In this edition of the Windows Vista and Windows 7 Report, we show you how to change Windows 7’s Logon screen wallpaper.

While experimenting with several Microsoft Windows 7 systems recently, we spent a lot of time staring at the Logon screen. During that time, we began to think about changing the Logon screen wallpaper. Now, we have changed the Logon screen wallpaper in just about every version of Windows we’ve used, so we know that there had to be a way to do so.

When we began to investigate the procedure in Windows 7, we discovered that changing the Logon screen wallpaper in the newest version of the Windows operating system is easy, once you know the steps — and you don’t even need any third-party software to do it.

In order to make it easy for OEMs to customize Windows 7, Microsoft built the ability to change the Logon screen wallpaper right in to the operating system. In this edition of the Windows Vista and Windows 7 Report, we’ll show you how to change Windows 7’s Logon screen wallpaper.

A Registry tweak

The process begins with a very minor Registry tweak. Even for those who would not normally feel comfortable editing the Registry, this one’s a piece of cake. To begin, click the Start button and type Regedit in the Search box. Then, select the appropriate result and press [Enter]. When you do, you’ll see the User Account Control, shown in Figure A, and will need to click the Yes button.Note: Editing the Windows Registry file is not without its risks, so be sure you have a verified backup before making any changes.

Figure A

You will encounter a UAC when you launch the Registry Editor.

Once the Registry Editor launches, locate and right-click on HKEY_LOCAL_MACHINE key and select the Find command. When you see the Find dialog box, type OEMBackground in the text box and make sure that only the Values check box is selected, as shown in Figure B.

Figure B

Type OEMBackground in the Find dialog box.

When the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background key opens, locate and double-click the OEMBackground value. When you see the Edit DWORD dialog box, change the value data from 0 to 1, as shown in Figure C. (If the OEMBackground value doesn’t exist in the Background key, you’ll need to pull down the Edit menu from that key and select New | DWORD (32-bit) Value).

Figure C

Change the value data from 0 to 1.

To complete this part of the operation, click OK to close the Edit DWORD dialog box and then close the Registry Editor.

Creating folders

In the second part of the operation, you’ll need to create a couple of folders. To begin, launch Windows Explorer. Then navigate to the C:\Windows\System32\Oobe folder. Once you access the Oobe folder, click the New Folder button in the Windows Explorer toolbar. You’ll see a confirmation dialog box, like the one shown in Figure D. When you click Continue, the new folder will be created and you can name it info.

Figure D

When you click the New Folder button, you’ll encounter a confirmation dialog box.

Then, open the info folder, click the New Folder button again, work through the confirmation dialog box, and then name the second new folder backgrounds.

Configuring the wallpaper

You can use any image that you want for your new Logon screen wallpaper. However, the image has to be in JPG format and you need to name it backgroundDefault.jpg. When you copy your file to the Windows\System32\Oobe\info\backgrounds folder, you’ll encounter and will need to work through a confirmation dialog box similar to the one shown in Figure D.

Two other things to keep in mind: First, the actual file size of backgroundDefault.jpg cannot exceed 256 KB. Second, you’ll want to use an image whose dimensions match the screen resolution that you are using. If you use a file whose dimensions are smaller, the image will be stretched and may appear distorted.

Altering shadows

As you know, the button and the text used to identify your user account on the Logon screen have shadows behind them to give them a 3D-like look, and these shadows work well with the default Logon screen wallpaper. Depending on what image you use for your new Logon screen wallpaper, these shadows might not work so well.

In addition to making it easy to change the Logon screen wallpaper, Microsoft also made it easy to adjust or disable the text and button shadows to accommodate your particular image.

To alter the shadows, launch the Registry Editor again as described above and access the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI folder

Once you open the LogonUI folder, you’ll create a new DWORD value called ButtonSet, as shown in Figure E. You can then configure the shadow by setting the value data to one of the following numbers:

• 0 — Light shadow
• 1 — Dark shadow
• 2 — No shadow

Figure E

The ButtonSet value allows you to adjust or disable the text and button shadows.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

In Windows Vista and later versions of Windows, the bootloader was moved from boot.ini to a utility called BCDEdit. Here’s how to modify the boot config data with the new tool.

Sometimes dual-booting a system is a handy way to test new software, a new operating system, or an application that needs to be run in a specific version of Windows. Other reasons to dual-boot might include replication of a client environment.

Windows handles dual-booting by using boot.ini to display a menu of bootable choices or partitions found on the current system. In Windows Vista and later versions of Windows, the bootloader was moved from boot.ini to a utility called BCDEdit.

Recently, we decided we could make better use of some disk space that we had set aside to create a bootable VHD for Windows Server 2008 R2. There was no data other than the OS installation contained within the file because we had used it only to prepare a blog post about booting from Virtual Hard Disks. To free up the space, we deleted the VHD.

Note: Always make sure to back up any data that you want to keep before deleting or modifying partitions on VHDs. Your changes could make the partition unbootable.

Once we had the VHD removed, we thought Windows would be smart enough to clean up the boot loader, but we were not so lucky. We had Windows 7 set as the primary OS, so we were not without a system.

We started looking around for boot.ini and was directed toward the Boot Configuration Data Editor (BCDEdit) as the utility to use when editing boot loader information in Windows 7 (and in Vista too).

To begin, open the Start menu, select All Programs, and then choose Accessories. Right-click on Command Prompt and select Run As Administrator. Once in the command window, type bcdedit. This will return the current running configuration of your boot loader, showing any and all items that can boot on this system.

In this example, we decided to remove the entry for my Windows 2008 R2 installation, as we wouldn’t need it for the time being. To remove an entry, you will need to know the Boot Loader Identifier (found in curly braces in Figure A).

Figure A

we copied the whole list into Notepad and then selected and copied just the ID, braces included.

Removing an entry from the Boot Loader

One simple command got the Windows Server 2008 R2 entry out of the boot loader. At the command prompt, enter the following:

Bcdedit /delete {boot loader identifier}

Press Enter, and the Boot Configuration Data Editor (BCDEdit) will remove the entry for the ID you specified and display a message when finished. When Windows starts, the only choice available in the boot menu should be the current Windows installation.

Warning: Be careful when editing the boot configuration data. If you mistakenly remove the current instance of Windows, you may render your computer unbootable.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

What has happened?

On May 12, 2017 a new variant of the Ransom.CryptXXX ransomware family (detected as Ransom.Wannacry) began spreading widely, impacting a large number of organizations, particularly in Europe.

What is the WannaCry ransomware?

WannaCry encrypts data files and asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

Figure 1. Ransom demand screen displayed by the WannaCry Trojan

It also drops a file named !Please Read Me!.txt which contains the ransom note.

Figure 2. Ransom demand note from WannaCry Trojan

It propagates to other computers by exploiting a known SMB remote code execution vulnerability (MS17-010) in Microsoft Windows computers.

Are you protected against this threat?

South Jersey Techies, LLC recommends and offers Symantec Endpoint Protection to its clients. Symantec Endpoint Protection customers are protected against WannaCry using a combination of technologies: Antivirus, SONAR protection, Network-based protection.

All South Jersey Techies Managed IT Services client computers have the latest Windows security updates installed, in particular MS17-010, to prevent spreading. If your business / organization is not on our Managed IT Services plan please check or contact us to ensure that you have the latest updates installed.

Who is impacted?

A number of organizations globally have been affected, the majority of which are in Europe.

Is this a targeted attack?

No, this is not believed to be a targeted attack at this time. Ransomware campaigns are typically indiscriminate.

Can I recover the encrypted files?

Decryption is not available at this time but companies are investigating. South Jersey Techies, LLC does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible. South Jersey Techies offers a number of backup solutions including Carbonite Online Backup and cloud storage solutions. If you are unsure about your computer / server backups, please check or contact us to discuss the best solution for your business.

What are best practices for protecting against ransomware?

• New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
• Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
• Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
• Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
• Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
• Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.

Have additional questions?

Feel free to call us at contact us or (856) 745-9990 with any questions you may have.

Here’s how to clear the Address Resolution Protocol cache and how to manage that cache with a few command switches.

The Address Resolution Protocol (ARP) cache is a crucial component of IP networking on any operating system. What ARP does is link Ethernet addressing (IP addressing) to hardware addressing (MAC addressing). Without this system, a machine could not communicate to the outside world as one addressing scheme could not communicate with the other.

The ARP Cache is a collection of ARP entries (mostly dynamic) that are created when a hostname is resolved to an IP address and then an IP address is resolved to a MAC address (so the computer can effectively communicate with the IP address).

When this happens, the PC will store that newly mapped address in the ARP cache, and it will stay there until the ARP cache entry timeout expires. This isn’t usually a problem, but sometimes a bad ARP entry can cause issues with Internet connections and Web page loading. When this occurs, one step that can be taken toward resolution is to clear the ARP cache. Yes, this means the ARP cache has to be rebuilt, which means a little more work for the PC, but that cache will rebuild fairly quickly.

Clearing the ARP cache is done completely through the command line, so stretch out those fingers and get ready to type. After we show you how to clear the ARP cache, we will show you how to manage that cache with a few command switches.

Flush the cache

Step 1: Open the command prompt

Click Start and then type “cmd” (no quotes) in the search dialog box, but don’t hit Enter yet. Right-click the cmd.exe icon and select Run as Administrator (Figure A). After answering the UAC, the terminal window will open offering up the command prompt.

Figure A

If the icon is already pinned in the Start menu, entering cmd is not necessary.

Step 2: Run the commands

The first command to run is

arp -a

This command will display all your ARP entries (Figure B). Naturally the -a option is not the only option available. The arp command also allows for the following switches:

Figure B

Here you see the arp cache for two different interfaces on a single machine.

To flush the entire cache, issue the following command:

netsh interface ip delete arpcache

The above command will flush the entire ARP cache on your system. Now as soon as network connections are made, the ARP cache will begin to repopulate.

Verify the flush

Once you have flushed the ARP cache, make sure to issue the command arp -a to see if the cache has, in fact, been flushed. If it does not flush, it could be the system is a victim of a Windows bug caused when Routing and Remote Services is enabled. This is a simple bug to fix:

1.           Click Start | Control Panel.

2.           Click Administrative Tools.

3.           Click Computer Management.

4.           Double-click Services and Applications.

5.           Double-click Services.

6.           Scroll down to Routing and Remote Services.

7.           Double-click Routing and Remote Services.

8.           Set the Startup Type to Disable.

9.           Make sure the service is stopped.

Now try flushing the ARP cache again. It should work this time.

Troubleshooting

It is also possible to troubleshoot network connections using the ARP cache. For example, it is important to look out for invalid ARP entries that go to a MAC address of 00-00-00-00-00-00. If one such entry shows up, make sure to delete it from the cache using the -d switch. Say you have an ARP entry that looks like:

224.0.0.24           00-00-00-00-00-00 static

In order to delete this entry, use the arp command like so:

arp -d 224.0.0.24

And that invalid entry will be gone.

Final thoughts

There are so many ways to troubleshoot networking connections. Flushing the ARP cache is just one of those methods that is rarely thought of, but when all else fails this might be the last-gasp effort that makes you the hero of the day.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.