Archive for March, 2010

Retrieving Lost Product Keys with Magic Jelly Bean

Posted by admin in Registry, Software, Tools on March 31, 2010

A magic jelly bean; just in time for Easter.  I recently had to reinstall windows on a few computers at one of my clients. Unfortunately they are horribly disorganized and literally lost all the licenses information for office. I did a little digging around and happened to find this nifty little tool. It locates the registry key where the product keys are kept, decrypts it and plops it in plane text for your viewing pleasure. Really helpful for reinstalling office when someone lost a product key. Or for reinstalling windows when someone killed the COA on the computer case.

http://www.magicaljellybean.com/keyfinder/

,

No Comments

Conficker; What is it? How to Prevent and clean It.

Posted by admin in Security, Software, Tools, Updates on March 29, 2010

What is it?: Conflicker is a virus that has been spreading  for about 2 months infecting an estimated 15-20 million computers worldwide.  Systems running windows 2000, server 2000, windows XP (all variations), Vista (all variations), server 2003, server 2008 and even windows 7 are susceptible.  The details of what exactly the virus does are a bit sketchy because of the way the virus is created.  At this time it appears that the virus is dormant in the computer and waiting to download the remainder of its payload code  on April 1st.  Right now it is presumed that the worm spreads itsself through the RPC service and through http, network shares, USB and removable media, and even FTP.  The worm has the ability to modify open port exceptions on windows firewall as well as the ability to stop svchost.exe, services.exe, and explorer.exe.  It has a built in P2P application so that the virus can both communicate code between each other and web servers and coordinate.  This is where the fear of  fast changing polymorphic code comes from as well as the ability of the virus to use host computers in a zombie like fashion to attack other computers or servers.  

Symptoms of the virus are expected to include and have been confirmed to include:

  • Services disabling on their own. Namely windows defender, BITS, windows firewall, and some third party antivirus services such as live update.
  • Massive increase in network traffic.  Up to a 10-15% increase in total network traffic is expected on infected networks. This is due to attacks on shares and accounts, as well as spreading of the virus and payload.
  • Account lockouts reset.  If the virus is on a DC it will dictionary attack the admin account and admin shares, if the account locks out, it will automatically reset the lockout.
  • Lastly some or all AV websites, security websites, and windows update sites are inaccessible.  they reply to ping and answer to telnet on port 80, but they are not accessible to any browser.  This appears to be done through a virtual proxy system.

Read the rest of this entry »

, , ,

3 Comments

All about the Shutdown Command

Posted by admin in Kaseya, Scripts, Tools on March 27, 2010

The ability to restart and shutdown computers automatically or remotely is key to completing installs, fixing issues, or just having a hell of a time messing with end users. In this post ill detail all the switches and uses of the shutdown command.

For anyone that is not familiar with the command ‘shutdown’, it is a windows/dos function that controlls the the shutdown, logoff and restart of a compiter or server either locally or remotely.

Here are the switches 

shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

Read the rest of this entry »

,

1 Comment

Add Command Prompt Here Context Menu

Posted by admin in Kaseya, Scripts, Visual Basic Script (vbs) on March 26, 2010

Easy fast administration means less stress. This nifty script aims to save you some time.  This adds the right click context menu to all folders in explorer ‘cmd prompt here’. When you click this option a command prompt with the current directory will be displayed. This is a very useful tool for administrative functions and saves you the time of opening a command prompt and changing directory to the folder you need. Additionally, it gives you a really easy way to walk a user through opening a command prompt window when you need them to run something like ipconfig over the phone. This is a visual basic script and runs silently, so it can be deployed by login script, or GPO as well as kaseya. Just save it as a .vbs.
Read the rest of this entry »

, ,

No Comments

Change Windows Firewall From Command Line or Batch File

Posted by admin in Kaseya, Scripts on March 25, 2010

I have a set of scripts I run when I prep a computer for deployment.  At specific points applications require that the windows firewall be turned off in order to install correctly.  This is namely ACT! and imagine time.  They use a bunch of odd ports during install, so their documentation tells you to just turn off the firewall. Well here is what I found with a little research.  From run or in a batch file there is a simple netsh command to disable the firewall and one to again enable it.
Read the rest of this entry »

, ,

No Comments

Automatically Remove Windows Search 4.0

Posted by admin in Kaseya, Rants, Scripts, Software on March 21, 2010

Microsoft has a funny way of sneaking ‘features’ in with patches. In this case Windows Search 4.0 is not really a feature as much as a problem. It was installed on a few of the networks I support as part of our weekly patching, and the next day I got a bunch of calls about reduced performance. I figured that people would complain until it finished indexing. Not the case, it seemed to cripple computers and crush servers. It indexed to the point of actually leaving no resources for users to authenticate to one of our terminal servers. I started looking for a fix and came up with this:
Read the rest of this entry »

, , , ,

2 Comments

Devolutions Remote Desktop Manager

Posted by admin in Software, Tools on March 19, 2010

I am always looking for a way to keep things in order so I can get to them as fast as possible when I have to.  I support several different companies, and all of them have a few servers, an antivirus interface, a firewall, and some other stuff.  This application is awesome for managing all that.  It allows you to group and search through all your RDP connections, webpages, putty services, and VNC servers with a few clicks.  It supports a few other nifty functions too.  You can easily edit the information tab to keep track of the compony contacts and the logins. It will save your username and password for RDP as well. It also supports direct shell commands through command line.  I have used this to fire off applications that are not natively supported by the software.  And best of all it supports shared databases, so if you have a few techs doing remote work its indispensable. The application is not perfect, it is somewhat memory intensive, but is an awesome must have find for anyone managing a bunch of stuff at once.  

http://www.devolutions.net/products/remotedesktopmanager.aspx

And no I have no affiliation with them, just a good chunk of code :)

 

,

1 Comment

Remotely Enable Remote Desktop

Posted by admin in Kaseya, Software, Tools on March 16, 2010

This is for those ‘oh shit’ times when you can’t get to a computer when you need to.  If you can get to the remote registry of a computer, you can change this key to allow RDP access to the computer, even if the box is not checked. 
Read the rest of this entry »

, , ,

No Comments