Even though data encryption is a key component to safe business practices, that doesn’t mean it has to cost you hundreds or thousands of dollars.

——————————————————————————————————————-

File encryption has been a key component to safe business practices for a long time. Whether it is keeping the prying eyes of competitors out of your critical product information or keeping the prying fingers of unwanted users out of your company’s (or employees’) information, encrypting data is important. And even though data encryption is a key component to safe business practices, that doesn’t mean it has to cost you hundreds or thousands of dollars. Not when you can employ the assistance of an outstanding open source application like GPG4Win.

The GPG4Win package is a set of tools that include:

• GnuPG: The encryption tool
• WinPT: Key manager
• GPA: Another key manager
• GPGol: MS Outlook 2003 plugin for e-mail encryption
• GPGee: MS Explorer Plugin for file encryption
• Claws Mail: Complete e-mail program that has GnuPG e-mail plugin built in

As you can see this open source package contains everything you will need to keep your data safe, be it files or e-mail. What we are going to look at in this article is how to use the GPGee plugin for Explorer to encrypt files on a Windows XP machine.

This blog post is also available in PDF format in a TechRepublic download.

Getting and installing

The first thing to do is to grab the correct package from the GPG4Win site. There are two different stable packages you can download: GPG4Win 1.1.3, which includes the entire package, or GPG4Win Lite 1.1.3, which does not include the command-line tool or the manuals. Once you have the installation file on your computer, double-click it and run through the all-too-familiar installation process. Depending on your system, you may have to reboot your machine for the installation to finish.

Generating a key pair

The first thing you need to do is to generate a key pair. The key pair is pivotal to employing encryption. This key pair (one public and one private) is like the lock and key to your encryption. The “lock” is the private key, and only those with the “key” (the public key) can open the “lock.”

Now let’s generate a key pair. Go to the Start menu and navigate to the GnuPG for Windows subfolder. Within that folder you will find an entry marked “WinPT.” This is where you generate your keys. A new window will open where you can select one of three options to start, as shown in Figure A.

Figure A

You can generate new keys, copy keys, or generate keys on a smart card.

Select the first option (Generate a GnuPG key pair) and click OK. The next step is going to ask you for your name, your e-mail address, and your preference for an RSA key instead, as shown in Figure B. GPG4Win defaults to Digital Signature Standard (DSA) keys. RSA keys default to twice the key strength of DSA.

Figure B

The information provided will help those using your keys to know that it is your key.

Fill out the necessary information and click OK. The next step is to enter a pass phrase (see Figure C). Make sure your pass phrase is strong and that you can remember it. If you are creating more than one key pair, make sure you know which pass phrase goes with which key pair.

Figure C

If the Hide Typing check box is selected, your pass phrase will show up only as a string of “*” characters.

As your key pair is being generated you will see the window shown in Figure D, which will give the progress of the generation.

Figure D

It is always recommended that you continue working at your computer to help with the randomization process of the key generation.

Once you have completed this, you will get a new window indicating the generation is complete. Following that you will be asked if you want to back up your key rings, which is a very good idea. You can take that one step further and back up the key rings onto disks.

Once you have the key rings you are able to encrypt files. But wait! Before you start encrypting your files, you’ll need to give the public key to those who will need to use it to open your files. The easiest way to do this is to e-mail the key to the user who needs it. This is very simple. You will notice a small key icon in your system tray. If you right-click it, you have the option to open up the Key Manager. Do this. This new window, shown in Figure E, allows you to select a key and take a number of actions on it.

Figure E

As you can see, the Key Manager gives you a lot of information about a key at a glance.

Select the key you want to send and right-click it. From that new menu, select Send Key to Mail Recipient, which will open up your default mail program. The user will have to then import that key on their end in order to use it.

Encrypting files

Open up Explorer to a folder containing files you wish to encrypt. Right-click a file and you will notice a new entry in this menu called GPGee, as shown in Figure F.

Figure F

You can also choose to just sign a file, which will at least tell the recipient that the file did, in fact, originate from you.

You will want to select Sign and Encrypt from this submenu. When you do, a new window will open, asking you to select the key that you want to sign the encrypted file with, as shown in Figure G.

Figure G

The default options will work just fine.

Once you have checked the box associated with the key you want to use, you will have to select the signing keys from the drop-down menu. Once both options have been taken care of, you can click OK and you will be prompted for the pass phrase for the key. Enter the correct pass phrase and, depending on the size of the file, a new, encrypted version of the file will appear in the same directory. The new file will end with the .gpg extension.

You can now send that file to the recipient, and with the help of the public key you sent them, they can decrypt the file.

Final thoughts

This has been a very cursory introduction to the art of file encryption with the help of GPG4Win. This application can do so much more than just simple file encryption. But for the purpose we have outlined, data encryption doesn’t get any easier. And with this ease comes the peace of mind encryption can bring.

Read Source

If you’re the proactive type, you might want to keep tabs on the status of your hard disk’s health yourself rather than wait for Microsoft Windows Vista to recognize a problem.

——————————————————————————————————————-

While not as common as they once were, file system and sector errors do occasionally occur in Microsoft Windows Vista. These types of errors can be the result of faulty hardware, power failures, or even software errors. In most cases, Vista will recognize hard disk problems and automatically schedule Check Disk to run the next time the computer is restarted.

However, if you’re the proactive type, you might want to keep tabs on the status of your hard disk’s health yourself rather than wait for Vista to recognize a problem. If so, you’ll be glad to know that you can use the GUI version of Check Disk to perform a hard disk analysis operation at any time. If during the analysis you discover problems, then you can use Check Disk to fix those problems.

In this edition of the Windows Vista Report, I’ll show you how to use the GUI version of Vista’s Check Disk tool to perform two hard disk analysis operations.

This blog post is also available in PDF format as a TechRepublic download.

Launching the Check Disk GUI

While Check Disk is essentially a command-line tool, you don’t have to open a Command Prompt Window to run it. In fact you can launch it from within Computer. Once you have Computer open, simply right-click the hard disk that you want to check and select the Properties command from the context menu. When the Properties dialog box appears, select the Tools tab. Then, in the Error Checking panel, shown in Figure A, click the Check Now button.

Figure A

To launch the GUI version of Check Disk, click the Check Now button.

When the UAC appears, you’ll need to respond appropriately. As soon as the UAC closes, you’ll see a Check Disk dialog box similar to the one shown in Figure B.

Figure B

You’ll use the option in this dialog box to configure how you want Check Disk to run.

Typically, when you go to run Check Disk from the GUI, you select both the Automatically Fix File System Errors check box and the Scan For And Attempt Recovery Of Bad Sectors check box and click Start. When you do, the Check Disk GUI will schedule the DOS version to run at startup and prompt you to restart. Check Disk will then fix any problems it finds.

However, to run Check Disk in analysis mode, you’ll use other combinations of settings. Let’s take a closer look.

Performing a basic analysis

If you want to get a quick look at the state of your hard disk, clear both the check boxes and click Start. This method of running Check Disk is relatively quick and is completed in read-only mode, which means that it runs right from within the GUI interface. As it proceeds, you’ll see status messages appear in the center of the Check Disk dialog box that let you know what is happening at each stage of the operation, and, of course, the progress bar lets you know how long the operation will take, as shown in Figure C.

Figure C

As the analysis operation proceeds, you’ll see status messages appear in the center of the Check Disk dialog box.

When the operation is complete, you’ll see a dialog box that contains a brief summary of the operation. However, if you click the See Details arrow, you’ll see a fairly detailed report of the operation, as shown in Figure D. As you can see, in this operation Check Disk goes through three stages as it examines your disk. (More on the stages in a moment.)

Figure D

When you click the See Details arrow, you’ll see a fairly detailed report of the operation, which in the case of a basic analysis runs through three stages.

In addition to the report shown onscreen, Check Disk saves the report in the Application Event Log with a source code of Chkdsk and an Event ID of 26212, as shown in Figure E. The Event Log entry will contain the entire report as well as details about any changes that Check Disk made.

Figure E

Check Disk will save its report in the Application Event Log with a source code of Chkdsk and an Event ID of 26212.

Performing a more thorough analysis

If you would like to perform a more thorough analysis of your hard disk, clear the Automatically Fix File System Errors check box and just select the Scan For And Attempt Recovery Of Bad Sectors check box, and then click Start.

Selecting just the Scan For And Attempt Recovery Of Bad Sectors check box will run this operation in read-only mode, which means that Check Disk will only scan for and identify bad sectors, it will not attempt to recover them. Read-only mode will also mean that Check Disk runs right from within the GUI interface, as shown in Figure F.

Figure F

When you run Check Disk in this configuration, it will only scan for and identify bad sectors, it will not attempt to recover them.

When the operation is complete, Check Disk will save the report in the Application Event Log as well as display the report in the dialog box, as shown in Figure G. As you can see, when performing a thorough analysis Check Disk goes through four of its five stages as it examines your disk.

Figure G

When performing a thorough analysis, Check Disk goes through the first three stages and then skips to the fifth stage.

The stages

When you run Check Disk in fix-and-recovery mode, it performs its operation in five stages — three major stages and two optional stages. However, when you run the basic analysis, Check Disk goes through only the three main stages. When you run the thorough analysis, Check Disk goes through the three main stages and the second optional stage.

(Note: My description of these stages is based on information culled from the Windows Vista Resource Kit.)

• Stage 1: Check Disk examines each file record segment in the volume’s Master File Table (MFT). A specific file record segment in the MFT uniquely identifies every file and directory on an NTFS volume.
• Stage 2: Check Disk examines each of the indexes (directories) on the volume for internal consistency and verifies that every file and directory represented by a file record segment in the MFT is referenced by at least one directory. Check Disk also confirms that every file or subdirectory referenced in each directory actually exists as a valid file record segment in the MFT and checks for circular directory references. Check Disk then confirms that the time stamps and the file size information associated with files are up-to-date in the directory listings for those files.
• Stage 3: Check Disk examines each of the security descriptors associated with each file and directory on the volume by verifying that each security descriptor structure is well formed and internally consistent.
• Stage 4 (optional): Check Disk verifies all clusters in use. Stage 4 runs only when you select the Automatically Fix File System Errors check box.
• Stage 5 (optional): Check Disk verifies unused clusters. Stage 5 runs when you select the Scan For And Attempt Recovery Of Bad Sectors check box. (Keep in mind that in the thorough analysis mode described in this article, stage 5 will only scan for bad sectors.)

What’s your take on Check Disk?

Now that you know how it works, are you likely to use the GUI version of Vista’s Check Disk tool to perform hard disk analysis operations? As always, if you have comments or information to share about this technique, please take a moment to drop by the Discussion area and let us hear from you.

Read Source

Save yourself future aggravation by creating an exact mirrored duplicate of all the data files in your user profile folder.

——————————————————————————————————————-

If you’re a conscientious computer user, chances are that you’ve used the Backup and Restore Center’s Complete PC Backup to create an image file of your Vista hard disk, and you use the Windows Backup to back up your data files on a regular schedule. However, you may like to have an additional copy of your data files just to be on the safe side. While you can easily do so by copying the Documents folder to an external hard drive via drag-and-drop, that can be a tedious operation.

Fortunately, you can simplify your additional backup operation in Microsoft Windows Vista by using a tool called Robocopy. As you may know, Robocopy has been part of the Windows Resource Kit since Windows NT 4.0 days. However, Microsoft updated Robocopy with some extra features designed for Vista and decided to make it a regular part of the Windows Vista operating system. While this is a good thing in that it is readily accessible to all, there is a catch — Robocopy is a command-line tool, and its power is tucked away in more than 80 switches.

This means that in order to harness the power of Robocopy, you have to spend a lot of time investigating and deciphering all the switches and then figuring out which ones you need to use. While this may not be a difficult procedure for us high-powered techies, it can be a daunting task to many casual users who would like to have an additional backup tool.

I recently spent some time delving into Robocopy ’s command-line switches and have developed a nice little script that you can use to create an exact mirrored duplicate of all the data files in your user profile folder (C:\Users\YourName).

In this edition of the Windows Vista Report, I’ll examine Robocopy and the necessary switches in detail. I’ll then show you how to create and use a command-line script.

This blog post is also available in PDF format in a TechRepublic download.

Robocopy features

While the name implies a copy tool, Robocopy, or “Robust File Copy,” is actually a much more powerful tool with a number of great features that make it a great backup tool. For instance, once you create your initial backup, on subsequent Robocopy operations, only files that have changed are copied again.

If you are backing up across a network connection that can be flaky or occasionally goes down, you can configure Robocopy to wait for the connection to come back up or, if that fails, to later pick up where the file transfer left off. Furthermore, Robocopy can preserve all the associated file information, including date and time stamps, security access control lists (ACLs), and more.

The switches

The Robocopy.exe file is stored in the \Windows\System32 directory on every Windows Vista installation. As such you can run it by opening a Command Prompt window. Once you do, type Robocopy /? > RobocopySwitches.txt to create a file that you can view in Notepad, as shown in Figure A.

Figure A

Creating a documentation file for easy reference will be easier than trying to learn about all the switches at a Command Prompt window.

As you look through the file, you’ll see that it is divided into five sections, and the switches are broken down under those headings. This is a nicely formatted document that you can use to follow along with my example and later use to create or customize your Robocopy command-line script. The five sections are

• Copy Options
• File Selection Options
• Retry Options
• Logging Options
• Job Options

Constructing the command line

For my example, I’m going to back up the data file contents of my user profile folder, C:\Users\Greg Shultz, to a folder named TheBackup on an external hard disk that is assigned drive letter J. (You’ll, of course, substitute the names and paths with your own.) As such my command will begin with:

Robocopy “C:\Users\Greg Shultz” “J:\TheBackup”

Now, I want to back up every folder in the source, even any empty folders, as they may be placeholders for future data. I also don’t want to have files on the backup that I deleted from my hard disk. While I can use the /S and /PURGE switches to accomplish my goal, I can use the /MIR switch to accomplish both of these tasks with one switch. Therefore, my command is now:

Robocopy “C:\Users\Greg Shultz” “J:\TheBackup” /MIR

The C:\Users\Greg Shultz folder contains several hidden system files and folders that I don’t want or need to back up. For example, I don’t need to back up the NTUSER.DAT file nor do I need to back up the contents of the AppData folder.

In addition, the C:\Users\Greg Shultz folder contains a host of junction points that I don’t need to back up. Vista uses junction points to link various operating system folders to the user profile folder. For example, the Cookies folder and the SendTo folder are linked to the user profile folder via junction points.

I’ll use the /XA:SH switch to exclude the hidden system files, and I can use the /XD AppData switch to exclude the entire AppData folder. I’ll then use the /XJD to exclude all the junction points. My command is now:

Robocopy “C:\Users\Greg Shultz” “J:\TheBackup” /MIR /XA:SH /XD AppData /XJD

Now, one of Robocopy’s features is that if it encounters a file that is in use, it will stop and wait for that file to be closed so that it can continue with the copy operation. It will retry to copy the file ever 30 seconds. The default number of retries is 1 million (no joke!). As this will most likely prevent the backup operation from ever completing, you should reset it to a reasonable number.

To change the number of retries, you’ll use the /R switch, and to change the wait time between retries, you’ll use the /W switch. I chose five retries with a 15-second wait time. That way after a reasonable number of retries and a waiting period, Robocopy will move on. My command is now:

Robocopy “C:\Users\Greg Shultz” “J:\TheBackup” /MIR /XA:SH /XD AppData /XJD /R:5 /W:15

Like all command-line tools, Robocopy keeps you apprised of the status of the operation right in the Command Prompt window. However, chances are that you’ll want to customize and record that feedback in a log file. I like to have the whole picture, so I’ll use the /V switch. However, I really don’t need to know the percentage progress of each file copy, so I’ll use the /NP switch. To create my log file, I’ll use the /LOG switch, which will overwrite the existing log file each time. Now, my command is:

Robocopy “C:\Users\Greg Shultz” “J:\TheBackup” /MIR /XA:SH /XD AppData /XJD /R:5 /W:15 /V /NP /LOG:Backup.log

Creating and using your script

Now that you know how the script works and what the necessary switches are, you can launch Notepad, type the command, and save the file as RobocopyBackup.cmd. To make sure that the script and open log file don’t interfere with the backup, I created a folder in the root directory called BackupTool (C:\BackupTool) and saved the script there.

Editor’s Note: I included an example RobocopyBackup.cmd file in the download version of this document.

You’ll find the log file in the same directory as the script after each backup operation. Keep in mind that while the log file is a simple text file, it can be larger than Notepad is able to handle. As such, you may want to use WordPad or another word processor to open and view the log file.

Now, anytime you want to make an extra backup, you can just double-click on the RobocopyBackup.cmd shortcut to launch it. When it is done, you can examine the Backup.log file. You can also use the Task Scheduler to automatically run your RobocopyBackup.cmd on a regular basis if you want.

What’s your take?

Have you used Windows Vista’s version of Robocopy? If so, what’s your experience? Would you add any additional switches to the script that I presented in this article? Please drop by the Discussion Area and let us hear from you.

Read Source

Even though data encryption is a key component to safe business practices, that doesn’t mean it has to cost you hundreds or thousands of dollars.

——————————————————————————————————————-

File encryption has been a key component to safe business practices for a long time. Whether it is keeping the prying eyes of competitors out of your critical product information or keeping the prying fingers of unwanted users out of your company (or employees) information, encrypting data is important. And even though data encryption is a key component to safe business practices, that doesn’t mean it has to cost you hundreds or thousands of dollars. Not when you can employ the assistance of an outstanding open source application like GPG4Win.

The GPG4Win package is a set of tools that include:

• GnuPG: The encryption tool
• WinPT: Key manager
• GPA: Another key manager
• GPGol: MS Outlook 2003 plugin for e-mail encryption
• GPGee: MS Explorer Plugin for file encryption
• Claws Mail: Complete e-mail program that has GnuPG e-mail plugin built in

As you can see this open source package contains everything you will need to keep your data safe, be it files or e-mail. What we are going to look at in this article is how to use the GPGee plugin for Explorer to encrypt files on a Windows XP machine.

This blog post is also available in the PDF format in a TechRepublic Download.

Getting and installing

The first thing to do is to grab the correct package from the GPG4Win site. There are two different stable packages you can download: GPG4Win 1.1.3 which includes the entire package or GPG4Win Lite 1.1.3 which does not include the command line tool or the manuals. Once you have the correct installation file on your computer double click it and run through the all-too-familiar installation process. Depending upon your system, you may have to reboot your machine for the installation to finish.

Generating a key pair

The first thing you need to do is to generate a key pair. The key pair is pivotal to employing encryption. This key pair (one public and one private) is like the lock and key to your encryption. The “lock” is the private key and only those with “key” (the public key) can open the “lock”.

Now let’s generate a key pair. Go to the Start menu and navigate to the GnuPG for Windows sub-folder. Within that folder you will find an entry marked “WinPT”. This is where you generate your keys. A new window will open where you can select one of three options to start. (Figure A)

Figure A

You can generate new keys, copy keys, or generate keys on a smart card.

Select the first option (Generate a GnuPG key pair) and click OK. The next step is going to ask you for your name, your e-mail address, and if you want an RSA key instead. (Figure B) GPG4Win defaults to Digital Signature Standard (DSA) keys. RSA keys default to twice the key strength of DSA.

Figure B

The information provided will help those using your keys to know that it is your key.

Fill out the necessary information and click “OK”. The next step is to enter a pass phrase. (Figure C) Make sure your pass phrase is strong and make sure you remember it. If you are creating more than one key pair make sure you know which pass phrase goes with which key pair.

Figure C

If “Hide Typing” is selected your pass phrase will only show up as a string of “*” characters.

As your key pair is being generated you will see a window (Figure D) that will give the progress of the generation.

Figure D

It is always recommended that you continue working at your computer to help with the randomization process of the key generation.

Once you have completed this you will get an a new window indicating the generation is complete. Following that you will be asked if you want to backup your key rings, which is a very good idea. You can take that one step farther and back up the key rings onto disks.

Once you have the key rings you are able to encrypt files. But wait! Before you start encrypting your files you’ll need to give the public key to those who will need to use it to open your files. The easiest way to do this is to e-mail the key to the user who needs it. This is very simple. You will notice a small key icon in your system tray. If you right click that you have the option to open up the Key Manager. Do this. This new window (Figure E) allows you to select a key and take a number of actions on it.

Figure E

As you can see the Key Manager gives you a lot of information about a key at a glance.

Select the key you want to send and right click the key. From that new menu select “Send Key to Mail Recipient” which will open up your default mail program. The user will have to then import that key on their end in order to use the key.

Encrypting files

Open up Explorer to a folder containing files you wish to encrypt. Right click a file and you will notice a new entry in this menu (Figure F) called GPGee.

Figure F

You can also choose to just sign a file which will at least tell the recipient that the file did, in fact, originate from you.

You will want to select Sign and Encrypt from this sub-menu. When you do this a new window will open asking you to select the key which you want to sign the encrypted file with as shown in Figure G.

Figure G

The default options will work just fine.

Once you have checked the box associated with the key you want to use you will have to select the signing keys from the drop down menu. Once both options have been taken care of you can click OK and you will be prompted for the pass phrase for the key. Enter the correct pass phrase and, depending upon the size of the file, a new, encrypted, version of the file will appear in the same directory. The new file will end with the .gpg extension.

You can now send that file to the recipient and, with the help of the public key you sent them, they can decrypt the file.

Final thoughts

This has been a very cursory introduction to the art of file encryption with the help of GPG4Win. This application can do so much more than just simple file encryption. But for the purpose we have outlined, data encryption doesn’t get any easier. And with this ease comes the peace of mind encryption can bring.

Read Source