your virtual machine will then open in a window on your desktop — if you don’t connect to it, it just runs in the background with no visible interface. Again, it’s easy to see how this management interface was designed for servers.
After you connect, you’ll see a standard virtual machine window with options you can use to control the virtual machine. It should look familiar if you’ve ever used VirtualBox or VMware Player. Go through the normal installation process to install the guest operating system in the virtual machine.
When you’re done installing the operating system, click Action > Insert Integration Services Setup Disk. Open the Windows file manager and install the integration services from the virtual disc. This is Hyper-V’s counterpart to VirtualBox Guest Additions and VMware Tools
hyper-v-connected-window

Using Hyper-V

When you’re done with the virtual machine, make sure you’ve shut it down or turned it off in the Hyper-V Manager window — just closing the window won’t actually close the virtual machine, so it will stay running in the background. The virtual machine’s state should be “Off” if you don’t want it running.
turn-off-virtual-machine-in-hyper-v
Each virtual machine has a settings window you can use to configure its virtual hardware and other settings. Right-click a virtual machine and select Settings to adjust these options. Many of these settings can only be modified while the virtual machine is turned off.
virtual-machine's-settings-in-hyper-v
This tool was created by Microsoft, but that doesn’t mean it only works with Windows. Hyper-V can also be used to run Linux-based virtual machines. We were able to run Ubuntu 14.04 with Hyper-V on Windows 8.1 — no special configuration required.
install-ubuntu-14.04-in-hyper-v-on-windows-8.1

Hyper-V has other useful features, too. For example, checkpoints work like snapshots in VirtualBoxor VMware. You can create a checkpoint and then revert your guest operating system’s state to that state later. It’s a useful feature for experimenting with software or tweaks that may cause problems in your guest operating system

Sunday, July 13, 2014

How to Set Up BitLocker Encryption on Windows

bitlocker-locked-drive-icon

Windows can encrypt entire operating system drives and removable devices with its built-in BitLocker encryption. When TrueCrypt controversially closed up shop, they recommended their users transition away from TrueCrypt to BitLocker.
BitLocker Drive Encryption and BitLocker To Go require a Professional or Enterprise edition of Windows 7, 8, or 8.1. However, the “core” version of Windows 8.1 includes a “Device Encryption” feature that works similarly.

Enable BitLocker For a Drive


To enable BitLocker, open the Control Panel and navigate to System and Security > BitLocker Drive Encryption. You can also open Windows Explorer or File Explorer, right-click a drive, and select Turn On BitLocker. If you don’t see this option, you don’t have the right edition of Windows.
Click the Turn on BitLocker option next to an operating system drive, internal drive (“fixed data drive”), or removable drive to enable BitLocker for the drive.
There are two types of BitLocker encryption you can enable here:
  • BitLocker Drive Encryption:  Sometimes referred to just as BitLocker, this is a “full-disk encryption” feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method — for example, a password. BitLocker will then decrypt the drive and load Windows. The encryption is otherwise transparent — your files will appear like they normally would on an unencrypted system, but they’re stored on the disk in an encrypted form. You can also encrypt other drives in a computer, not just the operating system drive.
  • BitLocker To Go: External drives, such as USB flash drives and external hard drives, can be encrypted with BitLocker To Go. You’ll be prompted for your unlock method — for example, a password — when you connect the drive to your computer. If someone doesn’t have the unlock method, they can’t access the files on the drive.
bitlocker-drive-encryption[4]

Use BitLocker Without a TPM


BitLocker Drive Encryption normally requires requires a computer with a TPM to secure an operating system drive. This is a microchip built into the computer, installed on the motherboard. BitLocker can store the encryption keys here, which is more secure than simply storing them on the computer’s data drive. The TPM will only provide the encryption keys after verifying the state of the computer. An attacker can’t just rip out your computer’s hard disk or create an image of an encrypted disk and decrypt it on another computer.If the PC you’re enabling BitLocker on doesn’t have a Trusted Platform Module (TPM), you’ll see a message saying your administrator must set the “Allow BitLocker without a compatible TPM” option.
bitlocker-can't-use-a-trusted-platform-module
If you’re doing this on your own computer, you’re the computer’s administrator. You’ll just need to open the Local Group Policy Editor application and change this setting.
Press Windows Key + R to open the Run dialog, type gpedit.msc into it, and press Enter. Navigate to Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives. Double-click the “Require additional authentication at startup” setting, select Enabled, and check the “Allow BitLocker without a compatible TPM” option. Click OK to save the new setting.
use-bitlocker-to-encrypt-system-drive-withotu-tpm

Choose an Unlock Method

Next, you’ll see the “Choose how to unlock your drive at startup” screen. You can select several different ways of unlocking the drive. If your computer doesn’t have a TPM, you can unlock the drive with a password or by inserting a special USB flash drive that functions as a key.
If your computer does have a TPM, you’ll have additional options. For example, you can configure automatic unlocking at startup — your computer will grab the encryption keys from the TPM and automatically decrypt the drive. You could also secure it in other ways — for example, you could provide a PIN at startup. That PIN would unlock the strong decryption key stored in the TPM and unlock the drive.
Choose your preferred unlock option and follow the instructions in the next screen to set it up.
bitlocker-drive-encryption-choose-how-to-unlock-your-drive-at-startup

Back Up Your Recovery Key

BitLocker will provide you with a recovery key. This key can be used to access your encrypted files if you ever lose your main key — for example, if you forget your password or if the computer with the TPM dies and you have to remove the drive.
You can save the key to a file, print it, store it on a USB flash drive, or save it to your Microsoft account on Windows 8 and 8.1. If you back up the recovery key to your Microsoft account, you can access the key later at https://onedrive.live.com/recoverykey . Be sure to keep this key safe — if someone gains access to your key, they could decrypt your drive and bypass the encryption. You may want to back it up in multiple locations — if you lose this recovery key and your main unlock method, your encrypted files will be lost forever.
bitlocker-drive-encryption-how-do-you-want-to-back-up-your-recovery-key

Encrypt and Unlock the Drive

BitLocker will automatically encrypt new files as you add them, but you’ll need to choose what happens with the files currently on your drive. You can encrypt the entire drive — including the free space — or just encrypt the used disk files to speed up the process.
If you’re setting up BitLocker on a new PC, encrypt the used disk space only — it’s faster. If you’re setting BitLocker up on a PC you’ve been using for a while, you should encrypt the entire drive to ensure no one can recover deleted files. Encrypting only the used disk space is faster, while encrypting the entire drive takes longer.
You’ll be prompted to run a BitLocker system check and reboot your computer. After the computer boots back up for the first time, the drive will be encrypted. Check the BitLocker Drive Encryption icon in the system tray to see its progress. You can continue using your computer while it’s being encrypted, but it perform more slowly.
bitlocker-choose-how-much-of-your-drive-to-encrypt
When your computer boots, you’ll see a BitLocker prompt if you need to enter a password, PIN, or plug in a USB flash drive.
Press Escape here if you lose your unlock method. You’ll be able to enter your recovery key.
bitlocker-unlock-prompt-at-boot
If you choose to encrypt a removable drive with BitLocker To Go, you’ll see a similar wizard but your drive will be encrypted without any rebooting required. Don’t remove the drive while it’s being encrypted.
bitlocker-to-go
When you connect the drive to a computer, you’ll be prompted to provide the password or smart card you chose to unlock the removable device. Drives protected with BitLocker are identified with a lock icon in Windows Explorer or File Explorer.
bitlocker-to-go-enter-password-to-unlock-drive
You can manage a locked drive — change the password, turn off BitLocker, back up your recovery key, or perform other actions — from the BitLocker control panel window. Right-click an encrypted drive and select Manage BitLocker to go directly to it.
manage-bitlocker-in-control-panel

Like all encryption, BitLocker does add some overhead. Microsoft’s official BitLocker FAQ says that “Generally it imposes a single-digit percentage performance overhead.” If encryption is important to you because you have sensitive data — for example, a laptop full of business documents — it’s worth the performance trade-off.

Friday, July 11, 2014

How to Bypass and Reset the Password on Every Operating System

reset-or-bypass-operating-system-or-device-password
Passwords can be reset or bypassed on every operating system. On Windows, Linux, and Mac OS X, you can gain access to a computer’s unencrypted files after resetting the password — the password doesn’t actually prevent access to your files.
On other devices where you can’t gain access to the files, you can still reset the device and gain access to it without knowing a password. These tricks all require physical access to the device.

Windows


Resetting a password without an official tool is fairly simple. For example, the Offline NT Password & Registry Editor works well for this. First, you’ll need to boot from a special disc or USB drive — either a live Linux system or a specialized Offline NT Password & Registry Editor boot disc. The tool can edit the Windows registry, allowing you to clear the password associated with the user account. You can then boot into Windows and log into the account without a password.There are many ways to reset a Windows password. Windows allows you to create a password reset disk that can reset your password in an approved way — create a disk first and you can use it if you ever need it.
Even if you’re using Windows 8 with a Microsoft account, you can always reset the password of the built-in Administrator account to gain access.
To protect against this, you could password-protect your BIOS and restrict booting from external devices. Someone with physical access to the PC could reset the BIOS password to bypass this.Encrypting your Windows system drive with something like BitLocker would prevent the registry from being accessed and modified with this tool — encryption is the only good protection.
image

Linux

We’ll use Ubuntu as a concrete example here. Ubuntu offers a recovery mode in its default Grub boot menu — select Advanced options for Ubuntu and select Recovery mode. You’ll see the boot menu while booting your computer — if you don’t, you can hold the Shift key as you boot and the menu will appear.  You can easily boot directly to a root shell prompt from here.
This option isn’t necessary, as you can just press the e button to edit Ubuntu’s boot options and boot directly to a root shell prompt from within the main Grub menu. You’ll then be able to use the root shell to reset and change passwords on the system. If the Grub boot menu is locked and password-protected, you can still boot to Linux live media and change your password from there.
Once again, encryption would prevent your system from being accessed and modified without your encryption passphrase. We used Ubuntu as an example, but almost every Linux distribution uses Grub and few people set a Grub password.
ubuntu-recovery-menu-drop-to-root-shell-prompt

Mac OS X

Macs have a built-in password reset tool, and it’s very easy to access. This option is available in recovery mode. You’ll need to restart your Mac by clicking the Apple menu and selecting Restart. Press and hold the Command + R keys as the computer boots and it will boot into recovery mode.
Click the Utilities menu in recovery mode, select Terminal, type resetpassword into the terminal, and press Enter. You’ll see the Reset Password utility, which allows you to reset the password of a any user account on the Mac. You can also access this tool from a Mac OS X installation disc.
To prevent your Mac’s password from being reset, you could enable FileVault disk encryption on your Mac, set a firmware password inside recovery mode, or both.
reset-mac-os-x-password-from-recovery

Chrome OS

Your Chromebook’s user account password is your Google account password. You could reset your Google account password on the web to regain access.
Let’s say you have a Chromebook you want to use, but you can’t sign in. Perhaps you’ve forgotten the Google password associated with the device. Perhaps an old Google account is considered the device’s owner account. In this scenario, you can boot the Chromebook to the sign-in screen and press Ctrl + Shift + Alt + R at the same time. You’ll be prompted to factory reset your Chromebook with Powerwash. After you reset it, you can log in with another Google account and that Google account will be considered the owner account. This will erase all data on the device, but most Chromebook data is synced online.
There’s no way to gain access to a user’s files without their password on a Chromebook — those files are encrypted by default.
powerwash-or-reset-chrome-os-from-login-screen

Android


If you don’t have this information either, you may be able to bypass the lock screen in other ways. This should be easy on a device with USB debugging enabled, as you can connect it to a computer and manipulate it over USB with adb — that’s why USB debugging is disabled by default.If you forget your Android’s lock screen code, you can reset it. Try an incorrect password, PIN, or pattern a few times and you’ll eventually see a “Forgot password,” “Forgot PIN,” or “Forgot pattern” option. You can then regain access to your device by entering the username and password of the Google account associated with your device.
You can’t bypass the lock screen without your Google account password unless there’s a hole open in the device — for example, USB debugging. If you want to use the device, you can stillperform a factory reset from recovery mode — this will set the device back to its factory state, wiping the data on it . You can then log in and set up the device with another Google account.
android-wipe-data-factory-reset

iOS

RELATED ARTICLE
iPhones, iPads, and iPod Touches are also built without a way to reset the password. Unlike on Android, you can’t just reset the device’s password with your Apple ID information. If you forget your iOS device’s password, you’ll have to perform a factory reset. However, if you’re syncing the device to an Apple ID and you still remember your Apple ID password, all your device’s data can be restored afterward thanks toiCloud backups.
You can do this in several ways. If you’ve set up Find My iPhone, you can visit the iCloud websiteand erase your device from there. If you’ve backed up your device to iTunes on a computer, you can connect the device to your computer and restore your device from an iTunes backup.
If you don’t have access to Find My iPhone and you’ve never backed up the device to iTunes, you can still reset the device using recovery mode. Turn off the device, press and hold the Home button, and then connect the device’s USB cable to your computer. If it doesn’t turn on automatically, turn it on. iTunes will tell you it’s detected a device in recovery mode and allow you to restore it to factory default settings.
restore-ipad-or-iphone-from-recovery-mode

Passwords keep honest people honest, and they ensure people can’t gain access to your device without knowing the tricks or looking them up. But, if someone has physical access to your device and wants to bypass the password, there’s nothing you can do to stop them. Even encrypting your files will only protect your personal data — they can always wipe the encrypted data and start over fresh.