Archive for category Tools
Cause a Computer to Stop Booting via Script
Interesting simple script I wrote today to cause a computer to stop booting. When run the operating system will not load, the issue is easily reversed with a boot cd of any kind. Why would I ever want to do this you might ask. Simple I used it at the request of an employer. The boss had requested a way to see exactly what a user was doing on his work computer without a chance to clean it up. I used kaseya to push this script down and a few min later I got a call from the user saying his computer crashed. I told him to send it to IT and he did. I got the computer, renamed the file and turned it over to the boss so he could see what he wanted. He was let go a few hours later.
Read the rest of this entry »
All About Internet Explorer 8 & Uninstall/Rollback Script
Internet Explorer 8 is the newest release from Microsoft and recently left beta and hit automatic updates. I will be discussing the issues that I have encountered, and the fixes I have found. Additionally, I will include group policy templets to prevent its distribution and a uninstall script to remove it for systems. I came in Monday to find that the software was installed on a spattering of computers across sever different clients (about 250 computers). I spent most of the rest of the week fixing them.
Read the rest of this entry »
Enable and Disable UAC Via Login in Vista
In Vista UAC (User Access Control) is both anoying and can prevent you for doing some tasks remotely. For example, Installing Trend Micro Client Security Agent is not possible over VNC if UAC is enabled. UAC will cause a window to pop up asking you to confirm that the drivers that the antivirus is trying to install are legitimate. When UAC is invoked you will often lose VNC to a computer, I found that this a very common issue when installing drivers in particular. In looking for a easy way to disable UAC on a few computers while doing some maintenance I found this command line chunk.
Read the rest of this entry »
The 333 Event ID In The Application Event Log
I am writing this because I had a server doing this for a very long time before I pinned down the cause. This will include a lot of what I found on the internet and my own personal fix that worked for me.
Example Event:
Event Source: Application Popup
Event Category: None
Event ID: 333
Date: 3/23/2009
Time: 2:44:53 PM
User: N/A
Computer: SERVER1
Description:
An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system’s image of the Registry.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 6c 00 ……l.
0008: 00 00 00 00 4d 01 00 c0 ….M..À
0010: 00 00 00 00 4d 01 00 c0 ….M..À
0018: 00 00 00 00 00 00 00 00 ……..
0020: 00 00 00 00 00 00 00 00 ……..
Symptoms: Every third of a second or so there was an event id 333 error logged in the application event log on the server. This would start after the server has been up for a few hours to days and will stop for a period after the server was rebooted. The error occurred so often I was reaching 30,000 instances of the error in 24 hours. About 36 hours after the event started occurring no one was able to login active directory, and to get the server back up it required a manual hard reboot.
Adding ‘Lock My Computer’ Shortcut to The Desktop
In a effort to increase security at one of my healthcare providers they requested a quick way their employees can lock their computers when they walk away from their computers. I found Mklnk, it is a very tiny free utility that lets you make shortcuts from command line. I decided to use this to accomplish this task. I did some research and found that the following command will lock your computer.
Integrating Service Pack 3 Into a Windows CD
I hate having to install service pack 3 after installing a OS. I did not have a CD with SP3 slipstreamed yet, so I made one. Here is how to do it.
Read the rest of this entry »
Retrieving Lost Product Keys with Magic Jelly Bean
A magic jelly bean; just in time for Easter. I recently had to reinstall windows on a few computers at one of my clients. Unfortunately they are horribly disorganized and literally lost all the licenses information for office. I did a little digging around and happened to find this nifty little tool. It locates the registry key where the product keys are kept, decrypts it and plops it in plane text for your viewing pleasure. Really helpful for reinstalling office when someone lost a product key. Or for reinstalling windows when someone killed the COA on the computer case.
http://www.magicaljellybean.com/keyfinder/
[ad]
Conficker; What is it? How to Prevent and clean It.
What is it?: Conflicker is a virus that has been spreading for about 2 months infecting an estimated 15-20 million computers worldwide. Systems running windows 2000, server 2000, windows XP (all variations), Vista (all variations), server 2003, server 2008 and even windows 7 are susceptible. The details of what exactly the virus does are a bit sketchy because of the way the virus is created. At this time it appears that the virus is dormant in the computer and waiting to download the remainder of its payload code on April 1st. Right now it is presumed that the worm spreads itsself through the RPC service and through http, network shares, USB and removable media, and even FTP. The worm has the ability to modify open port exceptions on windows firewall as well as the ability to stop svchost.exe, services.exe, and explorer.exe. It has a built in P2P application so that the virus can both communicate code between each other and web servers and coordinate. This is where the fear of fast changing polymorphic code comes from as well as the ability of the virus to use host computers in a zombie like fashion to attack other computers or servers.
Symptoms of the virus are expected to include and have been confirmed to include:
- Services disabling on their own. Namely windows defender, BITS, windows firewall, and some third party antivirus services such as live update.
- Massive increase in network traffic. Up to a 10-15% increase in total network traffic is expected on infected networks. This is due to attacks on shares and accounts, as well as spreading of the virus and payload.
- Account lockouts reset. If the virus is on a DC it will dictionary attack the admin account and admin shares, if the account locks out, it will automatically reset the lockout.
- Lastly some or all AV websites, security websites, and windows update sites are inaccessible. they reply to ping and answer to telnet on port 80, but they are not accessible to any browser. This appears to be done through a virtual proxy system.
All about the Shutdown Command
The ability to restart and shutdown computers automatically or remotely is key to completing installs, fixing issues, or just having a hell of a time messing with end users. In this post ill detail all the switches and uses of the shutdown command.
For anyone that is not familiar with the command ‘shutdown’, it is a windows/dos function that controlls the the shutdown, logoff and restart of a compiter or server either locally or remotely.
Here are the switches
Devolutions Remote Desktop Manager
I am always looking for a way to keep things in order so I can get to them as fast as possible when I have to. I support several different companies, and all of them have a few servers, an antivirus interface, a firewall, and some other stuff. This application is awesome for managing all that. It allows you to group and search through all your RDP connections, webpages, putty services, and VNC servers with a few clicks. It supports a few other nifty functions too. You can easily edit the information tab to keep track of the compony contacts and the logins. It will save your username and password for RDP as well. It also supports direct shell commands through command line. I have used this to fire off applications that are not natively supported by the software. And best of all it supports shared databases, so if you have a few techs doing remote work its indispensable. The application is not perfect, it is somewhat memory intensive, but is an awesome must have find for anyone managing a bunch of stuff at once.
http://www.devolutions.net/products/remotedesktopmanager.aspx
And no I have no affiliation with them, just a good chunk of code 
[ad]