- Regarding reading Windows passwords for future restoration: MVPs have weighed in to suggest it can't be done. Greig has also weighed in with a "why the hell not; obviously something reads the password to see if it matches the one you entered." So, Windows gurus, hack me something unsupported into LSASS.
- Regarding NetworkManager PPTP for Ubuntu Dapper: the previous package didn't work well because it didn't require pptp-linux, but a new package has fixed that, and some build issues, and is now working its way through REVU.
Posts Tagged ‘windows’
Slashback
Monday, August 21st, 2006Windows Administrator Challenge: Temporary password changes
Monday, August 21st, 2006I've yet to post something so sensational (or trollworthy, or just "noticed by Digg") to build up a loyal readership of thousands. I'm sure it'll come eventually. I need to do a couple of things: pimp myself to various Planets, and decide exactly what it is I write about. Generally, it's "things related to what I'm working on", which may or may not be of interest.
My last plea for help didn't turn anyone up. Here's another one that hopefully Google will one day turn up for someone who is bored and has the knowledge and skill to do this, or I'll get bored myself, and acquire the knowledge and skill to do it. Perhaps when it's cricket season again..
I want a simple add-on for the Active Directory Users & Computers MMC utility that does the following things:
- Allows you to change a password for a user, and more importantly
- Saves the original password, so you can reset it later.
No more will you have to ask a user for a password to log into their machine and fix something wrong with their specific profile or operating environment, or change their password and tell them to change it back when you're finished. The script will copy the crypted password to an unused LDAP attribute on the account, and then copy it back when finished - without ever having to know what the password is. By standard means, it's not possible to read the password hash out of AD, so I'm currently seeking help from the newsgroups.
Daniel Petri's help pages have examples on how to extend AD to add options to the context menu for a user, to run VB scripts.
Cranky at little 'exploitable' Outlook foibles?
Wednesday, August 9th, 2006There used to be a bug in Outlook and Outlook Express's handling of uuencode (remember that?) that meant if you began a message with "begin" and two spaces, it would render the rest of the message unreadable. A few people on the WLUG mailing list tried using "begin quoted message from X", until we politely pointed out to them that some people are forced to, or choose to, use a Windows mail client, and it's bad advocacy to stop them from being able to read your messages.
Other variations on the theme pop up every now and then; here's one on a message from jdub this morning, with a little less angry and a little more style.
If you're interested, it is put there by X-Message-Flag. And it's easy to do.
Meta-Windows utilities
Monday, July 24th, 2006Want to get all the SysInternals utilities? You can download them all yourself, or there's a really useful SysInternals installer built by Ross Smith II that downloads them all (or the ones you select) and creates shortcuts for them for you.
He also has a similar utility for the NirSoft utilities, which include excellent tools for recovering lost passwords and product keys. Watch out if you run Symantec AntiVirus, as it will suggest they are "hack tools".
Another useful meta-utility is The Ultimate Boot CD for Windows. Built on BartPE, the free and legal Windows LiveCD builder (you must have a license for Windows to use it, and you must not use it on more than one PC at once), The Ultimate Boot CD builds you a bootable image with dozens of useful recovery utilities on it. Every sysadmin should have one.
Left out in the .NET cold
Tuesday, July 18th, 2006Hey, if Juha's blog is a NZ .NET blog, then dammit, I ought to be one too. Vote for me! I have a Smartphone, and wrote a program in C# once!
On that note, did you hear I wrote a program in C# once? Mostly while watching one-day cricket last summer, in fact. It progressed really well, and seemed like it would fill a need - it does profile management for Windows 2000/XP machines. I learnt a lot on the go, and got it to the point where I didn't think that I would be able to go much further without peer review.
So, I released it, and posted about it to some newsgroups. And got no feedback. Not one. Not a sausage.
Since then, I've actually gone to run it once, and found that it didn't actually work on .NET 1.1 - even though I'd deliberately eschewed nice new 2.0-only classes and done things The Hard Way for maximum compatibility, because I'd used Visual Studio Express 2005, it used 2.0 by default. I found out how to fix that, but by that time, it was quicker to fix the profiles manually.
I don't really enjoy programming the way that my programmer friends do. If I had a Windows programmer buddy to help me with the details and motivate me, then the Windows sysadmins of this world could end up with a pretty cool tool. So, 1. I think this post must make my blog the best .NET blog in NZ (cough cough) and 2. if anyone out there wants to help out with a useful C# project for Windows sysadmins, please comment below.
Windows tips: Starting WinVNC automatically if not running
Monday, July 17th, 2006A long time ago I built an installer for WinVNC so that IT Partners' clients can connect back to us and we can fix their problems remotely.
A problem I have always had with it was that you have to launch WinVNC seperately from a connection shortcut; if you tried to run it every time, it would say "Another instance of WinVNC is already running", and if you go to connect when there isn't a running WinVNC, you get "No existing instance of WinVNC could be contacted". Therefore, users need to perform two distinct steps - a "launch", which does -kill -run, and a "start session", which does a -connect.
Here is a nice batch file to get around it, using SysInternals' PSList utility. If you know your users are on Windows XP or greater, you could use the built in tasklist command instead.
@echo off
pslist winvnc > nul
if %ERRORLEVEL% EQU 0 goto connect
start winvnc -run
:connect
if [%1] NEQ [] start winvnc %1 %2 %3 %4 %5
:end
Craig's Way
Thursday, July 6th, 2006Open letters seem to be all the rage these days. How about we just go with "Craig, as benevolent dictator, says How It Is":
Microsoft are hereby instructed to publish Open Office XML as a royalty and patent free open standard. Everyone else is hereby instructed to change to use it (they can call it OpenDocument 2.0 if required), and then people won't have to care about OpenOffice.org if they don't want, because the standard is standard.
Microsoft will then be forced to operate exactly to the published standard, publishing changes under the same license and arrangement if they wish to extend the standard (well before the release of their product), and maintaining backwards compatibility.
There, everyone wins. Why does it always take me deciding how it has to be, to get results like this?
Vote Quimby.
IE7 and WGA
Monday, July 3rd, 2006Such beautiful praise from Paul Thurrott:
Internet Explorer 7.0 Beta 3 is a solid, feature-packed browser that all IE users should flock to immediately. While it's not enough to make me switch from Firefox yet--I still love certain Firefox features such as inline search--it's no longer an object of ridicule either.
What I do dislike, however:
Is this happening with everything? Will WGA ever stop? (Well, yes, in that case. But you know they want to do it.)
The copy of Windows XP I'm using is the one that came preloaded with my laptop, but we deal a lot also in volume license versions for our customers (more Office than Windows, as there's little point in buying Windows twice, and we can't exactly buy PCs without it now, can we?) I don't appreciate being made to feel like a criminal every time I want to do anything.
Windows utilities you didn't know about: subinacl.exe
Friday, June 30th, 2006subinacl is "a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain."
The magic thing that you can do with subinacl that you can't do with the GUI, is change ownership of files. It was a deliberate decision to only allow taking ownership from the GUI, so that if you are an admin, and someone locks you out of their files, and you have to take ownership to see them, the owner will know. Bugger having a paper trail for a laugh - use subinacl.
I have found a good example (with pics) at Windows Server Hacks. There is a reference page at ss64, which is a great reference for command line Windows tools. (What, Windows has a command line?)
If you're the sort of person who already knew about subinacl, can tell me tales of other useful tools like it, and want an IT job in Hamilton, we want to hear from you.
More random unfixed bugs: Big gray box on Java websites
Monday, June 26th, 2006One of the reasons I wanted to start blogging was to draw attention to random bugs that I've found and either only worked around or not fixed.
Today's bug-that-I-hoped-was-fixed: in the Sun JVM on Windows XP, 1.5.0.06 (Update 6) or higher, if you try and go to a website that embeds Java, and get a big gray box instead of usefulness.
It is not fixed in 1.5.0.07. In fact, it is marked WONTFIX. It would be fixed if Java was open source software, or if Microsoft and Sun were still friendly, co-operating companies. Unfortunately, neither of these things are currently true. Apparently Microsoft will address it in a cumulative update, sometime, if they feel like it. (Maybe it will be fixed in WinFS? *sting*)
Resolution: downgrade to 1.5.0.05. And cry a little.