 
A Big Security Fix and Performance Manual

### The Essential Guide to Computer Security & Performance

By: Wayne Hoss

A Big Security Fix and Performance Manual

The Essential Guide to Computer Security & Performance

By: Wayne Hoss

Copyright © 2017 by Wayne Hoss All rights reserved.

No part of this book or any portion thereof may be used in any manner or reproduced, scanned, or distributed in any printed or electronic form without the express written permission of the author except for the use of brief quotations in a book review which would be appreciated.

First Edition: July 2017 Printed in the United States of America

DISCLAIMER

Understandably, this book is written based on Windows 7 Ultimate edition, even though the author did incorporate the information on how to acheive the same goals with other operating systems and did his best to make the examples as easy as possible, your version of Windows may be different, it therefore does not cover other versions as accurately, the user must therefore read up on any other operating system such as Windows 10 to acheive the examples given in this book, however it is more likely to be more complete and accurate for Windows 7 Professional or Ultimate. It also cannot be expected to accurately cover the differences of other versions of Windows and may require some research on the readers part.

While most of the information from my own experience has been verified on my version of Windows, obviously I cannot be responsible for the applicability to other Versions of Windows or other Operating Systems. Even though I am A CompTia A+ Certified Professinal, and graduated head of my class at a Microsoft Certified College in a Microsoft Certified MCSA course I am not associated with Microsoft, and have no means for verifying configurations of other versions of Windows. Therefore, the reader should take advice accordingly and determine for themself if it applies to their Operating System and will serve their purposes.

It should also be understood that a reader performing even minor adjustments as defined in this book should verify the information according the their own Operating System. If there is any doubt whether or not the item in question is covered in their particular Operating System and/or version of Windows, the reader is advised to read the documents and/or help information that came with their version of Windows. If the reader is told by the examples in this book to change a setting or configuration, it is understood that the reader does so at their own risk and the author shall not be held liable. Therefore the reader should check their own version of Windows to make sure that the settings are alike and then the reader can make their own informed decision how to proceed.

### Table of Contents

Chapter One: Your Computer may be at risk!

Chapter Two: Performance and Security

Chapter Three: Services and Applications

Chapter Four: Secure and Optimize Service Settings

Chapter Five: Local Security Policy

Chapter Six: Local Security policy Continued

Chapter Seven: Group Policy

Chapter Eight: Computer Repair

Chapter Nine: Conquering A.D.H.D

#  Chapter One

## Your Computer May Be at Risk!

Your computer is more than likely open to attacks in several ways and you do not even know it! Windows leaves several services and configurations running in the background that leaves you vulnerable and open to attacks from hackers and identity thieves. These services and configurations severely drain most of your resources such as your Internet speed; System Memory, CPU, and they even use a large amount of your hard drive space for things that are not really necessary for the average user.

Some of these settings are for instance Remote Registry, Computer Browser, Internet Connection Sharing (ICS), Anonymous Users, Remote Location Awareness, Windows Remote Management Service, Windows Time (which by the way is not your clock) and even these two huge risks, Secondary Logon and Remote Desktop, which allows another user to log on to your computer even while you are still on it, and what's more, you can not see them so you have no idea that they are there!

For instance, Anonymous Users are permitted in your computer through various Windows settings and you probably did not know that either. Of even greater concern is the fact that most, if not all, of your hard drives are being shared without your knowledge, and even worse, remote settings are sometimes running in the background leaving your computer vulnerable to attack. These are settings and configurations that only certain people know about such as a Network Administrator.

However if you are a home user and not a company that is big enough to have several computers connected together (known as a network) then you have no need for these services and configurations, and you of course have not hired a Network Administrator such as myself, so why are these potentially dangerous security risks open and running on your personal computer? Why are they running without your knowledge?

What is going on here is a very huge problem, one that is being caused, in my opinion, by the very company that we have come to trust and allow in our lives without giving it a second thought. Do you really want to know the truth about what is going on behind your back as you are surfing the Internet?

Lucky for you that I have written this book which reveals even more than most of your certified computer repair technicians, or average computer geeks .know. In fact I have not met any Network Administrators that are aware of all the things that I reveal to you in this book!

I have shown these settings to people that were pretty good at working on computers, and even shown them to certified technicians only to have them exclaim "Oh my God, I never knew these existed.... how in the world did you know this?"

Even though I graduated from one of Microsoft's Colleges the top of my class in a Microsoft Certified Systems Administrator (M.C.S.A) Course, not to mention that I am also "CompTia Certified as an A+ Certified Professional" in "Computer Software and Hardware Repair", I did not learn most of these settings at that college, I learned most of them on my own over the forty plus years that I have been into computer repair and network administration..

Due to all of this hacking and ransomware going around that has even locked hospitals out of their own computers, denying them access to patients records and critical information that could be the difference between life and death, I decided that enough is enough.

Please do not get me wrong, Microsoft has a very good reason for these settings and configurations being incorporated into their software, but that is no excuse for them to leave these settings and configurations open and running in the background, putting the entire world at risk. There are some companies and businesses that do use these settings and configurations, but most of them can afford to hire a Certified Network Administrator to configure these settings for them and keep their network safe.

Since these companies hire Network Administrators anyway, why not leave these settings disabled by default, since the average user does not need them, not to mention that they do not have an expensive Network Administrator to set everything up for them to protect their computers.

If they were to leave these security risks disabled by default, since anyone that really does need to use them either knows how to set them up, or hires a Network Administrator that does know how to enable and configure these settings, then a lot of this hacking and even a lot of the viruses and ransomware attacking our society at an unbelievable pace could be prevented, or at the very least be slowed down.

Well my friends, since you can't afford to hire an expensive Network Administrator, and since this is affecting millions of people around the world who have had their identity stolen, and their computers affected by viruses and ransomware, not to mention that some people have even had hackers steal their identity and then file for that poor unsuspecting souls income taxes, I have decided to write this book for you to keep by your side at all times as your own portable Network Administrator, but this book is way more than that.

Another reason that I decided to write this book is because all of my friends, customers, and even the instructors at the Microsoft Certified College that I attended continually brag about how good that I am, brag about several of the tricks that I have learned over the years to fix computers, and according to all of them I am one of the best.... we will leave that for you to decide.

I decided to put all of those hints, tips, and tricks of mine that nobody else knows how to do in this one of a kind book, so that someday when I am gone all of that knowledge will not be lost. These are tricks that I have learned in my forty plus years of experience as a Web Master, CompTia A+ Certified Professional, Network Administrator, and so much more!

What should excite you even more is the fact that I am walking you through these settings and configurations in a simple step-by-step tutorial that will help you absorb in minutes what took me years to learn. These are very important tips that you probably will not find anywhere else. For instance, I have fixed several computers that my customers were about to throw away with a common household hair dryer.

I have several customers that I met who were referred to me after they paid two or three other people to work on their computers, but those people were all unsuccessful, yet I succeeded every time.

I am going to tell you another one of my most important tricks that I have used to fix computers also, these were computers that people gave up on and were ready to throw away, and this trick has saved my customers, as well as myself, a lot of time and money, so if you have ever thrown a computer away or replaced a motherboard, be sure to read the computer repair section near the end of this book.

Remote Desktop is more than likely enabled and running on your computer, which allows someone else from a remote location like the Internet to see your desktop exactly as you yourself see it, they can be doing things on your computer just as if sitting right beside you, but you will not even know that they are there. They can read all of your files, copy that data which you have tried so desperately to protect, and even delete your files and applications without your knowledge, or even worse, they could inject a virus or Trojan into your system.

You may have one that I consider a risk running in your computer now such as "Link-Layer Topology Discovery Mapper" which Creates a Network Map consisting of every computer and device attached to your computer, it is like handing them a map saying "Here is my computer, come on in!"

Secondary Logon is probably enabled on your system and it is a definite risk! I always disable it and there is another service that I disable which I cover in this book, and this service creates shares for all of your hard drives and many other things. Everyone that I have shown this setting to became understandably upset that their hard drives were being shared without their knowledge, they literally had no idea that their hard drives were being shared. See more about all of these settings further in this book.

Other services that are risky in my opinion are "Media Center Extender Service" which Allows Media Center Extenders to **locate** and **connect** to your computer, and they can do so **without your knowledge**. Another is Routing and Remote Access, Net Pipe Listener Adapter, Network List Service, Network Connections, Remote Auto-Access Connection Manager, and many more!

I am going to show you how to disable these resource hogs that are also in my opinion big security risks, as we work our way through this Security and Performance how-to guide. I will tell you about some of the biggest resource hogs that are probably running in your computer right now and using up valuable resources, slowing your computer down.

As a matter of fact, about a year ago I had a customer that asked me to check his laptop because he installed a new game that he wanted to play real bad, but after the game installed it would not play. He thought that he needed to go out and buy a new memory chip to give his laptop enough memory to play the game. When he clicked on the icon to start the game it would slowly begin to load the game and then freeze up.

He was astonished when I showed him all of the services and settings (which you too will learn from this book) that were running in the background using up so much of his resources that the game could not play, and these are services and configurations that he did not even use.

I told him that I personally never use any of the settings that I showed him and will be showing you in this book, and my Internet and computer are faster, and much more responsive. After disabling just a few of the settings that you will see in this book, the game not only played, but it played at full speed, no hangs, no glitches, not a single problem.

That gives you an idea of how much stuff is running in the background needlessly hogging up most of your resources, and making not only your computer slow, but your Internet as well. I will walk you through that entire process in this book, to help you get more performance out of your computer and Internet.

These security risks are of utmost importance, especially with all of the viruses out there these days, but of even more concern is the attacks on home computers, big and small business computers, as well as the attacks in the last few months referred to as a ransomware virus which has been viciously locking people out of their own computers and making the data inaccessible to the owners of the computer and their employees and/or users that need access to these computers to maintain and control all aspects of their business, and daily life.

What really disgusts me the most is the fact that these criminals are so heartless and evil that they have been attacking and locking hospitals out of their computers which contain vital information about the patients that they are attending to, and this is critical information that can be the difference between life and death! The hackers promising to unlock the computers/servers only if paid a large ransom.

These wicked, selfish, and greedy hackers are risking the lives of sick and innocent people for the sake of the all mighty dollar, and locking doctors, as well as nurses, out of the medical records of their patients which they need access to for such critical information such as the patients blood type. We all know how deadly it can be to receive the wrong blood type.

That is another reason that this book is important right now, it is a must have, to keep with you always as a guide to changing the ways in which we leave our systems wide open for such attacks, and what I will show you here in this section of the book is just a small portion of all the security risks that we will cover in this book that are leaving you vulnerable to identity theft.

Where does it end? It can end here.... right now! Sure the easy to follow instructions in this book have pictures to walk you through these settings and make it easy for you to lock down your computers, but make no mistake about it, we have a long way to go if we are to live in this modern age of technology with high-speed Internet access that allows us to watch a streaming video on demand, or text and chat with our friends and family on social media sites.

It does not have end, we should not have to give all of this up to live a happy and most importantly a secure life! It can and should be a quick and wise solution that begins with a change in the software that we use every day, software that we have become very comfortable with, but unbeknownst to us leaves us wide open to such vicious attacks.

The companies that use the critical network settings that I have been telling you about in this book have the money and resources to hire a Network Administrator such as myself to manage the critical settings, so Microsoft, as well as other software manufacturers, need to quit leaving these settings wide open like this.

Common sense dictates that since the biggest part of society, the average user, does not need and/or want a lot of these services and configurations in the first place, it only makes sense to disable them all, and then these companies that do need to use them can let their Network Administrator set them up and configure them. After all, they hire Network Administrators anyway, so why leave these security risks open and burden us with the problem.

Like I said, the average user does not even need a lot of this stuff running in their computers, which are leaving us open to such attacks. I wonder if those Administrators that were locked out of their computers at the hospitals even realize that some of these settings that I have been telling you about are more than likely how the attackers got in to the system in the first place.

No matter how good our security is, the sad truth is that hackers can and will eventually find a way to hack into our systems, but why do we keep making it so easy for them?

My intention is not to belittle Microsoft, don't underestimate Microsoft, the knowledge that they have makes me pale in comparison, and in fact, I know very little about hacking at all. What makes me so good at this is what one of my bosses revealed to me one day about my A.D.H.D.

With all of this energy that I have, when I get bored I read and study a lot of subjects and for some reason (according to my boss) I always seem to find a better way of doing things every single time! So to those of you out there with A.D.H.D, read the A.D.H.D section that I have included just for you, at the end of this book and learn to use all of that energy in a good way to accomplish things such as I have done.

This book is full of security fixes, as well as hints, tips, and tricks to make your computer faster, and much more secure! I have a lot more tricks for you when we get to the computer repair section of this book. Fixes that will blow you away and save you a lot of money on not just computers, but other electronics as well.

Since we were talking about hackers that have been attacking not only corporate businesses, but even critical life dependent operations such as hospitals, here are just a few of the services, settings, and configurations that may be enabled and running on your computer in the background, and may have even played a role in allowing some of these hackers access to those computers in the first place, if they were indeed running in the background.

Remote Registry is usually running on the average users computer and/or laptop and they have absolutely no idea that it is even there, hiding in the darkest shadows of the computers inner hidden roadway on a one way street named Hackers Paradise, and it awaits the shady driver who has an equally terrifying name, that name is Destruction N. Acquisition.

He does not own the destructive vehicle, but he figures that he does not need to, since the car door is wide open, the keys in the ignition, and the engine is purring like a kitten, but don't be fooled, kittens have claws and so does this deadly service. Sure the service has its good side, but more often than not the good side is out for lunch and you are left with the evil, deceptive, and silent but deadly side.

I gave you that little story to help you understand the importance of these critical settings and hopefully make you understand how these settings can be devastating to you, your family, even your work place. By the way I did finish that story, I may add it at the end of this book.

Remote basically means from another location such as the Internet, or perhaps a neighbor down the street, even your next door neighbor! Just as critical to lock down is the registry, it is very important too! Later in this book when I give you an idea of how much of your personal information is located in the registry such as your passwords, usernames, even the names and locations of documents that you have opened not only recently, but months, or perhaps even years ago, you will understand it is a risk too.

Knowing about Remote Connections and how important the registry is, which is a major concern that we will discuss later on in this book, why would you want someone from a remote location, or a remote computer, including people from the Internet to have access to your registry?

This is a severe security risk in my opinion, so I always disable "Remote Registry" as well as "Secondary Logon" and so should you, I will show you how to do this in the next section of this book. See image below

There is another setting that you are going to be upset about, it is usually wide open like a side door to your house, only this is a side door to your computer which is allowing absolute strangers access to your computer to browse, copy, even delete or edit your important documents.

What is this risk that I am speaking of that lets strangers browse your computer? It is a setting that we will discuss in this book, which can be modified in a section of Windows that is referred to as "Local Security Policies" which are very important and critical settings that can be modified by a System Administrator or PC Technician that knows what they are doing.

However look at this one setting that lets strangers in your computer. I refer to "Anonymous Users" as "Strangers" because that is basically what an anonymous user is, someone anonymous that you may not even know, and this anonymous user is allowed by several settings in your software to browse through your computer files, and much more!

I will show you how to access and change these settings later on in this book, but for now I will show you this to give you an idea of how serious a risk some of these settings are. There is a setting in your computer that is more or less set aside for Network Administrators to configure for bigger companies that have a lot of computers networked together, but if you are just a home user this setting is not really needed.

The setting is "Network access: Named Pipes that can be accessed anonymously" as seen in the image below

As we continue reading and observing these settings you may be as shocked as I was upon seeing that the settings on my computer were unbeknownst to me, allowing Anonymous Users to browse my computer and God only knows what else.

Please do not get me wrong, Microsoft does have a legitimate reason for including the "anonymous" user in their software, but unless you are running a game server or some other kind of service that you share with other people, you do not need this access point to your computer being left wide open for potential identity thieves!

Even if you were running a game server, wouldn't it be wiser to make all users have their own unique username and password so that you at least know who they are and why they have access to your important information?

If you are good enough to run a server of your own, you probably do still need this book because I have not met one single person to this day that knows about all of these severe security risks in the software that they are using, not to mention some computer repair tricks that I have learned in my forty plus years as a computer technician that will blow you away.

Now, as I was saying about the services and settings that are running on some peoples computers unbeknownst to them, these services quietly lurk in the background and the hackers are well aware of it no doubt. These settings and services probably have more to do with how these hackers are getting our information than we think, and then people are left wondering how someone was able to open a bank account in their name, or how a stranger was able to apply for a credit card and get it in their name.

This setting is so important that I wanted to show it to you right now just to give you an idea of some of the settings that we will be changing as we go along in this book. Now is a good time for me to remind you that you should always, and I do mean always, create a restore point every single time that you intend to make changes to any and all of these settings.

I am going to show you a couple of these settings that I myself consider to be a huge security risk, and this is just to give you an idea of the cool things that you are going to learn in this book which is going to make your computer much faster and much more secure.

Please do me a favor and for the time being, as I show you these settings, please do not change them now, we will come back to this section in a little while and make these changes together. If you did make a restore point already, then it is no problem if you want to change them now, but please do not change anything else unless I tell you that it is safe to do so.

Changing any of these settings that you know nothing about, which took me years to learn, can crash your computer and even turn it in to a big paperweight. So please do us both a favor and always create a restore point before making any changes to your operating system.

In fact, it is a good idea to make a restore point, then test your new settings to be see if they accomplished what you wanted to do, and then reboot your computer to make sure that when the computer restarts the new settings do not cause any conflicts.

If upon rebooting your computer you encounter any problems from the changes that you made, or if you are locked out of your computer, restart it again and immediately start tapping the F8 key, tapping it over and over again until a screen comes up and then select "Last Know Good Configuration".

If you did not press the F8 key fast enough and it starts reloading windows hit your reset button, or use "Control + ALT + Delete" keys simultaneously to reboot again, but do **not** press the power button and shut it off. **Never** do a hard shut down if you can help it, because it could damage your hard drives as well as your computer, and the next time that you turn your computer on you may not be able to load windows, or may not even have any screen at all.

If your computer ever freezes up on you press the "Reset" button if you have one, rather than power it down the hard way with the power button, if your computer does not have a reset button, press the "Control + ALT + Delete" keys simultaneously to either reboot, or if it brings up the task manager, select the program that froze up and click "End Task"

If after making the changes and restarting your computer everything goes well and things are working the way that you want them to, make a final restore point and name it whatever you like, something to let you know what settings you just changed and in the name of the restore point type "Worked" without the quotes, that way you will know which restore point is good and worked, otherwise when you go to restore it you may not know which restore point to choose. This way you will not lose the settings that you did so far and were happy with.

Now, I want to show you how severe of a security risk that I think this one setting alone poses. As you can see in the image below

Microsoft states in the description of this setting that the default setting is "None" which means that nothing should be in this box at all, it should be empty. See image below

So when you click back on the main tab of the menu-setting box, it should be empty like the image above. If the box is not empty then every single setting that you see in that box has been leaving you wide open to identity thieves and hackers, and you should delete every one of them. If you are on a work computer stop now, do not change anything without permission from your boss and/or a Network Administrator, See image below

If there is anything in the box as seen in the image above, and you are not on a work computer, delete everything in the box, this is a security risk, and remember even Microsoft said "None" in the default settings, so there is no doubt that you can delete them, but make a restore point first, it only takes a few seconds.

Another setting that we are concerned with is "Network Access: Remotely accessible registry paths and sub paths" and I have the box empty on that setting as well, because in my opinion this is another huge security risk. When you read the default settings on this one, they do show some items in the box, however I deleted all of these as well, and everything works fine on my computer, including the Internet

If you look real close you can see that the scroll bar is still way at the top of the menu (top right side) so all of the settings that you see highlighted in blue are only about half, perhaps even just a third of all the settings that were allowing anonymous and Remote Access to my computer.

So, what did we just learn? We learned to always read the "Default" settings on all of these configurations to see what the suggested "default" settings are, but that does not necessarily mean that we have to use those settings. We also learned that even Microsoft knows how serious of a risk the "Network access: Named Pipes that can be accessed anonymously" setting is, that is why they show the default setting should be "None" (the box should be empty) in the "Network access: Named Pipes that can be accessed anonymously" settings.

However on a couple of the others below it they do have a few items listed in the "Default" suggestion, but I removed them too, because I feel that these settings in the box allow Remote Access to my computer, and even worse yet, to my registry! So it is up to you whether or not you want to allow access to your computer and/or registry, as for me I have nothing in both settings.

There are many other things that I can't help but question, for instance rasphone is a Remote Access phone book and when you delete it, it comes right back as soon as you exit that folder. Is that sneaky or what? It's your computer and therefore you should be the one in control of it, not Microsoft, so why is it that when I know this is a file that I do not want on my computer, since not only do I not use Remote Access but I also do not want any program using it either, yet Microsoft has made things seem as though when I delete the file it is deleted, but it reappears behind my back when I exit those folders.

Is that the only file that they have done this to? No, not even close! There are many more, and not only that; they have done the same thing with the registry. As I have said before, I am pretty good with the registry, my own instructor from a Microsoft Certified College that I attended told me that he is afraid of the registry and he stays out of it.

Why is he so afraid of it? The answer is simple, and one that I want you to remember, because the last thing that I want any of you to do is read my book and start going into the registry and modifying the settings, as well as the other settings that I show you in this book.

Please do not change anything in the registry or any of the other places that I show you in this book unless I say that you can, and if I do not mention a setting in this book that you see in your computer, there is a good reason that I do not mention it and you definitely should not change it.

That being said, why have I done these things and changed the settings that I mention in this book? I will tell you, and even though this saying that I tell my friends and I am about to tell you is one of my favorite sayings, please do not use it as an excuse to dive in and mess with things that you know nothing about.

Because we are going in a certain order in this book, and if you go ahead and change things that you know nothing about and then have to reinstall your operating system (Windows) you will have to start at the beginning of this book and make all of the changes that you liked up to that point all over again.

So, the answer to the question "Why do I mess with the registry when even my Microsoft Certified instructor does not and even told me that he is afraid of it?" the answer is first of all, and most importantly, you must remember that several of my instructors said that I know more than they do, even going so far as to say that I should have been the one teaching the class, not them.

This is not because I am smarter than them, I was much older than most of the instructors at that college and I was in to computers even before there was an Internet. I was not smarter than them, I just had years of experience that they did not have.

It is also due to this saying of mine that I always tell people who ask me that question, so I will explain it to you. When you were a child, were you afraid of the water before you learned how to swim? Of course you were, because you were told, "Stay out of it or you could die!"

How then did you learn how to swim? That's right, you never would have learned to swim if at some point in your life you had not went into the water. That is why the instructor who made that statement to me, never got as good with the registry as I had been at that time.

Like I said, it is not that I was smarter than him, it was because I did venture deeper into these things that he was afraid of. That being said, please do not take that same approach and use my saying as an excuse to venture on without the aid of this book and begin making changes on your own. The whole idea of this book is for you to learn from me because I have made mistakes and learned from them, you do not want to do as I did and learn the hard way.

Please keep in mind that I was into computers before windows was invented and even had my own DOS Menu that my friends and family used at that time, in fact I actually wrote my first book about DOS before Windows was invented, it was titled "DOS-Easy" and as I said, I was online before there was what we have come to know as the Internet today.

I went online on what was known in those days as a B.B.S. Or "Bulletin Board Service" The bottom line is this, I only had the confidence to venture into the registry and many other settings that you will see in this book because I was making my own games and programs before windows was even invented.

Now, there are a few applications that I would like to bring to your attention, I very rarely recommend any programs or software, but my customers swear by any that I do recommend, because I literally test hundreds of programs every year, and the few that I do swear by and recommend to my customers, they always like.

For instance I do not use windows defrag, because it is way too slow, instead I use Auslogics Disk Defrag, I love this one and I would bet that you will too. There are settings that you can set up, so that before it defrags your hard drive it deletes temporary files and empties the recycle bin, that way there is less to defrag. Even without those settings, this defrag is super fast and blows windows defrag away. I have used it for years, and I refuse to use anything else. You can download it from http://www.auslogics.com and they have a great tool to help you find out what is in your computer and what drivers you need, it is a system information tool referred to as "Speccy"

Another program that I use is "CCleaner by Piriform" and mark my words, it is a tool that you do not want to be without. First of all, I use CCleaner all of the time to clean my computer, in fact I use it several times a day, and with good reason. They have a "Free" version which is the one that I am referring to in this book, but they do have a 'Professional" version for business or people that want even more tools and so forth.

I use it that often because every time that you open a program and use it, that program opens a lot of files and extracts data temporarily to your hard drive to a folder that is usually named "Temp" and when you surf the internet the web pages that you view are downloaded to your hard drive as well in a folder named "Temporary Internet Files" and when you close the program, or the web page, the temporary data is supposed to be deleted from your hard drive, otherwise your hard drive would become full in no time at all.

However, several of the programs that you run such as your games or word processors leave a lot of that temporary data on your hard drive rather than delete it like it is supposed to. Why? Beats me! I assume that perhaps the computer programmer that made the software might have been lazy and left the command out, or there could be some other reason, but some of this data can be very important, such as your personal information that you entered when you were filing your income tax returns on your computer, and that is definitely what the hackers are looking for.

I run it almost every time that I close a program, not always, but I do run it several times a day. The one important time that I do use CCleaner, and one that you will want to remember, is immediately after using my credit card online or filling out any kind of form with my personal information. The reason for this is because that is why hackers want access to your computer; they are after your credit card numbers and bank information, so the second that I finish using my credit card online I run Ccleaner.

Did you know that the settings in Internet Explorer save that critical and personal information to your hard drive? That is correct, if you do not want your personal information, banking data, and so on then you must go into the settings for internet explorer and put a check mark in two boxes.

One is "Do not save encrypted files to disk" which would be things like your banking information, and the other is "empty temporary internet files when folder is closed". I have no idea why these are not checked for you, perhaps because people are lazy and do not like retyping the information, but at the very least, the first one should always be checked!

CCleaner is fast, and most importantly it deletes the temporary Internet files that are stored on your hard drive every time that you are on the Internet, including your financial information. In fact, I would be lost without it. It also deletes cookies that stay on your hard drive and pose a huge threat. One even more important reason to run it is because from my experience I have found that when you do get a virus from the internet, that virus is executed from your "Temporary Internet Files" folder, so by running Ccleaner you are deleting that virus as well!

What makes CCleaner even better yet is the fact that you can use it to enable and/or disable startup programs, which are programs that were installed and rather than wait for you to click on the icon to start the program, a lot of these programs put themselves in the startup entry so that as soon as you turn your computer on , or "Start it up" hence the term "Startup" the program is started automatically every time that you turn your computer on or reboot it.

However, eager as they may be, these programs whether their intentions are good or not, continually run in the background using up valuable resources and slowing your computers overall performance down, sometimes even to a crawl "so to speak". You may find several of them doing that and it adds up quick, using a lot of your Computers RAM Chips resources referred to simply as your computer "Memory" and they use a lot of your C.P.U resources too!

These type of programs are also referred to as TSR or "Terminate and Stay Resident" and take it from me folks, I have been called out to a customer's house because their computers had eventually became so slow that it seemed to them like it was, in their words "taking forever for their computers to start up" unquote.

I usually disable several of those programs, and do a quick tune-up as you will learn to do from this books tutorials, and before you know it they are happier than a rich man in his bank vault because their computer is fast like it used to be before the bloatware was installed.

These programs do not need to be running in the background and wasting valuable resources such as your computers memory, it is foolishness on the part of the programmer to set them up that way. When I want to use a program, whether it be a game or a word processor, I will click on the icon and start that program when I am ready to use it. There are some TSR's that you do need running at startup such as your antivirus and anti-malware, as well as a few drivers for your computer such as your audio driver or video drivers.

So rather than disable those startup programs the usual way, which is not too hard to do, I use CCleaner for that task as well, it could not be easier. Piriform did an awesome job making that program of theirs, and it does a whole lot more than that, it even cleans your registry and I have used it for many years and never once had to restore the registry, though it does offer to back your registry up before making any changes.

To disable those startup programs that do not need to be running just click on the 'Tools" menu on the left side of the screen as seen in the image below

Be sure that you do not disable your antivirus software, and pay real close attention to what you are doing, you could possibly have some drivers running at startup such as the driver for your sound card. When you are setting your preferences the first time that you install it, you can uncheck Firefox cookies and passwords, or what ever browser that you use, that way you do not have to keep putting your password in, however that too is a risk. There are programs out there that can access your password if you leave it in your browser so that you do not have to keep entering it. Try "Password Fox" and you will see what I mean.

CCleaner is without a doubt the tool that I use more than any other, and when I show you the hidden programs that it reveals to you that are running in the background, you will swear by it too. When you start CCleaner look at the left side of the menu and click on the "Tools" category, and then click on the second one down in the second pane to the left titled "Startup"

Everything that you see there is automatically running every time that you turn your computer on or restart it as I just finished explaining to you. Most of it does not need to be running at all. By the way I am using version 5.32.6129

As I mention earlier, when you install a program, sometimes those programs automatically put an entry in your startup so that every time you turn on your computer or reboot it their program is in the background running. This is ridiculous, when I want a program to run I will click on the icon and start it myself.

Now there is another setting that is of utmost importance and in fact the main reason that I am introducing you to this program. The setting is the next tab to the right titled "Scheduled Tasks" and there is an empty check box to the right in that menu box titled "Advanced Mode" put a check mark in the box and what you see next might just upset you, see image below

See all of that stuff running in the background in your computer? Do you have any idea how dangerous mobile phones can be and how easy they can get in to your computer? Well no wonder, Microsoft has these things running in the background as soon as you turn your computer on and/or restart it.

You may not have everything listed there that I did which was running on my computer, but if you do then you will see one running that is known as a "Task" with the title of "HotStart" and then when you look to the right of it you will see the path and the command, notice that it says "MobilePC"

Again don't get me wrong, Microsoft did this so that people could use their cell phones to access their computer, that way they could access their data, or music, and whatever else they want to access on their cell phone and vice-versa, the problem is, every one else can access it too!

Then there is one that says "RecordingRestart" that's right, maybe it is not on yours, but it definitely shows on mine. What are they recording and why? Look at the path and command to the right of it.

Do you see what it says? Assuming it is on your computer, it says "RecordingRestart" and the path is leading to "Microsoft\Windows\Media Center" so now we know that Media Center is recording something, but God only knows what, I am not sure that I want to know! Notice how many times Windows Media Center is running different tasks and wasting your resources doing things that you do not even know about!

There is also one on mine that is "Logon Synchronization" for Offline Files. It is synchronizing Offline Files in the background without our knowledge or permission. That means it is allowing my data, my files and documents to be copied to an 'Offline" folder for other people to have access to!

The reason the Offline service was created was again with good intentions, so that when a company computer was down or "offline" the employee's from another computer would still have access to the files that they needed to do their job. So again, it is a service with good intentions and it is still used to this day, but it is another security risk.

There are some settings that are downright scary, take this one for instance "MobilityManager" and the path is to "Microsoft\Windows\RAS" RAS stand for "Remote Access Service" so this means that Mobility Manager is allowing Remote Access to your computer. Do you really want to know how these identity thieves are getting your information? Can it be through settings and services like this?

There is one titled "GatherNetworkInfo" that does a "Net Trace" this gathers all of the information about your computer and Internet settings. Your IP Address, which is just like the address to your home. An IP Address can be compared to the address of your home. Just like a home address tells what city and state that you are in, so does an IP Address, just like a home address tells what street and house number you are at, so does an IP Address. Now do you still want this program gathering your NetworkInfo?

There is another one "SynchronizeTime" and that is only needed if you are on a network, in order for the networked computers to access one another the time has to be synchronized to the exact same settings. Look how many of these settings CCleaner revealed are for Windows Media Player, I see several of them listed and running in the background which is using a lot of memory and CPU resources, not to mention your Internet bandwidth being used and making your internet slower just by Media Player alone.

This is one of the settings that I mentioned earlier in this book in which after disabling a bunch of these settings my customer was able to play his game, and another customers Internet connection speed was slow until I disabled these settings, as well as a few others that I will show you in this book.

In the image below you will see that I deleted all of the settings except the three that you see in the picture, and my Internet, as well as everything else works just fine, make sure you do not disable your drivers if they are shown there, such as your sound and video drivers.

You might want to "disable" these settings rather than delete them, and in fact that is what I suggest that you do, and then if you find out later that one of these settings you disabled was indeed needed, you can open CCleaner and "enable" it again. You can download it at <http://www.piriform.com/ccleaner> there is a good chance that you will just love it.

Like I said earlier, I also use CCleaner to enable and/or disable startup applications (programs that load and run in the background when you turn on your computer) it is much easier than messing with msconfig, you just click on 'Tools" and then "Startup" from there you can enable or disable any program that you do not want running as soon as you turn on your computer, and I use the Registry cleaner it has as well.

By the way, I have no affiliation with the people who make CCleaner (Piriform) and I have not been paid or compensated in any way, not by them or any other products/companies that I mention in this book. The reason that I mention these programs is because they are instrumental in making your chores easier, and as you just learned, CCleaner helps you disable things that are running in the background making your computer slower, and in some cases vulnerable to attacks.

Another registry cleaner that I love and use is 'Glary Registry Repair" by Glarysoft, <http://www.glarysoft.com/> it is fast and so simple that anyone can use it. I have never had any problems using it and it even make a restore point in case you do not like a change that it made. You simply click on "Scan Registry for Problems" which is at the top of the menu to the left as seen in image below

After it is finished searching your registry for problems a new menu will pop up on the screen showing you how many problems it found in the registry, all you have to do is click the "Repair" button as seen in image below

Like I said earlier, I do not recommend very many programs, and all of my customers swear by the few that I do recommend, so if I mention a program in this book giving it a thumbs up (saying it is a good program) then you can be confident that I have not only tested it a few times, but used it for months, or for years as is the case with most of them.

Before we get started on the next chapter where we will start securing your computer and optimizing the performance and speed of your computer and internet to make it faster, more secure and responsive, there are just a couple more programs that I feel are worth mentioning.

After reading about them we will move on to the best part of this book and you will be amazed at how much faster and more secure your computer will become as you follow along in this Computer "How-to" Security and Performance Tune-up Manual,

If you do not feel comfortable with Microsoft collecting all of your personal information, and believe me it is a lot, then download "Spybot Anti-Beacon" at this link <https://www.safer-networking.org/spybot-anti-beacon/> and install it, or get the portable version that does not even need to be installed, so you can stop Windows' telemetry from gathering all of your personal information.

It is simple to use, just a quick click of one button to disable it all, or a few buttons that you can choose from, depending on what you do or do not want to share with them. I should point out that while you are at their web site you might just want to check out a program made by Safer-Networking that I have used for over 15 years, and I swear by it! I have shared it with all of my customers who seem to really like it as well, it is definitely a must have to keep your computer and your personal information safe and guarded from hackers and identity thieves, it is "Spybot Search & Destroy"

It has an 'Immunize" feature that with the click of one simple button blocks thousands of adware and viruses. Spybot is an application designed for the blocking and removal of spyware, malware, and other intrusive software and just the "Immunize" feature alone makes it a "Must have tool", but that is just the beginning, it is also a Virus Scanner, and has many more features that will help keep you protected.

Last but certainly not least, is a program that even allows you to disable services that Microsoft will not allow you to disable made by a company that I already mentioned Glarysoft, they make a utility that is likewise awesome. Keep in mind that I use all of the programs that I mention in this book almost on a daily basis, and Glary Utilities is no exception to the rule.

Glary Utilities made by Glarysoft at <http://www.glarysoft.com/> is an awesome utility that has so many features it would be impossible to mention them all here, and for those of you wondering, no I have not been paid or compensated in any way to mention the products in my book, I even had to write them and ask for permission to include their products in my book.

Not just Glarysoft but the others mentioned in this book as well. Anyway they have an "Empty Folder Finder" which has never let me down, and when making backups of my books as often as I do and deleting old backups I usually end up with a bunch of empty folders and this tool is a lifesaver.

Just be careful not to delete any empty folders from your hard drive that Windows is booting to because even though the folders are empty, they are still needed by Windows, as well as other programs. If it is not a folder that you made, do not delete it, unless it is left over from a program that you uninstalled.

One of the many features it has is what I was referring to that lets you disable services that Microsoft makes all but impossible to disable, but even better yet, it shows you some that even I did not know how to find (See image below)

You get to this tool by starting Glary Utilities, click on "Advanced Tools" and then click on "Startup Manager" and when you look at the top you will see several different tabs, each a different category than the others, but each one allowing you to disable or enable the many startup programs hogging up your memory and other important resources as soon as the computer starts. Just be careful and do not disable any that you do not know about. Some services are required. Always go to Google and research each service before disabling anything. Most of these I cover in this book, so there may only be a few you want to check.

What do you say we go ahead and get our feet wet? Please close all windows that you have open now and go back to your "Desktop" view. If you are overwhelmed by all of the settings, services, and configurations that I just showed you, go ahead and take a break and come back to the next part of this book refreshed, relaxed, and most important of all, alert and on your toes.

Keep in mind that I have years of training and experience, as well as graduating head of my class at a Microsoft Certified College, and as I said earlier I have been into computers since before there was an Internet, but I certainly do not expect you to learn all of this over night, however that is why you bought this Security and Performance Manual, it will be by your side always as a "How-to Manual", a user guide to help you secure your computer and get much more performance out of it.

Please remember any changes that you make, you do so at your own risk. I will do my best to advise you on what I know about the particular settings that we will be discussing, but only you know about the computer that you are using, and only you know what types of programs and services you use. If you do make changes and did not create a restore point then I cannot be held responsible.

#  Chapter Two

## Performance and Security

The first thing that we need to check is coming up, but first lets do the most important thing of all. You should be logged in with an account that has administrative privileges in order to be able to make the changes that I show you in this book.

Whenever you are going to make important changes to your computer you should make a restore point first, that way if something goes wrong or if you are not happy with the changes that you have made, you can easily restore your computer to the exact state that it was in before you made those changes.

In order to make a restore point, for those of you who do not know how to, right-click the "My Computer" icon and then click "Properties" If you prefer you can click the "Start" button and then right-click the "My Computer" icon and then select "Properties" you will see a screen that looks like the image below

Then click on the setting that you see highlighted in light blue in the image above titled "System Protection" which should bring you to a screen like the image below

This is the menu where you not only restore your computer to a previous setting but where you can make a restore point as well. Notice that I only have drive C (the system drive) enabled, however you can enable restore for the other drives as well, but it will take up more disk space.

For those people with Windows 10, in order to launch System Restore in Windows 10, bring up the quick link menu by using the special Windows key (on most keyboards at the bottom left portion of the keyboard, usually between the CTRL and ALT keys) press it and the "X" key on the keyboard (Windows key + X) then select "System" as seen in the image below

Then select "System Protection" on the left side of the screen, you will then see the "System Protection" tab of the System Properties dialog box. This is where you can launch a restore operation, configure System Restore settings, and you can create your own restore points.

For any of you that have seen this screen before, if you have tried to use System Restore in the past and have been unable to, it is probably because you first have to make a couple of adjustments to the settings before it works.

Before you can use System Restore successfully you must tell it how much of your hard drive you are willing to set aside for these backups. I usually set it at about twenty percent, but it depends on how much hard drive space you have available. Keep in mind that the more free hard drive space you have, the more backups the system can make.

If you have ever made a backup of a certain restore point and then tried to restore your computer to that exact restore point only to see that it is no longer there, then it is probably because you ran out of hard drive space, or because you had enough hard drive space but you only gave it permission to use a small amount of that free space on the hard drive, in which case it probably deleted that restore point to make room for a newer one.

That is why you always want plenty of free space available on your hard drive, not to mention that I have had customers come to me telling me that the computer they were using got slower and slower and then quit working all together, and upon further inspection I have found that the hard drive was full and windows had no place to put the open files that it usually expands or copies as you work on them.

When you are opening a CD-Rom or a DVD you will need no less than the total size of that CD or DVD of free space on your hard drive. If you are going to extract that DVD or copy it to another DVD then you must have at least enough free space on your hard drive to temporarily hold the contents of that DVD during the copy process.

So always make sure that you have plenty of hard drive space available, and if you do not want your important restore point to be deleted, make as much space available as you possibly can in this next setting.

In the image above and on the menu that you should now see on your screen you will see a button that says "Configure" click on that button so that you can tell System Restore how much hard drive space it can use to make restore points for you, then if something goes wrong you can safely restore your computer to the state that it was in before you made the changes. See the image below

You will see by looking at this picture that I have the slider set to use twenty percent of my hard drive for backing up my restore points. Well, it just so happens that I got a virus one day and when I wanted to restore my computer to a previous state where I knew it did not have the virus, that particular restore point was gone, because I actually had the virus longer than I thought, and since I only gave Windows permission to use twenty percent of my hard drive space it was forced to start deleting old restore points in order to make room for a newer one, and those restore points all contained the virus, but I did not have a restore point that went far enough back to an earlier date before I got the virus.

So that being said, do not be too greedy with the free space on your hard drive, please allocate plenty of free hard drive space. In the past you may have seen restore points that you did not make, you may be thinking "I did not make another restore point, how could this happen?"

That is what I was thinking at first too, but Windows makes its own restore points without you having to tell it to. For instance when you install a new program, Windows makes a restore point for you in case something goes wrong, it also makes a restore point before doing most updates as well. That is why I use a second backup program like "Erunt" to create my own separate restore points.

As you can see in the image above, I had plenty of hard drive space, so if I had allocated thirty or forty percent of my hard drive space for restore points I would not have lost that particular restore point that I wanted to restore my computer too before I got the virus.

Upon viewing your options you will see at the top of the menu three buttons that you can choose from, I always use the top setting "Restore system settings and previous versions of files" but you can choose whichever settings you prefer. Once you have chosen your settings and moved the slider to the amount of free space on your hard drive that you want Windows to keep for restore points you can click the button labeled 'O.K."

Now your computer is ready to start making restore points for you, so go ahead and click the button labeled "Create" to make your first restore point as seen in the image below

Now that you have made a restore point and hopefully made a backup copy of any important files that you do not want to loose, lets take a look at the last tab in your system properties menu, it is the one next to "System Protection" on the right side of the menu labeled "Remote"

Click on that tab and make sure the top box is unchecked (no check mark in the box, leave it empty) if you do not want people from a remote location/computer to have access to your laptop/computer.

This subject is of utmost importance and a decision that you need to make immediately with concern to the security of your files and personal information. If you are using a stand-alone computer (meaning that you do not have any other computers connected to yours) and if you do not want to let anyone else have access to your computer, be sure to select the choice in the lower portion of the menu "Don't allow connections to this computer" that is unless you plan on letting someone with another computer, laptop, or cell phone log into your computer, if you do want to let other people log on to your computer then set it to accept Remote Connections.

Note: I strongly advise against allowing other people or computers to connect to your computer and you will see why later in this book. I will show you how to let your friends that visit your house use the Internet without making your computer a gateway for them to use your Internet connection, which of course leaves you open to attacks.

Now close out all windows and lets begin. I do not know about you but I personally hate Windows Update, it runs continually in the background sucking up valuable resources, and if you have been on the Internet at one time or another and trying to figure out why your computer and/or Internet connection was so slow, odds are that Windows Update was running in the background and downloading things which are causing you to have a slow connection. This is one of the settings that I disabled that made my customer's computer able to play that game.

By the way, the reason that I refused to upgrade to Windows 10 is because I was told that Windows Update is continually running in the background and you cannot disable it! However, after working on a customers laptop that had Windows 10 installed, I was able to successfully disable the Windows update service using the same procedures that you will learn in this book.

I personally prefer to disable automatic updates, that way I am the one who decides when to do the updates, not Microsoft. That way I have the speed and performance of my Internet connection, as well as my computer, when I want it, and then later on, if I do want to do an update, I can choose to do it when I do not need the full speed of my Internet connection and of course I will expect my Internet connection to slow down a bit for the few minutes that I do a manual update, but at least I am in control that way.

If you want to be in control of your own computer and do your own updates at your convenience, not Microsoft's, then go ahead and do this next step before we continue on to the main settings coming up, and I can guarantee you that you will notice a big difference in your Internet and computer speed.

Keep in mind that you can still do updates any time you like, and several times a day if you think you need to, but at least you will have the performance of your computer and speed of your Internet connection at times when it is important to you.

Right-click on "My Computer" and select "Properties" and then near the bottom of the menu that comes up on the left hand side click "Windows Update" as seen in the image below

This is the menu that you use when you want to set your preferences for Windows updates, as well as to run updates manually, of course it is easier to click the Windows Update icon on the start menu when you just want to do a manual update. The menu that you should see now looks like the image below (I do realize there are a lot of pictures in this book, and that some of you people already know where most of these settings are, but for the sake of those who do not know, I decided to go the extra mile for them so please bear with us)

To make changes to the way Windows Update behaves click on the setting labeled "Change settings" as seen in the picture above circled in blue. For those of you with Windows 10 or another operating system, you will be able to disable Windows update by following the examples coming up in the section about Windows Services, but you should read this part anyway.

This will open the last menu that we are interested in where we can disable automatic updates and do them when we want to, thereby freeing up our computer resources, including the speed of your Internet connection. See image below

As you can see in the image above I have unchecked the two boxes on the bottom, and the drop down menu item above them I set to 'Never check for updates" notice it also says (not recommended) but no problem, we know what we are doing. Just make sure you do a Windows Update at least once a day, or once a week, all though I must confess that I almost never do any updates at all, unless of course I am installing a game or some other software that demands it in order to be able to use that software, it is totally up to you.

I know what you are probably thinking, "But Microsoft and people all over the Internet say that we must do updates continually to be safe from hackers and viruses" and you would be totally correct, that is what they all say! Nonetheless, you can do what ever you believe is appropriate, all I know is that I never do any updates at all unless I am installing software that will not work without that update, and even then I weigh the decision on whether or not I really want to use that application bad enough to enable updates.

You might be wondering how this has worked for me in the past and wondering whether or not I have had problems and or viruses due to the lack of updating windows and the answer is that regardless what Microsoft and other people or articles online say, I never have any problems at all, my computer is faster, I have more system resources than those people who let Windows Update run in the background, and my Internet connection is faster than theirs as well (unless of course they are paying for more bandwidth to compensate for the slow connection)

It is also important to do whatever your company wants you to do if you are on a company computer at work, if that is the case then definitely do whatever your company policy requires you to do, after all, it is their computer and not yours, but if we are talking about your personal computer or laptop at home the decision is yours and only yours to make.

Do however keep in mind that if at any time you plan on connecting to the server/computer where you work, then you have more to think about than someone only concerned with their own personal computer, because by connecting to the company computer where you are employed, your obligation to them is far more important than someone who is on a stand-alone computer and never wants to connect to any other computer, and likewise does not want anyone to be able to connect their personal computer such as myself. Always check with your Network Administrator and/or boss before making any changes to a company computer.

Now moving on, there are a couple of things that you may want to enable which the average person does not know how to do, it will make things a lot easier as we go along in this book. Microsoft made it simple back in the days with windows 98, as soon as you installed the Windows operating system you immediately seen on your desktop the "My Computer" icon. This is important to me and it should be important to you too, as you will soon see, having this icon on your desktop will save you time as we go along in this book, and you will use it more than you think.

You can remove the icon any time you want, but to speed things up until we are through lets add the "My Computer" icon to your desktop. To do so simply right-click on your desktop and click "Personalize" and then click "Change desktop icons" see image below

If you prefer you can click the "Start" button and then right-click on the "My Computer" setting and click "Send to Desktop" (create shortcut) this will create a shortcut to "My Computer" and put it on your desktop which is basically all that we are doing here in this step, we are making a shortcut to your computer, you will see why it is so important in a minute.

Now that you have a shortcut to "My Computer" on your desktop right-click on the "My Computer" icon and click "Manage" (if you did not make the shortcut on your desktop then you can click "Start" then right-click on "My Computer" and click "Manage") you can also start this menu by clicking the "Start" button and typing "compmgmt.msc" without the quotes in the run or search bar and press enter.

Do you see all of the options that you have here? It may look confusing at first, perhaps even a little intimidating, but when we are finished here you will love this screen. From this screen you can do just about everything important that you will ever need to do, such as defrag your hard drives, clean your hard drives to make more disk space available, you can click on the "Device Manager" tab to see if you have any drivers that are not working, for instance if your printer is not working, look to see if there is a yellow or red icon next to the printer driver.

Even more important, we will use this screen to check and fix a lot of security leaks that may be leaving your computer open for identity thieves, as well as make changes to speed up your computer and/or Internet connections. This one menu is quicker and easier to use than opening one screen to clean hard drives, another to defrag and so on, see image below

You may notice in the image above that one menu item on the left says "Shared Folders" that setting is where you check to see what is being shared, such as hard drives, folders, and so on. I know that I personally do not use my computer as a server, nor do I share anything with any other computers. I do not want anybody in my computer at anytime unless it is here in my house while I sit and watch them.

Please keep in mind that I am talking about a "stand-alone computer", one that is for you and only you and/or your family and friends, and one that is not being shared online or with any other computers locally, or remotely, including wireless devices such as cell phones or laptops.

I will instruct you on how to lock everything down to make your computer way more secure, and still be able to share your internet connection with friends and family visiting your house.

So your cell phones, laptops, and other things that you want to access the Internet with, will still be able to go online but the way I do it, and will show you in this book, will make your computer way more secure and at the same time still allow their devices you use your internet service. Keep in mind that cell phone hacks are so good that a cell phone user can log on to your computer and do anything that they want.

For anyone that does want to share their computer with other users online or locally I would suggest that before applying any of the fixes in this book to secure your computer from identity theft or other prying eyes, you use great caution because you could accidentally disable your network and other people will not be able to connect to your computer.

Moving on to the good stuff, and this next section is a little less intimidating than the "Locale Security Policy" that we seen earlier in this book, so that should put a smile on your face. Lets get started!

First step is to right-click on the "My Computer" icon on your desktop, or click the start button, then right-click on my computer and then click "Manage" next click "Local Users and Groups" as seen in the image below

You will see two icons on the right side labeled 'Users" and below that icon "Groups" go ahead and click on users, to the right you will notice some icons labeled "Administrator" one will be "Guest" and after that the rest will be your user name and if other people in your family or office use the computer they might have a user name listed there as well.

One of the most obvious security flaws is the first username that you see which is labeled "Administrator" as seen in the image above. Why is that a security risk? I am glad you asked, it is a security risk because everyone in the world who has ever owned a computer knows that there is a main account named "Administrator" and this means that all they have to do to log on to your computer is type the username "Administrator" to have access to your computer.

Keep in mind that they will have a screen on their end showing your desktop, all of your files and folders, and they can see everything that you do, every word (or password) that you type, and since the Administrator account is the main account they will have unlimited access to everything, giving them the ability to delete anything they want, even the ability to change your password and lock you out of your own computer if they wanted to, and you will not see them at all.

Now that I have told you this, I hope that when you installed Windows you did put in a password during setup phase for the Administrator to help protect that account, if you were lazy and just pressed the enter key then guess what, even a child can log on to your computer from the Internet or even a neighbor next door to your house and that is bad.

If you did not put in a password for the Administrator you can do that now by right clicking the Administrator icon and then click 'Set Password" Then to make your computer even more secure, since we know that everyone knows there is an account on all computers named "Administrator" we are going to throw them a loop by renaming the "Administrator" account to some other name as I always do.

The reason for this is because there are password programs out there that can find out what your password is in a matter of minutes, if not seconds, by doing a brute force or dictionary attack. These programs are pretty much like the ones you see in movies that start with the letter "A" in the alphabet and they will go through the entire dictionary trying to find out what words you use in your password.

Even the hardest password in the world with military encryption can be hacked in about 48 hours. That is why when I am not using the Internet I shut off, or unplug the power to my cable Internet router, if yours does not have a power button simply unplug the RJ45 cable that goes from it to your computer, in fact that is the way that I do it.

That way if they have been trying to get your password for lets say two hours and then you shut off the Internet, guess what, they have to start all over again. You do not have to take my word for it, do a search on Google and you will see that most popular computer magazine articles also recommend shutting off or unplugging the cable modem when you are not using the Internet.

Now that you know how easy it is for a hacker to get your password with hacking software, you probably see why renaming the "Administrator" account to some other name makes sense, because if they do not know the name of the account, then a password is irrelevant, it does them no good to have a password if they do not know the name of the users account.

I always try to make up a name that is not in the dictionary, and then click on the "Groups" sub menu below that and change the name there as well. I usually make it the same as the one in the user group, but add an "S" or "Z" to the end, because you do not really want them to be named the same, or you will get confused later. Below the "Users" icon that you clicked on, you will see the one below it labeled "Groups" go ahead and click that one now

Notice that in the image I have the names on the right all renamed to a name that I made up that is not in the dictionary. O.K. I give you that, I did get a little carried away, but since I became an author hackers immediately assume that I have money and I am constantly being hacked and having to change my passwords, not just on my computer but online as well, such as my yahoo password and so on.

Use whatever names you can remember, but never use a word in the dictionary or a known standard name such as "Wayne" For instance, rather than using a typical name that everyone knows, and keep in mind that these hackers can download name and password lists for the scanners to go by, change the name "Wayne" to "Wyn" that way you are more secure, otherwise a hacking program will quickly find your name and give hackers access to your computer. Want to be even more secure than that? Use numbers and/or symbols in your user names and passwords.

There is not much else that you need to mess with in these sections, but if you look at the "Shared Folders" section just above the "Local Users and groups" you will be upset once again. Go ahead and click on the icon labeled "Shared Folders" and then you will see on the menu to the right that there are a bunch of icons with the dollar sign at the end of the share name, and they are all, every one that you see there, being shared for just about anyone to access. Say "Thank you Microsoft!" See image below

Why are these being shared? Beats me, I personally do not want anyone logging on to my hard drive and seeing my personal information, what about you? Here is the kicker, when you right-click and try to disable them (stop sharing them) it lets you stop sharing them, all but one that is, they will not allow it to be stopped ever, not to worry though, I will even show you how to disable that one, but notice that when you try to disable the share (stop sharing it) it says that when you restart your computer they will be shared again! See image below

That is correct, you did hear me.... ah, I mean read me correctly, they are only allowing you to temporarily stop sharing your hard drives, as well as the other items that you see there, and as soon as you reboot (or turn off your computer and then turn it back on) guess what.... there they are once again being shared for just about anyone to access (see image below)

My customers become outraged when I show them this, and I do not blame them one little bit, after all, who is Microsoft to tell me that I have to share my hard drives and all the information on them with anyone. By golly it is my computer and I should be able to stop sharing them if I want to, and in fact they never should have been shared in the first place!

The good news is that I am going to show you how to work around that and disable every single one of those shares and they will not come back again! (Man is Microsoft going to hate me for this one) but before I do show you that, since I am trying to go in a certain order here, lets work our way towards that setting where we will stop sharing for good.

The next item that I would like to point out to you is not so much a security risk, but you will be glad that I included it in this book because there is a "resource hog" in your computer that uses a large percentage of your memory (R.A.M.) about twenty percent or more, as well as about twenty percent of your CPU, and a large percentage of your hard drive space as well.

You can Google it to find out the exact amounts but nonetheless, it is something that you really do not even need running. If you look below what we were just working on you will see "Disk Management" click on it to find out what the resource hog is, see the image below

These are your hard drives and/or any flash drives or any other type of storage that you have attached to your computer, whether it be internal or external, such as a flash drive attached to your USB port. If you right-click on your main hard drive which is usually the "C" drive, but not always, basically you want to click on the hard drive partition that Windows is on and then right-click and select "Properties" you will get a menu as seen in the image below

At the bottom of the picture seen above, you will notice that I put a red circle at the bottom of the menu where the last check box is, you can see it in your menu that you should have open now, it is the box that says "Allow files on this drive to have contents indexed in addition to file properties"

If it is not checked then please do not check it. This is called "Indexing" most people are confused about what this setting is used for, so they just leave it checked. When you first seen it you might have been confused too, but some of you that know what indexing is will have a general idea of what it does.

However what it does not tell you is that it is one of the biggest resource hogs in Windows and like I said earlier it uses a bunch of your memory, CPU resources and a big portion of your hard drive as well. It runs almost continuously, slowing your computer down, and you really do not even need it.

What it is supposed to do is index or catalog everything in your computer so that when you do a search it is supposedly faster. Guess what, I have it disabled and the searches do not seem any slower to me at all. Here is the most important thing to remember about this setting, what I am about to tell you is just to give you an idea of how much of your resources this service consumes.

I had a customer that really liked a game and he wanted to play it, so he went out and bought the game and installed it. After the install finished it did not work. The game would start to load and freeze up before the introduction even began. I disabled what I am showing you now "hard drive indexing" as well as a couple of other settings that I will show you in this book, and not only did the game play, but it played perfectly, never froze up again. He still brags to this very day about how much faster I made his laptop by disabling a bunch of stuff that he really did not need!

You can Google any of this stuff that I am showing you in this book and double check what I am telling you about the "Indexing Service" if you like, and by all means I suggest that you do, just in case things have changed since I wrote this book, but you will find that most people have it disabled and are glad that they do.

I personally quit using Windows search all together, I have started using something that is lightening fast, it blows windows search away a hundred times over, it is "Quick Search" by Glarysoft at <http://www.glarysoft.com/quick-search/> and let me tell you, I have been a computer technician for many years and have never seen such an awesome and quick search tool ever. Once you try it you will never want to use windows search again.

So, if you want to disable this resource hog called "indexing" uncheck the bottom box, If a warning pops up just click "Ignore all" but I must warn you, be prepared to wait a few minutes if you have had your computer for a while, because it has to disable a lot of stuff, but keep in mind that the longer it takes for your computer to disable these settings, the more resources being freed up to make your computer much faster. Take my word for it; you will see a significant difference. If a warning pops up just click "Ignore all" I always do the same thing to my other hard drives as well!

Note: If this is a work computer and not your own personal computer, please do not do this unless you have talked to your boss or Network Administrator first.

While we have this menu open go ahead and click on the second tab on top labeled "Tools" as seen in the image below

Remember that I said you could do just about everything from the menu that comes up by right clicking my computer and selecting the "Manage" setting? This is one of the tools that I was referring to. Here you can check your hard drives for errors, defrag them, and even backup your system. Cool huh? You could also click the "Start" button and type this in the search box " compmgmt.msc"

Speaking of defrag, you should defrag your hard drives often for best performance and to guarantee that your data will not get corrupted. Now close that window and we will move on to the next big setting.

#  Chapter Three

## Services and Applications

This one is a bit time consuming but it is of utmost importance, when you right-click on the "My Computer" icon on your desktop and select "Manage" you will be introduced once again to the "Computer Management" menu that I showed you earlier. This time what we are interested in is almost to the bottom on the left side pane, see the choices just below where we were earlier on the left hand side labeled "Services and Applications" double click it and below that is a sub menu item that we want to click on labeled "Services" see the image below

You can also type "services.msc" from the Start/run menu in all versions of Windows. You might want to take a break before wrapping your head around this one, because there are quite a few settings in this one that I consider security risks (some of the services that are left open allowing access to your computer) I will not cover all of them, that would make this book way too big.

I will show you what I consider to be the most important security risks as well as which settings we can change to make your computer and Internet faster like the setting that we did earlier (indexing) and remember when I told you that we would still be able to stop those shares, this is where we will do just that.

First and foremost one of the main things that you must decide is whether or not you are going to let other devices connect to your computer. I had some neighbors that were not anywhere near as good as I was when it came to computers, but when it came to cell phones they knew things that blew me away.

If you are not afraid of cell phones then you should be! This neighbor told me about cell phone apps that they can put on your phone when you let them use it to make a call, but rather than making a phone call like they told you they were going to do, they download an app to your phone, it only takes a few seconds.

That app stays hidden on your phone and you do not even know that it is running in the background, and he said that this software gives him full access to your phone and all of its settings. He said it allows him to read all of your messages, emails, see anything that you do, he can even see your passwords, and the credit card numbers that you type in.

That is scary folks! This software is downloaded to your phone without your knowledge when you let them use your phone with the pretense of making a call, but rather than make a call like they said they wanted to do, what they really do is download this app to your phone. Like I said, it only takes a couple of seconds (assuming your phone has Internet capabilities)

This neighbor thought that he was all that until a couple of hours later I could hear him outside my house talking on his cell phone and I used my computer to shut his phone off in the middle of his conversation with a remote shutdown application that shuts down any wireless device or connection.

These people can even view your every move through your own camera, both on your cell phone and your laptop as well, not to mention that people can also monitor you through the camera attached to your home computer too! That is not all; did you know that they could hear every single word that you and your friends and family say through your own microphone? It is true!

I had a customer and his wife that I told this to and they did not believe me so they went home and Googled it, when they came over the next day with their laptop they had a piece of black electrical tape covering the camera on both of their laptops, they said "Man I thought you were full of crap, but you were right! We went home and Googled it and when we found out that you were right, we put this piece of tape over the camera"

I replied, "That is a good start, but did you disable your microphone?" They looked at me dumbfounded. They had no idea that people could listen to every word spoken by them or anyone else in the room by using their own microphone on their devices such as mobile phones, tablets, laptops and even home computers. There is software that will do this, if you Google "Spy Camera" or something to that effect you will see plenty about it.

I am not trying to scare you to death, the main purpose of this book is to reveal to people all of the flaws and security risks that are making all of this identity theft possible, in fact not just possible but easy!

Keeping in mind what I just told you about the microphone on your laptop or your home computer, has anyone at home ever asked you for your password so they could log on to your computer? Perhaps one of your kids hollered out "Dad, what's your password?" Did you say it out loud? There can be software put on your computer recording everything that you say and do, even when you are not on the Internet.

In fact one of my friends told me that she was mad at her son because she found out that he set the web cam on her computer (which was in her bedroom) up so that without her knowledge he could see and hear every single thing that she and her friends or anyone else in her bedroom did, and he recorded and saw way too much. In fact he even watched one of her best friends having sex in that bedroom unbeknownst to them.

I know people that claim to have used their neighbors wireless signal to log on to the Internet without the peoples permission or knowledge, not only that, but they claim to have had full access to the peoples computer as well.

There is software that you can download from the Internet that will crack a wireless password in just a couple of minutes, in fact, some times it can crack a password in just a few seconds, thus giving them full access to the Internet service that you are paying for, and even allow them to access your computer.

After I graduated from a Microsoft Certified College in a Microsoft Certified Systems Administrator (M.C.S.A) course top of my class, I opened an office of my own and some of the accounts that I had were set up so that without leaving my office I was able to log on to the server they wanted me to fix, see their desktop on my screen from my office and fix whatever was wrong with the servers and/or computers, without leaving my office.

That is what these settings were actually created for, they were created with good intentions, so it is not that Microsoft is evil, they are not, it is evil people taking advantage of these good settings that make all of this a problem.

I can verify the fact that an individual can log on to your desktop and be doing things but you will not even see them, by my own experience using some of these programs for legitimate purposes. You also need to decide if you want to share files and/or folders with other people, such as your friends or someone at work.

I can tell you this; sharing a folder or file creates a Windows Firewall exception for "File and Printer Sharing" and that exception opens Connection Ports TCP 139, 445 and UDP 137, 138 in order to allow access from any computer on the network, including computers on the Internet.

Unless you block incoming connections on these ports using a hardware firewall, firewall server, or other Internet-sharing device, your computer will be vulnerable to attacks from the Internet as long as your Internet connection is active.

While you are trying to decide whether or not you want anyone else accessing your computer, I will go through the most important services that we need to lock down first. You should be logged in with an account that has administrative privileges in order to be able to make the changes that I will show you in this book. So lets start with the one that I told you about earlier

While I am here at this setting, it might be easier for you, and I as well, if I explain something to you. There are two ways that you can view these services as we go through them, so I was trying to decide which view to go with, not sure if one would be less confusing for you than the other. Nonetheless, at the bottom of the menu there are two tabs that you can toggle in order to get whichever view you prefer. Here is a picture of the two tabs that I am referring to which are located at the very bottom of the menu

As you can see they are labeled 'Extended" and "Standard" views. Basically one let's you view the description (or explanation) of whichever service you have clicked on in a pane on the left of the services as seen in the image below

As you can see in the image, the description in the Extended View is to the left of the service that has been clicked on (highlighted in blue) and some people prefer this view because it looks neater and seems less intimidating, yet some people prefer the side by side view (Standard view) as seen below

Either way, the description is always to the right side of the name of the service in both views, and since I am including pictures in this book to make it easier for people to follow along, I will probably be using the Standard view, since this view will not take up as much space in my pictures that I use in my examples. So, if you prefer to have the exact same view that I will be using in this book, go ahead and choose the standard tab by clicking on the tab with the mouse.

Since we have a picture of one of the services that I want to bring to your attention (the image above) we might as well start there. You will notice that the name of the service that is highlighted in blue in the picture above titled "Application Layer Gateway Service". If you look to the right of it you will see that the description says "Provides support for 3rd party protocol plug-ins for Internet Connection Sharing"

Here is the deal with these services; if you look further to the right of the line it is on, immediately after the description is the "Status" and after that is the "Startup Type" which is very important to pay attention to. The status will either be "Started" which means that the service is running right now and using resources (Memory, CPU, and so forth) or there will be nothing at all, it will simply be blank which means the service is not running right now.

This is important to know, because if your computer is slow then it helps to know which services are running and taking up valuable resources, because if you know which service is not actually needed you can stop that service or even disable it which will make your computer, as well as your Internet connection, much faster and more responsive, depending on which service it is.

The one right next to it is what we are most interested in and it is the "Startup Type" There are four startup types, the first one is "Automatic (Delayed Start)", the next is simply "Automatic", after that is "Manual" and last but not least is "Disabled".

They are pretty much self explanatory, obviously the "Automatic (Delayed Start)" means that the service is automatically started and running continuously when you turn your computer on but the start is slightly delayed in order to give all of your drivers and devices time to load in memory first, perhaps a five second delay or what ever the setting is.

Obviously the "Automatic" setting means that it is started immediately without a delay of any kind and it is always running. The next two are self explanatory as well, obviously "Manual" means that you have to start the service manually (yourself) but it can also mean that the service is not running until a program or application that you are trying to run needs it, and then the program will start it for you. Last, but not least is one of my favorites and it is the "Disabled" setting.

Please do not misunderstand me, each and every one of these services play a very important role in a business networked computer, however some of the services, as you will soon see, are not needed for most home users. It all depends on what you use your computer for. Even at that, there are still several of these services that you will see that are running in the background without your knowledge and are a huge security risk.

If you use your computer at home to surf the Internet and play games then it is basically what we refer to as a "Stand-alone" computer, meaning that no other computers are connected to it and sharing its resources. If however you are using the computer at work or for your own business and you have other computers connected to it sharing files, printers, and/or other things of that nature then your computer is on a network.

This is a very important distinction that needs to be answered right now before you change any settings, because if you change one of these settings and you are on a network which allows other people to access your computer and/or its resources, such as a printer that all of the computers may share and print to, then the changes you make may keep them from being able to log on to your network to use those "shared" resources.

You can still follow along in this book and we will see which services you need as we go along, and yes, you can still make your computer even more secure than it probably is right now even if you are on a network. If you are at work then please do not make any changes at all without talking to your "Network Administrator" or your boss because odds are that your boss has hired a Network Administrator to handle the security on the networked computers.

This book is not so much for work computers and networked scenarios as it is for your home computer, even though there are a lot of settings they may want to change as well. Your Network Administrator at the office where you work will take care of the security on that end, what we are trying to do is make your personal computer secure to protect you against identity theft, viruses, and prying eyes

That is what I graduated as when I attended New Horizons Microsoft Certified College as an M.C.S.A; it is basically the same thing as the guy who takes care of your network security at the office, a Network Administrator.

By no means do I want you to, or even encourage you to, make any changes to your work computer, that would be a big mistake. Never for any reason at all should you make any changes to your work computer without consulting your Network Administrator first, because he, just as I, knows how to lock down your computer and make it secure, and likewise he knows how to allocate the services to precise settings to guarantee that your computer and network operate at maximum efficiency!

However do not be afraid to follow along in this book and ask them about these settings because some of them do not know about some of the settings that I cover in this book. That being said; if you are on your own personal computer and you want to lock out the identity thieves, hackers, and viruses then by all means follow along with me and we shall do just that.

When we are finished I can guarantee you that you will notice a big difference in your computers speed and even your Internet speed, how much faster it is, and your PC will be much more secure.

Like I said, I had a customer that bought a game he wanted to play real bad and it did install but it would not start, it would freeze up as soon as he tried to start the game, and after I disabled some of these services and other settings that really were not even needed and were sucking up half of his resources, he was able to play the game perfectly, it never froze up once when I was finished.

So now that I have explained what the services are and how they work, lets get on with the show shall we? Do you remember earlier in this book when we went to the Windows Update settings and disabled Windows updates? I bet you are glad to have that resource hog tamed! Wait a minute though, this is perhaps one of the things about this book that I mentioned was going to upset you.

We did disable Windows Update earlier, for those of you who did decide to disable it, for those of you who did not disable it, that's O.K. too! You still might want to read this next couple of paragraphs so that you have an idea of what I was talking about when I said the settings I was going to show you might just make you angry with Microsoft.

For those of you that did disable Windows updates, I am going to show you something that is totally going to make you angry, if not then you are a better person than I, because when I first realized this I ranted and raved like a mad man.

Yes I went to a Microsoft College and I have the utmost respect for the entire Microsoft crew, but even though I graduated top of my class and was even offered a job as one of the Microsoft Instructors, most of the settings that I am showing you in this book were not taught to me at all, I found these things out on my own over the years while I worked as a technician.

Here we go, and please do not call Microsoft and give them a hard time over this or any of the other settings that we are getting ready to go ever right now, I am sure that they have a good reason for setting things up the way they do, whatever the reason is, it is leaving us wide open and unprotected in my opinion.

We did disable Windows Update earlier if you remember, I even rebooted my machine afterward to make sure that the settings took and were registered in the system registry, so right now Windows Update is disabled, but wait a minute.... say what? What are you trying to tell me (as if this book has ears) you say that you did not really notice a boost in performance or the speed of your Internet connection! Really? Then I bet that you are upset with me now.

Lets go see what the problem could be. Please scroll down to the 'Windows Update" service near the very bottom of the menu. There are a lot of services so you will have to scroll down quite a ways, or better yet just do what I do; make sure that you have clicked somewhere in the menu and just tap the "W" key, this will take you all the way down to where the services that start with the letter "W" in the name begin, pretty nifty huh? I have all kinds of cool tricks like this to show you.

Now for the part that is going to upset you, take a look at the "Windows Update" service that we disabled, is it running? How can that be? We disabled it so there is no reason for it to be running at all, unless that keyboard gremlin got one over on us (smile)

When you look at the "Windows Update" service that we told not to run earlier in the windows settings, you will see that the status probably says that it is "Started", by the way you can right-click that service and select "Stop" if you want it to stop running, but that is only temporarily, it will start again after you reboot your computer, if not sooner.

Notice the image below no longer says started but yours probably still does

The reason that it no longer says "Started" on my computer and in the image above is because I just stopped the service, but it is probably showing "Started" in your menu, so I am going to show you how I stopped it, that is what I would like you to do right now, for practice if nothing else. Even if you do want it running, you can restart it again. Right-click on 'Windows Update" and then click "Stop" see how easy it is, you can also do it again only this time select "Start"

Oh yeah, I'm sorry, I often forget that I have A.D.H.D and tend to skip around a bit, I was going to show you what was really going to make you angry right? Well if you disabled Windows Update earlier when we were on that section of this book, then you were probably mad that it was really running in the background regardless of the fact that you told it not to run.

That alone is enough to upset you, but wait... there is more! O.K. take a look at the "Startup Type" of this service and you will see that it is set to start with an "Automatic (Delayed Start)" even though we disabled it earlier. Since we told it not to run at all, it should say "Disabled" or at the very least be set to "Manual" but it does not. What's that, you say that you are still not angry? Man I wish that I had your temperament, now right-click "Windows Update" and click 'Properties" and you will see a screen that looks similar to the image below

Notice again that it is set to start even though we disabled it earlier, what.... oh I already told you that, well hold on to your britches (or skirt which ever the case may be) and click on the third tab labeled "Recovery" what the.... I do not even need to include a picture this time; I think you get the idea.

What you are seeing there is supposed to be a fail safe for Administrators in case there is some kind of problem with the network or the server and it starts to go down or has a glitch of some kind, perhaps a virus that tries to shut the service down, the fail safe kicks in and restarts the service anyway.

That is all fine and dandy in Microsoft candy land but these are our computers and I do not know about you but when Microsoft wastes my time having me open a menu, click on this and then click on that and go through all of that trouble to disable a service like we did earlier in this book when we disabled "Windows Update" by golly I expect it to do just that. So tell me this, why does their software even have that menu to change the settings and/or disable Windows Update that we used earlier when we disabled Windows Update in the first place, if they never intended for it to work?

My customers become infuriated when I show them stuff like this, but hold on, you haven't seen anything yet, wait until I show you the big holes they were kind enough to leave in our security. Now you probably want to do something about this right? No not shoot Billy Bob silly; we are going to fix this software of his real good! Click on each of the drop down items and select "Take No Action" and then click back on the first tab and make sure that you have the service set to "Disabled" as seen in the image below

There you have it, we just did a foot sweep on his ass, take that Billy boy! Another one on the list here is the "Computer Browser" service. The Computer Browser service is a good thing if you and a friend want to browse each others computers for files or if you are perhaps running an FTP Server, but for the most part, having this service running for each other leaves you both open to attacks and perhaps even identity theft, because the service is running and open for a hacker to penetrate and access all of your data as well.

So it comes down to the question "How bad do you want to share your computer files with that friend?" Is it worth having a bunch of network applications running and bogging your computer down? Is it worth having a network connection that hackers can use to access your data, steal your identity and file your income taxes in their name?

You must be open minded and honest with yourself and decide whether or not you want to share your files with your friends knowing that it also leaves you open to attacks from other users and hackers. Sure you can have a good password, but as I already mentioned, passwords can be hacked in seconds.

The problem with this service is that it lets other people log on to your computer and browse through your files and personal documents. Sure you probably have a secure password and user name, but keep in mind that even the best military encrypted password can be hacked in about two days, but the average users password can be hacked in just a few minutes. By the same token it lets you log on to their computer and browse it, if they do not have it secured, but for the most part it is a big security risk. If you do log on to your computer with your laptop and browse it, then do not disable it.

However, if you are like me and you do not want anybody to be able to access your personal computer, then you definitely want to disable this because it is a huge security risk. Terminal Services is and always has been a huge security risk and hackers use it to infiltrate your computer from DOS or what is also referred to as the command prompt.

There is not much sense in me showing you any more pictures for the services category now that I have shown you how to use it and how to disable and/or set the services to manual or whatever setting you choose.

By the way, please do not get all carried away and go off by yourself tweaking any of the settings other than the ones we are discussing, if you do then your do so at your own risk and I can not, and will not be held responsible. I originally decided against writing this book knowing how important these settings are and the devastation that a rogue user could cause, so please do not make me regret putting my trust in you, my awesome reader.

If I do not mention a setting here in this book or say that it is safe to change, then please do not do so unless you read about it here in this book or you talked to a Network Administrator that knows these settings real well, because setting just one of them wrong can render your computer inoperable, causing you to have to reinstall the operating system and possibly cause you to lose all of your previous settings, or worse.

If you do get brave and decide to go about changing settings other than the ones that I mention in this book, then at least do yourself a favor and make a restore point first, or I can guarantee you that you will wish you did. Any changes that you make to your computer or any other system you do so at your own risk.

Now that I told you that, you could disable the Computer Browser service if you want to, how do you do it? Just testing you to see if you are catching on yet, but of course I will tell you, for those who are still a little confused. After all, this can be a lot to take in for a regular computer user, and even more so if you are new to computers or an older person that never really owned a computer until recently.

Locate the " Computer Browser" service and right-click on it with your mouse, and then click "Properties" as shown in the image below

Yes I know what I said but I figured I had better give you one more example with images just in case, gee what a nice guy!

After setting it to "Disabled" you can then click on the "Recovery" tab and set all three of the drop down items to "Take No Action". See it is not quite as hard as it seems at first is it? Nonetheless do not get over confident because I could not afford to put a pop-up of myself in the book and therefore would not be able to fix it for you.

Moving on, the next setting that is just as important is "Remote Registry" and in fact it is actually even more important than just about everything else that I have shown you so far. The registry is very important, like I said earlier in this book; you do not want anyone in your registry ever!

Your registry is like the most important part of your computer. Think of the registry like your brain, every single transaction that is done is run through the registry first. The registry contains important information about you such as your Windows product key, your name, your machines name, and much more.

However it is more than a mere database, it actually has settings that control every single thing that your computer does. It controls your monitor, your printer, even your sound device and simple things like your mouse. Messing with it could be like giving your brain an aneurysm.

If you do not know anything about the registry I strongly suggest that you stay out of it. The last day of our class when I attended that Microsoft College that I mentioned earlier, they conducted what is known as "Sabotage day" and when you arrive in the morning your computer has intentionally been disabled and you have eight hours to completely fix the computer and get it working or you do not graduate

To give you an idea of how serious the registry is, my instructor said this to everyone that morning "O.K. everyone, in a minute I will let you begin fixing your computers, but first I want to let everyone know that if you can't fix your computers by the end of the day I do not want to hear any whining.

You guys should all have your computers fixed by the end of the day and then you will get your diploma. The reason that I said I do not want to hear any of you complain is because I only messed up a couple of things on all of your computers, but since James (Wayne is my middle name) is the top student in the class, in fact he is so good I think he has taught me more than I taught him.

Anyway since James is so good with the registry, I not only damaged his computer ten times worse than I did any of your computers, but I even messed with his registry, so you guys have no reason to complain, I went easy on all of you.... but I messed his computer up so bad, take my word for it, he will not have his computer fixed at the end of the day and he won't get his diploma!"

One of the students asked "What did you do to his registry?" and he replied "Just never you mind, put it this way, James always talks about how good he is at working in the registry, he has brass balls because I do not even get in to the registry and mess with it, and I am a certified instructor! So like I said.... Good luck James!"

So the registry is that important, not even the instructor at my Microsoft Certified College would get in there and mess with it.... so beware! For the record, I had my computer fixed in just about the first twenty minutes of class that morning, and of course did get my diploma.

As a matter of fact all of the instructors were in the break room drinking coffee and as I walked up to the door I could hear them all laughing so hard it is a wonder they didn't "bust-a-gut" so to speak, and before I had a chance to knock I overheard my instructor laughing and saying "James will still be here at midnight trying to figure out why his computer will not work!"

You should have been there, when I knocked and my instructor came to the door, you could have heard a pin drop when I said "Can I have my C.P.U back?" I have to give him credit though, when you put a C.P.U in a computer the very next step is putting a huge heat sink and fan on top of it, so an ordinary user never would have realized that the reason the computer would not work is because someone took the C.P.U out of it.

Anyway, he told me the C.P.U was behind his desk in the classroom, and after I turned and started walking off you could hear everyone in the room bust out laughing at him!

Well, what do you think of this book so far? Take my word for it; you have not seen anything yet! I contemplated writing this book for a couple of years. I have many customers and every single one of them is particular and will not let anyone work on their computers except me, and they kept telling me that I should write all of this knowledge that I have down because they have never met a technician that knows all of the things that I have showed them.

I had a surgery once and was in the hospital for over a week, it took me about a month to get to where I would even touch a computer again, and one of my customers needed his computer fixed real bad, but he refused to let anyone else touch his computer. He waited over a month for me to get well, and according to his wife him not having his computer was driving him stir crazy, but he waited until I was able to work on it again.

The reason that I am telling you this is my customers have told me that nobody they have ever met is as good with computers as me, and they all refuse to let anyone else touch their computers. I guess I have them spoiled, because they were telling me that when they did pay other technicians to work on their computers the technicians charged them more money than I ever did, and they really did not fix much of anything.

Most of my customers have had bad experiences with people who have worked on their computers in the past, some of these shady characters that they let work on their computers before they met me have swapped them parts, some of them have even stolen parts from my customers computers and that is how they ended up being introduced to me.

The reason that I am bringing this up is because it is very important that when you do let someone work on your computer, before they touch it at all, you should make a note of exactly how much Memory you have installed, also write down the type of CPU that you have such as the speed and the type that it is like a Quad core, or whatever it is, and even the size of your hard drive.

Please don't get me wrong, there are still plenty of good hard working people in this world who are honest such as myself, just not a whole lot of them in my town apparently. So keep an eye on people that work on your computer. If it is a technician from a big store or from an established computer repair outlet or something like that then you probably have nothing to worry about, but if you call on a PC Repair technician from "Craigslist" or from your local newspaper ad, then by all means keep an eye on them and keep them honest.

Anyway that is what got me to thinking about writing this book, my customers all say that they have met other computer technicians who are pretty good, but none of them knew about a lot of these things that you are reading about in this book, so I got to thinking that I should document some of this knowledge that I have accumulated over the years (over forty years experience as a PC Technician) because at my age, who knows what could happen and I would hate for all of this knowledge to die with me, besides that, people have a right to know about this stuff.

I can't begin to tell you how many times I have shown my customers the information that Microsoft actually saves about you and your habits, even the information about folders and files that you accessed are logged in the registry and other various places on your computer, believe it or not.

I will give you an example right now, and do by all means download this application that I am getting ready to tell you about, you really should, because it may just scare you when this application shows you all of the information that Microsoft gathers about you in the background.

When you download this program be sure to make a restore point before running it just in case something goes wrong, though I must confess I have ran it many times and never once had any problems at all, except an explosion of anger and bewilderment when it showed me all of the information that Microsoft has been keeping on me and my customers as well.

Download " ShellBag AnalyZer & Cleaner" by Goversoft and then run it, when this program reveals all of the things Microsoft logs about you I can almost guarantee you will be upset. When you look at the screen you will see that it logs files that you have opened, not just recently, but even going months back, it also shows when you changed settings, and it shows way more than that.

Please be careful if you run the "Cleaner" part of the application that this software comes with and pay close attention, only do what the software tells you to do. I have never had any problems, but after the cleaner is finished running a pop-up message warns you to log off or reboot your computer before doing anything else. Make sure that you do exactly as asked.

Microsoft Windows keeps a setting in the registry that records just about everything that you do, it keeps a record hidden in the background unbeknownst to you known as "Shellbags" and even though the are known to state "We do not keep any information about any of your other hard drives except the windows partition" you will quickly see that is not true! I know that it showed when I accessed my other hard drives and even the files and folders that I accessed.

These keys are useful to a forensic investigator, and they actually keep the information even after the file or directory have been deleted. They record and keep track of hard drives or other mounted volumes, deleted files and folders, as well as all user actions! So if you delete a file or folder you did not want anybody to know about it will still be in your registry, even though you deleted it!

When you run the program you will immediately see what I am talking about, why they keep this kind of information is beyond me, I sometimes think to myself "Well... if this is how they catch terrorists, or perhaps child pornographers then I guess it is a good thing" but is it? At what point do we say "Wait a minute! what about our privacy?" Is this perhaps how these identity thieves are getting all or some of our information?

You always hear that the reason hackers try so diligently to hack into our computers is so that they can get our personal information and steal our identity, or hack into our bank accounts, but did it ever occur to you that the very information they are after is not logged by us but by our software? Did you know that the biggest portion of this information is gathered by hackers and sold to companies in order to analyze our shopping and or other daily habits? Some of these are huge companies that we shop at.

Have you ever been on Facebook or some other web site that you use only to notice that the advertisements in the right panel, or somewhere else on the web page are exactly what you were just browsing earlier, in many cases the exact item your were shopping for and perhaps even bought?

Let me tell you something my friends and awesome readers, I always have and always will appreciate all of you out there that read my books, and therefore you will never get anything but the truth from me, or what is the truth to the best of my knowledge, so I would be of little use to you if I were to bare false witness, I would never do that!

I always have been and always will be one hundred percent straight up and honest to all of you, my readers, and anyone else for that matter. In fact some of my friends have said that I am honest to a fault. So you can bet anything that I write unless of course it is a book of fiction such as a murder mystery or something, anyway you can bet that anything I say is true and correct to the best of my knowledge, so I can not tell you why they keep so much information about us, I can only speculate.

When my customers say "This makes me mad, why does Microsoft leave these settings open and expose us to threats like this?" my answer is always the same, I tell them this "I really do not know, I would like to think that it has something to do with Homeland Security, and if it does then I am fine with that, but they could at least close those back doors when they are finished browsing through our computers rather than leave the door wide open for hackers to get in"

All too often the blame goes to the user opening an email from someone that they did not know, and don't get me wrong, that does happen often, but now that you have seen some of the security risks that I have shown you so far, you can unload some of that guilt from your shoulders because now you know it may not have been your fault after all.

Look at it this way, sure it is possible that you opened an email which let the person who stole your identity get in to your computer to get your personal information, but if the backdoor is wide open, why would a burglar go through the window?

Here are a few tips for you to live by; keep your computers secure and away from Anonymous Users and/or people that you do not know, and the same goes for your cell phone as well. A cell phone is no less than a miniature computer, but far more dangerous in my opinion!

After all, you use your cell phone for just about everything, therefore it is full of important personal information about you! You go online with it, pay your bills with it, check your bank account with it, even make purchases online with it, yet when somebody asks to use it to make a phone call we are all too eager to let them use it. I think perhaps we sometimes forget just how much information really is in our cell phones.

Let us not forget what this neighbor of mine brought to my attention, the fact that an individual can ask to use your cell phone with the pretense of making a call, only to install an app that records your passwords, bank account information, basically everything that you type, and much more!

Another good rule to live by is when you are not using the Internet on your home computer; unplug the high-speed Cable/DSL modem cable (usually RJ-45) from your computer. Some of my customers leave theirs on twenty-four seven and then can't understand why they have so many problems. I would like to know why they quit putting power buttons on them in the first place... could it be that they did not want us to be able to turn it off and shut them out?

Now, the next service that we will take a look at is the one that I mentioned earlier and then I strayed away from it when I went into detail explaining how these services work and showed you how to change the settings, and that service was titled "Application Layer Gateway Service".

If you look to the right of it you will see that the description says "Provides support for 3rd party protocol plug-ins for **Internet Connection Sharing** " This is another security risk in my opinion, first of all if you have a wireless cable modem that you got from your high-speed Internet provider, or any kind of wireless service and you have "Internet Connection Sharing" enabled, you may begin to notice that your Internet speed is getting slower and slower, almost to the point of not even working at all, just like what happened to one of my customers.

The reason that her Internet was freezing up was she had "Internet Connection Sharing" enabled, all though she did not know it, and she was directly connected to the Internet with what is referred to as a "wired connection" meaning her computer had an Ethernet cable that went from her high-speed cable modem directly to her computer, and why she asked them for a wireless router is beyond me, since she was hard wired to the Internet and did not have a cell phone or a laptop at the time.

Perhaps they just gave her a wireless cable modem because that is what they pretty much give everyone these days, one that is hard wired but is also a wireless router as well. That is fine if you have a few friends and family members that want to use your Internet connection to get online with their laptop or cell phones when they come over your house to visit, but she had none of those things.

She is a nice woman and helps people all of the time, but when I told her the reason that her Internet kept freezing up on her was that a bunch of her neighbors were connecting to the Internet through her wireless router she was not amused. Come to find out she had let a neighbor look at her router and he wrote some information down.

What do you suppose it was that he wrote down after looking at her high-speed router? We found out the answer to that real quick. Here is a warning for you, a heads up if you will, never let anyone, especially a neighbor that lives fairly close to you, look at or even mess with your high-speed cable modem/router that is supplied by your Internet Service Provider.

Why? Because if they write down the access code and password that is labeled on the side of your router (usually on the side, sometimes the back or bottom) with that information they can hijack your Internet service and use it for free. You will usually be able to tell, because your Internet service will get real slow.

These people will use your Internet service rather than pay a monthly bill of their own if at all possible. All of those people were using up her bandwidth to the point that she could just barely even use it herself to check her email, and I am not talking about a slow modem connection like in the old days with a 56k modem, she had a fast high-speed Internet service and was paying for five millions bits per second. Not only did they have access to her Internet service, but her computer as well.

Another reason that some people want to access your high-speed Internet service is because they want to steal your bandwidth and resell it to other people. Sounds far fetched doesn't it? If you find it hard to believe, go to Google and do a web search on the subject of "Bandwidth Pirating"

Well unfortunately it is the truth, it even happened to me in the past, only I am so good at what I do I was able to capture their information, and after a few tricks here and there and after doing an Internet "Who is this IP" lookup I found out who it was and I actually knew this person very well.

I called my Internet Service Provider that happened to be one of the most well known Internet Service Provider's in California at the time, and I told the technician that I caught someone stealing my bandwidth and I wanted something done about it. The technician thought that I was some kind of nut job or something, he even stated several times to me "Sir you are mistaken, there is no such thing as Bandwidth Pirating and nobody is stealing your bandwidth"

I said, "Look here my friend, are you a certified technician?" He replied "No, I had some schooling and passed a course as a computer repair man, but I never was certified or anything" I said "I graduated top of my class in a Microsoft Certified Systems Administrator course at a Microsoft Certified College and I do know what I am talking about"

Then I said "Is there a Network Administrator there or someone in charge that I can speak with?" to which he replied "No sir but I can help you" Now I have always loved people and went out of my way to be polite and kind to others, therefore I was trying to be considerate since I obviously had more training in computer networking and security.

Like I was saying, I am not ordinarily a rude person and I did not mean to sound rude, but now that I look back at my response I guess it was a little harsh. When he said "No sir but I can help you" I replied without hesitation "Apparently not!" then after a brief pause I went on to explain to him how I knew that someone was stealing my bandwidth. I said "When I first had your service installed my high-speed Internet was great, in fact I was able to download a song in sixteen seconds."

I went on to say "Since my Internet service has been getting slower and slower to the point that I can't hardly even load a web page to check my email, I decided to download that same song again, because I remembered my friend bragging to everyone a while back about my service being so fast that he and I was able to download that song in just sixteen seconds"

He replied "O.K. I am listening" so I said "Well, this time, in fact just a few minutes ago, the exact same song took over five minutes to download!" I know what you must have been thinking as you read that statement just now, and yes my friends you read me right, downloading a song that used to only take sixteen seconds now was taking over five minutes to download.

The employee was quick to blame it on a bad cable, or a bad connection, and after about twenty minutes of him giving me the run around and more or less telling me that I was crazy and there was nobody stealing my bandwidth, I finally reached my boiling point and said "Look buddy, I am tired of you calling me a liar, are you at your computer right now?"

He said "Yes sir I am at my terminal right now" so I gave him a few commands to type in at the command prompt and a few seconds later he shrieked out in horror and said "Oh my God, you are right, I see him right now, he is connected to your account and taking almost all of your bandwidth!" Then he pauses and says "What should I do?" to which I replied "I don't know but you had better do something, I am tired of paying all of this money every month for someone else to use my bandwidth!"

This is a true story my friends, word for word, and as a matter of fact I still have a printed copy of that information that I retrieved and printed out which shows the IP Address, and all of the information that I gathered on this individual that day, including his actual name. I may even attach a copy of it to the end of this book so that you can see how to go about catching someone if this ever happens to you. Of course I will have to black his name out to prevent being sued.

I do not know yet if I will add a copy of it to the end of this book or not, however if you do not believe me, that is quite alright, I understand, because one of my best friends that was sitting here that night in a chair right beside me did not believe me either, especially when I told him who it was that was stealing my bandwidth. Now I debated telling you this story, but finally came to the conclusion the story needed to be told so you realize just how serious of a situation this is.

When I told him that it was one of the instructors from my college, he laughed and said "You need to get some sleep" and I said "What you don't believe me?" to which he replied "Look man, you are the most honest person that I have ever met in my life (he used to say that I was honest to a fault, now there's one I don't remember reading in the bible) but you need to rest your neck, we have been on the Internet for about six hours straight and you are losing your mind! I think that you need to take a break from your computer for a while.... hell your on it all of the time!"

I simply laughed at him and said in a calm voice "O.K. look, you sat here and watched me do a reverse IP, and I even showed you the IP Address of the person that is stealing my bandwidth, you seen the software that I used to bring the information up!"

He replied "Oh yeah I know, don't get me wrong, I do know that you are right about someone stealing your bandwidth, I did not even know that it was possible until now, and yes I do know that was the persons IP Address, I watched you catch him and print the information out on your printer, but come on Wayne, it is not one of your instructors from the college that you graduated from, give me a break!"

I handed him the paper that I printed which had all of the information that he watched me gather on this individual and told him to look at the name of the person. He said "I know, I seen the name come up on the Internet as the owner of that web address, but it's not your instructor, you had one too many beers!" as he laughed.

I told him to go over to my certificates on the wall and compare that name to the names of the instructors on my certificates (I have about seven or eight hanging on my wall) and after checking the first five he started laughing and said "See, I told you dummy, no more beer for you!" I said 'Wait, look at the other two certificates" and he was not going to at first, he started walking away saying "give it up, you were wrong!"

However I can be quite insistent, so he went back and compared the name of the person we caught stealing my bandwidth to the names of the instructors on my last two certificates (my Diplomas) and said "Holy crap, you are telling the truth, I thought you were pulling my leg!"

I apologize for that long story, but it is imperative that you understand just how serious this situation with the Internet is and even more important that you realize how far people will go to get into your computer, even people who you may know and trust. Let's move on to the rest of these now shall we. By the way, it had nothing to do with that college, he was doing this from his home computer, and he was re-selling my bandwidth to other users.

#  Chapter Four

## Secure and Optimize Service Settings

Welcome back, in this section we are going to start optimizing and securing your computer to make it faster, and safer. We will begin by right clicking the "My Computer" icon on the desktop and then click "Manage" this will open the "Computer Management" window that is one of my favorite menus because from this one window you can do pretty much anything that you need to do in terms of ordinary use. You can also click 'Start" and type " compmgmt.msc" in the search or run box.

You should be logged in with an account that has administrative privileges to be able to make some of the changes that I show in this book. On the left side of the menu near the bottom you will see the "Services and Applications" menu item, click on the little plus to the left of it to expand it and drop down more choices or you can just double click on it to expand it.

Now on the left just below where we were, click once on "Services" and that allows the services screen to load in the middle pane to the right. Here you will change many items in order to make your computer more secure, and improve performance.

I have included a handy "Walk Through Services List" that you will see below for those of you who are on a stand-alone computer, one that you own and nobody else, and most important of all, one that you do not want to share with other computers online.

These settings are how mine are setup and configured, they are set for maximum security, maximum performance and efficiency. I can still access the Internet with the high-speed router provided by my Internet Service Provider, and people visiting me that wish to go online and surf the Internet on their laptops or mobile devices (cell phones, tablets, etc....) can use my high-speed Internet as well, even though I have not created or joined any networks, or home groups.

That is the beauty of it all, people can still access the Internet through my wireless router, which is safe and more secure than creating a Homegroup or Network to give them access, which means since I personally have no need for any of the network services, I am able to maximize security on my local computer and make it way more secure not to mention much, much faster, both my computer and my Internet speed, by disabling a bunch of network services and related settings.

What if you want to transfer a file or two from your laptop to your personal home computer? No problem, you can do it using blue tooth, or the way I prefer to do it is with a portable USB flash drive. Some people even still use a CD/DVD.

The point is this, these settings are a better and safer way to set up your computer rather than open a bunch of network services and resources that not only cripple your computer and its Internet speed (bandwidth) but also create a huge set of security risks by enabling the severe security risks that I have shown you in this book.

In case you do not know how to let your friends connect to the Internet through the high-speed router provided by your service provider, I will tell you. This is a simple solution that is not only more secure for you, but for them as well, and helps to protect you from hackers, identity thieves, and even helps strengthen your protection from ransomware and viruses.

When people visiting me want to go online I just give them the access code or password on my internet Service Providers Cable/DSL high-speed router/modem, which is usually printed on the side of the router, or somewhere else like on the back or bottom of it, if nothing else it can be found in the settings of the router itself.

This lets them surf the Internet through a secure router provided by my Internet Service Provider, rather than routing them through my computer using a network or home group, which would leave me vulnerable to hackers. When nobody in my house is using it I go into the router settings and disable wireless all together. You do that by typing the router address in your browsers address bar, such as 192.168.1.255 or whatever it is.

So, if you do want to set your computer up like mine and have a much faster computer, much faster Internet, since all of those network services are disabled and not using up all of your bandwidth and resources, then you can follow along in these procedures that I am about to walk you through in the pages ahead.

The walk through chart that I included for you below shows you what I have my services set at (disabled, manual, or automatic) as well as giving you a brief explanation about some of the services and important tips.

At the end of the following chart I continue where we left off giving you step-by-step illustrations and instructions on setting not only these services but some that are way more important yet, so lets get started.

In the list below which starts on the next page, you will see my settings for the services that I have set on my computer and everything works great, even the Internet, so if you want to duplicate my settings you can use this as a guide, however please make a backup of any and all documents and files that are important to you, including any software that you may have purchased online, which you should always do anyway, and most importantly create a restore point so that you can revert back to your previous settings if something goes wrong.

Application Layer Gateway Service

This service I have set to _disabled_ but you can set it to manual if you want to play it safe. If set to manual it will not run and waste resources unless you start it manually or a program that you run needs it, the program that needs it will start it.

I have it " _Disabled_ "

Background Intelligent Transfer Service

Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on B.I.T.S., such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.

I have it disabled but to be safe you can set it to " _manual_ " that way if a program on your computer needs it your computer can start it

I have it " _Disabled_ "

BranchCache

This service caches network content from peers on the local subnet. Notice the word "Peers" it is a red flag to me, because I have no "Peers" or other people connected to my computer and do not want them to.

I have it " _Disabled_ "

Certificate Propagation

Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play mini driver.

I have it " _Disabled_ "

COM+ Event System

I have it set to ' _Manual_ "

No sense in me typing it all out, you can read it on your screen, but I have it and the one below it set to " _Manual_ "

COM+ System Application

Manages the configuration and tracking of Component Object Model (COM)+based components. If the service is stopped, most COM+based components will not function properly.

I have set to " _Manual_ "

Computer Browser

Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. Read the above one more time and pay real close attention to what it says. Do you want anyone having your computers network address, which is like saying "Here I am come on in folks!" and likewise do you want that list shared or "Supplied" to other computers or networks. Its like having a keg party and telling people who tell other people and before you know it your house is trashed.

I have it " _Disabled_ "

Credential Manager

Provides secure storage and retrieval of credentials to users, applications and security service packages.

I have it " _Disabled_ "

Distributed Link Tracking Client

Maintains links between NTFS files within a computer or across computers in a network.

I have it " _Disabled_ "

Distributed Transaction Coordinator

Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail.

I have it " _Disabled_ "

Extensible Authentication Protocol

The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (API s) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.

I have it " _Disabled_ "

Fax

Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.

Notice that it says the word "network" in the description, I always tend to disable anything using the network if at all possible. If you do not need to send faxes then I would disable it, besides I use some of the free fax services on the Internet. Google the words "Free fax"

I have it " _Disabled_ "

Function Discovery Provider Host

The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.

Notice that it says network discovery. I have this disabled and my Internet works fine and my wireless devices use my cable modem and work just fine!

I have it " _Disabled_ "

Function Discovery Resource Publication

Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.

I have this one disabled too! Notice that it says "If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network" Good, I do not want to be discovered by other computers or vise versa.

I have it " _Disabled_ "

HomeGroup Listener

Makes local computer changes associated with configuration and maintenance of the HomeGroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a HomeGroup and your HomeGroup might not work properly. It is recommended that you keep this service running.

I have it disabled, my Internet works fine and my wireless devices use my cable modem and they work too!

I have it " _Disabled_ "

HomeGroup Provider

Performs networking tasks associated with configuration and maintenance of HomeGroups. If this service is stopped or disabled, your computer will be unable to detect other HomeGroups and your HomeGroup might not work properly.

I have it " _Disabled_ "

IKE and AuthIP IPsec Keying Modules

This is a long description, you can read it on your screen, notice that it says "Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers" Good I do not want to connect with peer computers

I have this disabled and my Internet and wireless devices work fine.

I have it " _Disabled_ "

Internet Connection Sharing (ICS)

Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

If you look at the top where it has the service name you will notice that it says "SharedAccess" again this is what we are trying to avoid, we do not want to share our access with anyone. If however you do have another computer in your home that needs to use this setting, for instance if you want two or more computers to share one Internet connection so that both can go online. Remember that if that other computer is a laptop it can go online through your Internet router provided by your Internet Service Provider, if it has wireless capability, and then it is safer, because you do not have to use your computer as the gateway and enable home networks and so forth.

I have it disabled and like I said my Internet works fine and so do my wireless devices.

I have it " _Disabled_ "

IP Helper

Provides Tunnel Connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.

Notice that is says in the description that it provides "Tunnel Connectivity", I always stay away from anything that uses Tunnel Connectivity as well as IPv6

Again, I have it disabled and I have no problem with the Internet, in fact, it is faster.

I have it " _Disabled_ "

IPsec Policy Agent

Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "NetSh IPsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.

I definitely have this one disabled. If you read the description carefully you will notice some red flags like "network-level peer authentication" we do not want to network with peer computers, and "netsh IPsec" any time you see the word "netsh" which stands for net share that should be a red flag, unless of course you want to share your computer with people, just remember to weigh the options carefully. How bad do you want to let the person that you are considering sharing your computer with in your computer? Is it worth opening a connection that hackers can take advantage of?

I have it disabled, and my Internet and wireless work fine.

I have it " _Disabled_ "

KtmRm for Distributed Transaction Coordinator

Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.

Notice that in the description even Microsoft says to disable it. Notice that it says "If it is not needed, it is recommended that this service remain stopped"

I have it " _Disabled_ "

Link-Layer Topology Discovery Mapper

Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.

We do not want a Network Map that will show other computers and/or hackers where we are or that we even exist for that matter. If they can't see you then they can't hack you!

I have it " _Disabled_ "

Media Center Extender Service

Allows Media Center Extenders to locate and connect to the computer.

I definitely have this one disabled. I do not want any service or application to quote 'Locate and connect" to my computer. Keep in mind that they probably had good intentions when they created this service, but I see it as a severe security risk.

I have it " _Disabled_ "

Microsoft iSCSI Initiator Service

Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.

I have this one disabled for sure. The first line of the description says it all. I do not want to allow my hard drive to be accessed remotely. iSCSI is a way of connecting storage devices over a network using TCP/IP. It can be used over a local area network (LAN), a Wide Area Network (WAN), or the Internet.

I definitely have this service disabled.

I have it " _Disabled_ "

Net.Msmq Listener Adapter

Receives activation requests over the net.msmq and msmq.formatname protocols and passes them to the Windows Process Activation Service.

I have this set to disabled as well, in my opinion it is a security risk

I have it " _Disabled_ "

Net.Pipe Listener Adapter

Receives activation requests over the net.pipe protocol and passes them to the Windows Process Activation Service.

I have this set to disabled as well, in my opinion it is a security risk

I have it " _Disabled_ "

Net.Tcp Listener Adapter

Receives activation requests over the Net.Tcp protocol and passes them to the Windows Process Activation Service.

I have this set to disabled as well, in my opinion it is a security risk

I have it " _Disabled_ "

Net.Tcp Port Sharing Service

Provides ability to share TCP ports over the Net.Tcp protocol.

I have this set to disabled as well, in my opinion it is a security risk

I have it " _Disabled_ "

NetLogon

Maintains a secure channel between this computer and the Domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the Domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.

believe this or not I also have this disabled and my Internet works fine and as I said my wireless devices work fine to, because they access the Internet through my Cable/DSL Modem. I will show you how to set that up later on in this book, it is really simple, and safer than using your computer as a network just to let them access the Internet through your computer, which leaves you open for attacks from hackers.

I have it " _Disabled_ "

Network Access Protection Agent

The Network Access Protection (NAP) Agent service collects and manages health information for client computers on a network. Information collected by NAP Agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer.

Notice that it says "collects and manages health information for client computers on a network" again we do not want any program, whether it is a Microsoft service or some other program to be collecting any of our information, and sine we are not in any kind of network at all we do not need this.

I have it " _Disabled_ "

Network Connections

Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and Remote Connections.

I have it disabled, and my Internet and wireless work fine.

I have it " _Disabled_ "

Network List Service

Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.

We do not want any part of this network list because we do not want other computers to even know that we exist, thus keeping us safe from hackers.

I have it " _Disabled_ "

Network Location Awareness

Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

I have this disabled too! We do not want other computers to even know that we exist, thus keeping us safe from hackers.

I have it " _Disabled_ "

Network Store Interface Service

Important! Leave this on Automatic, you want this one running or you will not have Internet service at all.

I have this one set to " _Automatic_ "

Offline Files

When you create a shared folder, offline availability is enabled by default, which means that secure folders can be stored offline on potentially non-secure computers. For increased security, do not allow users to store files offline.

All files and programs that users open from the share are automatically available offline. Whenever a user accesses the shared folder or volume and opens a file or program in it, that file or program will be automatically made available offline to that user. Files and programs that are automatically made available offline will remain in the Offline Files cache and synchronize with the version on the server until the cache is full or the user deletes the files. Files and programs that are not opened are not available offline

I have this disabled as well. I see it as a security risk, and as I will show you later on in this book if it is running it will slow your computer down, and your Internet connection as well.

I have it " _Disabled_ "

Parental Controls

This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only.

I have this disabled as well. If you do want to use the parental controls in your browser to limit what your kids can see and or do when they are online then enable this.

I have it " _Disabled_ "

Peer Name Resolution Protocol

Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some Peer-to-Peer and collaborative applications, such as Remote Assistance, may not function.

We do not want Peer-to-Peer!

I have it " _Disabled_ "

Peer Networking Grouping

Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function.

We do not want Peer-to-Peer!

I have it " _Disabled_ "

Peer Networking Identity Manager

Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly.

I love it! This is definitely set to "Disabled" on my computer, look what the description says about if we have it disabled. Exactly what we want, even HomeGroup and Remote Assistance will not run. Good!

I have it " _Disabled_ "

Performance Counter DLL Host

Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLL's. If this service is stopped, only Local Users and 32-bit processes will be able to query performance counters provided by 32-bit DLL's.

See the beginning of the description it says "Enables remote users' why would I want a remote user, meaning someone on the Internet, or even a neighbor close by, to be able to get information about my computer. I have this disabled. The beauty of this one is that it says " If this service is stopped, only Local Users and 32-bit processes will be able to query performance counters provided by 32-bit DLL's" that is exactly what we want! Local by the way is you, your computer.

I have it " _Disabled_ "

Performance Logs & Alerts

Performance Logs and Alerts collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.

Notice that it says it 'collects performance data from local or remote computers " again there is a red flag in my opinion, anytime that I see the words remote, Peer-to-Peer, VPN, tunnel, and so forth, those are all red flags to me!

I have it " _Disabled_ "

Pnpx IP Bus Enumerator

The Pnpx bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All Pnpx based scenarios will stop functioning.

I have it " _Disabled_ "

PNRP Machine Name Publication Service

This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer'

Disabled on my computer. Red flags include the words "Peer name" and the big security risk "netsh" and another security risk "p2p pnrp peer"

I have it " _Disabled_ "

Portable Device Enumerator Service

Enforces Group Policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.

I have this set to disabled but you can set it to manual if you want. When you set a service to manual that keeps it from starting automatically when windows starts, but allows it to start if a program needs it in order to run.

I have it " _Disabled_ "

Print Spooler

Loads files to memory for later printing

If you do not have a printer then I would disable this, it will make your computer much faster and besides that, in the days of the past a user could plug a special cable in to the printer port and then into another computer to transfer files and/or log on to another computer. The printer port does a lot more than print.

I have it " _Disabled_ "

Remote Access Auto-Connection Manager

Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.

I have it " _Disabled_ "

Remote Access Connection Manager

Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.

I have it " _Disabled_ "

Remote Desktop Configuration

Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require System context. These include per-session temporary folders, RD themes, and RD certificates.

I have this one disabled as well, I do not want anyone from another computer logging on to my desktop (my computer) ever!

I have it " _Disabled_ "

Remote Desktop Services

Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the check-boxes on the Remote tab of the System properties Control Panel item.

I have it " _Disabled_ "

Remote Desktop Services UserMode Port Redirector

Allows the redirection of Printers/Drives/Ports for RDP connections

Remember what I just said about printers? Definitely disable this!

I have it " _Disabled_ "

Remote Procedure Call (RPC)

Warning! Do not ever disable this, leave it on "Automatic"

I have this set to " _Automatic_ "

Remote Procedure Call (RPC) Locator

In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.

I have it " _Disabled_ "

Remote Registry

Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

Warning! This is the "Remote Registry" service that I have been warning you about all through this book. You do not want to let anyone ever modify your registry settings, especially someone from a remote location such as the Internet. This is a severe security risk! Always disable this setting. Microsoft did have a legitimate purpose for this setting, it was so that a Network Administrator could fix a computer from a remote location and/or modify important settings, but you should never need it enabled and it is a huge security risk!

I have it " _Disabled_ "

Routing and Remote Access

Offers routing services to businesses in local area and Wide Area Network environments.

This is a big security risk as well, Microsoft usually sets it to disabled too!

I have it " _Disabled_ "

Secondary Logon

Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

I have always set this to "disabled" for many years and never had a problem, you do not want to let a second person log on to your computer. If you enable this then someone from the Internet or a network can logon.

I have it " _Disabled_ "

Secure Socket Tunneling Protocol Service

Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.

See the red flags here? The word "tunneling" as well as the term "connect to remote computers using VPN" and notice that it says if you have this service disabled "users will not be able to use SSTP to access remote servers" another red flag those words "Remote Servers"

I have it " _Disabled_ "

Server

Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

IMPORTANT!

Do you remember that I said there was a way to stop those shared hard drives and the other shared resources earlier in this book? Well this is it! You are probably not running any kind of network that needs a server running. A server is basically a master computer that serves files and/or some other useful function and shares that data with one or more computers.

If you disable this your computer will be much faster, and even of greater importance, much more secure, and on top of that, when you disable this service those shares that we looked at earlier in this book that I said would start again when you reboot your computer, well now they won't if you disabled this setting. Even better yet, remember that one that we could not stop no matter what? If you disable this setting it will never start again either!

I have it " _Disabled_ "

Smart Card

Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.

I have this service disabled. If you are not using a smart card on your computer you can safely disable it as well.

I have it " _Disabled_ "

Smart Card Removal Policy

Same as above.

I have it " _Disabled_ "

SNMP Trap

Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.

I consider this a security risk as well!

I have it " _Disabled_ "

SSDP Discovery

Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.

I have this service disabled, even Microsoft says that this service is a security risk.

I have it " _Disabled_ "

Superfetch

Maintains and improves system performance over time.

I have this setting disabled. I have left it running for months and never noticed a significant difference, however if you disable it now, you will notice quite a boost in system performance. Why let it run in hopes of better performance down the road when you can disable it and have better performance now!

I have it " _Disabled_ "

Tablet PC Input Service

Enables Tablet PC pen and ink functionality

I have a desktop computer and do not connect any type of device that needs these functions.

I have it disabled, you can set it to manual if you think you may need it, that way it will not start as soon as you turn on your computer and waste resources, but it will start if another program or application needs it.

I have it " _Disabled_ "

TCP/IP NetBIOS Helper

Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Do you see the red flags in that description? One of the flags in my opinion is "clients on the network" but the biggest ones are these "enabling users to share files, print, and log on to the network"

Since we do not want to connect to any other computers or resources, and we definitely do not want to share files, printers, or anything else for that matter, if you do not need any of these services then disabling this will greatly increase not only the performance of you computer and Internet, but will greatly improve security as well.

I have it " _Disabled_ "

Telephony

Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.

I have this service disabled and mt Internet works fine.

I have it " _Disabled_ "

UPnP Device Host

Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.

This is a huge security risk! Disable this unless you need it.

I have it " _Disabled_ "

WebClient

Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.

I have it " _Disabled_ "

Windows Biometric Service

The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.

I have it " _Disabled_ "

Windows Connect Now - Config Registrar

WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started pro grammatically as needed.

I have this setting disabled and everything works just fine, my Internet, also my wireless devices. The reason that I do not need this running, and by the way these services open access to your computer for instance to make your computer a sort of gateway that the wireless devices and so forth can travel through to use your Internet connection, but that also creates a huge security risk for you. Like I was saying, the reason that I do not need any of these services is because when people visiting me wants to go online I just give them the access code on my internet Service Providers Cable/DSL Router and it lets them surf the Internet through a secure router provided by my Internet provider, rather than routing them through my computer which would leave me vulnerable to hackers.

I have it " _Disabled_ "

Windows Defender

Protection against spyware and potentially unwanted software

I have this disabled. When I have used it in the past, as far as I know it never even once found a virus and when I did get one it did not help at all. You are better off disabling it and using a well known antivirus program such as I recommend at the end of this book in the Software I Recommend section.

I have it " _Disabled_ "

Windows Error Reporting Service

Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.

If your computer has ever suffered some kind of error, then you probably noticed that a message box popped up and asked if you wanted to send Microsoft a copy of this error report. This is not only a major pain in the rear of my computer, but a waste of time as well. It is also a waste of Internet resources too, and besides that, what good does it do to send the report to them when they do not even contact you and tell you how to fix the problem.

I have it " _Disabled_ "

Windows Event Collector

This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.

Did you notice the words "remote sources" in the description above?

I have it " _Disabled_ "

Windows Firewall

Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

Leave this on unless you do as I do. I prefer to use a more robust firewall such as ZoneAlarm, for many reasons. ZoneAlarm lets me know when a program or service is trying to send anything out of my computer to the Internet, and that is a big deal because if somebody has installed a key-logger in your computer, after it collects your password, credit card numbers, and so forth from your keyboards keystrokes, it send that information through the Internet to the hacker. However with ZoneAlarm you will be notified when this happens and can even inspect the files and see who it is going to. Don't get me wrong, Windows Firewall is good, but no where near as good as ZoneAlarm or some of the other firewall software out there!

I have This setting disabled because I have ZoneAlarm installed. If you have not installed another firewall program then do not disable this service!

I have it " _Disabled_ "

Windows Image Acquisition (WIA)

Provides image acquisition services for scanners and cameras

I have this service disabled. If you do not have a scanner or a camera that you hook up to your computer disabling this setting will free some resources.

I have it " _Disabled_ "

Windows Media Center Receiver Service

Windows Media Center Service for T.V. and FM broadcast reception

I have this disabled. You can enable it if you think that you will need it.

I have it " _Disabled_ "

Windows Media Center Scheduler Service

Starts and stops recording of T.V. programs within Windows Media Center

I have this disabled. You can enable it if you think that you will need it.

I have it " _Disabled_ "

Windows Media Player Network Service

Disable this too, unless you want people to access your music and perhaps your computer as well

I have it " _Disabled_ "

Windows Presentation Foundation Font Cache 3.0.0.0

Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.

I have this disabled. You can enable it if you think that you will need it.

I have it " _Disabled_ "

Windows Remote Management (WS-Management)

Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management...

This is a long description so no need for me to type it all when you can read it on your computer screen. I personally feel that this is a security risk, and like I said, as you read that long description look for the red flags "so to speak"

I have it " _Disabled_ "

Windows Search

Provides content indexing, property caching, and search results for files, email, and other content.

You can use this if you like, and by the way I mean no disrespect to Microsoft, the search in windows is a good addition to Windows, however the searches take way too long. I found a program that I swear by, even though I have two hard drives with six partitions, this search program that I use searches all off my hard drives, the entire computer and displays results immediately. Once you use it you will probably disable Windows search as I have done.

I have this service disabled because I use Glarysoft QuickSearch.

I have it " _Disabled_ "

Windows Time

Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

This is not the system clock that you see in the taskbar, it is a security risk if you do not log on to any other computers. What it does is synchronize the time of both your computer and the remote computer because if they do not have the same time they will not be able to log on to each other.

I have it " _Disabled_ "

Windows Update

Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.

I have this service disabled, that way it is not constantly running in the background and using a huge amount of not only my computer resources, but my Internet speed as well. This way I have the full performance of my computer and Internet all of the time, and then when I want to do a Windows Update at least I can do it at a time when I am not busy and can expect it to slow my resources down during the update.

I have it " _Disabled_ "

WinHTTP Web Proxy Auto Discovery Service

WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto Discovery (WPAD) protocol.

I have it " _Disabled_ "

Wired AutoConfig

The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.

I have this service disabled. My Network Card in the back of my computer connects to my Internet providers high-speed Cable/DSL modem. I do not use my computer as a router and/or gateway so that people can go on the Internet with their laptops or mobile phones when they visit me. I simply give them the Wi-Fi Password that is usually printed on the side of the high-speed router. By doing it this way my computer is secure, I do not have to use Internet Connection Sharing and HomeGroups or any of the other services that open my computer up allowing hackers the opportunity to strike. Besides, my internet Service Providers router is much more secure!

I have it " _Disabled_ "

WLAN AutoConfig

The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software Access Point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter.

Same as above. I have this setting disabled.

I have it " _Disabled_ "

Workstation

Creates and maintains client Network Connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

I have this service disabled! Here is the beauty of it all, I still have high-speed Internet, I can still access the Internet with not only my, but my friends mobile phones and laptops as well, and I have been able to disable about fifty-five services that were not only a huge resource drain on my computer and Internet, but even more importantly, many of them were huge security risks that could allow hackers in to my computer to steal my identity, wreak havoc on my computer, or worse!

I have it " _Disabled_ "

WWAN AutoConfig

This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices.

I have it " _Disabled_ "

WARNING! This service can be, and more than likely is a huge security risk! I am not as proficient with cell phones as I am with computers but my next door neighbor told me that he can ask to borrow someones phone to make a call, and rather than make a call, he downloads an app from the Internet on their phone in just a few seconds. he said that after giving them the phone back he can now access anything and everything on their cell phone. But that is not all, these cell phones can actually log on to your computer as well through this service that we are on right now, and then they can wreak havoc!

If you do not plan on accessing your computer with your cell phone, be smart and disable this service!

I have it " _Disabled_ "
Welcome back! In this section I will show you a few more services, tell you what my personal opinion is on that particular service, tell you whether I have it disabled, set to manual, or some other setting, and explain to you why.

There is one more service that is worth mentioning, it is the "Microsoft iSCSI Initiator Service" according to Microsoft it Manages Internet SCSI (iSCSI) sessions from your computer to remote iSCSI target devices. There is that bad word again, we just can not seem to get around it "Remote" man I hate that word, after all, it means someone from another computer or device logging on to your computer! That gives me plenty of room for pause.

By the way, if you change a bunch of settings and then later realize that your Internet is no longer working, check these two services and make sure that they are running; "Network Store Interface Service", and the "Base Filtering Engine" you might also want to make sure DHCP and DNS are running as well.

There is definitely one service that you do not want to change, and that is "Remote Procedure Call (RPC)"

Warning! Do **not** ever disable this, leave it on " _Automatic_ " I have this set to Automatic. See image below

If you used the Services Chart above and are confident that you do not need to make any more changes in the services settings you can advance to the next section on Local Security Policies, all though you probably should read this little bit that is left before we advance to the next section because there are a couple things that you do not know about yet, which I explain in detail.

Before I showed you the Services Chart we were making adjustments to some important Security Options in the Service portion of Windows. In case you forgot how to get to these settings I will walk you through the process of opening and changing the settings that were not covered yet.

Please do me a favor, as well as yourself and make a restore point so that if anything goes wrong and you are not satisfied with the changes that you made you will be able to run "System Restore" and revert your system back to its previous settings.

Start by right clicking the "My Computer" icon on your desktop, and select "Manage" this will take you to a menu. On the left side of the menu almost at the bottom you will see the choices on the left side of the menu labeled "Services and Applications" and when you double click it a sub menu item that we want to click on labeled "Services" can be seen (see the image below)

You can also click "Start" then type "compmgmt.msc" in the search or run box, then you can double click on "Services" as seen highlighted in blue above and then you will see this screen as seen below or in most versions of Windows, including Windows 10 type "Services.msc" from run/start or search menu.

You probably already set the options for the service highlighted in blue-labeled "Application Layer Gateway Service" since we covered it in the previous section, so scroll on down to the service labeled "Network List Service".

The description of the service says that it "Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change" First of all if you are not on a network, and you do want to keep your computer safe from identity theft as well as many other things, then this is one of the settings that you will probably want to disable.

Let me assure you that as I type this book I have all of the settings that I recommend you use in this book set to whatever settings I have recommended and I will say which setting that I am using as I go along in this book.

That being said, my Internet works just fine and in fact is way faster than it was when these services were running, not to mention how much faster my computer is now that these settings have been disabled, or in some cases I may have you set some to 'Manual".

Another networking service that I always disable is "BranchCache" which according to Microsoft caches network content from peers on the local sub net. If you do not want to let other people log on to your computer and access your files, then disable this service.

If however you do want to share your pictures or music files with other people on another computer or network, then some of these services and components may need to be running, but if you are like me and you do not want anyone on your computer other than friends, people visiting you, or living in your house then I strongly suggest that you disable all other instances of BranchCache as well.

To speed things up for you, now that I have shown you how to change the settings, I will just tell you about a few more important settings, and then we can move on to the next section. If a service you see on your computer is not listed here then it is either one that we have covered in this book already, or one that you should not change.

Besides the "Network List Service" mentioned above, the equally important service below it titled "Network Location Awareness" is also a huge security risk, disable them both if you do not want to connect to other computers and do not want them to be able to connect to your computer.

The Network Location Awareness service description tells us that this service collects and stores configuration information for the network and notifies programs when this information is modified. If you do not allow your computer to collect this sensitive information then it can't rat you out to attackers and give them your sensitive information in the first place.

Notice that this description also says that this service "Notifies programs when this information is modified", this can be a double-edged sword. Lets say that you find out an attacker is trying to gain access to your computer so you change a setting such as your IP Address or computer name to thwart the attack and hide your connection from them so that they can't see your connection anymore or attack you again.

That is a great idea, but keep in mind what we just read, this service "Notifies programs when this information is modified" so again your own computer is ratting you out and telling them what changes you have made, so why even make the changes at all.

Disable any services that you do not want collecting information about you and your computer and you do not want to be shared with hackers or would be identity thieves. I have both of these disabled and my Internet works just fine.

Next service of importance is "Offline Files" and my personal feeling on this is that I do not want anyone to be able to log on to my computer, much less be able to save my files and information to their computer for later use. When you create a shared folder, offline availability is enabled by default, which means that secure folders can be stored offline on potentially non-secure computers. For increased security, do not allow users to store files offline

Not only that, but if you have this setting enabled it wastes valuable computer resources because it can be set in other configurations and settings that I am going to show you soon, to let the computer save your files to another users computer every time that you log on to the Internet.

This is what is known as to "Synchronize" files and folders, and you can use it if you like, but I have it disabled. It synchronizes files when you log on to, or off of, the Internet or another network. It has other settings that not only seriously slow down your Internet speed but your computers performance and security as well.

Here are a couple more that I have disabled, keep in mind that Peer-to-Peer connections are dangerous and if you do not want other computers connected to your computer they are a huge security risk. If you want to use a program like UTorrent it will still work with these services disabled.

These two services that I am speaking of are "Peer Name Resolution Protocol" for one, and the other one is "Peer Networking Grouping" and I have them both disabled. If you do not see some of the services that I speak about in this book then odds are your version of windows did not come with that particular service setting.

You may notice that this service description mentions the "Homegroup" service and I am glad that they brought that up because this is a huge tip that I am about to give you, one that is going to speed up your Internet service and free up a bunch of resources on your computer making it unbelievably faster and more responsive, but most important of all it will be much more secure.

This configuration is one that I have tested myself and my Internet is much faster and more secure than it used to be before I made the changes that I am about to show you. However before you make a decision as to whether or not to disable these settings such as I have done, you must carefully weigh your options.

Again, if you do not want anyone at all to access your computer then disabling these next services that I will mention here in a second are a huge security gain in my opinion, you may be hesitant at first but hear me out before making a hasty decision.

By default Microsoft has most, if not all, of the home group services and its related programs running and they use a lot of your computers vital resources, and are in my opinion a huge security risk for many reasons.

For instance, everyone knows that these services exist and all hackers know that these services are running even if you do not use them, which gives the hacker an upper hand "so to speak" and by them knowing this, a hacker can exploit these services and do all kinds of damage to your computer.

Here is one of the biggest tips that I am going to give you in this book. I do not, as I have said many times, want to let anyone from anywhere, at anytime connect to my computer, so why should we have these services running in the background that suck up a lot of your resources causing not only your computer to be slower, but your Internet connection as well? They have been enabled by default leaving our computers open for possible attacks.

Now pay close attention, because this one is a beauty that I have not only tried, but have tested as well and it is great. I have a couple of friends and neighbors that visit me from time to time and sometimes they need to check something on the Internet, but I have disabled all Homegroup services and Networking as well. Does this mean that they cannot use my Internet connection (Wi-Fi) to go online with their cell phones or laptop computers? No.

That is right, they can still access the Internet through my high-speed Internet providers modem/router, and the beauty of it all is that my computer is still secure, and in fact more secure than ever. They do not need to access the Internet through my computer using a network, WorkGroup, or the Homegroup settings which if enabled are a security risk.

Using this method not only makes my computer way more secure than using WorkGroups or other alternative network methods, but as I have said before it makes my computer and Internet connection much faster as well.

Yes that is right, you can access the Internet through your Internet providers wireless modem with your own laptop and/or cell phone without setting up a home group connection. I have done this for months and have no problems at all.

That one tip that I just gave you is huge, I mean really huge, so I hope that you like this book and are excited enough to tell all of your friends, family, and coworkers about this awesome one of a kind Security and Performance Manual.

Speaking of huge, this information is really a lot to take in if you are new to a lot of these options that I have been showing you, and if you are pushing yourself too hard and getting tired you could accidentally make a huge mistake, so please if this has been a bit overwhelming for you, take a break.

Here is a tip for you that was given to me by my stepfather and it is a great one that has really worked for me and helped me in many situations, and it applies to all aspects of life. Once when I had been working on my car for about six hours straight I began having problems with a bolt that I needed to take out, it was one of those we love to avoid if at all possible, way back behind the bell housing.

I was tired and I just could not get the bolt out, before long I was doing something that people rarely see me do, because I am usually in a good mood and a positive person, but not then.... I started yelling and cursing, and I finally threw the wrench on the ground.

My dad walked up and happened to see me cursing and throw the wrench, so he said something that I would like for you to remember, I know that it always works for me and someday it may help you as well. He said, "You know what I usually do whenever I can't seem to get something done, or when ever I start feeling a bit overwhelmed.... I take a deep breath and walk away for a little while, you know, go get something to drink or a bite to eat. It always seems to fix the problem!"

Well my much-appreciated reader, I must be honest with you.... I really did not think too much of it, you know how some of us seem to take the advice that our parents give us with a grain of salt, but I did go take a quick break, and about a half hour later when I returned that bolt came right out!

So, if at any time you feel a little intimidated, or if you were able to comprehend this book at first only to find yourself feeling lost now at this point in the book, and you are having trouble comprehending it now, please just walk away and take a nice break, relax and it will help.

You must also remember that these tips and tricks that I am sharing with you took me many years to learn, and you are trying to learn them at a fast pace, so don't be too hard on yourself.

Hold on to your seats because it gets even better and more secure yet, and please remember that if you are on a company computer do not make any changes without talking to your boss and/or the Network Administrator first. Lets move on to what we Networks Administrators refer to as B.I.T.S or "Background Intelligent Transfer Service"

There are a lot of different opinions on this particular setting, but I personally have it disabled and my high-speed Internet works fine, in fact I just downloaded a couple of real big files with no problem at all. However, before you make a decision as to whether or not you are going to disable it there are a couple more settings and options that I would like to tell you about.

I did not tell you about these other settings and options which contain some useful information earlier because I did not want to overwhelm you. However this would be a perfect time to show them to you.

If you right-click "Background Intelligent Transfer Service" and then click "Properties" you will notice one of the tabs labeled "Dependencies" and it will come in handy if you are unsure about how you should set this service. It can help you to make a decision as to whether or not you want to disable it.

You can use this tab to see if any other services or programs depend on this particular service in order for it to run. Some services depend on other services and configurations, and are needed in order for your operating system to run efficiently.

You can look to see if any of the objects listed there are needed to run the service in question, you can also look at the second section that lets you see if there are any components or services that depend on this service. This can help you make that decision we were talking about.

The top section shows you the system components that this particular service depends on, so if for instance you were having problems with this service not running, you could check this section and make note of those components, and then make sure that they are running, because if one or all of them are not, then that is more than likely your problem.

Likewise, if you are trying to decide whether or not you want this service enabled or disabled, simply take a look at the second section (lower menu) and if you see anything in that section at all, it means this service you are trying to make a decision about is needed by anything that you see listed there.

If there is nothing listed in those sections then you can safely disable that service if you do not need it, if there is something listed there ask yourself "Do I need this service?" Lets say for instance that you seen the print service listed there. You now have to decide if that service is important to you and if you want it running.

This is because it depends on the service that you are thinking about disabling, so if you do not have a printer, it would be no problem for you to disable that service, even though you know doing so would cause the print service to stop working.

I think you understand the point that I am trying to make. Now for one more important setting that you might have noticed earlier when we were setting one of these services to automatic, enabled, or disabled. Did you notice the other option on the drop down menu? It is the "Manual" setting.

Suppose that you read the description of the service, checked the dependencies, but you were still having a hard time deciding whether to enable or disable it. This is the perfect time to use the "Manual" setting. If you set it to manual it will not start up every time that you reboot your computer or turn it on, which is a good thing, that means it will not be running in the background and taking up valuable resources. However if it is needed by another process at one point or another, then the operating system will still be able to start it as long as it is set to manual.

Another service that I always disable and also suggest that my customers do so as well is the "Windows Error Reporting Service" which I would almost bet you have seen before. When something glitches or messes up on your computer, that error triggers a message box that pops up asking you if you would like to send Microsoft an error report.

You can enable it if you want to but I always disable it to make my computer run faster, and besides that, many people consider it a breach of their privacy because it sends Microsoft information about you and you computer. It's not like they are going to help you fix the error, it's mainly for their own information.

Here is another huge security risk, in my opinion. Scroll to "Windows Remote Management (WS-Management)" and take a look at the description. It is a long description so I will let you read it, but I always disable any and all remote services of any kind because I do not want someone from the Internet, or some other remote location where a hacker or ID thief may be lurking, to be able to log in to my computer.

Well, I think that we have spent enough time fine tuning our system services, if you have any questions about the rest of the services refer back to the Service chart above, or use windows help. I personally find windows help of very little use, but you can also go to Google and do a search on the service that will find you all kinds of information on anything you want.

Now we are ready to move on to bigger and better things, but before we move on to the next section, I want to be crystal clear about the severity of changing any of the settings in the "Local Security Policy" that you know nothing about.

Please make a restore point before making any changes. Yes, I do realize that I keep repeating myself, but that is only because I need you to know how devastating it could be if you change a setting that locks you out of your own computer, or worse.

#  Chapter Five

## Local Security Policy

Before I go into too much detail, let me show you a few of the things that I consider to be the biggest security threats and we can attend to them now and then move on to the other things. You should be logged in with an account that has administrative privileges to be able to make the changes that I show you in this book.

To get to the Local Security Policy Editor in Windows 10 as well as other versions you can type "secpol" from the start/run or search menu. In Windows 7 if you go to your "Control panel" (click "Start" and then "Control panel") you will see an item labeled "Administrative Tools" (see image below) go ahead and click on it and then on "Local Security Policy" (image below)

Here is a picture showing the image of the Control Panel options, notice that as seen in the above picture (image above) you get to the "Administrative Tools" by opening "Control Panel", then to open the one we are most interested in right now (Local Security Policy) click on the "Administrative Tools" icon and then on "Local Security Policy" or click "Start" then type "secpol.msc" in the search or run box (see image below)

Note here before we begin the importance of this tool. Please do not take off on your own and start tweaking settings that you know nothing about, doing so could render your computer useless and then you would have to reinstall your operating system all over again, meaning that you would loose all of your previous settings.

That my friend is exactly why I would like you to do me this huge favor right now before we actually begin. Please go to System Restore and make a restore point in case something goes wrong, that way all that you would have to do is restore your computer to that exact restore point if something goes wrong and therefore you would not loose any of your settings.

Please also keep in mind that I always make backups of anything that is important to me. Be smart and backup anything and everything that you do not want to loose. You can back it up to a CD, DVD, or USB flash drive and if you have huge files or games that you have installed and do not want to loose, back that stuff up as well.

You can even put a second hard drive in your computer (and some laptops) to back everything up to such as I have done for years now, and that is the fastest way to not only back things up, but to restore them as well. For instance, do you have a game that you paid for online, or an antivirus program? Do you have any music that you paid for and do not want to risk loosing? If so then please back all of it up.

System restore will restore most of it, perhaps all of it, but why take that chance? I personally back everything up to a USB flash drive (thumb drive) or add a second hard drive to my computer to use for all of my backups. Once you have done that, and you are ready to begin, come back here to this part of the book and lets begin locking down your computer and closing those doors that have been left open and allows identity thieves to get in to your computer.

Here we go, you should now be looking at the "Local Security Policy" menu, and what I am going to show you will by itself make this book worth your time and trouble, it will probably even make you angry that these settings have been left open for just about anyone to exploit and steal your identity.

I have had many of my customers ask me after showing them the settings that are left wide open for hackers to exploit and get into their computer why Microsoft would leave such important back doors wide open like this, to which I usually reply "I have no idea, I would like to think that it has something to do with Homeland Security" but to be honest I have no idea why they do leave such important settings wide open leaving you vulnerable to attack.

However that is why you are sitting here right now reading your new Performance and Security Guide, one of the most important books that you have ever laid your hands on, please remember to tell a friend about this awesome step-by-step user guide with easy to follow illustrations. When I show these settings to other people who work on computers it blows them away, a lot of computer technicians do not even know about these settings.

The first setting that I would like you to see is one that to this day haunts me, knowing that these settings are left wide open and could possibly be one of many ways that hackers access so many computers and commit identity theft. Now that you are on the "Local Security Policy" menu, the first setting that you see in the top left corner of the menu is "Security Settings" as seen highlighted in a light blue color in the image below

Click on the item labeled "Local Policies" a couple of rows down from the top left side of the menu and on the right side of the menu you will see three options revealed which should be titled "Audit Policy", "User Rights Assignment", and "Security Options" as seen in the image below

If you prefer, you can also double click on the item labeled "Local Policies" to reveal the sub menu items (drop down list) then the next step in the process is to double click the last item titled "Security Options" and then scroll down about to the middle of the menu until you see a row titled "Network access: Named Pipes that can be accessed anonymously" as seen in the image below

Believe it or not this is just one of many security flaws that I will be showing you in this awesome one of a kind security book allowing you the option to fix this problem that could allow potential hackers to access your computer and give them access to all of your personal and no doubt private information, such as your names, passwords, home address, phone number, credit card number, and so much more.

Just in case you are unfamiliar with the term "anonymous" I will explain to you what the word basically means and why it is such a serious security risk. Anonymous basically means anyone that may wish to access information on your computer whether you know them or not, and this user does not even need to have a username or password to get into your computer! Through this setting they can get in to your computer as an "anonymous" user.

Why would I let someone with no name or password get into my computer (access it) when even I have to have a username and password? I hope for your sake that you are using a password when you log on to (or use) your computer; otherwise this entire book is a terrible waste of both of our time.

You will be happy to know that I will not be telling you to "do this" or "Change this setting" and then moving on to the next section of this book, instead I will do my best to explain what the problem is, what the outcome could be if it is not changed, and show you how to secure your computer by allowing you the option to change the setting.

Like I said, if I have to log on to my own computer with a username and password then you can bet that I expect everyone else to have a username and password as well. We want a username so that we can hold that particular person accountable if something should be done to your computer, such as stolen information or deleted files, and that user could even inject a virus or worm into your file system.

Likewise we want that user to have a unique password that is strong (we will discuss this a little later) for several reasons, one reason is so that the user cannot say, "it was not I! Somebody else must have used my account" and another reason is so that someone else cannot log on to your computer using that users name without having to enter a secure password.

Knowing now how important usernames and passwords are why would you let someone you probably do not even know log in to your computer and access private information about you or your friends, and even your family, without them having to let you know who they are.

That is what anonymous means, and that is a huge security risk that you will more than likely want to do away with immediately, that is why I started with this particular setting first, to give you an idea of how serious these flaws are and explain to you why you need to change this setting (as well as a couple below it)

I bet you are glad that you are reading this book now, I can't begin to tell you how many people that I have shown this security risk to who claim to be good with computers, some of these people that I have shown these settings to are actual PC Repair technicians charging people money to work on their computers and even they had absolutely no idea at all that these serious security holes even exist

Please do not get me wrong, Microsoft does have a legitimate reason for including the "anonymous" user in their software, but unless you are running a game server or some other kind of service that you share with other people, you do not need this Access Point to your computer being left wide open for potential identity thieves, and even if you are running a game server, wouldn't it be smarter to make all users have their own unique username and password so that you at least know who they are and why they have access to your important information?

Even if you are good enough to run a server of your own you probably do still need this book because I have not met one single person to this day that knows about all of these severe security holes in the software that they are using, and then they wonder how someone was able to open a bank account in their name, or how a stranger was able to apply for a credit card and get it in their name.

Getting back to this setting and a couple others below it, I would strongly recommend that you disable the use of any anonymous access to your computer, and since these settings are so sophisticated it leaves me to wonder why Microsoft left such important security holes wide open in the first place. Considering the fact that the average user would never need them, and had they left the settings secure and closed, any user that did need to use these settings would obviously know how to enable them.

However, please do not just take my word for it, lets see what Microsoft suggests we do with this setting. I am going to show you how to get a second opinion on each of these settings, or in case you do not understand what the particular setting is used for, this is a quick trick to find out more information about the setting.

To find out more about each particular setting simply right-click on the title of the setting and click "Properties" and then click on the second tab labeled "Explain" lets do that now on this setting titled "Network access Named Pipes that can be accessed anonymously"

Now after reading the explanation of what the setting is used for, notice at the bottom (or near the bottom but sometimes the default setting will be in the middle or beginning of the menu) you will see that their recommended "Default" setting is "None" which means there should not be anything in the box at all! See the image below

So if the suggested default setting is none, why are there so many settings listed in this menu box? Beats me, but each and every single setting that you see listed there is a severe security risk, so remove them all. Below is a picture of one of the menus after formatting the hard drive and doing a clean installation of Windows these settings were in there even though their own recommendation is "none"

In the image above you can see that there are several entries in the box even though it should be empty (none), then one of the settings below that one we just did as seen in the image below they do show some entries in that default setting titled "Network access: Remotely accessible registry paths and sub paths" which in my opinion is another security risk. Even though they do show some settings in the dialog box, I removed all of them on my computer and have no problems.

Keep in mind as I have said all through this book, do not change any of these settings if you are on a work computer or even one that you use to connect to a computer at work, unless you talk the your boss and/or the Network Administrator first.

Did you see the name of that menu on top of the picture? It is the one that I just mentioned and we are also concerned with, that is "Network access: Remotely accessible registry paths and sub paths" Is it possible that this is how hackers and identity thieves are getting in to peoples computers? Have these settings let people get in to your computer and/or laptop as well? Remotely basically means from a remote location, such as the Internet, or a neighbor next door.

Also note that it says "Registry Path" and you do not want anyone in your registry ever! Your registry is like the most important part of your computer. Think of the registry like your brain, every single transaction that is done is run through the registry first. The registry contains important information about you such as your Windows product key, your name, your machines name, and much more.

To delete all of the items I usually click on the first one, and then hold down the shift key with one finger and as I hold the shift key down I use another finger to press the down arrow which will highlight the settings until you let go of the arrow button and then after releasing both buttons I click on the "Remove" button if there is one, or the quickest way that I use is simply hitting the 'Delete" key on my keyboard, then your screen should show an empty box like the image below

Without going into too much detail, in order to secure your computer and keep out potential hackers looking for the next identity theft victim, make sure that the box is empty, same goes for the next two settings below that one!

Now we will close these windows, we will come back to this section in a little while but first let's do some other important stuff, after all how do you eat an elephant? That's right, one bite at a time. I figure if we close everything out now and take a deep breath all of this will seem less intimidating to you and then when we come back to it later you will not be afraid to finish looking at some of the other settings.

In the next section we are going to set some very important settings in the menu that I first had you open in the beginning of this book, so close everything out, take a quick breather, perhaps get something to drink (non-alcoholic I hope) and when you are ready to continue on please go to the next section of this book.

By the way, if you are still nosing around in the section we were just in then you do so at your own risk, we will come back to this section soon, I just wanted to show you what kind of security flaws were in your computer so that you have an idea of how important this book is. We will come back to this part in the next section, so please wait so we can go through them together, otherwise you could change an important setting and lock yourself out of your own computer, or worse!

#  Chapter Six

## Local Security Policy Continued

We are ready to take a look at our "Local Security Policy" settings and configurations, you can believe me when I say that this is a huge undertaking and has to be dealt with ever so gently. When I was new to all of this many years ago I actually locked myself out of my own computer by changing a setting that I should not have.

That mistake I just confessed to is a big plus for you, because as I thought back to it and realized the steps that I took to fix that error, it dawned on me that you need to be privy to this information before we get to the computer repair section of this book. You should be logged in with an account that has administrative privileges in order to be able to make some of the changes that I show in this book.

I know that your eyes must be screaming "DeJa vu" by now as often as I remind you to create a restore point, and that is mainly because many years ago I was too foolish to make a restore point myself when I dove in to these settings in the Local Security Policy, and yes that is when I locked myself out of my own computer, in some of the same settings that I am going to be showing you.

Should you be nervous then? Of course not! That is the purpose of this whole book, to let other people in on the many years experience that I have which has sharpened my skills and fine-tuned them, not just by my achievements, but the failures that I learned valuable lessons from as well.

So here I was locked out of my own computer, did not make a restore point, so what was I to do? Reinstall windows? Not on your life! Knowing what I know in all aspects of computers, including computer repair and trouble shooting, I simply rebooted and immediately began pressing the F8 key until I came to the Advanced Boot Options window, a menu that gave me the wonderful option to "Restore Computer to Last Known Good Configuration"

That menu option there is one of my all time favorites, I want to personally thank Microsoft for that menu option that has saved me time and time again. That is how I was able to get back in to my computer after accidentally locking myself out, so remember that setting.

There are times that I have downloaded an application or utility and when I clicked on the file to install it there is a quick flash, for a split second you can see a window open real fast with a black DOS screen, which is a DOS window, or some other code opening and closing so fast that you did not have time to read what it did.

Take my advice on this one, if at any time this happens to you, odds are you just clicked on a file that ran a malicious code or installed a virus on your computer, either way, it is a bad deal!

What I always do when that happens without hesitation is immediately shut my computer off, wait about twenty seconds for the memory chips to drain and loose anything in the memory, because if you just reboot the computer the virus is still in the memory and rebooting does not get rid of it.

That is what is referred to as TSR or "Terminate and Stay Resident" so you must shut the computer completely off, wait about twenty seconds and then when you turn the computer back on, and this is very important. Do not let it restart windows, what we want to do is get rid of the virus that the program installed, and the best way to do that is by doing this next step.

As soon as you turn your computer back on start tapping the F8 key repeatedly until the Advanced Boot Options window comes up with my favorite menu option, and one of Microsoft's most magnificent pieces of work, what we techs refer to as the "Last Known Good Config" but on the screen the menu item is actually referred to as "Restore Computer to Last Known Good Configuration".

That will, or should anyway, restore your computer to the last good configuration that windows was in at the last startup. Keep in mind that any changes that you have made in between will be lost, but at least that virus will be gone. That is not good enough, you still want to run an antivirus program immediately, as well as an anti malware program too. In fact I usually run CCleaner first to delete any traces of the file from the hard drive, such as in the temp folder.

By the way, when you are trying to get to the Advanced Boot Options window you must restart your computer and start tapping the F8 key immediately, if you see the windows logo and windows starting to load then you missed it and will have to try again. So before we get started please create a restore point right now, don't mind me, I will just sit here and admire the view, maybe even drink a soda.

Please remember any changes that you make, you do so at your own risk. I will do my best to advise you on what I know about the particular settings that we will be discussing, but only you know about the computer that you are using, and only you know what types of programs and services you use. If you do make changes and did not create a restore point then I cannot be held responsible.

We are ready to check out the next section that we are concerned with known as the "Local Security Policy" it should be in your Control Panel under "Administrative Tools" so go ahead and click "Start", then click "Control Panel" and once in there you want to click "Administrative Tools", and then "Local Security Policy" (see image below)

Double click "Local Security Policy" and a new window will come up on your screen, click one time on "Local Policies" in the left pane and in the right pane you will be able to see the sub menu or other categories. The sub categories which are "Audit Policy", "User Rights Assignment" and "Security Options" which is a very important section, the first one that we are going to discuss is the User Rights Assignment.

I am not going to walk you through all of these, that would be beyond the scope of this book and if you want to learn more about all of these you can take a Microsoft course on the subject matter. I will however point out the ones that are of utmost importance to me, and then you can decide what you want to do with the setting.

I strongly suggest that if you do not fully understand what the purpose of a setting is that you do not change it, it could land you in all kinds of trouble, and once again if the computer that you are on and want to make the changes to is a work computer then please do not make any changes at all unless instructed to do so by the Network Administrator or your boss.

Making changes on a work computer can severely damage the network that your company is a part of, or for that matter bring the entire network to a screeching halt, and believe me you do not want any part of that. Yes I do keep repeating that as well, but that is because it is very important, and to protect myself as well.

Here we go. If you click on "User Rights Assignment" in the pane on the left side of your screen, you will see the different settings in the right pane. Click on "Access this computer from the network" as seen in the image below

Notice there are two rows, one is the Policy and they are usually listed in alphabetical order, the other one is the Security Settings. When you want to make a change to one simply double click it in order to open it and reveal your options.

If you are not sure what the setting is for you can click the tab on the right top labeled "Explain" as seen in the image below

After giving you a short explanation of what this setting is, there will usually be an example showing you the "Default" settings, if you are ever in doubt about a setting leave it alone, do not change anything, I can't say that enough.

If you are going to make any changes, you got it.... "Create a restore point" and even then be very careful. This particular setting is blank, there is nothing in the box and that is a good thing (see image below)

The reason that I said it is a good thing that nothing is listed there is because I do not want anybody to be able to access my computer from any network, at any time. However, if you have a roommate for instance and he wanted to be able to log on to your computer and get some files from you, then you would add that person here.

I usually leave the "Add workstations to Domain" blank as well; it is totally up to you. Pay real close attention to this next one "Allow log on locally" because this is like the setting which I mentioned earlier that I set wrong one day and was completely locked out of my own computer. Actually it was another setting just like it but instead of "Allow log on locally" it is titled "Deny log on locally" which is a setting that we will see in a little while, either way, be real careful because if you deny everyone or users, you might be denying yourself access.

Now might be a good time to tell you to be real careful and read the setting option twice, they can sometimes be a little tricky and cause you to choose the opposite of what you meant to change.

Notice that this particular setting lists two separate default scenarios and they are for different machine settings. Is your machine a stand-alone computer that is not connected to any other computers, or is it a server that connects to other computers used for work or business of some kind?

The first default setting is for "Workstations and Servers" and the recommended default settings are "Administrators, Backup Operators, Power Users, Users, and Guest" I personally remove the Backup Operator always because there is no individual that backs up system files every day since I am the only user.

I also remove the "Guest" setting as well, because I have the Guest account disabled and I do not want a Guest to be able to access any of this. The second default setting is for "Domain Controllers" and the recommended default settings are "Account Operators, Administrators, Backup Operators, and Print Operators"

These also have a couple of settings that I always remove and those are "Print Operators" for one, because I do not have a company printer that I share with others on the network, so there is not an individual to oversee just the Print Server.

The other is "Backup Operators" because I am the only user and there is no person other than myself that does backups. In a networked office with a lot of employees, one person may be a "Backup Operator" and his sole task is to make backups daily so that if there is ever a problem and the servers go down, or a virus destroys data, they will still have that data backed up.

This may be a good time to let you know that if you do have a printer you want to make sure that it is not being shared, otherwise people from the Internet, even your neighbors next door have access to everything that you print, private or not. This can be a thing such as your name and address, telephone number, social security number, income tax information, etc....

Scary isn't it? I bet that most of you reading this right now were shocked, and you very well should be. Did you know that hackers and other people could be watching your every move through your own web cam? They can also record and hear every word you and your family and friends say through your microphone.

Don't believe me? Go ahead and Google it. So I always remove "Print Operators" as well as "Account Operators", and "Backup Operators" and if you have no idea what these settings are for then you obviously do not use them either unless you are on a company (work) computer, if that is the case please do not change any settings at all.

However, there is definitely one group that you do not want to remove and that is the Administrator group, because you are a part of the Administrators group and by denying the Administrator group access, you also deny yourself access as well and can be locked out of your own computer.

Please be very careful when making any changes to the operating system, and yes I have said this time and time again, but if you venture off by yourself and start making changes to settings that you know nothing about, you do so at your own risk.

Another setting that you may see there is "Allow log on through Remote Desktop Services" and take my word for it folks, this is another huge security risk that you want to pay close attention to. "Remote Desktop" allows a user or hacker from another computer and location to log on to your computer and they can actually see your desktop and your icons.

This user can be deleting icons and documents right in front of you, but that would only make you aware that they are there and that is the last thing that they want. They want to watch you type in your social security number, password, and anything else they can get.

Remote desktop is basically only needed if you are in a company meeting, or if you need someone to log on to your computer and help you make changes to it or repair it. So I always, and I do mean always, disable any and all Remote Desktop settings, it is a huge security risk!

The next setting is of particular interest if you have ever been surfing the Internet, perhaps even playing an online game and then suddenly for no apparent reason at all had your computer shut down or reboot. This next setting is what allows someone to do that to you, it is "Force shutdown from a remote system" so be sure and disable that as well. What that setting does is allow someone from a different computer, such as a user on the Internet, shut down your computer, or reboot it, and hackers love to do that just to mess with people.

If you ever did doubt me when I said that your computer is at risk and open for attacks I bet that you are a believer now, and we still have a lot more to go that may make you as angry as I was upon learning that all of these settings are allowing access to your computer.

A few other settings that you may want to take a look at as well are Impersonate a client after authentication, Lock pages in memory, Log on as a batch job and Log on as a service. I will let you check them out at a latter time if you feel so inclined. However read about them on Google or somewhere, and even then be careful about making any changes.

There are so many settings in Windows that it would be almost impossible for me to explain them all to you, so any that I do not tell you about, or how to change the settings, if you are inquisitive, read about the settings online.

Now we will check out some settings from the category just below the settings we were just going through titled "User Rights Assignment" with the appropriate title "Security Options" which is another category with important settings.

The first two that we want to check are "Accounts: Administrator account status" and "Accounts: Guest account status" both of these are probably disabled already, if the Administrator one is not disabled then do not jump right in and disable it until you know for sure that it will not cause you any problems.

For instance, you may be using the "Administrator" account now instead of one in your name; it all depends on how you answered the questions during your installation of the Windows operating system. If you are using the Administrator account then do not disable it.

Here is a set that I always lock down by denying Remote Access, they are "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" and "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" see image below

When you access the settings for the first one you can clearly see that each username and/or object is being allowed to access your computer remotely, see image below

See the boxes that I have a red line pointing to? If you look above the boxes you will notice that the boxes are checked and therefore allowing Remote Access to your computer, that is what you do not want. If you do not want remote users to be able to access your computer then uncheck the "Remote Launch" and "Remote Activation" settings in the "Allow" column and instead put the check mark in the "Deny" box as seen in this picture below

The same goes for the next setting as well, "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" see image below

Notice in the second image above I do not have anything checked on the remote settings, if you want to disable this setting put a check mark in each remote setting to "Deny"

Did you know that people could even log on to your CD/DVD drives and run any application that you have in there, or if you have personal information backed up to a disk that is in that CD/DVD drive such as your income tax paperwork they can steal that too!

If you do not want anyone from the Internet or a remote location accessing your CD/DVD drives other than you and anyone in your home or office then enable this setting "Devices: Restrict CD-ROM access to locally logged-on" the explanation is "This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously" again I personally do not want any Remote Access whatsoever. By the way "Local" is good, that is your computer.

Please do not get me wrong, Microsoft did have a legitimate purpose for each and every one of these settings, and I have nothing against them at all, beside the fact that these settings and configurations would have been better off if they were disabled for the average user and the companies that do indeed use these settings and configurations already know about them and how to enable them, or at the very least they hire a Network Administrator that does.

The next one that I usually change is "Domain controller: Allow server operators to schedule tasks" and this is because I am the owner of my computer and in a way my own Domain. Keep in mind that in actual computer terms a Domain is basically the main computer that is in control and can control all other computers and configurations from a remote location. However read about it online to get an exact meaning.

That being said, if you make your computer the "Master Browser" then only you are in control of it. Selecting a Master Browser guarantees that there is only one Master Browser in a Domain/WorkGroup I ordinarily would not recommend that you even open the registry in your machine, much less modify it, but this can be a very beneficial setting. Before I explain how to change it in your registry please make sure that this is your computer and not a work computer.

To change this setting in the registry simply click "Start" then in the "search" or "run" box type "regedit" when the results are shown right-click on "regedit.exe" or simply "regedit" and select "Run as Administrator"

Next, in order to make sure that your computer is the only controlling computer, from within the Registry click "Edit" and then "Find" type in "IsDomainMaster" and press the enter key, when the key is found in the registry make sure it reads "IsDomainMaster"="Yes" if it says "No" double click the key to edit it and replace "No" with "Yes" I read an article online that said True and False rather than Yes or No, if your registry says False then make it True.

Also search for this next key, type in the Find box "MaintainServerList" without quotes and press enter, when the key is found make sure that it says "No" or "False" depending on the wording your registry is using. "MaintainServerList"="No" You do not want to maintain a server list that will add your computer information to that list allowing other computers access to it.

You can press the F3 key to continue searching in case there are any more instances in the registry, when the search is finished and you are done, close and exit the registry immediately.

The next setting is "Domain controller: Refuse machine account password

Changes" This security setting determines whether Domain Controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer account passwords every thirty days. If enabled, the Domain controller will refuse computer account password change requests. I always enable this setting, because if it is enabled, this setting does not allow a Domain controller to accept any changes to a computer account's password.

Next we have "Domain member: Disable machine account password changes" set this to "enabled" to prevent a hacker from changing your machine password. After that I usually change "Interactive logon: Number of previous logons to cache" and this one is very important as well.

This is usually set to a number like "10" but if you change this to "0" it will not cache any previous logons. The reason this is good is because you do not want any other user to be able to log on to your computer. When they do log on to your computer, with or without your knowledge, their password is saved to a cache so that they don't even need to supply it again and can log on to your computer again whenever they want, but setting it to "0" disables it.

After that scroll down to "Network access: Allow anonymous SID/name translation" make sure this setting is disabled. This policy setting determines whether an anonymous user can request security identifier (SID) attributes for another user.

Next on my list is usually "Network access: Do not allow anonymous enumeration of SAM accounts" I always enable this to keep anonymous access out of my computer, the same goes for the next one "Network access: Do not allow anonymous enumeration of SAM accounts and shares" enable that as well

Remember to be real careful and read the setting option twice, they can sometimes be a little tricky and cause you to choose the opposite of what you meant to change. Next on my list is "Network access: Do not allow storage of passwords and credentials for network authentication" as I said earlier I do not want anyone to be able to store their password on my machine so I enable this setting

This next one is one that I mentioned earlier in this book, but I will cover it again just in case you missed it earlier. The setting is "Network access: Named pipes that can be accessed anonymously" and this is a huge security risk in my opinion. See the image below

The explanation and default setting are "This security setting determines which communication sessions (pipes) will have attributes and permissions that allow anonymous access. Default: None"

Did you notice that even they say the default is "none" meaning there should not be anything in the box, if there is anything in that box remove it all, only if you are on your own personal computer and not a work computer.

Next on my list is "Network access: Remotely accessible registry paths" Even though they do show a few settings for the default, mine is empty, I removed everything and my Internet, computer, and everything else works fine! Same goes for "Network access: Remotely accessible registry paths and sub paths"

Here is another one that allows anonymous access and shares, a big security risk in my opinion, it is "Network access: Shares that can be accessed anonymously" and even they show a default of "none" so I have the box empty and it works for me.

Here is one that I have enabled that way anyone that I have denied access to are forced to log off, it is "Network security: Force logoff when logon hours expire" and then on my list is "Network security: Restrict NTLM: Incoming NTLM traffic" and I have it set to "Deny all accounts" and everything works fine, including the Internet.

These next two I have set at "Deny All" and the first one is "Network security: Restrict NTLM: NTLM authentication in this Domain" and the other is just as important in my opinion and both can be security risks "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" and that is all that I have on my list that I change, for now anyway. So that ends the "Security Options" portion of the "Local Security Policy"

Here is something else that you might want to check every so often; it is a good idea to check your drivers in "Device Manager" specifically the network drivers/adapters. There should ordinarily only be one Network Card installed in your computer, unless for some reason you added a second one yourself, but if you did then you know what type it is. If you have a wireless device it will also be there.

When you right-click the "My Computer" icon on your desktop and click "Manage" it will take you to the screen we seen earlier in this book (see image below)

As you can see in the image, Device Manager is highlighted in light blue, then to the right a red arrow is pointing to my Network Card. This is and always has been the only network adapter in my computer, but one day a hacker got a hold of me and by looking at the image below you may be able to figure out what they did

There are exactly eight network adapters listed below my usual Network Card, they all begin with the word "WAN" which stands for Wide Area Network and the reason the hacker added these to my computer is they are not literal network adapters like my original one, in other words they are not "Hardware" they are software, and a way for the hacker to tunnel in and out of my computer

When I tried to uninstall them it would not let me, so I had to right-click on each adapter, one by one, and select "Disable" as seen in the image below, and then later on that day when I had time I deleted them from the registry

Always remember to check for things like this from time to time. Hackers are good and think of ingenious ways to get in and out of your computer, this was a fairly new attempt as far as my computer goes, but lucky for me I always check these things at least every other day.

Also there are others that you may not want to keep such as the image below

In the image above you can see a driver highlighted in blue and it is "Remote Desktop Device Redirector Bus" as well as the two below it with a red arrow pointing to them, they are "Terminal Server Keyboard Driver" as well as the one below it "Terminal Server Mouse Driver" keep in mind that terminal server is what hackers use to get into your computer, you never want it running unless you are using a company computer and they have it running, in that case leave it to their Network Administrator.

Now I am going to show you another setting called "Component Services" and we are just going to check a couple of settings here, but be warned, especially on this one, do not change anything at all except what I show you and even then only if you are on your own personal computer/laptop and not a work computer.

To start Component Services go to Control Panel, then Administrative Tools, click "Component Services" or you could click the "Start" button, then in the search box (or the run box) type "dcomcnfg" and press the enter key (without the quotes) then this window should open, see image below

Then double click "Computers" or click the little arrow to the left side of it to drop down the menu items, and you should see this screen below

Right-click on "My Computer" under the "Computers" folder and select "Properties" then you should see this window as seen below

Next click on the button on the right "Edit Default" and you should now see the image below

Notice once again that I checked the "Deny" box on "Remote Access" in this window and the next one too. After you have checked the boxes to deny Remote Access, close that window and edit the next item below the one that we just did, here is the image

Do the same here as you did the last setting and check "Deny" only on the 'Remote" settings, unless you are on a work computer or also do not check it if you do want to let other people log on to your computer, all though to me it is not worth the risk. You have to weigh the differences and decide if a friend logging on to your computer is more important to you than protecting your security and personal information which could end up in the hands of identity thieves.

After you are finished with that window you can close it and then click on the second tab on top labeled "MSDTC" as seen in image below

In this section all that we want to do is make sure that there is a check mark in the box labeled "Use local coordinator" you do not want a remote coordinator to have access and control of your computer.

Next click the little arrow on the left side of 'My Computer" or double click it to reveal three folders from underneath the sub menu in the sub categories labeled "COM+ Applications", "DCOM Config", and "Distributed Transaction Coordinator" as seen in the image below

Next when you click on "Distributed Transaction Coordinator" you will see its sub menu item on the right labeled "Local DTC" then right-click on it (Local DTC) and select properties, then click on the "Security" tab (third tab on the right) to get to this window

Make sure that all of the boxes are unchecked except the last one, it is up to you on that one, but SNA is basically for Peer-to-Peer communication. I have all but that last box unchecked and my Internet works great. Now you can close all of those windows and take a much-deserved break. By the way if you happen to call a friend please tell them about this one of a kind Security and Performance Manual.

#  Chapter Seven

## Group Policy

Well my friend you have almost made it to the end of this book, was I right about all of the security risks or what? Like I said earlier in this book, I have nothing against Microsoft and I do have nothing but respect for the whole Microsoft team, not to mention that I do realize most of their money is probably made by the huge companies that use the networking software, but those companies usually hire a Network Administrator to set those networks up, so why have it enabled and open for hackers to exploit?

The next setting is a great big one and once again I must trust that you will be careful not to change any settings other than what we discuss here, otherwise you could do harm to your computer and even have to reinstall your operating system. I hope that you made a restore point before beginning this section.

Our next lesson is on "Group Policy" and basically what Group Policy is, for those of you who do not know, Group Policy is for Network Administrators to make global changes to one or more computers, it allows a Network Administrator to make one change that effects many computers and users, thus saving him/her time.

If you are on your own personal computer also known as a stand-alone computer then you really do not need Group Policy at all, and in fact I had it disabled in Windows XP but they are making it almost impossible to disable stuff like that these days. Why? You got me, I have absolutely no idea, but by golly it is my computer, I bought and paid for it, and therefore I, and only I, should be able to decide what program or application I do and/or do not use!

If you are using Windows 10 Home then it does allow you to access Group Policy, however if you do a search online, for instance go to Google web site and in the search box type "Enable Group Policy in Windows 10" you will find applications that enable it for you, with a little work on your end, but it is worth it.

You should be logged in with an account with administrative privileges to be able to make changes that I show you in this book. To start "Group Policy" click the "Start" button, then in the search (or run) box type "gpedit.msc" without quotes and press the enter key, now you will see the "Local Group Policy Editor" window as seen below

This is the "Extended View" there is also a "Standard View" and you can change views by clicking on the two tabs on the bottom, for the sake of making smaller images to fit in this book I will use the standard view, you can follow along in which ever view you prefer.

In Windows 10 press the "Windows" key + "R" at the same time to open the "Run" menu and type in "gpedit.msc" without quotes and press the enter key, now you will see the "Local Group Policy Editor" window.

Also notice that there are two different categories that have the same sub categories, the top one is 'Computer Configuration" the bottom one is "User Configuration" and we will start with the top category on the "Administrative Templates" sub category as seen in the image above.

Please double click on the "Administrative Templates" sub category then you will see an expanded view of the window, and then click on the "Network" sub category as seen in the image below

The next step is to double click on the item in the panel to the right on the very bottom titled "Sets how often a DFS Client discovers DC's" as seen in the image above circled in red, and you will see the image below

You will notice that this setting is not configured, we want to configure it because when you read the instructions/explanation in the right panel it says that if you do not configure this setting it will use the default value that is 15 minutes. Let me explain the reason that we want to configure it.

We really would prefer to disable this setting all together, however it will not let us disable it, why? Beats me, but since we can not disable it we can at least make it a higher value so that it does not waste our resources every 15 minutes.

Click on the radio button titled 'Enable" then change the time to 360 as seen in the image below

We do not even want this program wasting our time and our resources pinging, or looking for a Domain controller, but at least we can make it to where it will only do it every 360 minutes instead of every 15 minutes, which is the default value.

There are a lot of settings like this that I wish they would let us completely disable, but since they are insistent that we have a program running on our computers that we do not want or need, then the least we can do is make it do it less often.

Rather than show you a bunch more images, I will just tell you what I have these settings at, after all, I am sure you know how to do this by now. The next setting on my list is "Do not allow the B.I.T.S. client to use Windows Branch Cache" and I have it set to "Enabled"

Next I have "Do not allow the computer to act as a B.I.T.S. Peercaching client" which I also have set to "Enabled". Then "Do not allow the computer to act as a B.I.T.S. Peercaching server" which I also have set to "Enabled"

I have "Allow B.I.T.S. Peercaching" set to disabled. By the way these settings that I am telling you are how I have my computer configured right now and my Internet works fine, my visitors are able to use my wireless Internet service through the router provided by my Internet Service Provider, and everything else works great as well.

I had a customer here yesterday that brought me his computer and the Internet was so slow that he thought he had a bunch of viruses, I fine-tuned it like we have been doing here in this book, I disabled a bunch of this stuff that Microsoft has running and he was amazed at how fast it was.

In fact, when he first got here we went to speedtest.net to do a Internet speed test and we sat there a good 3 minutes waiting for it to finish, so I just stopped the test. About twenty minutes later after I disabled a lot of this stuff they have running and sucking up all of his resources, we went back and the speed test worked immediately giving us excellent results. That gives you an idea of where all of your speed and performance have been going.

I have "Limit the maximum network bandwidth for B.I.T.S. background transfers" to enabled as well as "Limit the maximum network bandwidth fused for Peercaching" to enabled. Next is "Set up a maintenance schedule to limit the maximum network bandwidth used for B.I.T.S. background transfers" to disabled as well as the "work schedule" setting below it.

I set "Limit the B.I.T.S. Peercache size" to enabled, as well as all of the B.I.T.S. settings below it, all set to "enabled" Now lets click on the "BranchCache" subcategory on the left under the "Network" category.

I have "Turn on BranchCache" to disabled, as well as the two "Set BranchCache" settings below that. I have 'Set percentage of disk space used for client computer cache" enabled with a setting of "1"

The rest of those settings I really have not messed with. On to the next subcategory "DNS Client" the only setting in that I have changed is "Turn off Multicast Name Resolution" which I have set to enabled.

The next sub category is "Lanman Server" and there is only one setting there which I have set to disabled and that is "Hash Publication for BranchCache", moving down to the next sub category, I skipped the next one on the list and went to the one below it "Microsoft Peer-to-Peer Networking Services" and I have not changed the first one but I did enable "Turn Off Microsoft Peer-to-Peer Networking Services"

Click the arrow to the left to drop down the sub categories, or double click it, and then click on 'Peer Name Resolution Protocol" in which you will notice it has three sub categories titled "Global Clouds, Link-Local Clouds, and Site-Local Clouds"

Here are the settings that I have:

Turn off Multicast Bootstrap _Enabled_

Turn off PNRP cloud creation _Enabled_

Set PNRP cloud to resolve only _Enabled_

Set the Seed Server _Enabled_

You probably seen that I have the "Set the Seed Server" Enabled but did you see why? You need to read each of these settings so that you know exactly what is going on as we go along and change and/or set the configurations, that way if you ever run in to a problem you will know what to do.

When you double click on "Set the Seed Server" you will get a windows as seen in the image below, notice that I have left the box blank (empty) and put a check mark in the box below it, when you read it you will understand.

If you did read it, now you understand. Please do not just take my word for any of this; always read it yourself and double check, after all, I am only human and just as prone to make mistakes as the next person. Now the settings for the "Link-Local Clouds" are all four " _Enabled_ " and the same goes for the "Site-Local Clouds" but leave the box empty.

Now lets go to the next sub categories, which is labeled "Network Connections" and see what we can do to make your computer more secure. Here I will show you my settings for these and then we will do the ones in the "Windows Firewall" folder.

Prohibit installation and configuration of Network Bridge on your DNS Domain network setting is " _Enabled_ ", Do not show the "local access only" network icon I left that one as " _Not configured_ " as well as Route all traffic through the internal network I left that one as " _Not configured_ "

Prohibit use of Internet Connection Firewall on your DNS Domain network I left that one as " _Not configured_ " then I set Prohibit use of Internet Connection Sharing on your DNS Domain network to " _Enabled_ " and Require Domain users to elevate when setting a network's location is " _Not configured_ "

Now as for the "Windows Firewall" settings I do not ever use the Windows Firewall, I trust "ZoneAlarm" and that is what I use religiously, it tells me any time a program or app is trying to send something out of my computer. Keep in mind that is what a key logger does, it records your keystrokes, then sends your passwords, credit card numbers, and everything else that you have typed, out from your computer to the hackers.

That is not the only thing that it captures, a key logger also sends all pictures that you post or take, all chats that you have been a part of in chatroom's, which is important to know for those of you cheating on your spouse. I gave a key logger to a family member once and he was devastated when he came home from work, opened the information that the key logger saved and he seen naked pictures of his wife that she had sent to a man in a chat room, and the entire conversation too!

You can use the "Windows Firewall" if you like, a lot of people do, but I trust other companies that specialize in just that. Not just ZoneAlarm, there are many good ones out there. I also like using "Avast" because it is an all-in-one package containing anti virus, as well as Spam control and stuff like that, as well as its own very good firewall!

In the "Windows Firewall" sub category I have the "Windows Firewall: Allow authenticated IPsec bypass" set to disabled. Then in the "Domain Profile" Folder (sub category) I have these settings:

Windows Firewall: Allow local program exceptions: _Not configured_

Windows Firewall: Define inbound program exceptions: _Not Configured_

Windows Firewall: Protect all Network Connections: _Disabled_

Windows Firewall: Do not allow exceptions: _Not Configured_

Windows Firewall: Allow inbound file and printer sharing exception: _Disabled_

Windows Firewall: Allow ICMP exceptions: _Disabled_

Windows Firewall: Allow logging: _Disabled_

Windows Firewall: Prohibit notifications: _Enabled_

Windows Firewall: Allow local port exceptions: _Not configured_

Windows Firewall: Define inbound port exceptions: _Not configured_

Windows Firewall: Allow inbound remote administration exception: _Disabled_

Windows Firewall: Allow inbound Remote Desktop exceptions _Disabled_

Windows Firewall: Prohibit unicast response to multicast or broadcast requests: _Enabled_

Windows Firewall: Allow inbound UPnP framework exceptions: _Not configured_

Keep in mind that since I do not use the Windows Firewall I probably did not pay as much attention to this as all of my other settings, but I do set it anyway because even when you are using another firewall besides Microsoft's, firewall, that program import some of your settings from this.

Then in the "Standard Profile" Folder (sub category) I have these settings:

Windows Firewall: Allow local program exceptions: _Not configured_

Windows Firewall: Define inbound program exceptions: _Not configured_

Windows Firewall: Protect all Network Connections: _Disabled_

Windows Firewall: Do not allow exceptions: _Enabled_

Windows Firewall: Allow inbound file and printer sharing exception: _Disabled_

Windows Firewall: Allow ICMP exceptions: _Disabled_

Windows Firewall: Allow logging: _Disabled_

Windows Firewall: Prohibit notifications: _Enabled_

Windows Firewall: Allow local port exceptions: _Not configured_

Windows Firewall: Define inbound port exceptions: _Not configured_

Windows Firewall: Allow inbound remote administration exception: _Disabled_

Windows Firewall: Allow inbound Remote Desktop exceptions: _Disabled_

Windows Firewall: Prohibit unicast response to multicast or broadcast requests: _Enabled_

Windows Firewall: Allow inbound UPnP framework exceptions: _Disabled_

Moving on the 'Network Activity Status Indicator" I have all of these disabled, and then to the "Offline Files" category I have these settings:

Subfolders always-available offline: _Disabled_

Administratively assigned Offline Files: _Disabled_

Configure Background Sync: _Not configured_

Limit disk space used by Offline Files: _Enabled_

Non-default server disconnects actions: _Not configured_

Default cache size: _Not configured_

Allow or Disallow use of the Offline Files feature: _Disabled_

Encrypt the Offline Files cache: _Not configured_

Event logging level: _Not configured_

Exclude files from being cached: _Not configured_

Files cached: _Not configured_

Actions on server disconnect: _Enabled_

Prevent use of Offline Files folder: _Enabled_

Prohibit User Configuration of Offline Files: _Enabled_

Remove 'Make Available Offline' _Enabled_

Prohibit 'Make Available Offline' for these file and folders: _Disabled_

Turn off reminder balloons: _Enabled_

Enable Transparent Caching: _Disabled_

At logoff, delete local copy of user's Offline Files: _Enabled_

Turn on economical application of administratively assigned Offline Files: _Not configured_

Reminder balloon frequency: _Not configured_

Initial reminder balloon lifetime: _Not configured_

Reminder balloon lifetime: _Not configured_

Configure slow link mode: _Not configured_

Configure slow link speed: _Not configured_

Synchronize all Offline Files before logging off: _Disabled_

Synchronize all Offline Files when logging on: _Disabled_

Synchronize Offline Files before suspend: _Disabled_

As for the "QOS Packet Scheduler" category I have not configured any of these. You can read up online about some of these settings if you like but if I am unsure I don't mess with the setting, that and/or on some settings I may have become too tired at the time to read up on them, and some I leave not configured because that is the best setting. If you read the next category that I left all of the settings as " _Not configured_ " you will discover that is the best setting and you will see why.

Now that being said, as I was saying I left all of the "SMNP" category set to " _Not configured_ " with good reason, also the next category. Moving on to the next category on my list "TCPIP Settings" I left all of these " _Not configured_ " as well.

In the next category "Windows Connect Now" here are the settings that I have set at this time and my friends are still able to use wireless when they visit through my Internet Service Provider's high-speed router:

Prohibit Access of the Windows Connect Now wizards: _Not configured_

Configuration of wireless settings using Windows Connect Now: _Enabled_

Moving on to the printer's category. I probably mentioned this before, I do not trust any print settings, keep in mind that in the past, and some still do today too, use the printer port to transfer files and other data rather than actually print. I do not have a printer at this moment, so keep in mind that these settings are if you do not use your printer.

I have the category "Printers" set to these settings:

Web-based printing: _Disabled_

Automatically publish new printers in Active Directory: _Disabled_

Custom support URL in the Printers folder's left pane: _Enabled_

Extend Point and Print connection to search Windows Update: _Disabled_

Add Printer wizard – Network scan page (Managed network): _Not configured_

Always render print jobs on the server: _Disabled_

Allow pruning of published printers: _Disabled_

Disallow installation of printers using kernel-mode drivers: _Enabled_

Add Printer wizard – Network scan page (Unmanaged network): _Enabled_

Only use Package Point and print: _Not configured_

Package Point and print – Approved servers: _Not configured_

Computer location: _Enabled_

Pre-populate printer search location text: Disabled

Point and Print Restrictions: _Not configured_

Execute print drivers in isolated processes: _Not configured_

Override print driver execution compatibility setting reported by print driver: _Not configured_

Printer browsing: _Disabled_

Prune printers that are not automatically republished: _Disabled_

Directory pruning interval: _Enabled_

Directory pruning priority: _Not configured_

Directory pruning retry: _Not configured_

Log directory pruning retry events: _Not configured_

Allow printers to be published: _Disabled_

Allow Print Spooler to accept client connections: _Disabled_

Check published state: _Enabled_

As far as the rest of this goes, well that would be a whole book in itself.

I will cover a couple more settings real quick, if you move down to Administrative Templates, Windows Components, and then Windows Media Player, you can disable some settings that I consider a security risk such as the setting in the right pane "Prevent Media Sharing" I always enable that because I do not want anyone accessing my computer or my music. The rest of the settings are up to you.

I am going to cover one more very important thing, if you click the "Start" button and type "mstsc" it will bring up the "Remote Desktop Connection" menu where we can make a few changes to guarantee that your computer is secure.

Next, click on "Options" it is located on the lower left portion of the window as seen in the image above circled in blue and you will now see this windows as seen in the image below

Click on the third tab on to "Local Resources" and the windows below will appear

Now click on the "Settings" button as seen in the image above and then put a check mark in the "Do not play" and "Do not record" menu options and click "O.K.", after that you will be back at the previous menu, make sure to clear the "Printers" and "Clipboard" boxes on the bottom.

Click on the "More" button and make sure all the boxes are unchecked (empty) then click "O.K." this will bring you back to the previous menu. Now click on the "Programs" tab and make sure there is nothing listed there. Now click on the next tab "Experience" and make sure none of the boxes are checked including the 'Reconnect if the connection is dropped" box.

Click on the "Advanced" tab and make sure that "Do not connect" is selected in the drop down box. Next click the "Settings" button and select the "Do not use an RD Gateway Server" button and click "O.K." now click on the first tab "General" and click on the "Save" button and close the window. If you do not save then all the settings will revert back to where they were.

Go ahead and close everything out, go to your desktop and before we make this last set of changes please once again make another restore point in case something goes wrong or you are not happy with the changes we make we can restore back to this point we are at now.

Now right-click on the "My Computer" icon and select "Manage" When that window opens you will be in "Computer Management" and you want to go to the very last setting in the left pane "Services and Applications" and double click it, or click on the little arrow to the left of it to drop the sub menu options down, and finally click on "WMI Control"

Now right-click on "WMI Control" and select "Properties" and in the new window that pops up click on the second tab "Backup/Restore" as seen with a blue rectangle around it in the image below

After clicking on the second tab you will see two buttons, the one on the left is "Backup Now" and the one on the right is "Restore Now" click on the "Backup Now" button to make a backup of these settings. Once again this is a critical step so please Backup Now!

If you are on a work computer do not make any changes to these settings without consulting the Network Administrator or your boss, changes to these settings could render the entire company network inoperable causing your boss at work a lot of money, embarrassment, and possibly even clients.

After clicking on "Backup Now" and waiting for the backup to finish, click on the "Security" tab (3rd tab on top) as seen with a red rectangle around it in the image above and this will bring you to our next important group of settings as seen in the image below where you will want to click on the plus symbol to the left of the "Root" setting icon which will drop down a lot more settings in the sub menu (see image below)

In these settings we are basically out to accomplish one major goal here and that is to deny access from any and all "Remote" computers and or servers. Click just once on "root" and it will be blue, then click on the "Security" button to the bottom right side of the window and you will see an image like the one below

The setting that we are interested in is the one that says "Remote Enable" as seen in the image above, to get to the option you must click the down arrow on the scroll bar to the right. If you are not on a company computer you can put a check mark in the check box under the "Deny" setting to the right.

Notice that there are several users/groups in the top box. You must click on each one individually and check the "Deny" box. Do this on every option under the root setting, be sure to click the plus symbol to the left of each one to drop down any sub menu items if there are any, and repeat this process on every one, all the way down.

Well my friend, you have made it through the entire security and performance category of this book, successfully I hope, and now you are at the very least well informed, and therefore can make a more educated decision when setting up your computer in the future.

I said "make a more educated decision" because you are more educated now on these topics, and I hope that this book has been informative and enlightening for you, I wish you all of the best in all of your future endeavors. The next section is on computer repair and a couple other subjects that I said earlier in this book that I would add, such as the A.D.H.D add in, and if you know someone with A.D.H.D please do share that with them.

#  Chapter Eight

## Computer Repair

I have a tip for you and it has saved my customers and I a lot of money in the past, so if you have ever thrown a computer away or replaced the motherboard that displayed the symptoms that I am going to explain below, please never forget this tip.

I have at times plugged in to my computer a component which belonged to one of my friends or customers that was bad, such as a hard drive that had a short in it, only to have that component damage my computer to the point that I was ready to give up on the possibility of my computer ever working again.

Now, anything that I tell you in this book can be verified by my friends and/or customers, who by the way know how honest that I am and that is why they have brought me so many customers who were ripped off by some flaky people that not only did not fix their computers but as it turns out had even stolen and/or switched them computer parts.

Why am I telling you this? Because in order for you to learn and grow from this book you need to know exactly who you are dealing with, you need to be able to keep an open mind and trust that what I tell you in this book is true and correct to the best of my knowledge and that I would never intentionally steer you wrong.

Some of the tips that I am going to reveal to you in this book sound really far fetched and you will have a hard time believing that these tricks of mine have really fixed some computers for my customers, friends, and even myself, and these tricks have also worked on many other types of electronics too!

I found a wallet once when I was young and I had moved in with a friend of mine, we were both out of work, and had very little food. The wallet had four hundred and seventy-eight dollars in it, and even though we had no idea where we were going to get money to eat after our food ran out in the next couple of days, I gave the wallet and all of the money back to the owner, so if you can't trust me who can you trust?

Now, here is the first, and probably the most important tip for repairing a computer that I have ever stumbled across. Like I was saying about plugging that hard drive that was bad in to my personal computer, it had rendered my computer useless.

I am very good at what I do, but one of my customers said to me one day "You know what makes you so good? You never give up!" I tried to get my computer going again for a couple of hours to no avail.

However, as I tell you this fix, I want you to know that this fix also worked on my computer another time when a virus or something shut my computer down while I was surfing the Internet and upon turning it back on it did not work, but the symptoms were about the same in that case as well.

So, if at any time you try and try to get your computer going to no avail, remember that after at least an hour of troubleshooting not only these two instances, but probably about six other times throughout my career, I fixed all of them with this simple set of steps that I will tell you right now.

The symptoms vary a little bit in each situation, but on most occasions my computer would come on but no beep and no BIOS read out on the screen, it was blank. Keep in mind that as long as your computer has a speaker you should hear one quick beep. That is good, one beep means that everything appears to be fine and the computer will usually boot to windows after that, unless your windows installation was corrupted.

The computers would not start at all at times, some did start but that is about all, they usually appeared to be dead, some times I might have a light on the power button, sometimes not. On a few occasions the computer would come on, but the screen would be black and I usually did not even get a beep, like I said, but that is usually a good sign that this trick will fix it.

Start by shutting off the computer and the monitor too. Unplug the power cord that is connected to the back of the power supply that is built in to your computer, and wait about fifteen seconds. Sometimes I press the power button even though the power cord is not plugged in to it and I know that it will not start, and the reason that I press the power button is to help drain any remaining electricity out of the unit. Wait about fifteen to twenty seconds and then plug the power cord back in and turn the computer on.

If that did not fix your computer, turn it off again and unplug the power cord. Open the computer case and on the motherboard find the jumper that resets the bios. It is usually, but not always, close to the little round CMOS battery. You may have to look in the manual that came with your computer, or if you built the computer yourself it will be in the instructions that came with your motherboard.

Please be very careful, if you do not do this step right you can damage the motherboard, ram chips, CPU, or other components in the computer. Some motherboards have three pins and there will be a jumper on two of the pins, usually pins one and two. You simply move the jumper from pins one and two, to pins two and three, wait for about fifteen seconds and then move it back to pins one and two.

Again, I do not recommend that you try this until you consult the instructions that came with your computer or motherboard because one mistake and you have nothing left but a paperweight. Make sure that the computer is off when you move the jumpers, wait fifteen seconds and put the jumper back on the two pins that it was on by default.

Some computers use different pins and jumpers, if you do not have the manual that came with the computer or motherboard you can go on the Internet and search for that exact computer model, or motherboard model and add "Bios Reset" to your search. Now if your computer works, you did a good job, however if it still does not work, do not get upset and throw it away.

This trick above that I just explained to you has fixed so many computers that it is unreal, but you are going to love the next step. On about nine separate occasions in my career, I did all of the steps that we just went through above, and that still did not fix those computers. When that did not work on the first occasion I threw my computer away.

This was when I was young and before I was a certified technician, but I will never forget this awesome trick that has fixed my computer many times when it appeared to be burned up and would not work, and you will never forget it either the first time that it fixes your computer. I did not have enough money at the time to buy a new computer, so I took it back out of the trash and just in case the ram chips were good, I took them out of the computer, and then I took out all of the other parts as well, except for the CPU.

I then took the motherboard completely out of the case, putting all of the screws in a dish in case I needed them when I bought the new motherboard, then I went in the other room and called a few computer stores around town to get prices on a new motherboard/CPU combo and when I realized that I would not have that kind of money for at least a month I went into the living room and on the couch watching television for about an hour.

I was bored out of my mind, and that is when I started realizing that I would be totally lost without a computer, so I went back in the room and completely put the computer back together again, turned it on and it worked like brand new!

Now I must tell you that this has fixed my computer at least five or six times over the years, as well as several of my customers, and we were at the point of giving up and throwing the computers away.

Usually the first step that I told you, unplugging the power cord and waiting about fifteen seconds, worked about eighty percent of the time, and when that step failed, resetting the bios with the jumper worked, and if none of those steps worked, taking the motherboard completely out and waiting a few minutes before putting it back together worked!

For some reason taking the computer motherboard completely out and unplugging any power cords and connectors, seemed to work. It seems that when it is ungrounded and lifted completely off of the metal case and set screws this allows any residual energy to dissipate, this is just a guess on my part, but take my word for it... it works!

I have never had to buy another computer in these situations, one of the three steps worked almost every time. One of the times that I plugged a component in to my computer that a customer wanted me to test, it even sparked and shut the computer off, I thought that I even smelled a little smoke, and it took me about an hour of doing the steps that we just went through, but it worked!

Keep in mind that in the worst-case scenario I had to repeat all of the steps several times before it finally worked. On the last computer that almost fried from me plugging in a customers hard drive that had a short in it (yes, I was stupid enough to do it again!) after resetting the BIOS by moving the jumper from pins 1-2 to pins 3-4, waiting 15 seconds and then returning it back to pins 1-2 it would not work. It would come on but no screen and no beep, but I kept turning it off, waiting about 15 seconds, then turning it back on, over and over and it finally worked.

Did you notice that I said it worked "Almost every time" in my statement above? That is because there are four occasions when nothing would work at all, not even those tricks, but wait; this one will literally blow you away.

Did you ever have one of those "I can't believe it worked!" moments? If so then you are going to be utterly amazed by this next trick of mine that fixes more than just computers, it fixes all kinds of electronics. O.K my friends, what I am going to teach you here in just a couple of minutes is going to save you hundreds of dollars on just about all electronics (pretty much anything with a circuit board) I know that most of you are going to find this hard to believe,

How to fix any electronic device with a simple household hair dryer, it really works! I have used this trick on T.V Converter boxes, Computers, and my friend even used it on an Electronic Door Bell Chimer. It really does work! So don't throw those electronics away yet!

I was working on a computer for a customer that was laid off of work, he did not have much money to spend, and I knew what the problem was! The problem was a hairline crack in his motherboard! That is the problem on most electronic devices that we throw away these days!

The way that I knew it was a crack in his motherboard was because it would not turn on, but when I pressed down on his video card to make sure that it was properly seated, it came on. It worked for a while and then would not come on again. This time pressing down on the video card did not work. I pressed down on a ram chip and it came on again. I finally realized that pressing down on certain parts of the motherboard is what made it work. This could only be caused by a crack.

The problem that I had was my customer had no money to pay for a new motherboard. Sometimes he would turn his computer on and it would work, sometimes he would turn his computer on and it would not work! If the crack were on the outside of the board I would be able to solder it on either side, but the crack was on the middle layer of the circuit board where I could not get to it to solder it!

As I pondered this problem I had a hair brain idea! I was blow-drying my hair that night thinking about how thin the metal traces are in circuit boards; they are thinner than a human hair. Just then I got the hair dryer too close to my scalp and it burned me. That is when I wondered if something so thin could be melted back together with heat from a hair dryer.

I thought this was a lame attempt at best, but my customer had no money and I did not have another motherboard that I could give him! So I took the motherboard out of his computer, took the R.A.M. chips out, because static electricity can ruin memory chips, and I took a regular household hair dryer setting it to the highest heat settings available, then I slowly ran hot air across both sides of the motherboard, and then to my amazement it actually worked! Not just once, but time and time again! He actually used his PC for a little over four months.

As crazy as this whole hair brain idea of mine sounded, to my amazement it actually worked! I have a couple of patents and I have always been into inventing stuff, but that was a fluke. By the way, I even wrote a "How to write your own Patent" book titled "Patent Ease" by Wayne Hoss.

Upon telling my best friend and his wife about my new discovery, knowing that I am the most honest person that they have ever met (according to them) but they still wondered if I was pulling their leg, so he went home and tried my idea on an Electronic Door Chime of his wife's that he had been trying to fix for over a week. It was his wife's favorite sounding door chime and he could not bring himself to give up on it.

He called me back about twenty minutes after they left and said, "Oh my God, it works! Your idea really works!" To which I replied, "I know!" Since then I have fixed four out of five T.V Converter Boxes using this simple method, as well as four other computers, and of course it fixed my friends door chime. Be warned however; do not use a heat gun! A heat gun gets way too hot and will melt things.

Also note that you must quickly blow heat over the entire board on both sides to "Preheat" it, then you must slow down, cover one area at a time moving real slow so that the board gets hot enough to fuse the broken trace back together again. Once I tried fixing something for a neighbor and I was shocked that it did not work. He said he went home and did it again but went slower, and heated it longer and it worked!

Here is a cool trick that I stumbled upon once upon a time, have you ever downloaded part of a movie and had the download cut off before it finished, but you still wanted to watch the part of it that did download? Well then, all that you have to do is delete the ".part" extension of the file name. For instance it might be a file name like "mydownloadmovie.mp4.part" so all that you have to do is rename the file to "mydownloadmovie.mp4" Removing the ".part" portion at the end of the file and it lets you view the movie, if you want to finish downloading perhaps renaming it back again will even let it finish downloading.

If upon rebooting your computer it gives you problems from any changes that you made, or if you are locked out of your computer, restart it again and immediately begin pressing the F8 key, or tapping it over and over again until a screen comes up and then select 'Last Know Good Configuration".

If you did not press the F8 key fast enough and it starts reloading windows hit your reset button, or use Control + ALT + Delete keys simultaneously to reboot again, but do not press the power button and shut it off. Never do a hard shut down if you can help it, because it could damage your hard drives as well as your computer.

If your computer ever freezes up press the "Reset" button if you have one, rather than power it down the hard way with the power button, and if your computer does not have a reset button. Pressing the Control + ALT + Delete keys simultaneously will reboot it again but only in DOS during the boot cycle.

If you are in Windows and a program freezes up and stops responding, press the Control + ALT + Delete keys simultaneously to bring up the task manager, and then select the program that froze up and click "End Task" which will usually make things start working again and is better than shutting down and risking the loss of data.

#  Chapter Nine

## Conquering A.D.H.D

What makes me so good at this is what one of my bosses revealed to me about my A.D.H.D, with all of this energy that I have I get bored and study a lot of subjects, and for some reason (according to my boss) I always seem to find a better way of doing things every single time!

So to those of you out there with A.D.H.D letting them fill you up with medicine that mellows you out and even turns some people into a vegetable "so to speak" embrace your gift and even though you will tend to get on other peoples nerves at times, as I have done unintentionally over the years, so what! Do not take drugs for A.D.H.D. instead use it to its full potential as I have worked so hard to do.

I have passed computer hardware and software exams at a Microsoft Certified College and I am a 'CompTia A+ Certified Professional" in computer hardware and software repair and diagnostics, I also graduated the top of my class in a Microsoft Certified System Administrator (M.C.S.A) course.

I passed the Real Estate Exam and got my license, which was a very tough challenge, I met people there taking the test for the fifth time and I passed it with flying colors my first time. I am a successful author with seven published books, counting this one, and one of them even received a 5-Star Review from an Amazon top reviewer titled "Patent Ease" by Wayne Hoss the "How to write your own Patent" book.

Speaking of Patent, that is how I was able to write that Patent book, I have several patents and patents pending filed with the United Stated Patent and Trademark Office (U.S.P.T.O) as an inventor.

I have run my own businesses as well as managed many stores and restaurants, including one of the major electronic outlets at a local mall. I could go on for days about my many different types of accomplishments and jobs, but the point that I am trying to make here is without A.D.H.D I probably never would have accomplished any of it.

Yes, for the most part A.D.H.D is a curse, and if you think that you have it bad, consider this; every single doctor that I have ever been to, spanning many years, agree that I am the worst-case of A.D.H.D that they have ever seen!

I have so much energy that I continually rock all daylong, all night too! My doctors say that over the years they have given me every type of medicine that they could think of and nothing slows me down. They all say that they have never seen a case as severe as mine.

The reason I told you this is because I want you to know that if I can accomplish all of these things having the worst-case of A.D.H.D the doctors have ever seen, then so can you! For anyone reading this about A.D.H.D because they know someone else that has this disease, all that you need to know is this.

If you have, or know someone that does have A.D.H.D all that you need to do is find something that they are really interested in, it has to be something that they really are good at and like to do more than anything, because if not they will get bored with it and walk away, hence the A.D. Part of A.D.H.D which stands for "Attention Deficit" and it is a big problem that makes it hard for them to pay attention or really get involved in things.

My Shop foreman many years ago said to me "I do not know how you do it, in fact I shouldn't even tell you this or you will probably start asking for a raise!" he says under his breath and then continues to say "I will not give you one so don't go there!"

At that point the other shop foreman said, "Just tell him, he has a right to know" and I said, "Tell me what?" The head foreman continued on to say" Don't ask me how your hyperactive rocking ass does this (I rock a lot due to my A.D.H.D he says that it makes him seasick) but it makes me so damn mad!"

The other shop foreman cuts in and says 'It does, look at the expression on his face right now, it literally pisses him of that you some how can do this!" Still at a loss of words and bewildered by whatever this thing is they are trying to express to me, and not doing a very good job so far, I simply chuckled and replied 'What pisses him off?"

The head foreman continues on with his explanation and I can clearly see that it is somehow as if I am attacking his pride or something, and he says "Like I was saying, I don't know how your goofy little rocking ass does this not just once like last week, but every single job that we have ever put you on..." he pauses and looks at the other shop foreman as if debating whether or not he should fill me in on this.

Then the other shop foreman says 'What he is trying to tell you is what you did last week when our entire staff of welders, welders helpers, and everyone else at this shop was going to have to work the entire weekend right up until damn near midnight Sunday, in fact we figured it would be way past midnight before anyone even got close to being able to go home, that job had to be finished and loaded on the trailers by five in the morning"

The main foreman cuts him off and gives me a mean look and says "I still for the life of me can't figure out how you, all by yourself, welded all of those units and had them finished a little before five P.M Friday and it makes me mad you little bastard!"

The other foreman laughs then looks at me and says, "I think you were just as surprised as we were when we told you the unit you were almost finished welding on was the last one, and then we told everyone that they could go home, and let them know we did not have to work until after midnight Sunday because you finished the entire job two and a half days early"

I laughed and said "I was surprised yes, but at first it scared me when a bunch of the other men started hitting me on my arms and slapping me on the back, I thought you were letting them go home and that I was going to be the only one that had to work up until Sunday night!" I exclaimed and then continued speaking, I said, "That is until I raised my welding hood and noticed some of the guys were so happy that they were cramming ten and twenty dollar bills in my pockets."

At that point the head foreman finally tells me something that I want all of you out there with A.D.H.D to always remember, he said 'What makes me mad as hell is the fact that somehow, we have no idea how you are able to do this, not just on one job, but on every single job that we have ever put you on in all of these months that you have worked here, you always find a faster and better way of doing the job"

I said "Oh, really? I was not aware of that!" and the main foreman said, "No, I don't think he gets it" as he looks at the other foreman. The other foreman starts to say something but he cuts him off and finally ends the story with this, "You really don't get the scope of what we are telling you here do you?" he says as he mellows out a bit and continues explaining things to me.

He says " Look at it this way, that job that you finished two and a half days early may just be a coincidence to you right now, or maybe you think that you just got lucky, but its far from that. You have two of the best shop foremen in the entire county of Kern standing in front of you" as he looks at the second shop foreman.

Then he says "Hell I have worked at all of the best shops in town, with all of the best men, so has Lou here!" he says as he points towards the other shop foreman and he continues speaking.

He says "You know the owner of this business, he owns this huge business because he is the best in town, and the three of us spent little over two weeks carefully planning that job that you did last week, we knew that it would be near to impossible for us to finish it by the deadline Sunday night"

He says "To make a long story short, the three of us are the best in the business, and we spent night after night trying to figure out the best way to get this job done on time, and you somehow came along, all by yourself, and finished two and a half days before the three of us, according to our best estimates, figured it could even be finished!"

The other shop foreman laughs because he know how much this is eating at the main shop foreman and how hard it is for him to admit it, as the main foreman continues speaking to me saying "What makes me mad is that its not just this job, it is on every single job that I have ever put you on"

He slams his fist down on the break room table as if his pride was getting the best of him and says "Every damn time, on every damn job that I have ever put you on, you have always found a better and faster way to do the job!" I was shocked and at the same time felt a little proud, even though I almost found it too much to swallow myself as I said 'Really?" and once again he said 'Don't ask for a raise because you are not getting one"

This is a true story, the reason that I told you this is because I want people to understand that if used in the right way A.D.H.D can be a good thing, if people can put away their jealousy and other foolishness. If you have A.D.H.D find something that you really like to do, and give it your all, and you can accomplish even more than I have.

In fact that story is already in one of my other books, nonetheless, I did not want you, my reader, to get the wrong impression and think that I am boasting and bragging, I just want other people with A.D.H.D to know that they do not have to take a bunch of medicine and become a zombie 'so to speak"

I do not want Microsoft to think that I am in anyway putting them down because I assure you that I am not. I did graduate from New Horizons Microsoft Computer college in the M.C.S.A Course the top of my class, but the only reason that I know so much more than most other techs is this thing called A.D.H.D that constantly keeps me busy learning, studying, and observing for hours on end what the average person studies for a few minutes.

I have to keep my mind busy on projects such as this book in order to function with this disease. I used to call A.D.H.D a curse, and in fact it is in a way, it definitely can be one hell of a curse, and according to not most of the doctors, but all of the doctors that I have seen over the years I am the worst-case that they have ever seen.

My mind throws like twenty thoughts a second at me as to where a normal person, I imagine, has only a couple or three thoughts at a time. I guess, I honestly have no idea what its like to be normal, but that is why I had to take this opportunity to express to anyone out there with A.D.H.D that you do not have to take pills and sits in a chair all day drooling all over yourself like a vegetable.

I say this because one of my friends said to me one day that I was too hyper for him and that I tend to get on his nerves, and this much I already knew, but he went on to say something that I personally thought was not very nice and that's why I made it a point to shout out to anyone else with a severe case of A.D.H.D

Do not let them do to you what he said I should have let them do to me, he said 'You should have just let your doctors give you killer medicine that spun you out of your mind and you could have been a drooling zombie that sat in a chair all day drooling, spun out of your mind, and then you would not be getting on our nerves!"

Some friend huh? Not to worry, I am no longer friends with that individual, and my reply to him was this, and if you have A.D.H.D please keep this reply that I said to him close at heart, and really consider it, in the end only you and your doctors know what is best for your situation.

I said "For that I am truly sorry, I do realize that I am loud and obnoxious at times, and I know that my constant rocking bothers a lot of people, hell my boss use to say that I made him sea sick. Again I apologize for getting on peoples nerves"

I said, "That is why I pretty much stay to myself! You ask me all of the time why I am such a hermit and do not get out that much, it is because I do realize that I am so hyperactive that people find it hard to be around me, but my friend, we are in my house. I did not call you and beg you to come over, you stopped by unannounced, and I am glad that you did, I always enjoy your company!"

Then I said "But if I get on your nerves that much, then all I can say is that you do not have to be here, I did not ask you to come over. As for taking medications and letting the doctors turn me into a, as you put it "a drooling zombie that sat in a chair all day spun out of my mind" yeah sure I could have sat in a chair all day staring out the window watching other people outside playing and having fun, but you are wrong!"

I said, "I did make the best choice! Had I taken medications and been a drooling zombie like you said, then I never would have passed all of those Microsoft exams and graduated top of my class as a Microsoft Certified Systems Administrator (M.C.S.A) and I never would have passed the Realtor Exam and became a loan officer, nor would I have written my own Patent and had six books published"

So by now I think you see what I am saying to all of you out there with A.D.H.D however do not just quit taking your medicine without talking to your doctor first, your situation may be different than mine.

By the way one of my books is "Patent Ease" by Wayne Hoss which is a "How to write your own Patent" book, it received a 5-Star review from one of the top Amazon Reviewers, you can download it free at Smashwords website. If you ever had an idea for an invention it is an incredible book that walks you step-by-step through the entire process of writing your own Patent Application.

I want to thank all of my readers for their support, for their time, and most of all for being the awesome people that they are and appreciating my writing, may God bless each and every one of you.

### OTHER BOOKS BY THIS AUTHOR

Have you ever had an idea for invention? If you have then I imagine that you probably put that idea on a back burner "so to speak" after finding out that Patents literally cost thousands of dollars.

What if I told you that you could write the patent application yourself with the help of a book that walks you step-by-step through the entire process, would you take that idea of yours and finally do something with it?

Well, take it from me, you can write your own patent and I have made the process so simple that even a child could do it. My book Patent Ease by Wayne Hoss received a 5-Star review from an Amazon reviewer.

I did it all by myself, and if I can do it so can you, what is even better for you is the fact that I studied for months on the subject and when my patent was approved I was so happy that words can't express it.

I had a patent attorney double check my patent application before I sent it to the patent office and believe it or not he said to me "I could not have done a better job had I written it myself!"

Since then I have written many patents and have even written many patents for other people. The reason that I said it is better for you is because I have taken what took me years to learn and made it so simple that you can learn how to do it in just a few days!

Here is what one of my readers sent me in an email after purchasing my book "Patent Ease" and writing their own patent:

To waynehoss@yahoo.com

Message body

Hi Wayne,

I would like to thank you for writing a great book that simplifies the patent filing process. Until I purchased this book I was procrastinating with beginning to write my application. Now, however, I have already filed for my customer number and am beginning to write my application. Thank you very much for making it sound and look easy, just like the book title says, and for making my mind at ease with this patent writing process.

Sincerely,

Pawel Polanowski

Patent ease comes with a simple "Walktrough Chart" that takes you step-by-step through the entire patent process from beginning to the end, and when I sent my last patent application off to the United States Patent and Trademark Office (U.S.P.T.O) the cost of filing that patent was less than two hundred dollars. Get this book, don't let your dreams sit by the way side

Patent Ease by Wayne Hoss

Leadership and Parenting by Wayne Hoss

A Sermon to Remember by Wayne Hoss

Poems from the Heart of Wayne Hoss

They Could Make a Soap Opera Out of This by Wayne Hoss

