New commands in recent Windows releases

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This morning, I discovered a new command in Windows XP (and Windows Server 2003) – systeminfo.exe allows an administrator to query a local or remote computer for basic system configuration information.

Additionally, the TweakXP.com website suggests a useful method of restricting the output from systeminfo.exe so that only certain information is displayed, by piping it through find.exe. Deepak Sharma posted similar information on his weblog, but also points towards Microsoft’s uptime reliability and availability information tool (uptime.exe), a Windows NT download (that also works on XP).

After some more research, I found that systeminfo.exe is just one of a few new commands in recent versions of Windows and full details may be found in the %windir%\help\ntcmds.chm file.

Shelling out to a command prompt from within an Office application

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier today I needed to shell out to a command prompt from a locked-down desktop PC. With only a limited set of icons and no access to the Run dialog from the Start Menu, I asked a colleague if he knew any back doors in the client build. He showed me this neat method for shelling out to pretty much anything you like from within an Office application:

  1. Open Microsoft Word, Excel, Outlook or another application that supports Microsoft Visual Basic for Applications (VBA).
  2. Select Macro, then Visual Basic Editor from the Tools menu (or type Alt-F11).
  3. Select Module from the Insert menu and enter the following code in the Module window:
    Sub Main()Dim x
    x = Shell("cmd.exe")
    End Sub
  4. Select Run Sub/User Form from the Run menu (or type F5) and a new instance of cmd.exe will be launched.

The security implications of this could be severe, but as an administrator it’s a useful trick to know.

Priority order for the application of GPOs

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

The group policy management console (GPMC) integrates group policy functionality from a variety of Active Directory administrative tools into a single, unified console dedicated to group policy management tasks. One of the many useful features of GPMC is the ability to carry out group policy modelling, for example when diagnosing issues with GPO application.

Policies are applied in the following order:

  1. Local
  2. Site
  3. Domain
  4. Organizational unit (OU)
  5. Child OU
  6. [Child OU etc.]

When a container (site, domain or OU) has links to multiple GPOs, these can be assigned a link order to designate an order of precedence. Sounds straightforward enough, except that to me, the term “link order” suggests the order in which links to GPOs are applied – i.e. 1, then 2, then 3, etc. In that way, if GPO a (with link order 1) is overridden by a setting in GPO b (with link order 2), then GPO b (second to be applied) would be the winning GPO. Except that it doesn’t work that way!

Microsoft’s Group Policy Management Console Technical Reference provides a full description of how GPMC can be used, and provided me with a gem of information that seems to me totally illogical, but solved a problem I’ve been struggling with this afternoon:

“When a container has multiple GPO links, administrators can use GPMC to manipulate the link order for every container. GPMC assigns each link a link order number; the GPO link with link order of 1 has highest precedence on that container.”

The GPO with link order 1 has the highest priority – i.e it is applied last! I switched the policy link order and now the resultant set of policies is exactly the way I need it to be.

SP1 for Windows SharePoint Services and SharePoint Portal Server 2003

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Microsoft has two information sharing and collaboration platforms for Windows Server 2003:

Service pack 1 has been released for each of these platforms and is available from the Microsoft website (WSS, SPS). SPS SP1 requires WSS SP1 to have been installed. Once installed, neither of these updates can be removed.

Full details of WSS SP1 are available in Microsoft knowledge base article 841876. Similarly, full details of SPS SP1 are available in Microsoft knowledge base article 841883.

Note that if multiple WSS servers are being used in a web farm, these should all be updated to SP1 at the same time as described in Microsoft knowledge base article 875358. For SPS, see Microsoft knowledge base article 875371.

The Windows SharePoint Services Administrator’s Guide has been updated for SP1 and there is also a SharePoint Portal Server Administrator’s Guide.

Migration tool for IIS web applications

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Microsoft have released the Internet Information Services (IIS) 6.0 Migration Tool – a command line tool to automates several of the steps involved in migrating a web application (configuration data, site content, and application settings) from IIS 4.0, IIS 5.0 or IIS 6.0 to a clean installation of IIS 6.0.

Windows XP SP2 RDP client now available for legacy versions of Windows

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Microsoft have released an updated Remote Desktop Connection (formerly Terminal Services) client for Windows 95, Windows 98, Windows ME, Windows NT 4.0 or Windows 2000. This is the same version as is included with Windows XP service pack 2 (v6.0.2600.0).

Microsoft advice on antivirus technologies

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Back in June 2004, I wrote about Microsoft’s introduction to viruses, worms, and Trojan horses. A more detailed document is the Antivirus Defense-in-Depth Guide, which has recently been updated to include the new technologies introduced in Windows XP service pack 2.

Should you run the Windows Firewall, a third party firewall, or both?

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

“Which firewall should I use?” – it’s an interesting question. Microsoft are positioning the Windows Firewall (part of Windows XP service pack 2) as a major leap forward in terms of network protection, and it is; but there are many good third-party firewall products out there. Should you use the Windows Firewall? Should you use your third-party product? Should you use both?

According to the Windows IT Pro magazine network (formerly the Windows and .NET magazine network) Windows Tips and Tricks Update, Microsoft issued the following statement in response to such questions from their customer base:

“We strongly recommend that users run only one host firewall on their system. Yes, the XP SP2 Windows Firewall can coexist with third-party firewalls, but multiple firewalls don’t make you safer. Running multiple firewalls just means you have to configure the settings in multiple places (e.g., opening ports for each firewall you run). For anyone who wants to keep using a third-party firewall after installing XP SP2 – for example, because they like some of the extra features – we suggest they turn off the Windows Firewall. We have already advised third-party firewall vendors to programmatically turn off the Windows Firewall in their future releases, so this will eventually be automatic.

We don’t have any specific guidance as to whether people should use the built-in XP SP2 Windows Firewall or use a third-party product. We absolutely believe that people who don’t already have host firewalls should run the Windows Firewall in XP SP2. Almost all firewalls on the market (including the Windows Firewall) provide good security; it then boils down to what features and capabilities people want. The Windows Firewall, for example, doesn’t do any alerting or intrusion detection. Neither does it offer outbound filtering capabilities. The Windows Firewall focuses on preventing attacks from successfully penetrating a system, but it doesn’t do anything to protect systems once bad software is locally installed. Some other products also have better diagnostics and centralized reporting than the Windows Firewall (which has no reporting whatsoever). I don’t believe people are “safer” running third-party firewalls, but there may be some features in these products that they would like to have.”

Whatever the answer, in today’s climate, and in line with the security principle of defence in depth, we should all seriously consider the use of a firewall on all PCs, and the Windows Firewall is a good starting point.

Useful TCP and UDP port numbers

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Having spent the afternoon configuring Windows Firewall exceptions, I thought I’d post some links to useful port number information.

Of course, %systemroot%\system32\drivers\etc\services contains port numbers for well-known services defined by IANA, but this is an incomplete list and the up-to-date version is on the IANA website.

Although now out of date (superseded by the RFC 3232 online database), the missing table of contents for RFC 1700 (assigned numbers) provides links to a pile of useful information that doesn’t seem to be covered in RFC 3232. This information is not just from the RFC and includes links to items such as country codes from ISO 3166, although a more up-to-date list of country codes is available on the ISO website (note that the ISO country codes do not necessarily equate to the top level domain codes, e.g. United Kingdom is GB in ISO 3166, but both GB and UK on the IANA website).

Finally, the ISS website has details of commonly used ports (along with some descriptive information) for Microsoft services as well as other vendors.

Using group policy objects to hide specified drives in My Computer

Posted on By Mark Wilson
This content is 21 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Whilst locking down the Windows XP desktop using an Active Directory group policy object, I needed to prevent access to certain drive letters that didn’t fall within the default settings. Microsoft knowledge base article 231289 details the process for editing the system.adm file to provide more control over access to particular drives.

I chose to write my own .adm file with just the relevant settings (although it fails to load in the same policy as system.adm, due to duplicate definitions, so needs to be applied through a separate policy).