average admins

I have a script that I use to monitor disk space usage on some of my Windows servers and occasionally they stop working after a reboot. The service is in the ‘Started’ state but Nagios cannot connect to it for whatever reason.

Usually, restarting the service fixes the issue. Most of the time, however, the service will throw an error when I try to stop it. I don’t pretend to know every trick in the book, but as far as I can tell the only way to restart the service at this point is to reboot the server. I’m not aware of any Microsoft tools that will let me forcefully kill the service.

There is, however, a Sysinternals tool that works perfectly for this: Process Explorer.

Using this tool I can right-click on the process, select Kill Process, and immediately the service disappears from the list.

Then I can drop to a Dos shell and start the service.

Are you one of the lucky ones who has to deal with patching your servers / workstations for the daylight savings time change?

I’ve purposefully put this off until the very last minute to let the professionals out there do the testing and research on this. Besides, Microsoft is STILL releasing patches and updating their HOWTO documentation for their patches. It seems that even they don’t quite know how to tackle this.

If you’re still running Windows 2000 (or before) servers and/or workstations then you have to BUY the patches from Microsoft. Granted, you only pay the one-time-fee of $4000 dollars and you get all the patches you need, but still, $4000 dollars is a lot of money to the smaller businesses out there. If they had that kind of money sitting around they would have upgraded to Windows 2003 by now.

Anyway, for those of you who are working on this DST issue and haven’t heard of the PatchManagement mailing list, then you really need to subscribe. Not only do they have a mailing list with an archive but they also provide an RSS feed (which I mainly use).

The main site is at http://www.patchmanagement.org.

This is the latest thread on what order the patches should be applied, when the rebasing tool should be ran (if at all) and what caveats to look for.
http://marc.theaimsgroup.com/?t=117312506000001&r=1&w=2

And this is a post by a guy who appears to have done his homework. He’s posted a nice article on how he’s tackled his situation and offers some cool, possibly unknown, parameters to some of MS’s tools. This article is a must-read for those applying the DST patches.
http://www.shackelfordconsulting.com

Happy patching!

I’ve been a tech now for about 8 years. That being said, my focus was being told to make something work, and I made it work. I didn’t have to worry if it was licensed because there was a wonderful supervisor/manager to worry about that.

I’ve not been saying to much because I hate to sound boastful, but I’ve been a IT manager now for about about a month. I’ve signed on with a large machine shop in Madison, AL as their first IT employee and as IT manager, among other duties (www.falcianimachine.com). The network was set up by the book keeper a couple of years ago, and she has done a fine job, but now its time to go to the next level. It is a 2k3 domain, and everything is done in one server: DHCP, routing, file server, DNS, DC, … My questions are in the realm of Licensing. I hold in my hand CALs that have been purchased that correspond to the number of licenses that seem to show in the licensing MMC on the server, but something looks like it is wrong, and I don’t have the MS licensing experience to pull it all together, and I have been drowning in TechNet and MS knowledge base. Let me post the screen caps and someone please tell me if something is licensed wrong. It looks to me like it is.

Click on an image below for a larger view.

I found a machine in my organization a few days ago that never recieved the local admin password that is standard in my organization after taking it off the domain.  I paniced a little then went to the Google altar to save my tail.  The computer was very important to the business process.  Here is what Google turned up for me:  http://home.eunet.no/pnordahl/ntpasswd/.   Nice little ethical (or non-ethical) hacking tool if I ever did see one.  Enjoy.

Originally posted at cocoacrusty.com on Sunday, February 18th, 2007.

Last night, while playing World of Warcraft, I installed the latest version of Microsoft’s Windows operating system, Windows Vista Ultimate. Since I am a Mac “fanboy” now, I installed Vista on my MacBook using Parallels Desktop for Mac. Running the latest and greatest offering in the Windows realm on a virtual machine (VM) may seem crazy, but let me tell you, it runs great!

In order to install Vista in a VM on my Mac, I had to first install Windows XP because the version I have of Vista Ultimate is an upgrade version. The Vista installer has to be run from within the operating system you are upgrading. No more booting to the upgrade CD, showing it a full version CD and giving it a product key. Now it has to be installed from within the OS you’re upgrading. Oh, well. I installed another licensed version of Windows XP into a VM and as soon as the install was completed, popped the Vista DVD in and was on my way.

When installing Vista, make sure you have at least 16GB of disk space available for the OS to install itself and some room left over for installing applications and patches/updates. It is pretty beefy, but overall the install went very smoothly. I was impressed that the OS installed so painlessly in Parallels. Nice!

So, now to do some testing. I have little experience with Vista at this point and since it is the latest and greatest from Microsoft, I figure I should become familiar with it. You never know, Windows XP could be EOL‘d tomorrow and everyone would be forced to move to Vista or never receive another update for their OS. It has happened before, it could happen tomorrow, I’m just saying…

Again, while my experience with Vista is limited, I can tell you this about running Vista in a VM with Parallels: No Fancy 3D Eye Candy. All of the really nifty, 3D, Mac-like features Vista includes require DirectX 9.0 or greater. Either Parallels doesn’t have support for it or the video card in my MacBook can’t get down like that. Either way, the OS looks great and I am only missing eye candy, which I already get plenty of from my Mac. Everything else appears to work flawlessly.

Until next time…

I found this on one of my “must-read” blogs, A Day in the Life of an Information Security Investigator

This particular entry is about an article from Redmond themselves describing the methods for doing forensics on Windows machines.

I haven’t read though it, yet, but if SecurityMonkey thinks it’s good enough for his site, then I’m definitely going to post it here.

And you can find his article here.

I’m a little late with this, but there’s a new version of PuTTY that’s finally been released. According to their changelog, there hasn’t been a PuTTY release since beta 0.58 was released in 2005-04-05.

You can download the file from here:
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

And here’s a copy of the changelog. The feature I’m really looking forward to is the serial support (I currently use a program called TuTTY and another one called TeraTermPro).

* PuTTY can now connect to local serial ports as well as making network connections.
* Windows PuTTY now supports “local proxying”, where a network connection is replaced by a local command. (Unix PuTTY has supported this since it was first released in 0.54.) Also, Plink has gained a “-nc” mode where the primary channel is replaced by an SSH tunnel, which makes it particularly useful as the local command to run.
* Improved speed of SSH on Windows (particularly SSH-2 key exchange and public-key authentication).
* Improved SFTP throughput.
* Various cryptographic improvements in SSH-2, including SDCTR cipher modes, a workaround for a weakness in CBC cipher modes, and Diffie-Hellman group exchange with SHA-256.
* Support for the Arcfour cipher in SSH-2.
* Support for sending terminal modes in SSH.
* When Pageant is running and an SSH key is specified in the configuration, PuTTY will now only try Pageant authentication with that key. This gets round a problem where some servers would only allow a limited number of keys to be offered before disconnecting.
* Support for SSH-2 password expiry mechanisms, and various other improvements and bugfixes in authentication.
* A change to the SSH-2 password camouflage mechanism in 0.58 upset some Cisco servers, so we have reverted to the old method.
* The Windows version now comes with documentation in HTML Help format. (Windows Vista does not support the older WinHelp format. However, we still provide documentation in that format, since Win95 does not support HTML Help.)
* On Windows, when pasting as RTF, attributes of the selection such as colours and formatting are also pasted.
* Ability to configure font quality on Windows (including antialiasing and ClearType).
* The terminal is now restored to a sensible state when reusing a window to restart a session.
* We now support an escape sequence invented by xterm which lets the server clear the scrollback (CSI 3 J). This is useful for applications such as terminal locking programs.
* Improvements to the Unix port:
o now compiles cleanly with GCC 4
o now has a configure script, and should be portable to more platforms
* Bug fix: 0.58 utterly failed to run on some installations of Windows XP.
* Bug fix: PSCP and PSFTP now support large files (greater than 4 gigabytes), provided the underlying operating system does too.
* Bug fix: PSFTP (and PSCP) sometimes ran slowly and consumed lots of CPU when started directly from Windows Explorer.
* Bug fix: font linking (the automatic use of other fonts on the system to provide Unicode characters not present in the selected one) should now work again on Windows, after being broken in 0.58. (However, it unfortunately still won’t work for Arabic and other right-to-left text.)
* Bug fix: if the remote server saturated PuTTY with data, PuTTY could become unresponsive.
* Bug fix: certain large clipboard operations could cause PuTTY to crash.
* Bug fix: SSH-1 connections tended to crash, particularly when using port forwarding.
* Bug fix: SSH Tectia Server would reject SSH-2 tunnels from PuTTY due to a malformed request.
* Bug fix: SSH-2 login banner messages were being dropped silently under some circumstances.
* Bug fix: the cursor could end up in the wrong place when a server-side application used the alternate screen.
* Bug fix: on Windows, PuTTY now tries harder to find a suitable place to store its random seed file PUTTY.RND (previously it was tending to end up in C:\ or C:\WINDOWS).
* Bug fix: IPv6 should now work on Windows Vista.
* Numerous other bugfixes, as usual.

http://unattended.msfn.org/unattended.xp/

Have you ever wanted a Windows CD that would install Windows by automatically putting in your name, product key, timezone and regional settings? And have it merged with the latest Service Pack to save time? Followed by silently installing all your favourite applications along with DirectX 9.0c, .Net Framework 1.1 and then all the required hotfixes, updated drivers, tweaks, and a readily patched UXTheme without any user interaction whatsoever? Then this guide will show you how you can do just that!

Through the course of this guide, you will create a CD that does all the installing for you. The CD will be fully updated with the latest hotfixes, and install all your programs for you.

This guide has been broken up into three parts: Beginner, Intermediate, Advanced. It has been done so, to help you understand what you’re doing and not to get over your head too fast. There are pages upon pages of information on this subject, and this guide only covers the tip of the iceberg.

I have been running Microsoft Windows XP in Parallels, a virtual machine application for Intel based Macs, on my MacBook and have been very pleased. I do however have a question about Windows XP specifically, although this question may apply to other versions of Windows. Why does Windows XP seem to run better in virtual machines than on actual PC hardware?

I use Win4BSD, a virtual machine application from the makers of Win4Lin for FreeBSD, on my FreeBSD 6.x laptop to run Windows XP and have experienced the same result there. I ran Qemu before that with the same results.

I know Chris uses VMware Workstation on Debian Linux with Windows XP installed and has expressed the same thing about his experiences. Actually, Chris said he had even better performance out of Windows XP by running Windows XP in his VMware virtual machine and then using rdesktop, an open source Remote Desktop Connection client, to connect to the virtual machine. Crazy!

I haven’t used VMware on a Windows box in quite sometime so I don’t know if there are performance gains by running Windows XP in a virtual machine on Windows XP. So, maybe someone out there in aa land can chime in on that. But, the question remains: why does it run better? Is the virtual hardware more fine tuned to run the necessities of Windows XP? If anyone out there has any knowledge behind Virtual Machine internals, please let us in on the secret.

I am also very interested to see if anyone else’s experiences mimic my own. Is it just me? Am I getting lucky? What’s the 411?!

Until next time…

I recently purchased an Xbox 360 and have been fascinated with the whole 360 dashboard experience and the Xbox Live! integration with all of the games. I especially like the fact that you can stream music, photos, and movies from a Windows XP or a Windows XP Media Center PC. That’s extremely cool. I have a Windows XP machine at the house, mainly used for playing Windows only games, but my stash of music resides on my MacBook. What to do?!

While browsing around the web I found a nifty little $20 program called Connect360 by Nullriver Software. This software integrates with your iTunes and iPhoto libraries so that you can stream media content to your Xbox 360 as if it were coming from a Windows PC. The software even updates the Last Played tags for your songs in iTunes, which is pretty cool, so your Recently Played playlist can be as up-to-date as possible.

While this is extremely cool, there is one downside… You can’t play any DRM content on the 360. Any albums/songs/movies purchased through the iTunes Store are not playable on the 360 due to the copy protection in place on those files. But! CDs you have ripped to your Mac using iTunes in AAC format are playable, meaning you could burn your purchased music to a CD and rip it using iTunes as AAC, MP3, or whatever and you’re good to go. Other supported audio formats are WAV, AIFF and Apple Lossless. In the photo category, you can display JPEG, RAW, GIF, PNG, BMP and TIFF images on the 360 straight from your iPhoto library. Currently, only WMV+WMA videos are supported for streaming video… Sorry, no Quicktime videos at this time.

All playlists from iTunes and iPhoto are intact so you can stream your slideshows from iPhoto and listen to your favorite audio playlist (minus any DRM’d content) at the same time for a wonderful media center experience. It is extremely cool to be streaming music from your laptop while playing Gears of War. The music on gears of War is good but having Metallica’s …And Justice For All or Sepultura’s Roots playing subtly in the background is a nice feature. In the end, the streaming experience sure beats having to rip CDs to your Xbox’s hard drive like the generation 1 Xbox. And doing it from a Mac, thanks to Nullriver’s Connect360, makes it that much better (for Mac users of course)!

Until next time…