≡ Menu

Today I bought a wireless router from CTC, hyderabad, india. To purchase that I enquired the cost in multiple shops and prices are differing as usual from shop to shop. In one shop, he quoted very less amount compared to other shops in the market. While others are quoting INR 2600, this guy quoted 2000 only. Since the cost is less, I prepared to buy that and tried opening the box. The shop keeper immediately stopped and warned me that I cannot open it till I pay the money. I was shocked. This box doesn’t have any seal on it and I am sure the shop keeper would have opened N number of times before. But I don’t know why he is trying to impose such a restriction on customer. I told him that I will buy it and he is responsible if any item found missing in the box and he agreed for that. I opened the box but has suspicious feeling stuck somewhere in mind that this guy is trying to cheat me in some aspect. I purchased the wireless router and left the shop with these thoughts.

I reached home very late night and started my new wireless router setup. I read the installation manual property and there it is mentioned that by default router will not consist any username and the password is “admin”. I opened browser and connected to http://192.168.1.1 and enter the password “admin” with blank user name as instructed in manual. But it is not working. I tried multiple times but ended with same results. I tried few other default password combinations that I know but no help. Finally I decided to reset the router to factory default settings.

The reset to factory settings involves holding the reset button for 30-60 seconds and restarting the router. I did it and tried to enter in with default credentials, but still not working. I tried multiple times with different pen tips, needles, etc to hold the reset button but in vain. Now I realized why that the shop keeper offered it for less price. I suspect someone returned it back because of some problem. That could be the reason I failed to enter in with default credentials as previous purchaser might had set the password of his choice.

So, now I am in a situation where either I don’t know the current credentials to login to the router or not in a position to reset to the default settings.

In this situation, my only available option is to return the device to vendor and demand for explanation and replacement. Before to that, I want to use my sysadmin skills to see if I can fix this issue myself — so started researching in internet.

After reading some posts and forum threads, I realized that reset button by default has problems in Cisco LINKSYS WRT120N model wireless routers and only option is to upgrade the firmware to latest version which fixes the reset button functionality. I downloaded the latest firmware from internet and installed on the device and I am able to take the device to factory default settings now J

Now I have mixed feelings. One way I am happy that I fixed the problem myself and other way I am sad that I was cheated by the shop keeper. Anyways, I love to troubleshoot, understand and fix the problems — I am thankful to the bloody shop keeper for giving such wonderful chanceJ.

 In my next posts, I will write about “how to make reset button working in ‘Cisco LINKSYS WRT120N’ wireless router” and “How to reset ‘Cisco LINKSYS WRT120N’ router password to factory settings”

This ends by rambling. Happy learning….

{ 2 comments }

It’s been more than 2 years since I am blogging. I am not a regular blogger, sometimes I gave a gap of months also. I just happened to see how my blog is performing in internet and noticed that today it got highest no. of visits. I just thought of sharing it with my blog readers. The average visits for my blog is between 250-300 per day. Today’s visits are 450+.

I am happy that, my blog posts are helping people everyday. And this is inspiring me to write more and more posts. Happy blogging.

{ 2 comments }

 

Some times it is necessary to check the process owner before taking any action against that process. For example, in a terminal server scenario, if you want to terminate winword process of a particular user, it is important that you should determine the process user first before killing it. If you blindly kill the process remotely, it will end the process of all the users who are running MS word application.

So, here is the piece of code which helps you to determine who the owner of a given process on local or remote system.

(GWMI -class win32_Process -computer myremotepc1 -Filter “name=’winword.exe’”).GetOwner()

If you take a close look at the output, it has the information we need. That is username and domain to which user belongs.

To get the process owner name, use the below command.

(GWMI -class win32_Process -computer myremotepc1 -Filter “name=’winword.exe’”).GetOwner().user

To get process owner domain name, use this command

(GWMI -class win32_Process -computer myremotepc1 -Filter “name=’winword.exe’”).GetOwner().domain

To club everything together, here is the complete code

$processdetails = (GWMI -class win32_Process -computer myremotepc1 -Filter “name=’winword.exe’”).GetOwner()

write-host “User Name : $(Processdetails.user)`$(processdetails.domain)”

Hope this helps…

{ 3 comments }

I live in Hyderabad, south part of INDIA. I received below message from one of my friend today in SMS form to my mobile. While the explosion new may be correct, the side effects and spread of effects through rain seems to be a nonsense for me. I am guessing it is hoax. News of this kind of hoax makes people panic. I am not sure who is trying to spread this message and make people pass it to everyone. If this news is true, Govt would have notified its citizens to take precautionary measures. I haven’t heard any such thing from Govt or news channels yet.

I am searching over internet to find the validity of news.

A nuclear power plant in Fukumi, Japan exploded at 4:30AM today. If it rains tomorrow, don’t go outside. If you are outside, make sure you get protection from rain, It’s acid rain. Don’t let it touch you. You may lose your hair or may get cancer.

Pass this message to all whom you care.

Do you have any related news about this? Do you think it is really a hoax? write in comments section

{ 4 comments }

It is very common requirement that most system administrators will get. They will be requested for allowing some domain user to restart specific service on specific server. In this case most Administrators, either adds the domain user to power users groups or local administrators group. While this works, it is not a efficient solution as it allow the domain user to perform more actions in the computer than what he wants. Sometimes, it might result in server down if he does something unknowingly.

One solution in such  situations is, granting the permissions exclusively at service level. This allows the user to just start or stop the service but nothing else.

C:>setacl.exe -on spooler -ot srv -actn ace -ace “n:domainuser1;p:start_stop”
Processing ACL of: <spooler>

SetACL finished successfully.

C:>

In above example, I am trying to give start_stop permissions to spooler (print spooler) service on computer where I am running this command. 

To list the permissions of a given service, try the below command 

C:>setacl.exe -on spooler -ot srv -actn list

 

Above steps are for doing for single computer. If you want to do it on multiple computer, then  using the Group Policies is the best option. Group policies has built-in option to define service level permissions. Let me know if you need any help in doing that.

To know more option of SETACL.exe, look at the below help.

SetACL by Helge Klein

Homepage:        http://setacl.sourceforge.net

Version:         2.0.1.0

Copyright:       Helge Klein

License:         GPL

-O-P-T-I-O-N-S——————————————————–

-on    ObjectName

-ot    ObjectType

-actn  Action

-ace   “n:Trustee;p:Permission;s:IsSID;i:Inheritance;m:Mode;w:Where”

-trst  “n1:Trustee;n2:Trustee;s1:IsSID;s2:IsSID;ta:TrusteeAction;w:Where”

-dom   “n1:Domain;n2:Domain;da:DomainAction;w:Where”

-ownr  “n:Trustee;s:IsSID”

-grp   “n:Trustee;s:IsSID”

-rec   Recursion

-op    “dacl:Protection;sacl:Protection”

-rst   Where

-lst   “f:Format;w:What;i:ListInherited;s:DisplaySID”

-bckp  Filename

-log   Filename

-fltr  Keyword

-clr   Where

-silent

-P-A-R-A-M-E-T-E-R-S————————————————-

ObjectName:      Name of the object to process (e.g. ‘c:mydir’)

ObjectType:      Type of object:

                 file:       Directory/file

                 reg:        Registry key

                 srv:        Service

                 prn:        Printer

                 shr:        Network share

Action:          Action(s) to perform:

                 ace:        Process ACEs specified by parameter(s) ‘-ace’

                 trustee:    Process trustee(s) specified by parameter(s)

                             ‘-trst’.

                 domain:     Process domain(s) specified by parameter(s)

                             ‘-dom’.

                 list:       List permissions. A backup file can be

                             specified by parameter ‘-bckp’. Controlled by

                             parameter ‘-lst’.

                 restore:    Restore entire security descriptors backed up

                             using the list function. A file containing the

                             backup has to be specified using the parameter

                             ‘-bckp’. The listing has to be in SDDL format.

                 setowner:   Set the owner to trustee specified by parameter

                             ‘-ownr’.

                 setgroup:   Set the primary group to trustee specified by

                             parameter ‘-grp’.

                 clear:      Clear the ACL of any non-inherited ACEs. The

                             parameter ‘-clr’ controls whether to do this for

                             the DACL, the SACL, or both.

                 setprot:    Set the flag ‘allow inheritable permissions from

                             the parent object to propagate to this object’ to

                             the value specified by parameter ‘-op’.

                 rstchldrn:  Reset permissions on all sub-objects and enable

                             propagation of inherited permissions. The

                             parameter ‘-rst’ controls whether to do this for

                             the DACL, the SACL, or both.

TrusteeAction:   Action to perform on trustee specified:

                 remtrst:    Remove all ACEs belonging to trustee specified.

                 repltrst:   Replace trustee ‘n1’ by ‘n2’ in all ACEs.

                 cpytrst:    Copy the permissions for trustee ‘n1’ to ‘n2’.

DomainAction:    Action to perform on domain specified:

                 remdom:     Remove all ACEs belonging to trustees of domain

                             specified.

                 repldom:    Replace trustees from domain ‘n1’ by trustees with

                             same name from domain ‘n2’ in all ACEs.

                 cpydom:     Copy permissions from trustees from domain ‘n1’ to

                             trustees with same name from domain ‘n2’ in all

                             ACEs.

Trustee:         Name or SID of trustee (user or group). Format:

                 a) [(computer | domain)]name

                 Where:

                 computer:   DNS or NetBIOS name of a computer -> ‘name’ must

                             be a local account on that computer.

                 domain:     DNS or NetBIOS name of a domain -> ‘name’ must

                             be a domain user or group.

                 name:       user or group name

                 If no computer or domain name is given, SetACL tries to find

                 a SID for ‘name’ in the following order:

                 1. built-in accounts and well-known SIDs

                 2. local accounts

                 3. primary domain

                 4. trusted domains

                 b) SID string

Domain:          Name of a domain (NetBIOS or DNS name).

Permission:      Permission to set. Validity of permissions depends on the

                 object type (see below). Comma separated list.

                 Example:    ‘read,write_ea,write_dacl’

IsSID:           Is the trustee name a SID?

                 y:          Yes

                 n:          No

DisplaySID:      Display trustee names as SIDs?

                 y:          Yes

                 n:          No

                 b:          Both (names and SIDs)

Inheritance:     Inheritance flags for the ACE. This may be a comma separated

                 list containing the following:

                 so:         sub-objects

                 sc:         sub-containers

                 np:         no propagation

                 io:         inherit only

                 Example:    ‘io,so’

Mode:            Access mode of this ACE:

                 a) DACL:

                 set:        Replace all permissions for given trustee by

                             those specified.

                 grant:      Add permissions specified to existing permissions

                             for given trustee.

                 deny:       Deny permissions specified.

                 revoke:     Remove permissions specified from existing

                             permissions for given trustee.

                 b) SACL:

                 aud_succ:   Add an audit success ACE.

                 aud_fail:   Add an audit failure ACE.

                 revoke:     Remove permissions specified from existing

                             permissions for given trustee.

Where:           Apply settings to DACL, SACL, or both (comma separated list):

                 dacl

                 sacl

                 dacl,sacl

Recursion:       Recursion settings, depends on object type:

                 a) file:

                 no:         No recursion.

                 cont:       Recurse, and process directories only.

                 obj:        Recurse, and process files only.

                 cont_obj:   Recurse, and process directories and files.

                 b) reg:

                 no:         Do not recurse.

                 yes:        Do Recurse.

Protection:      Controls the flag ‘allow inheritable permissions from the

                 parent object to propagate to this object’:

                 nc:         Do not change the current setting.

                 np:         Object is not protected, i.e. inherits from

                             parent.

                 p_c:        Object is protected, ACEs from parent are

                             copied.

                 p_nc:       Object is protected, ACEs from parent are not

                             copied.

Format:          Which list format to use:

                 sddl:       Standardized SDDL format. Only listings in this

                             format can be restored.

                 csv:        SetACL’s csv format.

                 tab:        SetACL’s tabular format.

What:            Which components of security descriptors to include in the

                 listing. (comma separated list):

                 d:          DACL

                 s:          SACL

                 o:          Owner

                 g:          Primary group

                 Example:    ‘d,s’

ListInherited:   List inherited permissions?

                 y:          Yes

                 n:          No

Filename:        Name of a (unicode) file used for list/backup/restore

                 operations or logging.

Keyword:         Keyword to filter object names by. Names containing this

                 keyword are not processed.

-R-E-M-A-R-K-S——————————————————–

Required parameters (all others are optional):

                 -on         (Object name)

                 -ot         (Object type)

Parameters that may be specified more than once:

                 -actn       (Action)

                 -ace        (Access control entry)

                 -trst       (Trustee)

                 -dom        (Domain)

                 -fltr       (Filter keyword)

Only actions specified by parameter(s) ‘-actn’ are actually performed,

regardless of the other options set.

Order in which multiple actions are processed:

                 1.          restore

                 2.          clear

                 3.          trustee

                 4.          domain

                 5.          ace, setowner, setgroup, setprot

                 6.          rstchldrn

                 7.          list

-V-A-L-I-D–P-E-R-M-I-S-S-I-O-N-S————————————-

a) Standard permission sets (combinations of specific permissions)

Files / Directories:

              read:          Read

              write:         Write

              list_folder:   List folder

              read_ex:       Read, execute

              change:        Change

              profile:       = change + write_dacl

              full:          Full access

Printers:

              print:         Print

              man_printer:   Manage printer

              man_docs:      Manage documents

              full:          Full access

Registry:

              read:          Read

              full:          Full access

Service:

              read:          Read

              start_stop:    Start / Stop

              full:          Full access

Share:

              read:          Read

              change:        Change

              full:          Full access

b) Specific permissions

Files / Directories:

              traverse:      Traverse folder / execute file

              list_dir:      List folder / read data

              read_attr:     Read attributes

              read_ea:       Read extended attributes

              add_file:      Create files / write data

              add_subdir:    Create folders / append data

              write_attr:    Write attributes

              write_ea:      Write extended attributes

              del_child:     Delete subfolders and files

              delete:        Delete

              read_dacl:     Read permissions

              write_dacl:    Write permissions

              write_owner:   Take ownership

Registry:

              query_val:     Query value

              set_val:       Set value

              create_subkey: Create subkeys

              enum_subkeys:  Enumerate subkeys

              notify:        Notify

              create_link:   Create link

              delete:        Delete

              write_dacl:    Write permissions

              write_owner:   Take ownership

              read_access:   Read control

{ 6 comments }

By this time I am sure you find Custom filters in Windows 7/2008 R2 event viewer very useful. They just displays the results what you need. If you want to get similar functionality with powershell, you can use Get-WinEvent Powershell cmdlet.

I am using it to very good extent to find out the application crashes of given exe in remote computers. Here is a small example where I am querying iexplore.exe crash events in remote computers and I am interested only in recent 5 incidents.

Get-WinEvent -ComputerName PC1 -FilterHashtable @{logname=”Application”;providername=”application error”; data=”iexplore.exe”;} | select -first 5

This runs pretty quickly and displays the results very fast compared to other cmdlets like Get-EventLog or GWMI WIn32_NTLogEvent. You can measure the performance with measure-command cmdlet if you want.

Hope this little tip helps you. Feel free to write in comments section if you have any doubts/questions

{ 1 comment }

 

Like Exchange 2003, there is no GUI available in Exchange 2007/2010 to make changes to Exchange Message tracking log settings. These settings involve, how many days of logs you want to store, what is the max size of each log, what is the total space you want to allocate to the tracking logs, and location of the logs on disk.

To query exchange tracking log settings, use the below command

[PS] C:Userslocaluser>Get-TransportServer -Identity HTSSERVER1 | fl *messagetracking*

MessageTrackingLogEnabled               : True
MessageTrackingLogMaxAge                : 15.00:00:00
MessageTrackingLogMaxDirectorySize      : 100MB
MessageTrackingLogMaxFileSize           : 10MB
MessageTrackingLogPath                  : C:Program FilesMicrosoftExchange ServerTransportRolesLogsMessageTracking
MessageTrackingLogSubjectLoggingEnabled : True

The above command returns total six parameters and each has its own significance. Their names are self explanatory as well.

If you want to turn off the messaging tracking, just use the below command.

Set-TransportServer HTSSERVER1 –MessageTrackingLogEnabled $false

Change the value to $true if you want to turn on the logging.

I am giving some more examples below to change other parameters.

To change the LogMaxage(no. of days logs you want to store) to 20 days,

Set-TransportServer -id HTSSERVER1 –MessageTrackingLogMaxAge 20.00:00:00

This parameter value is in DD.HH.MM.SS format.

To change the tracking logs location

Set-TransportServer -id HTSSERVER1 –MessageTrackingLogPath “E:MessageTrackingLogs”

To change total space allowcated for logs:

Set-TransportServer -id HTSSERVER1 –MessageTrackingLogMaxDirectorySize 1GB

To enable subject logging in message tracking:

Set-TransportServer -id HTSSERVER1 –MessageTrackingLogSubjectLoggingEnabled $true

Hope this information helps you.

{ 0 comments }

Microsoft has released a tool which helps you in blocking the installation of Windows 7/Windows 2008 R2 Service Pack 1 through windows Updates. You can download it from here.

This download contains three files.

1. SPBlockingTool.exe — A microsoft executable

2. SPReg.bat  —  A batch script

3. NoSPUpdate.ADM — A ADM file to use with GPOs

The installation of service pack 1 through Windows Update can be stopped with one of the above above given tools. If you plan to use the executable, you need to pass /B switch to it to block the installation and /U switch to unblock the installation. Similar functionality can be achieved with BAT script also. It helps you to run against remote system as well. Third approach is using the ADM file in your Group Policies. This GPO procedure is very straight forward and like using any other ADM file.

Irrespective of approach you use, it creates a key value name “DoNotAllowSP” and sets it to “1” under HKLMSoftwarePoliciesMicrosoftWindowsWindowsUpdate registry key to block the installation. It deletes this newly created key when you instruct it to unblock the installation restriction.

Hope this helps you.

{ 0 comments }

The below command helps you to open multiple websites in single go, each one in separate tabs, in firefox. I found this tip useful, so sharing with my blog readers.

Go to Start -> Run-> and type firefox.exe “cricinfo.com” “gmail.com” “techibee.com” ” microsoft.com” and click on OK.

{ 1 comment }

With powershell, it is very easy to unlock a active directory user account. It is as easy as executing below command.

Unlock-qaduser myuser1

Only thing is, you need to have Quest Powershell cmdlets for active directory installed in your computer.

Similarly you can perform some more quick actions with Quest active directory cmdlets

Query all disabled accounts:

Get-QADuser -disabled

Query all locked accounts:

Get-QADUser -locked

Hope this helps…

{ 0 comments }