NinjaTek's tips and tricks
NinjaTek
Monday, August 27, 2012
When so-called 'professionals' do IT wrong.
Tuesday, November 15, 2011
Restore Folders that have been Hidden by a Virus
A common move for a virus is to change all the folders on a drive to Hidden System Folders. This gets very confusing when you see the drive is 80% used, but only has a few files on it…
As soon as you realise something funny like this has happened, run an Anti-Virus Scan on the drive (whoever borrowed your drive doesn’t have adequate AV protection). Once you have got a clean result you need to get your folders back.
To View the hidden folders:
dir /ah
To remove the Hidden and System attributes from folders:
attrib *. -h -s /s /d
Step by Step:
- Open a command prompt (Start -> CMD)
- Type in: cd\ (This will take you to the root of the drive)
- Type in the affected drive letter, eg: E:
- To view the hidden folders, type in: dir /ah
- To make them all visible again, type in: attrib *. -h -s /s /d
-Ninjatek
MailMarshal – Still receiving mail from a Blacklisted Domain/Email Address
Take a look at this hypothetical example:
- A user receives an email from a company with an ‘aggressive’ marketing campaign (spam)
- The user replies using as many expletives as possible
- The spammers now know they are getting through your anti-spam protection, so email the user more than ever.
- The user now asks IT to block the spammer.
- IT blocks the spammer’s email address.
- Spam still gets through.
- IT blocks the spammer’s whole domain.
- Spam still gets through.
Option 1:
When the user replies to the spammer (Step 2), Mail Marshal adds the spammers address to its Auto-Harvested Whitelist. Even when IT adds the email address to the Blacklist, the whitelist takes precedence.
To resolve, simply delete the entry from the Auto-Harvested Whitelist.
Option 2:
If the Spamee has never responded to the Spammer (ie, start at Step 4 in above example), then they could be using an email marketing company to send their spam out for them, in which case the Email address might be different to the address/domain that you have blacklisted.
By default MailMarshal has a Connection Rule to check against the Global Blacklist to block mails coming into the organization. The only problem with that is a Connection Rule can only see the address, so in the case of our example the mail will still get through.
To deal with this you will need to create a new Standard Rule to be able to check the originator address header field (Sender address). This Rule will then catch any mails that make it past the default Connection Rule.
References:
http://www.m86security.com/KB/Print12238.aspx
Happy Blocking!
-Ninjatek
Thursday, October 20, 2011
Move WSUS Database and Content Directory to another Drive
Here are the steps to move your WSUS Database and Content Directory from C:\WSUS to D:\WSUS on the same server (D: being the new hard drive you just installed)
Moving the Content Directory
From a Command Prompt, locate WSUSUTIL.exe (C:\Program Files\Update Services\Tools) and run the following:
wsusutil.exe movecontent D:\WSUS\ D:\WSUS\move.log
(where D:\WSUS is the destination)
Moving the WSUS Database
1. Stop Update Services and IIS Admin Service
2. Open MS SQL Server Management Studio Express
3. Connect to Database Engine - \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
4. Detach SUSDB (Tasks->Detach); Tick the Drop Connections box
5. Move the SUSDB Folder from C:\WSUS to the new location
6. Attach SUSDB (Right Click Databases -> Attach)
This can also be done via CMD Prompt without SQL Studio – Something I have not tested yet:
To detach:
SQLCMD.EXE -E -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -Q "sp_detach_db 'SUSDB'"
To attach:
SQLCMD.EXE -E -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -Q "sp_attach_db @dbname=N'SUSDB',@filename1=N'D:\WSUSDB\SUSDB.mdf', @filename2=N'D:\WSUSDB\SUSDB_log.ldf'"
And that's it. Now you have more space on C: for that cat-lady to store more photo's of Mittens :-/
Tuesday, July 19, 2011
Mailbox Move Fails in Exchange 2010
Active Directory operation failed on ADSERVER. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
After comparing the AD user’s ACL against another user that was already migrated, I noticed some major differences. The problem was that sometime in the past someone had fiddled where they shouldn’t have been fiddling…
Solution:
In Active Directory, go to View and tick Advanced Features
Go to the user’s properties, select the Security Tab
Click Advanced
Tick “Include inheritable permissions from this object’s parent”
Saturday, June 25, 2011
BackupExec 2010 not completing job: “Remove Media from the Drive”
When I ran the first backup job on the newly installed HP LTO-5 Ultrium 3280 Tape drive, it gave an interesting alert.
The alert was: “Please remove the media from the drive”
Odd…
Apparently since LTO4, the drive has a sensor to check whether there is a tape in the slot or not. If you have set the job to automatically eject the media, then BackupExec will not complete the job until you manually remove the tape from the drive, even though it is ejected, OR respond to the alert.
The solution is to create an automatic response to this specific alert, telling BackupExec to clear the alert when it comes up. This will enable the job to complete successfully.
To set the Automatic Response:
Alerts -> Configure Alert Categories -> Media Remove -> Automatically clear alert after: 1min
The log as per Windows Event Viewer Application Log:
Log Name: Application
Source: Backup Exec
Date: 6/22/2011 11:22:25 PM
Event ID: 58063
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: BackupSVR
Description:
Backup Exec Alert: Media Remove
(Server: " BackupSVR ") (Job: "Full Daily Backup") Please remove the media from the drive, and Respond OK.
Wednesday, February 2, 2011
How to NOT use remote gateway with Windows VPN
- Right Click on the VPN connection
- Click Properties
- Select the Networking Tab
- Click TCP/IP v4
- Click Properties
- Click Advanced
- Untick Use default gateway on remote network