Sunday, November 27, 2011

Microsoft Tools and Software Stuff

Fear not, I’ve got a real deep pile of linkage for all kinds of tools, utilities, and software/freeware fun.

Got to start digging somewhere so today’s post will be Microsoft centric.

Updates: release of The Windows Sysinternals Administrator's Reference, Process Explorer v15, Listdlls v3.1, new utility Findlinks v1, and Mark to Speak at Black Hat US 2011 - Sysinternals Site Discussion

Process Explorer v15: This major update to Process Explorer, a powerful tool for inspecting and controlling processes, threads, loaded DLLs, and more, adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs.

Process Explorer 15 adds GPU monitoring - BetaNews - Good overview of some of the changes in the latest iteration of Process Explorer. One of the biggest complaints for the original version was that when minimized to the system tray, the graph-on-grey standard color was horrible to see and a backlash resulted in the forums.

Updates: Process Explorer v15.01 and TCPView v3.05 - Sysinternals Site Discussion - Fortunately Mark Russinovich heard the pleas and quickly came out with an incremental update that allows for custom setting of the graph colors.

Troubleshooting with the New Sysinternals Administrator’s Reference - Mark's Blog. hard to believe but until this release there hasn’t been an “official” MS guidebook to the Sysinternals tools. That oversight is now resolved.

ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.

Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.

Mark’s Blog: The Case of the Hung Game Launcher: Read Mark’s latest blog post where he uses the Sysinternals utilities to solve a problem he ran into one Sunday morning when trying to play a computer game.

Zero Day Malware Cleaning with the Sysinternals Tools (link to PDF): Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

Coreinfo v3: Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies.  It now shows the processor features supported by the system’s processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.

SDelete v1.6: SDelete, a command-line utility for securely deleting files and zeroing volume free space, fixes a bug that prevented it from accessing some files on 64-bit Windows and swaps the zero-free-space and clean-free-space arguments to make them more intuitive.

Process Explorer v15.04: This release fixes several minor bugs, including a tooltip display bug and one that could result in a miscalculation of CPU usage on Windows 7 in the refresh immediately following the termination of a CPU-intensive process

Autoruns v11: This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.

Coming Soon: PST Capture Tool - Exchange Team Blog

This new tool, PST Capture, will be downloadable and free, and will enable you to discover .pst files on your network and then import them into both Exchange Online (in Office 365) and Exchange Server 2010 on-premises. PST Capture will be available later this year. It doesn’t replace the New-MailboxImportRequest cmdlet that exists already for importing known .pst files into Exchange Server, but instead works in parallel to enable you to embark on a systematic search and destroy mission to rid yourself of the dreaded .pst scourge <*pirate growl*>.

PST Viewer - Free tool to open and view content of PST files without MS Outlook - Kernel Data Recovery - I had the opportunity to try out this awesome tool recently. A user’s NTFS HDD had borked out. While I was able to successfully recover all of their personal file data off the drive, their PST file appeared to have Microsoft Camera Codec Pack offers RAW support in Windows | HD Viewbeen lost.  I was able to use TestDisk - CGSecurity on a filtered PST file carving of the drive to locate and save more than a few PST files. PST Viewer allowed me to quickly assess the contents of each one until I was certain I had the correct ones needed and could ignore the others, all without having to go through the process of attaching each one to a running Outlook client as a data-file. It was a major time-saver.  More in this post Gave up Microsoft Outlook but need your PST file? There's an app for that - BetaNews.

Bit of old new now, but RAW file support now available in Photo Gallery and Windows 7.

Microsoft Live Essentials got some more updates quite a while ago:

Microsoft updates Windows Live Essentials 2011 -- get it now! - BetaNews

Coming this week: an update to Windows Live Essentials 2011 - Inside Windows Live

In addition to changes that improve performance and quality of service, the update also includes full support for SSL in Windows Live Mail, and the latest Bing bar. Here are a few of things we think you’ll find the most interesting:

  • Mail: We fixed a sorting issue in the Sent items folder and improved the upload reliability and instrumentation in Photo mail.
  • Messenger: We fixed a couple of stability issues and made various changes for improved voice and video quality. We fixed an issue that was causing sound to be lost after upgrading, and we improved performance when displaying the MSN Today page in the main window.
  • Photo Gallery: We implemented various bug fixes for crashes related to launching Photo Gallery through Autoplay and facial recognition.
  • And more: We made many other usability, performance, and stability improvements across the suite of Windows Live Essentials apps.

While I find that the stock calculator in Windows 7 does pretty well for my needs, I prefer using SpeedCrunch Portable (PortableApps.com) for rechecking my calculation jobs (which really aren’t that sophisticated), particularly with it’s input history feature.

I was excited then when I found a CyberNet News review post pointing out the availability of the free Microsoft Mathematics 4.0 application.  Turns out this baby can not only handle complex math functions, it also includes a graphing calculator, triangle solver, unit conversion tool, as well as an extensive formulas and equations library.  Really cool stuff.

Related alternatives:

RedCrab - The Calculator - freeware - super-featured and intuitive complex scientific calculator program. Portable.

Converber Portable - PortableApps.com - Freeware super-featured unit converter application.

Cheers!

--Claus V.

Saturday, November 26, 2011

Just Pondering because I’ve probably eaten too much turkey…

We use iTunes in our home. Yes, I’ve considered other options for both iTunes-like song managers/players as well as pay-for-media sources. All have their pro and con.  In the end it just seems to be the best solution for us.  Relatives can pick up iTunes gift cards for the girl, there is a wide selection of tune-age and videos, and it generally works fine.  Not to mention support for all the iPod devices we seem to have collected over the years.

However this post really isn’t about that, more about some issues folks have been encountering regarding their iTunes accounts.

Since we use iTunes gift cards as our music tender, it isn’t really a high $ target to watch for. Generally the card gets redeemed and spent almost immediately with a $1 or less balance left on the account at any given time.

I do keep a sensitive ear on the webs for security related matters and when this post showed up many months ago I did pay attention:

I got hacked on iTunes -- Ed Oswald - BetaNews.

Long post shortened, Ed discovered someone, somehow, had managed to raid his Pay Pal and iTunes accounts with some fraudulent charges.  Ed insisted he maintained good protection on his accounts.

That post was followed up by iTunes hack widespread, and Apple appears to know about it also by Ed.

More feedback was that others were also encountering this problem, including those with with a gift-card balance on their account.  Meet three people ripped off by iTunes fraud ring - Ed Oswald

After that brief flurry of posts and coverage, the issue seems to have spun-down. Either the problem was resolved or the web’s attention moved on to other things.

That probably would have been the end of things, with these posts getting filed into my bookmark cellar and a lesson learned to watch both my email and the sub $1 gift card balance on our iTunes store account (so far no issues), except this post showed up a few months later from Scott Hanselman.

Welcome to the Cloud - "Your Apple ID has been disabled."  - Scott Hanselman’s Computer Zen

I found this notable for two reasons, first it came on the heels (related or not) to the prior issues Ed Oswald had posted on, and secondly, Scott is one of those Windows guru’s who “gets it” and according to his post, he seemed to have not left himself in a position for this to easily been a victim of.

And then Scott does a follow-up post that made keeping this on my radar worthwhile:

A suggested improved customer interaction with the Apple Store (and Cloud Services in general) - Scott Hanselman’s Computer Zen

Rather than just dwelling on the attack vector, consequence, and complaining in general, Scott one-ups the situation by taking a thoughtful look on how iTunes notified him of the issue, and suggestions for notification improvement.  Quoting Scott from that post…

I expect my cloud services to let me know in a way that escalates appropriately with the threat when something that doesn't' match my patterns happens.

The meta-points are
  • The Cloud(s) and all its services are protected only by our passwords and the most basic of fraud systems.
  • Cloud services are totally centralized, which makes them a big target, but they have activity information about what we're doing online that isn't being utilized to keep us safe.
  • We, the Users, need to demand better, more secure interactions from the cloud vendors that we put our trust in.
  • It sucks to lose access to your cloud data.

Well said.

Scott is still soliciting feedback from others with the Apple account issue at "My Apple ID has been Disabled" on Tumblr but it doesn’t look like it has been very active for a number of months.

I haven’t been able to find if these Apple account hack events were isolated or if there was some root-cause that was discovered and resolved.  We may never know.

On a probably only tangentially-related note, I was discussing with Dad how we rely on on-line bill-paying for most of our bill payments, banking, and insurance account management. Heck, even at work most all of our HR interaction is done “on-line”. I don’t believe we have had a “brick-n-mortar” HR department for many years.  Dad is “old-school” and while quite comfortable with on-line computing, still refuses to do on-line banking/bill-pay.  The USPS loves him.

I’ve noticed that for every on-line account service we interact with, they all seem to have large splash-screens at log-on requesting “paperless billing” enrollment.  Probably saves on a ton of costs and is marketed as being more convenient and more secure (avoid id theft from sticky fingers pulling bill/account info out of the mailbox).

At the same time, I noticed this USPS add running the past few weeks:

In it the USPS describes the security benefits of the mail system to communicate with customers and how its inherently safer than the Internet with statements such as

  • “A refrigerator has never been hacked,”
  • “An online virus has never attacked a corkboard.”
  • “Give your customers the added feeling of security a printed statement or receipt provides. It’s good for your business. And even better for your customers.”

I’m all for the USPS and their dedicated carriers, and overall it’s a good communication medium.  And yes, they have some revenue challenges as the Net continues to be relied on more by subsequent generations of communicators.  At the same time, we use a locked postal box and have two shredders in the house to deal with secure-shredding as those items go from the secure “refrigerator and corkboard” to the trash system.

Point is, it seems to be that either in the “cloud” or via the “snail” system data/account information has its own attack vectors and neither is inherently any more safer than the other. Hackers can break into corporate systems and accounts can be compromised with poor IT security and end-user account safeguards, regardless if the billing “method” is paperless in the cloud or papered through the USPS.  Likewise, business and users can lock down on-line accounts for customers who can secure them with rock-solid safeguards, but someone can still steal a periodic paper communications from a mailbox (or trashcan) and walk out the door and commit theft (if it even makes it to the mailbox).

Neither is a solution in-of-itself.

Probably the best protection? As Mad Eye would say, “Constant Vigilance!”

And the battle for cost cutting and revenue generation wages on…with security as the forefront selling point.

…like I said..just pondering.

Claus V.

Quick Web Screen Grabs

One of the processes we have in the shop is to archive a series of network graphs for various URL locations that are created in a specialized MRTG - Multi Router Traffic Grapher deployment.

Once the web-page screen shots with the graphs are each captured, they are combined into a single Word document for that day which is then archived for historical reference and distribution to management.

The result is the daily tasking of an analyst for about an hour clicking through a large Excel table that contains each of the URL links, grabbing a screen shot, pasting it into the Word document, then moving on to the next URL.

This has been going on for some time and unfortunately, the madness of my other projects has kept me from turning my attention onto addressing it for a more efficient process.

Last week was a bit lighter at my workbench so I could consider the issue for a few minutes.

It took me about five minutes to come locate the free command-line tool IECapt - A Internet Explorer Web Page Rendering Capture Utility coded by Björn Höhrmann.

It’s just 102 kB unpacked and though it requires the gdiplus.dll, I had no problem finding that file already present on our XP Pro systems (and about fifteen others in various portable utility program folders on my own system).

My solution for this daily task was very simple.

I created a folder “C:\graphdumps” and copied both the IECapt.exe and (for good measure a gdiplus.dll I had on my system) into it.

I then created a batch file that had a line for each of the separate MRTG page URL’s we need to access.  In my case I had approximately 50 or so URLS each on their own line.

As an example, each line in the batch file has something along the following (all on a single line):

IECapt --url=http://www.uhcougars.com/ --out=GoCougs.jpg --min-width=800 --delay=5 --silent

I also choose an simple output filename for each URL line that was clearly indicative of the logical location each URL represented.

For now, I’m outputting as a jpg file format for maximum compatibility with the folks who would receive the final file, however IECapt supports a number of output formats such as .png, bmp, jpeg, emf, and probably a few other formats not listed in the help.  I like the idea of using a PNG format instead and may do some comparisons between the two formats moving forward.

I did have one “gotcha” I had to overcome first.

Every time I ran the batch file, I would get an output error unable to generate the thumbnail image.

I checked around and found this forum post IECapt does not work when --url contains a query string which did seem to confirm the issue was that the URL’s I was using in my batch file contained query strings.  I didn’t really like the options (recode the program or use a url-shorting service).  On a hunch I wondered what would happen if I encapsulated the URL parameter in double-quotes.

It worked perfectly.  So for example, each line in my batch file was now changed to add the “  “ accordingly.  It now looked more like the following on a single line.

IECapt --url=”http://weather.chron.com/radar/station.asp?ID=HGX19&NOHEADER=1#MAPZOOM” --out=radar.jpg --min-width=800 --delay=5 --silent

My test run of the batch-file took just under 1.5 minutes to complete the pulling and saving of all the pages.  I then opened up a blank Word document, selected all the output jpg files that had just been generated in my folder, and dragged/dropped them into the Word doc.  I then saved it with the daily file name and was done. From about 60 minutes of dreary click-saving URLs to under 2 minutes of mostly-automated grabbing and pasting. Sweet.

Now if I could just find a way to automatically import these images into a templated Word/RTF format document (with images embedded not linked) I will be set.  I’ve looked at “mail-merging images” into Word but I’m not sold yet on the process. There should be an easier way to just pipe the output into an RTF “word pad” document but I haven’t figured that out yet.  This way alone is a big improvement so for now a little drag/drop into Word isn’t a deal-breaker.  Thoughts/suggestions?

Additional notes:

I considered using the robust freeware tool SiteShoter by Nir Sofer.  It supports both a GUI and a CLI mode and is pretty sophisticated. However, for this application, IECapt worked perfectly and is dead-trim. SiteShoter can read out URL’s from a text file to act on, so SiteShoter is a different technique that could be better in some circumstances.

How to automatically capture images of a series of web sites and create thumbnails of the resulting image files. - Post by Paul Bradley that put me onto IECapt and how easy the CLI is to use.

Remembering to actually stop what we are in the middle of doing (especially annoying in the middle of a meeting) when the established URL capture hour comes around is quite challenging as well. More than a few days the designated team-member has forgotten and had to run the captures a few hours later.  Because this process uses a batch-file, one can easily set the batch-file to execute as a scheduled task automatically when the capture-hour occurs.  Then (as long as the system is running) we can come back later that afternoon and assemble the archive document from the jpg’s that were automatically generated. Super-sweet.

Cheers!

Claus V.

Saturday, November 12, 2011

Mostly ISO burning

This week I had a comment left on an older post requesting assistance with burning an ISO using Windows XP.

I guess I just take ISO burning (and other ISO actions) as such a simple a task that I don’t even give it any thought.

I also take it for granted that I can reach into my 7.5 GB deep collection of tools and utilities and always count on finding the right tool for the task at hand.

It has been quite a while since my last ISO-burning specific post, so I thought I would revisit things and warm up my blogging skills which have been quite rusty of late.

I went though that post and my collection of semi-dedicated ISO burning tools and pending bookmarks to come up with a few new lists.

Below is a collection of free software tools that are primarily very ISO burning centric. Some can do some other things as well but they all are pretty much “select your ISO file, select your hardware burner, burn it.”  These are perfect for the occasion quick “one-off” ISO burn duty. I believe they are all (well except for the first one) “portable” in operation assuming the system you are running them on supports any dependencies (ie. .NET).

  • Burn ISO Images Natively in Windows 7 - Got Windows 7? Then you have ISO burning support baked in!
  • BurnCDCC - This TeraByte Unlimited tool is my #1 go-to tool for one-off burns of CD/DVD ISO files. Period.  It is that simple and that good.  Single 144 kB exe file.
  • BURNISO - from Dirk Paehl is a nice a direct ISO burning tool.
  • Free ISO Burner - Another nice ISO-burning centric tool. I like this one in that it is a single exe file (802 kB).
  • Active ISO Burner - This tool has a few additional tricks up its sleeve so if you need a bit more control for burning options, you may want to take a look at this one; write ISO image to CD,DVD,CD-RW,CDR,DVD-RW.
  • 7Burn - RCPsoft.net tool gets a bit more “complicated” again in that it not only easily allows you to burn an ISO to a disk, but also files/folders and limited audio disk support. It also supports burning to Blu-ray media. It does require .NET be present. While it is a single exe file, the size on this one is a heavier 3.67 MB.
  • Free DVD ISO Burner - Minidvdsoft product. Similar to others here.
  • ISOBURN - another, simpler ISO burning tool from Dirk Paehl.
  • Astroburn Lite - Free (non-commercial use only) tool to burn CD/DVDs. (I see this one recommended often in comments for other CD/ISO burning posts so I’m sharing it here. I haven’t used it yet. YMMV)

These next free tools are much more comprehensive in disk burning options. Yes, they can still handle ISO burning, but have a lot more bells and whistles.  While they can handle one-off ISO burns, they are probably better suited for heavier ISO building/burning duties.

  • The Official ImgBurn Website - Love this tool!  It does all my heavier lifting for ISO burning (when I am burning multiple copies) as well as building ISO files from files/folders/optical media disks. Super awesome and updated often.
  • StarBurn Free - This is a very full featured burning tool that comes in both free, $, and portable (I recommend that one) versions. The interface is a bit more “geeky” and if you don’t work too much with burning actions and options,you might get lost. However if you do, you will appreciate the way the actions have been arranged. The built in themes and skins help give it a polished and system-integrated look as well.
  • InfraRecorder - Another popular burning system that comes in portable versions for both x32 and x64 versions.
  • DeepBurner Free Portable - While lacking some of the advance features of the “Pro” ($) version, it is a dependable and well-featured program.
  • AmoK CD/DVD Burning 1.10 - Dirk Paehl’s name arises again in this multi-feature CD/DVD burning tool.  Supports skins so you can create a burner with attitude if that is your thing.
  • CDBurnerXP - I used to use this burning suite on my home XP systems but since ImgBurn, I haven’t looked back. That said it remains popular with many users. I go with the “portable version” on the download page.  FWIW: be aware that the third-party advertising app “OpenCandy” does come bundled with some download versions of this program (CDBurnerXP • View topic - New version: 4.3.7 and OpenCandy). Check out the Downloads page carefully and you can find/select a installer version without OpenCandy if  you want.  I went with the x64 portable version and didn’t have any OC issues.  See this Gizmo's Freeware Review post for more info on OC if you are interested.
  • Hamster Free Burning Studio - I’ve not personally tried this product but it seems to get positive feedback and has a very friendly GUI. Here is review I found if you are interested from the Addictive Tips blog post: Burn BluRay, DVD, CD Disks With Hamster Free Burning Studio, Better Than NeroBurn Lite

While not really and “ISO-burner”, I really love IsoBuster for extraction of files out of an ISO file as well as looking at the file structure of the ISO itself. Not free ($) but with limited (and quite feature rich) free functionality option available.

Want to mount that ISO file to inspect it, or extract files from it?  Then you need some freeware software to mount it as a virtual drive.

  • Windows 8 will natively support mounting of ISO files (finally). Accessing data in ISO and VHD files - Building Windows 8 blog (and) Windows 8 Will Support Native ISO Image Mounting - How-To Geek blog
  • Pismo File Mount Audit Package - I always find myself installing this tool on my systems. It supports virtual mounting of ISO files (and a few others) as well as having great explorer shell integration.
  • ImDisk Virtual Disk Driver - Olof Lagerkvist continues to keep this super-awesome tool updated. I’m crazy but install it concurrently with Pismo just because it is that good. Just updated again in October to version 1.5.2.
  • SlySoft Virtual CloneDrive - My top pick for “slick and polished” virtual drive mounting for non-techies. What’s intimidating when you have these cute sheep icons representing your virtual drives. Can set up to 8 virtual drives to be available at once. Super simple and rock-solid. (Confession…crazy as it seems it also is installed along with Pismo and ImDisk on my home system I like it that much.)
  • MagicISO - This freeware tool supports an curiously large number of image formats. So if you work with image formats frequently, you will probably want to include this on your system to be ready to mount and explore the image file.
  • Gizmo Drive - This is kind of like a swiss-army-knife of virtual drive mounting. Not only does it handle ISO/BIN/CUE/IMG file images, but it can mount VHD files as well. Additionally, it offers command line and Windows Shell mounting support. It’s pretty clever and updated pretty often.
  • DAEMON Tools Lite - Way back in my early tech days, DAEMON tools was one of the few virtual drive tools there was. I found it to be a solid tool that had some driver hooks that sometimes caused BSOD issues on some systems (never had issues myself). I’ve not returned to it since then, but they are still offering a “lite” version that can be used free (at home personally and not for commercial purposes).
  • Alcohol Soft (120% and 52%) - This was the other major player along with DAEMON tools back in the day. Alcohol continues to offer a free version in their “52%” version that does get bundled with a "toolbar” with feature sets you may or may not care for depending on how you are using the application.  I believe it may be uninstalled or opt-out if you wish.  YMMV.

Additional material:

Here are some nice guides/how-to’s with screen shots to cover some of the software and actions mentioned here in this post if you are a visual learner.

Cheers,

--Claus V.

Thursday, November 10, 2011

WinPE Building and PGP Support Links Updated

It’s been a long time since the series of posts I did on WinPE building, specifically with PGP support built in.

The WinPE/PGP supported builds I’ve done still are humming along and a favorite resource for our technicians when they need to off-line boot a PGP encrypted system to recover data from the (corrupted system) drive before a reimage.

Recently PGP Desktop 10.x client began rolling out and I needed to work on a fresh WinPE/PGP build to support it.

Only when I started looking for the PGPpe zip files used to build them, all my bookmarks were dead. Seems PGP got snapped up by Symantec and killed a lot of great linkages in the KB migration process.

Took me a while to hunt them down, but here are working links to all the files and PDF guides you need to help you with your WinPE/PGP building work for both PGP Desktop 9.x and 10.x.

I also noted this post Trying to create a BartPE WDE CD | Symantec Connect Community where a user is experiencing failure using the files to build a 10.2 PGP supported WinPE disk. Feedback at the time (pretty recent) was that PGP has some SDK issues in the WinPE environment and it doesn’t work too well.  Fix was pending.

I don’t (yet) need to support 10.2 PGP Desktop client version so hopefully the 10.1.x one I’m soon to build for won’t have any issues. I’ll let you know.

If WinPE/PGP building isn’t your thing, then you can also just download/burn the correct PGP “bootg.iso” file for your PGP Desktop client version.  Burn the ISO and then boot/decrypt away…providing you have a good passphrase to use.

Cheers,

--Claus V.

Windows Live Mail error 0x80041161

Dad is working with his father-in-law who has an issue with his Suddenlink web-mail-based “forwarding” handling of messages.

Seems that (and the behavior is not browser dependent) when he tries to forward a message from his web-based email client, the message body text disappears.  File size remains large so it seems to still have the forwarded “content” somewhere in the message body, but it just can’t be seen.  Checks on the sent message find the content isn’t visible either to the recipient.  Strange.

Anyway, that’s not the immediate issue.

Rather than keep banging our heads on the page coding interaction with the browsers, I suggested we hook him up with a local email client and move away from the web-client interface.  No small challenge for the old-timer.

Knowing there is a plethora of good/free email clients out there (I personally prefer Mozilla Thunderbird at home) I suggested to Dad we do a test-run with the gentleman using Windows Live Mail.  I’ve personally had great success with migrating others who are technically challenged from a web-mail based interface to this program.  The interface isn’t too “techie” and the basic email operations are covered with pretty intuitive icons on the main ribbon tab. Everything a very basic email user needs in a nice GUI.

Suddenlink even provides a handy guide for setting up their email accounts in WLM: Windows 7 - Email Configuration

But before we did a remote-rollout on his system, I wanted to play around with WLM again myself using a few of my “zombie” email accounts for testing (you know…those email accounts you have signed up for a long time ago, almost never use, but keep around as a honeypot for fun email spam flies?).

So when I fired up the WLM client on my laptop, I was surprisingly greeted by an error dialog box saying it couldn’t be launched.

windows live mail could not be started. it may not be installed correctly. make sure that your disk is not full or that you are not out of memory. (0x80041161)

A quick Google led me to this link: windows live mail error 0x80041161 - Microsoft Answers

I went to my Win 7’s system “search field” in my start-menu and typed in “wlarp.exe”. It showed up in the list.

On my Windows 7 (x64) system the location is C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Launched it. It ran for a while and finished.

Re-launching Windows Live Mail resulted in normal launch and operation with no more errors and allowed me to set up my test accounts for practice before deployment and training begins.

Nice to know.

Now let the real work begin….

Cheers.

--Claus V.

Sunday, November 06, 2011

Without fail…

Why does it seem -- without fail -- that when I am done taking the long-route though a complex and time-consuming process, I seem to only then find a tool that could do perfectly what I was doing in less than half-the time and effort?

In my “recent” GSD post, On the Hunt…I outlined how I was using a bat file to do a NBTSTAT -A process to collect valid IP address, Host names, and MAC addresses; and then how I was doing manual work to convert them into a tabular (CSV) format for importation into Excel.

This weekend I just found this free Windows CLI utility:

NBTScan. NetBIOS Name Network Scanner.

It has a cygwin1.dll component (949 kB) and the CLI executable nbtscan.exe (93 kB).  That’s it.

It seems to do all that I was doing, and then some. Nice.

The nbtscan.exe file alone worked perfectly on my Win 7 x64 system in testing against my home network IP ranges.  Super-fast and awesomely formatted output.

On the page are also a couple of “Gui” companions as well. One (Use42) had a component in the ZIP file that set off an AV alert with MS Security Essentials. I’m thinking it was because it was a potentially unwanted program (PUP) as it was part of a package for pen-testing work which included nbtscan. Use at your own discretion.

The “gui.exe” one looked nice and simple as well, but didn’t seem to offer access to the additional CLI argument options that nbtscan can use.

Those baked-in argument options with the tool are pretty powerful and useful, check out the page for more information.

post update: in the comments to this post, Mark Woan recommends as an alternative tool, Steve Friedl’s version nbtscan - NETBIOS nameserver scanner. It is a single tiny executable file and doesn’t require the cygwin1.dll component that NBTScan does.  In my tests it worked fine on my Win 7 x64 system, however I couldn’t get it to display the MAC information when I used the required argument. I didn’t have that issue with the first NBTScan tool. Probably just a Layer 8 issue…  Thanks Mark!

Bonus #1: Check out this new pen-test tool from the same developer: MagicTree

Bonus #2: Sectools.org recently updated their Top Network Security Tools list.

Cheers,

Claus V.