Thursday, December 16, 2010

Wake on LAN over the Internet

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down again (I don't believe in leaving the computer turned on and wasting power).

"So that was interesting," said my colleague. "How did you set that up?"

The first thing to know about waking up your computer over the Internet is that not all home firewall/routers are going to be able to do it. Check the specs of your device. Along with the usual things like port forwarding, it needs to support static ARP entries. If it can, it's relatively straightforward.

First of all, set a static IP address on your target machine. Then go into the properties of the network card and enable Wake on LAN if it is not already enabled (It's usually enabled by default). You may have to enable Wake on LAN in the BIOS as well. Record the MAC address of your machine as you will need this to wake it (you can get this at the command prompt with an ipconfig /all ).

Next, you need to register the static IP address of your machine in the ARP table of your router. This is the part that some firewall/router devices targeting the home market are not going to be able to do. You will need to refer to your devices manual or support site to determine how to do this. You may not be able to do this while the network interface you are registering is connected to the network, so you may require another network interface or a second computer.

Finally, you need to set up a virtual server on your firewall with the following parameters:
  • Use the UDP protocol.
  • Use 9 for the internal port.
  • Use your static IP address of the target computer for the internal address.
  • Use any common port for the external port, but choose one not already in use. If you don't have a POP3 Mail server for instance, you could use 110.

I would also advise that you set up a Dynamic DNS. Many home firewall/router devices will be able to register their address automatically with one of these sites (for example: http://www.dyndns.com or http://www.no-ip.com.) This enables you to just remember a FQDN entry instead of an IP address and will also update if your IP address changes.

Now you should be able to turn off your computer and use another computer, or even a smart phone to send a magic packet to wake up the computer. I use http://www.depicus.com/wake-on-lan/woli.aspx

Just enter the MAC address of the computer, the IP address or FQDN, 255.255.255.255 as the subnet mask (as you are targeting a single host) and the port number you registered as the external port for your virtual server. Click the WAKE ON LAN button and your computer should turn itself on moments later!

If you have another virtual server set up to relay VNC or RDP to your machine, you can then control the machine remotely.


Cheers,
Sean

Thursday, November 11, 2010

iPhone emails missing message body

There's any number of blogs and forum posts on the web that probably already have this, but I discovered an issue with the way the iPhone email handles interaction with PDFs and iBooks today.

If you download and email onto iphone with an attached PDF and save that PDF to iBooks the email body in all messages will disappear.


The simple solution is to reboot the phone or kill the mail process.

I expect Apple will patch this soon.

Thursday, September 30, 2010

Reset Passwords for all User Accounts in an OU

I realise that there's plenty of scripts floating around the net that already do this, but for me this was simply an exercise.

Note: I haven't gotten around to testing it yet.


' PasswordReset.vbs
' Resets all passwords within an AD Container
' Version 1.0
' 27 September 2010


Option Explicit
Dim objRootDSE, objOU, objUser
Dim strTargetOU, strForceReset, strEnAcct, strDNSDomain, strNewPass
Dim intCounter, intUACval, intPWLval


' Change strTargetOU to location of user accounts
strTargetOU = "MyContainer"


' Change strNewPass to the new password
strNewPass = "Password123"


' Change strForceReset to "Yes" in order to force users to reset passwords
strForceReset = "No"


' Change strEnAcct to "Yes" in order to enable disabled accounts
strEnAcct = "No"


' Int Values 
' See Microsoft KB305144 for UserAccountControl values
' Setting PwdLastSet value to 0 forces password reset
intUACval = 544
intPWLval = 0
intCounter = 0


Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strTargetOU = "OU=" & strTargetOU & ", " & strDNSDomain
set objOU =GetObject("LDAP://" & strTargetOU )


For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strNewPass
objUser.SetInfo


If strForceReset="Yes"
objUser.Put "pwdLastSet", intPWLval
objUser.SetInfo
End if
If strEnAcct="Yes"
objUser.Put "userAccountControl", intUACval
objUser.SetInfo
End if


intCounter = intCounter +1
End if
Next


WScript.Echo "New Password: " & strNewPass & vbCr & "Accounts changed: " & intCounter _
  & vbCr & "Password Change Forced: " & strForceReset & vbCr & "Disabled Accounts Enabled: " & strEnAcct
  


Tuesday, September 7, 2010

SCCM: Excluding a directory structure from being inventoried.

A colleague asked me today how to exclude a directory structure on a single client machine from being inventoried by SCCM. The answer is to create a hidden sparse text file named skpswi.dat in the folder.

Thanks Tyriax for the question!

Wednesday, September 1, 2010

Office Autosave Locations

I always thought that the autosave for an Office file was created in the same location as the file. It turns out that this was because I almost always work with Office files on network drives.

When a new file is started a temporary file is created. This can be either in the windows temp directory, in "C:\ Documents and Settings\<username>\Application Data\Microsoft". If the file is stored on a network drive then it will be temporarily created there.

This temporary file will have a few different letters after the tilde (or squiggly line “ ~”) . These are good ones to look for to find some lost info. There are others, but these are the ones most likely to contain data that can be recovered.

Thursday, August 12, 2010

Subroutine to quit a VBS login script on Windows 2003/2008 servers

Sub DetectOS()

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select * from Win32_OperatingSystem")

    For Each objOperatingSystem In colOperatingSystems
        If InStr( objOperatingSystem.Caption,"2003") <> 0 _
        or InStr( objOperatingSystem.Caption,"2008") <> 0  Then
            WriteLog "Detected Operating System: " & objOperatingSystem.Caption
                WriteLog "Script will not continue...."
            WScript.Quit(0)
        Else
                WriteLog "Detected Operating System: " & objOperatingSystem.Caption
                WriteLog "Script will continue....."
        End if
    NextEnd Sub

Sunday, July 4, 2010

Exchange and Server Naming

I worked for an organisation once that had a naming convention for its servers that constituted:
  • a country code (2 alpha)
  • a location code (3 alpha)
  • a server type code (2 alpha)
  • an instance number (2 numeric)
This was fine as naming conventions go (although these days I personally prefer location independent naming conventions as modern servers can so easily and quickly be relocated).

Unfortunately, this resulted in a server name of AUTHOMS01. You might look at this and think "Okay, no problem" and you would be right, unless you installed Exchange on the server.

We couldn't for the life of us figure out why Exchange would not complete SMTP transactions even though the answer was staring us in the face. It turned out that whenever the server communicated with a destination server, the transaction stopped whenever the AUTHOMS01 server presented itself.... because SMTP saw the first four letters of the server name as a valid SMTP command: AUTH.

So take care not to name your mail servers with a name that starts with a valid SMTP command!

Cheers,
Sean

Locating Encrypted Files

When undertaking a file migration project between Active Directory domains and forests, it's necessary to locate any EFS encrypted files in order to decrypt them prior to the decommissioning of the old domain and the loss of the keys.

I located this handy script that will identify encrypted files in a volume (just change the drive letter as necessary):

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colFolders = objWMIService. _
     ExecQuery("Select * from Win32_Directory where Drive='C:'" _
              & " AND Encrypted=True")

For Each objFolder in colFolders
     Wscript.Echo "Name: " & objFolder.Name
     Wscript.Echo "Path: " & objFolder.Path
Next

Wednesday, June 16, 2010

Excel: Splitting Names

I've been working on a project that requires the manipulation of name data. A lot of the names were given as full names, some with multiple last names, that for the purposes of data manipulation had to be split. Here's the simple way to do it:

Assuming data is in A1 and the value of the cell is "Charles Kingsford Smith"

For First Name use:
=LEFT(A1,FIND(" ",A:A)-1)
for a resulting value of "Charles"


and for Last Name use:
=MID(A1,FIND(" ",A1)+1,LEN(A1))
for a resulting value of "Kingsford Smith"

Thursday, May 13, 2010

Change the READY message on HP Printers

A little bit of Friday humour...

Be aware that this may be against your organisations Acceptable Use Policy. Also be aware that people without a sense of humour may not find it funny. Don't get into trouble!

The message may be reset to the default by power cycling the printer, or re-running the script and passing "READY" as the message.

Please note, I have not tested this... yet... hehehe.


Telnet to port 9100 on the printer and enter the following: 

\e%-12345X\@PJL JOB
\@PJL RDYMSG DISPLAY="MESSAGE HERE"
\@PJL EOJ
\e%-12345X

Some funny suggestions:
“Insert Coin”,
“Insert Cheese”,
“Im Sad..”,
“Low Monkeys”,
“Feed me a cat”,
“Insert Butter & Jam”,
“Free The Ink!!”,
“My Cousin Is A Toaster”,
“Load Soy Latte”,
“Paper Tastes Funny Today”,
“Free Hugs..”,
“Toner Tastes Funny Today”,
“Press OK Button for Pacman”,
“Flower Power Mode”,
“Incoming Fax…”,
“Cheese Mode”




Tuesday, February 23, 2010

WCCP - Traffic Flow Diagram

I couldn't find a good generic WCCP traffic flow diagram, so I created one:


Thursday, February 11, 2010

SCCM: Failed in GetCertificate(...): 0x80040281

I started seeing this error in the ccmsetup.log file on some client machines after updating to Service Pack 2 on the SCCM Server:


Failed in GetCertificate(...): 0x80040281


The SP2 installation does not automatically update the client installation files. In the SCCM console, if you navigate to:


Site Database : Site Management : Site Code - Site Name: Site Settings : Client Installation Methods


...and open Software Update Point Client Installation, you should be prompted to update the published version of the client. Note that it can take 30 seconds or so before you can re-open it to see the published version match the available version.


You may also need to update the client in other locations, such as Group Policy or the Right-Click tools.

Cheers,
Sean

Wednesday, February 3, 2010

IronPort WCCP Redirection and Proxy Bypass List

I came across a trap for the unwary today. It seems that the IronPort WSA products Proxy Bypass List for transparent mode redirection actually operates on sources as well as destinations.



From the Administrators Guide (note the "or from"):

You can configure the Web Security appliance so client requests to or from particular addresses bypass all processing by the Web Proxy.



Therefore, putting your internal address space in the list to prevent the caching engine from performing access checks and caching upon your intranet and other internal web content will actually prevent transparent redirection from working at all !!



Rather than do this, set up your access lists for WCCP redirection on your router or switch to prevent the requests with an internal destination from being redirected to your caching engine in the first place.



Ip access-list standard wccp-devices
Remark Only WCCP devices should be listed here

permit 10.200.10.10
permit 10.200.10.20

Ip access-list extended wccp-80
Remark Deny redirection of web traffic to internal services, then permit all http

Remark Internal Devices may be listed as deny (source) here to prevent them using transparent proxy
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip host 10.100.1.50 any
permit ip any any eq www


Ip access-list extended wccp-443
Remark Deny redirection of web traffic to internal services, then permit all https
Remark Internal Devices may be listed as deny (source) here to prevent them using transparent proxy
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip host 10.100.1.50 any
permit ip any any eq 443

ip wccp web-cache redirect-list wccp-80 group-list wccp-devices password password
ip wccp 120 redirect-list wccp-443 group-list wccp-devices password password

Interface [outbound network]
ip address 10.1.1.x
ip wccp web-cache redirect out
ip wccp 120 redirect out




Note that you can avoid the overhead associated with CEF forwarding for outbound traffic on your switches by using redirection on input traffic instead of output traffic, and this will provide faster redirection of packets, but this will often mean a much more complex configuration. If you're not approaching the performance limits of your switches and it's not going to impact VOIP call quality, it's probably going to be simpler to configure redirection on the outbound port to your firewall and measure during peak usage periods (usually lunch time for web usage) for any performance impact.



Cheers,
Sean

Thursday, January 28, 2010

Move and Disable Stale Computer Accounts

I started to write a script today to relocate and disable computer accounts that have an old PwdLastSet attribute. Before I got very far, I discovered that Richard Mueller of Hilltop Lab had already done quite an effective job of scripting this very task and has made the effort to refine it a few times too.

The script can be found at http://www.rlmueller.net/Programs/MoveOldComputers.txt

I modified it a little to suit my own purposes, but his script certainly got me 90% of the way there. Thanks for saving me the effort Richard!

Cheers,
Sean

Wednesday, January 20, 2010

Windows Update Problem Fixup Script

I've had this script floating around for a while. I put it together based on a number of recommendations from Microsoft regarding fixing problems with Windows Update.

Note that this will fix some errors, but there are a whole swag of issues that can arise with automatic updates.

Also, as always, I take absolutely no responsibility if this causes your machine to implode (although I would love to see the photos if it does!)

@echo off

if exist %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat


if exist %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat

if exist %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat

if exist %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat

regsvr32 /s softpub.dll

regsvr32 /s wintrust.dll
regsvr32 /s initpki.dll
regsvr32 /s dssenh.dll
regsvr32 /s rsaenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s sccbase.dll
regsvr32 /s slbcsp.dll
regsvr32 /s mssip32.dll
regsvr32 /s cryptdlg.dll

attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2

net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc

net stop wuauserv
rd /S /Q %windir%\SoftwareDistribution
md %windir%\SoftwareDistribution
net start wuauserv

Cheers,
Sean