Archive for the ‘System Modifications’ Category

Issue:

–          The Remote connection gets established but gets disconnected moments before you get the Desktop.

Symptoms:

–          You are able to Ping the Server

–          The Server seems to be fine when checked in Console.

–          All the RDP Services seems to be fine.

–          When trying to take Remote connection, the connection gets established, but closes automatically with an error.

–          It asks to check the Network connections or the Remote desktop Services.

Resolution:

–          The Main Culprit here is : rdpcorekmts.dll file in C:\Windows\System32 location

–          All you need to do it replace this .dll file with same file in any working server.

–          You need to rename the file to : rdpcorekmts.old

–          You cannot rename the file directly as the Administrator too has only read permission on this file.

–          First you need to take ownership of this file.

–          Then you need to edit the security permissions and give full control for the Administrator or your account.

–          Only then you can rename the file.

–          Now copy the rdpcorekmts.dll file from any working server and paste in the System32 folder of the server with issue.

–          This replacement resolves the issue, and you can take RDP of the Server normally.

Advertisements

System Volume Information (SVI) is the folder holding the restore points. If you turn System Restore off, that folder will be emptied. If you turn it on again, a new restore point will be created.

If this isn’t the system drive, it really doesn’t matter at all, except for the space it takes.

The SVI folder is where System Restores holds its restore points and other information. There will be a SVI folder on every partition Windows sees. If the Indexing Service has been turned on it will store files in the SVI folders. Encrypting File System also uses the SVI folder on each partition to store the log file that is generated during the encryption and decryption process.

The data drive will contain its own SVI folder. There’s no reason to keep a backup on the data drive.

To Access the System Information Folder follow the below steps:

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

You may observe the SVI Folder may consume more space often, you can limit the amount of space it consumes, you can run the below command so that you can limit the space used by the Restore Points

vssadmin resize shadowstorage /on=D: /For=D: /Maxsize=3GB

  • In the above command I am limiting the D Drive to allocate 3 GB for the SVI.
  • You can change the drive name as per your requirement.
  • You can observe immediate free of space once the command is run.

 

You have probably noticed that Windows Server 2003 has a new feature that requests a shutdown reason each time you restart the server. This feature is called the Shutdown Event Tracker.

You might choose to disable this feature to avoid the hassle of typing in a reason each time you restart.

To disable this feature, you can perform the following steps:

1. Click Start, click Run, and type gpedit.msc and press Enter.

2. Expand the Computer Configuration and then Administrative Templates objects. Click on the System object. In the right-hand pane you’ll see several settings appear.

3. Locate and double-click that Display Shutdown Event Tracker setting. The Display Shutdown Event Tracker Properties dialog box opens.

4. Click the Disabled radio button to disable the Shutdown Event Tracker. Click OK. Close the Group Policy Editor console. Now when you shut down this server, you won’t be asked to enter a reason.

 

An anonymous proxy server (from time to time called a trap factor) mainly attempts to anonymize trap surfing. There are discrete varieties of anonymizers. One of the more routine variations is the bare proxy. Because they are typically difficult to track, introduce proxies are principally profitable to those seeking online anonymity, from governmental dissidents to computer criminals. Some users are essentially interested in anonymity for added security, hiding their identities from potentially malicious websites appropriate for illustration, or on grounds, to further constitutional charitable rights of naturalness of philippic, instead of instance. The server receives requests from the anonymizing representative server, and thus does not profit information forth the intent purchaser’s address. Though, the requests are not anonymous to the anonymizing proxy server, and so a rank of conviction is today between the proxy server and the user. Many of them are funded through a continued advertising link to the user.

Access hold sway over: Some proxy servers implement a logon requirement. In large organizations, authorized users obligated to log on to attain access to the web. The organization can thereby track usage to individuals.

Some anonymizing surrogate servers may forward figures packets with header lines such as HTTP_VIA, HTTP_X_FORWARDED_ALSO IN BEHALF OF, or HTTP_FORWARDED, which may reveal the IP address of the client. Other anonymizing delegate servers, known as elite or ear-splitting anonymity proxies, but number the SLIGHT_ADDR header with the IP address of the agent server, making it show that the delegate server is the client. A website could quiescent be suspicious of a proxy is being toughened if the client sends packets which encompass a cookie from a antecedent to by that did not put to use the high anonymity surrogate server. Clearing cookies, and by any chance the cache, would solve this problem.

 

While Windows Vista may be Microsoft Corp’s most secure operating system ever, it’s far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall or for some wicked bot to tweak your browser settings without your knowledge.

But by making a few judicious changes using the security tools within Windows Vista — and in some cases by adding a few pieces of free software –you can lock down your operating system like a pro.

1. Use Windows Security Centre as a starting point

For a quick overview of your security settings, the Windows Security Center is where you’ll find the status of your system firewall, auto update, malware protection and other security settings. Click Start, Control Panel, SecurityCenter, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected.

For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out of date, the malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so you’ll want to install your own. For free antivirus,

I recommend Avast 4.8 Home Edition.

2. Use Windows Defender as a diagnostic tool

The malware section of Windows Vista also protects against spyware using Windows Defender. The antispyware protection in your antivirus program usually trumps the protection Microsoft provides, but there are several good reasons to keep Windows Defender enabled. One is that every antispyware program uses a different definition of what is and is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools, and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Start-u

p Programs is perhaps the most useful. Click on any name in the left window, and full details will appear in the right pane. By highlighting, you can remove, disable or enable any of the programs listed.

3. Disable the start-up menu

Windows Vista keeps track of all the documents and programs you launch in the start-up menu. This can be convenient for some users, but it can also compromise your privacy if you share a computer within an office or household. Fortunately, Windows Vista provides an easy way to tweak this setting

. To protect your privacy, follow these steps:

* Right-click on the task bar and select “Properties.”

* Click on the Start Menu tab.

* Uncheck “Store and display a list of recently opened files.”

* Uncheck “Store and display a list of recently opened programs.”

* Click “OK.”

4. Get two-way firewall protection

No desktop should be without a personal firewall, but even if the Security Center says you’re protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious — and that’s good. But outbound protection is not enabled by default. That’s a dangerous situation if some new malicious software finds its way onto your PC.

Microsoft did include the tools for Windows Vista to have a true two-way firewall, but finding the setting is a little complicated. (Hint: Don’t go looking the Windows Firewall settings dialog box.

To get two-way firewall protection in Windows Vista, do the following:

* Click on the Start button; in the search space, type “wf.msc” and press Enter.

* Click on the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules.

* Click on Windows Firewalls Properties. You should now see a dialog box with several tabs.

* For each profile — Domain, Private and Public — change the setting to

Block, and then click OK.

Even if you do this tweak, I recommend adding a more robust third-party firewall. I suggest either Comodo Firewall Pro or ZoneAlarm, both of which are free and fare very well in independent firewall testing.

5. Lock out unwanted guests

If you share your computer with others — and even if you don’t – Windows Vista includes a neat way to keep unwanted guests from guessing your systems administrator password. When you set up users and declare one user as administrator with full privileges, Windows Vista allows an outsider unlimited guesses at the password you chose. Here’s how to limit the guesses.

* Click Start, then type “Local Security Policy.”

* Click Account Lockout Policy.

* Choose Account Lockout Threshold.

* At the prompt, enter the number of invalid log-ins you’ll accept (say, three).

* Click OK and close.

6. Now audit your attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following:

* Click the Start button, type “secpol.msc,” and click the secpol icon.

* Click on Local Policies and then Audit Policy.

* Right-click on “Audit account log-on events policy,” and select Properties.

* Check the Failure box, and click OK.

* Right-click on “Audit log-on events policy” and select Properties.

* Check the Failure box and click OK.

* Close the Local Security Policy window.

You can then use the Event Viewer (by running eventvwr.msc) to view the logs under Windows Logs and Security.

7. Secure your Internet Explorer settings

The Windows Security Center will also report whether your Internet Explorer 7(or IE 8) security settings are at their recommended levels. If the screen shows this section as red, you can adjust the settings within the browser itself.

* Within Internet Explorer, click Tools in the menu bar.

* From the drop-down menu, click Internet Options.

* Choose the Security tab.

* Within the Security tab, click Custom Level.

Here you’ll see a window with all the security options for the browser. If any are below the recommended level (if, say, some malware reconfigured your browser settings), these options will be highlighted in red.

To change an individual setting, click the appropriate radio button. To reset them all, use the button near the bottom of the tab. You can also change the overall security setting for Internet Explorer from the default Medium-High setting to the recommended High or Medium, if you wish. Click OK to save and close.

8. Use OpenDNS Domain Name System (DNS) servers act as a phone book. When you type “pcworld.com” in the address bar, for instance, your browser sends that common

-name request to your Internet service provider’s DNS servers to be converted into a series of numbers, or an IP address.

Lately, DNS servers have come under attack, with criminals seeking to redirect common DNS preferences to servers that they control. One way to stop such abuse is to use OpenDNS.

Go to Start, Control Panel, Network and Internet, and then click Network and Sharing Center. Under the tasks listed on the left, click Manage Network Connections. In the Manage Network Connections window, do the following:

* Right-click on the icon representing your network card.

* Click Properties.

* Click Internet Protocol Version 4.

* Click the Properties button.

* Select the Use the following DNS server addresses radio button.

* Type in a primary address of 208.67.222.222.

* Type in a secondary address of 208.67.220.220.

* Click OK.

9. Live with User Account Control

One area where some people might want to see the Windows Security Center turn red is User Account Control (UAC), perhaps the most controversial security feature within Windows Vista. Designed to keep rogue remote software from automatically installing (among other things), UAC has a tendency to thwart legitimate software installations by interrupting the process several times with useless messages.

In Windows 7, you’ll be able to set UAC to the level you want. Until then, you do have some options. One is to disable UAC. I would caution against that, since UAC is meant to warn you of potential danger.

Instead, install TweakUAC, a free utility that enables you to turn UAC on or off as well as provides an intermediate “quiet” mode that keeps UAC on but suppresses administration-elevation prompts. With TweakUAC in quiet mode, UAC will appear to be off to those running as administrator accounts, while people with standard user accounts will still be prompted.

10. Check your work

Now that you’ve tweaked Windows Vista, you can keep tabs on your system’s security with the System Health Report. This diagnostic tool takes input from the Performance and Reliability Monitor and turns it into an information-packed report that can spotlight potential security problems.

* Open Control Panel.

* Click System.

* In the Tasks list, click Performance (near the bottom).

* In the resulting Tasks list, click Advanced tools (near the top).

* Click the last item on the resulting list — “Generate a system health report.”

The report will list any missing drivers that might be causing error codes, tell you whether your antivirus protection is installed and declare whether UAC is turned on. You may want to run this report once a month just to make sure everything is still good.

WINDOWS XP HIDDEN APPS

To run any of these apps go to Start > Run and type the executable name (ie charmap).

=========================================

1) Character Map = charmap.exe (very useful for finding unusual characters)

2) Disk Cleanup = cleanmgr.exe

3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)

4) Dr Watson = drwtsn32.exe (Troubleshooting tool)

5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)

6) Private character editor = eudcedit.exe (allows creation or modification of characters)

7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)

8) Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).

9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).

10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)

11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).

12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )

13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).

14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).

15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).

16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).

17) File siganture verification tool = sigverif.exe

18) Volume Contro = sndvol32.exe (I’ve included this for those people that lose it from the System Notification area).

19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).

20) Syskey = syskey.exe (Secures XP Account database – use with care, it’s virtually undocumented but it appears to encrypt all passwords, I’m not sure of the full implications).

21) Microsoft Telnet Client = telnet.exe

22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).

23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).

24) System configuration = msconfig.exe (can use to control starup programs)

25) gpedit.msc used to manage group policies, and permissions

Thumbnail Cache

***************

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]

“DisableThumbnailCache”=dword:00000001

Windows XP has a neat feature for graphic and video files that creates a “thumbnail” of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD “DisableThumbnailCache”. You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.

Priority Tweak

**************

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]

This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).

There are two parts to this tweak. First is to optimize XP’s priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the “Win32PrioritySeparation” DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the “Launch folder windows in separate process” box. This setting actually forces each window into its own memory tread and gives it a separate process priority.

Master File Table Zone Reservation

**********************************

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]

Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a “moderate number of files” commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.

This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.

1. Copy the following (everything in the box) into notepad.

QUOTE

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

“ClearPageFileAtShutdown”=dword:00000001

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

“AutoEndTasks”=”1”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

“WaitToKillServiceTimeout”=”1000”

2. Save the file as shutdown.reg

3. Double click the file to import into your registry.

NOTE: If your anti-virus software warns you of a “malicious” script, this is normal if you have “Script Safe” or similar technology enabled.