What is Reddit's opinion of
TechNet?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
Problem Steps Recorder, built into Windows 7 (Run > psr.exe), can record a sequence of screenshots while the user reproduces a problem. The screenshots, with annotations, are saved to an html file for easy emailing.
That was made by Mark Russinovich a long time ago before he came to Microsoft when he was working at his company Sysinternals. After Microsoft bought sysinternals all the software they made got transferred over to Microsoft. Apparently they let that gem stay there. The blue screen screen saver will actually get flagged on some Anti Virus products to prevent the gag. That being said I've pulled this on some my IT brethren. I went to Mark's last seminar for Windows Internals and I thought my head was going to fall out from taking too much information in. He also stated that Microsoft people would use this to prank eachother too. Good times.
http://technet.microsoft.com/en-us/sysinternals
Technical tools worth their weight in gold if you haven't used them.
Sounds like time to use some sysinternals tools to see what the app is trying to access and then set up the necessary custom permissions Process Monitor is your friend: http://technet.microsoft.com/en-us/sysinternals/bb896645
For what its worth, the exploits used in stuxnet were particularly valuable. They were 100% effective and trivially easy. Have you ever created your own icon on Windows? Congratulations, you are now able to implement one fourth or Stuxnet's 0-days. Also, the US pays more than market price.
True in windows 7, but 15% of Steam users are still on XP.
The following remains true on every OS, including Windows 7 :
You can execute any existing program with a known exploit which could elevate your privileges.
You can delete the users home folder, wiping out their games and documents on any OS.
You can execute ftp via command line to remote download VNC or a bot which is where the fun begins.
Remote execution of local executables is never good, it's always a serious security risk.
Microsoft Sysinternals Suite, especially Process Monitor. I use it whenever I think wtf is my PC's LED blinking for now, as in what's my HDD doing? It shows which process is writing/reading which files... http://technet.microsoft.com/en-us/sysinternals/bb842062
Yikes! Bad procurement plan.
Get a Volume License agreement - any flavour. (if you have one already - BONUS! Skip this step).
Make sure you have at least 1 license of Windows on that agreement.
Read this Licensing Brief on Re-imaging. Under these rights, customers can reimage original equipment manufacturer (OEM) or full-package product (FPP) licensed copies using media provided under their Volume Licensing agreement.
You can install over top of those puppies and use a single key. You might even want to look into a KMS server and activate it your self. :)
Note - you will need to still keep that spreadsheet of keys and media, to prove you have rights to re-image with that volume license copy of windows. But now you're not playing what-goes-where anyimore
Have you followed the Stuxnet research? I don't mean that in a condescending way, but I'm asking because I would consider the 0-days they used on Windows (for example MS10-046 and MS10-061) to be examples of 0-days that I'd consider to be rare (ie, remote code execution on Windows). As far as I know, there's only been one Windows 0-day of this caliber so far this year, MS12-020.
So even if you wouldn't consider 0-days to be that uncommon, I'd say 0-days that allow remote code execution, at that level, and on the most widely used operating system in the world, to be rare.
Here is Microsoft's guidance.
The main takeaway is to use a subdomain of a publicly registered domain name. This protects you against domain name collisions and still allows you to separate your internal and external DNS.
I know you said you fixed it, but there's a more broad way--I'd call it a better way--which will help you going forward should you take on the task of learning.
Here's a set of apps that are essential to Windows sysadmins:
http://technet.microsoft.com/en-us/sysinternals/bb842062
Poking around these apps every time you have a problem will eventually yield some invaluable knowledge.
What you want in this case is Process Explorer (ProcExp):
http://technet.microsoft.com/en-us/sysinternals/bb896653
Once you get this running, you can do a Find Handle and search for the filename, partial or complete. Most likely, you will find a process that has an open handle on the file. You can either kill the handle individually, or kill the process. (EDIT: Killing a handle resumes the thread/process with an undefined file handle, as well as possibly interrupting a write stream. This is up to the thread/process to gracefully--well, handle. Bottom line, you really don't want to try that option unless you're familiar with the behavior of the app to know it's harmless, and/or care little enough about the file and any dependencies.)
With some practice with ProcExp, you'll never go back to Task Manager if you have a choice.
No more need to "reboot your computer" for silly file-related problems.
Also a favorite SysInternals app of mine is Process Monitor. This app will give you a log-like, filterable view of your system's timeline in runtime. This can be useful to find file errors, such as permission-related, or simply missing files, or registry errors. Just about any error can be demystified (in a general way) by crawling through ProcMon's output.
If I recall you can up that number although upping it has potential performance implications. I imagine that if she's the only one doing it then the performance hit shouldn't be a big deal but if everyone has a ridiculous number of folders...
Give me a minute and I'll see if i can find the article for you.
Edit: Here you go http://technet.microsoft.com/en-us/library/aa996193.aspx . You can either increase the limit or flat out remove it.
net send worked for similar fun on Windows networks at my school.
>To send a message that includes a slash mark (/), type: > >net send robertf "Format your disk with FORMAT /4"
It's like Microsoft wrote that example specifically for trolls.
I recently built a computer with a $75 dollar 80GB SSD. It's the best choice I made for my computer. Here's what I do with it: I installed Win7, FireFox, Trillian-astra, Winamp, VLC player, Avast anti virus on it. This left me with about 30 gigs of space left on it. Every time I install a new game I install it to my SSD (C:) and play it from there. Load times are amazing etc... When I'm done with a game or decide I'm not gonna play it that much anymore (e.i. my non primary game at the time) I do something called an 'mklink"
Essentially an mklink is like creating a shortcut on your computer, but at a system level. So I move over the C:\Program Files\Currentgame directory to my F:\ drive (1TB) and create an mklink on the C:\ drive. The system still recognizes the folder as being in the C:\ drive, but in fact, takes up space only on the F:\ drive. That way you can install/use the games on the SSD and when you are done with them move them over to F:\ without having to uninstall. And the game will work the same without the SSD speeds once you do.
More info on mklink, changed my life!:
So you'd do something like this (in command prompt):
mklink /d "C:\Program Files\Starcraft II" 'F:\Program Files\Starcraft II"
Now it's still "there" in the C:\ drive but it takes up no space.
EDIT: to answer your question, absofuckinglutely.
EDIT2: 64GB and it was on sale, not 80 sorry.
We used to hire this woman who would ask for copies of my Powerpoint presentations, then occasionally I would find them when maintaining file servers but with her name on them, and found out she was presenting them as if she had written them.
Naturally I would edit them to insert this image at random points then save them again.
This article seems to be mostly FUD.
- It doesn't run on startup on my machine.
- It only starts when I begin playing LoL and terminates when I close the client.
- It uses minimal bandwidth; in two minutes it uploaded and downloaded a total of less than 100 KB and I've never configured it in any particular way.
- It's not hidden in process explorer, an official alternative to the stock task manager.
If you're already having serious problems it may be something to look at again - I didn't verify what it does during a game - but it appears to be mostly harmless from the checking I did.
This article is factually incorrect. You can verify this by cutting power to a machine protected by BitLocker. The drive will still be encrypted (and unreadable without the key) on another machine. There is no link to the "documentation" that says BitLocker-protected machines must be shut down gracefully because that documentation doesn't exist.
The clear key is stored on disk in the BitLocker metadata when you suspend a drive and ONLY when you suspend a drive. The "clear key" is not generated just by decrypting a volume (e.g. by unlocking your drive with the TPM protector). When you unlock a volume, the Full Volume Encryption Key is stored in memory and this is what's used to decrypt disk data. Further info:
http://technet.microsoft.com/en-us/library/cc732774(v=ws.10).aspx
There IS a vulnerability with a powered-on BitLocker machine (the same with any drive encryption technology), which is that an attacker can perform a cold boot attack (physically pulling out the RAM and reading the data):
https://citp.princeton.edu/research/memory/
Mitigation: If there's a risk of someone stealing your machine, put it into hibernate so that the keys are not stored in memory.
Likely explanation for this researcher's observed behavior: suspended BitLocker protection at some point and forgot about it, didn't realize the drive was being unlocked with the clear key instead of the TPM.
javaw.exe is the launch process for a java application like Eclipse, Netbeans, or LimeWire. The application generally chooses the size of the Java heap used (via -Xmx size). The default heap if nothing is specified is only about 64MB.
You must have been running something. If you use Process Explorer you can see what command line arguments were passed to javaw which should tell you what the application is.
You're limited to 26 top level drives in Windows. In order to mount more, you need to use volume mounting to hierarchically mount them beneath c: or some other existing drive.
svchost is what microsoft use to host a service (hence the name)
Try installing process explorer
You'll be able to work out which svchost is pegging the cpu and work out what service it's running.
(Don't worry it's a microsoft app now)
necessary link to the screen saver
http://technet.microsoft.com/en-us/sysinternals/bb897558
also for the record i have managed to legitimately bluescreen in windows 7
edit: also for the record my current screen saver is the windows 95/98 maze screen saver
It sounds like you don't have much experience working on big projects where basically everything becomes a dependency that can break important things if it's changed.
When Microsoft tried to improve the Win95 memory allocator, this revealed bugs in a 3rd-party game that caused it to crash. Why did it crash? Because it implicitly made totally unjustified assumptions about what the memory manager would do -- e.g. that freeing a block of memory and then reallocating a block of the same size would cause a block at the same address to be returned. The old Win95 allocator just happened to work this way, so this game appeared to work fine under it, but the newer allocator did things differently. To avoid it looking like "the new Windows version crashes the game", MS were forced to <em>detect the buggy game and emulate the entire previous allocation system just for that game</em>.
That's why, if there's no pressing need to change something, you don't change it. You simply can't afford to assume that it's safe to make changes, even if they seem obviously safe -- because somewhere out there, chances are someone is implicitly or explicitly depending on it being exactly the way it currently is.
Any 32-bit NT-based version of Windows.
> Regardless of the amount of physical memory in your system, Windows uses a virtual address space of 4 GB, with 2 GB allocated to user-mode processes (for example, applications) and 2 GB allocated to kernel-mode processes (for example, the operating system and kernel-mode drivers).
http://technet.microsoft.com/en-us/library/bb124810(v=exchg.65).aspx
> When you install Windows 8 to a SSD, we recommend that you run 'WinSAT.exe formal' to help optimize Windows for use on SSD. This reduces the number of write operations that Windows makes to the SSD and makes other optimizations.
If you want a more powerful tool for managing processes, you should use Process Explorer. It is a pretty amazing piece of software, written by Microsoft Technical Fellow Mark Russinovich.
If you are interested in peeking "under the hood" and seeing what your OS is doing (very useful when troubleshooting problems), visit the Sysinternals website. All of the software there is free.
To anyone having the "Run as administrator" problem, I was able to resolve it on a domain joined computer by running the app as system. To do this, start a cmd.exe as system:
- Download PSEXEC and unzip to some folder. http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
- Open an elevated CMD prompt as an administrator.
- Navigate to the folder where you unzipped PSEXEC.EXE
Run:
PSEXEC -i -s -d CMD
In the new command prompt, right click and paste the path to the evasi0n.exe and press enter, it should open up.
Windows Server Update Services - WSUS
http://technet.microsoft.com/en-us/windowsserver/bb332157
For your part about setting up new computers, you want to slipstream the install.
http://lifehacker.com/386526/slipstream-service-pack-3-into-your-windows-xp-installation-cd
We used to use BGinfo so that the users could figure out their computer names. Now we just have a sensible naming scheme:
[site code]"-"["DT" or "LT" for desktop/laptop][AD username]
Looks like 1-DTDOEJO
the Microsoft Deployment Tookit can clone a base image and deploy it via DVD or over the network using a boot ISO and network share. Can use Multicast when combined with Windows Deployment Services, but for 70 workstations it may or may not be worth it.
Pretty good video here that covers all the features of MDT 2012. So far it is one of the better free solutions for Windows deployment that I have found.
I'm almost certain it wasn't silverlight, but it is indeed some sort of plugin. If you use firefox, it installs a plugin in firefox as well and it was some sort of shitty office plugin that I have no clue what it does. Don't know how to get rid of it in chrome, but in firefox you just go to plugins and you remove it.
Not entirely sure, but I think it was this, Sharepoint. It doesn't say anything about chrome being support though, so I don't know.
The scripting team has to be one of the funniest at Microsoft. From the Scriptomatic (Read the description) to Tales from the Script to the Tweakomatic. Awesome group of people...
Well, you're not actually hobbled by windows but by what windows offers up as its base binaries, I tend to revamp this on every windows install by dropping a whole bunch of binaries into a folder and adding that into my path.
http://technet.microsoft.com/en-us/sysinternals/bb842062 http://sourceforge.net/projects/unxutils/?source=recommended
These should get you through 90% of your problems.
The best way to learn is to do. I'd set up a virtual lab with an Active Directory domain w/ Server 2012, IIS 8 Web Server, learn some PowerShell 3.0, add DNS/DHCP services. The link is to page for the virtual lab for all these and plenty more. After you have played with those, grab the 2012 evaluation and set everything up yourself for a working AD domain from scratch w/ network services. Then maybe a SQL server, Exchange server, SharePoint, WDS/MDT for Desktop Deployment... Play with Server Core (especially if your hardware resources are limited).
FWIW, Do EVERYTHING in PowerShell also. Sure, you can use the GUI but you might as well learn PowerShell from the get go. Invaluable resource for efficiency and uniformity in your deployments.
Copy into notepad, do save as, change file type to any, then name it script.vbs
To launch it I normally make it someone's Active Directory login script, but you could execute it over the network using psexec from PSTools
psexec \\pcname(or IPAddress) -c cscript script.vbs
Look up WSRM (Windows System Resource Manager - http://technet.microsoft.com/en-us/library/cc755056.aspx). Still not perfect, but better than nothing, and better than hacking up the registry. A must for TS/RDS boxes imho.
I'd argue that allowing standard TS/RDS users access to the command line isn't always needed to be allowed now. For many instances the typical things (mapping network drives, altering the registry, changing file permissions) you'd need a batch file to do can now be done through GPO client side extensions.
Windows Sysinternals Process Explorer much better than the standard task manager to figure out which programs are eating your cpu and memory.
This. Especially when In an environment where nearly all settings are locked down at the domain policy level. Even for those of us with administrative access, there is no real benefit to this. If you want to talk about a Windows 7 feature that was designed to be removed at RTM, but was left in because it was such a damn useful tool, then might I suggest PSR
What you'll want to do is upgrade your clients to at least Outlook 2007, preferably OL2010, so they can use autodiscover.
http://technet.microsoft.com/en-us/library/bb124251.aspx
ActiveSync devices already use autodiscover.
Once that's done, and you get your new CAS in place, with the new autodiscover settings, everything will connect to the new location automatically.
While there is a way to have the Exchange 2010 CAS proxy over to an Exchange 2003 FE for client access using a "legacy" URL, it seems easier to me to simply use a new client access URL for the 2010 environment. Say the old server uses mail.whatever.tld - use email.whatever.tld for the new server. This way, people who haven't been moved to the new server yet will still be able to access their mailboxes as usual.
Your best bet is probably writing a few powershell scripts. Check the script center repository. They've got powershell scripts to do just about anything. Otherwise you're going to have to shell out some cash for something like SCCM.
That article is misleading. You cannot just digitally sign an app with any old valid certificate and then ship it to end users.
Read this article [TechNet], in particular Windows 8 Sideloading Requirements:
Note this:
> You must enable the Allow all trusted applications to install Group Policy setting.
And:
> You must activate the sideloading product key on a device running Windows 8 Enterprise or Windows® 8 Pro. You must activate the sideloading product key on a device running Windows RT.
> -OR-
> You must join the device running Windows 8 Enterprise or Windows Server 2012 to an Active Directory domain that has the Allow all trusted applications to install Group Policy setting enabled.
> You can enable sideloading on Windows 8 Enterprise or Windows Server 2012 just by joining the device to a domain. To enable sideloading on a Windows 8 Enterprise device that is not domain-joined, you must use a sideloading product activation key.
Rootkit Revealer is best for detecting them.
Because of the nature of the beast, very few rootkits can be removed w/ an AV. If they don't prevent them from getting installed in the first place, it's probably time to nuke (low-level format) the drive & start again w/ a clean install, making sure to scan all your backed up files before copying them back over.
I would discontinue using the desktop gadgets because of an unpatched (and will probably never be patched) vulnerability.
http://arstechnica.com/security/2012/07/microsoft-fix-kills-windows-gadgets/
http://technet.microsoft.com/en-us/security/advisory/2719662
Excellent article; This is something I've also wanted. Microsoft's Powershell perhaps deserves a mention as something that has upgraded stdin/stdout in a way the author suggests.
Autoruns should be used for this. Also, since it is bundled in it, I figure I should mention the sysinternals suite. It will give you a lot of tools if you have a little advanced knowledge on how to remove the nastier malware.
it will speed up the small file transfers where the 8.3 overhead chokes the transfer.
Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012
To disable the 8.3 name creation on all NTFS partitions, type fsutil.exe behavior set disable8dot3 1 at an elevated command prompt, and then press ENTER.
This operation takes effect immediately (no reboot required).
Notes: When a volume is not specified the operation updates the registry value: 0 - Enable 8dot3 name creation on all volumes on the system 1 - Disable 8dot3 name creation on all volumes on the system 2 - Set 8dot3 name creation on a per volume basis 3 - Disable 8dot3 name creation on all volumes except the system volume When a volume is specified the operation updates the individual volume's on disk flag. This operation is only meaningful if the registry value is set to 2. 0 - Enable 8dot3 name creation on this volume 1 - Disable 8dot3 name creation on this volume
For more information on FSUTIL.EXE 8dot3name, visit the following TechNet article:
http://technet.microsoft.com/en-us/library/ff621566.aspx For more information on the registry setting to disable 8.3 names, visit the following TechNet article:
Why is it that the first to comment are just here to piss on the Mac gamers' wounds? Help your fellow starcrafters out or, at the very least, make an original joke.
Sigh, well anyway here's something you can do if you are affected by (as I am):
- Get a copy of windows, if you don't have one, give this 90 day trial a shot Install windows via boot camp.
- Download the windows beta client.
- Reconfigure everything and enjoy.
I did this last night and it worked perfectly, just had to adjust some settings. However, I already had a copy of windows installed so I can't vouch for the success of that trial.
Finally, I hope you use Ctrl instead of command for hotkeyes. It allows you to play cross platform without issue.
Here's the official windows prank: The BSOD screensaver as published by Microsoft.
Set the boot up sound to something long and obnoxious. I set it to a 40 second laugh track on a coworker's computer once.
Did the same thing on the "error" sound.
Take a screenshot of the desktop, hide all the icons and set the background to the screenshot. "Why don't my icons work?!?"
Rename all his printers.
A small square of the sticky part of a post-it note over the laser on the mouse.
Word/Outlook/Excel has an autocorrect feature. It's normaly used for good (capitalizing words, fixing spelling mistakes, etc) but it can be used for evil. Have it replace "YourName" with "YourName is Fucking Amazing!". That kind of stuff. (http://office.microsoft.com/en-us/word-help/autocorrect-spelling-and-insert-text-and-symbols-HA010354277.aspx)
Hmmm can't think of any more off hand. Have fun.
It still beats Net Helpmsg.
Just tell me what the damn error was.
How is
> To get more information about error message NET 2182, type:
> net helpmsg 2182
Simpler than
>2182: The requested service has already been started.
Edit: Trying to answer this question. Didn't realize how widespread net helpmsg could be.
I'd like to point out that WinDirStat produces inflated statistics. This is because it counts hard links more than once. This can lead to some rather misleading numbers (in my case, it inflates the size of my Windows directory from 17GB to 21GB). For a more accurate but less pretty program, try du with the -u option.
On your LAN?
You can write batch files and combine them with psexec to run commands.
You can deploy software using Group Policy in an Active Directory domain. Is this what you need?
psexec (as part of the Sysinternals toolset) could execute any command on any system connected to the current domain.
psexec \* "C:\Windows\System32\msg.exe" "*" "Message to be sent"
Edit: PSTools - http://technet.microsoft.com/en-us/sysinternals/bb896649
Don't leave RDP open to the public. Regardless of the security of the protocol itself, the service could be vulnerable to remote attack. If you really need to access RDP on a home machine, configure it to use a different port than the default (see http://support.microsoft.com/kb/306759 for info on changing the port). I'll assume you're also behind some kind of firewall, and usually home firewalls/routers will let you send traffic to a specific port to any other IP/port pair on your LAN, so you might not need to configure RDP itself to listen on a different port. Make sure you pick a high port that's unlikely to be scanned (for example, something that's not in this list.
RDP will use the highest encryption level available between the client and server, but you can configure it to require SSL/TLS. See http://technet.microsoft.com/en-us/magazine/ff458357.aspx for instructions on setting that up.
Answer to bonus question: You probably have a higher chance of being infected with a trojan that's sniffing your traffic than having it intercepted 'in the cloud'. Whatever you do, don't connect to your home RDP from any machine that might be compromised, or any public machine. You're fine connecting back with your own personal laptop, but I'd be weary of using any machine you don't have direct control over.
I use Microsoft's Process Explorer. It's a very useful little program they offer for free. It's like Task Manager on steroids. When I'm done with a flash drive or USB hard disk and Windows tells me it's in use, I run Process Explorer and do a search for the drive letter in question (like E: or G: for example).
This shows one or more processes still accessing the drive. Sometimes a program like a text editor doesn't completely release the device even if you save and close a file you were using from that drive. Exiting the program in question will set your drive free.
EDIT: Added download link.
You should upgrade task manager to process explorer. It gives more details, and shows all processes as well as parents.
EDIT: derped the grammar.
I use PsExec from the PsTools Suite. It lets you execute anything from the command line as if you were actually at the remote machine without anything showing there.
By the way, there are a lot of other very useful tools in that suite. check them out!
If the machine is equipped with a TPM and you're running Windows 7, enable BitLocker. This is the best way to prevent someone from booting from a live CD and messing around with the filesystem.
Yes, you can disable booting from the CD-ROM in the BIOS and set a password, but anyone can get around that by opening the case and resetting the BIOS.
Be aware that if someone does boot from a live CD and messes with the boot sector, the computer will fail to boot completely unless the BitLocker recovery key is entered. Make sure to back up those recovery keys.
You can use Restricted Groups in GPO. Basically you add groups or users to the Local Adminstrators group and push it out. Usually I created an AD Group called 'Local Admins' and add to restricted groups, then add users to the Local Admins group.
These articles should help set it up:
http://technet.microsoft.com/en-us/library/cc785631(v=ws.10).aspx
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Restricted-Groups.html
Not sure why people are downvoting me:
http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5.3.3.
For understanding how to configure NTP upstream peers, and the link I posted in another comment explains the Windows Time Service.
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx
Go read and watch anything Mark Russinovich has online. http://blogs.technet.com/b/markrussinovich/ http://technet.microsoft.com/en-us/sysinternals/bb963887
This video handles advanced malware cleaning specifically. It's from 2-3 years ago, but still relevant. http://technet.microsoft.com/en-us/sysinternals/gg618529
kernelmode.info for learning about rootkits.
Problem recorder for the win! I learned of this last year during exchange training... MY mind was completely blown.
Another great utility is http://technet.microsoft.com/en-us/magazine/2009.03.utilityspotlight2.aspx I use that to make video instructions to send to ludites who can hopefully follow them.
Actually Win 7 runs even admin accounts at user level most of the time (which is why you get all those "do you want to do this" messages - they're all asking if you want to become mr admin now). It's able to run most applications as a user because it virtualizes a lot of file stores (and even some registry entries).
You can read some more about it here.
Of course, run as is a million times more functional in Win 7 so running everything as a user account and then just Running as admin when necessary is a perfectly fine option as well.
Download and run Malwarebytes first and formost. Download it from another machine and copy it to a USB stick. Allow it to remove everything it finds (You just need the free version not the paid one)
It also wouldn't hurt to run Microsofts Rootkit Revealer it's a bit outdated, but, anything would help.
Also make sure your antivirus is up to date and turned on. If you don't have one installed, Microsoft's Security Essentials is pretty good
All of these programs are free. Do not pay for anything to remove anything on your system. Download them from another computer, and run them with your computer not hooked up to the internet.
And also don't put in any passwords or cc information until you know your system is ENTIRELY clean.
Yes it is an x500 address in the NK2/autocomplete file on the outlooks clients. You can perform a manual cleanup using nk2edit on the outlook2010 autocomplete addresses, you can go around to all PC's and hit delete on the autocomplete within outlook, or BEST OPTION: you can import the old x500 address into the new account using advanced option attribute edit tab in AD by adding the old address in under proxyAddresses
If you have issues with activesync you should try removing all activesync devices from that user profile in exchange. Removing the devices from exchange GUI/OWA and then going to the physical device and deleting the account and re-setting it up usually fixes it.
Alternatively you can remove the device via powershell on the exchange server. Link: http://technet.microsoft.com/en-us/library/bb125032.aspx
Back on topic: Check this link,
That is pretty much what you want to do, get the old address and add it as a proxyaddress on the new account. ashdrewness can verify this as he is our resident exchange 2010 GURU
I'm not sure about this.... the advanced notification from Microsoft says that the out-of-band patch will address an Elevation of Privilege vuln, while the hash attack advisory says that the vuln results in Denial of Service.
Are there two seperate vulnerabilities here?
Edit: The update has been released and addresses four separate vulnerabilities, including the hash attack DoS and an unrelated Privilege Elevation. The PE vuln is considered the most serious hence it was the one mentioned in the advanced notification:
Collisions in HashTable May Cause DoS Vulnerability - CVE-2011-3414
Insecure Redirect in .NET Form Authentication Vulnerability - CVE-2011-3415
ASP.Net Forms Authentication Bypass Vulnerability - CVE-2011-3416
ASP.NET Forms Authentication Ticket Caching Vulnerability - CVE-2011-3417
http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx
.gif){kind=link}
Win32 is a complete subsystem. Just one of the ones supported by the NT kernel. WinRT is just an API that sits on the Win32 subsystem.
I ran into this problem several months ago with several employees backing up their MP3 and iTunes collection to the file server. I even had one woman with the balls to upload all her pirated DVD collection to there when she brought in her home external hard drive.
My boss and I turned on File Type Screening in Serve 2008 R2 and that's how we found out this was going on after 900GB+ all of a sudden got chewed up.
http://technet.microsoft.com/en-us/library/cc754810%28WS.10%29.aspx
Now we get support requests to "fix" our file server when they get the error message that the file type is restricted.
Process Explorer is one of the best tools that Microsoft has ever acquired (Winternals Software LP). It is useful for debugging software files and directories. But don't limit yourself just to Process Explorer. Download the whole Suite of tools at http://technet.microsoft.com/en-us/sysinternals/bb842062 - TCPView is my favorite tool in the suite.
Process Explorer beats the pants off of the built in Windows solution. It really should be included by default in Windows. It's 1.47mb but you're not the boss of me!
I got 2 week contract job with the help of google and my bullshitting skills. They needed someone to build a Vista ZTI setup and I told them I had done it before. I had no clue what ZTI was, much less how to build it but google got me through the technical interview and they hired me. I was only making $12/hour at the time and they were offering me $45 so I said "fuck it, worst they can do is fire me."
After I was there for 3 days, the Vista project was killed but, because I got along with the team, they found me a spot as technical lead on their full disk encryption project. That led to a permanent position and I have now been here almost 5 years. I make over 100K/year, have awesome benefits and get along great with my coworkers.
During the first year, I expected to be fired at any time but I never was.
Try running combofix.
However, you can also try to run Process explorer
You can suspend the interlinked processes and then kill them.
I think you are looking for the route command. http://technet.microsoft.com/en-us/library/bb490991.aspx
EDIT: Actually, now that I think about it..do you have a default gateway set for both interfaces? If you do, remove the default gateway for the local area network interface. This should still allow lan packets to be on the LAN, but all other unknown packets to go to your internet line.
The only thing to watch out for is if you have multiple subnets on your LAN.
>Note: The Go To Process is very helpful when you're trying to find the primary process for a particular application. Selecting this option highlights the related process in the Processes tab.
>Stopping a process and its subprocesses by right-clicking it and then choosing End Process Tree
oh my god. First off make an image using sysprep. nlite is for home users. nlite.... are you installing windows xp? http://technet.microsoft.com/en-us/windows/preparing-an-image-using-sysprep-and-imagex.aspx .Secondly network install those puppys......
thirdly, the cd is dead to you from now on. you have lost the right to use removable media.
BgInfo prints the system name and other information on the desktop background of a server. Useful for when you're about to click something critical while terminal serviced into a system and really want to make sure you're logged into the right one.
The OP is misleading, turning this on will not speed up anything.
The only thing it does is overwrite data in page file with zeroes during shutdown, and that takes some time. The point is that no password or other sensitive information is left there if someone would be to gain physical access to your computer.
If you suspect your pagefile might be slowing down your machine defragmenting it would be a better solution, but probably not needed.
Windows 7 has a better task scheduler, new TCP/IP stack, and better drivers.
> The scheduler was modified in Windows Vista to use the cycle counter register of modern processors to keep track of exactly how many CPU cycles a thread has executed, rather than just using an interval-timer interrupt routine.[3] Vista also uses a priority scheduler for the I/O queue so that disk defragmenters and other such programs don't interfere with foreground operations.[4]
http://technet.microsoft.com/en-us/network/bb545475
> To solve the problem of correctly determining the value of the maximum receive window size for a connection based on the current conditions of the network, the Next Generation TCP/IP stack supports Receive Window Auto-Tuning. Receive Window Auto-Tuning continually determines the optimal receive window size by measuring the bandwidth-delay product and the application retrieve rate, and adjusts the maximum receive window size based on changing network conditions.
> Receive Window Auto-Tuning enables TCP window scaling by default, allowing up to a 16 MB window size. As the data flows over the connection, the Next Generation TCP/IP stack monitors the connection, measures the current bandwidth-delay product for the connection and the application receive rate, and adjusts the receive window size to optimize throughput. The Next Generation TCP/IP stack no longer uses the TCPWindowSize registry values.
> With better throughput between TCP peers, the utilization of network bandwidth increases during data transfer. If all the applications are optimized to receive TCP data, then the overall utilization of the network can increase substantially, making the use of Quality of Service (QoS) more important on networks that are operating at or near capacity.
A bunch of benchmarks from 2009 say that XP is better for battery life, but there have been numerous updates and patches since then.
I don't know about a log, but you can try checking both the event log (eventvwr.msc) and the scheduled task list for suspicious entries. You might also consider running Process Monitor for a while to see what launches the Cmd window. Process Monitor will throw a lot of events at you, so be prepared to search for a while.
I'm sorry Windows wasn't for you, and I'm not gonna try and convince you otherwise, but:
2) http://technet.microsoft.com/en-us/sysinternals/cc817881.aspx
it's not official, but it's written by a Technical Fellow at Microsoft who is probably one of the most 5 knowledgeable people about Windows on Earth.
4) http://unxutils.sourceforge.net/ is a set of lightweight Win32 ports of Unix utilities. for a truly Windows solution (preemptive "slow and overengineered" quip :p), though, you should learn PowerShell: sed, wc, and grep all have equivalents in it, and PowerShell scripts are first-class .net programs, so an awk equivalent is unnecessary.
5) ClearType: did you run the ClearType tuner? (pull up the Start menu, type "ClearType" into the search box.)
old/ugly apps: which apps were you using which looked old or ugly, perchance?
6) virtualization software: Microsoft has a good hypervisor product called Hyper-V built into Windows Server 2008, as well as Windows Virtual PC which is available as a free download for Windows 7 users. they're not as powerful for operating system developers as Bochs or VirtualBox (both of which are also available for Windows, for free), but hopefully that's not a limiting factor for you.
digital painting and graphics editing: The GIMP, Paint.NET. The GIMP is really the only free Photoshop competitor that exists anywhere, but Paint.NET is OK for simple stuff.
> Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. To install Telnet Client by using a command line type the following command:
> pkgmgr /iu:"TelnetClient"
> If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
> When the command prompt appears again, the installation is complete.
You can also swap the default Task Manager for Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653
I don't generally use most of it's features, but it makes browsing through processes and process trees 10x easier.
Also, "telnet localhost 25" (You can press CTRL + ] then type "quit" to close your connection).
You can see what ports Exchange (or some other app) is listening on, or if it's listening at all by looking at the receive connector configuration, then comparing the configuration to the output of "netsat -abn". Make sure the transport service is bound to the correct ip/port combination.
If you want to do test emails, you can use SMTPDiag.
You can also send test emails through telnet.
If all this works, enable message tracking and look at the logs. You didn't mention what version of Exchange but I'll assume it's 2010+ since you're talking about DAGs. So here's an article about message tracking too.
Also, look at the event logs. I'm sure there is something in there complaining if you're having trouble connecting to port 25.
Create a scheduled task to do this automatically.
http://technet.microsoft.com/en-us/library/cc748993.aspx
The command you want to use is
del [path to pictures folder]*.tmp
EDIT: Back up your pictures folder and test the command so you don't delete anything important.
Also, yay Vanu Tech Support! Without us, there wouldn't be any NC to play against.
You don't need another ISP to get the services that a VPN can give you. A VPN is not a replacement for your ISP, as VPN is a service that allows you to browse the web mostly or entirely anonymous depending on how the VPN handles data encryption and logging. ISPs, as you know, provide you the connection to the Internet. Again, VPN only offers the ability to browse the Internet anonymous, but is not a replacement for your ISP.
>Open source
Well, there's Bacula and UrBackup, but you probably should spend your time familiarizing yourself with Windows Server Backup, because it is highly unlikely that you will ever encounter those former options in anything but a hobbyist environment.
If you have Exchange 2010 you could use Journaling. I had to do that recently to a employee who we knew was a about to quit. It copies all in/out going email to a different mailbox. It's basically the email version of the quote you get on calls "This phone call has been monitored for training purposes"
Network monitor was part of systems management server 1.0
http://technet.microsoft.com/en-us/library/cc751130.aspx
Wiki says 1994
http://en.wikipedia.org/wiki/System_Center_Configuration_Manager
Sorry for calling you ignorant, it was the wrong term
Wrap your script launch with an elevate.exe call using the Elevate Powertoy.
http://technet.microsoft.com/en-us/magazine/2008.06.elevation.aspx
It'll prompt the user to allow UAC and assuming they're admin level already, it'll be as good as running it from an admin console.
Also, this method looks interesting: http://blog.pythonaro.com/2011/09/python-wmi-services-and-uac.html
Git runs just fine on Windows. It does require a bunch of the POSIX utilities which Windows Server's Subsystem For Unix Applications conveniently provides.
does your router support QoS?.
QoS allows you to prioritize traffic across your network. If you want to be a bit less "selfish" with your bandwidth, you can give http (port 80) and https (port 443) a higher priority. This gives anyone browsing the web a priority higher than that of someone playing a game. If your roommates torrent a lot then just do it by IP or mac address because torrents can use port 80.
You'll probably want to set a static IP address too (I'll need to know your operating system to tell you how)
*edited to include information
Ha! The story of my life. It's horrible when the boss walks over andyou alt + tab to the other screen, while the rage comic or whatever is still open in the first one.
I've been using a utility lately called Sysinternals Desktops which gives you up to 4 distinct and independent desktops. Basically you just alt +1, 2, 3 or 4 to switch between them. So Reddit is open in one desktop and work in the other.
Its a really awesome and lightweight utility and it's worth checking out.
I just finished a Windows 7 deployment in my organization and had to support 1 image for 3 sets of hardware. The way I did this was Windows Deployment Services and the Windows AIK tools.
During sysprep, Windows 7 looks for the drivers it needs in %windir%\inf. It knows to look within folders so you can keep your drivers organized. We have different drivers in that folder for the 3 different desktop models, and so far it's worked flawlessly.
New hardware? You can add more drivers later on to that image without having to jump through too many hoops.
Best of all, WDS is included as a feature of Server 2008, and the Windows AIK is free.
In 2010 it's a feature called 'journaling'. TLDR is you setup a special mailbox and it gets a copy of everything the user does.
http://technet.microsoft.com/en-us/library/aa998649.aspx
Non-tech: hope you have a written policy and Mgmt approval. Monitoring communications can be dangerous to your career health.
If they are Windows machines (XP-Win7), you can use Group Policy Preferences to change the password (or any other local account settings). You can put that in a GPO and either set it to an OU or use item-level targeting, which lets you filter by a lot of different ways.
http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx
No. Don't do this.
Use sysprep. It was designed to generalize images for mass deployment.
http://technet.microsoft.com/en-us/library/hh824816.aspx
> If you intend to create an image of an installation for deployment to a different computer, you must run the Sysprep command together with the /generalize option, even if the other computer has the same hardware configuration. The Sysprep /generalize command removes unique information from your Windows installation so that you can safely reuse that image on a different computer.
Yes, you'll get to re-image / re-install those machines to fix it. Alternatively, if you really truly don't want to re-install, you can just run sysprep.exe /generalize on each individual box, but be aware that this is functionally reinstalling the OS on the machine anyway: customization is blown out, and new settings are written. There are some exceptions (which features are installed, user accounts present on the machines), but those are all documented on various sites and MS knowledge base articles.
Sorry if you took the 2 DHCP servers bad as directed at you. It was more a general grumbling about the 99% causing the default answer to this case of unusually good design to be "assume the previous guy was an idiot, tear it down before it causes problems".
> I guess I can't think of any situations where 2 DHCP servers on the same subnet would be good, but it's late.
I get that way too after midnight. They have to be on the same subnet but their scopes can't overlap.
The example I usually give for a small network is DHCP server A having a scope of 10.0.0.51-10.0.0.150 subnet mask 255.255.255.0 gateway 10.0.0.1 and DHCP Server B having a scope 10.0.0.151-10.0.0.250. Both DHCP servers share a 3rd scope of 10.0.0.2-10.0.0.50 used only for DHCP reservations. The entire 3rd scope being reserved prohibits any 'normal' DHCP clients from getting leases from them and both having the scope ensures whichever is available, the reserved hosts still get their assigned leases. :)
If you're using server-based DHCP servers, you can set up a delay on one of them to have it operate as a true secondary server instead of the round-robin. http://technet.microsoft.com/en-us/library/ee405264(v=ws.10).aspx
Even on your normal SOHO networks, you can pull off a backup DHCP server if you're willing to invest $50 and some time. For internet-only businesses, it doesn't help much but for for heavy file share and internal server users, it can be a lifesaver.
I think you may be mistaken on your facts. I've dealt with this personally recently in an Exchange 2010 environment.
Here's a few links that show the limits in 2010:
http://technet.microsoft.com/en-us/library/ff477612(v=exchg.141).aspx
If you have any evidence contrary to this by all means please post it. I'm going by my own research and experience.
Keep in mind, as I mentioned above, this is in Outlook 2010 online mode only. I do not believe it occurs utilizing cached mode.
What works even better is to run WinDirStat as the System account. Then you get to see EVERYTHING, including all the files in the System Volume Information directory.
Get PSexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) and from a command prompt issue the following command...
psexec -i -s "C:\Program Files (x86)\WinDirStat\windirstat.exe"
substituting your actual path for the one I supplied. The -i makes the session interactive, and the -s causes it to run as the system account.