Customize Your Windows Installation to Create the OS of Your Dreams

Customize Your Windows Installation to Create the OS of Your Dreams

Windows is great, but it isn’t exactly what you would call lean. It comes with a whole host of programs, features, and services that, best case, take up unnecessary space, or worst case, slow down your machine. If you’d rather have a slimmer installation of Windows, you can create your own Windows installer with RT Se7en Lite—complete with tons of other customizations so you can turn Windows into your dream OS. Here’s how to do it.

RT Se7en Lite (yes, the name is insane) is a configuration tool that lets you edit your Windows install disc. You can remove Windows features you don’t want, add drivers you know you’ll need, add or remove items from the Control Panel and right-click menu, and lots more. You can even create a disc that includes Service Pack 1 (through a process called “slipstreaming”) so you don’t have to sit through hours of Windows updates every time you install Windows on a new machine. The tool is remarkably easy to use, and even with heavy tweaking, it does a good job of making sure you don’t remove anything that’s going to screw up your system.

What You’ll Get

The process may seem a tad long and arduous, but the final product is well worth the work. You can use RT Se7en Lite to customize Windows 7 in a ton of ways. For example, you could:

  • Cut your install time in half by slipstreaming Service Pack 1 and adding all your favorite apps to your install disc, so you don’t have to sit there installing things each time you put Windows on a new computer.
  • Create a minimalist version of Windows, which cuts out all the unnecessary apps and services and makes your computer run faster—perfect for old or low-powered hardware.
  • Save space by removing apps and services you don’t need, not to mention remove the things that annoy you (like those annoying games or the “Welcome to Windows” app you really don’t need).
  • Make all your favorite system tweaks and registry hacks before you install Windows, so you don’t have to make them later on—a clean installation of Windows becomes your perfect installation of Windows.
  • Add drivers to your install disc so you don’t have to go rummaging for them later on. This is especially great for ethernet and wi-fi drivers, which would require you to find and insert your manufacturer’s disc to install them (since, if you don’t have ethernet or wi-fi drivers, you paradoxically can’t access the internet to download their drivers).

When you’re done with RT Se7en Lite, you’ll have your own, custom Windows disc containing all your favorite settings, speed-boosting tweaks, and favorite apps, ready to install on any machine—essentially, you’ll have the Windows you always wished you had. It’s especially great if you install Windows on multiple machines, or reinstall it regularly. You only have to make these tweaks once, and they’ll be added every time you do a fresh install. Here’s how to use RT Se7en Lite.

Step One: Fire Up RT Se7en Lite

no7xoa2tbw57qwdo4u2v.jpg

First, download RT Se7en Lite from its home page and install it on your machine. (Update: RT Se7en Lite’s home page seems to be gone, but you can stilldownload the program here). Make sure you download the latest version, which is strangely at the bottom of the download page instead of the top (version 2.6.0 at the time of this writing). Before you run it, you’ll want to make sure you have a Windows installation ISO handy (an ISO is a disc image—basically it’s the Windows install disc ripped to a file on your computer). If you don’t have an ISO but you do have a physical Windows installation disc, you can create an ISO from that disc using something like ISO Recorder. You’ll also want to download Service Pack 1 if you plan on slipstreaming SP1 into your custom installation CD (which you probably want to do!). RT Se7en Lite will need to extract the disc’s files somewhere before it edits them, so before you start, create a temporary folder on your desktop called “7lite temp” or something like that. You can delete this folder when you’ve finished.

To get started, start up RT Se7en Lite. You can go ahead and close the advertisement that pops up with the program. When the main page appears:

  1. Click the Browse button on the main page, and locate your Windows 7 ISO.. Point it to your temporary folder as the extract path and click OK.
  2. When it asks you which image to configure, choose the version of Windows that corresponds to your disc—e.g., Windows 7 Home Premium or Windows 7 Professional. If you want to slipstream Service Pack 1 into your disc, make sure you check the “Slipstream Service Pack” box at this step.
  3. After you click OK, you’ll get a new window that lets you browse to the service pack you downloaded earlier, after which you can click Start to start the slipstreaming process (if you aren’t slipstreaming, skip this step). It’ll take a few minutes to slipstream, so just let it do its thing.
  4. If the slipstream was successful, it will continue to extract your disc image, which again, can take a few minutes. When it’s ready, it’ll say “Loading Completed”, and you can get to tweaking.

Step Two: Time to Tweak

no7xoa2tbw57qwdo4u2v

Click the Task button in the left sidebar. From here, you can choose which portions of Windows you want to customize. You have six checkboxes on this page, which correspond to the six sections on the left sidebar of the app. They include:

  • Integrate: Here, you can add Windows security updates, hotfixes, language packs, drivers, and other 3rd party applications to your Windows installation disc.
  • Components Removal: This section lets you remove applications and other features from Windows to make it more lightweight.
  • Tweaks: The Tweaks menu allows you to change advanced settings for things like the Desktop, Windows Explorer, and more, as well as add and remove shortcuts from the Control Panel. You can also add your own registry tweaks.
  • Un-Attended: If you want to skip user creation, enter your product key, and tweak other regional settings, you can set them here and bypass them during the Windows installation process.
  • Customization: In this section, you can add your own screensavers, icons, wallpapers, themes, and other visual tweaks, as well as change Windows’ logon screen background.
  • Bootable USB or DVD: After you’ve made all your tweaks, this section lets you create an ISO which youc an then burn to USB or DVD for installation. Check this now, but we won’t deal with it until step three.

Check the boxes of the sections you want to use, and then click on each one individually in the right sidebar, making whatever tweaks you want. Here’s a more detailed look at what you’ll find in each section. Note that when you make your tweaks, you’ll need to click the Apply button on each page, which will open up the Log section and let you know which tweaks you’re applying.

Integration

no7xoa2tbw57qwdo4u2v

The Integration section has four tabs: Updates, Drivers, Language Packs, and Applications. If there are certain updates you absolutely need included in the original installation, you can do that here. I usually just slipstream the service pack and then download the rest of my updates through Windows Update. I also leave the Drivers section alone, though it could be really handy if your ethernet or wi-fi driver isn’t included with Windows—that way you don’t have to insert your manufacturer’s disc to install it.

Applications is definitely the most useful part of this section. Here, you can add installer packages for all your favorite apps (that is, the MSI or EXE files you download from their home pages), and it’ll install them in one fell swoop along with Windows. It’s almost like creating your own custom Ninitepackage, using whatever apps you want. Here, I’ll usually add my essential apps, like Firefox, Pidgin, and Winamp. Note that you’ll need to use the silentversions of these installers, which bypasses the installer menus. To do this, look up the silent command line switch for each program you want to install, and put it in the Silent Switch setting of RT Se7en Lite when prompted.

Feature Removal

no7xoa2tbw57qwdo4u2v.jpg

Here’s where the really fun stuff happens. Under Feature Removal, you can disable or remove certain features and applications that come with Windows. The left box lets you check boxes to permanently remove apps, while the right box lets you uncheck boxes to merely disable certain features. I usually go for the gusto and start checking things to remove in the left box, like Games, Language Packs, accessibility options, and anything having to do with a projector. The Services section is definitely the heftiest here, since removing certain services can free up some nice resources, but make sure you look closely at everything you remove—you don’t want to get rid of anything you’ll need later on.

To find out what a certain Windows feature does before checking its box, just click on its name. RT Se7en Lite will provide a description of the feature or service, as well as any warnings you may want to keep in mind when removing it. Entries in red are things you don’t want to remove, since Windows requires them to work properly. For a good guide on which services you can disable, check out Black Viper’s Windows 7 Service Pack 1 Configurations. However, I recommend leaving the Services portion alone, since you can disable services in the Tweaks section as described below. RT Se7en Lite even has Black Viper’s recommendations built-in, so you can do it with two clicks, and not worry about permanently removing services you’ll want later.

Tweaks

The Tweaks section contains 10 different tabs, all of which contain different types of changes you can make to your system. Here’s a quick rundown of what you’ll find under each tab.

Control Panel: Here, you can remove shortcuts from the Control Panel, as well as add a few other useful ones, like a shortcut to the Registry, Group Policy Editor, and more.

Desktop: This tab tweaks specific parts of the Windows desktop and taskbar, such as changing how fast menus open and close, what the taskbar buttons look like, and what the Shut Down button does in the Start menu.

Explorer: This section deals with adding and removing shortcuts to My Computer, the context menu, and tweaking Explorer’s display view. There are a lot of shortcuts enabled here in the Context Menu section, so you’ll want to make sure you disable the ones you don’t want or you’ll end up with a very long context menu, even on a clean installation of Windows!

no7xoa2tbw57qwdo4u2v.jpg

Security: This merely lets you enable or disable anti-spyware protection, User Account Control, or the Windows firewall.

Services: Here’s where you can do a lot of bloat cutting. As described above, the best way to deal with Services is to choose a Black Viper preset from the dropdown menu under the Services window. The Default setting shows you what Windows does by default, while the Safe, Tweaked, and Barebones settings each contained different numbers of disabled services, increasing in intensity. Again, be sure to check through the list and make sure your preset of choice doesn’t disable something you’ll need down the line (though you can always re-enable them later on). I’d recommend Safe, as Tweaked disables some features that a lot of people use, and Barebones disables quite a few security settings. The best thing you can do is choose the Safe preset, and then go through the services on this page in detail to see if there’s anything you need (or don’t). Chances are, even if you use the Safe setting, there are things you’ll want to re-enable (like Windows Search indexing, which isdisabled under all of Black Viper’s presets).

Settings: These are little advanced settings that deal with things like the system prefetcher, hibernation, how many recent items to display in jump lists, and more.

Visual Effects: Here, you can tweak certain effects related to Windows Aero. You can do anything from disabling transparent glass to turning off Aero Snap and Aero Shake.

Internet Explorer: If you use Internet Explorer, you can edit some nice hidden settings here, like showing the full URL, turning off the search box, and more.

Media Center: This lets you disable the background animation, sound effects, on screen keyboard, and more in Windows Media Center.

Custom Registry: If you have any other registry tweaks you like to make to Windows (like one of these 10 beauties), you can put them into REG files and add them here. They’ll be applied automatically when you install Windows.

Make sure you comb every inch of these tabs. Many tweaks are applied by default, and may confuse you when you first install your new version of Windows (for example, the taskbar is set to use small icons and combine only when the taskbar is full—so it looks like the Vista taskbar). You can always change these tweaks after installing, so it’s not a horrible thing if one or two slip by you—but the more you fix now, the less you’ll have to fix after installing Windows.

Un-Attended

no7xoa2tbw57qwdo4u2v

The coolest part of this section is the area in which you enter your product key, so it automatically activates you after you install Windows—perfect if you’re one of those people that reinstalls regularly. You can also choose to skip user creation, enter OEM information, and change other regional settings here (like keyboard layout, time zone, and language).

Customization

Lastly, if you want to include certain screensavers, themes, wallpapers, gadgets, documents, sounds, and other tweaks with your installation, you can add them under Customization. This way, you don’t have to re-add those things manually after you install. They’ll all be there as soon as you fire up Windows for the first time. You can also change the logon screen background in this section, as well as make a few other tweaks to things like the Start menu.

Step Three: Create and Burn Your Disc Image

Once you’re done with all your tweaks, go to the Log section and click the Commit button. It’ll make all your changes in the temporary folder you created on the desktop. This could take up to an hour or more, depending on how much you’ve tweaked. If you want to, you can also click the Export Settings button before you do so, which will save the tweaks you made in case you want to come back and edit them later.

Customize Your Windows Installation to Create the OS of Your Dreams

When it’s done, head to the ISO-Bootable section to create your disc. Under Mode, you can choose Direct Burn, which will burn you a disc; Create Image, which will make you an ISO; or USB Bootable, which will create a bootable thumb drive. Give the volume a name, and tweak your burn settings, if applicable. Click the Make ISO button in the bottom left-hand corner and let ‘er burn. When it’s done, you’re ready to install your custom version of Windows.

Step Four: Install Windows and Check Over Your Changes

The last step should be very familiar to you. Install Windows as you normally would, booting from your install disc, going through the steps, and letting your computer reboot numerous times. You may want to do this in a virtual machine first, to make sure everything works before you erase your current version of Windows.

When it’s done, you’ll have a new, customized version of Windows at your fingertips. At this point, I’d run through and make sure all your changes were applied correctly, and see if there are any things you need to fix. Again, you can fix a lot of these things now without a problem, but if you want to remake your disc with the correct changes, you’ll have to go back to RT Se7en Lite and repeat the process (this is why backing up your settings is a good idea).

Got any favorite Windows tips, tweaks, or apps that you think are a must-have in an RT Se7en Lite customization session? Share them with us in the comments below.

Advertisements

How to Hack WiFi (WPA2/WEP/WPA) Full + Tools

Disclaimer: I (The creator of the video has already stated this, but I’d like to go over it again) do not take any responsibility for your actions regarding this tutorial. This was made by the creator to demonstrate weaknesses in wireless networks and for educational purposes only. Breaching other people’s wireless networks without permission is against the law. If you want to test this tutorial, try it on your own home network.

We will be using Dumpper and other suites to hijack WPA2/WEP/WPA WiFi networks. It’ll let you join

without a password, then you can get the password from inside the network. I’ll show you how towards the end of the tutorial. First, download all of the programs above. Now, follow these instructions for setting it up:

  1. Download (Link is Given Below) and Extract file than install JumpStart, WinPcap, and Dumpper.
  2. Open Dumpper.

Your programs are set up and ready to go, now begin the process:

  1. In the ‘Networks’ tab, select the network adapter you wish to use. Hit the ‘Scan’ button now.
  2. After it completes the scan, go over to the ‘Wps’ tab. In the area that says ‘Connect using JumpStart’, hit ‘Browse’ to select the location of where you installed JumpStart in the previous set-up steps. (By default, it installs in C:\Program Files (x86)\Jumpstart. Don’t open it, just select the ‘Jumpstart’ folder and click ‘OK’)
  3. In the area ‘Show default pin’, select ‘All networks’ isntead of ‘Only known networks’.
  4. Hit the ‘Scan’ button.
  5. Select the network you wish to penetrate. Remember the ‘Pin’ corresponding to your network in the scan results, this will be needed for later.
  6. In the previous area ‘Connect using Jumpstart’, hit the ‘Start JumpStart’ button.
  7. Under ‘What do you want to do?’, select ‘Join a wireless network’ and hit ‘Next’
  8. Under ‘Which setup method do you want to use?’, select “Enter the PIN from my access point” and enter the PIN next to your network in the scan section back in the previous scan results.
  9. Finally, select the targeted network from before and hit ‘Next’.

Now you’re happily connected with WiFi network you just penetrated. Do you want to see the password of the connected WiFi so you can get on from other devices without doing this process?

Follow these simple steps to get or see the password of WiFi:

  1. Open the menu where you join WiFi networks/view the network you’re connected to.
  2. Right click on the network you just joined and hit ‘Properties’
  3. Under the ‘Security’ tab, you can see the password, but it’s just dots. Check the ‘Show characters’ box under it.
  4. The password will then reveal itself.

Done

Before asking any question follow and apply the given steps properly.

EDIT: Some formatting to make it easier to read

Download

 

 

How to perform an image backup in Windows 8.1 or 10

1- Right-click the Start button and launch Control Panel.

2- Click File History.

3- While in File History, click the System Image Backup link in the bottom-left corner of the screen.

4- Connect an external USB hard drive with enough free space.

5- In the backup wizard, you’ll be prompted to choose from one of the three options to save the backup. For this example, we are going select the hard drive you just connected. However, keep in mind that you can backup to DVD blanks and a network share, but these options will slow down the backup process.

6- Click Next.

7- Confirm and begin the process by clicking Start backup.

The backup could take anywhere from 10 minutes to 2 hours, it all depends on the amount of data to be backed up.

And yes, during the backup process, you can use your computer as you would normally do.

After the System Image Backup utility completes the task, remember to keep the hard drive in a safe place.

Although, a lot of tech savvy users are aware of how to perform a full backup in Windows, you’ll be surprised how many people fail to know the basics. Often times I get asked questions such as: “I upgraded my system and now Windows won’t boot, how can I rollback?”. Or “My hard drive is ruined, is there any way to recover my data?”, and most of the times a simple backup could have saved them a lot of troubles.

How often do you do a full backup of your computer? What software do you use? Let us know your backup experience in the comments below!

Update: To restore your computer from backup, connect the drive with the system image backup and reboot your computer with the Windows installation media. During the Windows Setup, click Next, then click the Repair your computer link in the bottom-left corner of the screen. Click on Troubleshoot, click Advanced options, and select System Image Recovery. Now select the target operating system you want to recover, click Next and Finish.

create a bootable USB Flash Recovery Drive in Windows 8

Windows 8 has the ability to create a bootable USB flash recovery drive that can be used to troubleshoot a Windows 8 computer that is unable to start. A recovery drive is the same as a startup repair disk, but instead of being on a CD/DVD it is on a bootable USB drive. Once you boot up a Windows 8 computer with a Recovery Drive you will have access to a variety of diagnostic and troubleshooting utilities that can help resolve issues you may be having.

It should be noted that a recovery drive is not the same as a Windows 8 DVD and you cannot use it to install Windows 8. It is also important to create the recovery USB drive on the machine with the same bit-type as the one you need to repair. If you create the drive on a 32-bit machine you will only be able to repair 32-bit versions of Windows 8. The same goes for 64-bit versions of the recovery drive. Last, but not least, Windows 8 will format the USB flash drive that you use to create the recovery drive. Therefore, make sure you backup all your data before beginning this process.

To create the Recovery Drive, type Recovery Drive at the Windows 8 Start Screen. When the search results appear, click on the Settings category and then click on the Create a recovery drive option. This will display a User Account Control prompt, which you should click on Yes to continue. This will open the Recovery Drive program.

 

Recovery Drive Start Screen

 

Note: If your computer comes with a recovery partition pre-installed by the manufacturer, you will be able to select an option to copy the recovery partition from the PC to the recovery drive. If this option is enabled, you should put a check mark in this option to include the manufacturers recovery partition on your recovery drive.

Make sure you have a USB flash drive that is at least 256MB inserted into the computer and then click on the Next button. You will now be presented with a screen where you will prompted to select the USB flash drive that you would like to use for the recovery drive.

 

Select USB Flash Drive

 

Warning: The USB flash drive that you selected will be erased. Please back up any important files that are on the drive before continuing.

Select the USB flash drive that you wish to use and then click on the Next button. You will now be shown a warning stating that your USB flash drive will be erased.

 

Erase Warning

 

If you are ready, click on the Create button and Windows will turn your USB flash drive into a bootable recovery drive.

 

Creating recovery drive

 

When it done you will be shown a screen that states that the recovery drive has been created.

 

Finished creating recovery drive screen

 

You can now remove the flash drive and store it in a safe place.

In the future if you need to use the recovery drive to start Windows, you can insert it into a Windows 8 machine and boot off of it. If you are unable to to boot off the USB drive then you will need to go into your BIOS and enable it as the first boot device. Once your computer starts booting up off the USB Recovery Drive, you will be presented with a screen asking what keyboard layout you would like to use.

 

Keyboard Layout

 

Select the keyboard layout you wish to use by left-clicking on it once. You will now be at a screen where you can choose an option to perform.

 

Choose an option screen

 

You can either choose to Continue booting Windows 8, Turn off your PC, or use a variety of tools toTroubleshoot your Windows 8 installation. As you most likely are using the recovery drive because Windows 8 is not starting correctly, click on the Troubleshoot option. This will open the Troubleshoot screen that contains various tools that you can use to repair Windows 8.

 

Troubleshoot screen

 

The Refresh your PC option allows you to reinstall Windows 8 while retaining your data. More information about this process can be found in this tutorial:

How to reinstall Windows 8 while keeping your data using Refresh your PC

The Reset your PC options will perform a clean install of Windows 8 on your computer. This option will remove all the data on your computer, so please be sure to backup your data before performing this option. More information about the reset process can be found here:

How to perform a clean install of Windows 8 using Reset your PC

If you click on the Advanced options choice a new screen will open that contains other tools that you can use to troubleshoot Windows 8.

 

Advanced options screen

 

The tools on this screen allow you to perform a variety of diagnostic and repair processes on your computer. These options are described below.

System Restore

This option allows you to use System Restore to restore your computer back to a state when it was working properly. For more information about this process, please see this tutorial:

How to use System Restore from the Windows 8 Recovery Environment

System Image Recovery

This option allows you to restore a system image that you may have created in the past. For more information about System Image Recovery, please see this tutorial:

How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment

Automatic Repair

Automatic Repair tries to automatically detect and fix problems that may cause Windows 8 not to start. For more information on how to perform this procedure, please see this tutorial:

How to automatically repair Windows 8 using Automatic Repair

Command Prompt

The Recovery Command Prompt is a very powerful tool that provides access to your file system as well as a variety of repair tools. For more information on how to use the Windows 8 Recovery Command Prompt, please see this tutorial:

How to use the Windows 8 System Recovery Environment Command Prompt

When you are done using one of these tools, you will automatically be back at the Choose an optionscreen where you can continue to use these tools or continue to boot to Windows 8.

Backup and Restore in Windows 7

 

The backup utilities in previous versions of Windows have been less than spectacular resulting in a nice market for third party applications.  Today we take a look at the Backup and Restore feature in Windows 7  that may be their best backup tool yet.

Set the Backup

To set up a backup in Windows 7 open up Computer right-click on your local drive and select Properties.  Then click on the Tools tab and click the Back up now button.

Backup Now

 

In the Back up or restore your files window click the link to set up a backup.

Set Backup

Windows will search for a suitable drive to store the backup or you can also choose a location on your network.  If you backup to a network location you might need the password to the share.

1 external or network

You can have Windows choose what to backup or you can choose the files and directories.  Because I like more user control for this tutorial I am choosing what to backup but it’s completely up to you.

Note:  If you let Windows choose it will not backup Program Files, anything formatted with the FAT file system, files in the Recycle Bin, or any temp files that are 1GB or more.

settings

Select the files and folder to include in the backup.  Also notice you can select the option to create an image of your local drive.

choose

Now review the backup job and make sure everything looks correct.

review

Here you can also schedule the days and times the backup occurs.

schedule

Save the backup settings and kick off your first backup and while it runs you can monitor the progress.

in progress

Click the View Details button to see exactly what is being backup during the process.

details

When the backup is complete you will see the two backup files and image folder if you created one.  I backed up 20GB of data and it took around 15 minutes including the system image which came to 11GB.

sshot-11

Double click on the backup file and can restore files or manage the size of the backups folder.

managemenu

Restore Files from Backup

If you need to go back and restore a file from a backup click on Restore my files in the Backup and Restore Center.

rest

Now you can browse or search the most recent backup for a file or folder your missing.

chooserestore

Next you can restore them back to the original location or choose a different spot then click Restore.

location

Progress of the restoration will vary depending on the size of the data and location it’s restoring from.

prog

Manage Backup Size

Sometimes you may need to recover some disk space and Windows 7 allows you to manage the size of your backups.  In the Backup and Restore section click on the Manage Space link.

mgsizelink

Your given a summary of the backup location and what is taking up space from the backup.

mgspace

Click on the View backups button to check the different dated backups where you can delete older ones if needed.

sshot-2

You can also change how windows retains older system images.

mgsettinggs

Backing up data is one of the most important but overlooked tasks for a computer user.  If you have another backup app you might not consider letting Windows do it, but overall, the new backup and restore utility in Windows 7 is much better than previous versions.

Packet tracer

untitled

The best way to learn about networking is to do it. Cisco Packet Tracer, an innovative network configuration simulation tool, helps you hone your networking configuration skills from your desktop or mobile device. Use Packet Tracer to:

  • Sharpen your skills for a job interview.
  • Prepare for a certification exam.
  • Practice what you learn in networking courses.

Packet Tracer is an essential learning tool used in these Cisco Networking Academy courses: IT Essentials, CCNA Routing and Switching, CCNA Security, Intro to Internet of Everything, and Mobility Fundamentals. To download Packet Tracer, log in and click Packet Tracer under Offerings.

Download Packet Tracer and Learn

Sign up for Packet Tracer 101 (English), a 1-hour self-paced online course to help you get started, and download a free version of Packet Tracer for Windows or Linux.

ISAserver.org

Community Area

Login Register Now

Home Articles & Tutorials Articles

Enabling the ISA Server 2004 VPN Server

by Thomas Shinder [Published on 29 March 2004 / Last Updated on 29 March 2004]
1

The ISA Server 2004 VPN server changes the VPN remote access playing field by allowing you to control what protocols and servers to which VPN clients can connect. VPN client access controls can based on user credentials submitted when the client logged onto the VPN server. This enables you to create user groups that have access to a specific server using a specific protocol or set of protocols. You no long need to worry about your VPN clients browsing all the servers on the corporate network. The VPN client will only connect to the resources they require, and no others. The first step is to learn how to configure the ISA Firewall’s VPN server component. Check out this article to find out how.

Enabling the ISA Server 2004 VPN Server

by Thomas W Shinder, M.D., MVP

The ISA Server 2004 firewall can be configured as a VPN server or VPN gateway. The VPN server component enables it to accept incoming VPN remote access client calls. The VPN client computer can become a member of a protected network after successfully establishing the VPN connection. The ISA Server 2004 VPN gateway component allows you to connect entire networks to one another over the Internet.

Many network and firewall administrators labor under the misconception that VPN technologies are security technologies. The fact is that VPN represents a remote access technology that secures data as it moves through the transit network.. VPN is a secure remote access technology that secures data in transit, but does not add any security to the connection VPN clients make to the corporate network.

The reason for this is that traditional VPN servers allow VPN clients full access to the networks to which they connect. You either had to reconfigure a network infrastructure to specifically support the security requirements for VPN clients, or you had to have a high level of implicit trust in your VPN users.

Many third party VPN servers allow you to limit access to VPN clients that meet certain security requirements. For example, several large VPN server vendors allow you to install a managed VPN client on the VPN client systems. The managed VPN software will allow the VPN server to pre-qualify these VPN clients before they are allowed to connect to the network. These managed VPN clients may be required to have the latest security updates, personal firewall, and other software installed or configured before access to the network is allowed. Third party VPN vendors charge a hefty price for this managed VPN client software. You can get it at no extra cost if you use ISA Server 2004 firewalls and the built-in VPN quarantine feature.

The problem is that managed VPN clients, a la the functionality provided by the ISA Server 2004 VPN Quarantine feature, is only half the story when it comes to secure VPN client access. These managed VPN clients do not allow you strong user/group based access control to protocols and servers on the Internal network. VPN clients can still pose a significant security risk to the network without these strong user/group access controls on server and protocol access.

The ISA Server 2004 VPN server changes the VPN remote access playing field by allowing you to control what protocols and servers to which VPN clients can connect. VPN client access controls can based on user credentials submitted when the client logged onto the VPN server. This enables you to create user groups that have access to a specific server using a specific protocol or set of protocols. You no long need to worry about your VPN clients browsing all the servers on the corporate network. The VPN client will only connect to the resources they require, and no others.

In future articles I’ll go through all the details you need to know about how to implement these strong user/group access controls on VPN clients. The first step is to learn how to enable and configure the ISA Server 2004 VPN server component. You can then get into the nitty-gritty of ISA Server 2004 strong user/group based access control once you understand how the ISA Server 2004 firewall’s VPN server component works and you’ve got it up and running.

You can use the Microsoft Internet Security and Acceleration Server 2004 management console to manage almost every aspect of the VPN server configuration. The firewall manages the list of IP addresses assigned to VPN clients and places those addresses on a dedicated VPN clients network. Access controls can then be placed on communications moving to and from the VPN clients network using Access Rules.

In this article you will perform the following tasks to enable and test the ISA Server 2004 VPN server:

Enable the VPN Server
Create an Access Rule allowing VPN clients access to the Internal network
Enable Dial-in Access for the User Account
Test a PPTP VPN Connection
Issue certificates to the ISA Server 2004 firewall and VPN clients
Test a L2TP/IPSec VPN connection
Monitor VPN Client Connections

The figure below shows the details of the lab network we’ll be using in this article, and in all future articles on ISA Server 2004 on this site (we might vary a bit from this lab configuration for some special configuration articles, but this will be the baseline network for all articles from this point onward on this site, and also in our upcoming ISA Server 2004 book).

Notice that several network services need to be installed and configured before you can create a successful VPN server configuration:

RADIUS
DHCP
DNS
WINS
Enterprise CA

In our lab network, the domain controller for the lab Active Directory domain has all of these services installed. The name of the internal network domain is msfirewall.org. The DHCP server component is especially useful in a VPN server configuration environment, although not absolutely required.

In this article the follow servers, based on the names in the figure above, are required:

EXCHANGE2000BE
ISALOCAL
EXTCLIENT

Enable the VPN Server

By default, the VPN server component is disabled. The first step is to enable the VPN server feature and configure the VPN server components.

Perform the following steps to enable and configure the ISA Server 2004 VPN Server:

Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Virtual Private Networks (VPN) node.
Click on the Tasks tab in the Task Pane. Click the Enable VPN Client Access link.

Click Apply to save the changes and update the firewall policy.
Click OK in the Apply New Configuration dialog box.
Click the Configure VPN Client Access link.
On the General tab, change the value for the Maximum number of VPN clients allowed from 5 to 10.

Click on the Groups tab. On the Groups tab, click the Add button.
In the Select Groups dialog box, click the Locations button. In the Locations dialog box, click the msfirewall.org entry and click OK.
In the Select Group dialog box, enter Domain Users in the Enter the object names to select text box. Click the Check Names button. The group name will be underlined when it is found in the Active Directory. This value is used in the remote access policy managed by the ISA Server 2004 firewall machine. When the user accounts are configured to use remote access policy for dial-in access, then ISA Server 2004 remote access policy will be applied to the VPN client connections. Click OK.

Click the Protocols tab. On the Protocols tab, put a checkmark in the Enable L2TP/IPSec checkbox. Note that you will have to issue a machine certificate to the ISA Server 2004 firewall/VPN server, and to the connecting VPN clients, before you can use L2TP/IPSec. An alternative is to use a pre-shared key for the IPSec security negotiations.

Click the User Mapping tab. Put a checkmark in the Enable User Mapping checkbox. Put a checkmark in the When username does not contain a domain, use this domain checkbox. Enter msfirewall.org in the Domain Name text box. Note that these settings will only apply when using RADIUS authentication. These settings are ignored when using Windows authentication (such as when the ISA Server 2004 firewall machine belongs to the domain and the user explicitly enters domain credentials). Click Apply and then click OK. You may see a Microsoft Internet Security and Acceleration Server 2004 dialog box informing you that you need to restart the computer for the settings to take effect. If so, click OK in the dialog box.

On the Tasks tab, click the Select Access Networks link.

In the Virtual Private Networks (VPN) Properties dialog box, click the Access Networks tab. Note that the External checkbox is selected. This indicates that the external interface is listening for incoming VPN client connections. You could choose other interfaces, such as DMZ or extranet interfaces, if you wish to provide dedicated VPN services to trusted hosts and networks. I’ll go over this type of configuration, as well as how to configure additional interfaces for WLAN access, in future articles here on the http://www.isaserver.org Web site and in our ISA Server 2004 book.
Click the Address Assignment tab. Select the internal interface from the list in the Use the following network to obtain DHCP, DNS and WINS services list box. This is a critical setting, as it defines the network on which access to the DHCP is made. Note that in this example we are using a DHCP server on the internal network to assign addresses to VPN clients. The DHCP server will not assign DHCP options to the VPN clients unless you install the DHCP Relay Agent on the ISA Server 2004 firewall/VPN server machine. You have the option to create a static address pool of addresses to be assigned to the VPN clients. If you choose to use a static address pool, you will not be able to assign DHCP options to these hosts. Also, if you choose to use a static address pool, you should use an off-subnet network ID. Please refer to Stefaan Pouseele’s article on off-subnet address configuration over at http://isaserver.org/articles/How_to_Implement_VPN_OffSubnet_IP_Addresses.html.

Click on the Authentication tab. Note that the default setting is to enable only Microsoft encrypted authentication version 2 (MS-CHAPv2). In later documents in this ISA Server 2004 VPN Deployment Kit we will enable the EAP option so that high security user certificates can be used to authenticate with the ISA Server 2004 firewall VPN server. Note the Allow custom IPSec policy for L2TP connection checkbox. If you do not want to create a public key infrastructure or in the process of creating one but have not yet finished, then you can enable this checkbox and then enter a pre-shared key. The VPN clients will need to be configured to use the same pre-shared key.

Click the RADIUS tab. Here you can configure the ISA Server 2004 firewall VPN server to use RADIUS to authenticate the VPN users. The advantage of RADIUS authentication is that you can leverage the Active Directory (and others) user database to authenticate users without needing to join the Active Directory domain. We’ll go over the deep details of RADIUS configuration to support VPN connections in later documents on the http://www.isaserver.org Web site and in our ISA Server 2004 book.

Click Apply in the Virtual Private Networks (VPN) Properties dialog box and then click OK.
Click Apply to save the changes and update the firewall policy.
Click OK in the Apply New Configuration dialog box.
Restart the ISA Server 2004 firewall machine.

The machine will obtain a block of IP addresses from the DHCP Server on the Internal network when it restarts. Note that on a production network where the DHCP server is located on a network segment remote from the ISA Server 2004 firewall, all interposed routers will need to have BOOTP or DHCP relay enabled so that DHCP requests from the firewall can reach the remote DHCP servers.
Advertisement
Create an Access Rule Allowing VPN Clients Access to the Internal Network

The ISA Server 2004 firewall will be able to accept incoming VPN connections after the restart. However, the VPN clients cannot access any resources on the Internal network because there are no Access Rules enabling this access. You must create an Access Rule that allows members of the VPN clients network access to the Internal network. In contrast to other combined firewall VPN server solutions, the ISA Server 2004 firewall VPN server applies access controls for network access to VPN clients.

In this example you will create an Access Rule allowing all traffic to pass from the VPN clients network to the Internal network. In a production environment you would create more restrictive access rules so that users on the VPN clients network have access only to resource they require. I’ll show you how to create more sophisticated user/group based access controls on VPN clients in future articles on the http://www.isaserver.org site and in our ISA Server 2004 firewall book.

Perform the following steps to create an Access Rule to allow VPN clients unrestricted access to the Internal network:

In the Microsoft Internet Security and Acceleration Server 2004 management console, expand the server name and click the Firewall Policy node. Right click the Firewall Policy node, point to New and click Access Rule.
In the Welcome to the New Access Rule Wizard page, enter a name for the rule in the Access Rule name text box. In this example we will name the rule VPN Client to Internal. Click Next.
On the Rule Action page, select the Allow option and click Next.
On the Protocols page, select the All outbound protocols option in the This rule applies to list. Click Next.

fig10

On the Access Rule Sources page, click the Add button. On the Add Network Entities dialog box, click the Networks folder and double click on VPN Clients. Click Close.

Click Next on the Access Rule Sources page.
On the Access Rule Destinations page, click the Add button. On the Add Network Entities dialog box, click the Networks folder and double click on Internal. Click Close.
On the User Sets page, accept the default setting, All Users, and click Next.

Click Finish on the Completing the New Access Rule Wizard page.
Click Apply to save the changes and update the firewall policy.
Click OK in the Apply New Configuration dialog box. The VPN client policy is now the top listed Access Rule in the Access Policy list.

Enable Dial-in Access for the Administrator Account

In non-native mode Active Directory domains, all user accounts have dial-in access disabled by default. You must enable dial-in access on a per account basis for these non-Native mode Active Directory domains. In contrast, native mode Active Directory domains have dial-in access controlled by Remote Access Policy by default. Windows NT 4.0 domains always have dial-in access controlled on a per user account basis.

In our current example, the Active Directory is in Windows Server 2003 mixed mode, so we will need to manually change the dial-in settings on the domain user account. I highly recommend that if you do not have any Windows NT 4.0 domain controllers on your network, that you elevate your domain functionality level.

Perform the following steps on the domain controller to enable Dial-in access for the Administrator account:

Click Start and point to Administrative Tools. Click Active Directory Users and Computers.
In the Active Directory Users and Computers console, click on the Users node in the left pane. Double click on the Administrator account in the right pane of the console.
Click on the Dial-in tab. In the Remote Access Permission (Dial-in or VPN) frame, select the Allow access option. Click Apply and click OK.

f

Close the Active Directory Users and Computers console.

Test the PPTP VPN Connection

The ISA Server 2004 VPN server is now ready to accept VPN client connections.

Perform the following steps to test the VPN Server:

On the Windows 2000 external client machine, right click the My Network Places icon on the desktop and click Properties.
Double click the Make New Connection icon in the Network and Dial-up Connections window.
Click Next on the Welcome to the Network Connection Wizard page.
On the Network Connection Type page, select the Connect to a private network through the Internet option and click Next.
On the Destination Address page, enter the IP address 192.168.1.70 in the Host name or IP address text box. Click Next.
On the Connection Availability page, select the For all users option and click Next.
Make no changes on the Internet Connection Sharing page and click Next.
On the Completing the Network Connection Wizard page, enter a name for the VPN connection in the Type the name you want to use for this connection text box. In this example, we’ll name the connection ISA VPN. Confirm that there is a checkmark in the Add a shortcut to my desktop checkbox. Click Finish.
In the Connect ISA VPN dialog box, enter the user name MSFIREWALL\administrator and the password for the administrator user account. Click Connect.

fig15

The VPN client establishes a connection with the ISA Server 2004 VPN server. Click OK in the Connection Complete dialog box informing that the connection is established.
Double click on the connection icon in the system tray and click the Details tab. You can see that MPPE 128 encryption is used to protect the data and the IP address assigned to the VPN client.

Click Start and then click the Run command. In the Run dialog box, enter \\EXCHANGE2003BE in the Open text box and click OK. The shares on the domain controller computer appear. Close the windows displaying the domain controllers contents. Note that we were able to use a single label name to connect to the domain controller because the ISA Server 2004 firewall VPN server assigned the VPN client a WINS server address.
Right click the connection icon in the system tray and click Disconnect.

Issue Certificates to the ISA Server 2004 Firewall and VPN Clients

You can significantly improve the level of security provided to your VPN connection by using the L2TP/IPSec VPN protocol. The IPSec encryption protocol provides a number of security advantages over the Microsoft Point to Point Encryption (MPPE) protocol used to secure PPTP connections. While the ISA Server 2004 firewall VPN supports using a pre-shared key to support the IPSec encryption process, this should be considered a low security option and should be avoided if possible. The secure IPSec solution is to use computer certificates on the VPN server and VPN clients.

The first step is to issue a computer certificate to the ISA Server 2004 firewall VPN server. Perform the following steps on the ISA Server 2004 firewall to request a certificate from the enterprise CA on the Internal network:

Open Internet Explorer. In the Address bar, enter http://10.0.0.2/certsrv and click OK.
In the Enter Network Password dialog box, enter Administrator in the User Name text box and enter the Administrator’s password in the Password text box. Click OK.
Click the Request a Certificate link on the Welcome page.
On the Request a Certificate page, click the advanced certificate request link.
On the Advanced Certificate Request page, click the Create and submit a request to this CA link.
On the Advanced Certificate Request page, select the Administrator certificate from the Certificate Template list. Place a checkmark in the Store certificate in the local computer certificate store checkbox. Click Submit.
Click Yes in the Potential Scripting Violation dialog box.
On the Certificate Issued page, click the Install this certificate link.
Click Yes on the Potential Scripting Violation page.
Close the browser after viewing the Certificate Installed page.
Click Start and then click the Run command. Enter mmc in the Open text box and click OK.
In the Console1 console, click the File menu and the click the Add/Remove Snap-in command.
Click Add in the Add/Remove Snap-in dialog box.
Select the Certificates entry in the Available Standalone Snap-ins list in the Add Standalone Snap-in dialog box. Click Add.
Select the Computer account option on the Certificates snap-in page.
Select the Local computer option on the Select Computer page.
Click Close in the Add Standalone Snap-in dialog box.
Click OK in the Add/Remove Snap-in dialog box.
In the left pane of the console, expand the Certificates (Local Computer) node and the expand the Personal node. Click on the \Personal\Certificates node. Double click on the Administrator certificate in the right pane of the console.
In the Certificate dialog box, click the Certification Path tab. At the top of the certificate hierarchy seen in the Certification path frame is the root CA certificate. Click the EXCHANGE2003BE certificate at the top of the list. Click the View Certificate button.
In the CA certificate’s Certificate dialog box, click the Details tab. Click the Copy to File button.
Click Next in the Welcome to the Certificate Export Wizard page.
On the Export File Format page, select the Cyptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) option and click Next.
On the File to Export page, enter c:\cacert in the File name text box. Click Next.
Click Finish on the Completing the Certificate Export Wizard page.
Click OK in the Certificate Export Wizard dialog box.
Click OK in the Certificate dialog box. Click OK again in the Certificate dialog box.
In the left pane of the console, expand the Trusted Root Certification Authorities node and click the Certificates node. Right click the \Trusted Root Certification Authorities\Certificates node, point to All Tasks and click Import.
Click Next on the Welcome to the Certificate Import Wizard page.
On the File to Import page, use the Browse button to locate the CA certificate you saved to the local hard disk and click Next.
On the Certificate Store page, accept the default settings and click Next.
Click Finish on the Completing the Certificate Import Wizard page.
Click OK on the Certificate Import Wizard dialog box informing you that the import was successful.

Note that you will not need to manually copy the enterprise CA certificate into the ISA Server 2004 firewall’s Trusted Root Certification Authorities certificate store because CA certificate is automatically installed on domain members. If the firewall were not a member of the domain, then you would need to manually place the CA certificate into the Trusted Root Certification Authorities certificate store.

The next step is to issue a computer certificate to the VPN client computer. In this example, the VPN client machine is not a member of the domain. You will need to request a computer certificate using the enterprise CA’s Web enrollment site and the manually place the enterprise CA certificate into the client’s Trusted Root Certification Authorities machine certificate store. The easiest way to accomplish this task is to have the VPN client machine request the certificate when connected via a PPTP link.

Note:
In a production environment, untrusted clients should not be issued computer certificates. Only managed computers which are members of the domain, should be allowed to install computer certificates. Domain members are managed clients and therefore under the organization’s administrative control The computer certificate is a security principle and is not meant to provide free access to all clients who wish to connect via VPN.

Perform the following steps to request the certificate and install the CA certificate:

Establish a PPTP VPN connection to the ISA Server 2004 firewall VPN server.
Open Internet Explorer. In the Address bar, enter http://10.0.0.2/certsrv and click OK.
In the Enter Network Password dialog box, enter Administrator in the User Name text box and enter the Administrator’s password in the Password text box. Click OK.
Click the Request a Certificate link on the Welcome page.
On the Request a Certificate page, click the advanced certificate request link.
On the Advanced Certificate Request page, click the Create and submit a request to this CA link.
On the Advanced Certificate Request page, select the Administrator certificate from the Certificate Template list. Place a checkmark in the Store certificate in the local computer certificate store checkbox. Click Submit.
Click Yes in the Potential Scripting Violation dialog box.
On the Certificate Issued page, click the Install this certificate link.
Click Yes on the Potential Scripting Violation page.
Close the browser after viewing the Certificate Installed page.
Click Start and then click the Run command. Enter mmc in the Open text box and click OK.
In the Console1 console, click the File menu and the click the Add/Remove Snap-in command.
Click Add in the Add/Remove Snap-in dialog box.
Select the Certificates entry in the Available Standalone Snap-ins list in the Add Standalone Snap-in dialog box. Click Add.
Select the Computer account option on the Certificates snap-in page.
Select the Local computer option on the Select Computer page.
Click Close in the Add Standalone Snap-in dialog box.
Click OK in the Add/Remove Snap-in dialog box.
In the left pane of the console, expand the Certificates (Local Computer) node and the expand the Personal node. Click on the \Personal\Certificates node. Double click on the Administrator certificate in the right pane of the console.
In the Certificate dialog box, click the Certification Path tab. At the top of the certificate hierarchy seen in the Certification path frame is the root CA certificate. Click the EXCHANGE2003BE certificate at the top of the list. Click the View Certificate button.
In the CA certificate’s Certificate dialog box, click the Details tab. Click the Copy to File button.
Click Next in the Welcome to the Certificate Export Wizard page.
On the Export File Format page, select the Cyptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) option and click Next.
On the File to Export page, enter c:\cacert in the File name text box. Click Next.
Click Finish on the Completing the Certificate Export Wizard page.
Click OK in the Certificate Export Wizard dialog box.
Click OK in the Certificate dialog box. Click OK again in the Certificate dialog box.
In the left pane of the console, expand the Trusted Root Certification Authorities node and click the Certificates node. Right click the \Trusted Root Certification Authorities\Certificates node, point to All Tasks and click Import.
Click Next on the Welcome to the Certificate Import Wizard page.
On the File to Import page, use the Browse button to locate the CA certificate you saved to the local hard disk and click Next.
On the Certificate Store page, accept the default settings and click Next.
Click Finish on the Completing the Certificate Import Wizard page.
Click OK on the Certificate Import Wizard dialog box informing you that the import was successful.

Disconnect from the VPN server right clicking on the connection icon in the system tray and clicking Disconnect.
Test a L2TP/IPSec VPN Connection

Now that both the ISA Server 2004 firewall and the VPN client machines have machine certificates, you can test a secure remote access client VPN connection to the firewall. The first step is to restart the Routing and Remote Access Service so that it registers the new certificate.

Perform the following steps to restart the Routing and Remote Access Service:

In the Microsoft Internet Security and Acceleration Server 2004 management console, expand the server name and then click the Monitoring node.
In the Details pane, click on the Services tab. Right click on the Remote Access Service entry and click Stop.

Right click Remote Access Service entry again and click Start.

The next step is to start the VPN client connection:

From the VPN client computer establish a VPN connection in the same way that you have earlier in these walkthroughs.
Click OK in the Connection Complete dialog box informing you that the connection is established.
Double click on the connection icon in the system tray.
In the ISA VPN Status dialog box, click the Details tab. You will see an entry for IPSEC Encryption, indicating that the L2TP/IPSec connection was successful.

Click Close in the ISA VPN Status dialog box.
Monitor VPN Clients

The ISA Server 2004 firewall allows you to monitor the VPN client connections. Perform the following steps to see how you can view connections from VPN clients:

In the Microsoft Internet Security and Acceleration Server 2004 management console, expand the computer name in the left pane of the console and click the Virtual Private Networks (VPN) node. In the Task Pane, click the Tasks tab. Click the Monitor VPN Clients link.

You are moved to the Sessions tab in the Monitoring node. Here you can see that the sessions have been filtered to show only the VPN Client connections.

Click on the Dashboard tab. Here you can see in the Sessions pane the VPN Remote Client connections.

You can also use the real-time logging feature to see connections made by the VPN clients. Click on the Logging tab and then click the Tasks tab in the Task Pane. Click the Start Query link. Here you see all communications moving through the firewall. You can use the filter capabilities to focus on specific VPN clients or only the VPN clients network.
Conclusion

In this article we discussed how to enable the ISA Server 2004 VPN server component and then how to configure the VPN server. We then tested the VPN server functionality by creating a VPN client connection to the server and accessing resources on the Internal network. In future articles on the http://www.isaserver.org Web site and in our ISA Server 2004 book, we will go into the details of strong user/group access control and multinetworking with ISA Server 2004 VPN services.

I hope you enjoyed this article and found something in it that you can apply to your own network. If you have any questions on anything I discussed in this article, head on over to http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=30;t=000036 and post a message. I’ll be informed of your post and will answer your questions ASAP. Thanks! –Tom

If you would like us to email you when Tom Shinder releases another article on ISAserver.org, subscribe to our ‘Real-Time Article Update’ by clicking here. Please note that we do NOT sell or rent the email addresses belonging to our subscribers; we respect your privacy.
See Also

Configuring the Calling ISA Server Firewall/VPN Gateway to use EAP/TLS Certificate Authentication – Part 2
Using EAP User Certificate Authentication for ISA Firewall Site to Site VPNs (2004)
Configuring the Calling ISA Server Firewall/VPN Gateway to use EAP/TLS Certificate Authentication – Part 1
Configuring the ISA Firewall to Support Certificate-Based EAP-TLS Authentication (Part 2)
Allowing Inbound L2TP/IPSec NAT Traversal Connections through a Back to Back ISA Server Firewall DMZ (Part 2)
Implementing Secure Remote Access with PPTP and Forefront Threat Management Gateway (TMG) 2010 (Part 1)
Configuring the ISA Firewall to Support Certificate-Based EAP-TLS Authentication (Part 3)
Publishing a Windows Server 2008 SSL VPN Server Using ISA 2006 Firewalls (Part 3)
Enabling DHCP Relay for ISA Firewall VPN Clients
Configuring Gateway to Gateway L2TP/IPSec VPNs Part 1: Configuring the Infrastructure

The Author — Thomas Shinder
Thomas Shinder avatar

Dr. Thomas W. Shinder is an MCSE and MVP in ISA Firewalls.
Latest Contributions

Product Review: Celestix HOTPin 24 Nov. 2009
Kicking the Tires on the TMG 2010 RC ISP Redundancy – Part 2: Enabling ISP Redundancy 10 Nov. 2009
Kicking the Tires on the TMG 2010 RC ISP Redundancy – Part 1: Configuring the Virtual Infrastructure and the TMG Firewall Interfaces 27 Oct. 2009
Configuring TMG Beta 3 for SSTP VPN Connections – Part 3: Configure TMG VPN Settings and Making the Connection 6 Oct. 2009
Configuring TMG Beta 3 for SSTP VPN Connections – Part 2: Configuring the Firewall to Accept SSTP Connections 2 Sept. 2009

Featured Links
Newsletter Subscription

My Subscription Newsletters

By subscribing to our newsletters you agree to the terms of our privacy policy
ISAserver.org Sections

Articles & Tutorials Blogs FAQs Hardware KBase Tips News Newsletters Our Authors Site News Software White Papers

Featured Products
Advertisement
Featured Book

Order today Amazon.com

Articles & Tutorials View All Feed

Articles
Certification
Configuration – Alt. Products & Platforms
Configuration – General
Configuration – Security
General Guides and Articles
Installation & Planning
Miscellaneous
Non-ISAserver.org Tutorials
Product Reviews
Publishing

Home
Articles & Tutorials
Products
Reviews
Free Tools
Blogs
Forums
Contact Us

Hardware

ISA Appliances
SSL Acceleration
TMG Appliances
UAG Appliances

Software

Access Control Anti Virus Authentication Bandwidth Control Caching Content Security Free Tools Intrusion Detection Misc. ISA server software Monitoring & Admin Reporting

TechGenix.com TechGenix Ltd is an online media company which sets the standard for providing free high quality technical content to IT professionals.
MSExchange.org The leading Microsoft Exchange Server and Office 365 resource site.
WindowsNetworking.com Windows Server 2012 / 2008 / 2003 & Windows 8 / 7 networking resource site
WindowSecurity.com Network Security & Information Security resource for IT administrators
VirtualizationAdmin.com The essential Virtualization resource site for administrators
CloudComputingAdmin.com Cloud Computing Resource Site for IT Pros
InsideAWS.com An independent Amazon Web Services resource site
WServerNews.com World’s largest weekly newsletter on Windows Server and cloud technologies

About Us Advertise With Us Contact Us

ISAserver.org is in no way affiliated with Microsoft Corp.
Copyright © 2016, TechGenix.com. All rights reserved. Please read our Privacy Policy and Terms & Conditions.

Windows 7 – How to delete outdated Windows updates.

Windows 7 – How to delete outdated Windows updates.
November 20th, 2013
Microsoft recently released a Disk Cleanup Wizard addon / plugin / hot fix (all three names are used in the KB article) that allows users to delete outdated Windows updates on computers running Windows 7 SP1.
“This update adds a new plugin to the Disk Cleanup wizard. After you install this update, you can use the Windows Update Cleanup option to delete Windows updates that you no longer need.”
I decided to see just how effective this plugin is when reclaiming disk space. To this end I choose a test PC that has been running Windows 7 Pro since October of 2009 with the pre service pack 1 updates, then service pack 1 was installed and over the past 33 months all the “Important” Windows Updates that were available installed. Note: This is basically a clean installation with no additional software installed except for one utility.
Before I installed the Disk Cleanup plugin (KB2852386):
1) I installed the latest “Important” Windows Updates. No “Optional updates” were installed.
2) I then created an image backup to use as my pre-plugin baseline.
3) Then I ran Disk Cleanup to delete as much junk as possible.
4) Then I checked the amount of used disk space.
Next I installed the file I had downloaded (64Bit version) from the link in KB2852386.
Notes:
1) You can also obtain this plugin from the list “Optional” updates when you run Live Update.
2) After installing the plugin, if you are not prompted to restart your PC, do so now.
Run the Disk Cleanup utility:
Notes:
a) You must have administrator permissions to clean up Windows update files.
b) If you are already receiving Low Disk Space notification, click the notification to open the Disk Cleanup wizard and go to step 2.
1) Start the Disk Cleanup wizard. Click Start, click ‘All Programs’, click ‘Accessories’, click ‘System Tools’, and then click ‘Disk Cleanup’.
2) Select the Windows 7 system drive, and then click OK.Note: This operation might take several seconds because the Disk Cleanup wizard searches for files on the drive that can be cleaned up.
3a) If the Windows Update Cleanup option is not displayed on the Disk Cleanup tab, click ‘Clean up system files’ button.
3b) If the Windows Update Cleanup option is displayed on the Disk Cleanup tab; go to step 5.
4) Select the Windows 7 system drive, and then click OK.
5) On the Disk Cleanup tab, select Windows Update Cleanup, and then click OK.
Note: By default, the Windows Update Cleanup option is already selected, you may need to move the slider down to see this option. However you should remove the checkmarks from all the other options to get an accurate result of the total amount of disk space that will be freed up and available for use.
6) When a dialog box appears, click Delete Files. This may take several minutes to complete.
7) After the operation has completed; restart / reboot your computer to finish the cleanup process.
8) Launch Windows Explorer, then right click on the Windows partition drive letter and select ‘Properties’ to see just how much free space in now available.
I saved 2.34GB on my PC, that’s a lot of obsolete Windows Updates.
For users who have 500MB  a 500GB or larger hard drives this isn’t much space but for users who have Solid State Drives with a smaller capacity this is a significant of space to free up. Hard drive users may want to run the Windows ‘Disk Defragmenter’, this isn’t necessary if you have a SSD.

How do I find what computer motherboard I have?

If you need to identify your motherboard (the model number), you can do one of the below three things.

Identifying through Windows or other utility
Documentation
Visually identifying

If you’re trying to identify the motherboard for any of the reasons below, view these links for additional related information.

Motherboard form factor
Chipset or driver update
Product Listing or specifications
Replacement or repair

Identifying through Windows or other utility

You can view the manufacturer and model number in your Windows system using theSystem Information utility. To access this utility, follow the steps below.

Windows 10 & Windows 8

  1. On the Windows Desktop screen, press Windows key + X to open the Power User Task menu.
  2. Select the Run option in the menu.
  3. In the Run text field, type msinfo32 and press Enter.

Windows 7 and earlier versions

  1. Open the Start menu.
  2. Click on All Programs > Accessories > System Tools, then select the System Information utility.

This utility provides a good bit of information about your computer. On the System Summary screen, you will find the motherboard manufacturer (System Manufacturer) and motherboard model (System Model). For example, for a computer with a MSImotherboard, the manufacturer would be MICRO-STAR INTERNATIONAL and the System Model could be MS-7599, for example. The Model is the model number of the motherboard.

Note: If your computer is an OEM computer, such as a Dell or Hewlett Packard, the model number may be the model number of your computer and not the motherboard. For these computers, we suggest referring to the technical documentation for the model of the computer. These documents can be downloaded directly from the computer manufacturer.

  • Other ways of locating hardware and other computer specifications.

Documentation

The documentation or technical notes for your computer or motherboard also include the motherboard information. PDF versions of these documents can be downloaded from the computer manufacturer or motherboard manufacturer website.

Visually identifying

Finally, every computer motherboard has a silk screened name of the model and the manufacturer printed on the motherboard. For example, in the picture below, this motherboard has the model number (PSAD2-E) printed above the memory slots. Click the image below to get a larger view of this picture.

Computer motherboard

Tip: If you are unable to locate the model number of a motherboard, but can locate an FCC identification number, it is recommended that you perform a search using that instead. Additional information about FCC numbers and how to search for information about them can be found on our FCC definition.

Motherboard form factor

If you are looking for additional information about the type or form factor of the motherboard, see the form factor definition. That page contains sections about each of the motherboard form factors and information on how to distinguish each of them.

Chipset or driver update

If you are trying to determine chipset or motherboard information to update the drivers or the BIOS, see the motherboard driver section for further information.

  • Additional information and help with BIOS updates.
  • How to determine the computer motherboard chipset.

Product listing or specifications

If you are trying to list all the specific information about your computer motherboard, specifying the manufacturer, form factor, and specifications of the motherboard is sufficient. Below is an example of how a motherboard could be listed in your system specifications. If you’re listing this information to sell the computer, keep in mind that most people are not going to be too concerned about the specific motherboard in the computer.

Intel D815EGEW ATX using a 1.1GHz processor and 512MB of memory

Replacement or repair

If you are trying to determine the motherboard because it needs to be replaced or repaired, it is recommended that the motherboard be replaced instead of repaired. Because of the complexity of today’s motherboards, it can be very difficult and costly to repair a motherboard and it is easier and cheaper to replace the motherboard.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: