Sunday, August 31, 2014

Recently Found in the Internet’s General Store

I think if I had to start my own business, I’d love to open a small-town “un-general” store.

It would be have hot coffee and cold root-beer along with uncomfortable wooden chairs and tables for sitting. It would have not have Wi-Fi. The shelves would be filled with uselessly cool things of interest to no-one but me and the locals; like twine and carabineers and itchy woolen garments and conductor caps. And there wouldn’t be computers, but maybe some manual typewriters for visitors to use for their communication needs. And a pay-phone outside under a single dim street light.

It would open when I felt like getting up and close when I got tired of having company.

It would be filled with Americana melodies from artists no one has ever heard before and would never forget. And Opera.

I would probably call it something like “<tiny town name>’s Curmudgeonly Un-General Store”.

It would seem smaller on the outside and have a blue entrance door. That would be grand.

Anyway here are an assortment of links off the shelves of that make-believe place. Disregard any of the expiration dates at your own peril.

I ended up manually uninstalling “KB2982791” from all my Windows systems. The posts indicate that when the new update gets installed, the system will use the new code and just not execute the old code…therefore uninstallation is not required, but since MS pulled the patch, I’d rather not have it sitting there on my system, even if it is unused. I didn’t have any issues after the uninstall and mandatory reboot but YMMV.

You aren't using Resource Monitor enough - Scott Hanselman - A long time ago I found and posted about the various advanced troubleshooting tools Windows can offer. Though I am now fully enamored with the power of the Windows Performance Analysis Toolkit (WPT) for Windows (SDK 8), Scott’s post is a good reminder that with some skilled usage, Resource Monitor can be a great starting place and useful tool since it is already installed on Win 7/8/8.1 systems.

Case of the Excel Hang on Worksheet Open - chentiangemalc

Session Manager Firefox Add-on - MoonPoint Support Weblog

Some time ago Lavie (who leaves a bazillion tabs open in Firefox as her page-management technique) had a Firefox crash that wiped out her history of open tabs and the like. Painfully she had to start over again. She does have bookmarks, but most material she either is reading or plans to read is left open in a tab. The Session Manager Add-on that MoonPoint highlights would have saved her bacon. It will be a new feature coming soon to Lavie’s Firefox install!

Editing ISO files with Magic ISO Maker - MoonPoint Support Weblog

DAYU Disk PhotoFiltreMaster Free looks like an interesting product. More information in this BetaNews article: DAYU Disk Master Free: image backups and more

AOMEI OneKey Recovery is another free partition management tool that allows for system backup to a recovery partition. More info in this BetaNews line AOMEI OneKey Recovery allows you to recreate your PC’s recovery partition, and hat-tip to tinyapps.org who passed on a lead to it.

How To Quickly Repair Windows System Files in Windows 7 / 8 - Next of Windows - “sfc /scannow”

New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 - Sysinternals Site Discussion blog

Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12 - Sysinternals Site Discussion blog

Some tools in Outlook 2013 for diagnosing Exchange connectivity issues - MarkWilson.IT

Why Chrome Browser Looks Fuzzy in Windows 8 and How To Fix It? - Next of Windows

PhotoDemon - a fast, free, portable photo editor - I have Paint.NET, Photoshop (CS4), RawTherapee, Photivo, GTKRawGallery, Scarab Darkroom, FotoSketcher, and PhotoFiltre (to name the main ones) that I flit between while making edits and manipulations to digital photos. PhotoDemon is a new one to me and I’m positively loving it. It is jam-packed with filters and custom edits, it supports layers, and is very intuitive to use. There seems to be a lot of similarities in the usage, menu-system with Paint.NET so I instantly felt at home. It may not replace all of the other “fun” digital image tools I use, but it could replace more than a few. Since it is portable by design, clearing off the others would make easy room for this one…and allow me to reclaim some space in the process on my USB stick.

Best free video editing software: download these DSLR movie editors today - Digital Camera World - I was familiar with most in this list but there were some new-to-me finds that made the list bookmark-worthy.

RegEx 101 - Online regex tester and debugger: JavaScript, Python, PHP, and PCRE

Debuggex - Online visual regex tester. JavaScript, Python, and PCRE.

Regular Expressions Quick Start - Regular-Expressions.info

regular expressions 101 - DonationCoder.com This is the post that got me started and led to me finding the above RegEx links. For some desktop level applications to help with RegEx testing and learning, this post by Sivakumar K. at Hongkiat.com has a good list of options: Regular Expressions: 30 Useful Tools and Resources. I didn’t see these listed: Regular Expression Editor by WaterProof Software and Simple Regex Tester at SourceForge.net. Other projects at SourceForge include Regex Creator and Regular Expression Editor (RegExpEditor)

Apple’s iMessage becomes a major source of mobile spam - TechBlog

How to block and report iMessage spam to Apple - iMore

I’m now generally seeing at least one spammy iMessage notice a week, and like Mr. Silverman, it seems to deal with fake sunglasses.  Both posts above provide guidance on how to report iMessage spam to Apple to help with the whack-a-mole.

Problems with a wireless mouse and USB 3.0 flash drives was driving me crazy! - RMPrepUSB, Easy2Boot and USB booting... blog.  Great post about troubleshooting the unintended consequences of ubiquitous hardware! 

Ultimate Settings Panel One Click Access To Windows & Outlook Settings - AddictiveTips. Not for the feint of heart or Windows noobies.

Windows Performance Analysis Field Guide–Book Review - chentiangemalc.

TechEd in Houston Texas; and other troubleshooting bits - GrandStreamDreams blog - The above book reminded me that I still have a lot of TechEd presentations to get caught up on!

GlassWire - free new software firewall and network monitor. Hat-tip to tinyapps.org who directly pointed this gem to me and did a great micro-review in his blog post Beautiful new software firewall and network monitor. It’s been a lifetime ago since I spend any amount of time posting on firewalls for Windows platforms and a lot has changed since that time.  TinyApps also linked to a great firewall testing tool Comodo's HIPS and Firewall Leak Test Suite. Check out the post and follow-on linkage.

Currently, I continue to run the default (and lightly tweaked) Windows Firewall on our home systems. (GlassWire might lead me to change with the degree of logging/reporting it offers.) Windows Firewall does have some disadvantages.

Thus this post was interesting.

How to Control and troubleshoot outbound traffic in Windows - Next of Windows. It points to a portable and free network file tool -- Windows Firewall Notifier -- that “enhances” Windows Firewall in that it can display notifications for outbound connections. The current version 1.9.0 is from March 2014,but the  author has a newer beta version 1.9.1.9 (pending the v 1.9.2 public release) that is available from the downloads page. YMMV.

Cheers!

--Claus Valca

O365, Outlook Clients, and Custom Domains

For reasons I still don’t fully understand, it appears that the IT consultant at the church-house is having some ongoing challenges getting the staff Microsoft Outlook desktop clients configured to attach to the new Microsoft hosted O365 Exchange (custom domain) accounts.

I believe the “migration” process went like this.

We had a custom domain and had been hosting the email on our own in-house Exchange server. Minor problems but we had an experienced Exchange/Server admin.  Then we suddenly didn’t.

Then we started having issues…and the domain got suspended, and the email stopped flowing, and problems compounded.

So the new IT consultant recommended moving to O365, getting a Microsoft-hosted Exchange platform but still using our (now restored) custom domain.

The staff have since been able to use the O365 web mail portal with their email accounts with no issues to send/receive their emails. However getting their desktop Outlook clients configured to point to the new custom-domain O365 Exchange host has been fraught with drama and failure.

I’ve been too busy with other “day-job” tasks to devote my basic Exchange/O365 troubleshooting skills to the task.

At the home-office we use O365 with Outlook clients and the account setup in the desktop client is auto-magical with our AD/domain account discovery process. Rarely do we have to deep-dive into advanced Outlook configuration options.

But this isn’t my normal playground, so I did do some basic web-searches on how the subject and the process seems pretty straight forward:

Next time I get off early and Lavie is still working, I’ll see if we can figure it out ourselves.

Or at least get enough notes and error dialogs in the process to sort out what is going on and pass them on to the IT consultant.

BTW, this seems like a good opportunity to remind the dear readers about Microsoft’s Office Configuration Analyzer Tool (OffCAT) utility. Just saying that it might be a helpful diagnostic tool.

Download Microsoft Office Configuration Analyzer Tool 1.2 - Microsoft Download Center.

Cheers.

--Claus V.

OneNote for iOS

Just like I post “linkfests” here for my archival reference and for sharing, I collect URL’s for family and friends as well.

These typically run much less technical; though admittedly more than fairly geeky.

Common subjects are interior design trends, architecture, recipes, Dr. Who fandom bits, short films, science, and faith/life-balance.

Unlike the GSD blog where they get shoved out on stage and dialog/feedback is relatively rare, these more personal links across the web are chosen with discussion and togetherness in mind. They are random encounters discovered that can be shared and reflected. We need to build out new dreams, wishes, and hopes as we re-discover the Lavie and Claus bond that isn’t centered around Alvis any longer.

The iPad makes a great platform to pull out on the couch when I’m sitting with Lavie. It’s a lot more comfortable (and feels more personal/intimate) than using either of our laptops.

Only sharing the sharing bit is a bit clunky.

I’ll send the URL collection out via email, but when we want to view the links together on the iPad, it requires opening the email client, finding the email (which can be quite buried…so it needs to be tagged/flagged), then clicking an embedded link. From there we review, then we need to return to the email client and hit the next one. Repeat.

It works but is a bit clunky.

What I wanted to do for some time is to select the HTML markup body of the email, paste it into a document editing app, then just use that as the launching place.

Probably because I’m still not very familiar with the iOS app landscape this discovery process has been more of a challenge than it should be.

My first hope was that Notability (App Store on iTunes) could handle embedded HTML markup copied and pasted. Nope.

Neither could Byword (App Store on iTunes) or Documents by Readdle (App Store on iTunes). In all cases it would strip out the HTML markup code and leave me with useless plain text.

Why was it hard to find a note-taking or document app that would keep copied HTML markup?

Eventually I found what I was looking for.

Microsoft OneNote for iPad  and Microsoft OneNote for iPhone (App Store on iTunes)

I’m very familiar with OneNote usage on the Windows desktop (I have an Office 2010 version) but didn’t think about using it on my iDevices.

One “gotcha” is that you will need to log in with a valid account to use the application. Having a Microsoft Outlook Live account makes the process very smooth. There were some extra validations and secret code-pasting required but it was easy to follow.

Once I had the application installed and linked, I tested it by copy/pasting a big block of HTML markup from one of my emails to Lavie and Alvis with tons-o-links into a fresh note page.

Hurrah! It looked like it kept the HTML formatting! I selected one of the links and it opened up quickly and perfectly in Safari.  Solution found!

I then installed the app on my iPhone. This time all I had to do was log in, no additional account validation was required second go round.

I must confess, the iPad version looks and works much more like the Windows desktop version than the iPhone version. However, having quick access to the notes is indeed handy.

To add another major boost to handy-access of things, I quickly discovered I could link the additional OneNote notebooks I have on my desktop via the OneNote 2010 application I use to both the iPad and iPhone apps. It leverages Microsoft’s OneDrive storage platform.

I’m still not ready to drink shoving all my electronic life to the “cloud”, but this is a handy start.

So, if you are looking for a way to keep HTML markup notes -- from web or email snippings -- on your iPad or iPhone, then the free OneNote iOS apps are a great option to consider. And doubly so if you have a Windows client version of OneNote 2010 or higher on your desktop.

Don’t have Microsoft OneNote for Windows desktop? Microsoft offers it for free:

Download OneNote 2013

Other platforms supported are Windows Phone, Mac, Android, Amazon, and the Web

Cheers.

--Claus Valca

Sunday, August 10, 2014

I’m sure there is a better way to accomplish this…

In my GSD blog post Anti-Malware Response "Go Kit" I outlined a variety of tool-sets and standalone tools that I carry on my USB flash drive for dealing with malware responses on friends/family systems.

Keeping the IR tool-sets (Confessor, MIR-ROR, rapier, TR3 Tool Kit v2, and triage-ir) updated is a lower priority for a number of reasons.

  1. It’s a lot of work,
  2. the developers often require (due to licensing) the end user (me and you) to download the supporting binaries directly from the developers’ sites, and
  3. you always run the risk that a later utility update may break the way the scripts run on the package.

None of those are deal-breakers, but because of that, keeping those updated (aside from the main IR package) leads me to not update them as frequently, maybe once a quarter to biannually.

The ones that I do update frequently are the ones that are used to to sweeps for malware and/or viruses.

Most of these are signature based, and if they are updated, there there is a high likelihood a scan with an older tool may miss something critical!

So to keep them updated, I have a bookmark folder with URL links to all the tools. I then go down the list, click, download, copy to USB, rinse and repeat.

So yesterday I wondered if I could automate the process a bit. Kind of like a poor-man’s version of NirLauncher or KLS SOFT’s WSCC - Windows System Control Center.

I’m sure there is a better way to do this, but this was my “it works for me” result.  I’m not posting the actual files (at least in fullness for now) but will show you the basics so you can build your own if you want.

First, I considered (and may still go to) a process/script that uses Wget for Windows - GnuWin32.

But I wanted to start with what I knew (or thought I did) for now.

To get the ball rolling, I made a “landing zone” folder on my Windows system at C:\TEMP\AMW_Packages

This is where I wanted to download the updated files into. I wanted to keep it separate in case I decided I didn’t want to end up overwriting any of my previous files. So once all the packages are downloaded here, I will manually copy them over onto my USB drive folder where they reside full-time.

I then created a Windows BAT file called “a-AMW_Package downloader.bat”

It does a few things.

It deletes all the files/folders in the “C:\TEMP\AMW_Packages” location to get a clean start.

It then runs down a list of the utilities I need to get/update, and downloads them into the “C:\TEMP\AMW_Packages” folder using PowerShell. (I know! Cool!)

Then, there are some packages that have some fancy dynamic page tricks/EULA’s that make getting those binary files a bit of a hassle. Some of those I was able to work around with the PowerShell commands below. However others were not so cooperative. And that was OK.

So at the end of the BAT file, it calls a custom EXE called “a-BAT-IECall.exe”.  That file was a different PowerShell script block I came up with to open up all those “problem” site URL’s in a single Internet Explorer window session, each in a different tab; more on it in a bit.

The resulting automatically opened IE window allows me to review/download those “manually” as needed.  (I guess I could put it at the front so I could be manually downloading those as the script continues to run in the background. But this made sense to me. I also dropped some FYI URL pages as well there to remind me of some tricks I keep forgetting or to see if any new tools are available that I may want to add to my tool-kit.

Here is an abbreviated version of the BAT file “a-AMW_Package downloader.bat” contents. You should be able to get the gist of what I am doing and add more lines for other resources you may want/need.

:: Anti-Malware Response “Go-Kit” Downloader

:: Clean Up Download folder first

set folder="C:\Temp\AMW_Packages"
cd /d %folder%
for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q || del "%%i" /s/q)

:: Now Let's Get the Files!

:: Process Explorer
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/ProcessExplorer.zip', 'ProcessExplorer.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/ProcessExplorer.zip -OutFile C:\temp\AMW_Packages\ProcessExplorer.zip"

:: AutoRuns
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/Autoruns.zip', 'Autoruns.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/Autoruns.zip -OutFile C:\temp\AMW_Packages\Autoruns.zip"

:: Microsoft Safety Scanner & Malicious Software Removal Tool  (+ download others manually in a bit)
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://go.microsoft.com/fwlink/?LinkId=212732', 'msert.exe')"
powershell -Command "Invoke-WebRequest
http://go.microsoft.com/fwlink/?LinkId=212732 -OutFile C:\temp\AMW_Packages\msert.exe"

::And so on, and so forth for all the other tools as needed

:: Trend Micro Anti-Threat Toolkit  (download manually in a bit)
:: VIPRE Rescue (download manually in a bit)
:: AdwCleaner (download manually in a bit)
:: ComboFix (download manually in a bit)
:: Rootkit Buster - x86 - Trend Micro  (download manually in a bit)
:: System Explorer (download manually in a bit)

:: Misc Tools and Utilities (Now we fire up IE via a PowerShell script) so we can launch IE and the link URLs in tabs for manual download if we need them.

a-BAT-IECall.exe

Exit

Just add more of those download lines for all the tools you need as long as the URL download links are functional with this method.

So next, about that “a-BAT-IECall.exe”

This took a bit of creative work to generate.  There are other ways to launch IE in a standard BAT file, but it ended up opening each URL in a separate IE window that cluttered up my system, despite my best attempts. So this way worked perfectly, and because: PowerShell!

The PowerShell script that is the heart of the engine looks like this:

$ie = New-Object -ComObject InternetExplorer.Application
$ie.Navigate2("
http://systemexplorer.net/download.php")
$ie.Navigate2("http://www.vipreantivirus.com/live/",0x1000)
$ie.Navigate2("https://toolslib.net/downloads/viewdownload/1-adwcleaner/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/combofix/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/forums/t/403413/cannot-execute-exe-reg-regedit/",0x1000)
$ie.Navigate2("http://free.antivirus.com/us/rootkit-buster/index.html",0x1000)
$ie.Navigate2("http://www.microsoft.com/security/scanner/en-us/default.aspx",0x1000)
$ie.Navigate2("http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx",0x1000)
$ie.Navigate2("http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline",0x1000)
$ie.Navigate2("http://esupport.trendmicro.com/solution/en-us/1059509.aspx",0x1000)
$ie.Navigate2("http://support.kaspersky.com/viruses/utility",0x1000)
$ie.Navigate2("http://firesage.com/mbrwizard.php?x=4x",0x1000)
$ie.Navigate2("http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/rkill/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/unhide/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/windows/security-utilities/",0x1000)
$ie.Navigate2("http://support.microsoft.com/kb/299357",0x1000)
$ie.Visible = $true
stop-process $PID
#

Add/remove/change URLs accordingly.

To create the EXE version for this PowerShell script to include the call to in your main BAT file:

  1. Edit the PowerShell script block above to add/change/remove any URLs
  2. Save it somewhere for quick future re-editing.
  3. Launch the PowerGUI Script Editor.
  4. Create a new workspace tab.
  5. Copy those lines into it.
  6. From the menu bar select “Tools” then “Compile Script…”
  7. Select where you want to save it...should be same place as the “a-AMW_Package downloader.bat” BAT file…and what name you want to give it, for me I used “a-BAT-IECall.exe”
  8. I left the Target framework set at “Microsoft .NET Framework 4.0” for my system.
  9. I guess you could give it a cool custom icon if you wanted. I didn’t for now.
  10. Select “OK” and let it build!
  11. Close stuff out when done.
  12. Find/test! (see result below)

3kq2ba2q.oox

Now, when I want to update my IR package tools, I just fire off the main BAT file and away it rips, leaving me to manually download just a few packages myself -- if desired -- from IE.

Misc Notes and references.

I wasn’t aware until composing this post that the PowerGUI project appears to have been taken over by Dell: Welcome to the New Home of PowerGUI. OK.

I’m sure there are WAY BETTER ways to deal with this with Wget, PowerShell, BAT files, but this works and I learned a lot in the process. I’m open to recommendations/suggestions.

The PowerShell commands in the BAT file are pretty flexible.

powershell -Command "(New-Object Net.WebClient).DownloadFile('URL-path-for-binary.file', 'binary.file’)"
powershell -Command "Invoke-WebRequest
URL-path-for-binary-file -OutFile C:\temp\AMW_Packages\binary.file"

This one is straight forward with the pattern:

:: AutoRuns
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/Autoruns.zip', 'Autoruns.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/Autoruns.zip -OutFile C:\temp\AMW_Packages\Autoruns.zip"

I was able to make changes to some of the “binary.file” names to change the name as it got saved, and in some cases the URL path didn’t actually contain a binary.file name in the path but it still handled it OK. Once you have the format down you can experiment a bit. See below for one example:

:: Microsoft Safety Scanner & Malicious Software Removal Tool  (+ download others manually in a bit)
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://go.microsoft.com/fwlink/?LinkId=212732', 'msert.exe')"
powershell -Command "Invoke-WebRequest
http://go.microsoft.com/fwlink/?LinkId=212732 -OutFile C:\temp\AMW_Packages\msert.exe"

Here are the URL’s of many of the sites/tips I reviewed to get me to this stage, and a few that I wanted to do but couldn’t quite get to work like I wished.

Again, any tips, tricks or alternative suggestions would be appreciated!

Cheers!

--Claus V.

P.S. Microsoft has a number of tools for scanning/removing malware from a system.

Microsoft Malicious Software Removal Tool - This is on most all Windows systems as the MRT.EXE file. Type “MRT.exe” in the RUN bar and you will be off to the races (assuming Windows Updates are current, otherwise download the file manually above or effectiveness will be diminished.)

Then there is the heavy-duty version Microsoft Safety Scanner which gets updated every 10 days.

And, in my original post I mentioned the Microsoft Standalone System Sweeper from Microsoft that was available only via the Microsoft Connect site unless you went through a third-part download source. See this Utility Spotlight: Repair Your PC Infection from TechNet Magazine to get more info on it.

Working on the URL/Download location for this one led me to discover the Windows Defender Offline tool that may have replaced (?) the Microsoft Standalone System Sweeper.  This one is for most “modern” versions of Windows but if you are running Windows 8.1 you will need to jump to this Windows Defender Offline Beta build page.

--cv

Saturday, August 02, 2014

The Valca Layered Security Experiment

Some notes on the current layered security approach I’m using on my laptop (Win 7) as well as Lavie’s (Win 8.1).

I keep the Microsoft OS’s regularly patched with all available MS updates.

I am using Windows Firewall for ease of administration rather than one of the multitudes of alternative (and more feature packed) firewall solutions. It’s strange as I used to be pretty heavy into the alternative firewall thing around this blog in the past. WF works well enough.

I don’t run Shockwave or Air any more.

I update Flash, Java, and regularly run Qualys BrowserCheck and the Secunia Software Inspector to look for critical software updates for these common threat vectors.

I do still run Microsoft Security Essentials despite having tried Bitdefender Antivirus Free and AVG Free Antivirus. They did great but the whitelisting was a pain and less than smooth.

I run Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) just updated to the final public release 5.0 version. I take the defaults (for now). More info below.

I “inoculate” our systems against Crypto-type malware using CryptoPrevent from Foolish IT LLC.

Recently I ponied up the $ for a few lifetime licenses of Malwarebytes Premium anti-malware and Internet security software. The new 2.0 version still needs some polish but performance is great and Lavie gets so exited when her nightly scans come back clean. Not sure why. It plays wonderfully with MSSE.

Malwarebytes recently released a supportive product called Malwarebytes Anti-Exploit

It works by monitoring your system for zero-day exploits attacking your browser and other commonly found software. The free version just protects the web-browsers and Java, while the Premium version protects PDF readers, Microsoft office applications, medial players, and allows for creation of custom shields. It reminded be a bit of an old PCTools product (now retired) called ThreatFire. I’m not linking to it since it is old but you can search if you are curious.

I’ve not yet applied it to our “production” systems, but am running it on a Windows 7 Enterprise VM system that also has EMET 5.0 and AVG Free protection. Early alpha/beta versions did have conflicts with EMET but this public version seems to work fine with it. So far so stable. Once I am comfortable with it, I may try it on our primary laptops.

What else?

The HDD is “protected” with the last working version of TrueCrypt. Yes I know all about the drama.

As I have said, my primary concern is data loss from burglary or theft, less so from the multi-letter agencies.  When I get around to upgrading to a 1 TB SSD hard drive (prices please drop!) I may plunge in and do an upgrade to Windows 8.whatever at a level that would support Bitlocker so I could get off TrueCrypt. But that’s activity for a different day.

The take away here is that I’m keeping my systems updated and that I’ve layered the defenses. It’s become much more work than most standard users would do, but instead of fishing for a hobby, I sysadmin.

Cheers,

--Claus Valca

Footnotes:

Notes and Observations around the church-house

Lavie has been hard at work on her ongoing project to rebuild/re-imagine the church website.

As such, last weekend we dropped by while it was unoccupied and I shot close to 8 GB of RAW format photos for her to use on the site and in outreach materials.  It was a lot of fun.

Once that was done I set to work on their receptionist PC to start trying to understand the cause of the daily issues reported.

(see this post: grand stream dreams: Rough IT notes for those who are left to clean up…)

Turns out there was a lot going on, and over the course of about three days (popping in after work and between services) we got a lot accomplished.

It is an older Dell Vostro system but does run a quad-core CPU so it should have muscle for most standard office admin tasks and programs. But it didn’t.

The hard-drive is a 250 Gigger but had just 16 GB of free space left.  When I ran SpaceSniffer on it, it only found about 40 GB of files in use. That was odd.

My bad, I then logged out and on the system with an admin-level account. There we go.

Turns out there was a 152.4 GB single file on the drive. It looks like someone took an "image" of the PC in the past (Feb 2014) and I'm not sure why, but this one file was taking up over 1/2 of the entire drive. I also saw there were weekly backup job tasks scheduled for every Sunday. Those jobs seem to take up about 2.2 GB of space and there about 4-6 of them. They seem OK.

The image file could only be seen under an admin account and is located as follows;

"C:\Users\<userid>\windowsimagebackup\<pc-name>\Backup-<long string filename>.vhd"

No one I asked could tell me why or who captured a VHD backup image of the system, so it got deleted and the system could breath again.

Using the Win 7 Resource Monitor tool, it was using over 90% of the 2 GB system RAM constantly. I’m betting there was a lot of disk caching activity as well. This system can only support up to four 1 GB PC2 DDR sticks so a request was made to order a new set of RAM to max it out.

Something on the WSUS service is broken (updates are apparently managed via GP settings) as it said it had no updates available, but when I re-checked manually from Microsoft, it had over 150 updates waiting, back from a year ago to present.  That alone took an overnight, then two more multi-hour sessions to bring it up to a fully-patched security level. Sheesh.

IT also has a dual-video output card in it but the ladies are only using a single monitor. I’ve asked to see if we can’t dig up a second one for them. Fingers crossed! That should help with their productivity. Lavie says she hasn’t ever used a dual-monitor setup in any of her office admin jobs. Her first experience with that configuration was here at the house when I set her laptop up with a 2nd monitor for her to use when she was taking her Dreamweaver online course. She loved it and I hope she finds benefit in the workplace once deployed.

Oh, I quarantined their wireless mouse. It was in death-throes causing the system to lock up. I put a wired mouse on it for now and that alone fixed many of the apparent lockup issues they were having with their HID usage.

It’s not everything that still needs to be done, but it’s a start. One partially down, and about another 15 systems to go.

I was finally able to take an introductory look at the domain with AD Explorer and found a lot of “abandoned” accounts and systems. Need to load up the Remote Server Administration Tools for Windows 7 and Windows Servers (WindowsNetworking.com) so we can get cracking at disabling those accounts and systems for now and start to clean house.

Cheers,

Claus V.

Bargain Basement SysAdmin Link Sale!

It’s that time of the year again for Claus to unload all of the pending Sysadmin-related links that he’s been collecting.

Bear with me here…some of these are older than others and this is more of a link-dump then those posts that come with more commentary.

Think of it more like a “pop-up” edition without the actual pop-ups.

Actual SysAdmin Stuff

TinyApps bloggist recently thought I might be interested in a sysadmin-related site called System Administration Screencasts.

Indeed I was!  Though it mostly follows a *nix bent, there is lots of great material here. Most all of it is screen casting, however in most episodes a transcript can be found.  I’m working my way through these right now:

I really encourage you to also check out the About page as there are some great “recommended reading” links as well.

I’m particularly curious about The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps book to see if it can enhance the ITIL trainings I’ve already been to.

That also reminded me of this giant list of RSS feeds that the Standalone Sysadmin posts (with a OPML file for fast snagging) that TinyApps also shared with me in the past.

Oh, and one of my favorite miscellaneous sysadmin sites is the MoonPoint Support Weblog. I frequently find troubleshooting tidbits that are valuable. I also finally found the RSS feed for that weblog so now I can follow the postings much more easily.

Daniel Miessler’s blog is another of those sites that is a balance of tech, troubleshooting, and ponderings on deeper life stuff. I really appreciate all he posts and look forward to his frequent and new postings.

Mostly Microsoft & Active Directory Stuff

AD Info - Active Directory Reporting Tool - Ckwdev - free/$ versions - recently bumped to v 1.7.9. There are lots of other tools there as well but some of the most helpful might be AD Permissions Reporter, AD Info, and AD Tidy. Check out the software link for more info on those and many more.

Those reminded me of the Sysinternals tool AD Explorer which I love and use almost daily.  It hasn’t been updated since November 2012 but I guess it still does the job perfectly.

Weekend Scripter: Non-PowerShell Books for PowerShell People - Hey, Scripting Guy! Blog

New PowerShell Scripting Tools Released - The Deployment Guys

Windows PowerShell 4.0 Book and Guides from Microsoft - The Windows Club

Download Windows PowerShell 4.0 and Other Quick Reference Guides - Microsoft Download Center

Download Windows Management Framework 4.0 - Microsoft Download Center

Microsoft's USGCB Tech Blog - Aaron Margosis blogs here occasionally.

Utility and Software - New and Updated

Updates: Autoruns v12.0, Procdump v7.0 - Sysinternals Site Discussion

Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12 - Sysinternals Site Discussion

PassMark MemTest86 - $/free versions updated to 5.1.0 back in May (hat-tip to RMPrepUSB, Easy2Boot and USB booting)

Svchost Process Analyzer - Neuber software - free tool to check out the svchost.exe loaded processes. No install needed.

Moo0 File Monitor 1.11 - Moo0 software - interesting tool to monitor file access activities on your system. Spotted via this AddictiveTips blog post.  Note it  reminds me a bit of this great NirSoft tool FolderChangesView.

CCEnhancer 4.0 - SingularLabs - This one got some pretty big feature updates recently.

ImDisk Virtual Disk Driver - Version 1.8.4 released July 2014.  See also this project: ImDisk Toolkit - reboot.pro

dErase - Foolish IT LLC - free tool (now at v2.0) that does file/folder deletions with secure optional secure delete routines.  Ignores file system ownership/permissions when executing so use carefully! 

dBug - Foolish IT LLC - interesting tool to use when dealing with malware impacted systems. Basically it removes auto-start items and exe runs from know problem locations. This should allow killing of malware auto-loads which may prevent effective system cleaning. Once remediated, the tool can be re-run then puts the changes back in place.

Windows Troubleshooting Tools and Tips

Case of the Office Hang on Launch - chentiangemalc

Using Process Monitor (procmon) to Analyze Windows File Share Access (by Paul Offord) - LoveMyTool blog

Guide to Freeing up Disk Space under Windows 8.1 - Scott Hanselman

Fix .NET 4.5/ 4.5.1 issues with Microsoft .NET Framework Repair Tool 1.2 - BetaNews

Download Debug Diagnostic Tool v2 Update 1 - Microsoft Download Center

Download Debug Diagnostic Tool from Microsoft - The Windows Club (info)

VirtMemTest: a utility to exercise memory and other operations - Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog

Offline-Update: Get WSUS Content .NET Version 2.7 - Borns IT- und Windows-Blog (original language) and Google Translated link - This was a new “offline update” tool that I recently read about. You may want to see if the feature set it offers is better for your needs than other tools such as WSUS Offline Update (still my favorite), WHDownloader, Portable Update, or Windows Updates Downloader (WUD).

Install Windows 8.1 from a USB stick with WinSetupFromUSB - 4sysops

The 12 step process to download Microsoft SQL Server Express 2014 - istartedsomething

Download SQL Server Express - Scott Hanselman

Download Visual Studio Express - Scott Hanselman

Booting Windows8.1ToGo from a USB Flash drive - RMPrepUSB, Easy2Boot and USB booting...:

Windows Performance Monitor Overview - Ask the Performance Team

Available for pre-order: Windows Performance Analysis Field Guide - Clint Huffman's Windows Troubleshooting in the Field Blog

Email Stuff

Mailviewer Opens Old Outlook, Thunderbird, and Windows Live Emails - Lifehacker

Mail Viewer - MiTeC homepage

PST Viewer - Kernel Data Recovery

OST Viewer - Kernel Data Recovery

Web-related Stuff

Advanced Gmail Filters to Manage Your Email Messages - Digital Inspiration

Browser plugin to highlight and copy text from any image - Tinyapps.org points us to the fun Project Naptha

For Internet Explorer 11 users, no update now means no security fixes - Ars Technica

Determining the default browser from the command line - MoonPoint Support Weblog

Moving from GoDaddy to DNSimple – an illustrated journey - Troy Hunt amuses and entertains again.

I Know Where Your Cat Lives - Project page - Scary - More project information here.

Enough lest we break the Interwebs…

Cheers!

--Claus Valca

Saturn ION Notes

It’s hard to believe but I’m still driving my 2003 Saturn Ion.

Mileage on the 5-speed manual is around 32 mpg.  Not too bad.

It has started to develop it’s own curious issues that will need to be address. Here’s a list for the curious and to help me check them off.

The headliner is still tight as a drum but due to heat and age, when Alvis would brush her fingers against it stretching in the back seat, the fibers would immediately fall out of the backing leaving permanent lawn-mowing marks in it. And when loading large items such as boxes in the car, if a corner or edge hits the headliner, it will tear.  Fortunately, those are pretty small and it doesn’t need to be replaced, yet.

About two years ago I started to think the A/C was going out (needing a charge) but being too busy (and cheap) I just lived with it.  This summer has been pretty warm and somewhere I got a flash of insight and remembered reading the Ion had cabin air-filter.  I found it behind the glove box and when I pulled it out it was black as night. I think it was the OEM filter from 2003. Seriously.  The local auto-parts store had a replacement so I swapped them out and now the A/C is ice-cold again.  I guess the filter needs to breath to get the coldness to me!  (The eureka moment was realizing the air-volume from the registers was dropping…that meant blockage which led me to remember about the cabin filter.)

The A/C does make a click-like noise for a while when I press the air recirculation button on the A/C control panel.  Some times it goes away and other times it doesn’t. That needs more investigation (stuck recirculation door?). Luckily with the cabin filter changed out, the A/C is able to keep up with the heat without needing the recirculation turned on.

Yes…I do hear there is a rumor about the Saturn Ion ignition switch being recalled.  I’ve gotten my notice and now have to schedule an appointment for service. I’m removing all my other keys from the ignition key as recommended. I noticed the key itself is very worn (but still works) compared to the spare that sits unused on the kitchen pass-through “bar”.  My worn key no longer operates the driver/passenger door locks but the “new” key still will.

That leads to the next “major” minor issue…the door locks and driver/passenger windows.

I can lower both the electric windows for the driver/passenger side but about 1/3 of they way down they seem to hit something and make a loud crack that sound like hard plastic. You immediately suspect the glass is about to shatter but it doesn’t (yet). It is a bit disconcerting however.  It first started happening soon after our past winter deep ices and freezes. The rear windows operate with no sounds or issues.

Two other things lead me to think something ( a linkage?) has become disconnected.  Locking/unlocking the passenger/driver door locks with the “good” key don’t do anything. The lock cylinder turns just fine but the door doesn’t actually mechanically lock/unlock.  Fortunately the key fob still electrically locks/unlocks the doors so there is that. But that could eventually cause an access issue. Also, when the driver side window is about 1/2 way lowered, you can’t unlock the door. I dropped an access card one day and when I went to open my door to pick it up from the ground, I couldn’t get the door unlocked to open. The manual latch moved 1/2 way but it wasn’t enough. Putting up the window allowed the door to unlock/lock again.  Hmmm.  It’s too hot to pull the door panels off just yet but I may chicken out and take it to the mechanic.  Unless those door locks get replaced in the recall…then I will let the service dept deal with it.

I’ve not been able to locate any good documentation on the web for the door lock linkage to see where the problem might be at before tearing into the door panels.

What else?

This one is the best!

Every winter, there are times when I get up early in the morning, temperature is around 32-50 degrees Fahrenheit and when I go to turn the ignition to start the car…nothing.  However the lights seem to be bright and strong.  About the third crank attempt after waiting 10-20 minutes it turns right over good as ever.  I thought it was the battery and cold cranking amp rating but the battery shop tested it and said it was just fine.  Hmm. So each morning on cold winters it was a crap-shoot if the car would start or not. It happened frequently enough that I knew it wasn’t a “dead in the water” issue, but with patience, it would work on the third crank after waiting about 5-7 minutes before tries.

Eventually I discovered this site, and this is a known headache to many, many Saturn owners who (like me) thought they were going crazy. It’s the “Passlock” issue.

Now this is something I am too chicken to take on so this will be a mechanic trip for sure, unless the the ignition switch recall/replacement does the trick.

Other things.

The “outer window belt moulding” on all the window trim is shruken up and rippled. That will need to be replaced.

The clear headlight assemblies are starting to get clouded. I’ve done some cheap re-treatment (polish) work on them that helps for a while, but I should be able to replace both of them for about $100 so that’s on the list.

I may need to have the front end rubber bushings replaced (if we can find some). They have shrunken a bit and while not a safety or control issue, have just enough play to clunk a bit over very uneven surfaces at low speed (like railroad tracks).

I think that pretty much covers the list at the moment.

Small list indeed…

--Claus Valca

Time to own a Broadband Modem of my own? - Pt 2

It was over a year ago that I started considering purchasing my own DOCSIS modem.

grand stream dreams: Time to own a Broadband Modem of my own?

Since that time a lot of things have changed in the Valca household, but I still haven’t addressed this issue.

I am paying about $4/mo (x2) = $8/mo for two digital to analog signal converter boxes from Comcast that we don’t use now that we have pared the house down to two TV’s, each having their own HD receiver units.

That’s a waste of money.

I also need to take a trip to AT&T Wireless to remove Alvis’s iPhone from our account now that we just crossed the 2 year contract line and it can be dropped without a fee charge. (It is going to Lavie’s dad.)

So the DOCSIS modem we also rent each month from Comcast now is running on limited time.

The “good” thing is that is is an older “non-WiFi” supported model so we don’t have to feed the neighbors/guests with an Xfinity hot-spot.  Yes we can turn off that feature were it to be available, but right now, WiFi signal scans of the neighborhood appear to find that the area is already well covered by others with that service.

So, my goal is to try to address this by the Fall.

Cheers,

--Claus V.

Oracle Virtual Box 4.3.14 Update Travails!

On my home system I run the following virtualization software packages.

So when I saw that Oracle had released a new version of their Virtual Box (4.3.14) that had some nice new features, I naturally went on and applied the update.

VirtualBox 4.3.14 adds Blu-ray support for Mac hosts, squashes more bugs - BetaNews

However, it crashed on relaunch once the updating was done. Never even loaded the VM management console.

I uninstalled/repaired/reloaded multiple times, disabled all kinds of security layer software. No luck.

After about 2 hours of wasted troubleshooting time I bailed and decided to come back a few days later.

That session began with some web-searching and guess what? This build has all kinds of issues!

Failed to verify process integrity (rc=-5640) - virtualbox.org forums (what my error looked like)

Windows hardening in version 4.3.14 - virtualbox.org forums. From that link:

As of version 4.3.14, VirtualBox for Windows has hardened security to eliminate a possible exploit that could allow malicious user/s to have access to your system. This has triggered an issue where some Windows users can not install or run their guests. At this time it seems to be 3rd party apps that are causing this, like virus scanners and sandboxing software.

4.3.14 conflicts with anti-virus packages - virtualbox.org forums. This is the main issue discussion and monitoring thread.

At the time of this blog post, Oracle has release a tweaked version 4.3.15 (build 95286). See the thread link above for the URL as it may update again and that should provide the most current download package available.

In my case, I had to roll back to my previous 4.3.12 r93733 build and all my Virtual Box VM’s are running just fine like before. So I’m waiting until the FINAL fix is provided before redoing this again.

In related VM linkage, here are some more tidbits you might find useful:

And, you would know, VMware also released an update to their VMware Player (version 6.0.3)

Unlike Oracle’s package, this one went on and ran with no issues at all.

At least there’s that…

Cheers!

--Claus V.

An Inky Issue

A few weeks ago Lavie’s attempt to subsidize the economic recovery of HP by printing every web-page possible off the church’s sadly broken (and per her audit) and miscoded website met a roadblock.

Our generally reliable HP Photosmart C6280 printer was throwing a cryptic error message.

HP ink system failure 0xc18a0106

Reboots and restarts of the device didn’t help. Nor did reseating all the ink cartridges.

A web-search came out with loads of folks who have also been stymied by this event.

I followed a number of links and eventually arrived at some guides that described how to access the technician’s sub-menu of the device.

Ink System Failure Error on HP Printers – The Lost Documentation

You will find all kinds of dire warnings for consumers to not be fiddling around and blindly making actions in this area as terribly bad and devastating things can occur with your printer.

HP Photosmart C8180 and C6280 Secret Menu – The Lost Documentation

No matter, I’m a sysadmin/technician and thus have no qualms about fiddling around and blindly making actions in obscure control panels and low-level setting menus!

Eventually I was able to clear enough of the error items via this menu to get it restored to functionality.

I did notice that the brand-new cyan cartridge it was originally complaining about showed 1/2 full status after all was said and done. As I understand it, that could be because of a low filled ink unit (unlikely) or somehow the device was reading the old cart data and applied it to the new cart when it was put in while troubleshooting the earlier issue.  And we had a similar issue with our yellow cart suddenly dropping volume significantly as well…despite no printing.

HP brand printer ink is very expensive. That’s the game. And as I’m not sure that the issues have truly been resolved, I’ve asked Lavie to order the next round of replacement ink we need from this third-party location. This isn’t to be seen as any form of GSD blog endorsement…yet…more like a bat-signal in Gotham in case anyone has any feedback they might like to leave regarding third-party printer ink sourcing.

LD Remanufactured Cartridges for HP 02 Ink - LD Products

Normally we spend about $20 for a black cartridge and $55 for a 5-pack of the HP 02 color set package. That’s about $75 for a full single-set of all the cartridges needed.

LD Products offers us x3 black ink units and x2 of the color units for 1/2 the price of a single HP set.

For draft-level printing (we rarely do photo-quality printing though it does happen occasionally) that seems like a pretty good deal for the type of printing Lavie does.

It’s much cheaper and if the printer is really on the way out, then it will be less of an experimental loss than were we to buy the HP ink and have to toss them if the printer was replaced and we couldn’t find a compatible unit.

I’ll let you know our results with the product when it comes in.

Cheers!

--Claus V.

Doubled Network Speed - x2 speed posting?

Advertisements have been running all month from Comcast/Xfinity on our area media announcing a speed double-up for their broadband subscribers.

Dwight Silverman at the Chronicle’s TechBlog blog posted an announcement Thursday that he was seeing indications the switch had been flipped.

Comcast doubling speeds in Houston . . . again [Updated] - TechBlog

I saw the post Thursday at work but was too tired to check when I got home.

Friday night was the same; speed same but too tired to do anything about it.

This morning refreshed with good sleep, good coffee and fresh made streusel muffins, I rebooted our cable (DOCSIS) modem while Lavie was still sleeping and saw the speed jump.

Before we were averaging in the 35-45 Mbps range.

Today we are averaging in the 105- 120 Mbps range.

via - http://www.speedtest.net/

l250aujs.mry

via - http://speedtest.comcast.net/

5grobkjd.25z

Note this is on the wired network connection, speed on our iPhones/iPad remained in the low 30 Mbps range due to WiFi type (802.11a/b/g/n) limitations. 

Because I typically work off my laptop in our study/laundry room where our router is located, I plug it into the wired connect for better network performance than WiFi alone.

So what I did was finally reconfigure our D-Link DL-655 router settings from using a mixed 802.11n and 802.11g mode to use 802.11n mode only. I also had to adjust the security mode to use AES only for the Cipher Type as it would not run “n” with the “TKIP & AES” setting I had been using. Lastly, I set the Channel Width from Auto 20/40 MHz to 40 MHz only. Firmware is current at 1.37 for our “A” Firmware type on this device’s hardware run. Alas, it only supports a 2.4 GHz band and no options for a 5GHz band usage.

While the DIR-655 isn’t the newest or most flexible WiFi router now out there in the market, it has delivered consistent performance to me and all of our friends & family who have picked one up on my recommendation. I’ve really not yet fully taken advantage of all the options and features it offers so we still have some room to grow before I have to consider maybe a 802.11ac level router. Of course, I would need to have the hardware to support that and right now our iDevices and laptops don’t so there isn’t any rush.

I’ll  have to see if that “broke” any of our WiFi devices, but I think likely not. I did have to reboot each of the wireless devices after saving my router changes and rebooting the router.

After all the router WiFi tweaks I’m now getting in the mid 40 Mbps download range on the iPhone so I guess that is some measure of improvement.

Cheers,

--Claus V.