February 4, 2010
Microsoft have confirmed that using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
Sources …
PC Advisor …
Microsoft Security Advisory (980088) …
Explanation of Data Execution Protection …
Leave a Comment » | 
Internet Explorer, Microsoft Windows, Microsoft Windows 2003, Microsoft Windows 2008, Microsoft Windows 2008 R2, Microsoft Windows XP, Security | Tagged: 980088, Inernet Explorer flaw, Microsoft Security Advisory (977544) | 
Permalink
Posted by PaulElso
February 3, 2010
Recently I had a problem installing MSDE on a Windows 2003 Member Server. After spending loads of time trying checking the Windows logs as well as the MSDE installation log, the problem end up being down the previous MSDE installation not being fully uninstalled. The information available in Windows logs Source: MsiInstaller Event IDs: 1015, 1033 and 11708, made me think it was a problem with MSI Installer.
msiexec /unregister and msiexec /regserver (Event ID 1015 — Windows Installer Service Availability) did not resolve this nor did installing the current latest version of Windows Installer 4.5 http://support.microsoft.com/kb/942288
Checking the MSDE installation log made me believe that a software policy was preventing the installation of MSDE from completing, however this turned out not to be the case.
Finally I decided to check the registry to delete all instances of MSSQLServer as per How to manually remove a Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) instance … as well as deleting:
- the key "HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\Component Set\InstanceComponentSet.1"
- its instance name in the list of registr key "HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\InstalledInstances".
- delete this entire key "HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\<instancename>"
as per the following group post …
Once complete, installation of MSDE ran successfully as expected.
Leave a Comment » | MSDE | Tagged: 1015, 111708, event id 1033, msi installer, Source: MsiInstaller, SqlRun01, SqlRun01.msi is not digitally signed | Permalink
Posted by PaulElso
February 1, 2010
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Decommissioning a domain controller effectively removes all Active Directory and related components and returns the domain controller to a member server role.
Protecting EFS-encrypted files
If the domain controller to be decommissioned hosts any Encrypting File System (EFS) encrypted files, take precautions to protect the private key for the recovery agent for the local EFS-encrypted documents. It is possible for this key to be lost during the demotion when the Security Accounts Manager (SAM) is recreated on the computer. In this case, your account cannot recover encrypted documents on this computer unless the recovery agent is changed to an existing domain account before encryption. To prevent loss of the private key, you must back up (export) the recovery agent private key before you decommission the domain controller. After you remove Active Directory, re-import the private key.
You must be able to ensure that the domain account that serves as the recovery agent for the certificate remains the same after removing Active Directory. If you cannot guarantee that the account will remain the same after the domain controller is decommissioned, or if you removed Active Directory without backing up the certificate and you cannot recover EFS-encrypted files, see article 276239 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=117370).
Task Requirements
The following tools are required to perform the procedures for this task:
- Ntdsutil.exe
- Active Directory Domains and Trusts
- Active Directory Users and Computers
- Active Directory Sites and Services
- Netdiag.exe
- Dcdiag.exe
To complete this task, perform the following procedures:
- View the current operations master role holders
To avoid problems, transfer any operations master roles prior to running the Active Directory Installation Wizard to decommission a domain controller so that you can control the operations master role placement. If you need to transfer any roles from a domain controller, understand all the recommendations for role placement before performing the transfer.
During the decommissioning process, the Active Directory Installation Wizard will attempt to transfer any remaining operations master roles to other domain controllers without any user interaction. However, if a failure occurs, the wizard will continue to uninstall Active Directory and leave your domain without roles. Also, you do not have control over which domain controller receives the roles. The wizard transfers the roles to any available domain controller and does not indicate which domain controller hosts them.
- Transfer the schema master
- Transfer the domain naming master
- Transfer the domain-level operations master roles
- Determine whether a domain controller is a global catalog server
If you remove Active Directory from a domain controller that hosts a global catalog, the Active Directory Installation Wizard confirms that you want to continue with removing Active Directory. This confirmation ensures that you are aware that you are removing a global catalog from your environment. Do not remove the last global catalog server from your environment because users cannot log on without an available global catalog server. If you are not sure, do not proceed with removing Active Directory until you know that at least one other global catalog server is available.
- Verify DNS registration and functionality
- Verify communication with other domain controllers
During the removal of Active Directory, contact with other domain controllers is required to ensure:
- Any unreplicated changes are replicated to another domain controller.
- Removal of the domain controller from the directory.
- Transfer of any remaining operations master roles.
If the domain controller cannot contact the other domain controllers during Active Directory removal, the decommissioning operation fails. As with the installation process, test the communication infrastructure prior to running the installation wizard. When you remove Active Directory, use the same connectivity tests that you used during the installation of Active Directory.
- Verify the availability of the operations masters
If any of the verification tests fail, do not continue until you determine and fix the problems. If these tests fail, the uninstallation is also likely to fail.
- If the domain controller hosts encrypted documents, perform the following procedure before you remove Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed:
Export a certificate with the private key (http://go.microsoft.com/fwlink/?LinkId=20039)
- Uninstall Active Directory
- If the domain controller hosts encrypted documents and you backed up the certificate and private key before you remove Active Directory, perform the following procedure to re-import the certificate to the server:
Import a certificate (http://go.microsoft.com/fwlink/?LinkId=20040)
- Determine whether a Server object has child objects
- Delete a Server object from a site
The administrator may not want to remove the Server object if it hosts something in addition to Active Directory—Microsoft Exchange, for example.
FSMO Server Roles …
FSMO placement and optimization on AD DCs …
Using Ntdsutil.exe to transfer or seize FSMO roles to a DC …
Leave a Comment » | Active Directory | Permalink
Posted by PaulElso
January 28, 2010
Article that explores pre-deployment considerations, as well as options and recommendations for user data and settings migration when moving from Windows XP to Windows 7. This is for enterprise-scale desktop deployments, migrating hundreds or thousands of computers.
Deploying Windows 7 from A to Z …
For guidance for deploying Windows 7 on clients, the tools to use – such as WAIK, MDT 2010 and WDS, and the scenarios for when to use them check Windows 7 deployment scenarios and tools…
Leave a Comment » | Microsoft Windows 7 | Permalink
Posted by PaulElso
January 28, 2010
Microsoft Network Monitor
Microsoft Network Monitor is a network protocol analyzer that lets you capture, view, and analyze network traffic. Version 3.3 of Network Monitor is available in 32- and 64-bit versions. Download it now.
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to help administrators of small and medium-sized businesses ensure that their Windows-based computers are secure. You can use MBSA to determine the security state of your computers in accordance with Microsoft security recommendations. MBSA also offers specific remedia¬tion guidance for security problems it detects, such as misconfigurations and missing security updates.
At the time of writing this, the current version was MBSA 2.1. This version is available in 32- and 64-bit versions, but it does not install on Windows 7. A new version that supports Windows 7 is due to be released sometime in the future. You can download the current version and get information regarding the a version for Windows 7 at microsoft.com/mbsa/.
Microsoft IPsec Diagnostic Tool
The Microsoft IPsec Diagnostic Tool helps network administrators troubleshoot network-related failures, focusing primarily on Internet Protocol security (IPsec).The tool checks for common network problems on the host machine and, if it finds any problems, it suggests re¬pair commands. The tool also collects IPsec policy information on the system and parses the IPsec logs to try to determine why the failure might have happened. The tool also provides trace collection for virtual private network (VPN) connections, the Network Ac¬cess Protection (NAP) client, Windows Firewall, Group Policy updates, and wireless and system events. The diagnostic report generated by the tool is derived from the system logs collected by the tool during its analysis phase. Download it now.
Windows Sysinternals Suite
The Windows Sysinternals Suite is a set of advanced tools for troubleshooting issues with Windows-based computers. These tools were originally developed by Winternals Software LP, which Microsoft acquired in 2006. Some of the useful and popular tools included in this suite are:
- Autoruns This tool lets you see what programs are configured to start up automati¬cally when your system boots. It also displays the full list of registry and file locations where applications can configure autostart settings.
- BgInfo This tool automatically generates desktop backgrounds that include important information about the system, including IP addresses, computer name, network adapt¬ers, and more.
- Process Explorer This tool lets you find out what files, registry keys, and other objects that your processes have open, which dynamic-link libraries (DLLs) they have loaded, and who owns each process.
- Process Monitor This tool lets you monitor the file system, registry, process, thread, and DLL activity on your computer in real time.
- PsTools This set of command-line tools can be used for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and performing other tasks.
- RootkitRevealer This tool lets you scan your system for rootkit-based malware.
- ShellRunas This tool allows you to launch programs as a different user using a shell context-menu entry.
- TCPView This tool lets you view active sockets on the computer in real time.
Download the entire Sysinternals Suite now…
From Windows 7 Tips…
Leave a Comment » | IT Tips, IT Tools, Microsoft Windows 7 | Permalink
Posted by PaulElso
January 28, 2010
Get MAC Address (Getmac.exe) Discovers the Media Access Control (MAC) address and lists associated network protocols for all network cards in a computer, either locally or across a network.
Hostname (Hostname.exe) Displays the host name of the current computer.
IP Configuration Utility (Ipconfig.exe) Displays all current Transmission Control Protocol/Internet Protocol (TCP/IP) network configuration values, and refreshes Dynamic Host Configuration Protocol (DHCP) and DNS settings.
Name Server Lookup (Nslookup.exe) Displays information about Domain Name System records for specific IP addresses and/or host names so that you can troubleshoot DNS problems.
Net services commands (Net.exe) Performs a broad range of network tasks. Type net with no parameters to see a full list of available command-line options.
Netstat (Netstat.exe) Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, and IPv4/IPv6 statistics.
Network Command Shell (Netsh.exe) Displays or modifies the network configuration of a local or remote computer that is currently running. This command-line scripting utility has a huge number of options, which are fully detailed in Help.
PathPing (Pathping.exe) Combines the functions of Traceroute and Ping to identify problems at a router or network link.
TCP/IP NetBIOS Information (Nbtstat.exe) Displays statistics for the NetBIOS over TCP/IP (NetBT) protocol, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache.
TCP/IP Ping (Ping.exe) Verifies IP-level connectivity to another internet address by sending Internet Control Message Protocol (ICMP) packets and measuring response time in milliseconds.
TCP/IP Route (Route.exe) Displays and modifies entries in the local IP routing table.
TCP/IP Traceroute (Tracert.exe) Determines the path to an internet address, and lists the time required to reach each hop. It’s useful for troubleshooting connectivity problems on specific network segments.
Network Monitor (not available in Windows 7 but available as a free download) is a protocol analyzer that lets you capture network traffic, view it, and analyze it. You can get the free download from Microsoft.
Leave a Comment » | IT Tools, Microsoft Windows 7, Networking | Permalink
Posted by PaulElso
January 27, 2010
Cisco icons are globally recognized and accepted as the de-facto standard in network icon topologies.
Requires CCO login to download …
Leave a Comment » | CISCO, Networking | Permalink
Posted by PaulElso
January 4, 2010
Description:
Applies to all sites using Websense Web security software with Logon Agent and Active Directory user accounts. Versions likely to be affected are Websense Web security software versions 6.x and 7.x, used in conjunction with Windows XP, 2003, and 2008.
If you apply Microsoft update KB 971737, Websense Logon Agent is no longer able to identify users who have Active Directory accounts. As a result, Web filtering for these users does not occur.
If Microsoft update KB 971737 is not installed (or is removed), Logon Agent works as expected, and Active Directory users are filtered properly.
Cause:
Microsoft update KB 971737 enhances the way Windows authentication works and makes changes to a library used by Websense software. This library is used by LogonApp.exe to authenticate itself with Logon Agent. The update enables extended protection for Windows authentication and turns on NTLM version 2. Support for NTLM version 2 is planned for support in a future version of Websense software.
Websense is researching the scope of the Microsoft changes for affected Websense versions and is considering options for our customers.
Temporary Workaround:
While Websense assesses the changes, one suggested workaround is to defer the installation of Microsoft update KB 971737 until Websense analysis is completed.
Another option is to install the Microsoft patch and then edit the Windows registry to disable extended protection for Windows authentication and revert to using NTLM version 1 (this would involves two different registry changes). Websense will confirm the specific changes soon.
Solution:
Websense is researching the impact on each affected version of Websense Web security software. Customers will be alerted as soon as we have additional instructions for each version.
Leave a Comment » | Websense | Tagged: KB971737, Websense Logon Agent unable to identify users | Permalink
Posted by PaulElso
