Windows

From neil.tappsville.com
Jump to navigationJump to search

Cygwin

Cygwin allows you to use all you normal unix (grep, cut, cat, uniq etc) commands under windows, and as a bonus you can pipe '|' commands together.. ahh bliss.

If you work with UNIX and Windows, this is the bridge (Its like how Macs are the best of all worlds these days). Remember to add the directory to ..cygwin/bin to the computers path (make sure it is last else you will end up with interesting issues).

Even better, depending on what you downloaded, you can run open-ssh under windows as a service, run squid as a proxy the list goes on.

Open-SSH

I'd highly recommend anyone having to run a Windows server or desktop as a server (as I do), to configure open-ssh which will allow you to login remotely using ssh (well ssh2 if your not in the stone age).

The real advantage of this is allowing you to get to your server at home should the proxy at work only allow access to web pages. Most proxies wont check https packets and thus, configuring your ssh deamon to run on 443, you have a way to get home :)

I better put something here about port forwarding since its often miss-understood or not even know about.

Creating an SSH2 connection between two severs allows you to run commands on box B from box A. If box B allows port forwarding, over the SSH2 connection you can forward ports from machine A to any machine B can contact or even B!. So for example if you ssh to from work, to your windows server at home that has open-ssh running. Once connected you can portforward port 9999 from your work computer to localhost:3389 on the home machine. Fire up the windows rdp client (mstsc.exe), point it at localhost:9999 and hey-presto, the machine at home ssh magically appears.

Another hidden secret of open-ssh running on windows, is you can sftp files over the same connection :) no port fowarding required :)

Quite simply, think of ssh as a tunnel, once you can tunnel from A to B you can put whatever you like through it :)

Sysinternals

After cygwin, the sysinternals suite is the next most useful set of tools an Admin can have on a windows box. http://technet.microsoft.com/en-US/sysinternals

Sysinternals started life a private company whom were doing a lot of reverse engineering of the windows platform. Several blue moons ago they were acquired by Microsoft.

Windows Scripts - VBscript Cscript

Light weight scripting that can access a whole host of application functions via integrated dll's. I consider VBscript under windows to be the equivalence of perl on unix (exc. limitations of both).


Disk Partitions

This is more a good administration guideline, but since most Windows admins dont have a clue I'll put it here (using windows lingo)


C:\ OS drive, applications and OS only.

D:\ Swap and Temp partition, this should be a different physical disk to C, thus when your users dont do their laundry, the system doesnt crash

E:\ Users drive, the good old 'Document and Settings' folders should go here, Users can go nuts without affecting temp or the OS

I've seen many a production server run out of space due to log files (yes I know IIS logs to the system32 folder) and user data filling up the OS partition.

IIS 5.1 Make it more secure

This is taken from notes I made several years ago - under Windows XP, PHP is installed ontop and the box runs perl and cygwin.

  • For the logs dir - Administrator gets full rights + authenticated_users + ISUR_computername_RWC
  • Disable WebDEV

HKLM\SYSTEM\Current ControlSet\Services\W3SVC\Parameters Add value = DisableWebDAV Type = Dword data = 1

  • IIS Lockdown Tool

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25064 Allow Admin + Authenticated users to run Command.com, Cmd.exe, ftp.exe, regedit.exe regedt32.exe, telnet.exe, tftp.exe, system32// calcs %systemroot%\*.exe /T /G System:FAdministrators:F

  • FTP server

- root dir specify who can upload - untick annonomus access - change default/annonomus to ftpuser ISUR_Compuername if no write access, cant upload to the dir

  • URLScan

RDP Port Change

Windows RDP allows you to remotely log into a windows machines console - usually a display (on a windows server you can force the remote connection to the 'actual' console).

Launch the client mstsc.exe enter hostname:port


Change the Port the RDP service is running on by modifying the following reg key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

CLI shortcuts

http://ss64.com/nt/run.html


Rsync Remote Backup

This page Cygwin_Rsync details how to backup a Windows XP machine to another Windows XP machine over the internet.


Enable Group Policy Editor

Desktops that have an AD membership, generally will be locked down. Network Admins generally forget that local admin (on a windows host) trumps the network admin rights. If you have local admin rights and the group policy editor is locked (or you need a permission to for example change remote desktop settings / screen saver etc) you can temporary enable gpedit.msc

HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC 
Double-click the RestrictToPermittedSnapins value name and change the data value to 0. 
Exit Regedt32 and try to start Group Policy Editor. 
If you still receive the error, 
set the Restrict_Run data value to 0, if it exists, at: 
HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3} 
and/or HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3} 
Exit Regedt32 and try to start Group Policy Editor.

Backups

After loosing 5 years of stuff, I have some scripts which do simple backups from my local PC to my network drive each time I login.

Backup Favourites (this is in a .bat file which I place in the start menu - startup folder)

xcopy "%USERPROFILE%\Favorites" "h:\backup\Favorites" /E /C /H /R /Y

xcopy "%USERPROFILE%\Application Data\Mozilla\Firefox\Profiles\f6uc5wns.default\bookmarks.html" "h:\backup\Favorites\Firefox\" /C /H /R /Y

Backup putty settings (this is in a .bat file which I place in the start menu - startup folder)

@ECHO off
   SETLOCAL
  :: IF [%1] NEQ [] goto s_start

   :: Author - Simon Sheppard, July 2003
   :: Tested for Windows NT, 2K, XP
   :: Bastarised to backup putty settings by Neil Tapp

   :: To change the filename format just change around the last line below

        :: GOTO :eof
        ::  :s_start
        ::      SET _file=%~n1%
        ::SET _pathname=%~f1%
        ::SET _ext=%~x1%

        ::Get the date
   ::  note ISO 8601 date format would require 4 digit YYYY Year)

   FOR /f "tokens=6-8 delims=/ " %%G IN ('NET TIME \\%computername%') DO (
         SET _mm=%%G
         SET _dd=%%H
         SET _yy=%%I
         )

   ECHO Today is Year: [%_yy%] Month: [%_mm%] Day: [%_dd%]

   regedit /E "Putty_backup-%_yy%-%_mm%-%_dd%.reg" "HKEY_CURRENT_USER\Software\SimonTatham\PuTTY"


I then use a MS tool - Synctoy to backup files from the desktop to an external drive. http://www.microsoft.com/en-us/download/details.aspx?id=15155 This tool will copy whole files if they have changed, not deltas like rsync. Its easy to setup and use, thus why I use it at work / between windows boxes and external hdd's.


KDiff

A pretty cool tool that allows you to do 2way and 3way file content comparisons. Integrated to Explorer - select two files - right click - compare

kdiff3.sourceforge.net/


Enable Remote Desktop Remotely

I keep ending up at the wrong end of the network trying to get into a machine where Remote Desktop hasn't been allowed. Generally if your 'the admin' you will be in the right remote desktop admins group' but if someone hasn't ticked the 'Allow users to connect remotely to this computer' option on the windows host your stuffed.

Download psexec and psshutdown from the sysinternals website, create a batch (.bat) file and your away (even on locked down machines that cant run regedit!)

psexec \\remote_machine_name_or_ip reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

psshutdown -r -f -u username -p password \\remote_machine_name_or_ip


Wallpapers

This website is a good source for high quality wallpapers hdw.eweb4.com/


Windows GUI Automation

AutoIT3

DNS release

ipconfig / flushdns
net stop dnscache
net start dnscache

Command Prompt in right click context menu

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Command Prompt\command]
@="cmd.exe /k pushd %1"

Batch Script Locking

:init
set "started="
2>nul (
 9>"%~f0.lock" (
  set "started=1"
  call :start
 )
)
@if defined started (
    del "%~f0.lock" >nul 2>nul
) else (
    echo Process aborted: "%~f0" is already running
    @ping localhost > nul
)

exit /b




:start
cd /d %~dp0
:: REST OF THE SCRIPT