Monday, September 27, 2010
Thursday, September 23, 2010
Troubleshooting info from Windows XP BSOD error messages
Microsoft Windows XP systems are notorious for crashing for any number of reasons and in a number of ways. Some of these crashes are mild and can easily be overcome simply by closing a non-responding application or by rebooting the system. However, others are more serious and can bring the entire system to its knees. Microsoft calls these types of crashes “Stop errors” because the operating system stops responding. When a Stop error occurs, the GUI is replaced by a DOS-like blue screen with a cryptic error message followed by a code number. This screen is affectionately referred to as the Blue Screen Of Death, or BSOD for short.
Common BSODs in Windows XP
Now that you have a good idea of how to dissect a BSOD and pull out the relevant pieces of information from all the gibberish on the screen, let’s look at some of the more common BSODs in Windows XP. I’ll only cover just a few of the BSOD conditions, but there are lots of possible Stop errors. For each BSOD I discuss, I’ll provide a link to an article on the Microsoft Knowledge Base that covers that particular Stop error. (Since more than one article might address a Stop error, you may want to search the Knowledge Base if you discover that you need more information.)
STOP:0×0000000A
IRQL_NOT_LESS_OR_EQUAL
This Stop error, which can be caused by either software or hardware, indicates that a kernel-mode process or driver attempted to access a memory location it did not have permission to access or a memory location that exists at a kernel interrupt request level (IRQL) that was too high. A kernel-mode process can access other only processes that have an IRQL that’s equal to or lower than its own.
Troubleshooting a Stop 0×0000000A error in Windows XP
STOP: 0×0000001E
KMODE_EXCEPTION_NOT_HANDLED
This Stop error indicates that indicates that the Windows XP kernel detected an illegal or unknown processor instruction. The problems that cause this Stop error can be either software or hardware related and result from invalid memory and access violations, which are intercepted by Windows’ default error handler if error-handling routines are not present in the code itself.
Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors
STOP: 0×00000050
PAGE_FAULT_IN_NONPAGED_AREA
This Stop error indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop error.
Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors
STOP: 0×0000007B
INACCESSIBLE_BOOT_DEVICE
This Stop error indicates that Windows XP has lost access to the system partition or boot volume during the startup process. Installing incorrect device drivers when installing or upgrading storage adapter hardware typically causes this Stop error. This error could also indicate a possible virus infection.
Troubleshooting Stop 0×0000007B or “0×4,0,0,0″ Error
STOP: 0×0000007F
UNEXPECTED_KERNEL_MODE_TRAP
This Stop error indicates a hardware problem resulting from mismatched memory, defective memory, a malfunctioning CPU, or a fan failure that’s causing overheating.
General causes of “STOP 0×0000007F” errors
STOP: 0×0000009F
DRIVER_POWER_STATE_FAILURE
This Stop error indicates that a driver is in an inconsistent or invalid power state. This Stop error typically occurs during events that involve power state transitions, such as shutting down, or moving in or out of standby or hibernate mode.
Troubleshooting a Stop 0×9F Error in Windows XP
STOP: 0×000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL
This Stop error indicates that the system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by faulty or mismatched RAM or a damaged pagefile.
Error Message with RAM Problems or Damaged Virtual Memory Manager
STOP: 0×000000EA
THREAD_STUCK_IN_DEVICE_DRIVER\
This Stop error indicates that a device driver problem is causing the system to pause indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter or a faulty video driver.
Error message: STOP 0×000000EA THREAD_STUCK_IN_DEVICE_DRIVER
STOP: 0×00000024
NTFS_FILE_SYSTEM
This Stop error indicates that a problem occurred within Ntfs.sys, the driver file that allows the system to read and write to drives formatted with the NTFS file system. (A similar Stop message, 0×00000023, exists for the file allocation table [FAT16 or FAT32)] file systems.)
Troubleshooting Stop 0×24 or NTFS_FILE_SYSTEM Error Messages
STOP: 0xC0000218
UNKNOWN_HARD_ERROR
This Stop error indicates that a necessary registry hive file could not be loaded. The file may be corrupt or missing. The registry file may have been corrupted due to hard disk corruption or some other hardware problem. A driver may have corrupted the registry data while loading into memory or the memory where the registry is loading may have a parity error.
How to Troubleshoot a Stop 0xC0000218 Error Message
STOP: 0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH
This Stop message indicates driver, system file, or disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this Stop message to appear.
“STOP: C0000221 unknown hard error” or “STOP: C0000221 STATUS_IMAGE_CHECKSUM_MISMATCH” error message occurs
Common BSODs in Windows XP
Now that you have a good idea of how to dissect a BSOD and pull out the relevant pieces of information from all the gibberish on the screen, let’s look at some of the more common BSODs in Windows XP. I’ll only cover just a few of the BSOD conditions, but there are lots of possible Stop errors. For each BSOD I discuss, I’ll provide a link to an article on the Microsoft Knowledge Base that covers that particular Stop error. (Since more than one article might address a Stop error, you may want to search the Knowledge Base if you discover that you need more information.)
STOP:0×0000000A
IRQL_NOT_LESS_OR_EQUAL
This Stop error, which can be caused by either software or hardware, indicates that a kernel-mode process or driver attempted to access a memory location it did not have permission to access or a memory location that exists at a kernel interrupt request level (IRQL) that was too high. A kernel-mode process can access other only processes that have an IRQL that’s equal to or lower than its own.
Troubleshooting a Stop 0×0000000A error in Windows XP
STOP: 0×0000001E
KMODE_EXCEPTION_NOT_HANDLED
This Stop error indicates that indicates that the Windows XP kernel detected an illegal or unknown processor instruction. The problems that cause this Stop error can be either software or hardware related and result from invalid memory and access violations, which are intercepted by Windows’ default error handler if error-handling routines are not present in the code itself.
Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors
STOP: 0×00000050
PAGE_FAULT_IN_NONPAGED_AREA
This Stop error indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop error.
Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors
STOP: 0×0000007B
INACCESSIBLE_BOOT_DEVICE
This Stop error indicates that Windows XP has lost access to the system partition or boot volume during the startup process. Installing incorrect device drivers when installing or upgrading storage adapter hardware typically causes this Stop error. This error could also indicate a possible virus infection.
Troubleshooting Stop 0×0000007B or “0×4,0,0,0″ Error
STOP: 0×0000007F
UNEXPECTED_KERNEL_MODE_TRAP
This Stop error indicates a hardware problem resulting from mismatched memory, defective memory, a malfunctioning CPU, or a fan failure that’s causing overheating.
General causes of “STOP 0×0000007F” errors
STOP: 0×0000009F
DRIVER_POWER_STATE_FAILURE
This Stop error indicates that a driver is in an inconsistent or invalid power state. This Stop error typically occurs during events that involve power state transitions, such as shutting down, or moving in or out of standby or hibernate mode.
Troubleshooting a Stop 0×9F Error in Windows XP
STOP: 0×000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL
This Stop error indicates that the system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by faulty or mismatched RAM or a damaged pagefile.
Error Message with RAM Problems or Damaged Virtual Memory Manager
STOP: 0×000000EA
THREAD_STUCK_IN_DEVICE_DRIVER\
This Stop error indicates that a device driver problem is causing the system to pause indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter or a faulty video driver.
Error message: STOP 0×000000EA THREAD_STUCK_IN_DEVICE_DRIVER
STOP: 0×00000024
NTFS_FILE_SYSTEM
This Stop error indicates that a problem occurred within Ntfs.sys, the driver file that allows the system to read and write to drives formatted with the NTFS file system. (A similar Stop message, 0×00000023, exists for the file allocation table [FAT16 or FAT32)] file systems.)
Troubleshooting Stop 0×24 or NTFS_FILE_SYSTEM Error Messages
STOP: 0xC0000218
UNKNOWN_HARD_ERROR
This Stop error indicates that a necessary registry hive file could not be loaded. The file may be corrupt or missing. The registry file may have been corrupted due to hard disk corruption or some other hardware problem. A driver may have corrupted the registry data while loading into memory or the memory where the registry is loading may have a parity error.
How to Troubleshoot a Stop 0xC0000218 Error Message
STOP: 0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH
This Stop message indicates driver, system file, or disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this Stop message to appear.
“STOP: C0000221 unknown hard error” or “STOP: C0000221 STATUS_IMAGE_CHECKSUM_MISMATCH” error message occurs
Reaset Print Spooler Services In XP
If you were looking for a way to reset the print spooler on a Mac but ran across this article, check out this previous post. Otherwise, here was the situation. I had a user who was having issues printing on a Windows XP computer. The print spooler would crash, and even if the spooler was running the Printers folder would lock up if you tried to look at it. I did some digging and found an article that solved my problem, and also pointed to Microsoft KB 324757. I tweaked the steps a little to fit my situation, and didn't use safe mode, but it still worked. Here's what to do:
1. Stop the print spooler service if it's running, but leave the window open because you'll need to start it again at the end. If you don't know how to stop or restart the spooler, check out my previous post
2. Navigate to C:\Windows\system32\spool\printers\ and delete all the files you find there
3. Now go into C:\Windows\system32\spool\drivers\w32x86\ and delete all the files you find there
4. Open the registry editor. To do that, go to Start->Run, then type regedit and click Ok
At this point make sure you follow the directions exactly. Any changes to the registry are immediate, and have the potential to corrupt your Windows install if not done correctly.
5. In the registry editor, navigate to HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Print->Environments->Windows NT x86
6. Expand the Windows NT x86 key. You should only see "Drivers" and "Print Processors". If there is anything else there delete it
7. Expand "Drivers", then expand the Version-x folder. I'm guessing it will be Version-3 for most of you, but the number may differ. Delete all the folders within the Version-x folder. These correspond to drivers installed on your system
8. Now go to HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Print->Monitors
9. There should be 5 keys here: "BJ Language Monitor", "Local Port", "PJL Language Monitor", "Standard TCP/IP Port", and "USB Monitor". If you have any others, delete them.
10. Close the Registry Editor
11. Start the print spooler service
12. Restart the computer and reinstall your printer(s)
1. Stop the print spooler service if it's running, but leave the window open because you'll need to start it again at the end. If you don't know how to stop or restart the spooler, check out my previous post
2. Navigate to C:\Windows\system32\spool\printers\ and delete all the files you find there
3. Now go into C:\Windows\system32\spool\drivers\w32x86\ and delete all the files you find there
4. Open the registry editor. To do that, go to Start->Run, then type regedit and click Ok
At this point make sure you follow the directions exactly. Any changes to the registry are immediate, and have the potential to corrupt your Windows install if not done correctly.
5. In the registry editor, navigate to HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Print->Environments->Windows NT x86
6. Expand the Windows NT x86 key. You should only see "Drivers" and "Print Processors". If there is anything else there delete it
7. Expand "Drivers", then expand the Version-x folder. I'm guessing it will be Version-3 for most of you, but the number may differ. Delete all the folders within the Version-x folder. These correspond to drivers installed on your system
8. Now go to HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Print->Monitors
9. There should be 5 keys here: "BJ Language Monitor", "Local Port", "PJL Language Monitor", "Standard TCP/IP Port", and "USB Monitor". If you have any others, delete them.
10. Close the Registry Editor
11. Start the print spooler service
12. Restart the computer and reinstall your printer(s)
Tuesday, September 21, 2010
Double click on a drive opens in new window
Problem:
When i double-click on a drive, it opens in new window. What is the problem, Is it because of a virus. Please help me.
Solution:
Open any explorer window, Click on Tools >> Folder options >> View.
Click on restore defaults.
If this does not solve your problem the it may be because of a virus attack.
You can perform the following steps to get rid of this.
Solution 1
Open start menu and click Run.
Type regsvr32 /i shell32.dll
Click Ok and if this message shows “DllRegisterServer and DllInstall in shell32.dll succeeded” that means the problem is solved.
Solution 2
In Run type regedit.exe to open the registry editor.
Traverse to HKEY_CLASSES_ROOT/Directory/Shell
Double click on the default value on right and set it as “none”.
Repeat the procedure for the key HKEY_CLASSES_ROOT/Drive/Shell.
Solution 3
Alternatively, you can download a registry file and merge it with your registry by double clocking it. Reboot your system after merging the file.
One of the methods listed above will definitely solve your problem.
When i double-click on a drive, it opens in new window. What is the problem, Is it because of a virus. Please help me.
Solution:
Open any explorer window, Click on Tools >> Folder options >> View.
Click on restore defaults.
If this does not solve your problem the it may be because of a virus attack.
You can perform the following steps to get rid of this.
Solution 1
Open start menu and click Run.
Type regsvr32 /i shell32.dll
Click Ok and if this message shows “DllRegisterServer and DllInstall in shell32.dll succeeded” that means the problem is solved.
Solution 2
In Run type regedit.exe to open the registry editor.
Traverse to HKEY_CLASSES_ROOT/Directory/Shell
Double click on the default value on right and set it as “none”.
Repeat the procedure for the key HKEY_CLASSES_ROOT/Drive/Shell.
Solution 3
Alternatively, you can download a registry file and merge it with your registry by double clocking it. Reboot your system after merging the file.
One of the methods listed above will definitely solve your problem.
NTDS.DIT
KCC: (Knowledge Consistency Checker):
It is a service of A.D., which is responsible for intimating, or updating the changes made either in DC or ADC.
Active Directory is saved in a file called NTDS.DIT
C:\windows\ntds\ntds.dit
NTDS.DIT - New Technology Directory Services. Directory Information Tree
It is a file logically divided into four partitions.
1. Schema partition
2. Configuration partition
3. Domain partition
4. Application partition
It is a set of rules schema defines AD, it is of 2 parts classes & attributes.
Ad is constructed with the help of classes and attributes.
1. Schema:
Logical partition in AD database “template” for AD database.
· Forms the database structures in which data is stored.
· Extensible
· Dynamic
· Protect by ACL (Access Control Lists) DACLs and SACLs (Directory&System ACLs)
· One schema for AD forest.
Collection of objects is called class.
Piece of information about the object is called attribute.
2. Configuration Partition:
Logical partition in AD database.
1 “map” of AD implementation
2 Contains information used for replication logon searches.
3 Domains
4 Trust relationships
5 Sites& site links
6 Subnets
7 Domain controller locations.
3. Domain Partition:
1 Logical partition in AD database.
2 Collections of users, computers, groups etc.
3 Units of replication.
4 Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain.
5 DCs do not replicate domain partition information for other domains
4. Application Partition:
1 It is a newly added partition in win2003. It can be added or removed
2 It can be replicated only to the specified DCs.
3 Useful when we are using AD integrated services like DNS, TAPI services etc..
It is a service of A.D., which is responsible for intimating, or updating the changes made either in DC or ADC.
Active Directory is saved in a file called NTDS.DIT
C:\windows\ntds\ntds.dit
NTDS.DIT - New Technology Directory Services. Directory Information Tree
It is a file logically divided into four partitions.
1. Schema partition
2. Configuration partition
3. Domain partition
4. Application partition
It is a set of rules schema defines AD, it is of 2 parts classes & attributes.
Ad is constructed with the help of classes and attributes.
1. Schema:
Logical partition in AD database “template” for AD database.
· Forms the database structures in which data is stored.
· Extensible
· Dynamic
· Protect by ACL (Access Control Lists) DACLs and SACLs (Directory&System ACLs)
· One schema for AD forest.
Collection of objects is called class.
Piece of information about the object is called attribute.
2. Configuration Partition:
Logical partition in AD database.
1 “map” of AD implementation
2 Contains information used for replication logon searches.
3 Domains
4 Trust relationships
5 Sites& site links
6 Subnets
7 Domain controller locations.
3. Domain Partition:
1 Logical partition in AD database.
2 Collections of users, computers, groups etc.
3 Units of replication.
4 Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain.
5 DCs do not replicate domain partition information for other domains
4. Application Partition:
1 It is a newly added partition in win2003. It can be added or removed
2 It can be replicated only to the specified DCs.
3 Useful when we are using AD integrated services like DNS, TAPI services etc..
Transfer of FSMO Roles
We can transfer the roles for some temporary maintenance issues on to ADC and again we can transfer back the roles onto DC.
We can transfer the roles in two ways
1. Command mode
2. Graphical mode
Transfer of roles through command:
On DC
Go to command prompt and type ntdsutil
Type: roles
Connections
Connect to server (name of ADC ex.sys2)
Q
Transfer schema master
Transfer RID master
Transfer infrastructure master
Transfer PDCQ
Q
Exit
Transferring roles using GUI:
On DC
Register the schema
For registering schema
Start > run > regsvr32 schmmgmt.dll
Transferring schema master
On Dc
Start>Run>mmc>click on file> select add/remove snap in
Select A.D.Schema>add>close>ok
From console root
Expand console root
Right click AD Schema
Change domain controller
Specify name
Ok
Right click AD schema
Select operations master
Click on change
Yes> ok> file> exit (need not to save)
Transferring Domain naming master:
On DC
Start>p>admin tools> ADDT>right click on ADDT
Connect to domain controller
Select ADC
Ok
Right click on ADDT
Operations master
Click on change>yes>ok> close
Transferring Domain wide master operations:
Start >p>admin tools> ADUC
Right click on ADUC
Connect to DC
Select ADC > ok
Right click on Domain name
Select operations master
Change>yes
Select PDC> change>yes>select infrastructure>change>close>close.
FSMO Roles:
Flexible Single Master Operations Roles :
Forest wide Master Operation:
1. Schema master 2.Domain Naming master
Domain wide master operation:
3. PDC emulator
4. RID master
5. Infrastructure master
1.Schema Master:
Responsible for overall management of the entire schema in a forest.
The first DC installed acts as a schema master in the entire forest.
There can be only one schema master in the entire forest
2.Domain Naming Master:
Responsible for addition /removal of domains.
It maintains the uniqueness of domain names.
There can be only one DNM in the entire forest.
3. PDC emulator:
PDC provides backward compatibility for existing NT BDCs and workstations. (If it is running in mixed mode)
PDC updates the password changes made by the users.
It is also responsible for synchronizing the time.
There can be only one PDC emulator per domain.
4. RID master:
Responsible for assigning unique IDs to the objects created in the domain.
There can be only one RID master per domain
SID – Security Identifier it maintains a access control list. It is divided into two parts.
1. DID (Domain Identifier)
2. RID (Relative Identifier)
For knowing the SID of the user
>Start>run>cmd> whoami /user.
5. Infrastructure master:
Responsible for maintaining the updates made to the user & group membership.
It also maintains universal group membership.
There can be only one infrastructure master per domain
The term flexibility means we can transfer any of the 5 roles from DC to ADC
Forest wide Master Operation:
1. Schema master 2.Domain Naming master
Domain wide master operation:
3. PDC emulator
4. RID master
5. Infrastructure master
1.Schema Master:
Responsible for overall management of the entire schema in a forest.
The first DC installed acts as a schema master in the entire forest.
There can be only one schema master in the entire forest
2.Domain Naming Master:
Responsible for addition /removal of domains.
It maintains the uniqueness of domain names.
There can be only one DNM in the entire forest.
3. PDC emulator:
PDC provides backward compatibility for existing NT BDCs and workstations. (If it is running in mixed mode)
PDC updates the password changes made by the users.
It is also responsible for synchronizing the time.
There can be only one PDC emulator per domain.
4. RID master:
Responsible for assigning unique IDs to the objects created in the domain.
There can be only one RID master per domain
SID – Security Identifier it maintains a access control list. It is divided into two parts.
1. DID (Domain Identifier)
2. RID (Relative Identifier)
For knowing the SID of the user
>Start>run>cmd> whoami /user.
5. Infrastructure master:
Responsible for maintaining the updates made to the user & group membership.
It also maintains universal group membership.
There can be only one infrastructure master per domain
The term flexibility means we can transfer any of the 5 roles from DC to ADC
Remove open with menu or Search menu when we click on any drive
The symptom occurs because when autorun.vbs is created by trojan horse or virus.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Userinit=userinit.exe,autorun.exe Finally, autorun.bat will call wscript.exe to run autorun.vbs.
To correct and solve this error, follow this steps:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar) Stop wscript.exe process if available by highlighting the process name and clicking End Process. Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Runâ?¦). Type â??cmdâ?? (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
OR
Go to Start
!
Run
!
cmd
!
ok
!
If you want to remove the infeced file from c drive then type c:
!
Press Enter
!
Type attrib autorun.inf -s -h -r
!
Press enter
!
del autorun.inf
!
Press enter
!
do the same in all infected Drives
!
Restart the System
OR
Once the Autorun.inf is infected it is not easy to delete it.
If you do the normal delete command, the autorun.inf keep coming back after you remove it.
Here is a way how to remove the infected Autorun.inf permanently:
Boot your system in safemode
!
Open your flash drive via command prompt (start>>run>>cmd.exe)
!
Activate your flash drive (e.g. flash drive is in J:, just type J:on the command prompt - don’t forget to press enter)
!
Type ATTRIB -H -R -S AUTORUN.INF then press “Enter”
!
Reboot your PC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Userinit=userinit.exe,autorun.exe Finally, autorun.bat will call wscript.exe to run autorun.vbs.
To correct and solve this error, follow this steps:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar) Stop wscript.exe process if available by highlighting the process name and clicking End Process. Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Runâ?¦). Type â??cmdâ?? (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
OR
Go to Start
!
Run
!
cmd
!
ok
!
If you want to remove the infeced file from c drive then type c:
!
Press Enter
!
Type attrib autorun.inf -s -h -r
!
Press enter
!
del autorun.inf
!
Press enter
!
do the same in all infected Drives
!
Restart the System
OR
Once the Autorun.inf is infected it is not easy to delete it.
If you do the normal delete command, the autorun.inf keep coming back after you remove it.
Here is a way how to remove the infected Autorun.inf permanently:
Boot your system in safemode
!
Open your flash drive via command prompt (start>>run>>cmd.exe)
!
Activate your flash drive (e.g. flash drive is in J:, just type J:on the command prompt - don’t forget to press enter)
!
Type ATTRIB -H -R -S AUTORUN.INF then press “Enter”
!
Reboot your PC
Friday, September 17, 2010
CCNA Basic cofiguration commandsVERSION 1
Basic configuration
Router>ena
Router#show version
Router#show start
Router#show run
Router#show history
Router#show clock
Router#show users
Router#show flash
Router#show tech-support
Router#show interfaces
Router#show ip interface brief
Router#copy run start
Router#ping
Router#reload
Router#config t
Router(config)#ip host yasser 10.0.0.100
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#speed auto
Router(config-if)#duplex auto
Router(config-if)#no shutdown
Router(config-if)#exit
Secure Router & Setting Telnet connection
Router(config)#enable password 1111
Router(config)#no enable password
Router(config)#enable secret 1111
Router(config)#line console 0
Router(config-line)#password 2222
Router(config-line)#login
Router(config-line)#exit
Router(config)#line vty 0 4
Router(config-line)#password 3333
Router(config-line)#login
Router(config-line)#exit
Router(config)#service password-encryption
Router(config)#banner motd # dont login #
Router(config)#username yasser password 2222
Router(config)#username yasserramzy secret 2222
Router(config)#username yasserauda privilege 15 password 2222
Router(config)#username yasserramzyauda privilege 15 secret 2222
Router(config)#no ip domain-lookup
Cisco DISCOVERY PROTOCOL
Router(config)#cdp run
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/1 171 S 2960 Fas 0/1
Router Fas 0/0 122 R C2800 Fas 0/0
Router#show cdp interface
Vlan1 is administratively down, line protocol is down
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/0 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/1 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Router#show cdp entry *
Device ID: Switch
Entry address(es):
Platform: cisco 2960, Capabilities: Switch
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime: 148
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team
advertisement version: 2
Duplex: full
---------------------------
Device ID: Router
Entry address(es):
IP address : 120.0.0.2
Platform: cisco C2800, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime: 158
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
advertisement version: 2
Duplex: full
Password recovery
1- connect your router using console cable
2- turn off turn on your router
3- press ctrl + pause break
4- change confreg to 0x2142
5- reset
6- n
7- ena
8- copy start run
9- config t
10- use password commands to change or remove passwords
11- confgire-register 0x2102
12- exit
13- copy run start
BACKUP & RESTORE
Router#copy tftp flash
Router#copy flash tftp
Router#copy run tftp
Router#copy start tftp
Router(config)#boot system flash ?
WORD System image filename
note: Boot priority (system,flash,tftp,rxboot.rommon)
DHCP
Router(config)#ip dhcp pool me
Router(dhcp-config)#network 10.0.0.0 255.0.0.0
Router(dhcp-config)#default-router 10.0.0.10
Router(dhcp-config)#dns-server 10.0.0.11
Router(dhcp-config)#exit
Router(config)#ip name-server 10.0.0.11
Router(config)#ip dhcp excluded-address 10.0.0.100 10.0.0.200
Router(config)#exit
Router#show ip dhcp binding
IP address Client-ID/ Lease expiration Type Hardware address
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address dhcp
SSH
Router(config)#username yasser password 2222
Router(config)#hostname alexrouter
alexrouter(config)#ip domain-name me.com
alexrouter(config)#ip ssh time-out 30
alexrouter(config)#ip ssh authentication-retries 3
alexrouter(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
alexrouter(config)#crypto key generate rsa
The name for the keys will be: alexrouter.me.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 0:1:26.828: RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 0:1:26.828: %SSH-5-ENABLED: SSH 1.5 has bee
Router>ena
Router#show version
Router#show start
Router#show run
Router#show history
Router#show clock
Router#show users
Router#show flash
Router#show tech-support
Router#show interfaces
Router#show ip interface brief
Router#copy run start
Router#ping
Router#reload
Router#config t
Router(config)#ip host yasser 10.0.0.100
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#speed auto
Router(config-if)#duplex auto
Router(config-if)#no shutdown
Router(config-if)#exit
Secure Router & Setting Telnet connection
Router(config)#enable password 1111
Router(config)#no enable password
Router(config)#enable secret 1111
Router(config)#line console 0
Router(config-line)#password 2222
Router(config-line)#login
Router(config-line)#exit
Router(config)#line vty 0 4
Router(config-line)#password 3333
Router(config-line)#login
Router(config-line)#exit
Router(config)#service password-encryption
Router(config)#banner motd # dont login #
Router(config)#username yasser password 2222
Router(config)#username yasserramzy secret 2222
Router(config)#username yasserauda privilege 15 password 2222
Router(config)#username yasserramzyauda privilege 15 secret 2222
Router(config)#no ip domain-lookup
Cisco DISCOVERY PROTOCOL
Router(config)#cdp run
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/1 171 S 2960 Fas 0/1
Router Fas 0/0 122 R C2800 Fas 0/0
Router#show cdp interface
Vlan1 is administratively down, line protocol is down
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/0 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/1 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Router#show cdp entry *
Device ID: Switch
Entry address(es):
Platform: cisco 2960, Capabilities: Switch
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime: 148
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team
advertisement version: 2
Duplex: full
---------------------------
Device ID: Router
Entry address(es):
IP address : 120.0.0.2
Platform: cisco C2800, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime: 158
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
advertisement version: 2
Duplex: full
Password recovery
1- connect your router using console cable
2- turn off turn on your router
3- press ctrl + pause break
4- change confreg to 0x2142
5- reset
6- n
7- ena
8- copy start run
9- config t
10- use password commands to change or remove passwords
11- confgire-register 0x2102
12- exit
13- copy run start
BACKUP & RESTORE
Router#copy tftp flash
Router#copy flash tftp
Router#copy run tftp
Router#copy start tftp
Router(config)#boot system flash ?
WORD System image filename
note: Boot priority (system,flash,tftp,rxboot.rommon)
DHCP
Router(config)#ip dhcp pool me
Router(dhcp-config)#network 10.0.0.0 255.0.0.0
Router(dhcp-config)#default-router 10.0.0.10
Router(dhcp-config)#dns-server 10.0.0.11
Router(dhcp-config)#exit
Router(config)#ip name-server 10.0.0.11
Router(config)#ip dhcp excluded-address 10.0.0.100 10.0.0.200
Router(config)#exit
Router#show ip dhcp binding
IP address Client-ID/ Lease expiration Type Hardware address
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address dhcp
SSH
Router(config)#username yasser password 2222
Router(config)#hostname alexrouter
alexrouter(config)#ip domain-name me.com
alexrouter(config)#ip ssh time-out 30
alexrouter(config)#ip ssh authentication-retries 3
alexrouter(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
alexrouter(config)#crypto key generate rsa
The name for the keys will be: alexrouter.me.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 0:1:26.828: RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 0:1:26.828: %SSH-5-ENABLED: SSH 1.5 has bee
How to Configure Passwords to Secure your Cisco Router
Types of Cisco Router Passwords
When it comes to basic password security, there are three basic types:
Line Passwords
Privileged mode Passwords (enable mode)
Username Passwords (optional)
Let’s explore these.
Line Passwords
Line passwords are configured on router lines. Examples of lines are:
Console Line - The console is the main serial administrative port on a router. This is where you configure the router when it is new and has no network configuration.
Aux Line – The aux line is an auxiliary port. Like the console, it is a physical port on every router. You can think of it as a backup console port. Besides being a backup console port, the aux port is periodically used for administrative console dial up access to the router.
VTY Lines – Vty lines are “virtual tty” lines and are used when you connect to the router via telnet or ssh. These are not physical lines on the router but virtual “inbound network lines”.
Async Lines – Async lines are asynchronous serial lines and are optional. These async lines are created when you insert an async serial card in a router. You can use the async serial lines to connect dumb-terminals (text-based terminals), serial printers, or modems.
All of these different lines need a password configured on them. Let’s find out how to configure Cisco router line passwords.
Configuring Cisco Router Line Passwords
There are two commands used to configure line passwords, no matter what kind of line you are using. The commands are password and login. The password command is used to set your line password. The login command, when entered by itself, is used to tell the router to use the password that is configured on the line. Here is an example of how this is configured on the console port:
As you can see in the graphic, we first set the password to cisco using password cisco, then enabled login using that password with the login command.
We repeat this on the aux port, like this:
Finally, we configure the same commands on the VTY lines. The catch to doing this is that there is more than one VTY. Because you don’t want to have to configure them one at a time, you use a VTY range when performing the configuration. Using a VTY range works by specifying your router’s starting and ending VTY number. Inside the configuration mode for this range of VTYs is where you are configuring the password and login commands. In the past, router only had 0-4, or 5, VTY lines. Today, most routers have 0-15, or 16, VTY lines. Make sure that you know how many VTY’s your router has so that there aren’t some lines that are left without a password. Here is what you do to tell how many lines your router has:
As you can see from the screenshot above, this router has 16 (actually 0 to 15) VTY lines. You know this because the last line number is 15.
Here is how you would configure the password and login commands on the VTY lines using the range of VTY’s:
Configuring Cisco Router Privileged mode Passwords
Another basic router security requirement is that you configure a password used to enter privileged mode (enable mode). The enable password is a well-known way to do this but it is not recommended anymore because it does not encrypt the password with a strong encryption mechanism.
The enable secret command does encrypt the password with a strong encryption mechanism and it also sets a password to enter enable mode. Here is how you configure an enable secret password:
Testing Password Configuration
To test our new password configuration from the console port, exit out of all IOS modes. Once logged off, press enter to log back in.
You will be prompted with the console login prompt. Enter your console line password, cisco. Once you are logged in, type enable and press enter. You will be prompted for your privilege mode password. Type Cisco! and press enter. You should now be logged in. Here is an example:
Username Passwords
Optionally, you can configure usernames and associated passwords on a Cisco router. This is a more advanced level of security than line passwords. Once configured on the lines, the line password is then ignored.
You configure the usernames with the username command and can add their password on the same command line. Optionally, you can configure the privilege level of that user. Level 15 is the administrative user.
Once you create the username, you need to tell each line to use the local username/password database, on the router. To do this, go back to each line and type login local.
Here is an example:
Now let’s test it out:
Notice that we were prompted for a username. We typed in one of the users we setup, admin. We were then prompted for admin’s password. Also, because we specified that admin’s privilege was 15, we were put directly into privileged mode, with full administrative privileges (and without having to type enable).
If we log out, and log back in, notice that user1 doesn’t have the # sign, telling us that we are already in privileged mode:
What you learned
In this article, you learned that there are line passwords and privileged mode passwords. The line passwords protect the console, aux, and vty lines. They are configured with the password and login command. The privileged mode password should be configured with enable secret. Optionally, you can configure usernames and use the login local command on the lines.
All routers should be protected by a password, at minimum. Additionally, privileged mode (and configuration mode) should be controlled by an additional password.
Your action: check each router for proper line and password security as this is the minimum level of security you should employ.
When it comes to basic password security, there are three basic types:
Line Passwords
Privileged mode Passwords (enable mode)
Username Passwords (optional)
Let’s explore these.
Line Passwords
Line passwords are configured on router lines. Examples of lines are:
Console Line - The console is the main serial administrative port on a router. This is where you configure the router when it is new and has no network configuration.
Aux Line – The aux line is an auxiliary port. Like the console, it is a physical port on every router. You can think of it as a backup console port. Besides being a backup console port, the aux port is periodically used for administrative console dial up access to the router.
VTY Lines – Vty lines are “virtual tty” lines and are used when you connect to the router via telnet or ssh. These are not physical lines on the router but virtual “inbound network lines”.
Async Lines – Async lines are asynchronous serial lines and are optional. These async lines are created when you insert an async serial card in a router. You can use the async serial lines to connect dumb-terminals (text-based terminals), serial printers, or modems.
All of these different lines need a password configured on them. Let’s find out how to configure Cisco router line passwords.
Configuring Cisco Router Line Passwords
There are two commands used to configure line passwords, no matter what kind of line you are using. The commands are password and login. The password command is used to set your line password. The login command, when entered by itself, is used to tell the router to use the password that is configured on the line. Here is an example of how this is configured on the console port:
As you can see in the graphic, we first set the password to cisco using password cisco, then enabled login using that password with the login command.
We repeat this on the aux port, like this:
Finally, we configure the same commands on the VTY lines. The catch to doing this is that there is more than one VTY. Because you don’t want to have to configure them one at a time, you use a VTY range when performing the configuration. Using a VTY range works by specifying your router’s starting and ending VTY number. Inside the configuration mode for this range of VTYs is where you are configuring the password and login commands. In the past, router only had 0-4, or 5, VTY lines. Today, most routers have 0-15, or 16, VTY lines. Make sure that you know how many VTY’s your router has so that there aren’t some lines that are left without a password. Here is what you do to tell how many lines your router has:
As you can see from the screenshot above, this router has 16 (actually 0 to 15) VTY lines. You know this because the last line number is 15.
Here is how you would configure the password and login commands on the VTY lines using the range of VTY’s:
Configuring Cisco Router Privileged mode Passwords
Another basic router security requirement is that you configure a password used to enter privileged mode (enable mode). The enable password is a well-known way to do this but it is not recommended anymore because it does not encrypt the password with a strong encryption mechanism.
The enable secret command does encrypt the password with a strong encryption mechanism and it also sets a password to enter enable mode. Here is how you configure an enable secret password:
Testing Password Configuration
To test our new password configuration from the console port, exit out of all IOS modes. Once logged off, press enter to log back in.
You will be prompted with the console login prompt. Enter your console line password, cisco. Once you are logged in, type enable and press enter. You will be prompted for your privilege mode password. Type Cisco! and press enter. You should now be logged in. Here is an example:
Username Passwords
Optionally, you can configure usernames and associated passwords on a Cisco router. This is a more advanced level of security than line passwords. Once configured on the lines, the line password is then ignored.
You configure the usernames with the username command and can add their password on the same command line. Optionally, you can configure the privilege level of that user. Level 15 is the administrative user.
Once you create the username, you need to tell each line to use the local username/password database, on the router. To do this, go back to each line and type login local.
Here is an example:
Now let’s test it out:
Notice that we were prompted for a username. We typed in one of the users we setup, admin. We were then prompted for admin’s password. Also, because we specified that admin’s privilege was 15, we were put directly into privileged mode, with full administrative privileges (and without having to type enable).
If we log out, and log back in, notice that user1 doesn’t have the # sign, telling us that we are already in privileged mode:
What you learned
In this article, you learned that there are line passwords and privileged mode passwords. The line passwords protect the console, aux, and vty lines. They are configured with the password and login command. The privileged mode password should be configured with enable secret. Optionally, you can configure usernames and use the login local command on the lines.
All routers should be protected by a password, at minimum. Additionally, privileged mode (and configuration mode) should be controlled by an additional password.
Your action: check each router for proper line and password security as this is the minimum level of security you should employ.
Reset Administrator Password On A Cisco Router With SNMP
What Is SNMP?
SNMP is a standard protocol for managing and monitoring network devices. SNMP works by having an agent run on a SNMP device, and having a SNMP manager run on a workstation or server. In our case, a Cisco IOS router will be the SNMP device. A Windows workstation with PRTG will be our SNMP manager.
SNMP is a standard defined by the IETF and is based on a number of RFC’s. Usually, the agent uses UDP port 161 and the manager uses UDP port 162. There are 3 versions of SNMP.
There are so many different types of SNMP managers available and they are all created to perform different functions. For example, some programs like Whatsup can alert you when a server is low on disk space, or when a printer runs out of toner.
As we don’t have room to go into all the details on SNMP, take a look at Wikipedia:SNMP for more information.
What is Cisco SNMP Tool?
“Cisco SNMP Tool” is not made by Cisco. Instead, it is a free SNMP application available for download on the Internet. It is made by someone calling himself “Billy the Kid”. Despite the fact that its appearance is rough, it does its job quite well. It can perform full modification of a Cisco router’s running and startup configuration. Additionally, it can reboot the router remotely. This can all be done with only the SNMP write password (called a community string).
How do I obtain “Cisco SNMP Tool”?
To find this tool, I went to googled “cisco snmp tool”. I found that it was available for download from a number of sites. However, the homepage and source for the latest version is at:
http://www.geocities.com/billytk06/
I downloaded and extracted the tool. Inside the zipped download were these files:
It is made up of only a single executable and some text files. There was no installation to be performed at all. Once running, the tool looks like this:
It can only perform a few basic tasks:
Telnet to Host
Reboot device
Upload Running & Startup Configuration
Download Running & Startup Configuration
Reset Passwords
Write NVRAM
How can I reset a lost Cisco IOS enable password with Cisco SNMP Tool?
To reset a lost Cisco IOS enable password with Cisco SNMP tool, let’s look at an example. I have a test router and I have configured an enable password of “lostpassword”. I have a SNMP write community string of “SnmpPassword1”.
On the router, these commands would look like this: Router(config)# enable secret lostpassword Router(config)# snmp-server community SnmpPassword1 RW Router(config)# line vty 0 4 Router(config-line)# password lostpassword
To use “Cisco SNMP Tool” to change the enable password, I first have to add my router to the tool. To do this, type in the IP address of my device, the hostname, and the SNMP write community string. Next I click Add/Update Device, like this:
Once the device is added on the left hand side, I want to test SNMP communication with it. To do this, I click Device Commands -> Test SNMP String.
From this test, you should see the message in the SNMP log that “Your SNMP Read/Write COMMUNITY is CORRECT”, like this:
Now that you know you have full administrative capabilities to this device, using SNMP, you can proceed with whatever you need to do. From here, you can choose to reset passwords on the router. To do this, go to Configuration Commands -> Reset Passwords, like this:
When you do this, in reality, you are just uploading a configuration file from the config tab to the router’s running-configuration. You could create your own config file and upload it yourself. By default, the configuration will change the enable secret password to billy and the line vty password to billy. Also note that you only copied these changes to the running configuration, not the startup-configuration. So, you need to login with these passwords, change the passwords to what they should be and save that configuration with copy run start or wr. Now, let’s see if we can login to our router and change back these passwords:
Now, let me offer a couple of notes on how this tool works. The version of SNMP that is used by default is unencrypted. Thus, the SNMP community string (password) with full write privileges to your router is going across the network in the clear. That means that the password could be sniffed, and a malicious attacker could use this same tool against you. Another important piece is that you must have, ahead of time, configured a SNMP read/write community string on the router. Without that, this tool is never going to work.
Summary
In this article, we learned the power that SNMP can offer a network administrator. I was impressed at how, using only SNMP, we could change the running configuration, change the startup configuration, or reboot the router. I hope you were as impressed as I was. I am going to send an email of thanks to the author of this tool and keep it in my toolbox for the next time I need it. You may want to do the same.
SNMP is a standard protocol for managing and monitoring network devices. SNMP works by having an agent run on a SNMP device, and having a SNMP manager run on a workstation or server. In our case, a Cisco IOS router will be the SNMP device. A Windows workstation with PRTG will be our SNMP manager.
SNMP is a standard defined by the IETF and is based on a number of RFC’s. Usually, the agent uses UDP port 161 and the manager uses UDP port 162. There are 3 versions of SNMP.
There are so many different types of SNMP managers available and they are all created to perform different functions. For example, some programs like Whatsup can alert you when a server is low on disk space, or when a printer runs out of toner.
As we don’t have room to go into all the details on SNMP, take a look at Wikipedia:SNMP for more information.
What is Cisco SNMP Tool?
“Cisco SNMP Tool” is not made by Cisco. Instead, it is a free SNMP application available for download on the Internet. It is made by someone calling himself “Billy the Kid”. Despite the fact that its appearance is rough, it does its job quite well. It can perform full modification of a Cisco router’s running and startup configuration. Additionally, it can reboot the router remotely. This can all be done with only the SNMP write password (called a community string).
How do I obtain “Cisco SNMP Tool”?
To find this tool, I went to googled “cisco snmp tool”. I found that it was available for download from a number of sites. However, the homepage and source for the latest version is at:
http://www.geocities.com/billytk06/
I downloaded and extracted the tool. Inside the zipped download were these files:
It is made up of only a single executable and some text files. There was no installation to be performed at all. Once running, the tool looks like this:
It can only perform a few basic tasks:
Telnet to Host
Reboot device
Upload Running & Startup Configuration
Download Running & Startup Configuration
Reset Passwords
Write NVRAM
How can I reset a lost Cisco IOS enable password with Cisco SNMP Tool?
To reset a lost Cisco IOS enable password with Cisco SNMP tool, let’s look at an example. I have a test router and I have configured an enable password of “lostpassword”. I have a SNMP write community string of “SnmpPassword1”.
On the router, these commands would look like this: Router(config)# enable secret lostpassword Router(config)# snmp-server community SnmpPassword1 RW Router(config)# line vty 0 4 Router(config-line)# password lostpassword
To use “Cisco SNMP Tool” to change the enable password, I first have to add my router to the tool. To do this, type in the IP address of my device, the hostname, and the SNMP write community string. Next I click Add/Update Device, like this:
Once the device is added on the left hand side, I want to test SNMP communication with it. To do this, I click Device Commands -> Test SNMP String.
From this test, you should see the message in the SNMP log that “Your SNMP Read/Write COMMUNITY is CORRECT”, like this:
Now that you know you have full administrative capabilities to this device, using SNMP, you can proceed with whatever you need to do. From here, you can choose to reset passwords on the router. To do this, go to Configuration Commands -> Reset Passwords, like this:
When you do this, in reality, you are just uploading a configuration file from the config tab to the router’s running-configuration. You could create your own config file and upload it yourself. By default, the configuration will change the enable secret password to billy and the line vty password to billy. Also note that you only copied these changes to the running configuration, not the startup-configuration. So, you need to login with these passwords, change the passwords to what they should be and save that configuration with copy run start or wr. Now, let’s see if we can login to our router and change back these passwords:
Now, let me offer a couple of notes on how this tool works. The version of SNMP that is used by default is unencrypted. Thus, the SNMP community string (password) with full write privileges to your router is going across the network in the clear. That means that the password could be sniffed, and a malicious attacker could use this same tool against you. Another important piece is that you must have, ahead of time, configured a SNMP read/write community string on the router. Without that, this tool is never going to work.
Summary
In this article, we learned the power that SNMP can offer a network administrator. I was impressed at how, using only SNMP, we could change the running configuration, change the startup configuration, or reboot the router. I hope you were as impressed as I was. I am going to send an email of thanks to the author of this tool and keep it in my toolbox for the next time I need it. You may want to do the same.
Thursday, September 16, 2010
Windows User State Migration Tool (USMT) Version 3.0.1
Microsoft® Windows® User State Migration Tool (USMT) version 3.0.1 migrates user files and settings during deployments of Microsoft Windows XP and Windows Vista. You can use USMT to perform unattended migrations and to migrate files and settings for computers with multiple users. Also, with USMT you have the ability to encrypt and compress the store. USMT 3.0.1 is intended for administrators who are performing automated deployments.
This tool includes two command-line tools named ScanState and LoadState. ScanState creates an intermediate store that contains the user files and settings from the source computer. LoadState restores these files and settings to the destination computer. USMT 3.0.1 also has three default migration rule (.xml) files named MigApp.xml, MigUser.xml, and MigSys.xml. You can alter the default .xml files and you can also create customized .xml files. Depending on what you want to migrate, you can specify all or none of the default .xml files on the command line. The entire migration process is controlled by the .xml rules, which you can modify, and logic that is built into the tool. When using USMT for automated migration, in almost all cases, you should modify the migration .xml files for your unique situation.
This tool includes two command-line tools named ScanState and LoadState. ScanState creates an intermediate store that contains the user files and settings from the source computer. LoadState restores these files and settings to the destination computer. USMT 3.0.1 also has three default migration rule (.xml) files named MigApp.xml, MigUser.xml, and MigSys.xml. You can alter the default .xml files and you can also create customized .xml files. Depending on what you want to migrate, you can specify all or none of the default .xml files on the command line. The entire migration process is controlled by the .xml rules, which you can modify, and logic that is built into the tool. When using USMT for automated migration, in almost all cases, you should modify the migration .xml files for your unique situation.
Manage Your Outlook Email Address Auto-Complete List
Do you ever find it frustrating that you can’t make changes to the auto-complete entries in Microsoft Outlook? Even more annoying is the fact that items in your address book aren’t immediately added to the autocomplete list.
There’s a small utility named NK2View by the excellent Nirsoft that can help with this problem. You can delete items in the list, import from your address book, and even export auto-completed addresses for later import into Outlook as full contacts
View/Delete AutoComplete Items
The utility should automatically detect the location of your *.nk2 folder, but if it doesn’t you’ll find it in the following location:
%APPDATA%\Microsoft\Outlook
Wednesday, September 15, 2010
Run Commands
Program Run Command
Accessibility Controls access.cpl
Accessibility Wizard accwiz
Add Hardware Wizard hdwwiz.cpl
Add/Remove Programs appwiz.cpl
Administrative Tools control admintools
Adobe Acrobat ( if installed ) acrobat
Adobe Distiller ( if installed ) acrodist
Adobe ImageReady ( if installed ) imageready
Adobe Photoshop ( if installed ) photoshop
Automatic Updates wuaucpl.cpl
Basic Media Player mplay32
Bluetooth Transfer Wizard fsquirt
Calculator calc
Ccleaner ( if installed ) ccleaner
C: Drive c:
Certificate Manager cdrtmgr.msc
Character Map charmap
Check Disk Utility chkdsk
Clipboard Viewer clipbrd
Command Prompt cmd
Command Prompt command
Component Services dcomcnfg
Computer Management compmgmt.msc
Compare Files comp
Control Panel control
Create a shared folder Wizard shrpubw
Date and Time Properties timedate.cpl
DDE Shares ddeshare
Device Manager devmgmt.msc
Direct X Control Panel ( if installed ) directx.cpl
Direct X Troubleshooter dxdiag
Disk Cleanup Utility cleanmgr
Disk Defragment dfrg.msc
Disk Partition Manager diskmgmt.msc
Display Properties control desktop
Display Properties desk.cpl
Display Properties (w/Appearance Tab Preselected ) control color
Dr. Watson System Troubleshooting Utility drwtsn32
Driver Verifier Utility verifier
Ethereal ( if installed ) ethereal
Event Viewer eventvwr.msc
Files and Settings Transfer Tool migwiz
File Signature Verification Tool sigverif
Findfast findfast.cpl
Firefox firefox
Folders Properties control folders
Fonts fonts
Fonts Folder fonts
Free Cell Card Game freecell
Game Controllers joy.cpl
Group Policy Editor ( xp pro ) gpedit.msc
Hearts Card Game mshearts
Help and Support helpctr
Hyperterminal hypertrm
Hotline Client hotlineclient
Iexpress Wizard iexpress
Indexing Service ciadv.msc
Internet Connection Wizard icwonn1
Internet Properties inetcpl.cpl
Internet Setup Wizard inetwiz
IP Configuration (Display Connection Configuration) ipconfig /all
IP Configuration (Display DNS Cache Contents) ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns
IP Configuration (Release All Connections) ipconfig /release
IP Configuration (Renew All Connections) ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS) ipconfig /registerdns
IP Configuration (Display DHCP Class ID) ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid
Java Control Panel ( if installed ) jpicpl32.cpl
Java Control Panel ( if installed ) javaws
Keyboard Properties control keyboard
Local Security Settings secpol.msc
Local Users and Groups lusrmgr.msc
Logs You Out of Windows logoff
Malicious Software Removal Tool mrt
Microsoft Access ( if installed ) access.cpl
Microsoft Chat winchat
Microsoft Excel ( if installed ) excel
Microsoft Diskpart diskpart
Microsoft Frontpage ( if installed ) frontpg
Microsoft Movie Maker moviemk
Microsoft Management Console mmc
Microsoft Narrator narrator
Microsoft Paint mspaint
Microsoft Powerpoint powerpnt
Microsoft Word ( if installed ) winword
Microsoft Syncronization Tool mobsync
Minesweeper Game winmine
Mouse Properties control mouse
Mouse Properties main.cpl
MS-Dos Editor edit
MS-Dos FTP ftp
Nero ( if installed ) nero
Netmeeting conf
Network Connections control netconnections
Network Connections ncpa.cpl
Network Setup Wizard netsetup.cpl
Notepad notepad
Nview Desktop Manager ( if installed ) nvtuicpl.cpl
Object Packager packager
ODBC Data Source Administrator odbccp32
ODBC Data Source Administrator odbccp32.cpl
On Screen Keyboard osk
Opens AC3 Filter ( if installed ) ac3filter.cpl
Outlook Express msimn
Paint pbrush
Password Properties password.cpl
Performance Monitor perfmon.msc
Performance Monitor perfmon
Phone and Modem Options telephon.cpl
Phone Dialer dialer
Pinball Game pinball
Power Configuration powercfg.cpl
Printers and Faxes control printers
Printers Folder printers
Private Characters Editor eudcedit
Quicktime ( if installed ) quicktime.cpl
Quicktime Player ( if installed ) quicktimeplayer
Real Player ( if installed ) realplay
Regional Settings intl.cpl
Registry Editor regedit
Registry Editor regedit32
Remote Access Phonebook rasphone
Remote Desktop mstsc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Resultant Set of Policy ( xp pro ) rsop.msc
Scanners and Cameras sticpl.cpl
Scheduled Tasks control schedtasks
Security Center wscui.cpl
Services services.msc
Shared Folders fsmgmt.msc
Sharing Session rtcshare
Shuts Down Windows shutdown
Sounds Recorder sndrec32
Sounds and Audio mmsys.cpl
Spider Solitare Card Game spider
SQL Client Configuration clicongf
System Configuration Editor sysedit
System Configuration Utility msconfig
System File Checker Utility ( Scan Immediately ) sfc /scannow
System File Checker Utility ( Scan Once At Next Boot ) sfc /scanonce
System File Checker Utility ( Scan On Every Boot ) sfc /scanboot
System File Checker Utility ( Return to Default Settings) sfc /revert
System File Checker Utility ( Purge File Cache ) sfc /purgecache
System File Checker Utility ( Set Cache Size to Size x ) sfc /cachesize=x
System Information msinfo32
System Properties sysdm.cpl
Task Manager taskmgr
TCP Tester tcptest
Telnet Client telnet
Tweak UI ( if installed ) tweakui
User Account Management nusrmgr.cpl
Utility Manager utilman
Volume Serial Number for C: label
Volume Control sndvol32
Windows Address Book wab
Windows Address Book Import Utility wabmig
Windows Backup Utility ( if installed ) ntbackup
Windows Explorer explorer
Windows Firewall firewall.cpl
Windows Installer Details msiexec
Windows Magnifier magnify
Windows Management Infrastructure wmimgmt.msc
Windows Media Player wmplayer
Windows Messenger msnsgs
Windows Picture Import Wizard (Need camera connected) wiaacmgr
Windows System Security Tool syskey
Windows Script host settings wscript
Widnows Update Launches wupdmgr
Windows Version ( shows your windows version ) winver
Windows XP Tour Wizard tourstart
Wordpad write
Zoom Utility igfxzoom
Accessibility Controls access.cpl
Accessibility Wizard accwiz
Add Hardware Wizard hdwwiz.cpl
Add/Remove Programs appwiz.cpl
Administrative Tools control admintools
Adobe Acrobat ( if installed ) acrobat
Adobe Distiller ( if installed ) acrodist
Adobe ImageReady ( if installed ) imageready
Adobe Photoshop ( if installed ) photoshop
Automatic Updates wuaucpl.cpl
Basic Media Player mplay32
Bluetooth Transfer Wizard fsquirt
Calculator calc
Ccleaner ( if installed ) ccleaner
C: Drive c:
Certificate Manager cdrtmgr.msc
Character Map charmap
Check Disk Utility chkdsk
Clipboard Viewer clipbrd
Command Prompt cmd
Command Prompt command
Component Services dcomcnfg
Computer Management compmgmt.msc
Compare Files comp
Control Panel control
Create a shared folder Wizard shrpubw
Date and Time Properties timedate.cpl
DDE Shares ddeshare
Device Manager devmgmt.msc
Direct X Control Panel ( if installed ) directx.cpl
Direct X Troubleshooter dxdiag
Disk Cleanup Utility cleanmgr
Disk Defragment dfrg.msc
Disk Partition Manager diskmgmt.msc
Display Properties control desktop
Display Properties desk.cpl
Display Properties (w/Appearance Tab Preselected ) control color
Dr. Watson System Troubleshooting Utility drwtsn32
Driver Verifier Utility verifier
Ethereal ( if installed ) ethereal
Event Viewer eventvwr.msc
Files and Settings Transfer Tool migwiz
File Signature Verification Tool sigverif
Findfast findfast.cpl
Firefox firefox
Folders Properties control folders
Fonts fonts
Fonts Folder fonts
Free Cell Card Game freecell
Game Controllers joy.cpl
Group Policy Editor ( xp pro ) gpedit.msc
Hearts Card Game mshearts
Help and Support helpctr
Hyperterminal hypertrm
Hotline Client hotlineclient
Iexpress Wizard iexpress
Indexing Service ciadv.msc
Internet Connection Wizard icwonn1
Internet Properties inetcpl.cpl
Internet Setup Wizard inetwiz
IP Configuration (Display Connection Configuration) ipconfig /all
IP Configuration (Display DNS Cache Contents) ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns
IP Configuration (Release All Connections) ipconfig /release
IP Configuration (Renew All Connections) ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS) ipconfig /registerdns
IP Configuration (Display DHCP Class ID) ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid
Java Control Panel ( if installed ) jpicpl32.cpl
Java Control Panel ( if installed ) javaws
Keyboard Properties control keyboard
Local Security Settings secpol.msc
Local Users and Groups lusrmgr.msc
Logs You Out of Windows logoff
Malicious Software Removal Tool mrt
Microsoft Access ( if installed ) access.cpl
Microsoft Chat winchat
Microsoft Excel ( if installed ) excel
Microsoft Diskpart diskpart
Microsoft Frontpage ( if installed ) frontpg
Microsoft Movie Maker moviemk
Microsoft Management Console mmc
Microsoft Narrator narrator
Microsoft Paint mspaint
Microsoft Powerpoint powerpnt
Microsoft Word ( if installed ) winword
Microsoft Syncronization Tool mobsync
Minesweeper Game winmine
Mouse Properties control mouse
Mouse Properties main.cpl
MS-Dos Editor edit
MS-Dos FTP ftp
Nero ( if installed ) nero
Netmeeting conf
Network Connections control netconnections
Network Connections ncpa.cpl
Network Setup Wizard netsetup.cpl
Notepad notepad
Nview Desktop Manager ( if installed ) nvtuicpl.cpl
Object Packager packager
ODBC Data Source Administrator odbccp32
ODBC Data Source Administrator odbccp32.cpl
On Screen Keyboard osk
Opens AC3 Filter ( if installed ) ac3filter.cpl
Outlook Express msimn
Paint pbrush
Password Properties password.cpl
Performance Monitor perfmon.msc
Performance Monitor perfmon
Phone and Modem Options telephon.cpl
Phone Dialer dialer
Pinball Game pinball
Power Configuration powercfg.cpl
Printers and Faxes control printers
Printers Folder printers
Private Characters Editor eudcedit
Quicktime ( if installed ) quicktime.cpl
Quicktime Player ( if installed ) quicktimeplayer
Real Player ( if installed ) realplay
Regional Settings intl.cpl
Registry Editor regedit
Registry Editor regedit32
Remote Access Phonebook rasphone
Remote Desktop mstsc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Resultant Set of Policy ( xp pro ) rsop.msc
Scanners and Cameras sticpl.cpl
Scheduled Tasks control schedtasks
Security Center wscui.cpl
Services services.msc
Shared Folders fsmgmt.msc
Sharing Session rtcshare
Shuts Down Windows shutdown
Sounds Recorder sndrec32
Sounds and Audio mmsys.cpl
Spider Solitare Card Game spider
SQL Client Configuration clicongf
System Configuration Editor sysedit
System Configuration Utility msconfig
System File Checker Utility ( Scan Immediately ) sfc /scannow
System File Checker Utility ( Scan Once At Next Boot ) sfc /scanonce
System File Checker Utility ( Scan On Every Boot ) sfc /scanboot
System File Checker Utility ( Return to Default Settings) sfc /revert
System File Checker Utility ( Purge File Cache ) sfc /purgecache
System File Checker Utility ( Set Cache Size to Size x ) sfc /cachesize=x
System Information msinfo32
System Properties sysdm.cpl
Task Manager taskmgr
TCP Tester tcptest
Telnet Client telnet
Tweak UI ( if installed ) tweakui
User Account Management nusrmgr.cpl
Utility Manager utilman
Volume Serial Number for C: label
Volume Control sndvol32
Windows Address Book wab
Windows Address Book Import Utility wabmig
Windows Backup Utility ( if installed ) ntbackup
Windows Explorer explorer
Windows Firewall firewall.cpl
Windows Installer Details msiexec
Windows Magnifier magnify
Windows Management Infrastructure wmimgmt.msc
Windows Media Player wmplayer
Windows Messenger msnsgs
Windows Picture Import Wizard (Need camera connected) wiaacmgr
Windows System Security Tool syskey
Windows Script host settings wscript
Widnows Update Launches wupdmgr
Windows Version ( shows your windows version ) winver
Windows XP Tour Wizard tourstart
Wordpad write
Zoom Utility igfxzoom
Useful commands for windows 2003 server administration
shutdown /m \\ /s /c "Server requires reboot due to app install" - The following two commands work with the
Windows Server 2003 version of shutdown.exe. This shuts a server down after the 30 seconds (default wait timer):
shutdown /m \\ /r /t 20 /c "Server is going down for repairs" - This command restarts a server after 20 seconds
shutdown \\ "Server is going down for repairs" - On Windows 2000, the shutdown options are a little different. This command shuts down a server (in 30 seconds by default):
shutdown \\ /r /t:15 "Server requires reboot due to app install" - And this restarts (/r option) a server in 15 seconds
All three of the following commands display the system uptime
psinfo \\ | findstr Uptime
srvinfo \\ | findstr /c:"Up Time"
systeminfo /s | findstr /c:"Up Time"
runas /user:administrator@rallencorp.com /netonly "mmc.exe" - Sometimes it is convenient to create a MMC console that runs under administrator privileges. In this case, simply use mmc.exe as the command to run from runas:
netsh int ip show config - view network configuration information is netsh
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection":
netsh int ip show dns - view the current DNS configuration for all connections on the local machine
nltest /server: /DsGetSite - You want to find the Active Directory site a computer is part of, which is based on the IP address of the computer
linkspeed /s \\ - The Windows Server 2003 Resource Kit includes a new tool called linkspeed
linkspeed /s
linkspeed /dc - Alternatively, you can specify the /dc switch to have it test the machine's current domain controller
netsh interface ipv6 install - The following command installs the IPv6 stack. It must be run directly on the target server
psexec \\server01 netsh interface ipv6 install - If you need to run the command remotely, you can use the psexec
secedit /refreshpolicy machine_policy - You can force new auditing settings to be applied by running the secedit command on Windows 2000
gpupdate /target:computer - the gpupdate command on Windows Server 2003
cusrmgr -m \\ -u admininstrator -r - To rename local accounts, use the cusrmgr.exe utility from the Windows 2000
For example:
cusrmgr -m \\srv01 -u admininstrator -r admn
iisreset - The following command restarts all IIS services on the computer
iisreset 172.16.12.5 /stop - To stop IIS services on a remote computer with IP address 172.16.12.5
iisreset 172.16.12.5 /status - To verify that IIS services have been stopped on the remote computer
iisreset /disable - To prevent iisreset from being used to stop IIS services,
iisreset /stop - stop all IIS services
net stop w3svc - To stop the WWW service only on your IIS computer
net start w3svc - To start it again
net stop /y iisadmin - To stop the IISAdmin service and all dependent IIS services
iisweb /stop "Default Web Site" - To stop the Default Web Site only while leaving other web sites running
iisweb /start "Default Web Site" - To start it again
iisweb /create D:\HR "Human Resources" /i 216.44.65.8 - The following command creates a new web site named Human Resources on server with IP 216.44.65.8 and root directory D:\HR
iisweb /create D:\Corp "My Company" - The following command creates a new site named My Company with root directory D:\Corp and IP address "All Unassigned,"
iisvdir /create "Human Resources" employees D:\resumes - The following command creates a virtual directory within the Human Resources web site and maps alias employees to physical directory D:\resumes:
iisvdir /query "Human Resources" - list virtual directories within the Human Resources site:
iisvdir /delete "Human Resources\employees" - To delete the previously created virtual directory
iisback /backup /b 28july04 - The following command backs up the metabase using the iisback.vbs script and names the two backup files 28july04.MD0
iisback /list - To view a list of the current metabase backups
iisapp - The following command displays the process ID (PID) of all worker processes running on the computer,
iisapp /p 2765 - The following command displays the application pool to which the worker process having PID 2765 is assigned
iisftp /create C:\ftpstuff "My FTP Site" /i 172.16.12.50 /dontstart - The following command creates a new FTP site named My FTP Site with root directory C:\ftpstuff and IP address 172.16.12.50
iisftp /start "My FTP Site" - To start the new site,
iisftp /query - To display a list of all FTP sites on your server
net stop msftpsvc - You can also stop and start all FTP sites on your server using the following commands
net start msftpsvc
net stop dns - You can use the net.exe command to stop or start the DNS Server service on the local machine
net start dns
dnscmd /enumzones - view the zones on a local DNS Server
dnscmd /clearcache - The following command clears the server cache
dnscmd /statistics - Use the following command to display utilization statistics
unlock . * -view - unlock that lets you find locked out users and unlock them in one shot
unlock dc01 username - The following command unlocks the user rallen on dc01
dsmod user -disabled no - To enable a user
dsmod user -disabled yes - To disable a user
dsmod group "" -addmbr ""- The -addmbr option adds a member to a group
dsmod group "" -rmmbr "" - The -rmmbr option removes a member from a group
dsmod user -pwd * - This command changes the password for the user specified by .
dsget group "" -members - The following command displays the direct members of a group
dsget group "" -members -expand - Add the -expand option to enumerate all nested group members
dsadd computer "" -desc ""- Use the following command to create a computer account in Active Directory
netsh int ip set address name="" source=dhcp - The following command configures DHCP for a connection
netsh int ip set address name="Local Area Connection" source=dhcp - configuring the connection named "Local Area Connection" to use DHCP
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection
Run any of the following commands to start a service
psservice start
sc start
wmic service call StartService
net start
Run any of the following commands to stop a service
psservice stop
sc stop
wmic service call StopService
net stop
sc queryex - The following command displays the process ID (PID) that corresponds to a service
sc \\ qc - The following command displays the services that the specified service depends on
sc \\ enumdepend - The following command displays the services that depend on the specified service
psservice \\ depend - You can also use the following command
taskkill -pid - The following command kills a process by PID
taskkill /s -im - And this command kills a process by name on a remote server
pskill \\ - The pskill.exe utility works in a very similar manner
tasklist - viewing the running processes via the command line
pslist \\ - The Sysinternals pslist.exe utility is available for Windows Server 2003 or Windows 2000 and can be run against a remote host
top - There is also the top.exe command, which is available in the Windows 2000 Resource Kit. It provides a continually updated view of the top running process (by CPU)
tlist | findstr cmd.exe - On Windows 2000, you can use the tlist.exe (or pslist.exe) command in combination with findstr.exe to find processes
runas /user: "" - The runas.exe command allows you to run a command with alternate credentials
runas /user:AMER\rallen.adm "mmc.exe" -
diskpart - On Windows Server 2003, you can use the diskpart utility to view the disk, drive, and volume configuration. First, get into interactive mode
list disk - to view the list of disks
list vol - to see the list of volume and assigned drive letters,
nltest /server: /sc_query: - The following command tests the secure channel for a computer
nltest /server: /sc_reset: - The following command resets the secure channel for a compute
Published Friday, February 13, 2009 2:11 PM by darenhan
Windows Server 2003 version of shutdown.exe. This shuts a server down after the 30 seconds (default wait timer):
shutdown /m \\ /r /t 20 /c "Server is going down for repairs" - This command restarts a server after 20 seconds
shutdown \\ "Server is going down for repairs" - On Windows 2000, the shutdown options are a little different. This command shuts down a server (in 30 seconds by default):
shutdown \\ /r /t:15 "Server requires reboot due to app install" - And this restarts (/r option) a server in 15 seconds
All three of the following commands display the system uptime
psinfo \\ | findstr Uptime
srvinfo \\ | findstr /c:"Up Time"
systeminfo /s | findstr /c:"Up Time"
runas /user:administrator@rallencorp.com /netonly "mmc.exe" - Sometimes it is convenient to create a MMC console that runs under administrator privileges. In this case, simply use mmc.exe as the command to run from runas:
netsh int ip show config - view network configuration information is netsh
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection":
netsh int ip show dns - view the current DNS configuration for all connections on the local machine
nltest /server: /DsGetSite - You want to find the Active Directory site a computer is part of, which is based on the IP address of the computer
linkspeed /s \\ - The Windows Server 2003 Resource Kit includes a new tool called linkspeed
linkspeed /s
linkspeed /dc - Alternatively, you can specify the /dc switch to have it test the machine's current domain controller
netsh interface ipv6 install - The following command installs the IPv6 stack. It must be run directly on the target server
psexec \\server01 netsh interface ipv6 install - If you need to run the command remotely, you can use the psexec
secedit /refreshpolicy machine_policy - You can force new auditing settings to be applied by running the secedit command on Windows 2000
gpupdate /target:computer - the gpupdate command on Windows Server 2003
cusrmgr -m \\ -u admininstrator -r - To rename local accounts, use the cusrmgr.exe utility from the Windows 2000
For example:
cusrmgr -m \\srv01 -u admininstrator -r admn
iisreset - The following command restarts all IIS services on the computer
iisreset 172.16.12.5 /stop - To stop IIS services on a remote computer with IP address 172.16.12.5
iisreset 172.16.12.5 /status - To verify that IIS services have been stopped on the remote computer
iisreset /disable - To prevent iisreset from being used to stop IIS services,
iisreset /stop - stop all IIS services
net stop w3svc - To stop the WWW service only on your IIS computer
net start w3svc - To start it again
net stop /y iisadmin - To stop the IISAdmin service and all dependent IIS services
iisweb /stop "Default Web Site" - To stop the Default Web Site only while leaving other web sites running
iisweb /start "Default Web Site" - To start it again
iisweb /create D:\HR "Human Resources" /i 216.44.65.8 - The following command creates a new web site named Human Resources on server with IP 216.44.65.8 and root directory D:\HR
iisweb /create D:\Corp "My Company" - The following command creates a new site named My Company with root directory D:\Corp and IP address "All Unassigned,"
iisvdir /create "Human Resources" employees D:\resumes - The following command creates a virtual directory within the Human Resources web site and maps alias employees to physical directory D:\resumes:
iisvdir /query "Human Resources" - list virtual directories within the Human Resources site:
iisvdir /delete "Human Resources\employees" - To delete the previously created virtual directory
iisback /backup /b 28july04 - The following command backs up the metabase using the iisback.vbs script and names the two backup files 28july04.MD0
iisback /list - To view a list of the current metabase backups
iisapp - The following command displays the process ID (PID) of all worker processes running on the computer,
iisapp /p 2765 - The following command displays the application pool to which the worker process having PID 2765 is assigned
iisftp /create C:\ftpstuff "My FTP Site" /i 172.16.12.50 /dontstart - The following command creates a new FTP site named My FTP Site with root directory C:\ftpstuff and IP address 172.16.12.50
iisftp /start "My FTP Site" - To start the new site,
iisftp /query - To display a list of all FTP sites on your server
net stop msftpsvc - You can also stop and start all FTP sites on your server using the following commands
net start msftpsvc
net stop dns - You can use the net.exe command to stop or start the DNS Server service on the local machine
net start dns
dnscmd /enumzones - view the zones on a local DNS Server
dnscmd /clearcache - The following command clears the server cache
dnscmd /statistics - Use the following command to display utilization statistics
unlock . * -view - unlock that lets you find locked out users and unlock them in one shot
unlock dc01 username - The following command unlocks the user rallen on dc01
dsmod user -disabled no - To enable a user
dsmod user -disabled yes - To disable a user
dsmod group "" -addmbr ""- The -addmbr option adds a member to a group
dsmod group "" -rmmbr "" - The -rmmbr option removes a member from a group
dsmod user -pwd * - This command changes the password for the user specified by .
dsget group "" -members - The following command displays the direct members of a group
dsget group "" -members -expand - Add the -expand option to enumerate all nested group members
dsadd computer "" -desc ""- Use the following command to create a computer account in Active Directory
netsh int ip set address name="" source=dhcp - The following command configures DHCP for a connection
netsh int ip set address name="Local Area Connection" source=dhcp - configuring the connection named "Local Area Connection" to use DHCP
netsh int ip set address name="Local Area Connection" source=static 10.3.53.3 255.255.255.0 10.3.53.1 1 - This example configures a static IP address for "Local Area Connection
Run any of the following commands to start a service
psservice start
sc start
wmic service call StartService
net start
Run any of the following commands to stop a service
psservice stop
sc stop
wmic service call StopService
net stop
sc queryex - The following command displays the process ID (PID) that corresponds to a service
sc \\ qc - The following command displays the services that the specified service depends on
sc \\ enumdepend - The following command displays the services that depend on the specified service
psservice \\ depend - You can also use the following command
taskkill -pid - The following command kills a process by PID
taskkill /s -im - And this command kills a process by name on a remote server
pskill \\ - The pskill.exe utility works in a very similar manner
tasklist - viewing the running processes via the command line
pslist \\ - The Sysinternals pslist.exe utility is available for Windows Server 2003 or Windows 2000 and can be run against a remote host
top - There is also the top.exe command, which is available in the Windows 2000 Resource Kit. It provides a continually updated view of the top running process (by CPU)
tlist | findstr cmd.exe - On Windows 2000, you can use the tlist.exe (or pslist.exe) command in combination with findstr.exe to find processes
runas /user: "" - The runas.exe command allows you to run a command with alternate credentials
runas /user:AMER\rallen.adm "mmc.exe" -
diskpart - On Windows Server 2003, you can use the diskpart utility to view the disk, drive, and volume configuration. First, get into interactive mode
list disk - to view the list of disks
list vol - to see the list of volume and assigned drive letters,
nltest /server: /sc_query: - The following command tests the secure channel for a computer
nltest /server: /sc_reset: - The following command resets the secure channel for a compute
Published Friday, February 13, 2009 2:11 PM by darenhan
NTLDR is Missing
insert the Windows CD and start the computer.
When the Welcome to Setup screen appears, press R.
Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
When prompted, type the administrator password and press Enter.
From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:
COPY D:\I386\NTLDR C:\
COPY D:\I386\NTDETECT.COM C:\
Remove the Windows XP CD from the drive and restart the computer.
When the Welcome to Setup screen appears, press R.
Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
When prompted, type the administrator password and press Enter.
From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:
COPY D:\I386\NTLDR C:\
COPY D:\I386\NTDETECT.COM C:\
Remove the Windows XP CD from the drive and restart the computer.
ADMT 3.2 Released!!
Those that are on the various message boards or are thinking about an upcoming migration then this post is for you.
ADMT 3.2 has been released
Active Directory Migration Tool version 3.2
The key thing from that page is this:
Supported Operating Systems: Windows Server 2008 R2
So you can now run ADMT on a 2008 R2 box. Now time to migrate :)
Posted by mkline at 6:31 PM 0 comments Links to this post
ADMT 3.2 has been released
Active Directory Migration Tool version 3.2
The key thing from that page is this:
Supported Operating Systems: Windows Server 2008 R2
So you can now run ADMT on a 2008 R2 box. Now time to migrate :)
Posted by mkline at 6:31 PM 0 comments Links to this post
How to remove newfolder.exe or regsvr.exe or autorun.inf virus?
. Cut The Supply Line
Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
Open the file in notepad and delete everything and save the file.
Now change the file status back to read only mode so that the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option click OK.
Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
2. Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change the option to disable.
Once you do this you have registry access back.
3. Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
4. Seek And Destroy the enemy soldiers, no one should be left behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as 1/31/2008 and also type To date as 1/31/2008
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe
Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
Open the file in notepad and delete everything and save the file.
Now change the file status back to read only mode so that the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option click OK.
Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
2. Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change the option to disable.
Once you do this you have registry access back.
3. Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
4. Seek And Destroy the enemy soldiers, no one should be left behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as 1/31/2008 and also type To date as 1/31/2008
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe
Subscribe to:
Posts (Atom)