Remotely BitLocking

In a corporate IT environment is very common to use the BitLocker Drive Encryption technology to prevent data from being read in case of a stolen drive.

Remember that, if a unencrypted drive is stolen from a machine and connected to a foreign computer, most likely the attacker can get access to all the content of the drive regardless the fact that users logged with secure password.

The BDE techology encrypt the disk so it must first be decoded when connected to another machine before being able to read data from it.
Another feature of BDE is that you can lock it with a PIN that is asked to the user before Windows loads, so it acts as a sort of two-factor authentication. Strictly speaking, the two factors should not be two different things the user knows – in this case they are both passwords – but this is an additional security layer several companies like to add.

For IT Professionals it is a useful feature to be able to reset or change the PIN remotely.
Commonly it is thought that this must be done using a remote screen control, or some kind of remote execution tool, but in reality the BDE suite comes with a full set of command-line interfaces that have built-in remote capabilities.

In this specific case, changing the PIN remotely is simply as the following example:

C:\WINDOWS\system32>manage-bde -changepin c: -computername hostname

Where:

  • manage-bde -changepin
    is the main tool to command BDE, you can learn more at Manage-bde.exe Parameter Reference
  • c:
    is the drive letter you want to manage BDE of
  • -computername hostname
    the parameter indicating you want to operate on a remote machine which name is hostname

Result of this command will be

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.

Computer Name: hostname

Type the new PIN: ******
Confirm the new PIN by typing it again:******

where you need to enter and re-enter the new PIN for confirmation and finally

Your PIN has been successfully updated.

It is worth noting, even if this is quite obvious,  that this command must be entered by an elevated command prompt where you have administrative permission to the remote machine.

Advertisements

Updating Windows 7

In the past few months I faced a serious issue with brand new installation of Windows 7.
From a previously perfectly-working installation image, I kept ending up with a seemingly broken installation in the sense that Windows Update apparently wasn’t working properly.

WU appeared to be continuously looking for updates never stopping and starting the actual downloading and installation. Even after leaving it work for hours at a time, it was impossibile to obtain or install any update. Continue reading “Updating Windows 7”

Command a Ghost

Everyone working with graphics in a serious way with a computer should be acquainted with Ghostscritpt. For those who are not, it is a an interpreter suite for PostScript and Portable Document Format: I will not cover it in depth here, but you can learn more at the related Wikipedia article or visiting the official website.
It is a very powerful and versatile tool and one could write books about, but in this post I will focus on one conversion I personally found very useful , but not particularly user-friendly.
So I am publishing this for my own exercise and with the hope of helping other users.

Take the following command:

gswin64c.exe -dNOPAUSE -dBATCH -r600 -sDEVICE=tiff24nc -sCompression=lzw -sOutputFile=scansioni%d.tif scansioni.pdf

comprised of several parts

  • gswin64c.exe
    the executable name: in this case is the 64-bit Windows one.
    You should replace it with the program file appropriate for you OS and architecture
  • -dNOPAUSE
    instruct the parser not to pause and ask for input at the page breaks
  • -dBATCH
    GS will exit at the end of the process instead of entering in interactive loop reading PostScript commands.
    Please note that both -dNOPAUSE and -dBATCH can be replaced by the single -o
  • -r600
    output resolution in DPI. Writing just one value will set vertical and horizontal resolution the same, otherwise you can use the form -rXRESxYRES
  • -sDEVICE=tiff24nc
    the output device, in this case a TIFF file with color depth 24bits
    Other common values could be -sDEVICE=tiffgray or -sDEVICE=jpeg.
  • -sCompression=lzw
    the compression to use for the TIFF file, in this case the Lempel–Ziv–Welch algorithm
  • -sOutputFile=output%d.tif
    the filename of the output: the use of %d will generate one file for each page in the original document appending number to the name output
  • input.pdf
    the original PDF file to read from

this blog post act as a sort of cheat sheet for rapid reference, but complete information on how to use GS can be found at How to use Ghostscript and Details of Ghostscript output devices.

ASP.net directory on hosting

It is quite a common case to have a website on a remote hosting when, for whatever reason, you can’t afford a full-fledged server onto your fridge or in a remote location. One of the issue you might come across on a hosting server running ASP.net is finding the path of a folder you want to work on. Usually you have a local copy of your website where you work using Visual Studio and then you publish it to the remote location: this is the typical example where the folder structure will not match to the root: you might have a c:\documents\websites\mysite\ that on the hosting server maps as d:\webs\789547\customers\jhondoe\jhondoe.com\. To find the right path both locally, on a hosting location or wherever else there is a simple strategy. Review the following code:

For Each CurrFile As FileInfo In New DirectoryInfo(Hosting.HostingEnvironment.MapPath("\test")).EnumerateFiles
    […
    work on each file
    …]
Next

This piece of code is enumerating all the files in a subfolder called “test” under the root of your website no matter where it is actually located in the absolute directory tree. Review this article on the MSDN library for more information.