BIOS-level malware
March 24th, 2009. Published under Uncategorized. No Comments.
This is scary stuff. Malware that infects the BIOS will not be removed when doing a full OS reinstall. What’s more, the researchers claim even flashing the BIOS does not remove it. It would not be dependent on an OS, so it doesn’t matter what you are running…it could still infect your PC or MAC or Linux (etc, etc) box. This would be bad.
Read the article at ThreatPost.
Do not trust Google ads
February 25th, 2009. Published under Uncategorized. No Comments.
I love Gmail. I use it with Chrome, so there currently is no ad-blocking going on like you can do with Firefox. The Google ads are context-based, of course, so you usually see ads relative to the email you are viewing.
Click for full size image
So I was viewing a thread update email from the Safer Networking Forums about an issue with Spybot Search & Destroy, a legitimate and very good anti-malware program, when I noticed no less than four “ads” for malware junk purporting to be Spybot.
WTF Google?
Export Outlook profile settings
January 12th, 2009. Published under Uncategorized. No Comments.
This is a great help when moving someone over to a new computer (at least if doing so manually). You can export Outlook profile settings using Regedit and import them on the new computer. You’ll have to manually move data files, though.
I know this works in Outlook 2003 and I believe it works in most other versions as well. Each profile is saved in its own key, with the profile name as the key name, under the following key:
\HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows Messaging Subsystem\Profiles
Export this entire key and subkeys and import them on the new computer. Then move data files over. If you can manage to make the username the same and the profile path comes out the same, you are golden. If not, then go into the settings of each profile and change the path to each data file.
Outlook Anywhere and Exchange Server 2007 – Round 2
December 25th, 2008. Published under Uncategorized. No Comments.
OK, I didn’t know I was going to have a “round 2″ here (round 1 is here), but apparently I was not done configuring things. Hey, I never claimed to be perfect. In fact, this install is the first time I’ve touched Exchange 2007, so I’m learning as I go. But its all working now (as far as I know, at least).
The first issue we noticed was a syncronization error in the “Sync Issues” folder (sounds appropriate). More like a bunch of errors, but they all said the same thing (names changed to protect the innocent, of course):
17:11:46 Synchronizer Version 12.0.631517:11:46 Synchronizing Mailbox ‘Domain User‘17:11:46 Synchronizing Hierarchy17:11:47 Done17:12:13 Microsoft Exchange offline address book17:12:13 Not downloading Offline address book files. A server (URL) could not be located.17:12:13 0X8004010F
This didn’t seem to break any functionality, as the user could still open and use the Global Address List. But these stacked up quickly, I believe every time a Send/Receive occurred. It is worth noting these Outlook Address Book sync issues occurred on only Outlook Anywhere (OA) users and only when connected to the internal network and only when the laptops were not joined to the domain. When they were externally-connected these issues did not occur. The internally-connected computers joined to the domain did not have this issue.
The second issue was with the Out of Office Assistant (OAA). Users would receive the following error when opening OOA:
Your Out of Office settings cannot be displayed, because the server is currently unavailable.
This of course was not true; Exchange was working beyond these issues. What’s more, OA users, when accessing Exchange from outside the LAN, had no problems with OAA connectivity, but this time the internally-connected domain members did have the issue. Still, OAA worked fine from Outlook Web Access, so I knew it was not an issue with the OAA mechanism itself.
Using the Test E-mail Autoconfiguration tool by doing a CTRL + right-click on the Outlook icon in the System Tray verified I was having internal DNS issues. These issues were due, I presume, to my original choice of domain namespace, using the “corp” subdomain for the Active Directory domain name (corp.domain.com).
To fix, I created a new Forward Lookup Zone namespace for “domain.com” internally. This was a Primary zone stored in Active Directory. This of course would break the ability for internal clients to browse to domain.com, since this website is hosted externally. No problem, I just made a “same as parent folder” A record and a “www” A record, both pointing to the same IP address the external A record for domain.com.
To solve the issues breaking OAB sync for internally-connected OA users and OAA connectivity for everyone, I added the following records to the internal namespace:
- “owa” A record pointing to the internal IP address of the Exchange server
- “autodiscover” A record pointing to the internal IP address of the Exchange server
Once the clients picked up the changes, both issues went away. Again, maybe I should not have created “corp.domain.com” for the internal AD namespace. It has worked in the past for me, so I stuck with it when building this network.
I welcome any comments in regard to internal namespace structure.
Install any Windows application as a service
December 24th, 2008. Published under Uncategorized. No Comments.
This is very handy for making applications run before user login on a Windows box. The instructions are pretty simple:
- Acquire instsrv.exe and srvany.exe from the Windows Server 2003 Resource Kit. You can put these files wherever you want, but it is probably best to dump them into %WINDIR%\System32 (which is usually “C:\Windows\System32″ on Windows XP. The srvany.exe application must remain where you put it because the service is going to use it to run your application.
- Open a command prompt (Start -> Run -> type “cmd”) and change directory to where you put these files.
- Type “instsrv ServiceName PathToSrvany.exe“. For example, if I desire the name of the service to be BiteMe and I saved the executables where I suggested in Step 1, I would type “instsrv BiteMe C:\Windows\System32\srvany.exe”.
- Lauch the Registry Editor (Start -> Run -> type “regedit.exe”) and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName. Right-click the key named ServiceName and select New -> Key. Name the new key “Parameters” and click it. Right-click the new Parameters key and select New -> String Value. Name this new String (REG_SZ) Value “Application” and set the value data to the path to the executable of the application you desire to make a service. So if I wanted to make Firefox run as a service, I would put “C:\Program Files\Mozilla Firefox\firefox.exe” in the value data field.
- OPTIONAL: Services usually just run in the background and do not need to be messed with. However, if you must interact with this service, you’ll want to open the Services snap-in (I like to use Start -> Run -> type “services.msc” to launch it) and find your new service in the alphabetical list. Right-click it and select Properties (or just double-click it). On the Log On tab, check the checkbox that says “Allow service to interact with desktop”. This will allow you to interact with the GUI of the application.
- ALSO OPTIONAL: You can add dependencies, which are other services that must be running prior to this service to start, by adding a Multi-String value to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName key called “DependOnService”. In this value you put the actual service name (not the “display”) service name, one service name per line. You can see the actual service name by opening the properties of the service from the Services application. For example, if you wanted to add a dependency for the Windows Time service, you would add “w32time” to the DependOnService value.
That’s about it. The service you just made will show up as srvany.exe in the process list, just like many Windows services run under svchost.exe. If you want to see what services are running under either of these processes, you can use the following command in a comand prompt:
tasklist /svc /fi “Imagename eq svchost.exe”
or
tasklist /svc /fi “Imagename eq srvany.exe”
Try it out.
Oh, also worth mentioning is removing your service if desired. You can do this by typing “instsrv ServiceName remove”.
Quickly enable and disable Aero in Windows Vista
November 21st, 2008. Published under Uncategorized. No Comments.
There are many articles out there on this already, but I think this one on Tweaking with Vishal is one of the better. Vishal lists not only the command line arguments…
Activate Aero:
rundll32 dwmApi #102
Deactivate Aero:
rundll32 dwmApi #104
…but also gives directions to add these commands to both the Desktop context menu and the My Computer context menu. Very cool.