Archive for August, 2010

Completely disabling the autorun feature in Windows XP/2003

Windows Server 2003, Windows XP | Posted by p_lider August 27th, 2010

Nowadays many viruses and malware spread using portable media like pendrives, players or DVDs. This is possible thanks to the autorun feature which is in every Windows operating system (95 or newer). You can find a lot of guides in the internet telling how to disable the autorun in Windows. However I noticed, that in most cases the guides are not accurate – they do disable the autorun yet they don’t prevent the autorun.inf file from being analyzed by the system. Thanks to that, the system will not execute commands from autorun.inf file by itself but if you double click the removable disk icon, the system will execute the default command from autorun.inf file and thus install the malware.

Fortunately, I found a way to prevent the system from reading the autorun.inf file at all resulting in completely disabled autorun feature. It is done by creating a new key in the registry. The key that must be created is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf
with its default value set to:SYS:DoesNotExist

After creating mentioned key and restarting the shell by killing explorer.exe process, logging out or rebooting, the autorun feature in the whole system will be completely disabled allowing everyone to plug any portable devices without worrying about malware anymore.

No Comments »

Improve page rendering in IE8

Internet Explorer | Posted by p_lider August 23rd, 2010

While searching the Internet for an solution for one problem I had, I accidentally found something, that can be useful for everyone who use IE8 as his primary browser. Manual registering one dll library can improve the IE8 rendering performance. The reason for that is unknown, because the dll library had been registered during installation of the browser (without it the IE8 cannot run). The magic command to execute is:

regsvr32 %windir%\system32\actxprxy.dll

After executing it log off and then log on again – the IE8 performance from now will be visibly higher.

No Comments »

Sharing folders in XP by anyone

Windows Server 2003, Windows XP | Posted by p_lider August 23rd, 2010

By default, only members of “Power Users” or “Administrators” groups can share folders or printers. Sometimes this is not enough – sometimes we want to allow specific users to have a possibility to share some folders but nothing more. Unfortunately there is no graphical tool in Windows XP or in any other version of Windows, which can give us a possibility to do that.

However, there is a great tool called “TweakUI” (created by Microsoft), which can change specific Access Lists in the registry, so we can give anyone we want the right to share folders or printers. To make this happen you must do the following steps:

  1. Download and install TweakUI (you can get it from here: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx)
  2. Launch it and go to “Access Control” tab.
  3. Now give the same rights for the users or groups you want to be able to share folders, like they are set for “Power  Users” in the following categories:
    • Manage file/print server connections
    • Manage file shares
    • Manage print shares
  4. Apply the changes and reboot the system.

From now, the specified in step 3 users or groups will have the right to share folders. It is wise, to create a group called for example “Share Creators”, give it the mentioned earlier rights and put all the users we want to share folders into that group.

No Comments »

Horror of MS Exchange 2010 installation

MS Exchange | Posted by p_lider August 23rd, 2010

Before you install MS Exchange 2007 or 2010 make sure, that IPV6 protocol is either fully enabled in all interfaces or fully disabled. Failed to do so will render your server to be almost inaccessible just after MS Exchange installation (the network provider services will not start or at least will start after very, very long delay). This is probably caused due to a bug (or mistake in design) in  MS Exchange networking services.

To make the bad thing worse, the MS Exchange 2010 installer do not install all the required Windows Server 2008 roles and features making the installation of MS Exchange even more complicated. Follow the following article to install all the necessary roles for your server to work properly: http://technet.microsoft.com/en-us/library/bb691354.aspx

Moreover, if you see “Topology” errors in Event Log after the Exchange server installation you have to add “Audit security log” right for user “Enterprise Exchange Servers” in a domain-wide Group Policy Object.

Anyone can tell me why Microsoft is doing this? Can’t the installer do everything which is needed for the product to work? Akhh…

No Comments »

Barracuda spam firewall and internal, known domains

Hardware | Posted by p_lider August 23rd, 2010

While configuring the Barracuda SPAM Firewalls it can be logical to add your email server’s domain to the trusted senders’ domains and to the trusted relay domains – nothing more confusing! Doing so will make a lot of spam coming through your firewall because many times spammers modify email headers in such a way, so they pretend to be from your server’s domain. Moreover, doing so will render your spam firewall to be an open relay for a part of spam with such modified headers.

So let this be a lesson for everyone – do not trust anyone, even your own domain, when it comes to defense against spam.

I think, that someone from Barracuda Network shall think too about improving the defense mechanism – why the firewall does let emails from trusted domains get relayed even if they were sent from an external, not known IP addresses?

No Comments »

“HP Compaq dc7600 CM” computers and Windows XP installation

Hardware, Windows XP | Posted by p_lider August 23rd, 2010

While installing the Windows XP operating system on some of the “HP Compaq dc7600 CM” computers I came to a strange problem – the Windows XP CD did not boot. The solution to this strange behavior was to disable the “Hard Disk Emulation” in BIOS for the first (text) phase of the Windows XP installation. After the text phase, the “Hard Disk Emulation” must have been re enabled because without it the system couldn’t boot from the hard drive.

This was strange and I don’t know what can be causing it. However, the mentioned trick does the job :)

2 Comments »

Changing IIS web server certificates without any downtime

IIS | Posted by p_lider August 23rd, 2010

Once, during my work, I have been asked to replace unsigned certificates with the signed ones for our Exchange email servers, so people using OWA will no longer see a “Certificate error” message. I made a little search and found cheap certificates on the web. So I started to look for a way to do a certificate request and replace current certificates with the new, signed ones. Unfortunately, I did not find any official way from Microsoft to do this in IIS 6.0 server causing no downtime to the web servers. The problem was as follows:

If I choose (in IIS Manager) to create a new Certificate request for the web site hosting MS Exchange OWA application then the website will be inaccessible (because the IIS in its glory will discard the previously used certificate and wait until the current request will be properly completed with the response from CA) till the day I will obtain the response from the CA. Such long downtime was of course not acceptable. Fortunately, I found a way to work around this limitation:

  1. I created a new, blank web site using IIS manager.
  2. Then I created the new certificate request for this blank website (however, which was VERY IMPORTANT, while creating this request I filled the CN attribute with the address of the web site hosting OWA application, NOT the address of the blank web site).
  3. I sent the request to CA and wait for their response.
  4. Once I got the response I completed the certificate request on the blank page which made the certificate to be fully installed in the certificate store for the IIS.
  5. At the end I just went back to the right web site (the one which was hosting OWA) and replaced the current certificate with the one, which was installed for the blank web site.

 That did the trick and the web site did not suffer any downtime. Of course, this trick will work for any web site in IIS, not only the ones hosting OWA application.

1 Comment »

Let the long journey begins

Info | Posted by p_lider August 22nd, 2010

Hi, I will tell you a quick story:

A couple of months ago I had a weird problem to cope with – users of one of our Exchange servers couldn’t change their passwords using OWA. All the time they were getting a strange error message saying something about object not being found. After some hours spent digging in internet I finally found a solution – I had to manually register one dll library on that Exchange server.

As you can see – at the time of this writing I couldn’t tell you the exact error message and the path to the dll library – I simply forgot them. This is a main reason why I started this  blog – to store such detailed information about problems and solutions to them. 

Of course, you will find a detailed description of mentioned problem in one of my future posts :)

No Comments »