Removable media can be a dangerous source of information leakage. On one hand, it may contain sensitive data which may be disclosed to unknown parties if stolen or lost while, on the other hand, it may contain viruses, malware and other malicious programs which can infect your system or network! You can block users from writing data to removable media, prevent them from reading data or running programs stored on removable media using Disk Policies.
In a network setup with domain controllers edit the Domain Group Policy but for a single computer system edit the Local Group Policy by typing gpedit.msc in the Start search text box.
In the Local Group Policy Editor, expand Computer Configuration and then Administrative Templates. Next expand System and Removable Storage Access.
If you suspect that one of your drives is not performing well or is not showing up in certain utilities such as, Disk Defragmenter then your first step would be a check disk operation. A Check disk operation includes automatic fixes for both file system and physical errors. To start this operation right-click a disk drive from the windows explorer or the Start menu Computer item. From the properties window, click the Tools tab and under Error-checking click Check Now.
With Windows 7 you can defragment internal and external disk drives, USB drives and Virtual drives but they must be formatted with the NTFS file system and are not network shared (mapped) drives! By default, defragmentation happens automatically every Wednesday at 1:00 A.M. however, if the computer is off at this time, it will start shortly after the next boot up! Also, it detects all drives installed on your system and performs defragmentation on all drives. The cool thing about Windows 7 is that it recognizes SSD drives (solid state drives) too, and disables the defrag operation on them as they do not need it. Microsoft has tweaked the defragmentation algorithm to perform better
Disk fragmentation happens when files are created, deleted and modified over time with the result that if a file needs to increase its size and there is no room adjacent to it, it gets another portion of the disk somewhere else and hence, the file is now in two or more locations on the disk – the file is fragmented! This is basically the behavior of fragmentation and is quite normal to happen on all systems, whereas, heavily used systems will experience higher fragmentation quicker. Highly fragmented file systems will slow down file access times and will put additional stress on the hard drive.
Unnecessary files such as, temporary Internet files, recycle bin files, applications temporary files, setup log files, offline web pages, thumbnails, downloaded install programs and system error reports take up disk space and have an impact on data access times! The Disk Cleanup tool removes these obsolete files.
Start the Disk Cleanup tool by typing disk cleanup in the Start search text box.
The File Signature Verification Tool allows you to scan your computer and find unsigned device drivers. Any files that are signed can trigger a flag if modified; hence, we protect critical files with signatures. DirectX device drivers can be checked using the DXdiag tool. Start The File Signature Verification Tool by typing sigverif in the Start search text box.
The File Signature Verification main window allows you to configure log settings from the Advanced button. You can either Append or Overwrite scan results to the previous ones. It is recommended to save the scan results as these will serve as a list of all device drivers found on your computer.
DirectX is a technology used by multimedia programs running on your system. The DirectX Diagnostic tool (DXdiag) helps you troubleshoot DirectX related issues such as, checking digital signatures for your video card drivers. It also checks whether a driver has passed the Microsoft’s Windows Hardware Quality Labs (WHQL) tests. But most importantly, it helps find problems with games or movies that cannot run properly. The first time you run the DXdiag tool you are asked whether you want to check if your drivers are digitally signed and that the tool may connect to the Internet but no personal data is collected.
Make sure that you select the Check for WHQL digital signatures option in order to test for signed drivers. That is, digitally signed drivers have been tested by the Microsoft Windows Hardware Quality Lab for DirectX compatibility. It is recommended, to update a driver that is flagged as unsigned.
Computer users without administrator privileges cannot install unsigned drivers! Drivers must be signed by certificates that Windows 7 trusts, while a user account with administrator privileges can install unsigned drivers. In the case of a network environment where ordinary users need to install unsigned drivers or applications, an administrator can authorize such installation using a self-signed digital certificate.
Digital Certificates allow users to identify that the source of the device driver or application is a legitimate publisher. It does not mean that the driver or application is bug free but its source is trustworthy that is, coming from its claimed source and it is intact.
A self-signed certificate will be valid only to your environment and can be created from a certificate authority server running Windows Server and Certificate Services. In order to have a certificate that is recognized by other users outside your organization, it needs to be issued by an external Certificate Authority such as, VeriSign. It is recommended to thoroughly test self-signed drivers in a test environment prior to deployment on production machines.