List of Figures

W

warm boot, and memory, 219

warnings

of unsigned drivers, 30-31

from Windows, 42

Web-Based Enterprise Management (WBEM), 187

web resources

on BitLocker encryption algorithm, 191

digital signatures, 239

downloading chml, 144

files for experimenting, 91, 116

"legacy" applications, 120

TPM specifications, 188

wecsvc, 51

wecutil.qc (Windows Event Collector utility), 47, 51

well-known groups, 68

well-known RIDs, 67

WFP (Windows Filtering Platform), 232

whoami.exe, 5, 153

group membership display, 73

to view token, 72-74

WHQL (Windows Hardware Quality Labs), 30

WIC. See Windows integrity control (WIC)

Windows 2000, RunAs feature, 63

Windows, administrative, digital signature absence, 111

Windows Boot Loader sections, in bcdedit report, 11

Windows Boot Manager

default entry changes, 13-14

section in bcdedit report, 11

timeout changes, 13

Windows Classic theme, 3

Windows components, troubleshooting, 235

Windows Defender, 241

Windows Event Collector service, 51

starting, 46, 46-47

Windows Explorer, "Run as administrator" and, 80

Windows Filtering Platform (WFP), 232

Windows Firewall, 44, 255

\Windows folder, 170-171

Administrators group permissions, 171

default permissions, 171

file redirection from, 116, 119

Windows Hardware Quality Labs (WHQL), 30, 108

Windows integrity control (WIC), 131, 139-156

access control entry (ACE)

limits, 168-170

to restrict access, 166-168

and deletes, 160-166

failure of blocking deletes, 165

integrity levels, 139-141

changing, 147-151

chml for changing, 149

icacls for changing, 150

permissions for changing, 148-149

SDDL strings for setting, 180

storage, 141-153

in token, 72

viewing, 143-147

Internet Explorer protected mode and, 157-160

overview, 132-133

process integrity levels, 153-156

viewing, 154-156

second directive, 143

testing prime directive, 150-151

user integrity levels, 152

storage, 152-153

viewing, 153

Windows Management

Interface (WMI) providers, 186, 187

Windows OS Volume, 189

encryption by BitLocker, 190

Windows Platform SDK, Manifest Tool, 93

Windows Remote

Management. See WinRM (Windows Remote Management) tool

Windows Resource Protection (WRP), 233

Windows Side by Side, 87, 88

\Windows\System32 folder, 109

administrator token for writing to, 81

permissions, 172

Windows Vienna, 128

Windows Vista

format utility, 226

GUI

"alertness warnings," 83-84

and User Account Control (UAC), 82-86

logging on as local administrator, 2

with multiple boot options, 9, 9

Windows XP SP2, Remote Desktop Connection 6.0 for, 22

WinRM (Windows Remote Management) tool, 45, 46

authentication between workgroups, 56

configuration parameters, 54

get command, 54-55

set command, 54-55

wiping the disk, 226

WMI (Windows Management Interface) providers, 186, 187

for BitLocker and TPM Base Services, 220

workgroups

authentication between, 56

event forwarding in, 52-57

wrapper for services, 242

wrapping key, 187

write permissions, granting to service SID, 252-253

writing files, under virtualization, 119

WRP (Windows Resource Protection), 233

WS-Management, 45

configuration, 53

schema, 54

testing connectivity, 55-56

Wyse installer, 82