No system is an island - Using Windows And Tech Step By Step

I admit I like netsh.This thing can show you show much of what you want to see without doing much and that too from the command prompt which is even cooler.

What do you normally do when you want to see which DNS server you are using?
You use nslookup most of the times from command prompt or some other third part applications to do that,right?

Now,what do you do if you want to see which DHCP server you are using when you are having a dynamic IP on a LAN?
...We use netsh of course!

Here is how :
1.Go to command prompt in Windows XP.
2.Type the following - netsh diag show dhcp

I see the following stuff on my box when I do the above steps :
C:\>netsh diag show dhcp

DHCP Servers
1. [00000001] AMD PCNET Family PCI Ethernet Adapter
DHCPServer = 10.0.2.2

Apart from the above command,there are other very very useful netsh diag show commands too like the test command which checks the network configuration settings in XP.I ran this command on my XP box and this is what I got :

C:\>netsh diag show test

Default Outlook Express Mail (Not Configured)

Default Outlook Express News (Not Configured)

Internet Explorer Web Proxy (Not Configured)

Loopback (127.0.0.1)
Loopback = 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=0
Reply from 127.0.0.1: bytes=32 time=2ms TTL=2
Reply from 127.0.0.1: bytes=32 time<1ms TTL=0
Reply from 127.0.0.1: bytes=32 time<1ms TTL=0
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms

Modems

Network Adapters ([00000001] AMD PCNET Family PCI Ethernet Adapter)
DefaultIPGateway = 10.0.2.2 Same Subnet
Pinging 10.0.2.2 with 32 bytes of data:
Reply from 10.0.2.2: bytes=32 time=2ms TTL=2
Reply from 10.0.2.2: bytes=32 time<1ms TTL=0
Reply from 10.0.2.2: bytes=32 time=1ms TTL=1
Reply from 10.0.2.2: bytes=32 time=4ms TTL=4
Ping statistics for 10.0.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms
DHCPServer = 10.0.2.2
Pinging 10.0.2.2 with 32 bytes of data:
Reply from 10.0.2.2: bytes=32 time=1ms TTL=1
Reply from 10.0.2.2: bytes=32 time=6ms TTL=6
Reply from 10.0.2.2: bytes=32 time=2ms TTL=2
Reply from 10.0.2.2: bytes=32 time=3ms TTL=3
Ping statistics for 10.0.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 3ms
DNSServerSearchOrder = 10.0.2.3
Pinging 10.0.2.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.2.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
IPAddress = 10.0.2.15
Pinging 10.0.2.15 with 32 bytes of data:
Reply from 10.0.2.15: bytes=32 time<1ms TTL=0
Reply from 10.0.2.15: bytes=32 time<1ms TTL=0
Reply from 10.0.2.15: bytes=32 time=1ms TTL=1
Reply from 10.0.2.15: bytes=32 time<1ms TTL=0
Ping statistics for 10.0.2.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

Feel free to test the wonderful world of netsh on your Windows XP machine and you will surely come up with something useful,plus it looks way too cool when you do your thing from command prompt :)

Hope this has been an informative post.

Peace.

"Privilege escalation" -the term in computer security world is often seen as something like a prisoner who has just got a weapon a.k.a "armed and dangerous".

It means getting the important super privileges from a normal user account to root in *nix and admin/system account in Windows world.

Command prompt in Windows machines (especially XP) can do a lot of fun stuff if one knows what to do.Just for curiosity,I want to get admin/system privileges while I am logged as a normal user and I don't want to use the "Run As" option to do that.

Here is how I use task scheduler-the command line version to achieve my goal.
1.Open command prompt.
2.Add a scheduled task by typing the following:

C:\AVP>at \\BOX 16:00 "cmd"
Added a new job with job ID = 1

What I have done is simply asked task scheduler to launch command prompt at 16:00 hours on my local machine,thats all(even if I dont mention \\computername,task scheduler will use the local machine as the target).

However,the command prompt that will be launched will have system privileges :) - this is a very old trick but extremely effective in XP,Vista won't allow this command to run at all without admin privileges.

Hope this has been an informative post,as the old saying goes "Knowledge is power".

Peace.

There is the almighty root account in *nix and here in Windows world is the powerful and omnipotent Administrators group.Actually there can be different admin groups like domain admins,enterprise admins(ultimate account in a Microsoft Windows network) and of course the local administrator account on a standalone Windows box.

Wouldn't it be great if there is an automatic way to find out who all are the administrators or belonging to the admin group on a Windows box? Many ways to find out like using computer management to connect to remote machine and all but it is tedious.

Scripting comes to the rescue once again here.Here is a simple but powerful script that with a slight modification can do what we want it to do.

This script is the one which gets a list of local administrators on current machine :

'Get list of admins on machine
computername = createobject("wscript.network").computername
set group = getobject("WinNT://" & computername & "/administrators,group")
s = ""
for each account in group.members
s = s & account.name & vbcrlf
next
msgbox s

Copy paste the above code and save it as adminlist.vbs or something sensible with a .vbs extension.

Let's just see what the script does briefly :
1.Connect to the WMI namespace of Windows machine.
2.Parse the group listed as "administrators".
3.Output each of the values of that group in a nice message box.

If the list of users is needed instead of administrators,a modification from:

set group = getobject("WinNT://" & computername & "/administrators,group")

to

set group = getobject("WinNT://" & computername & "/users,group") is all what is needed.

Peace.

Task manager in Windows is useful,but what about tasklist?
Tasklist is a command line utility in Windows XP Professional(not in Home)onwards.

Let's say I want to see all the processes and their associated dlls which are running on my Windows box just by using a simple command prompt.I can use tasklist to accomplish that,here is how :

1.Open the beloved Windows command prompt(in XP Pro or Vista).
2.Get the list of all associated modules/dlls for services running on the box.
3.Pipe the output as a cute csv file for viewing.

Command to do all the stuff listed above :

C:\Users\AVP>tasklist/M /FO CSV>>C:\Users\AVP\dllsinacttion.csv

The /M switch lists all the modules belonging to services that are running.
/FO is basically the format,here I have used it as CSV so it can be viewed as a spreadsheet.

Now that I have lots of dlls listed,what to do with it?
Many dlls are orphans as in they hang around with no active processes associated but gobble up cache memory making the box slow.
I can edit the registry so that this can be avoided thereby optimising the system RAM.

How:
Open registry editor - type regedt32 from command prompt to bring it up.
The registry hack for that is editing the following key :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

Here,create a new DWORD value named AlwaysUnloadDll (note the capital letters) and assign it a value of 1 as in asking Windows to always unload dlls.
Save the registry changes and reboot once.

Note : This might affect really old programs running on Windows(as in legacy programs) so best to backup the registry first and try out this hack.

Hope this has been an informative and yes somewhat obscure post :)

Peace.

Maintaining and administering Windows machines (desktops and servers of Windows make) is a time intensive and often very challenging task [Think about the last time there was a virus outbreak on your LAN machines :) ].

One task which is very time consuming is the configuration of network settings on individual machines.Visiting each box to change its network settings is not at all something that excites all.

Here is a VB script that converts static IPs to a DHCP based when run on the target machines.First off,a properly configured DHCP server should be in place and secondly the target machines should be alive on the network.

The script in a nutshell will do the following things :

1.Make the DHCP service start automatically.
2.Get the network card details
3.Configure the network card to use DHCP (the obtain IP addresses automatically thingy...)

To use this script,save it as somesensiblescriptname.vbs,put it in logon script and deploy that logon script via GPO (of course we are talking about domain based environment)

Script :
'This script will move the addresses from static to DHCP on machines it will be executed

Option Explicit

Dim oWSHShell
Dim sNIC, sMan
Dim iCount

Set oWSHShell = WScript.CreateObject("WScript.Shell")



' First we make the DHCP service to start automatically
oWSHShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\DHCP\Start", 2



' Get network card stuff

On Error Resume Next
iCount = 1

Do
sNIC = oWSHShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\ " & _
"CurrentVersion\NetworkCards\" & iCount & "\ServiceName")
sMan = oWSHShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\ " & _
"CurrentVersion\NetworkCards\" & iCount & "\Manufacturer")

' We will ignore the Async and NDIS services
If sMan <> "Microsoft" And Err.Number = 0 Then
Call SetNIC
End If
iCount = iCount + 1
Loop Until Err.Number <> 0

' Clear the error
Err.Clear

' End of Script

Sub SetNIC
Dim iTest

' Set the NIC service to use DHCP

sNIC = "HKLM\SYSTEM\CurrentControlSet\Services\" & sNIC &"\Parameters\TCPIP\"
iTest = oWSHShell.RegRead(sNIC & "EnableDHCP")
If iTest = 0 Then
oWSHShell.RegWrite sNIC & "EnableDHCP", 1, "REG_DWORD"
oWSHShell.RegWrite sNIC & "IPAddress", "0.0.0.0", "REG_MULTI_SZ"
oWSHShell.RegWrite sNIC & "SubnetMask", "0.0.0.0", "REG_MULTI_SZ"
End If
End Sub

A good resource for time saving scripts can be found here.

Peace.

Some time back,I tried putting in Tata USB modem (also known as plug2surf or Tata SXC 1080 here in India) on my Ubuntu desktop.

The configuration is pretty much straight forward that involves editing a wvdial.conf file with the supporting parameters for making the modem work.

Configuration steps:
1.From Ubuntu terminal,type sudo wvdial(Note that if you want to work as a root user itself,its better to first type "sudo -i",this will put you in root mode directly).
2.Once wvdial is activated,you will need to edit the /etc/wvdial.conf file,open up using vim/gedit or any text editor and copy paste the following :

[Dialer Defaults]
Init1=ATZ
Init2=ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN=0
Modem Type=USB Modem
Phone=#777
Password=internet
Username=internet
;New PPPD=yes
stupid mode=1
Modem=/dev/ttyACM0
Baud=460800

3.Save the contents,make sure they are in place(cat /etc/wvdial.conf should list them)
4.Run wvdial again and start surfing the internet.


Peace.

Windows command prompt is like the old distant uncle you have,you dont speak much with him normally but whenever you go to him for help,help is guaranteed.

Let's take a look at a domain based scenario wherein I want to check connectivity from client system to any
available domain controller.

I call upon the Windows command prompt to help me on checking this.
Here,we do two things:

1.Open command prompt.
2.Use the set command in Windows to get us the required info.

Here is what I see :

C:\Users\AVP>set logon
LOGONSERVER=\\BOX

This means that I am currently using a domain controller named \\BOX if it is a domain based environment.If I see the name of my own Windows client on running the set logon command in a domain environment,there is a high possibility of the connection to the DC being botched up and needs a fix.

Personally,I have removed and rejoined the systems to domain whenever I have seen set logon return the name of the local machine instead of the DC [this saves a lot of time from troubleshooting GPOs,doesnt it? :)].Even after returning the correct DC value,if there is something wrong,you can go ahead and check the GPOs.

I hope this post helps in diagnosing the connection to DC as a first step before actually jumping in and start troubleshooting GPOs or DC settings.

Peace.

Many times,the windows automatic updates dialog can become an eye sore especially when the box is in public view.Hitting the later button will only make it go away for a while and then it pops up again.

In my earlier post,I had written how useful psexec actually is.

I can think of a simple analogy when using psexec for remote administration.
Psexec is the transport that you take to reach the place(the remote system) where you want to go.

Lets take a look at how to get rid of those automatic updates messages when its a system placed in public view(like kiosks etc.)

I want to disable the updates on box named AVP-XP in this example:

1.Get the remote shell or remote command prompt of the system -
psexec \\AVP-XP cmd

This gives me :
C:\Windows\System32>


2.Now that we are we wanted to go,simply disable the wuau service on the remote box :
C:\Windows\System32>net stop wuau

3.All done.

This will stop the service on remote box without even having to go where it is placed,of course it has to be online in the first place :)

For disabling the same through GUI,take a look at this nice website.

Peace.

It is common in Windows that while working we suddenly find ourselves unable to click or do much because of "hangs" in the system.
There can be many many reasons for this to happen,event viewer can help to see that.Most of the times,we restart Windows to make the frozen screen go away,however there is one more method which can be tried before actually restarting the system.

How :
1.Begin by giving the three finger salute (Ctrl-Alt-Del),and select task manager.
2.Click File>New Task.
3.In the popup window,type : explorer.exe and hit enter.
4.This will basically spawn the new system shell over the old one effectively terminating all the applications and files from the older one.

For more information on explorer.exe,go here.

Hope this has been an informative post.
Peace.