Replacement Winsock Registry Keys for Microsoft Windows 7 and Vista

Posted on January 22, 2012 by Derek

Some malware as of late has been fiddling with Winsock a little too much, causing corruption in the Windows Registry keys that store adapter and protocol settings.

If you find yourself (or a customer, friend, etc.) in this predicament it may be in your best interest to restore the affected keys. While I make no assertion that this is either Microsoft or industry recommended I’ve fixed more than a few systems with this extremely easy technique. Windows 7 and Vista no longer support the old, Windows XP INF tricks so this is what we’re left with.

Attached you’ll find Registry merge files. These were exported from fresh installations of Windows on VMware Workstation 8. For all you IT underlings it will be in your best interest to backup and then delete the following Registry keys prior to merging in the news ones:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winsock
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2

LETS GET READY TO RUMBLE…or maybe not

Posted on January 14, 2012 by Derek

LETS GET READY TO RUMBLE...or maybe not

Removing BES Policy From An Old (<= version 4.2) BlackBerry Phone

Posted on October 31, 2011 by Derek

If for some reason you wander across an old corporate BlackBerry—in my case an 8703e—that still has BES policy locking it down that you’d like to remove you might be in luck.

Now by old, I mean _old_. OS 4.2 and older. This is when the policy.bin changeover happened. The issue with all the tools out there is that they’re designed to work with 4.3 and up. These tools work very well at removing the policy on these newer models:

- BBSAK
- CrackUtil
- JL Cmder

But alas the problem is you’ve got a 4.2 (or older) phone. Well shit. Time to upgrade!

Check online to see if there’s a 4.3 update available. Or even a 4.5 update like was the case with the 8703e that I stumbled on. Also in my case we threw a Sprint image onto a Verizon phone. So even crossing carriers might work.

So in short, upgrade however you can and then run the policy kill tools.

Bingo bango boom our friend now has a working (if not battered, ugly and old) 8703e to use while he travels to DC.

An application in the Microsoft Office 2010 suite freezes when attempting a paste operation

Posted on August 25, 2011 by Derek

An application in the Microsoft Office suite (Microsoft Word, Microsoft Excel, etc.) may freeze when attempting a paste operation if you have any sort of mapped drive that isn’t working properly.

For instance earlier today I removed a mapped drive, S: (not that it matters), that was originally connected via WebDAV to a server that is now no longer in use.

So long story short, delete the offending drive, log off and then back in. Try the paste operation again and hopefully you’ll have 1980′s technology restored…

Microsoft: WTF?! This is nonsensical behavior.

Enabling the Microsoft Small Business Server (SBS) 2003 Remote Web Workplace (RWW) “Connect to computer” (Remote Desktop) feature when Internet Explorer Add-on Management is enabled

Posted on July 21, 2011 by Derek

Running Microsoft Small Business Server (SBS) 2003? Have Internet Explorer Add-on Management enabled? Are your users pissed at you that they can’t use the “Connect to computer” feature in Remote Web Workplace (RWW)?

Add this GUID to the allowed add-on list in Add-on Management:
{6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4}

This allows the “msrdp.ocx” control to run in Internet Explorer.

Don’t forget to do a “gpupdate” or logoff/reboot the computer after you change the Group Policy.

NoMAS: A cure for Event 9548 in Microsoft Exchange

Posted on July 8, 2011 by Derek

Have you run into Event 9548 on your Microsoft Exchange server? Did you recently upgrade to SP2 on Microsoft Exchange 2003 and delegated accounts are causing Microsoft Outlook to hang?

Sound familiar? If so you might need NoMAS (No Master Account SID, I presume), a tool from Microsoft Product Support Services (PSS) that enumerates through Active Directory and finds disabled users that have no msExchMasterAccountSid attribute set.

Wait…what the hell is msExchMasterAccountSid? Good question. The attribute msExchMasterAccountSid more or less tells Exchange/Outlook how to handle permissions on an account. By default a disabled user account has a blank msExchMasterAccountSid, so delegating the account to someone else fails miserably (usually with Outlook hanging for way longer than it should).

What the tool NoMAS does is goes through and find all those (usually disabled) accounts with a blank msExchMasterAccountSid attribute. This is helpful as a top down view of what needs fixing. Once you find accounts with this empty attribute the fix is simply to set the Associated External Account to Allow on the SELF “user” (this all of course under the Exchange Advanced | Mailbox Rights in the Active Directory Users and Computers snap-in).

You can download NoMAS at:
http://archive.msdn.microsoft.com/NoMas

Be Careful Upgrading to Windows 7 SP1

Posted on April 7, 2011 by Derek

Be careful when you’re prompted by Windows 7 to upgrade to Service Pack 1 (SP1). Specifically make sure that no other updates are checked off when performing the SP1 install. Having other updates checked off may result in the dreaded Blue/Black Screen of Death (BSOD), a sign of big problems.

Like all Windows service packs, Internet Explorer installs and other “large” updates I strongly recommend downloading the full install packages instead of using what comes down the pipe in Windows Update. Full packages generally do a more thorough job, at the expense of taking longer to install.

Windows 7 SP1 Full:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3202ce6-4056-4059-8a1b-3a9b77cdfdda

Times 4…a daily occurence

Posted on January 29, 2011 by Derek

How to Look Up an IPv6 DNS Address / Record Using NSLookUp

Posted on December 27, 2010 by Derek

Linux:

nslookup -type=AAAA -server=ns1.t-mobile.com ipv6.t-mobile.com

Windows:

nslookup -type=AAAA ipv6.t-mobile.com ns1.t-mobile.com

You can easily leave out the “server” option of either command to use your OS’s configured DNS server(s). In this case we specified T-Mobile’s “ns1.t-mobile.com” name server.

Symantec EndPoint Protection Manager Hangs at Login

Posted on November 5, 2010 by Derek

If the Symantec EndPoint Protection Manager hangs at login try the following:

In the Services MMC snap-in try restarting the “Symantec Embedded Database” service. Be patient, as it may take some time (to fail).
If the service fails to restart forcefully kill the “dbsrv9.exe” process (through Task Manager or similar).
Stop/start the service. The service will be in an undefined state, so again be patient. It might take a minute for the service to show the “Start” action.
Open Symantec EndPoint Protection Manager and attempt to log in. Hopefully the issue is fixed.

Derek’s Musings

I’m right. You’re wrong. Don’t take it personally. It’s just how things are.