You can use SQL Studio Express to administer the Windows Internal database. Just point the SSE to:

\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query

And Bob is your father’s brother. Also, I know that this is not news. It’s just easier to copy and paste, and I can always find it here. ;)

I passed 70-649 today, to update my MCSE 2003 to Windows 2008.
So now, I’m an MCTS. I *was* an MCSE +Security +Messaging.
Somehow, MCTS doesn’t seem as impressive.

File Destructor 2.0: Creates corrupt file, not the lame excuse

Posted using ShareThis

Recently, I needed to install Firefox-3.5.3 on multiple workstations in an Active Directory domain. Rather than create MSI packages and assign the application with Group Policy, I used Psexec and batch scripts to push it out. Here’s how:
If you don’t have Psexec installed, you can download it from Microsoft here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
Next, download the installer you want to use. In this example, we’ll use Firefox. Make a share on your server that all users can read, and place the installer inside the share.
So now, we’ve got \SERVERNAMESHARENAMEFirefoxInstaller.exe
Next, you need a few files to make this happen:
1. UpdateClients.bat
2. hostnames.txt
3. SoftwareInstaller.bat
All of these files need to be in the same directory, and you must have administrative privileges on the workstation you wish to update.
Basically, the UpdateClients.bat file enumerates the hostnames.txt, and passes the hostnames of the workstations/servers found in it to the SoftwareInstaller.bat file. Here are the contents of the files:

1. UpdateClients.bat


for /f "tokens=*" %%a in (hostnames.txt) do SoftwareInstaller.bat %%a


2. hostnames.txt (one hostname per line)


hostname1
hostname2
hostname3


3. SoftwareInstaller.bat


SET SERVERNAME=replacewithservername
SET SHARENAME=replacewithsharename
echo "checking for Installers directory on the target..."
if not exist \%1C$installers mkdir \%1C$installers
if not exist \%1C$installersfirefox353 mkdir \%1C$installersfirefox353
echo "copying Firefox install to install directory..."
xcopy "\$SERVERNAME$SHARENAMEFirefoxInstaller.exe" "\%1C$installersfirefox353" /e /y
echo "Installing Firefox..."
psexec.exe \%1 "c:installersfirefox353Firefox353.exe" -ms
echo "Firefox Done."


Now, fill the hostnames.txt with your hostnames, and double-click UpdateClients.bat.

Sometimes, too many people have messed with it.
Plain and simple.
People like to check boxes. And enable/disable things. it’s fun.
But when it’s your CAS server, it can be a real hassle to navigate the IIS interface, and reset all of those little “tweaks”, placed there by someone with apparently no business “tweaking” IIS.
You know who you are.
;P

In these cases, it’s much easier to let Exchange do it for you, and all you need to open is the Exchange Management Shell.

This will list all the current OWA-related virtual directories.

get-owavirtualdirectory

This will delete the OWA virtual directory for the Default Web Site.

remove-owavirtualdirectory -identity "owa (Default Web Site)"

This command will re-create the owa virtual directory under the Default Web Site in IIS.

new-owavirtualdirectory -OWAVersion "Exchange2007" -Name "owa (Default Web Site)"


This command will re-create the “Exchange” virtual directory under the Default Web Site in IIS.

new-owavirtualdirectory -OWAVersion "Exchange2003or2000" -VirtualDirectoryType "Mailboxes" -Name "Exchange (Default Web Site)"


When you run this command, if you get an error similar to the one below, it is possible that IIS is set to work in 32 bit mode and not the required 64 bit mode.

New-OwaVirtualDirectory : An error occurred while creating the IIS virtual directory ‘IIS://mailserver.yourdomain.com/W3SVC/1/ROOT/owa’ on ‘mailserver’.
At line:1 char:24
+ New-OWAVirtualDirectory <<<< -OWAVersion "Exchange2007" -Name "owa" -Website "Default Web Site"

To make IIS run in 64 bit mode, run the following in an administrative command prompt:

cscript %SYSTEMDRIVE%inetpubadminscriptsadsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0

THIS UPDATE WAS SHAMELESSLY RIPPED FROM http://my.opera.com/ravenoverride because if I have to spend another 2 hours searching for the correct command to add these to the proper site name, I’ll snap.

Remove-OWAVirtualDirectory -Identity “Owa (XXXXXXX)” -Confirm:$false
Remove-OWAVirtualDirectory -Identity “Exadmin (XXXXXXX)” -Confirm:$false
Remove-OWAVirtualDirectory -Identity “Exchange (XXXXXXX)” -Confirm:$false
Remove-OWAVirtualDirectory -Identity “Exchweb (XXXXXXX)” -Confirm:$false
Remove-OWAVirtualDirectory -Identity “Public (XXXXXXX)” -Confirm:$false
Remove-WebServicesVirtualDirectory -Identity “EWS (XXXXXXX)” -Confirm:$false
Remove-ActiveSyncVirtualDirectory -Identity “Microsoft-Server-ActiveSync (XXXXXXX)” -Confirm:$false
Remove-OabVirtualDirectory -Identity “OAB (XXXXXXX)” -Force:$true -Confirm:$false
Remove-UMVirtualDirectory -Identity “UnifiedMessaging (XXXXXXX)” -Confirm:$false
Remove-AutodiscoverVirtualDirectory -Identity “Autodiscover (XXXXXXX)” -Confirm:$false

To verify that the directories have been removed, run the following commands. You should receive no output:

Get-AutodiscoverVirtualDirectory
Get-OABVirtualDirectory
Get-OWAVirtualDirectory
Get-WebServicesVirtualDirectory
Get-ActiveSyncVirtualDirectory
Get-UMVirtualDirectory

To properly create these virtual directories, run the following commands (Please keep the information what you got earlier for XXXXXXX and change it here to):

– Open Exchange Management Shell with elevated permission
– Run the following commands (THE COMMANDS ARE A ONE-LINER. THE NEXT COMMAND IS SEPARATED WITH —————————–. So copy and paste it into notepad, check if it is one line, read it carefully and change the information you have to provide. Information you have to provide is in BIG LETTERS or XXXXXXX):

New-OWAVirtualDirectory -WebsiteName “XXXXXXX” -OwaVersion “Exchange2007”
-ExternalAuthenticationMethods Fba
—————————–
Set-OWAVirtualDirectory -InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/owa/”
-ClientAuthCleanupLevel “Low” -LogonFormat “UserName” -DefaultDomain “NETBIOSDOMAINNAME”
-Identity “Owa (XXXXXXX)”
—————————–
New-OWAVirtualDirectory -WebsiteName “XXXXXXX” -OwaVersion “Exchange2003or2000”
-VirtualDirectoryType “Exadmin” -ExternalAuthenticationMethods Fba
—————————–
New-OWAVirtualDirectory -WebsiteName “XXXXXXX” -OwaVersion “Exchange2003or2000”
-VirtualDirectoryType “Mailboxes” -ExternalAuthenticationMethods Fba
—————————–
New-OWAVirtualDirectory -WebsiteName “XXXXXXX” -OwaVersion “Exchange2003or2000”
-VirtualDirectoryType “Exchweb” -ExternalAuthenticationMethods Fba
—————————–
New-OWAVirtualDirectory -WebsiteName “XXXXXXX” -OwaVersion “Exchange2003or2000”
-VirtualDirectoryType “PublicFolders” -ExternalAuthenticationMethods Fba
—————————–
New-WebServicesVirtualDirectory -WebsiteName “XXXXXXX”
-InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/EWS/Exchange.asmx” -basicauthentication 1
-windowsauthentication 1
—————————–
New-ActiveSyncVirtualDirectory -WebsiteName “XXXXXXX”
-InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/Microsoft-Server-ActiveSync”
-ExternalAuthenticationMethods Basic -InternalAuthenticationMethods Basic
—————————–
New-OabVirtualDirectory -WebsiteName “XXXXXXX” -InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/OAB”
—————————–
Set-OabVirtualDirectory -PollInterval “30” -Identity “oab (XXXXXXX)”
—————————–
New-UMVirtualDirectory -WebsiteName “XXXXXXX”
-InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/UnifiedMessaging/Service.asmx”
—————————–
New-AutodiscoverVirtualDirectory -WebsiteName “XXXXXXX”
-InternalUrl “https://INTERNAL_FQDN_OF_EXCHANGE/Autodiscover/Autodiscover.xml”
-BasicAuthentication 1 -WindowsAuthentication 1
—————————–
Set-ClientAccessServer -Identity “Servername”
-AutoDiscoverServiceInternalUri “https://INTERNAL_FQDN_OF_EXCHANGE/Autodiscover/Autodiscover.xml”
—————————–
Set-OfflineAddressBook “Default Offline Address Book”
-VirtualDirectories “ServernameOAB (XXXXXXX)” -Versions Version2,Version3,Version4)”

– To check if we were successful in creating the virtual directories correctly type in the commands:

Get-AutodiscoverVirtualDirectory
Get-OABVirtualDirectory
Get-OWAVirtualDirectory
Get-WebServicesVirtualDirectory
Get-ActiveSyncVirtualDirectory
Get-UMVirtualDirectory

For example, you should receive the following for Get-OWAVirtualDirectory

Name Server OwaVersion
——– ——- ———–

Owa (XXXXXXX) Server Name Exchange2007
Exadmin (XXXXXXX) Server Name Exchange2003or2000
Public (XXXXXXX) Server Name Exchange2003or2000
Exchweb (XXXXXXX) Server Name Exchange2003or2000
Exchange(XXXXXXX) Server Name Exchange2003or2000

– Then run the following commands to disable the Kernel Mode Authentication on EWS, Autodiscover, and OAB virtual directories (THE COMMANDS ARE A ONE-LINER. THE NEXT COMMAND IS SEPARATED WITH —————————–. So copy and paste it into notepad, check if it is one line, read it carefully and change the information you have to provide. Information you have to provide is in BIG LETTERS or XXXXXXX):

cd $env:windirsystem32inetsrv
—————————-
.appcmd.exe unlock config “-section:system.webserver/security/authentication/windowsauthentication”
—————————–
.appcmd.exe set config “XXXXXXX/ews” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost
—————————–
.appcmd.exe set config “XXXXXXX/AutoDiscover” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost
—————————–
.appcmd.exe set config “XXXXXXX/oab” “-section:windowsAuthentication” “-useKernelMode:False” /commit:apphost

– Run: iisreset /noforce

– You must rerun the Internet Address Management Wizard to stamp the new virtual directories with the proper external URL and maybe you have to check the certificates.

Give up?
It’s time to upgrade your version of Windows!!
http://www.us-cert.gov/cas/techalerts/TA09-209A.html
If you don’t know what that means, you’re in trouble. Yes, you.
Basically what this says is that EVERY version of Internet Explorer on every version of Windows is vulnerable to a Remote Code Execution exploit. (in English, that means that Mr. Bad Guy can run *ANY* program he wants on your computer with full administrative privileges. This of course, being in direct violation of Rule #1 of the 10 Immutable Laws of Computer Security.)
The patches will implement a kill-bit, and disable parts of COM and ActiveX controls, p(robably)ossibly breaking legacy applications.

The solution?
Run out ->don’t walk<- and buy the latest copy of the Microsoft Windows 7 Operating System. Oh. Sorry. You can't get it, just... yet... It's coming, though.. Microsoft Partners will see it in about 2 weeks, and it will be available to the general public some time in October. The attack vectors are not only via Internet Explorer. Any application (such as MS Office) with access to ActiveX and/or COM objects can exploit this vulnerability. Here’s the bulletin. Extensive testing is suggested if you use ActiveX controls or COM objects in mission-critical applications.

My friend Will turned me on to Pandora Radio. It’s direct access to the Music Genome Project, and plays a constantly adjusted stream of music that you like. You can even combine artists to create a custom play list that is constantly updated. I’m starting to wonder why I keep 150gb of MP3’s taking up drive space…
Check it out here:
Pandora Radio

Thanks, Will!

Linux has become a very utilitarian object for me. I use it in lots of places and situations to make life easier. In fact, most large OEM computer manufacturers have realised this, and use/ship Linux boot CDs to install firmware and low-level drivers. (some even facilitate the installation of a Windows OS to disk using GNU tools.)

Anyway, I’ve been running Ubuntu Linux (Intrepid) as a host OS on a Lenovo X61 tablet. It has everything I need for network engineering, security analysis, troubleshooting, and programming, right there up against the hardware. For tasks requiring the use of Windows, I can boot a virtual machine in Virtualbox, and use that. Today, after booting up, I noticed that I’ve been running the default Intrepid theme since install. I decided it’s time for a change. I went looking for themes, and found:

Nice work, Mr. Vogelweith. Easy to install, beautiful to see. Thank you for sharing. I hope you don’t mind that I changed your logo just slightly, it wouldn’t show up here otherwise!

broseph4521@ ->

Michael Jackson? No, I don’t care to add to the melee of remembrances for the (man?)
I didn’t care for his music, and I especially don’t care for paedophiles.
I consider his death; while sad for his loved ones, a better allocation of breathable air.

But nice try, anyway. Spammer.

First, you need to download SubInACL.

SubInACL is a command-line tool that allows administrators to obtain security information about files, registry keys, and services. It also allows you to transfer this information from user to user, from local or global group to group, and from domain to domain.

Next, create a file with the name regperms.cmd under C:Program FilesWindows Resource KitsTools folder

Now you need to Edit the regperms.cmd file and add the following lines

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

Save and exit the file

Now, you need to open a command prompt and run the following command:

cd “C:Program FilesWindows Resource KitsTools”

After this, press enter and then run this command:

regperms.cmd

After entering this, press enter. After a few minutes of processing by subinacl, the permissions will be reset. Reboot, and enjoy!