Navigate Windows Faster using the Keyboard

It is amazing that there are many ways in Windows to do different tasks and even to navigate the file structure. I was surprised a few years ago when a co-worker opened up explorer and just started typing really fast. Magically, the file he was looking for was highlighted. ” How did you do that??”, I asked. I had never seen that done before.

If you bring up a file folder list in Windows, and know what file you are looking for, you can just start typing the name, and Windows will automatically jump to the file or folder that matches what you are typing. For example, if you type the letter “F”, Windows will move the cursor to the files starting with the letter “F”. If you type fast enough, you can put in several characters in order, and windows will snap right to it for you.

So, for example if you type “Food” really fast, Windows will jump to the first file that has “Food” in it. But, what if you had several files that started with “Food”? As long as you type fast, you can input as many characters as needed. So typing in “Food-Feed Me Now”, would jump to your Word document that contained the phone numbers of all the food places that will deliver to your workplace. Very important indeed!

There are many other shortcuts built in to Windows. Hitting “Alt + D” will move the cursor up to the address bar and highlight it. “F4” will move the cursor to the address bar, highlight the current address and bring up a list of prior places you have visited. For a list of some other explorer related key shortcuts see Navigate Windows More Quickly.

Another thing I used to do when doing a lot of admin work was to keep NOTEPAD open. With this open, you can copy a lot of commands, locations or highlighted text that you will need again and paste it into Notepad. Then instead of re-typing the information, you can just copy and paste it back out of Notepad, saving some keystrokes.

And finally, one of my favorite shortcut keys is the “Windows key” + “L”. It is not a navigation shortcut, but immediately locks your workstation, so when you leave your keyboard, no one can muck with your computer while you are gone.

Windows Backdoor: System Level Access via Hot Keys

 

You hear it all the time in the support forums, “I lost my administrator password, what do I do?” Honestly, it makes you wonder how many times the request is really legit.

But, what if you were having a really bad day and you forgot your password. I mean the world ran out of coffee and your car radio got stuck on a country station on the way in to work. Yes, that kind of bad day. You arrive late to your office; well you did stop at every coffee place on the way in to make sure they were out, what did you expect? You rush to your desk, sit down at your keyboard to login and… nothing. It’s gone, you can’t remember it. You wrote your password on a sticky note on your monitor (of course), but wouldn’t you know, this was the day the cleaning crew actually visited your office, and threw it away. You could call IT support, but that would be you. What do you do? Better yet, how much time would you need? 

60 Seconds. This is how long it takes (minus boot times) to get a command prompt in the latest version of Windows, from the main login screen, with all of the security patches updated and an anti-virus program installed. That is, if you have physical access to the system and can reboot it. And this is not any old command prompt; this is a command prompt as the user “System”. If you know windows security, then you know that the “System” user is the highest level of authority that you can have. The operating system thinks you are the internal “system”. 

This hack requires physical access to the system and access to a DVD or USB drive. It is obtained by the manipulation of the Windows Hot-Keys “utilman.exe” file. This hack has been around (and known) since Windows XP and still works in the latest release of Windows 7. Because it is a manipulation of a windows service, it has never been patched. And actually, it is used as a solution, with instructions, on Microsoft’s Technet forum. 

After manipulation, once the hotkey is pressed, it instantly opens a command prompt window as the user “System” at the login screen. Typing “explorer.exe” in the command prompt gives you a desktop with the password prompt still visible in the background (See picture). From here, many of the features of windows are functional. In the following picture you can see the open “Start Bar” & “Internet Explorer” window, along with the login prompt in the background:

 

Amazingly, this works in Windows Server products as well. If someone had access to your computer and manipulated the hot-keys, they could get system level access to your server at a later date via the hot-key without rebooting your system. Therefore, it is imperative to keep physical security as a top concern in your business. Make sure that your server is in an area that is not available to public traffic and preferably in a locked room. Take extra care with your laptops. Do not leave them in areas that are unattended. 

It is always a good idea to disable services that are not needed. Also, disable booting to external devices and using boot passwords helps. Unfortunately, disabling the Windows hot-keys is not well documented. With Windows 7, Microsoft recommends a third-party program to tweak these settings. Supposedly you can also do this with a Windows policy edit, but I have not seen this documented either. I have also seen some sites recommend renaming the “utilman.exe” file to something else if not needed. But the best defense is strong physical security.

Windows Security: Hacked in 60 Seconds

This is how long it takes (minus boot times) to get a command prompt in the latest version of Windows with all of the security patches updated and an anti-virus program installed, if you have physical access to the system. And this is not any old command prompt, this is a command prompt as the user “system”. If you know windows security, then you know that the “system” user is the highest level of authority that you can have. The operating system thinks you are the internal “system”.

This hack requires physical access to the system and access to a DVD or USB drive. This hack is obtained by the manipulation of the Windows Hot-Keys. This hack has been around (and known) since Windows XP and still works in the latest release of Windows 7. Because it is a manipulation of a windows service, it has never been patched. And in case you were going to ask, no, I will not show you how to do it. 

This hack also works in Windows Server products. Therefore, it is imperative to keep physical security as a top concern in your business. Make sure that your server is in an area that is not available to public traffic and preferably in a locked room. Take extra care with your laptops. Do not leave them in areas that are unattended.

It is always a good idea to disable services that are not needed. Unfortunately, disabling the Windows hot-keys is not well documented. With Windows 7, unless you want to mess around in the registry, Microsoft recommends a third-party program to tweak these settings. PCtools has a program that allows you to do this. Supposedly you can also do this with a Windows policy edit, but I have not seen this documented either.

Enabling boot passwords helps, but they can also be bypassed. The best policy to defend against this type of attack is to have strong physical security.