Archive for January, 2010
Using PSKIll to kill tasks from the command line.
Jan 7th
Yesterday I had a nasty run in with a fake antivirus application yesterday. I was trying to remove it and un-do the troubles it had caused the user. But I was unable to delete the executables associated with it due to there being in use. So I tried to bring up the task manager and got an error message that this was not allowed… WTF?
But wait it got worse… As I was trying to open a alternative task manager I got a blue screen of death…
Huh? I was able to Alt-Tab out of the error seeming it was just a running program with an image…. Sons of bitches! I needed to stop these processes so I can start recovering… So I dropped to a command prompt and ran this command:
taskkill /IM av1010.exe
This will cause the program to terminate gracefully, asking for confirmation if there are unsaved changes. To forcefully kill the same process, add the /F option to the command line. Be careful with the /F option it will kill all processes with the name you specified without asking for any confirmation.
You can also kill a single instance of a process this is helpful if there are multiple instances of the same name application running. All we need to do is specify its process id aka PID.
If your rouge process has a PID of 321, use the following command to kill it:
taskkill /PID 321
Using filters (/FI), a variety of different patterns can be used to specify the processes to kill. For example, the following filter syntax will forcefully kill all processes owned by the user AtA:
taskkill /F /FI "USERNAME eq AtA"
The following table shows the available filters and their use.
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq ne RUNNING | NOT RESPONDING
IMAGENAME eq ne Image name
PID eq ne gt lt ge le PID value
SESSION eq ne gt lt ge le Session number.
CPUTIME eq ne gt lt ge le CPU time in the format
of hh:mm:ss.
MEMUSAGE eq ne gt lt ge le Memory usage in KB
USERNAME eq ne User name in [domain\]user
format
MODULES eq ne DLL name
SERVICES eq ne Service name
WINDOWTITLE eq ne Window titleeq: equals ne: not equal
gt: greater than lt: less than
gt: greater than or equal le: less than or equal
I was able to kill the processes and delete them. I removed references to them in msconfig and then rebooted. I was able to run Malware Bytes and clean out the rest of the garbage.
Windows 7 God Mode let’s you access all system settings in one place.
Jan 6th
Enable ‘GodMode’ in Windows 7 – The funniest videos are a click away
So it turns out there are a list of folder “Codes” that you can add to the end of a folder name to create all sorts of special folders. Check out the list of codes here:
{00C6D95F-329C-409a-81D7-C46C66EA7F33}
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
{1206F5F1-0569-412C-8FEC-3204630DFB70}
{15eae92e-f17a-4431-9f28-805e482dafd4}
{17cd9488-1228-4b2f-88ce-4298e93e0966}
{1D2680C9-0E2A-469d-B787-065558BC7D43}
{1FA9085F-25A2-489B-85D4-86326EEDCD87}
{208D2C60-3AEA-1069-A2D7-08002B30309D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2227A280-3AEA-1069-A2DE-08002B30309D}
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
{4026492F-2F69-46B8-B9BF-5654FC07E423}
{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
{78F3955E-3B90-4184-BD14-5397C15F1EFC}
And, as a reminder, to create the God mode folder itself, use this string:
{ED7BA470-8E54-465E-825C-99712043E01C}
All you need to do is create a new folder with any name, then a period, then one of the text strings above. For example, the first one could be a folder named “AskTheAdmin.{00C6D95F-329C-409a-81D7-C46C66EA7F33}” (use everything inside quotes–but not the quotes themselves).
This should make customizing your Windows 7 machine a lot easier!
Display the up time of a workstation or server.
Jan 6th
Do you ever need command line access to see how long a Windows Server has been up for? This morning I did. I needed to prove that a machine (Windows Server 2003) was up last night at 3 am when a critical process was going down. Someone flucked up and it sure wasn’t me! So…
Using one of my favorite command line commands NET I will show you quickly how to display your Windows up-time:
net statistics workstation
This will show you a similar screen to this:
The first line across the top shows when the machine was last rebooted along with some other geeky goodness. Do you have an easier/quicker/more obscure way of doing this?
_TheObscureAdmiN_
How Can I Change Local Passwords on A LOT of Workstations? (2 Years Ago Today)
Jan 5th
I know the feeling of your secure network being compromised by an end user… Passwords do fall into the wrong hands and then what do you do? Scenarios start running through my head and I make a mental list of all the passwords and system configs that need to be changed. These aren’t fun times in Admin land but they usually breed scripts and easier ways to do the necessary!
El Di Pablo tell us of his experiences… And is culminated by using a Great tool that AtA LOVES! Check it out…
I had a bit of a scare the other day. I get a call from a user in the field.
She is traveling with her laptop and she was calling from her hotel. she was complaining that she couldn’t log into her laptop using her normal log in credentials, and that the only way she could log in was using the local administrators account.
“Local Admin what?!?!”
I exclaimed then started hyperventilating. I asked her how she came across the local administrator password, and she told me that one of the techs at the company that is no longer with us gave it to her a long time ago.
I asked her to spell out the password for me, and low and behold it was the corporate standard.
I ran to my bosses office and reported the compromise, and recommended changing the local passwords. He agreed and called a meeting with me, our head desktop technician and one of the senior systems administrators to come up with a plan of attack. I told them that I can easily change these passwords using a script and pspasswd.exe that comes with Sysinternals PSTools.
I told them that I can export a list of all of the workstations on the network from Active directory, and put them in a text file. pspasswd will read directly from the list in the text file and change the password of the specified account on each computer in the list. I showed each of the guys in the meeting how it works, and they agreed that my script would be the best way to go with this.
Here is an example of the syntax used in my script. Keep in mind that this script must be ran from within the directory containing the pspasswd.exe program or else you have to modify the script to change into it’s directory. Of course, if you know batch scripting well, you can add all sorts of stuff to the script, but the basic run command looks like this:
>set /p filename=”Please enter name of computer list (ie: computers): “
>pspasswd @%filename%.txt -u administrator@domain.com -p password
administrator newpassword >> %filename%-results.txt
You’ll notice that I added an output to a text file so I could create a log of which workstations the password was changed on, and which ones it wasn’t. That is a good idea so you can keep whittling away at it until the change has been completed on all workstations. Also, you’ll notice that I added the -u and -p switches. You don’t need that if you are already running the script from an account that has permissions to change local passwords.
There are many other little changes you can do as well. I used the set command because I had different lists for different offices. You could just put the computer names in one list and not use the set command.
Let me know if you have used this or a similar product, and perhaps some other scripting ideas for this.
This is one of those articles where you HAVE to read the comments. You guys have some great insights and ideas! Keep on Commenting, that is what makes this site great. Go ahead pat your self on the back!
Upgrading WordPress to 2.9.1
Jan 5th
Keeping up with the upgrading process over here at http://www.askTheAdmin.com I just finished upgrading to 2.9.1. I backed up my database and did the automatic upgrade via my WP-Admin console as you can see here:
2.9.1 comes out about three weeks after the official release of WordPress 2.9
Bugs that came to bite Bloggers and Webmasters in the ass are now fixed including problems with scheduled posts and pages on some web hosts.
Scheduled posts would not be published at the time configured by the user but appear as missed in the list of posts forcing the webmaster to reschedule and hope for the best or to publish it manually.
There are 23 others fixes that are listed in this ‘minor’ upgrade. Five of the bugs listed have been rated high while the majority received a normal rating. Several updates fix installation and upgrade issues that webmasters might have experienced.
You can use the automatic upgrade feature or download WordPress 2.9.1 from the official WordPress website.
How to lose your data
Jan 5th
See that picture? When it happens to you, it may not look quite that bad (or be quite that obvious), but data loss sucks. And it does happen. I’ve been working with computers for 10+ years, and I’ve had it happen a couple times myself. Did I mention how much it sucks?
I’m not going to spend a couple pages telling you why you should backup, I’m just going to be straight about it, unless you really couldn’t care less if that happened to your computer, you are flat out stupid if you are not backing up your data on a regular basis.
Instead of telling you why to backup, I’m going to tell you how to ensure that you are not going to get your data back, even if you think you are backing it up.
Method 1: I’ll just back the data up to CD/DVD.
Well sure, this will work for a bit, but:
- Ever try to save 20GB to CD? Or 250GB to DVD? Ugh.
- How long do you think that optical desk is going to be readable?
Going this route, you can quickly end up trapped behind a small mountain of plastic. Or lets say you manage to somehow keep the optical disks to a manageable quantity, will the marker you labeled it with make the disk unreadable in a year, or is the dye layer unstable, rendering your disk unreadable in six months, or will the glue on the label you made for the disk make it worthless in a year or two? These are just a couple of examples of why optical media should not be considered an archive grade solution.
Method 2: ok then, I’ll just copy the data to a USB hard drive.
Sure it’s better than nothing, but single HDD solutions are not going to keep your data safe. Hard drives fail. In fact it will happen to every single hard disk you will ever come across. The only question is; when? It’s not a matter of if, or of MTBF (mean time between failure), it is more a matter of “you never know, it could fail in ten years, or in ten seconds”.
Don’t get me wrong, if this is the only way you can back the data up, then it is your only choice, and it’s better than nothing. Just be aware, as soon as you copy the data to that USB HDD, the “Clock of Death” is ticking.
Much better would be to copy the data over to a machine with a RAID storage system (preferably RAID5).
Method 3: I bought actual Backup Software (or use a vetted Open Source solution), and run Incremental Backups (to tape!) every single day!
Ok, so you spent some money on a tape backup solution, spent hours reading the manual and configuring your backup. Congratulations, I bet you think your data is safe! Until you find out how Incremental Backups really work (this usually happens after a disaster, and the tapes is all you have left of your pr0n, illegal mp3’s downloaded movies warez mission critical data).
Let’s pretend for a minute that your backup tapes look something like this:
Full_backup_tape (tape 1 – doesn’t matter what you tell it to be, the first backup is always and without exception, a full backup)
Incremental_backup_1 (tape 2)
Incremental_backup_2 (tape 3)
Incremental_backup_3 (tape 4)
Incremental_backup_4 (tape 5)
Incremental_backup_5 (tape 6)
And then you have a catastrophic failure. So you’re sitting there at 2am merrily running the restore, and you hit a snag: tape 2 won’t read. Doesn’t matter why, the tape could be bad, maybe you left it out of the tape safe overnight, and the radio station next door managed to erase it with the magnetic waves they transmit (this actually happened), the data is gone. So is all data after it. See Incremental backups require that all tapes since the last full backup be present and working. So tapes 3-6 may as well be empty, because you are never getting the data off of them. Ever.
If you can’t run full backups every day, use Differential backups instead of Incrementals. Let’s say that in the scenario the user had been running differentials rather than incrementals. They could then restore to current using just the original full backup, and the last differential.
Method 4: Now I’m running differential backups to tape every single day!
But you fail to check the backup logs every day, and the backup job you though had been running for the last year actually failed 273 days ago, and has been requesting the “correct” tape since then. I’ve seen this one a lot (in fact, I think this would be the most popular reason for data loss if you have backup software running).
You’ve got to check your backup logs. It sucks, and it’s boring, but it’s one of those things you just have to do.
Method 5: Alright, I’m running differentials to tape, and have been checking my logs for the last 2 years every single day!
But you’ve never run a test restore. If you haven’t restored data from the tape successfully, there is no data on the tape. The tape was bad, the backup software failed (silently of course), the gremlins ate it.
Method 6: Ok, now I spend two hours reading the log and then randomly restoring files from my backups (before putting the tapes in the tape safe) every single day!
And then your server room catches fire. All machines, and the safe holding the backup tapes are destroyed. You never took any offsite, because you have a tape safe. It happens. It’s unfortunate.
Method 7: Enough, I give up on tape! Now I run a full backup to a RAID5 NAS every single day!
But you ordered your NAS with the drives form the manufacturer, and they used 4 HDD’s from the same batch, and two failed. This is the one that always gets them! The strength of RAID5 is that more than one drive has to fail before the RAID is unrecoverable. The weakness is that hard drives from the same batch tend to fail at the same time (or thereabouts).
To strengthen your RAID system, always make sure that you have drives from different batches, if not from different manufacturers (this is not always the best idea, but that is an argument for another time). For instance: to take care of my backup needs at home, I bought a Buffalo Terastation. Unfortunately, Buffalo sent me a Terastation with 4 drives from the same batch (you can usually tell if they all have the same date on them, sometimes there will be a batch code on the drive). I bought 3 more of the same model drive from 3 different manufacturers, and now have the most healthy RAID I can.
These are not the only ways to lose data, but they are by far the most common. How would I know? I was the Worldwide Manager of Technical Support for a backup software company for several years. And I always got to be the one to explain to the customers why their data is gone.
So what do I do?
There are as many answers to that question as there are IT shops with backup systems. Here is how I protect data at my office:
I backup all data every day (full backup) to a NAS configured in RAID5, with a hot spare. I check the health of the RAID every day (it takes about two minutes). Once a week I backup the entire RAID to LTO3 tape, and take the tapes offsite (currently I am taking them home, where they go into a DATA rated fire safe (there is a difference, do your homework), and then into my large safe where I keep all my other valuables. My ideal would be to have them delivered to a bank safety deposit box, but that costs money.
At home, I back up all my data to the aforementioned Terastation. Once per month, I copy all the data off to a USB HDD (actually two of them), and take one to work where it goes into the tape safe.
Is it perfect? No. Does it stand a much better chance of keeping that data alive through a catastrophic event? Absolutely. You don’t have to go to these lengths to protect your data, but you should be aware of the risks.
