Simple method to Encrypt/Decrypt Zip files on Windows

Unfortunately, encrypting a file on Windows with a simple password is not super simple. While Windows does now support other compression formats (RAR, 7-Zip) it does not support encryption for them.

Currently, Windows natively supports the ZipCrypto algorithm. No AES. Note that the ZipCrypto algorithm is not considered secure, and shouldn’t be used for highly confidential data.

The following method, you will need 7-Zip to create the archive, but you won’t need it for decryption as Windows has built in support for ZipCrypto decryption.

To create the archive, you will need 7-Zip installed. Right click on your file/folder -> 7-Zip -> Add to Archive.

You should be presented with a similar window.

Change Archive format to zip
Enter the password
Ensure that the Encryption method is ZipCrypto
Hit OK to create the Archive.

You can now transfer the password protected archive to a new machine. You’ll be prompted for the password when you extract the archive.

How to Add a User from Windows Command Prompt

Adding a user from a Windows command prompt is easy. We can use the net user command. Specify the username and password, append a /ADD and we are off to the races.

net user username password /ADD

Example Command.

net user incredigeek mysecurepassword /ADD

https://www.windows-commandline.com/add-user-from-command-line/

Making RDP Faster (60FPS)

https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/frame-rate-limited-to-30-fps

On RDP Server, Open up Registry Editor as administrator

Go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations

Add a new DWORD

Set the name to DWMFRAMEINTERVAL

Set the Value to 15, and base Decimal.

Apply and reboot.

You may also want to look at enabling the following options in Group Policy Editor

Computer Configuration > Policies > Administrative Template > Windows Components > Remote Desktop Session Host > Connections > Select RDP transport Protocols > Use both TCP and UDP

Computer Configuration > Policies > Administrative Template > Windows Components > Remote Desktop Session Host > Connections > Remote Session Environment > Use hardware graphics adapters for all Rmote Desktop Services sessions

https://github.com/maxprehl/TurboRemoteFX
https://www.reddit.com/r/sysadmin/comments/fv7d12/pushing_remote_fx_to_its_limits/

How to Disable Windows Suggestions when copying text

Windows 11 introduced “Suggested Actions”. When you copy a date, time, or phone number, you will get this little pop up asking if you want to “Create event” or “Call number”.

While this can be helpful, it can also be slightly annoying and get in the way. Fortunately, there is a simple way to turn it off. Hit the little down arrow, then click “Go to clipboard settings”

Once in the System settings, turn “Suggested actions” off.

Enable TLS 1.1 and 1.2 on Windows 7

Windows 7 does not support TLS 1.1 or 1.2 by default. This can be an issue if you are still trying to use Outlook 2010 on Windows 7.

Fortunately there is a way that we can enable TLS 1.1 and 1.2.

First we need to verify that we have the correct Windows update in place. Download the appropriate download and double click it to run.

For 64 bit systems download the update from here

http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu

or for 32 bit systems

http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x86_cdafb409afbe28db07e2254f40047774a0654f18.msu

After the update is finished, create a new text file (AKA PowerShell Script) with the following contents.

$arch=(Get-WmiObject -Class Win32_operatingsystem).Osarchitecture
$reg32bWinHttp = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$reg64bWinHttp = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$regWinHttpDefault = "DefaultSecureProtocols"
$regWinHttpValue = "0x00000a00"
$regTLS11 = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$regTLS12 = "HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
$regTLSDefault = "DisabledByDefault"
$regTLSValue = "0x00000000"

Clear-Host
Write-Output "Creating Registry Keys...`n"
Write-Output "Creating registry key $reg32bWinHttp\$regWinHttpDefault with value $regWinHttpValue"

IF(!(Test-Path $reg32bWinHttp)) {
    New-Item -Path $reg32bWinHttp -Force | Out-Null
    New-ItemProperty -Path $reg32bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
}
ELSE {
    New-ItemProperty -Path $reg32bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
}

IF($arch -eq "64-bit") {
    Write-Output "Creating registry key $reg64bWinHttp\$regWinHttpDefault with value $regWinHttpValue"
    IF(!(Test-Path $reg64bWinHttp)) {
        New-Item -Path $reg64bWinHttp -Force | Out-Null
        New-ItemProperty -Path $reg64bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
    }
    ELSE {
        New-ItemProperty -Path $reg64bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD -Force | Out-Null
    }
}

Write-Output "Creating registry key $regTLS11\$regTLSDefault with value $regTLSValue"

IF(!(Test-Path $regTLS11)) {
    New-Item -Path $regTLS11 -Force | Out-Null
    New-ItemProperty -Path $regTLS11 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
    }
ELSE {
    New-ItemProperty -Path $regTLS11 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
}

Write-Output "Creating registry key $regTLS12\$regTLSDefault with value $regTLSValue"

IF(!(Test-Path $regTLS12)) {
    New-Item -Path $regTLS12 -Force | Out-Null
    New-ItemProperty -Path $regTLS12 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
    }
ELSE {
    New-ItemProperty -Path $regTLS12 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD -Force | Out-Null
}

Write-Output "`nComplete!"

Save the file as “tls-reg-edit.ps1”

If saving it using notepad, change Save as type: All files (*.*)

Open a PowerShell. Change directories “cd” to the location you saved the above script to. ie. cd Downloads

Run the script with the follow command. Note you will most likely need to hit Y to allow the scripts to run.

Set-ExecutionPolicy Bypass -Scope Process ; .\tls-reg-edit.ps1

After the script runs, you’ll need to reboot your computer.

The script and information was taken from the following link. Thanks cPanel!

https://docs.cpanel.net/knowledge-base/security/how-to-configure-microsoft-windows-7-to-use-tls-version-1.2/

There is also more information at the following Microsoft link.

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

How to Bypass the Windows 11 “Let’s connect you to a network” Screen

Windows 11 seemingly will not let you finish the setup process unless you are connected to a network. Fortunately there is an easy way to side step this issue.

When you get to the “Let’s connect you to a network screen”

Hit the Shift + F10 keys to launch a command prompt

From here, there are two ways we can disable or skip the network setup.

1. Run the OOBE Command

https://www.makeuseof.com/windows-11-set-up-without-internet-connection/

Type OOBE\BYPASSNRO and hit enter. The computer should now reboot and it will give you an option to skip the network setup.

OOBE\BYPASSNRO

2. Kill the Network Connection Flow from Task Manager

https://www.elevenforum.com/t/how-to-bypass-network-connection-during-clean-install-of-windows-11.2647/

Type in “taskmgr.exe” to launch the Task Manager

Find the Network Connection Flow service, select, and End task

It should now skip the network page and go to the License Agreement and let you finish setting up your computer.

The acropalypse Vulnerability

First what is acropalypse?

Acropalypse is a vulnerability in Google’s markup editor (and Windows Snipping Tool). It allows an attacker to recover parts of a cropped or marked up image.

https://en.wikipedia.org/wiki/ACropalypse

There are a couple specific steps you have to follow for the bug to happen.

  1. Take a screenshot
  2. Save screenshot
  3. Crop or markup screenshot in Google Markup or the Windows Snipping Tool
  4. Save screenshot with the same name as original screenshot

The bug is when you save the cropped screenshot with the same name, it overwrites the original file, but the markup tools are not resizing or truncating the file. Meaning that there is extra data in the screenshot.

For example in the following two screenshots, notice the size and dimensions

Here is the first screenshot

The second screenshot shows smaller dimensions because it was cropped, but the size is still the same.

Am I affected?

Potentially. Most images are reprocessed if they are being uploaded to a web service. Discord only started doing that in January. So if you have images on Discord before then, you may want to look into that.

You also have to specifically overwrite the original screenshot image. If you don’t normally save the image first you may be fine. Never hurts to check though.

https://acropalypse.app/

Is macOS or iOS affected?

macOS and so presumably iOS, appear to properly resize the image after cropping has taken place. That would lead me to suspect that iOS and macOS devices are not vulnerable to a variant of apocalypse.

Twitter Post about acropalypse.

VirtualBox – Failed to acquire the VirtualBox COM object.

VirtualBox failed to acquire the VirtualBox COM object.

Under the Details it was complaining about VirtualBox.xml

Looking in Windows Explorer in the .VirtualBox folder

C:\Users\Username\.VirtualBox

it shows that the VirtualBox.xml file being empty. Delete the file. Reinstall VirtualBox. Now go to your VM’s in

C:\Users\Username\VirtualBox VMs

Open up the VM folder and double click on the “Virtual Machine Definition” file to “reimport” them into VirtualBox.

Enable or Install Group Policy Editor on Windows 10/11 Home

Normally you can’t run the Group Policy Editor on Windows Home editions. But there is a way to enable it.

First, open up a Command Prompt (Not Terminal) as Administrator

Open Command Prompt as Administrator

Now copy and paste each of the commands.

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")
FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

Now we can launch Group Policy Editor by typing in the following

gpedit.msc
Group Policy Editor on Windows Home

More details can be found at the following sites

https://linustechtips.com/topic/1482968-windows-doesn%E2%80%99t-suck-microsoft-just-wants-you-to-think-so%E2%80%A6/#comment-15762053

https://www.itechtics.com/enable-gpedit-msc-windows-11/