Pages

2/28/2003

Windows 2000::WMI


PROBLEM:
WMI services (winmgmt) is utilizing 100% cpu until manually stopped. Must be disabled because it will startup on it's own later.
SOLUTION:
Sometimes it works to stop the service and remove the Repository files under: C:\WINNT\SYSTEM32\WBEM\REPOSITORY
Then restart the service.
I am continuting to have this problem recur on several machines.
Any ideas for me? E-Mail Me

2/27/2003

Windows 2000/XP::Default Services


From: Microsoft

The following table lists the default services for a typical installation of Windows XP Professional, along with their default startup settings. Your list of services might be different, depending on the components selected during installation and any additional programs that have been installed.

ServiceStartup TypeLog On AsAdditional information
AlerterManualLocal Service
Application Layer GatewayManualLocal Service
Application ManagementManualLocal System
Automatic UpdatesAutomaticLocal System
Background Intelligent Transfer ServiceManualNetwork ServiceFor information about troubleshooting problems associated with this service, see Background Intelligent Transfer Service (BITS) inactive job timeout
ClipBookManualLocal System
COM+ Event SystemManualLocal System
COM+ System ApplicationManualLocal System
Computer BrowserAutomaticLocal System
Cryptographic ServicesAutomaticLocal System
DHCP ClientAutomaticLocal System
Distributed Link Tracking ClientAutomaticLocal System
Distributed Transaction CoordinatorManualNetwork Service
DNS ClientAutomaticNetwork Service
Error ReportingAutomaticLocal System
Event LogAutomaticLocal System
Fast User Switching CompatibilityManualLocal System
Help and SupportAutomaticLocal System
Human Interface Device AccessDisabledLocal System
IMAPI CD-Burning COMManualLocal System
Indexing ServiceManualLocal SystemYou can use Indexing Service to index documents and document properties on your disks and store the information in a catalog. For more information, see Indexing Service
Internet Connection Firewall (ICF)/Internet Connection SharingAutomaticLocal System
Internet Connection SharingManualLocal System
IPSec ServicesAutomaticLocal System
Logical Disk ManagerAutomaticLocal System
Logical Disk Manager Administrative ServiceManualLocal System
MessengerAutomaticLocal Service This service must be running for alert notifications to be received. For more information about performance, see Introduction to Performance This service must be running on recipient computers so that those computers can receive console messages. For more information about console messages, see Send Console Message
MS Software Shadow Copy ProviderManualLocal System
Net LogonAutomaticLocal System
NetMeeting Remote Desktop SharingManualLocal System
Network ConnectionsManualLocal System
Network DDEManualLocal System
Network DDE DSDMManualLocal System
Network Location Awareness (NLA)ManualLocal System
NT LM Security Support ProviderManualLocal System
Performance Logs and AlertsManualNetwork Service
Plug and PlayAutomaticLocal System
Portable media serial numberAutomaticLocal System
Print SpoolerAutomaticLocal SystemIf you are having trouble with a printer not responding, you can try restarting this service. This cancels all pending print jobs.
Protected StorageAutomaticLocal System
QoS RSVPManualLocal System
Remote Access Auto Connection ManagerManualLocal System
Remote Access Connection ManagerManualLocal System
Remote Desktop Help Session ManagerManualLocal System
Remote Procedure Call (RPC)AutomaticLocal System
Remote Procedure Call (RPC) LocatorManualNetwork Service
Remote RegistryAutomaticLocal ServiceFor troubleshooting performance problems relating to this service, see Troubleshooting
Removable StorageManualLocal System
Routing and Remote AccessManualLocal System
Secondary LogonAutomaticLocal SystemFor more information about the Secondary Logon service, see To start the Secondary Logon service
Security Accounts ManagerAutomaticLocal System
ServerAutomaticLocal SystemStopping this service disconnects any open sessions with a remote computer.
Shell Hardware DetectionAutomaticLocal System
Smart CardManualLocal Service
Smart Card HelperManualLocal Service
SSDP DiscoveryManualLocal Service
System Event NotificationAutomaticLocal System
System Restore ServiceAutomaticLocal System
Task SchedulerAutomaticLocal System
TCP/IP NetBIOS HelperAutomaticLocal Service
TelephonyManualLocal System
TelnetManualLocal System
Terminal ServicesManualLocal System
ThemesAutomaticLocal System
Uninterruptable Power SupplyManualLocal Service
Universal Plug and Play Device HostManualLocal System
Upload ManagerAutomaticLocal System
Utility ManagerManualLocal System
Volume Shadow CopyManualLocal System
WebClientAutomaticLocal Service
Windows AudioAutomaticLocal System
Windows Image Acquisition (WIA)ManualLocal System
Windows InstallerManualLocal System
Windows Management InstrumentationAutomaticLocal System
Windows TimeAutomaticLocal System
Wireless Zero Configuration serviceAutomaticLocal System
WMI Performance AdapterManualLocal System
WorkstationAutomaticLocal System

Windows 2000::Disabling Unneeded Services


From: ZDNet
ServiceYou can set it to manual if…
DHCP ClientYou're not connecting to a specific DHCP server on your local network
Distributed Link Tracking ClientYou're not connected to a Windows 2000 domain
DNS ClientYou're not connecting to a specific DNS server on your local network
FTP Publishing ServiceYou don't need your system to act as an FTP server
IIS Admin ServiceYou don't need your system to act as an WWW server
IPSEC Policy AgentYou're not connected to a Windows 2000 domain
MessengerYou're not connected to a Windows 2000 domain
Remote Registry
Service
You don't remotely access the Registry of other systems on your local network
RIP ServiceYou don't need your system to act as a router
RunAs ServiceYou don't use any applications that run as an alias
World Wide Web
Publishing Service
You don't need your system to act as an WWW server

2/26/2003

Windows 2000::Disabling Windows File Protection


The value of 4 below sounds promising. This could make the BAT file approach work.
Change the value data for the SFCDisable (REG_DWORD) value to 1 in the
following
registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

NOTE: For the change to this value to become effective you must restart the
computer. Also, if you are disabling WFP, a kernel debugger must be
connected to
the computer.

Following is a complete list of values for SFCDisable:
- 0 = enabled (default)
- 1 = disabled, prompt at restart to re-enable
- 2 = disabled at next restart only, no prompt to re-enable
- 4 = enabled, with popups disabled

The problem is the restart thing - this complicates the implementation since we have to know the workstation has restarted since the registry change was merged.

Windows 2000::Windows File Protection::Disabling


From GROUPS.GOOGLE.COM:
---------- Forwarded message ----------
Date: Sat, 24 Jun 2000 06:16:46 -0400
From: Jeremy Collake
Reply-To: Windows NTBugtraq Mailing List
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: W2k undocumented registry setting fully disables Windows File
Protection

6:13am 6/24

Summary: Undocumented registry setting allows for
Windows File Protection (aka System File Checker)
to be fully disabled.

HowTo: Set the SFCDisable value (see Q222473) to
0xffffff9d.

Ok, after spending 6 hours in the guts of sfc.dll, sfcfiles.dll,
and winlogon.exe I have *finally* discovered how to permanently
disable windows file protection. The more I dug into the internals
of SFC, the more I began to think that it would not be as easy as
I first thought it would be - and indeed Microsoft does not want it
to be easy. Windows File Protection, while annoying, does provide
a good degree of system stability and even some level of virus/trojan
protection by preventing system files from being modified without
at least notifying the user. Therefore, I was *very* shocked when
I was looking through a disassembly of sfc.dll and came to the code
that checks the value of the SfcDisable in the WinLogon key.
I see in the code of ordinal 2 (which is the initialization function
that winlogon calls), sticking out like a sore thumb, this:

76986A89 push 1
76986A8B cmp eax, ebx
76986A8D pop esi
76986A8E jz loc_76986B97
76986A94 cmp eax, esi
76986A96 jz loc_76986B7A
76986A9C cmp eax, 2
76986A9F jz loc_76986B69
76986AA5 cmp eax, 3
76986AA8 jz short loc_76986AE0
76986AAA cmp eax, 4
76986AAD jz short loc_76986ACF
76986AAF cmp eax, 0FFFFFF9Dh
76986AB2 push ebx
76986AB3 jz loc_76986B86
76986AB9 push offset byte_76981898
76986ABE push edi
76986ABF call sub_7698877D
76986AC4 mov dword_769901D4, ebx
76986ACA jmp loc_76986B97

Ok, values 0, 1, 2, 3, and 4 are documented at
http://support.microsoft.com/support/kb/articles/Q222/4/73.ASP , but
what the heck is this 0ffffff9dh value that it accepts?! As you can
see, any value other than 0,1,2,3,4 and 0ffffff9dh are assumed to be
zero, which is the default of SFC enabled with popups enabled. So,
without further delay, I went and plugged 0ffffff9dh into the SfcDisable
value to see what was up. Rebooted. I'll be darned, Microsoft provided
a very,very simple way to fully disable WFP!

When booting with this value in the SFCDisable value in the WinLogon
key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon), an
event is written to the system log, ID 64032 from Windows File
Protection, with the description:
"Windows File Protection is not active on this system. ".

All attempts to replace/delete protected system files succeeded,
just as if I were in safe mode :). I rebooted a few more times and
verified that it is the one value (other than 4=popus disabled) that
is not reset to 0 after the first boot.

Windows 2000::Windows File Protection::Automation


Eeeeeviiiil Solitaire
My highest priority today is I must create an invisible automatic "thing" to remove the games from all user machines. In simpler days I would have written a BAT file to remove the EXE files and the menu items. However when you do it that way, SOL.EXE, WINMINE.EXE, FREECELL.EXE mysteriously come back.
This is because Windows File Protection maintains control over the WINNT\SYSTEM32 directory. Since SOL.EXE is such a vital part of the Windows 2000 Professional operating system it was placed in this directory to ensure it is never deleted or overwritten with a different version.
WFP maintains it's "master" copy of these files in C:\WINNT\SYSTEM32\DLLCACHE (which BTW is cleverly flagged as hidden.) If my BAT removes SOL.EXE from that directory first and then from SYSTEM32 then the file doesn't come back, but a warning message comes up during it's execution about something diabolical happening to your system files and prompting for the Windows CD.
A commandline such as: RunDll32 advpack.dll,LaunchINFSection %windir%\INF\games.inf,FreecellUninstall does not run silently and doesn't appear to work either (even though it tells me it's removing files.)
There must be some way to execute the uninstall by whatever method the control panel-add remove programs applet does it.
Any ideas? E-Mail Me PLEEEESE.
Of course if I find an elegant solution I'll put it out here.

2/25/2003

Windows 2000::Exchange 2000::Restoring mailbox items


It stinks to restore a single item or single mailbox. Basically, setup a parallel environment and restore the entire server
The following details the process.
Recovering a single Exchange mail item


Document from Live System:

a.  Exchange 2000 organization name

b.  Name of the administrative group

c.  Name of the storage group

d.  The logical database name

e.  The LegacyExchangeDN value for the admin group object


Summary:


  • Setup the Recovery Server-Install Base Server

  • Setup Forest and run ForestPrep

  • Install Exchange System Management Tools

  • Create Admin Group

  • Install Messaging and Collaboration Services

  • Install Exchange Service Pack

  • Configure Storage Group and Database Names

  • Restore database

  • Connect Mailbox to AD Account

  • Export mailbox items

  • Import mailbox items to the production server


Setup the Recovery Server-Windows 2000 standalone server



  1. Same software versions must be used to build the recovery server.

  2. Set DNS server setting to itself.

  3. NNTP and SMTP must be installed for MS Exchange


Setup Forest and run ForestPrep


Run the Dcpromo promote the server to DC.

The name of the forest doesn't matter.

Might be prompted to install DNS.

Create Forest

  1. Start Menu > Run

  2. Dcpromo

  3. Click Next

  4. Select Domain Controller for a new domain
    and click Next

  5. Select Create a new domain tree and
    click Next

  6. Select Create a new forest of domain trees
    and click Next

  7. Type RECOVER.COM (for example) in Full
    DNS name box and click Next

  8. Click Next on NetBIOS domain screen

  9. Accept defaults, click Next

  10. Accept the default, click Next

  11. Click Ok to DNS information message

  12. Select Yes, Install and configure DNS, click Next

  13. Select Permissions compatible only with
    Windows 2000 servers
    , click Next

  14. On Administrator password screen type password, confirm again, click Next

  15. Click Next on Active Directory
    Installation summary page

  16. When Installation is complete click Finish
    and Restart Now


Run ForestPrep:
If the LegacyExchangeDN is different than the default First Administrative Group
you must alter the LegacyExchangeDN on your recovery server.  You can do this only after the
schema has been extended for Exchange.


  1. Log onto the recovery server as an Administrator

  2. Start menu > Run, browse to CD-Rom, select setup.exe From
    Exch2000\Setup\I386 directory and click Ok

  3. After Install path type /Forestprep and click Okxxx



  1. Welcome screen, click Next

  2. Agreeto license agreement, click Next

  3. Enter the 25-digit Product ID, clickNext

  4. Verify Forestprep will be selected, click Next

  5. Install path must be the same as the production Exchange server. The default directory
    is c:\program files\exchsrvr Select "Create a New Exchange Organization" > click Next.

  6. Type in the Exchange 2000 organization name click Next

  7. Leave the default Administrator account, click Next, After ForestPrep completes click
    finish.



Install MS Exchange System Management Tools



DO NOT install Microsoft Exchange Messaging and Collaboration services at this time. 
Make sure that you install the management tools into the same drive and path
name as the production server.
1. Start menu > Run, browse to the CD-Rom, select setup.exe
from Exch2000\Setup\I386 directory

2.On the Welcome screen, click next

3.Agree to End User License Agreement and click Next

4.Enter the 25-digit Product ID. Click Next

5.Under the Action Column in Component Selection window, select the following
options and click Next:

·        
-Microsoft Exchange 2000
        
Install-  Microsoft Exchange System Management Tools

6.Click Next on summary page

7.After Setup is done click Next

8.If prompted to reboot, choose Yes.

Create Admin Group



  1. Log in to the recovery domain as Administrator

  2. Start menu > Programs > Microsoft > Exchange,
    click System Manager

  3. Right Click Administrative Groups Choose New > Administrative
    Group

  4. Type in the name of the Administrative group exactly as it appears on the production
    server and click Ok

  5. Close Exchange System Manager



Install Messaging and Collaboration Services



  1. Start menu > Run, browse to the CD-Rom and select setup.exe
    From Exch2000\Setup\I386 and click Ok

  2. Click Next on Welcome screen

  3. Under the Action Column in the Component Selection window select the following options and click Next:


        
-Microsoft Exchange 2000
        
Exchange Messaging and Collaboration Services

  1. Agree to licensing agreement, click Next

  2. On the Exchange Summary page click Next

  3. After Setup is complete click Finish



Install MS Exchange Service Pack



  1. Start menu > Run, browse to the CD-Rom and select setup.exe
    From Exch2000\SP2\Setup\I386 and click Ok

  2. Click Next at the Welcome Screen

  3. Verify Update is
    displayed in the Action menu.

  4. - Microsoft Exchange 2000

    - Microsoft Exchange Messaging and Collaboration

    Update- Microsoft Exchange System Management Tools

  5. Click Next

  6. Click Next on summary page to start the installation process

  7. When done, hit Finish

  8. Click Yes if asked to
    reboot the machine



Configure Storage Group and Database Names



  1. Log in to the recovery domain as Administrator

  2. Start menu > Programs > Microsoft Exchange,click System Manager

  3. Highlight Name

  4. click, select Properties

  5. In Administrative Views Check:

    ·        
    Display routing groups

    ·        
    Display administrative groups

  6. Click Ok and Ok

  7. Expand Administrative Groups, Administrative Group, Servers, the
    Recovery
    Server,and First Storage Group

  8. click Mailbox store, select rename

  9. Type the name exactly as it appears on the production server and press Return


If restoring a database located in a different Storage group than the default
First
Storage Group or the First Storage Group name has been
changed, you must rename the Storage Group also.  To rename the Storage
Group, Repeat steps 7-8 (clicking on the storage group, not the store.)

Restore the Database


From the recovery server



  1. Verify the Exchange services are running:


    ·        
    Microsoft Exchange System Attendant

    ·        
    Microsoft Exchange Information Store

    ·        
    Microsoft Exchange MTA Stacks

  2. Start System Manager

  3. Expand Administrator Groups 

  4. Expand the Administrative Group, Servers,Recovery Server
    and the Storage Group where the database is located

  5. click on the database, and choose Dismount store.

  6. Select yes to continue.  The dismount process may take a few minutes

  7. Select properties of the Information Store on the Database tab,
    click This database can be overwritten by a restore


From the backup server



  1. Open Veritas

  2. Select the Restore Selections Tab

  3. Browse to find the production server, Expand the Storage Group to restore

  4. Select the Media Set to restore.  (Click properties to view the backup date and type)

  5. Click Select and Save Selection, type a name for the restore selection

  6. Click Job Definitions Tab and right click, click new and restore job

  7. Under Job name type a name for the restore

  8. Click Selections tab and under selection list names browse to find the selection
    name created in step 7

  9. Select the Redirection tab, check Exchange database sets and type the name of the
    recovery server.

  10. Select the Exchange tab and uncheck all checkboxes under Exchange v5.0, v5.5

  11. Uncheck the No Loss Restore (do not delete existing log files) Option

  12. Click Run Now

  13. To view the progress of the restore Click Job Monitor Tab


Connect Mailbox to Active Directory Account


After the database has been restored, it will automatically be mounted.   Mailboxes will not have an
Active Directory account associated with them.
Create Recovery Account

  1. Start menu > Programs > Microsoft Exchange > Active Directory Users and Computers

  2. Actions > New > select User

  3. Follow the new user wizard (First name and user logon name are the only required names)

  4. Uncheck the option to create an Exchange mailbox for the user

  5. Click Next and then Finish

  6. Close Active Directory Users and Computers


Connect Mailbox to Recovery Account

  1. Open Exchange System Manager

  2. Expand the Administrator Groups

  3. Expand the Administrative Group, Servers, Recovery Server
    and Storage Group

  4. Expand Mailbox Store

  5. click Mailboxes, Select Run Cleanup Agent

  6. Locate the mailbox that you wish to restore data from (with Red X)

  7. Right Click and Select Reconnect

  8. select the recovery account created previously. Click Ok

  9. Click Ok twice


Export mailbox items from the Recovery server


Create a new Outlook profile and export mail items to a .PST file.
Export the Mail Items

  1. Open Outlook against the recovery mail server

  2. Click Import and Export from the File Menu

  3. Follow the Wizard and select Export to a File , clickNext

  4. SelectPersonal Folder File (.pst) and clickNext

  5. Highlight the top level folder

  6. Select Include subfolders

  7. Click Next

  8. The default .PST location is C:\Documents and Settings\%username%\
    Local Settings\Application Data\Microsoft\Outlook

  9. Enter file location then click Ok

  10. Leave the default Options which should be Replace duplicates with items
    exported
    and click Finish

  11. Click Ok to summary page and be sure not to change any of the encryption or
    passwordsettings

  12. Click Exit from the
    File menu to exit Outlook


Import mailbox items to the production server


  • Gain access to the users mailbox & create mail profile

  • Import the Mail Items

    1. Open Outlook on production system

    2. Click Import and Export off File Menu

    3. Follow the Wizard and select Import from another program or file and click Next

    4. Select Personal Folder File (.pst) and click Next

    5. The default location is
      C:\Documents and Settings\%username%\Local Settings\Application
      Data\Microsoft\Outlook

    6. Input file location and click Ok

    7. Change the options to Do not import duplicates and click Next

    8. Leave the default items selected and verify that the items are being imported into the users Mailbox

    9. Click Finish




    DONE!
  • Windows 2000::Automating::Removing Games


    ! Games (and other accessories) don't show up under Add/Remove Programs, Windows Components !
    Go to C:\WINNT\INF\ and find the SYSOC.INF file. Find the section that looks like:

    Games=ocgen.dll,OcEntry,games.inf,HIDE,7
    AccessUtil=ocgen.dll,OcEntry,accessor.inf,HIDE,7
    CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
    media_clips=ocgen.dll,OcEntry,mmopt.inf,HIDE,7
    MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
    AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
    Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
    MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7

    and remove "HIDE" from the ones you want to make visible. For instance to open up the Games, make it look like this:

    Games=ocgen.dll,OcEntry,games.inf,,7
    AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
    CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
    media_clips=ocgen.dll,OcEntry,mmopt.inf,HIDE,7
    MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
    AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
    Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
    MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7

    2/24/2003

    Windows::Networking::NetBios


    Using Perl::NetAdmin, getserver. These are hex values needed to interpret results.
    # NetBIOS Suffixes (16th Character of the NetBIOS Name)
    my %wins_status = (
    'Workstation Service' => 0x00,
    'Messenger Service' => 0x01,
    'Messenger Service' => 0x03,
    'RAS Server Service' => 0x06,
    'NetDDE Service' => 0x1F,
    'File Server Service' => 0x20,
    'RAS Client Service' => 0x21,
    'Microsoft Exchange Interchange(MSMail Connector)'=> 0x22,
    'Microsoft Exchange Store' => 0x23,
    'Microsoft Exchange Directory' => 0x24,
    'Modem Sharing Server Service' => 0x30,
    'Modem Sharing Client Service' => 0x31,
    'SMS Clients Remote Control' => 0x43,
    'SMS Administrators Remote Control Tool' => 0x44,
    'SMS Clients Remote Chat' => 0x45,
    'SMS Clients Remote Transfer' => 0x46,
    'DEC Pathworks TCPIP service on Windows NT' => 0x4C,
    'DEC Pathworks TCPIP service on Windows NT' => 0x52,
    'Microsoft Exchange MTA' => 0x87,
    'Microsoft Exchange IMC' => 0x6A,
    'Network Monitor Agent' => 0xBE,
    'Network Monitor Application' => 0xBF,
    'Domain Master Browser' => 0x1B,
    'Domain Controllers' => 0x1C,
    'Master Browser' => 0x1D,
    'Browser Service Elections' => 0x1E,
    'IIS' => 0x1C,
    'Lotus Notes Server Service' => [0x2B],
    'Lotus Notes' => [0x2F],
    'Lotus Notes' => [0x33],
    'DCA IrmaLan Gateway Server Service' => [0x20]
    );

    my %sv_flags = (
    WORKSTATION => 0x00000001,
    SERVER => 0x00000002,
    SQLSERVER => 0x00000004,
    DOMAIN_CTRL => 0x00000008,
    DOMAIN_BAKCTRL => 0x00000010,
    TIME_SOURCE => 0x00000020,
    AFP => 0x00000040,
    NOVELL => 0x00000080,
    DOMAIN_MEMBER => 0x00000100,
    PRINTQ_SERVER => 0x00000200,
    DIALIN_SERVER => 0x00000400,
    SERVER_UNIX => 0x00000800,
    NT => 0x00001000,
    WFW => 0x00002000,
    SERVER_MFPN => 0x00004000,
    SERVER_NT => 0x00008000,
    POTENTIAL_BROWSER=> 0x00010000,
    BACKUP_BROWSER => 0x00020000,
    MASTER_BROWSER => 0x00040000,
    DOMAIN_MASTER => 0x00080000,
    SERVER_OSF => 0x00100000,
    SERVER_VMS => 0x00200000,
    WIN95_PLUS => 0x00400000,
    ALTERNATE_XPORT => 0x20000000,
    LOCAL_LIST_ONLY => 0x40000000,
    DOMAIN_ENUM => 0x80000000
    );

    # NetBIOS flags
    my %nb_flags = (
    NB_GROUP => 0x80,
    NB_PERM => 0x02,
    NB_ACTIVE => 0x04,
    NB_CONFL => 0x08,
    NB_DEREG => 0x10,
    'Broadcast node type' => 0x00, # NB_BFLAG
    'Point-to-point node type' => 0x20, # NB_PFLAG
    'Mixed bcast & p-p node type' => 0x40, # NB_MFLAG
    'Microsoft hybrid node type' => 0x60, # NB_HFLAG
    'Mask applied to outgoing NetBIOS flags' => 0xE0 # NB_FLGMSK
    );

    2/19/2003

    Windows::Automation::Uninstall Games



    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/setupapi/setup/installhinfsection.asp

    rundll32 setupapi.dll,InstallHinfSection FreecellUninstall 132 c:\winnt\inf\games.inf

    repeat for other sections in the games.inf file.

    SPAM::Internet Mail::Link


    Great website:
    http://www.spews.org/

    2/17/2003

    Windows::Network Management::Scripting::Get Serial Number of Remote Machine


    I need to query all the machines in Network neighborhood to get their serial numbers.
    This WSH script is a place to start:
    ComputerName = InputBox("Enter the name of the computer you wish to query")
    winmgmt1 = "winmgmts:{impersonationLevel=impersonate}!//"& ComputerName &""
    'WScript.Echo winmgmt1
    Set SNSet = GetObject( winmgmt1 ).InstancesOf ("Win32_BIOS")
    for each SN in SNSet
    MsgBox "The serial number for the specified computer is: " & SN.SerialNumber
    Next

    Ideally this would be a perl script that generates an HTML report of all the machine names and serial numbers (and IP numbers.) This could be launched via a weblink on server and get back report.
    The next step would be to compile a txt file with a listing of all the serial numbers found so far and as the discovery is being done only add the new ones to the list.

    Windows 2000::Registry::ComputerName


    Looking for ComputerName in registry. I found it a few places. A good one to query is:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
    ComputerName\ActiveComputerName\Computer

    Name is the current NetBIOS computer name.

    2/16/2003

    Windows::Networking::Ports & Protocols

    Good resource for what ports are used by what services
    I'm trying to get performance monitor working through a firewall so I can check performance stats on a machine on a "DMZ" segment from another segment. I came across an excellent resource on Microsoft Technet
    Port
    TCP/UDP
    Service Name
    42
    TCP
    WINS Replication
    47
    TCP
    GRE for PPTP
    53
    UDP
    DNS Name Resolution
    53
    TCP
    DNS
    67
    UDP
    DHCP Lease (BOOTP)
    68
    UDP
    DHCP Lease
    88
    UDP
    Kerberos
    135
    TCP
    Location Service (RPC, RPC EP Mapper, WINS Manager, DHCP Manager, MS DTC)
    137
    UDP
    NetBIOS Name Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Secure Channel, Pass Through Validation, Browsing, Printing)
    137
    TCP
    WINS Registration
    138
    UDP
    NetBIOS Datagram Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, NetLogon, Browsing, Printing)
    139
    TCP
    NetBIOS Session Service (NBT, SMB, File Sharing, Printing, Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, Windows NT 4.0 Administration Tools [Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administrator])
    389
    TCP/UDP
    LDAP
    500
    TCP/UDP
    ISAKMP/Oakley negotiation traffic (IPSec)
    522
    TCP
    User Location Store
    636
    TCP/UDP
    LDAP (over TLS/SSL)
    750
    UDP
    Kerberos Authentication
    750
    TCP
    Kerberos Authentication
    751
    UDP
    Kerberos Authentication
    751
    TCP
    Kerberos Authentication
    752
    UDP
    Kerberos Password Server
    753
    UDP
    Kerberos User Registration Server
    754
    TCP
    Kerberos Slave Propagation
    888
    TCP
    Logon and Environment Passing
    Dynamic
    TCP
    Directory Replication
    1109
    TCP
    POP with Kerberos
    1723
    TCP
    PPTP Control Channel (IP Protocol 47 – GRE)
    2053
    TCP
    Kerberos de-multiplexor
    2105
    TCP
    Kerberos encrypted login
    3268

    Global Catalog
    3269

    Global Catalog
    3389
    RDP
    Terminal Services
    The following is a list of ports and protocols for Microsoft Exchange 2000 Server services.
    Port
    TCP/UDP
    Service Name
    25
    TCP
    SMTP
    80
    TCP
    HTTP
    102
    TCP
    MTA – X.400 over TCP/IP
    110
    TCP
    POP3
    119
    TCP
    NNTP
    135
    TCP
    Client/Server Communication, RPC, Exchange Administration
    143
    TCP
    IMAP4
    389
    TCP
    LDAP
    443
    TCP
    HTTP (SSL)
    465
    TCP
    SMTP (SSL)
    563
    TCP
    NNTP (SSL)
    636
    TCP
    LDAP (SSL)
    993
    TCP
    IMAP4 (SSL)
    995
    TCP
    POP3 (SSL)
    1720
    TCP
    H.323 Call Setup
    1731
    TCP
    Audio Call Control
    2980
    TCP/UDP
    Instant Messaging Service
    Dynamic
    TCP
    H.323 Call Control
    Dynamic
    UDP
    H.323 Call (RTP Over UDP)

    2/11/2003

    Internet::E-Mail::Security

    Test your e-mail system for vulnerabilities
    I don't use the product sold at the link below, so I can't recommend for or against it.
    However, they will automatically generate several test e-mails to determine your level of exposure
    to various exploits commonly sent via e-mail. I found a few adjustments I needed to make to my e-mail gateway.
    http://www.gfi.com/emailsecuritytest

    2/10/2003

    Outlook::Exchange::Public Folder::Define default public folder view

    I want to make a custom view the default view for everyone who views my public folder.
    To create a default custom view for a public folder, follow these steps:
  • Log on to the Outlook client as the owner of a public folder, and select the public folder.

  • Customize the public folder to the desired view. This can be done using the menu items for View.

  • Save the custom view by clicking on View menu, then Define Views, and selecting Current View Settings. Click Copy, and then type in your view name. Then select This folder, visible to everyone. Click OK, then Close.

  • To select a custom view for a public folder, follow these steps:
  • Log on to the Outlook client as the owner of a public folder.

  • Right-click on the folder, and select Properties. Select the Administration tab.

  • NOTE:  If users have already customized their view for that public folder, their view will stay until they specifically choose a different view. All users that have not customized the public folder view will receive the newly selected public folder view.

    From: MS KB#202186 http://support.microsoft.com/default.aspx?scid=kb;en-us;202186

    2/04/2003

    Internet::E-Mail::Testing

    e-mail autoresponder addresses
    I like to have the ability to do a quick test of my e-mail system a few times throughout the day. I've gotten in the habit of sending a message to an autoresponder.
    The one I liked best, echo@psi.com, quit working. It's been quite some time so I've given up hope that it was just a temporary problem. I liked it because it echoed back the message you sent it. I always used a message with the time I sent it as the subject that gave me a response time for comparison without having to figure it out myself.
    Some other options I found while searching:
    1. echo@osi.com.au - a long physical distance from the us so it takes a little while. It also doesn't echo back you exact same message so it is not as helpful or useful in as many ways.
    2. spam.echo@clearswift.com - will send you back a test spam message.
    3. test@sstar.com - will send you back a message containing a list of other autoresponders: (I haven't tried them all yet.)
    test@bayonne.net - doesn't work.
    test@buscom.net - works
    test@buscomnet.com -
    test@cshore.com - works
    test@digiplay.com
    test@ifxgroup.net
    test@tcmetro.net
    test@toltbbs.com
    test@tznet.com
    test@zzapp.org
    4. You could setup your own with a yahoo account and a vacation response or a hotmail account with an alert e-mail to your internal e-mail address or pager.

    E-Mail me any others you know of or any other ideas you have for verifying e-mail connectivity.