Migrate Windows 7 to an SSD Drive

If you have the pleasure to own a brand new SSD drive: Congratiulations! It’s so much more fun than a disk drive. TO get you started quickly, here’s how you can migrate your existing windows 7 to the new drive. You’re going to perform the following steps:

1. Tidy up your system
2. Create a Backup
3. Restore the Backup to the SSD
4. Align the Partition
5. Recreate MBR
6. Tweak Windows Settings

Tidy up your system

SSD space is not only much faster, it’s also much more expensive. Typically, your SSD is much smaller than your previous drive. If so, you'll need to free some space before the migration.

1. Oursource the Data (Pictures, Videos…) to another partition. See this post how to do it.
2. Uninstall not needed software
3. Clean up using CCleaner

 

Create Backup

Before you start, make a backup. Not only for safty reasons, we’ll use the backup in the next step to get an exact copy of the partitions on your SSD. Make sure you do a partition backup of drive C. I recommend to use Easus Todo Backup for this task.

Select Disk and partition backup

 

Give it a meaningful name

 

Select partition C

 

Select the destination. Best on an external drive.

 

Restore Backup to the SSD

Restore the newly created backup to your SSD Drive

 

Align the Partition

Partition alignment is very important for the speed of the SSD. If a partition is misaligned, the partition clusters overlap with the hardware blocks of the SSD. Writing one cluster on the drive results in writing 2 blocks. This dramatically reduces performance.

1. Download the GParted Live CD
2. Create a bootable media (e.g. burn the ISO to a CD)
3. Boot the PC from the Media
4. Start GParted
5. Modify the Boot Partition, select exactly 2 MiB as offset at the beginning of the partition. Uncheck the “round to cylinder” option

Recreate MBR

We just broke your MBR. Didn’t notice? Try booting Windows… it doesn’t work.

This is fixed easily.

1. Insert the windows installation disc
2. Boot it
3. After the language selection, click “Repair”

It will automatically detect the broken MBR and fix it.

 

Tweak Windows Settings

Disable Defragmentation

Start Menu -> Right-Click Computer -> Manage -> Services and Applications -> Services - > Right-Click Disk Defragmenter -> Startup type: Disabled –> OK

Disable the Page file

If you have enough RAM, you should disable paging. If you don’t have, you should buy more

Start Menu -> Right-Click Computer -> Properties -> Advanced System Settings -> Settings (Performance) -> Advanced Tab -> Change -> Uncheck Automatically manage -> No paging file -> Set –> OK

Depending on your needs, you can try more tweaks listed here.

Done!

References:

http://www.mydellmini.com/forum/windows-7/2441-windows-7-ultimate-solid-state-drive-speed-tweaks.html

Separating Programs and Data

There’s the golden IT rule: Always seperate Programs and Data. Why? Because you need to backup only Data. Programs can be easily reinsalled after a crash. If it’s mixed, it’s hard to maintain.

Target

The target is to have two partitions:

1. Drive C with Windows and all Programs on it
2. Drive D with only Data on it

This way, you can easily delete and restore the complete C Drive from a drive image if anything goes wrong with Windows. Your data is still safe on D.

Backup Data

Before you start, backup your complete system to an external drive.

Splitting the Partition

If you have only one partition, you need to split it. If you have two, you still might want to resize them to your needs. For this tutorial, we’ll assume that you have only one partition.

You’ll first need some space. Delete all your data from the C drive. By data, I mean only

• Documents
• Pictures
• Videos
• Downloads
• etc.

No Programs! And don’t forget to backup first!

For the split, I recommend using Easus Partition Master Home

Start the software and select the Partition C. Select Resize/Move Partition

The new size should be between 50-100GB. You should have at least 20% free space on C after resizing. If you have enough space, you could give it 150GB, just to be safe. In this example, I gave it 90GB

Now create a 2nd partition on the unallocated space.

This partition should fill the rest of the disc.

Finally, Apply the changes. This might take a while and you might be asked to reboot.

Move your folders

Open your account folder from the desktop

Now, do the following steps for all folders in your account folder:

1. Right-Click –> Properties
2. Tab Path
3. Change the Path to point to a new folder on drive D
4. Confirm

Restore Data

Windows will locate your personal data on drive D. Now it’s time to grab the backup you made and restore all personal data into the new folders on drive D.

Backup Drive C

Now that everything is working, backup drive C as a drive image. You can restore this image anytime if needed without losing any data on D. For image backups, I recommend the free software Easus Todo Backup

Done!

Caschys High-End lottery

Caschys blog is one of my favourite german IT-News Blogs. Today it's his 6th birthday, so...

HAPPY BIRTHDAY

A birthday comes with presents, right? Great! In this post, there's a lottery with 22 high-end presents like a Laptop, iPad, Harddrive, Mobile Phone etc...
Don't miss it!

PS: It's in german, so you might want to use google translate

Get a free S/MIME certificate for email encryption

This post describes how to obtain your personal email certificate that can be used to receive encrypted mail and to sign outgoing emails. You should never send confidential informatin via email since it can be read by any ISP and mailserver administrator on its way.

There are several providers for free S/MIME certificates. We’ll be using Trustcenter “Internet ID”. The good thing about this certificate is, that it’s valid for 1 year and it contains your real name. Some others issue only generic certificates without names.

1. Sign up

Navigate to the trustcenter certificate wizard.

This wizard is also available in german.

Fill your personal details. Press next

 

Select “High Grade” for key length and press “Generate key pair”

 

The key generation takes a few seconds. After that, fill the additional fields. The revocation password can be used in case you lose your certificate in order to “delete” it. Choose a strong password. Prexx “Next”

 

You order is confirmed.

 

2. Confirm your email address

Now check your emails. You should receive the followigng email

Follow the instructions in the email and reply.

 

3. Install the certificate

A few minutes later you’ll receive another email. This one contains a summary and a link to install the certificate. Click the link. Note that the link must be opened in the very same browser that was used to generate the key

 

You’ll see the following page if everything went fine.

Click “Install certificate”

 

4. Backup the certificate

The certificate is now stored in your browser’s certificate manager. It’s a good idea to export it for backup purposes. You’ll need to import the file if you want to use the certificate for email applications.

Navigate to Tools –> Options –> Advanced

Click “View Certificates”
You should see your certificate in the tab “Your Certificates”

Press “Backup…”
The file you’re about to export is secret. You should protect it with a strong password.

Done! You exported a PKCS#12 file which can be used with your email clients. Check my other posts for instructions.

Creating a PKCS12 certificate for free

 

If you want to experiment a little with PKI (public key infrastructure), SmartCard technology and other securty-related topics, you can create a certificate for yourself for free. Here is how it works.

 

Installing XCA

XCA is a great software to manage everything related to certificates. Just download and install it.

It’s a good idea to install all modules.

 

Creating a Certificate Authority

We want to do things right, so the 1st thing we need is a certificate authority. The authority can issue and revoke certificates. As soon as it comes to advanced tasks, we’ll need it anyway. Creation is easy, so let’s go.

Start XCA

 

Create a new Database

 

This is going to store all your valuable certificates, so give it a good password. I recommend to store the database file on an external flash drive and to keep it in a safe place as long as you don’t use it.

 

Press “New Certificate”

 

Select “[default] CA” as template and press “apply all”. This will fill all the advanced fields to create a CA (certificate authority) certificate.

 

 

Enter a meaningful name for “internal name”. This name is used only within the XCA application, so it’s just for you.

You should definily fill the commonName. This is showen as the certificate name everywhere you’ll be using it. You can name it “yourdomainname.com CA” for example.

Every certificate needs a key pair, so please generate one pressing “Generate a new key”

 

Select “RSA” and 2048 bit as keysize. Those settings are recommended if you want to load your certificate to a SmartCard later on.

 

Done! Now we have the CA created as you can see.

 

Create Personal Certificate

Usually we’d now create a bunch of certificates. One for email encytion, one for VPN, one for Windows Logon, one for …

This is useful since they are independant and for example you can revoke them individually if something should go wrong. Anyway, we’ll do the bad practice and create just one “universal” certificate being capable of everything.

Press “New Certificate” again.

This time, we don’t apply a template but switch to the Subject Tab right away. Enter the internal name and common Name. This time, you should name it after your First and Lastname to indicate, that this is your personal certificate. Also, generate a new RSA, 2048bit key for this certificate.

 

In the “Extensions” Tab, you might want to extend the validity to 5 years. Expiration increases security in case you lose your key or it’s compromised. Then press OK

 

In the “key usage” tab, select all entries in both columns. This ensures that you’ll have no restriction. Again: this is bad practice. If you want to do it right, create one certificate per application and assign rescricted key usage permissions.

Press OK

Done! You can see in the certificate chain, that your personal certificate.

Exporting your personal certificate

Now select your personal certificate and press “Export”

 

The correct exort format is “PKCS #12 with Certificate chain”. This format includes

• your personal key pair (public and private)
• your personal certificate
• all parent certificates up until the root CA certificate

 

 

To protect your keys, the file is encrypted by a password. Whenever you want to use your certificate, you need to enter the password.

Keep the exported file in a safe place. Even if it’s password protected, make sure noone else but you can access it. The safest storage is on a SmartCard.

Exporting the CA certificate

For advanced applications, you’ll need to have the CA certificate. That’s why you should export it. Select it and press “Export”

 

It’s very important to understand that we don’t export the CA’s private key now. It remains within your XCA database only and can only be used for certificate creation. Our export contains the public key and the certificate only. This is enough for other applications to verify, that our personal key was signed by the CA. That’s all they need.

Select the export format PEM and press OK

 

Summary

You created

• a XDB Database that should be stored in a safe place, offline.
• a P12 Certificate file that contains your password-protected secret key
• a CA certificate file that does not contain any secrets

SmartCard Login in Windows 7

Logging in with a smartcard to windows is usually supported ony for enterprise installations based on a domain controller. If you want this feature at home, all you need is the open source software EIDAuthenticate, a SmartCard including the driver (middleware) and a certificate. I recommend the Gemalto .NET IM V2+ SmartCard and a Certificate from StartSSL.

Installing the Software

Just download and install the latest version of EIDAuthenticate. Walk through the installer

Setting up the certificate for logon

Reboot your PC. After boot up, enter the control panel and open “Smart Card Logon”

 

Select “Use Preconfigured Card”

 

The dialog lists your all certificates on the card. You might not have a certificate on the card, the certificate chain is not complete or the EKU (Extended Key Usage) is not okay. In those cases it would be better to genereate a new certificate which allows SmartCard Logon.

 

Once you have the certificate on the card, you must import the issuer CA certificate as trusted in the windows certificate store. This will make all certificates issued by that CA trusted by windows. To do that

• Start Menu, click Run… and type mmc
• In MMC, File->Add/Remove Snap-in… and click the Add button
• Select Certificates from the list of snap-ins and click Add.
• Choose the Computer Account radio button. Click Next and then Finish.
• Right click on the Trusted Root Certification Authorities folder and choose All Tasks -> Import… to bring up the Certificate Import Wizard.

The Certificate Import Wizard will walk you through the process of selecting a certificate file and adding it to the store.

Enter the Smart Card Logon settings again and your certificate will be showen as trusted.

Press Continue

 

Type your password and press finish. If you like the smartcard signon, you can later select to allow logon only with smartcard.

 

Finally, enter your SmartCard PIN.

 

Done! On next login, you can sign on with the smartcard.

Change domain IP address in ispCP

If you run multiple domains on ispCP and you want to run some domains on a different IP address, here’s how you do it.

Adding the IP in the admin console

Log in to your ispCP admin account. Navigate to

Settings –> Manage IPs

Add the new IP address and the domain you’re intending to use it for.

Mapping the IP to the domain

This must be done manually. Log in via SSH to your server. Connect as root user to your MySQL console using

mysql –u root –p

You need to enter your mysql root password now. If you don’t remember it, you might be able to recover it. Once logged in, list all your databases using

show databases;

Identify the ispcp database, mine was named “ispcp_database”. Then, select that database

use ispcp_database;

If your ispcp database is named differently, replace “ispcp_database” with your name. Next, list the domain / IP mapping

select domain_name, ip_number FROM domain d RIGHT JOIN server_ips ip ON d.domain_ip_id=ip.ip_id;

You’ll see a list of all domains now and their IP addresses. You should have the domain name NULL mapped to the newly added IP. This means, that there is no domain assigned to it, yet. To assign the domain, run the following query

update domain SET domain_ip_id=(select ip_id from server_ips WHERE ip_number="1.2.3.4"), domain_status="change" where domain_name="example.com";

Replace the red strings with the IP address and the domain name you’d like to assign. To double-check that it worked correctly, list all assignments with the following query

select domain_name, ip_number FROM domain d RIGHT JOIN server_ips ip ON d.domain_ip_id=ip.ip_id;

Exit MySQL.

The next step will overwrite the ispcp configuration and all custom changes it might include. Please backup your ispcp.conf before proceeding. When done, run the update script

cd /var/www/ispcp/engine/setup/
perl ispcp-update