Contact Richard:   +44 (0)121 663 0223 +44 (0) 7703 355045

Why use a Strong Password?

You’ve probably heard the advice the Police offer to households to reduce the risk of burglary. Make sure Windows and Doors are cloBurglarsed and locked, use good quality strong locks on doors and windows, use a Security Alarm preferably with different zones, don’t leave tools lying around outside the home that will make an intruders job easier.

Good advice isn’t it? We all want to keep our homes and belongings safe and sound.

At a guess, if your home was broken into then you probably wouldn’t shrug your shoulders and say it was “one of those things”. Even if nothing of value was taken, you’d probably still feel disturbed that somebody had gained unauthorised access to your property and belongings.

So stop and consider for a moment – how would you feel if the same thing happened and somebody gained unauthorised access to your company computer systems?

Upgrading a clients security

We recently helped a client migrate their systems from a peer to peer network to a Windows Small Business Server 2008 (SBS 2008) network with central file storage, e-mail and strong security.

In the previous peer to peer network, the security was very minimal. Users had passwords, but they never changed… ever. Passwords were often the same as the user-names, or were very simple – cat, dog, that sort of thing. Files were shared amongst everyone in the system without any permission structure in place.

In effect, anyone who had access to the network had access to ALL the network, and that anyone could include anyone who could guess a logon user-name and password. So let’s be honest, ANYONE!

SBS 2008 takes security seriously, and after implementing the new network infrastructure we talked to the client about the new strong password policy they would have in place. The client had lots of questions, many objections to the new way of working (“But we’ve always done it this way”, “I don’t see the point”, “People won’t remember all that”) and generally a resistance to change. This is human nature – change is difficult, but people are adaptable.

The benefits of a strong password policy

So we explained to the client the pro’s of a Strong Password policy, and the huge disadvantages of sticking with a weak password system.

So what is the difference between a Strong Password Policy, and a Weak Password system?

A weak password provides attackers with very easy access to your computer system. Strong passwords are considerably harder to crack (or break) – and that’s even with the powerful password-cracking software that is available today. Password-cracking software continue to improve, and the computers that are used to crack passwords are growing more powerful than ever. Password-cracking software generally uses one of three different approaches: intelligent guessing, dictionary attacks, and brute-force automated attacks that try every possible combination of characters. Given enough time, the automated method can crack any password. However, strong passwords are much much harder to crack than weak passwords. A secure computer system has strong passwords for all user accounts.

What is a weak password?

A weak password:

  • Is no password at all.
  • Contains your user name, real name, or company name.
  • Contains a complete dictionary word. For example, Password is a weak password.

What is a strong password?

A strong password:

  • Is at least seven characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete dictionary word.
  • Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 …) are not strong.
  • Contains characters from each of the following four groups – Upper-case letters, Lower-case letters, Numerals.

A computer system or network should have a mandatory password policy put in place. This policy will dictate that passwords must be strong, meeting the above criteria, and also be changed after a set period of time – say, 42 days.

This sounds too complicated!

If all of this sounds rather a chore, ask yourself the question – should I adopt a strong password policy now…. or after an unauthorised user has gained access to my files? This isn’t scaremongering and it’s not a case of if, it’s a case of when. We regularly see random hacker attacks on *all* our client systems – even those with security in place. Generally these are random attacks probing for weaknesses. But think about this… to use the Household Security analogy again, which house do burglars target, those without signs of security, or those with windows and doors left open. The same is true of Computer Security – by adopting strong security policies, you don’t eliminate the risk of attack, but you do become a less attractive target.

Frequently Asked Questions

Q – Couldn’t we all just use this same password? It makes it easy for us to log on.

A – You could all use the same password, as it would make it easy for everyone to logon, but that everyone might include the cleaner, the security guard, Mary in Finance, whoseteenage son who has popped into the office to wait for Mom to finish work, hackers trying to access the network from the Internet, an employee checking out his appraisal compared to his colleagues, a disgruntled staff member looking to destroy some data, or worse, your competitor who has gained access to your network. By having individual strong passwords for each user, you’re drastically reducing the risk of these scenarios, or similar, ever occurring.

Q – The boss and our HR department need access to everybody’s files and e-mails – can we use strong passwords but force everybody to write them down so colleagues can access them?

A – If a member of staff writes his password down on a post-it note in his desk drawer, or worse, attached to his monitor, then that password isn’t secure at all and the whole system becomes vulnerable. You could get every member of staff to write their password down on a piece of paper kept centrally, say with HR or the boss, but as passwords are best changed every 30-40 days, this will turn into a laborious exercise in administration very quickly. A better solution would be to simply dynamically give the boss or HR  department access to those files or e-mails they need to from their own logon and computer as and when needed, or less preferably but if necessary, give them permanent access to all those resources from their own logon and computer.

Q – Can we ask the IT department to tell us what Joe or Dave’s password is?

A – The IT department don’t have access to users existing passwords, they can only reset these passwords to something new. This creates an audit trail of who changed a password and when.

Q – When Joe is on holiday or off-sick, Dan needs access to their files and e-mail – if Dan hasn’t got Joe’s password to log on to his computer, how can he cover his work?

A – Rather than sharing passwords and logging on to a computer as Joe, Dan can be given access to Joe’s e-mails and files from his own computer and logon. This could be temporary, so when Joe returns from his absence Dan no longer has access to his files or e-mails.

Q – We have folders that we’d like password protected, is this possible?

A – If you’re following the advice we’ve given previously, with every user having their own logon and password, then any file folder can have very granular security, allowing or denying a single user or group of users access to those files or sub-folders. For instance, you may have a Public Folder containing four folders – Staff Information, Design Drawings, Accounts and HR. Everybody in the company needs access to Staff Information. Everybody needs access to Design Drawings, but only the Design Staff should be able to modify or delete files within that folder. Only the Finance Department and the boss need access to the Accounts folders, and only the HR department need access to the HR folder. It’s very simple to set-up granular permissions for this scenario, provided everybody has their own user-name and password.


If you’ve not got a Strong Password policy in place – then why not? Be honest with yourself – are you ignoring that advice from the Police and leaving the windows and doors to your home wide open? Or are you being realistic, realising that threats do exist and you can mitigate this risk by taking reasonable steps?

Thoughts and your own computer security advice welcome! If I can offer any advice or point you in the direction of an IT company who can help you with your own requirements, don’t hesitate to get in touch!


How to fix “Cannot copy file. The Parameter Is Incorrect” error

Had a head-scratcher today whilst migrating some data from a 500GB External USB HDD to a new 1TB External USB HDD, both attached to a client server.

Some of the data refused to copy across, throwing up a “Cannot copy file. The Parameter Is Incorrect Error” each time. Same error when the copy was attempted in DOS, RoboCopy or XCOPY.

Upon investigation, each of the problematic files were 10GB+ in size – and suddenly the realisation dawned – that the new external HDD was formatted as FAT32 and not NTFS, and thus suffered from FAT32’s 4GB file limit.

A quick format to NTFS on the drive, and I was able to copy those large files across without issue.

Obviously, I have become so used to working with large files nowadays that sometimes I forget things weren’t always this way!

How to move the System Volume Information folder

Sods Law dictates that as soon as you take steps to rectify a potentially disastrous situation, such as ordering new hardware to replace an aging and creaking server, that things will start going terribly terribly wrong as a consequence. Or so it feels, anyway.

We’re awaiting delivery of new hardware to replace a clients old SBS server, a server that has been running without too many difficulties for some time but was looking a little long in the tooth and so we felt was prudent to replace. No sooner had we placed the order with our suppliers for the new tin, than the existing server got wind of it’s impending retirement and started acting the arse (anybody who says Artificial Intelligence will never come to happen doesn’t know grumpy old servers such as this one).

One such problem we encountered was the C: drive running critically low on disk space. We took the usual steps – running Disk Cleanup, removing unused Local Profiles, deleting Temporary files and so on – we even stopped the Automatic Updates Service and cleared out the “Software Distribution” folder to clean that up, all saving a few megabytes of storage space.

But each day the problem returned – low disk space on C:

After installing the excellent Treesize Professional from JAM Software the culprit soon became apparent – C:System Volume Information.

What is the System Volume Information folder? Well there is an excellent write-up of what the folder is at but in a nutshell, it’s the place that stores System Recovery points, Content Indexing Files and the Volume Snapshot Service data. To put it simply – it’s a very important folder and you should never try to work with it directly – don’t delete files from it, don’t make changes to it, nada!

On this server, Indexing had been turned off, and there were no System Recovery points, and so our attention turned to the Volume Snapshot Service – or in this scenario, how to move that data from C:System Volume Information to another drive.

The process actually proved quite simple.

  1. Stop and set the Volume Shadow Service to “Disabled” temporarily to prevent it from kicking in.
  2. Open Computer Management.
  3. In the console tree, right-click Shared Folders, select All Tasks, and click Configure Shadow Copies.
  4. Click the volume where you want to make changes (in our case, C:) and then click Settings.
  5. In the Settings dialog box, change the “Located on this volume” (we moved it from C: to G: – which had ample disk space to accommodate the folder) and click OK.
  6. Click Enable.
  7. Set the Volume Shadow Service to “Manual” again and let Windows do it’s thing.

Voila! 9GB disk space on C: immediately freed up!

Maybe that will give us enough time to gently ease the old server into retirement without it throwing another hissy fit! Fingers crossed…

How to force users to logoff a networked PC

Even on the smallest network, one of the issues every system administrator faces is that of getting a “clean” backup – a backup which doesn’t show errors due to open files being locked and therefore unable to backup properly.

True, backup applications such as Backup Exec have Advanced Open File options that allow you to overcome these issues – but if you’re not using such an application, you’re left in the position of politely reminding your users to logoff each night… again… and again… and again… and again…

The simple fact is, when the clock hits 1730 for “knocking off” – the last thing on a users mind is the fact that if they don’t logoff then the server backup may be affected. More likely they are already in the pub ordering a cold one.

So how do you force users to log-off? There are 3rd Party applications to do this, but they cost money – money that the MD is unlikely to sanction spending (“Remind them again to logoff” is a more likely response).

There are also Group Policy settings that are supposed to force logoff’s for you – but in my experience these simply don’t work reliably.

Step in SysInternals PSShutdown. PSShutdown is a free tool, part of the PS Toolkit, that can be run from a command line to force logoff’s and reboot’s of remote machines.

Download the tool, extract the file psshutdown.exe to a folder on your server, then create a text file containing the names of all the computers you’d like to automatically logoff each night. i.e.



Save this file as COMPUTERS.TXT in the same folder as PsShutdown.exe

Then, create another text file and fill it with a command line something similar to this:-

PsShutdown.exe -e p:0:0 -r @computers.txt

The above command line simply says, run PsShutdown.exe and set the Shutdown Reason (-e) to Scheduled Maintenance (p:0:0) then reboot (-r) the computers in the file @computers.txt

The full command line switch list for PsShutdown.exe can be found here.

Save this new file as a Batch file called PsShutdown.bat and then use the servers Scheduled Tasks (Start > Programs > Accessories > System Tools > Scheduled Tasks) to run this batch file at a convenient time, say 20:30, when all the users have left for the day.

Each night at 20:30, any users left logged onto the systems will now be “kicked” off and their machines given a clean-boot.

Your Backups should now be squeaky clean and free of any open-file issues!

How to Resize Images using VSO Image Resizer

I’ve been running Windows Vista Business on my laptop for a while now (although the Desktop PC firmly remains Windows XP Professional – what can I say, I’m not a total convert yet…) and although tools such as Windows Live Gallery are really cool for manipulating photographs, one of the really nice applications I miss from XP is the Microsoft Image Resizer Powertoy. It simply allowed you to right-click on an image(s) and then resize the photograph from say, a 500k JPG down to a 60k JPG without any noticeable loss in picture quality.

Image Resizer sadly doesn’t work under Windows Vista, but I’ve found a useful replacement in the shape of VSO Image Resizer, which does much the same job. Right-click on your image, select the required re-size parameters, and watch your whacking great JPG file get crushed down to a more manageable size.

VSO Image Resizer is a free download and works under Windows 2000 / XP and Vista.


Site by: Dawud Miracle, Business Coach & WordPress Websites