Sunday, June 08, 2014

Windows 8 Cursors over RDP

Hello Reader(s),

I recently ran into issues when using Remote Desktop Protocol, RDP, (specifically using the Linux rdestop tool) to access a Windows 8 machine. The issue was that the mouse cursor was not visible.

I was able to fix this by:
  1. Hit Windows-E to bring up Explorer
  2. Right click on "This PC"
  3. Select Properties, like this:
  4. In the box that pops up, select "Advanced System Settings". I just kept hitting Tab to move the cursor there rather than using the mouse to guess.
  5. In the System Properties dialog, go to the Performance box and select "Settings...". Like this:
  6. In the "Performance Options" dialog box, (use the tab key to) select "Adjust for best performance".
  7. Then, I did Alt-A to Apply and just hit Enter to close the box.
  8. At this point, I had my mouse cursor back!

I hope this works for you, too!

MJ


Posted by at No comments:

Saturday, March 22, 2014

TPM and Multiple Machines

Hey guys,

My my current employer is considering a full disk encryption (FDE) technology which uses TPM's instead of our current software based solutions with passwords. I'm doing some testing.

Quick aside: In short, right now, users type in a password (encryption key) when their machine boots. The solution we're considering (BitLocker) stores the encryption keys in the special TPM chip on supported computers.

Normally, most people's experience with TPM's is on laptops. They're rare on desktop machines. I much prefer working with desktops. Thus, my home lab had no TPM support. I have two motherboards with headers for TPM's. A quick Amazon search found a TPM which Prime quickly delivered. So, I setup Windows 8.1 Enterprise Evaluation edition on an OCZ ssd.

I installed the TPM module in the motherboard. Then, I configured it. And booted into Windows.
This was the surprisingly difficult part. Using the Control Panel applet to configure BitLocker led to nothing but frustration. I finally found some instructions on how to force BitLocker to use the TPM (By default, it appears to NOT use the TPM.) Here's the command that did it:

manage-bde -on C:

Some testing indicated that everything worked as expected (could seamlessly boot into Windows 8.1; loading the drive into a forensic workstation showed a garbled mess; etc.). Now, for the fun part. The part that you can't do with a laptop.

I took the drive and the TPM out of my initial build machine and put it in a test machine; configured the BIOS; booted. Useless. Windows wouldn't boot as it couldn't decrypt the drive. I was hoping that I'd be able to use the drive; no such luck.

Finally, I returned the TPM and drive back to the original machine. Everything worked fine. ("manage-bde -status") still shows the drive as encrypted.

I'm torn. On one hand, I'm glad that the encryption protected the data even after the drive and the TPM were moved into a different machine. Let's face it: you'd have to have a VERY determined adversary to try something like pulling a TPM off of a laptop motherboard. On the other hand, in an enterprise environment, sometimes data recovery means that you need access to data even if the original machine is b0rked. I guess that's what MBAM is for.

MJ


Posted by at No comments:
Subscribe to: Posts (Atom)