How to port scan your WINS servers

From time to time you might want to locate all your WINS servers in your network. The easiest way to do is to do a port scan for TCP port 42, and servers with this port open are running WINS.

If you do not have a good tool to search for open ports try look into pt360, that has lots of nice features.

Multicast test client

Microsoft got a tool to test multicast support in the network.

Enable SAN on Windows Certificate Services 2003

If you ever need to issue certificate with subject alternate names added to them from your favourite Microsoft Windows 2003 Certificate Services you have to enable it using this command.

CERTUTIL -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

STOP F4 with Internet Explorer

If you experience blue screens when running Internet Explorer 8 on Windows 7 (and probably some other versions of Windows) read on.

1. Do this.
2. Then run ATF-Cleaner to clean up your temporary files.

Good luck.

Windows Server 2003 Access-based Enumeration

Windows Server 2003 Access-based Enumeration: "ABE filters shared folders visible to a user based on that individual user's access rights, preventing the display of folders or other shared resources that the user does not have rights to access. ABE can be accessed via graphical user interface (GUI), command-line executable tool, and a robust advanced programming interface (API)."

In an earlier article I mentioned ABE on Windows 2008. This is also available on Windows 2003 systems. Read more here.

Download ABE tools you need from here.

NTFS inherited permissions not correct

Today I stumbeled over an NTFS file system (Windows 2003 R2 Server) where many inherited permissions was wrong for some reason.

My root folder had a special permission set for the Users group(only list folder content, does only apply to this folder). But in many subfolders the Users group had read and write access to the folder and the contents.

So how do we fix incorrect inherited permissions without also loosing the permissions set for the subfolder?

Windows 2003 R2 comes with a tool called icacls that can modify permissions. Below is a script I created that processes the current directory. It does:

1. Saves a backup of the folder to your temp directory. (Just in case...)
2. Grants the Users group some permissions to this folder. (Remember, I only wanted inherited permissions for the Users group!) This grant also fixes all incorrect inherited permissions.
3. Removes the explicitly set permissions for the Users group.

Save the codesnippet to a .cmd file and run it from the directory you want to repair permissions on.

@echo off
for /d %%x in (*) do (
 echo Processing %%x
 icacls %%x /save %temp%\%%x.acl
 icacls %%x /grant users:r
 icacls %%x /remove users
)

How to enable Kerberos event logging

How to enable Kerberos event logging: "Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 offer the capability of tracing detailed Kerberos events through the event log mechanism. You can use this information when you troubleshoot Kerberos. This article describes how to enable Kerberos event logging."

User Account Control: Inside Windows 7 User Account Control

This article from Mark tells you everything you did not know about UAC.

User Account Control: Inside Windows 7 User Account Control: "Standard user accounts provide for better security and lower total cost of ownership in both home and corporate environments. When users run with standard user rights instead of administrative rights, the security configuration of the system, including antivirus and firewall, is protected. This provides users a secure area that can protect their account and the rest of the system. For enterprise deployments, the policies set by desktop IT managers cannot be overridden, and on a shared family computer, different user accounts are protected from changes made by other accounts."

MSVPN and FTP

Today I came across a wierd problem with a client connected to a Microsoft VPN server not connecting to third party FTP server.

The environment is a Windows 2003 server with the latest service packs applied.

It turns out that for all traffic floating from the client except for the FTP traffic originates with the client IP. All FTP traffic originates with the VPN Server IP address. As a result you will have to adjust your firewall accordingly.

Software deployment tools

In an enterprise there are many ways to deploy new software. With Windows 2000 server and client Microsoft made a new standard with the Windows Installer and Group Policy. Windows Installer (aka. Microsoft Installer) is a defined way to install applications on a computer and the group policy can be used to distribute applications to several computers at the same time.

Windows Installer

With Windows Installer you get files with several extensions. The most important extensions are;

Extension	Use
.msi	This is an application ready for installation on a target computer.
.mst	This is a transform file. A transform basically allows you to change the behavior of an MSI file without actually changing the MSI file.
.msp	Patch file - in case of big installations you can distribute patches instead of new installations.
.msm	Merge module. A vendor can distribute common components in a merge module so other vendors can distribute the common component as part of their own installation - and still maintain integrity for the common component. Examples are the Visual Basic runtime.

Windows Installer came with Windows 2000 and was ported back to Windows NT 4.0, Windows 95, Windows 98 and Windows ME.

There are many tools to create MSI files. Read more here.

Deployment tools

I do not intend to talk much about the different tools here. Just list them up.

Tool	Comment
Specops Deploy	Group policy distribution on steroids. A simple tool and extends your group policy deployment with reporting and control. Not to expensive from what I can see.
Novell ZENworks	We "grown up" people remember Novell as the creators of Netware - for its time the best network operating system. They also created some other good software, like ZENWorks that was the best deployment tool that existed for Netware environments. Now that Netware is dead they have removed all dependencies to Netware and now can run within a Windows only environment. Can create proprietary distributions or distribute/create MSI files.
System Center Configuration Manager (SCCM)	Microsoft also have a tool for software deployment. This tool is loaded with features, not cheap and hard to deploy. But it will work for you when you have it up and running.
Group Policy

How to make a Windows share HA or clustered

The text below is an excerpt of a document I wrote for a customer regarding how to make a file share (repository) highly available.

Please ask if you have any questions.

File share

The file share is a common repository to store files.

There are two ways to configure a file share to be highly available. One solution is Distributed File System and the other solution is Microsoft Cluster Services.

Distributed File System

DFS is a service that provides a single point of reference and a logical tree structure for file system resources that may be physically located anywhere on the network. With DFS you create a share like \\domain.local\share$ that a client (in this case the Mobile Wipe servers are the clients) connects to. All files in a DFS can be replicated among several servers and the client connects to the nearest server that is available.

Microsoft Cluster Services

Microsoft implements failover clustering for file services. You set up two (or more) servers in an active/passive configuration, which means that if a failure occurs on a server that is a member of the cluster (Cluster node) the services that the failing server was hosting will automatically restart themselves on another server that is a member of the same cluster. The process of a service moving from one server to another is called failover.

Can I image computers with OfficeScan?

If you try to clone, copy or ghost a computer with Trend OfficeScan installed you need to take some precautions.

Each installation of OfficeScans places a unique identifier in registry. This identifier looks like a GUID. I do not know how OfficeScan creates this identifier. But I know that is has to be unique for web updates to work.

There are two ways to solve this:

1. Install OfficeScan after making the image of the computer.
2. Run the tool imgsetup.exe (Image Setup Utility) prior to imaging the client.

Some background information

Imaging and ghosting are common names used to copy one computer to another. You will do this when you want to update many similar computers with new operating systems.

Ghosting leads from a software suite called Ghost. This probably was the first software that did imaging [^{wild guess}]. Ghost is currently sold by Symantec.

If you want to retrieve GUID's or SID's from a computer you can see how here.

How to get the computer GUID and SID

From time to time you might need to get your computer GUID and/or SID.

You can read down and see how to retrieve these values from your computer.

Computer GUID

To get the GUID of your computer you can download a tool called SIW. This is not a program you have to install to run.

Click on Operating System and you will find the computer GUID there.

Computer SID

Download NewSID from Microsoft and run it. NewSID is a tool to change the computer SID and is used with cloning of computers. The SID has to be unique within a network.

You will see the current SID when you can specify what to change it to. Do not change your SID.

Windows Performance Tools Kit

A tool to measure CPU load during the boot process. Below is from the product homepage.

The Windows Performance Tools (WPT) Kit contains performance analysis tools that are new to the Windows SDK for Windows Server 2008 and .NET Framework 3.5. The WPT Kit is useful to a broad audience, including system builders, hardware manufacturers, driver developers, and general application developers. These tools are designed for measuring and analyzing system and application performance on Windows Vista, Windows Server 2008, and later.

File recovery that works

When ever files are lost (deleted, card error etc), on your file system or your flash memory Google will help you find programs that can help you recover these files for a small amount of money.

Often the end user will end up with spending $ on a program that was not as good as promised. And more important than the money - the files are still lost.

One program that stands out - both beeing free of charge and actually good at locating your files - is Convar PC INSPECTOR. With two flavours available, for general files and memory cards (eg. photos)you are saved.

This tool scans your drive for files even when the FAT is corrupted.

Xobni oranizes your inbox

Xobni is inbox spelled backwards. Beside that it is a tool that allows you to organize your Outlook inbox within seconds.

Highlights are:

• Fast search of your inbox (and other mail folders).
• Organizes your contacts.
• Let you see lots of useless statistics on to whom and how you use your e-mail..
• Integrates with LinkedIn.

With fast local search - like Windows Indexing service, Copernic Desktop search and Google you can find anything you want within seconds as long as you know how to spell your search.

While Xobni only indexes your e-mail it seems to do a better job at letting you find your e-mails as you can search on contact and continue from there.

You can also se who knows who as it analyzes mail headers and build social networks based on this information.

From one day of usage I really like this program. This is a tool that you will not live without. But Xobni has to mature first - it crashed Outlook three times for me before I decided to uninstall it.

PRTG traffic grapher

Have you ever needed to make graphs out of your interfaces in one way or another. I guess you are familiar with MRTG, a Unix tool written in Perl that polls all your SNMP devices and makes good looking charts out of them.

If you are a Windows user and do not know how to configure Apache and MRTG then I have the solution for you.

PRTG - a tool from a German company is exactly this. A replacement for MRTG, running on Windows and with it's own web server.

PRTG is not free of charge as MRTG. But the cost is relatively low and it is good value.

From a Windows application you can configure everything you need to monitor and later on just watch everything from a web browser.

Cool PDF Reader

Do you

• Think Adobe Acrobat is slow?
• Adobe Acrobat takes time to install?
• Do you need a simple tool to view PDF files on several computers?

If you do - the solution is just one click away. I found a a company called CoolPDF Software that gives me just what I want.

Their Cool PDF Reader is currently a 655KB download and does not require any installation before use.

I have tried it on lots of my recent .pdf downloads - and it works most of the time. I had some problems with big documents, but most of the it works as a charm.

I do miss some features though;

• U3 installer.
• Keyboard shortcuts to navigate through a page. (To move up and down.)

Scripting in Windows

You have to love Microsoft script language - cmd.exe. You can do lot with it if you just learn how to do so.

Here is one example that extracts date and time from norwegain locale and puts it into the variables %dato% and %tid%.

for /f "delims=. tokens=1-3" %%a in ("%date%") do set dato=%%c%%b%%a
for /f "delims=: tokens=1-2" %%a in ("%time%") do set tid=%%b%%a

Cool, eh?

Looking into HTTP traffic with Internet Explorer

I work a lot with web applications and from time to time I need to look in to the HTTP session - what headers are sent back and forth and what web page elements takes time to load.

I have found two products that does this well. I will cover these in details below.

HttpWatch

HttpWatch from Simtec Limited. This product seems to be the most mature of these two. It have cool features, the most important one is beeing able to show you what the web client spends it time on; DNS lookup, TCP session setup, or the data transfer.

You can look into HTTPS traffic.

The major drawback is the price. It cost $295 for a one user license. As a result I did not test this product any further.

IE Inspector

IE Inspector from IEInspector Software is a nice application. It works much like HttpWatch above, but is much cheaper. It lacks the capability to show what a page spends it time on doing; you just get the end result.

You can look in to the HTTP headers sent to the web server and what HTTP headers are received. You can see detailed cache information about Internet Explorer cached elements.

You can also purchase a module that analyzes other applications that uses HTTP. This is nice if you want to test other applications communicating over HTTP.

You can look into HTTPS traffic only if you use the Internet Explorer integrated decoder.

If you buy both modules as a non-commercial license you end up with US$99. If you happen to be commercial the price is $129. Either way it is much cheaper than HttpWatch.

Ethereal

Ethereal is the Swiss army knife of packet decoding. You can't live without it. The tools mentioned above presents HTTP traffic in an easy way. But Ethereal gives you a lot more - if you learn how to use it.

It is open source. And we can't dislike open source!

Vista wireless and lag

Have you noticed that Vista and wireless often looses connection to the Internet (and corporate network). This is often seen with games and real-time applications like VoIP products.

Windows Vista doesn't works with the optimal wireless setinngs. Some of this settings are causing 1,5sec dropouts with many wireless cards, which are appearing every 30-60sec. This dropouts are very hated in the gaming community and if users are using voice over IP applications or other realtime protocols.

Here you can find a solution for your problem.

Mozy easter eggs

Some people find it fun to place jokes within their applications. We have all seen easter eggs placed within applications from time to time.

Mozy have taken this kind of joke a step further. You don't have to look deep to find a joke.

But it's not always clear what the joke mean. P=NP is an unsolved question computer science.

It is generally agreed to be the most important such unsolved problem. It is also generally agreed to be one of the most important unsolved problems in mathematics; the Clay Mathematics Institute has offered a $1 million US prize for the first correct proof.

If you read their terms you'll find DO NOT TAUNT HAPPY FUN BALL. This is a reference to Saturday Night Live. For people like me it is not easy to understand all of this.

Thanks to davidrothman for pointing this out.

Wink video capture

I just wrote about codecs and screen scaptures. When I was finished with the article I found a cool program called Wink from Debugmode.

Wink is a screen video capture program that allows you to edit it - add annotations, balloons, text and so forth.

Highlights are freeware, easy to use and optimized outputs.

Have a look yourself at the Wink product page.

Screen capture codecs and tools

I have been looking into codec's for capturing the screen into videos. The reason for doing this is to produce videos from the screen wich are both small in size and with the best possible quality. Codecs for movies do not have the optimal characteristics for screen videos.

You can search your self with Google.

Codec	Comment
MSU Screen Capture Lossless Codec	Codec that produces the smallest files possible without loosing quality.
FM Screen Capture codec	Codec from the producers of ScreenVirtuoso. Outputs are about twice as big as with MSU.
TechSmith Screen Capture Codec (TSCC)	This codec can only be used to encode movies when you have a valid license for Camtasia Studio. You can download this codec free of charge to decode movies.

Capture programs

To use the codec's you need a program to capture the screen to a movie. Google can help out here as well.

Program	Comment
SnagIt	Good to capture still images. With videos you can only capture it, not manipulate it. Read my review here. You can encode with any installed codec.
ScreenVirtuoso	Capture tool with some options. Captures  media output as well. (DVD's, media player etc.)
ALLcapture	Another capture tool. They seem to have their own codec. And their own tool TurboDemo to create something useful out of the capture.

Good luck!

Capture with SnagIt and Camtasia

Screen capture and video capture of the screen? Is it possible and how do I do it?

TechSmith have two programs to do just that. There are of course others, but today I will focus on TechSmith.

SnagIt 8	Camtasia Studio 4
Capture still images and records video.	Captures video with own optimized codec. Still images if you purchase SnagIt bundle.
Very good options for editing your images.	Created to capture video and make movies of output.
Outputs to all common image formats, and .AVI for videos. You can choose codec for output.	Final output includes MPEG, AVI, Flash, RealMedia, QuickTime and executable. You have full control of output settings.

SnagIt - $39.95

SnagIt is a world known and reputable screen capture program. I love it - in addition to capture images (as you can do with alt+print screen) you can do lots to the final image. You can change perspective, add edge effects, highlight text, add arrows, add callouts and more.

If you send screen dumps in emails or make user documentation this a must-have tool.

Camtasia Studio 4 - $299

Charged with good hope after using SnagIt I downloaded Camtasia and decided to try it out.

I expected to find a tool to make videos as easy as SnagIt makes screen shots. But no, I did not manage to do anything usable with Camtasia. I can zoom and pan, but did not manage to do anything else with it.

If you want to make something out of a capture - look into Photodex ProShow first. I have already blogged about it.

ntfs.sys and blue screen

This weekend did not start out any good.

 

After hibernating my Windows XP laptop it did not want to wake up again. It went right into the infamous blue screen of death.

 

Windows did not boot and I found no way to force Windows into doing a chkdsk /f. Even when I booted the recovery console from my XP CD I got a blue screen.

 

I turned up nothing when searching Google for anything of use.

 

In the end, I had to go to the Linux community to get help. The Linux-NFTS project got a tool called ntfsfix that do something to the filesystem. From their documentation:

ntfsfix is a utility that fixes some common NTFS problems. ntfsfix is NOT a Linux version of chkdsk. It only repairs some fundamental NTFS inconsistencies, resets the NTFS journal file and schedules an NTFS consistency check for the first boot into Windows.

To run this tool on my laptop I found a GNU/Linux distro called Trinity Rescue Kit. This tool saved my day.