Author Archives: Dom

About Dom

This is the biographical bit about myself! Well I'm a slave to technology and this it were I'm putting all the stuff I didn't quite figure out by-my-self at the time, so I have posted all the fixes!

Windows 7 | Delete Offline File Cache CSC Folder

Leave a Reply

After carrying out a domain migration on a PC the “offline files cache” still retains a local cache for the previous domain.

Within “Offline Files” (Control Panel) there is an option to “Delete temporary files” but this does not remove the “All offline files” cache located in the “C:\Windows\CSC” folder

The workaround to fully remove these files (and start a new offline sync) is to add the “FormatDatabase” registry entry which forces deletion.

This command will add the registry entry. After which reboot the system and all offline files will be removed:

reg add HKLM\SYSTEM\CurrentControlSet\services\CSC\Parameters /v FormatDatabase /t REG_DWORD /d 1

DFS | Site Links, Server Target Prioritization & Reference Info

Leave a Reply

DFS Setup and Configuration Notes

I like DFS, the main issue I found is setting it up, tailoring it to your needs, debugging and configuring which can be a bit troublesome. I’ve spent a while trying to implement and tweak it for a large scale network (17 x Sites using DFS-N & DFS-R) I’ve list a number of articles/URLs which have proven useful on my DFS internet travels…

Continue reading

Obtaining local Passwords from Memory Dump

Leave a Reply

Outputting memory dump of Windows security sessions. (Obtaining passwords stored locally in cache). This can be run against a remote system to obtain password credential information. This requires “local administrator” rights on the remote PC being targeted.

Requires: PsExec & ProcDump

psexec \\computername -accepteula -s -c procdump -accepteula -ma -o lsass.exe \\server\logs\computername.log

Reference: https://cyberarms.wordpress.com/2015/03/16/grabbing-passwords-from-memory-using-procdump-and-mimikatz/

Remove Sharepoint Login Prompt in IE

Leave a Reply

We have a company SharePoint site which requires authentication information before logging on. This is a pain as the information displayed on the initial screen of SharePoint does not need to be restricted (Company Intranet).

Login “Annoying” Prompt:

HTTPAuth

In order to remove this you can modify the option in I.E. to use local logon credential (domain PCs):

  1. Tools/Internet Options/Security/Local Intranet/Sites
  2. Add the site in the list, click OK.
  3. Still in Local Intranet, click on “Custom Level”, scroll all the way to the bottom to User Authentication/Logon
  4. Click on “Automatic Logon with current user name and password”
  5. When the user logs to the site, make sure to select the checkmark “remember username/password” when the site asks for credentials

Trent AV | Tools & Commands

Leave a Reply

Transferring Trend OfficeScan Client from One Trend Console to Another

\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831

Transferring Trend OfficeScan Client from One Trend Console to Another REMOTELY

Download PSEXEC and copy to to C:\Windows\System32

psexec \\LaptopName -u Domain\ADMUSER -p Passw0rd -i "\\TrendAV01.domain.com\Trend_Antivirus\Tools\TrendClientMove_x86.bat"

TrendClientMove_x86.bat

@ECHO OFF
REM Modifies Trend Update Policy Server to use TRENDAV01.domain.com
\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831
Echo Update is now Complete!
Echo Click to Close 
Pause

TrendClientMove_x64.bat

@ECHO OFF
REM Modifies Trend Update Policy Server to use TRENDAV01.domain.com
\\TrendAV01.domain.com\ofcscan\Admin\Utility\IpXfer\ipxfer.exe -s TrendAV01.domain.com -m 1 -p 8080 -c 49831
Echo Update is now Complete!
Echo Click to Close 
Pause

Reseting OfficeScan Password:

Reference: Reset Officescan Password

Trend Uninstall Tools:

VMWare | “Unable to locate the required Sysprep files”

Leave a Reply

Yes the year is 2016! and Yes we are still converting Server 2003 onto VMware! (I know Server 2003 is dead and 13 years behind the times, but there are still some instances in our organisation that still require it for old bespoke software that can’t be easily moved to Server 2013/2016)

When converting a physical “Server 2003” machine to a virtual machine using VMware Converter this error displays:

“Warning: Unable to locate the required Sysprep files. Upload them under ‘C:\ProgramData\VMware vCentre Converter Standalone\sysprep\svr2003’ on the Converter server machine. See ‘Help’ for more details”

VMware_Server2003_Conversion1

Continue reading

Change Windows 7 “Logon” Background

Leave a Reply

There’s two types of background images.

  1. Windows Desktop Backgrounds
  2. Windows Logon Backgrounds

This script will add the required flags and permissions to the registry and create the “dummy” jpg files which are used to display the “Logon” background. This is the screen which displays the user logon details (At “Logon”).

echo OFF
set bgfolder=%windir%\system32\oobe\Info\backgrounds\

REM Creates the backgrounds folder
md %bgfolder%

REM Creates the dummy background files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO echo 2> %bgfolder%%%f 1> NUL

REM Gives all authenticated users the right to write these files
FOR %%f IN (backgroundDefault.jpg background1280x960.jpg background1024x768.jpg background1600x1200.jpg background1440x900.jpg background1920x1200.jpg background1280x768.jpg background1360x768.jpg background1024x1280.jpg background960x1280.jpg background900x1440.jpg background768x1280.jpg background768x1360.jpg) DO icacls %bgfolder%%%f /grant *S-1-5-11:(R,W,M)

REM Forces the use of the custom background permanently
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v UseOEMBackground /t REG_DWORD /d 1 /f

All you then need to do is add the background image you want to this folder directory: %windir%\system32\oobe\Info\backgrounds\

iPhone Video Rename by Date/Time EXIF Values | Cheatsheet

Leave a Reply

I always like to copy the video’s off my iPhone onto my PC and then resync them back to the phone (selecting only the ones I want) unfortunately this process isn’t always straight forward when you also want to rename them using their EXIF date & time values. As you may already know EXIF date works great with JPGs but there doesn’t seem to be so much of a “standard” when it comes to EXIF data for videos. The resync back to iPhone sometimes causes the incorrect date/time stamp in the Camera Roll. This really bothers me during iMovie creations because I like to reference (and know by the title) when the clip was created. Fortunately when the iPhone camera creates video files it also injects EXIF data (When using the native App). This is a great reference when you want to date/time rename the files but can be confusing when video files contain over 20 EXIF values all specifically related to date/time.

Continue reading

Windows Time Commands | Cheatsheet

Leave a Reply

Check time service is running (Local & Remote):

sc query w32time
sc \\HOSTNAME query w32time

Displays all local time information (Local & Remote):

w32tm /query /configuration
w32tm /query /configuration /computer:HOSTNAME

Display Windows Time service status (Local & Remote):

w32tm /query /status
w32tm /query /status /computer:HOSTNAME

Display Windows Time service source (Will return one line: local CMOS vs Server) (Local & Remote):

w32tm /query /source
w32tm /query /source /computer:HOSTNAME

Display a list of peers and their status:

w32tm /query /peers

Displays current time (local source)

Time /T

Resync local computer time against time server: (run on all servers, except time server)

w32tm /resync /rediscover

Force local computer time to update against domain server (Local & Remote):

w32tm /config /syncfromflags:domhier /update
w32tm /resync /rediscover w32tm /resync
w32tm /config /syncfromflags:domhier /update /computer:HOSTNAME
w32tm /resync /rediscover w32tm /resync

Start time server via CLI (Local & Remote)

net start w32time
SC \\HOSTNAME net start w32time

Restore Windows Time Service (if it has been broken)

net stop W32Time
w32tm /unregister
w32tm /register
net start W32Time
sc query W32Time

Set Time Update NTP source

@echo off
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist: 0.uk.pool.ntp.org
w32tm /config /reliable:yes
net start w32time
w32tm /query /peers
PAUSE

Event Viewer Error Message:

Event Type: Error 

Event Source: W32Time 

Event Category: None 
Event ID: 12

Description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

To resolve the eventID 12:

  • w32tm /register

Reference: 

Adding NextGen Image Tag | WordPress

Leave a Reply

I get really frustrated that the Nextgen plugin for WordPress does not have a simple icon which allows a quick way to insert a “single” image from the gallery. The options in the “Add New Post” screen only seem to allow a whole gallery to be selected…

This is how to add one image to a post manually (provided you know the image ID)

There are some other shortcode options available here Nextgen Shortcode.

singlepic id=XXX float=

JumboFrames Test / Command Line

Leave a Reply

I usually configure JumboFrames on iSCSI devices. The quickest way to do this is with a direct Ethernet cable from iSCSI to Server (Configuring seperate LAN IPS for both devices)
To test that JumboFrames is enabled on the network cards I use the PING method and modify the frame size. Default packet sizes are 1500bytes (MTU).

192.168.1.45 (Is configured for Jumbo Frames) – Althought the Jumboframe MTU is 9000bytes there are some overheads in the packets therefore you need to use an MTU of 8972bytes

172.16.232.35 (Is NOT configured for Jumbo Frames) – You can see below the packets fail with “Packet needs to be fragmented but DF set

JumboFrames

DNS | Modify DNS entry CMD

Leave a Reply

Add/Remove a DNS record without the GUI

Add

dnscmd [ServerName] /recordadd [ZoneName] [NodeName] RRType> <RRData]
dnscmd UK-WDC01 /RecordAdd edwardsd.local UK-ESX01 A 192.168.1.5

Delete

dnscmd <ServerName> /recorddelete <ZoneName> <NodeName> <RRType> <RRData>[/f]
dnscmd UK-WDC01 /recorddelete edwardsd.local UK-ESX01 A 192.168.1.5

Reference: DNSCMD Examples

Windows Commands | Powershell

Leave a Reply

A few random PowerShell commands in Windows to help complete tasks:

Create New AD User:

New-ADUser -SamAccountName U1 -Name "User 1" -AccountPassword (ConvertToSecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path 'OU=Test,DC=FABRIKAM,DC=COM'

Displays if “Desktop Experience” is installed:

Get-WindowsFeature *Desktop*

Installs “Desktop Experience” Feature:

Add-WindowsFeature Desktop-Experience

Remove Windows Patches

wusa /uninstall /kb:2952664

Clear all log entries
Although previous logs in event viewer can be helpful for diagnostics, I find old errors sometime cloud the current issues. In order to quickly clear all evertvwr logs entries you can use the following powershell command

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Bypass code Execution

Usually if you get this error “PowerShell says “execution of scripts is disabled on this system.” the quick option is to bypass the execution policy:

Set-ExecutionPolicy Unrestricted

Benchmarks | SD Cards

Leave a Reply

Are the Sandisk Extreme Pro 95MB/s SD Cards really worth the extra ££ ?

I benchmarked the following cards using CrystalDiskMark. The results show that the 95MB/s didn’t perform as well as expected. This might not be the most scientific of tests but were completed under the same conditions, same machine using a built in SD Card reader connected directly to the motherboard headers.

Sequential Read Sequential Write
10MB/s 19.260 5.084
30MB/s 18.91 17.69
45MB/s 31.33 26.23
95MB/s 31.20 27.21

Continue reading

HP Proliant Microserver (Gen8) | Windows Server 2012 R2 Storage Drivers

Leave a Reply

My configuration of the HP Microserver G1810T uses all 4 x HDD disk bays (2 x RAID1) with 1 x HDD (2.5″) attached to the secondary SATA connector on the motherboard.
This 5th disk for the OS was configured under the controller options to use RAID0.

When installing Windows Server 2012 R2 for the first time you will need to specify the B120i controller drivers for Windows to be able to see the disk.
The driver can be downloaded from the HP Microserver webpage and is listed under the “Driver – Storage” section.

The ILO made it easy for me to install Windows remotely from my desktop and attaching virtual media (ISO) and folders. Continue reading