Windows Networking Solutions User Group

WiNSUG, Where IT Meets...After Hours!

 

 Serving North County and the greater San Diego County in Southern California USA

 

 

If you have attended one of our meetings in the past, please join our Yahoo Group to stay in touch with the latest area and group happenings: http://groups.yahoo.com/group/winsug/

Home
Meetings
Presentations
Steering Committee
User Groups
Tools & Tips
PDASD
Links
About WiNSUG            

Click here to join WiNSUGClick to join

WiNSUG

      

Culminis Alliance

Pathways Member

 

 

 

 

 

 

 

 

 

 

.

 

Here are links to tools posted by members that may be helpful.

Tools

DescriptionLinkContributor
Forget the Admin Password?http://www.petri.co.il/forgot_administrator_password.htm Karen Christian, North County Technology Group
Retrieve the product key from the registryhttp://www.magicaljellybean.com/keyfinder.shtml 
Various tools for DNS checkinghttp://www.dnsstuff.com/Karen Christian, North County Technology Group
Password recovery/rewrite tool

http://home.eunet.no/~pnordahl/ntpasswd/

Sterling Chamberlain
Password breaking software for many different files and applicationshttp://www.elcomsoft.com/

John Rubino

Versatile network boot diskhttp://www.nu2.nu/bootdisk/network/Roger Otterson, Qualitec
TSDropCopy to copy/paste through a Terminal Services administrator mode sessionwww.analogx.comDick Davis, Jik-Pak Manufacturing
Microsoft Baseline Security Analyzer V1.2http://www.microsoft.com/mbsa 
Shavlik, HFNetChk.exe v.3.86http://hfnetchk.shavlik.com/  
Security Patch Scripts for Microsoft Windows NT4/2K/2K3/XP http://winpatch.homeip.net/  
Windows Ports and ServicesAn Excel spreadsheet with all the ports and services listed for Microsoft Windows Server Systems.  Download the zip file here: Get this zipKaren Christian, North County Technology Group
Identify unknown open ports and their associated applications with 'fport'http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htm Tony Su, Su Networking Consulting
Powerful TCP port scanner, pinger, resolverhttp://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm Susan Bradley, CPA [MVP]

Tips

 

The following was submitted by Ofer Shimrat regarding issues with Windows XP Professional clients on an SBS network:

 

Here are a number of steps to remedy the SID (that is really what is going on here) situation with Windows XP SP1 and Windows 2000 servers as well as the DNS situation - Remember, my situation was a SBS re-install from a previously botched installation that someone else had done - so I HAD to do all these things - your mileage may vary - I did all these in the order below and logins went from about 15 to 45 seconds (with TRUST conflicts and errors on the SERVER Event Viewer Application Log) down to 1 second (with NO errors) - this stuff is VERY fresh in my mind since I did it TWELVE times (one for each workstation) just last weekend:

  • Turn OFF all the client machines.

  • On the SBS server go to Start | Programs | Administrative Tools | DNS and expand the tree control - right click on the machine server name (NOT the domain name) and click on Properties - on the INTERFACES tab make sure that the radio button called "Only the following IP address" is checked and that the INTERNAL LAN NIC address is the ONLY entry in the list (example: 192.168.1.1) - then go to the FORWARDERS tab and make sure that the "Enable Forwarders" is checked and the two OUTSIDE Primary and Secondary DNS entries provided by your ISP are dialed in order

  • In that same DNS window tree now go to the first instance of the DOMAIN name under FORWARD LOOKUP ZONES and right click on it and select Properties - under the WINS tab select "Use WINS Forward Lookup" and ADD the INTERNAL LAN NIC address (same example: 192.168.1.1) - click OK and you will notice that a NEW entry has been made to the list on the right pane with the title WINS Lookup - same as parent folder etc

  • In the same DNS Window tree now go to the entry just underneath the REVERSE LOOKUP ZONES and you should see an entry like 192.168.1.x Subnet - right click on it and go to Properties and go to the WINS-R tab - check the box for "Use WINS-R lookup" and then enter the FULL name of the DOMAIN without the www (example: microsoft.com) - click Apply and OK and then you will see that an entry has been added to the right pane in the same vein as above called WINS Reverse Lookup - same as parent folder etc

  •  Patch Time - There are TWO parts to the Q329170 patch from Microsoft - the Windows 2000 Server patch  (applicable to the SBS box - about 1.16 MB) and the Windows XP Professional SP1 client patch (572 KB). Run the Windows 2000 side patch and then RE-BOOT the server. Since the CLIENT side of the patch is only 572 KB, make a diskette or burn a CD of it - you will need to install it on EACH client. (UPDATE on 2/28/04: Q329170 is included in W2K SP4 now.  A good reference documents regarding this are http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-070.asp and http://www.microsoft.com/security/security_bulletins/ms02-070.asp).

  • In the SBS Personal Console, go to Computers and create all the MAGIC DISKS for your workstations - the caveat is that for Windows XP clients, you will actually NOT install any client software (so DON'T select any), but you WILL create the diskette.

  • Go to the Windows XP Professional machine that is the client and turn it ON - make a NOTE of the name that is dialed in the dialog box on that machine (must be in Active Directory on the SBS box) and then log in as ADMINISTRATOR instead on the LOCAL machine - go to a COMMAND prompt and PING the internal NIC of the server - if you "see" the server then proceed - create a directory on the local C: drive (call it Backup if you want) and copy ALL of the contents of "My Documents" and "Desktop" of the user that is supposedly logged in on the workstation into that directory. Make SURE to go the Security tab of that directory under Properties and ascertain that EVERYONE is included with ALLOW - you can also choose to include the local workstation USERS in the security tab. After you backup, go to Start | My Computer and right click on Properties - go to the Computer Name tab and click on CHANGE and then click on MORE - be SURE to CLEAR the contents of the box that says "Primary DNS suffix of this computer" - then click OK and then RE-TYPE the STATION NAME and make sure that the correct DOMAIN is checked and dialed in the bottom of the dialog box - click OK - at that point the computer is going to ask you to RE-BOOT - do so at this time.

  • After the re-boot, log in as Administrator on the local machine again - do NOT log on the network - go to the NIC properties and under the Advanced tab of the configure button make sure and dial in FULL DUPLEX and 100 BASE T (this of course assumes that your card in fact IS a 10/100 card, that your server card is in fact a 10/100 card and that your switch is a 10/100 switch). Then go to the TCP/IP settings and choose Properties - make SURE and dial in the INTERNAL LAN NIC of the SERVER in the WINS tab and the DNS tab (example: 192.168.1.1) and have Enable

  • Now take that CD or diskette of the CLIENT patch Q329170 and INSTALL it - notice that it will create a RESTORE point - when done, RE-BOOT the machine again. NetBIOS over TCP/IP checked.

  • After this re-boot, run A:\SETUP from the diskette made for that workstation from SBS - notice that you can choose all the users that MAY log on to that workstation - what SBS does is that it creates Administrative profiles to each of those users on the LOCAL machine - the magic disk will then NOT install any programs, but it WILL establish (and here is the key) a TRUSTED relationship with the SBS domain - when it is done, re-boot

  • After this re-boot, log in to the network as the actual SBS user name and password set up in Active Directory - the login should be CONSIDERABLY faster and everything should be FINE - set your network printers, map out your drives etc... by the way, for MAPPED DRIVES I use the SBS_LOGIN_SCRIPT on the SERVER side - depending on the user levels and their needs, I create specific group scripts and use the command such as NET USE R: \\servername\resource - then in the PROFILE tab of the User in Active Directory I dial in that specific batch file in the LOGON SCRIPT text box - it is MUCH easier to manage - of course, if you do not want to do this you can always map PERSISTENT drives from the CLIENT side by checking that check box

  • Finally, RESTORE all the files in the BACKUP directory to the CURRENT user - you will notice that a NEW set of folders has been created for you in the local machine - because of that, you will also have to RE-DIAL in all of your local OUTLOOK settings in terms of mapping them to the SBS Exchange Server and in all cases if you have Microsoft Office installed you will have to start at least one application (say WORD) to re-initialize Office's settings for the "new" user.

                Contribution by Ofer Shimrat, Sound Off Computing

• Home • Meetings • Presentations • Steering Committee • User Groups • Tools & Tips • PDASD • Links • About WiNSUG •

Webmaster: karen.christian@gmail.com Meeting Site Hosting courtesy of Coleman College

Website Hosting courtesy of Action ASP

Copyright 2004-2008© winsug.org.  All rights reserved.