CryptedNets.org

Tag: Windows

CA Root services cannot start after CA Root certificate expires

by on Dec.04, 2014, under Computer Stuff, Windows Info

Since by design, you cannot recover from a CA root certificate expiring, sometimes you need to limp along, and continue to issue certs even though you cannot necessarily revoke them, because the CRL published in Active Directory is now incorrect, or offline.
While we can argue all day about the benefits/detractors of this, here it is:
To bring the CA Root back online after the Root certificate expires, issue these commands in an elevated powershell:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Now, go back to the drawing board, and PLAN your PKI implementation, and DON’T LET YOUR CA ROOT CERTIFICATE EXPIRE!!!

Incidentally, once you’ve fixed your certificate snafu, to stop ignoring offline CRLs, do this in an elevated command prompt:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Leave a Comment :, , , more...

CamStudio FTW!!

by on May.17, 2013, under Computer Stuff, Windows Info

I recently wanted to make a screen recording for a demo. I downloaded and installed CamStudio, and frankly, I’m *amazed* at how well it works.
You not only want this, you need it. Go download it now.
http://sourceforge.net/projects/camstudio/?source=dlp

Leave a Comment : more...

Recreating Public Folder Hierarchies in Exchange 2010

by on Jul.24, 2012, under General Info

Have you ever deleted the old administrative group, before moving your public folders?
(me too) To recreate the Folder Hierarchies, and get your Offline Address Book publishing again, fire up ADSIedit.msc, and keep reading.

Create the “Folder Hierarchies” object under the Exchange Administrative Group
1. Right click on Exchange Administrative Group
2. Select New Object
3. Select msExchPublicFolderTreeContainer for the class and click Next
4. Enter the following for the value: Folder Hierarchies, click Next
5. Click Finish

Create the Public Folder Tree Object
1. Right click CN=Folder Hierarchies -> New Object
2. Selected msExchPFTree for the class
3. For the value we entered, “Public Folders” and clicked next
4. Click on the “More Attributes” button, selected msExchPFTreeType and set the
value to 1. Note: This is very important that this value is set to a value of 1 as
this tells Exchange that this is a MAPI Tree
5. Click Ok and then finish

Assign the pwner of the public folders:
1. Get the properties of the newly created “Public Folders” Tree object in ADSIEdit.
2. Copy the distinguishedname value to the clipboard.
3. Navigate to the Storage group that contains the Public Folder Store for this
server and get properties of the server.
4. Locate the msExchOwningPFTree attribute and paste in the value that was copied
to the clipboard in step 2. Click OK.
5. Restart the Information Store Service.

1 Comment : more...

Using msdeploy to move websites from IIS6 to IIS7

by on Feb.29, 2012, under Computer Stuff, Windows Info

I recently needed to migrate 7 different websites, with content, from IIS6 to IIS7.
Rather than copy everything by hand, and re-setup all the site bindings, and data sources, I decided to try using msdeploy, from http://www.iis.net

From the old server running IIS6, I ran this command first:
msdeploy -verb:getDependencies -source:webserver60
This displays all site dependencies for the IIS6 server. You need to make sure that all dependencies are installed on the new destination server. **

After insuring that all dependencies were installed, I issued this command from the new IIS7 server, to see what would happen without *actually* changing anything:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto <strong>-whatif</strong> > msdeploysync.log

Then, to actually fire the command, and migrate the websites, I ran this:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto > msdeploysync.log

YMMV, I’ll try to help if you get stuck. Let me know how it goes.

** Also, here’s the link I used to install ASP.Net 1.1 on Windows Server 2008. Thanks, Bill. You rock.
http://blogs.iis.net/bills/archive/2008/06/02/installing-asp-net-1-1-with-iis7-on-vista-and-windows-2008.aspx

2 Comments :, more...

Migrating Windows 2003 DHCP database to Windows 2008 DHCP server

by on Aug.11, 2011, under Computer Stuff, Windows Info

Export the DHCP database from Windows 2003:
1. On the Windows 2003 DHCP server, navigate to a command prompt
2. Type the following Command: netsh
3. Type the following Command: DHCP
4. Type the following Command: server <\Name or IP Address>
5. Type the following Command: export c:\dhcpexportfile all

Note You must have local administrator permissions to export the data.

Import the DHCP database to the Windows 2008 DHCP server:
1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. Install the DHCP Role on the server.
3. Stop the DHCP server service on the server. To do this, follow these steps:
a. Log on to the target DHCP server using an account that is a local Administrator.
b. Click Start, click Run, type cmd in the Open box, and then click OK.
c. At the command prompt, type net stop DHCPserver, and then press ENTER.
d. Type exit, and then press ENTER.

4. Delete the DHCP.mdb file from c:windowssystem32DHCP folder.
5. Start the DHCP server service.
6. Right-click on the Command Prompt (cmd) and select “run as administrator”.

Note You must have local administrator permissions to import the data.
7. Type the following Command: netsh
8. Type the following Command: DHCP
9. Type the following Command: server <\Name or IP Address>
10. Type the following Command: import c:\dhcpexportfile
11. Restart DHCP and verify the database has moved over properly.

Leave a Comment :, more...

Replacing Exchange 2003 OWA Virtual Directories

by on Aug.08, 2011, under Computer Stuff, Windows Info

Back up your IIS Metabase.
To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.

Delete the virtual directories for Outlook Web Access.
To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.

Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSync
OMA
Public
Quit IIS Manager.
Click Start, click Run, type cmd, and then press ENTER.

Change to the following folder. In this example, Drive is the hard disk drive where Windows is installed:
Drive:inetpubadminscripts
Type adsutil, and then press ENTER.

Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click Yes if you are prompted to register CScript as you default host for VBscript, and then click OK.

Note: If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript.

Type adsutil delete ds2mb, and then press ENTER.

Note: To set the default scripting host to WScript, type WScript //H:WScript at the command prompt, press ENTER, and then click OK.

Click Start, point to All Programs, point to Administrative Tools, and then click Services.
To restart the Microsoft Exchange System Attendant service, follow these steps:
Click Start, click Run, type services.msc, and then click OK.
Right-click Microsoft Exchange System Attendant, and then click Restart.
When you are prompted to restart the dependant Exchange Server services, click Yes.

Note: When you restart the Microsoft Exchange System Attendant service, the Microsoft Exchange Information Store service is also restarted. In this scenario, your Exchange Server users lose connectivity to their Exchange Server mailboxes.

The virtual directories are re-created. To verify that the virtual directories are re-created, start IIS Manager, and then view the Default Web site folder.

Important If the virtual directories are not re-created after 15 minutes, restart the computer.
Reset the access permissions to Anonymous. To do this, follow these steps:
Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab.
Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on.
Click to select the Integrated Windows authentication check box, click OK, and then click Apply.
If an Inheritance Overrides dialog box appears, click Select All, and then click OK.
Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box.
Click OK two times, and then quit IIS Manager.

Use a Web browser to verify that you can connect to your Outlook Web Access server. If you are also running other mobility services, verify that you can connect to these services by using an appropriate client.

Leave a Comment : more...

USB pass-thru in Virtualbox on a windows host

by on Jun.22, 2011, under Windows Info

In order to make a USB device available to a Virtualbox guest, you need to have the device physically plugged into the VMhost, (the machine running Virtualbox Server) but it CANNOT BE MOUNTED. (I screamed that last part because it’s important.)
To do this, you’ll need to use the Windows diskpart command to disable automatic drive enumeration on a Windows server installation with the following commands:

diskpart
automount disable
automount scrub
exit

Now, reboot your VMHost, and Virtualbox will allow you to capture and use the USB device in the guest OS. And Robert remains your mother’s sister’s brother. ;)

Leave a Comment : more...

Reset Blackberry BAS admin password

by on Mar.02, 2011, under Networking, Windows Info

Fire up SQL management studio express, and run this query:

DECLARE
@DisplayName VARCHAR(256),
@Authentication VARCHAR(256),
@AuthenticatorTypeId INT,
@AuthenticatorInstanceId INT,
@ExternalAuthenticatorId VARCHAR(255),
@EncryptedPassword VARCHAR(256)

/************************************************************
Start of editing required section
*************************************************************/

SET @DisplayName = ‘System Administrator’ — Display name (Not always used)
SET @Authentication = ‘BAS’ — ‘BAS’ for BAS authentication
SET @EncryptedPassword = ‘7B7ECF0DAF70D040345D8DD92607E274969F4BA5DFDFAEAC5DE775E5340CDF605D5762EC5D326498ADBE72E7434897025A8702D0237046F554DBCA5769B90154:7637B189’ — Encrypted string of password ‘blackberry’

/************************************************************
End of editing required section
*************************************************************/

IF @Authentication LIKE ‘BAS’
BEGIN
SET @AuthenticatorTypeId = 0 — Set to 0 for BAS
SET @AuthenticatorInstanceId = 0 — Set to 0 for BAS
SET @ExternalAuthenticatorId = NULL

IF NOT EXISTS (SELECT * FROM BASUsers WHERE LoginName = ‘admin’)
EXEC SetUpBASorADAuthentication @DisplayName, @AuthenticatorTypeId, @AuthenticatorInstanceId, @ExternalAuthenticatorId, @EncryptedPassword
ELSE
UPDATE BASUsers
SET LoginPassword = @EncryptedPassword
WHERE (LoginName = ‘admin’)

END
GO

Leave a Comment :, , more...

PCI Compliance and IIS 7

by on Jan.14, 2010, under Windows Info

Need to determine if you are using weak ciphers in IIS?
Try SSLDigger, it’s a free utility from Foundstone.

Also, if you’re running Windows Server 2008, and want to just disable all weak ciphers, you can use these registry merge files.
Just merge them with your registry, and reboot. Here they are.

I should point out that just randomly merging registry files you've found on the Internet is a lot like eating a sandwich that you've found on the sidewalk. If you don't understand what you are doing, you may want to do a little research first. I can't help you if you destroy your servers with these files. You've been warned.

1 Comment :, , more...

Outlook Recurring meeting problem

by on Jan.14, 2010, under Windows Info

Shamelessly ripped from Slipstick: (thanks, guys)

If your Outlook seems possessed and turns all of your meeting requests into recurring meetings, you have a Dell laptop with MediaDirect.

There is a bug in the add-in that reads Outlook meetings so Media Direct’s Instant Office can display then without fully booting into Windows. You’ll need to uninstall it, or disable the add-in called “Outlook Setup Addin (Cyberlink)” to put an end to the errant recurring meetings.

Original post here:
http://www.slipstick.com/problems/recurringmeetings.htm

Leave a Comment :, more...


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets.org is proudly powered by

Use OpenDNS

Entries (RSS) and Comments (RSS)
Register - Login - Stats

Visit our friends!

A few highly recommended friends...