Tuesday, July 28, 2015

Sysadmin Link Seventh-Inning Stretch

Here are some tips and tricks for the sysadmin crowd.

While doing a project on a Win 7 laptop cleanup, I was looking for an automated way to clean off all the inactive/unused Windows user profiles. Sure I could have gone into the advanced settings and removed the account profiles manually. But a command-line tool would have been helpful.

I re-found the Delprof2 - User Profile Deletion Tool provided by Helge Klein. It worked as advertised. The first pass I used it it could not delete one local profile for some reason. Turns out that some software that had been installed was still running as service under that account. After I had deleted the software and rebooted, the tool then worked to remove that remaining account. Free for private, non-profit org, or educational org use. Otherwise requires a commercial license purchase.

More Tips and Tricks

Smartphone-Friendly Conference Bridge URL Formatting

One of my biggest frustrations with conference call invites is receiving one when I am in the field and having to join via smart-phone. The meeting reminder comes up with the main dial-in number, but then I have to try to switch back-and-forth to find, note, and enter the actual bridge #.

So I found a standard formatting that can be included/used for one-click use in both calling the main # and then auto-entering the bridge number.  Please folks! start adding this to your meeting invites!

The basic format is thus:

tel:12345678,,100200#
join 100200 conference code on the conference line 12345678 on most of the newer devices

Malware Anti-Exploit Update

Malwarebytes Anti-Exploit - Version 1.07.1.1015 was released. From the setup installer’s change notes:

Malwarebytes Anti-Exploit 1.07.1.1015

New Features:
• Added new Layer0 exploit mitigations for IE VB scripting
• Added new Layer1 exploit mitigations for ROP detection
• Added new Layer3 exploit mitigations for Powershell abuse
• Added telemetry from Firefox
• Added ability to edit custom shields
• Added ability to log protection events to UI
• Added ability to auto-upgrade corporate builds
• Added support for Windows 10
• Added blacklisting of pirated and fraudulent license keys

Improvements:
• Improved Java shield in corporate environments
• Improved exploit telemetry
• Removed duplicate default shields for portable browsers
• Removed "shielded applications" counter from UI

Fixes:
• Fixed issue when printing to Adobe PDF
• Fixed issue with Speedbit Download Accelerator
• Fixed issue with plugins from PowerDVD and GAS Tecnologia
• Fixed issue with nProtect GameGuard Anti-Cheat
• Fixed issue with certain exclusions not respected
• Fixed issue with Knowledge Coach Office Add-In
• Fixed issue with false positive from IE
• Fixed issue with Foxit Reader startup
• Fixed issue with Excel PowerQuery
• Fixed issue with Excel DEP Enforcement
• Fixed issue with IE VB scripting block
• Fixed issue with Chrome crashes

Techniques for adding “Open Command Prompt Here” &/or “Elevated” to the Windows Explorer Shell Menu

Windows 8/8.1/10 have an option to allow you to open both a Command Prompt or Elevated Command Prompt window from the start menu.

You can also right-click a folder or white-space and open a command window. However you likely won’t be able to open an elevated one easily.

There are a number of ways you can modify the registry to create some optional Explorer shell menu items. And you can do some clever keyboard/copy/paste tricks as well in the default Windows GUI.

In the end I found and went with this utility on my personal systems.

Here are a few more options:

On my own system I don’t mind using a utility to make the changes needed, but if you really need the feature and are authorized to make the changes, “manually” setting the feature via RegEdit works well. The benefit of that method is that you “know” what changes are being made and how to remove/regress them if required.

Windows Critical Out of Band Security Patch Released

Yes…late again…but better late than…well, you know.

Cheers!

Claus Valca

No comments: