mirco's.net

Latest Updates: windows RSS

• 

  Windows 7 on an IdeaPad S10e

  Mirco 19:01 on Monday, 26. October 2009 | View Comments Permalink | Reply
  Tags: administrator (3), diskpart, driver, ideapad, installation (2), lenovo, microsoft (10), netbook, s10e, upgrade, usb (3), win7, windows, windows7

  Last week Microsoft introduced the new Windows 7 to the humble consumer and since I’ve known about the increased performance over Windows Vista from the Beta program it was to to send the installation of Windows XP on my netbook into retirement for good.

  The Atom processor of the S10e doesn’t support 64 Bit operating systems and the onboard graphic isn’t the fastest either. And since I rarely store any data directly on the netbook I won’t need the BitLocker feature, so I went for a solid 32 Bit Home Premium version. These are available as System Builder Version from 69€ to 89€ at retail shops (perfectly legal according to German law). The only differences to the regular retail version is the missing 64 Bit DVD and the lack of Microsoft support.

  The first obstacle was the DVD. The IdeaPad, like any netbook, doesn’t have an internal optical drive. So I have two options:

  1. use an external USB DVD drive
  2. copy the DVD onto a USB thumb drive (at least a 4GB size)

  I went with option 2 because I didn’t want to buy a new DVD drive.

  Before I started to copy I had to prepare the thumb drive using some command. Open the Command Prompt (CMD) as an Administrator (important!).

  c:>diskpart
DISKPART>lis dis
DISKPART>sel dis 3 (3 was my thumb drive)
DISKPART>lis par
DISKPART>sel par 1 (1 usually the only partition on the thumb drive)
DISKPART>format fs=FAT32 LABEL=”Windows 7” QUICK OVERRIDE
DISKPART>active
DISKPART>exit

  Your thumb drive should now be empty and most importantly bootable.

  Now insert the Windows 7 DVD into your DVD drive (D:) on your PC and copy the content to the thumb drive (G:) using Robocopy. (use drive letters that match your configuration)

  c:>Robocopy d: g: *.* /e /copyall

  This could take a while, depending on the writing speed of your thumb drive. Now you can boot the netbook with the memory stick and start the installation process. I still had the original recovery partition which I wanted to keep. I had to choose custom setup to select the system partition for installation. The automatic mode went into a menu loop because the recovery partition (the first partition on the disk) was too small to install Windows 7. A simple error or warning message would have helped at this point.

  The main installation was done within 30 minutes.

  From good tradition the first thing I did was to run Windows Update. It found only 9 updates, most of which where device drivers. but still I missed some functionality.

  • Microphone
  • Bluetooth
  • Energiemanagement
  • Multi Touch function of the touchpad

  Lenovo doesn’t provide any Windows 7 drivers to the IdeaPad S10e, since the device is currently phasing out and is only sold with Windows XP. But the new IdeaPad S10-2 is sold with Windows 7 and besides some minor differences it’s practically the same hardware.

  Here’s a list of needed device drivers:

  • Lenovo Energy Management Driver
  • Synaptics Pointing Device Driver
  • Realtek High Definition Audio Driver
  • Intel Onboard Graphics Driver
  • Broadcom Bluetooth Driver

  For the 3G version of the S10e you’ll need additional UMTS card drivers. There’s a complete list of all working drivers and tools at the ThinkPad Forum (only German content, but the drivers are available in Englisch).

  Update: I just found a video tutorial

  Click here for Part 2

   

  Reply Click here to cancel reply.

  Name (required)

  Email (required)

  Web Site

   
• 

  Stop Whining! Start Patching!

  Mirco 20:35 on Thursday, 15. January 2009 | View Comments Permalink | Reply
  Tags: botnet, downadup, exploit, f-secure, january, security (2), virus (2), windows, worm (2)

  So it’s another months and for the second time in a row, a new worm threads all that use Windows computers. Well, actually only those who haven’t yet installed the security updates issued in December.

  As soon as the news spread the usual Apple and Linux fanatics joined into the “Unsafe Windows” bandwagon. And in reality this has nothing to do with Windows as an operating system. it’s the lack of knowledge at the user base that enables the programmers of worms and viruses to exploit known security issues this easy.

  Linux and Apple systems also need constant updates to fix security issues, but while the average Linux user is more educated and security conscious than the average Windows user. Apple systems still have not reached the mass market in great enough numbers to be of higher interest of Botnet owners and worm/virus programmers.

  Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the "Downadup" worm, an increase of more than 1.1 million since Tuesday.

  "[And] we still consider this to be a conservative estimate," said Sean Sullivan, a researcher at F-Secure, in an entry to the company’s Security Lab blog.

  (http://www.computerworld.com)

  If your PC is one of these 3.5 million:

  HAHA!

  Sorry, but if you don’t install security updates this is what WILL happen sooner or later. The outbreak in December was a “later” and this was a “sooner” exploit of known risks.

  So, stop whining already and start patching your systems!

   
• 

  Tick, Tick, Tick, … Boom!

  Mirco 8:05 on Wednesday, 3. December 2008 | View Comments Permalink | Reply
  Tags: administrator (3), blaster, breach, changemanagement (2), clean, cleaning, consultant, coordination, customer (2), infection, management (5), microsoft (10), operations manager (2), opsmgr (2), patch, patches, scom (4), security (2), server (5), symantec, update, updates (2), virus (2), windows, worm (2), wsus (2)

  I still don’t know why I gave into my manager wanting me to postpone my scheduled vacation by a week, so he has some billable hours to report in December.

  So here I was, stumbling into the office after a terrible drive through heavy traffic and a 20km detour because of a roadblock caused by a serious accident. As expected most of my customers administrators where either still not in office or in a meeting. I start the computer and fire up Outlook and the Operations Manager Console, and… Uh-Oh, this can’t be good.

  I was looking at about 1000 critical alerts, all less than 36 hours old and of the same type.

  It turned out that a new Windows worm has appeared over the weekend, infecting computers without a previously released patch and/or old versions of Antivirus Software.

  To say I was surprised of this sort of fallout would be … a huge lie, since I kept telling every responsible stakeholder for months this could be happening anytime at the way they are handling update and patch distribution.

  And it continued to play out just as I had expected it would. Someone found the single patch that would prevent an infection, and everyone with an Administrator account jumped at any server they could get a hold on to install exactly this single patch manually, instead of installing the other 28 – 79 missing patches along the way.

  It also reminded some of them that I had published a process on how to identify and classify servers for automatic update distribution. After all this document was available to everyone for the last few months and presented to management for consideration.

  Two days later most of the monitored servers are responding again, which doesn’t imply they are no longer infected, just patched. But as far as I can tell we are only monitoring about 60% of all servers after all.

  Since there is no active WSUS on the network, all patches had to be downloaded from Microsoft to the servers which took hours. The worm was putting so much additional traffic on the network that the proxy servers collapsed several times. User where constantly complaining about service and accessibility.

  The last company I witnessed this kind of chaos after a virus out brake was during the Blaster era (2001). It took them less than a month after this incident to implement strict policies and processes to prevent this from happening again. And as far as I know it never has since.

  Knowing there are still companies like my current customer out there, that don’t have a clue about processes, security and management only fill me with the assurance that there is still a great potential for future business, if only they would listen to their consultants.

  That’s why the pay us, right?

   
• 

  How to restore a Domain Controller you cannot logon to

  Mirco 6:54 on Wednesday, 16. July 2008 | View Comments Permalink | Reply
  Tags: account, active, active directory, adsi, controller, dc, dcpromo, directory, domain (2), edit, kerberos, login, logon, microsoft (10), ntdsutil, registry, restore, windows

  For some reason we had multiple Domain Controllers that refused any logon attempt in the last few weeks.

  After getting a closer look at the event logs we found pages full of Kerberos errors. Somehow the machine account expired and wasn’t renewed, so the controller could no longer replicate and thou refused our logon attempts.

  I tried to fix the Kerberos issue, but nothing I found was helping the situation. But how do I restore a Domain Controller I cannot logon to, without reinstalling the server?

  After a quick search I found this: Microsoft Article KB332199, which had a useful subsection on the “If the domain controller cannot start in normal mode” issue.

  First restart the Domain Controller in Directory Services Restore Mode (using F8) and open REGEDIT. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions and Edit the value of ProductType from “NavmanNT” to “ServerNT”. Be careful to spell this correctly! This will tell the server that it is only a member server in the domain, and you can use a local logon account.

  Restart the system and logon using the Administrator account with the restore password. Open REGEDIT again and this time browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters. Find the Src Root Domain Srv Entry and delete it. This way the server will believe it’s the last Domain Controller in the current domain.

  Start DCPROMO and create a new temporary domain. Yes, create. No need to delete anything yet. This will overwrite any Active Directory values stored on your local server. After it’s done restart and run DCPROMO again. This time we will shut down the temporary domain and remove all Domain Controller traces from the harddrive.

  That’s it. All you need to do now is remove the Active Directory objects related to the original Domain Controller (KB216498) from the directory, wait for the replication to finish and run DCPROMO to add this server as Domain Controller of your domain.

   
• 

  Managing SMB environments with Microsoft System Center Essentials 2007

  Mirco 13:30 on Thursday, 10. January 2008 | View Comments Permalink | Reply
  Tags: distribution, microsoft (10), packaging, server (5), software, sql (2), sql server 2005, system center (2), system center essentials 2007, windows, wsus (2)

  I currently have a SMB customer who wants to improve it’s IT management and monitoring processes without investing a lot of money.

  There are a few things companies can do without investing any money. Like installing a Windows Server Update Service for patch management, SharePoint Services for document and workflow management, a Distributed File System for easy file management, etc.

  But I haven’t found any lowcost solution for a reliable server and network monitoring that enables administrators to proactively respond to system events and errors. Most solutions like Nagios only monitor SNMP traps, which might tell you that your server is absolute fine and running… while an event monitor would show the administrators that the DNS service is actually offline due to a database error.

  On an Enterprise level there are several systems to choose from. Like Tivoli, OpenView and Microsoft System Center Operations Manager they are all very complex and very expensive.

  Together with the current System Center Operations Manager 2007 Microsoft introduced the System Center Essentials 2007 version targeted at the midrange market (50-500 employees). Essentials includes key features from the Operations Manager as well as Windows Update Services 3.0 and SQL Server 2005 Express Edition. While WSUS is fully integrated into the package, SQL server is an optional feature, since it’s also possible to use any existing SQL Server 2005 instance as long as it has Reporting Services installed.

  Installation is very easy, containing only of a single installation wizard which will guide you to the most important settings, like account name and password for the services and agents, and won’t bother with any unimportant details.

  After about one hour you can open the System Center Essentials console, which will present you a brief overview of your environment with the most important information and open tasks. The first two tasks for the administrators will be the configuration of the update services which works the same as in the standalone version of WSUS 3.0 and the creation of a domain policy for your clients and servers to utilize the Windows Update Service, as well as a another wizard based task to discover the potential clients on your network to install the Management Agents on.

  

  The management agents will collect all current information on the managed systems, like installed hardware and software, operating system version, installed patches and updates, existing users profiles, system status, hard drive status, event logs, etc.

  Like in the Operations Manager 2007 the Essentials version provides a basic list on Microsoft Management Packs which can be extended by installing additional Management Packs. System Center 2007 compatible management packs include a flag for the Essentials version that reduces the amount of data send to the database to a needed minimum. This will keep the database size down as well as prevent administrators from being overwhelmed by the sheer mass of available information.

  

  Additional to monitoring your client/server computers and deploying operating system and application patches System Center Essentials also enables you to distribute simple software packages. The deployment packages can be created from EXE or MSI files. The later also automatically creates an uninstall option for the package.

  The creation process is guides by an easy to understand wizard which again focuses only on the most important features of software packaging, like including additional files and providing command line options. In case of MSI files it also enables you to modify some of the MSI configuration settings.

  All software packages are listed in the Software tab and can be categorized and applied for installation on specific computer groups taken from the WSUS component.

  

  Microsoft System Center Essentials 2007 server licenses are available with or without a SQL Server 2005 license, in case you already have one or want to use the Express Edition. furthermore you will need a Client or Server Management License for each Windows based system you want to install a Management Agent on. None Windows based systems can be managed and monitored via SNMP and don’t require additional licenses.

  Since this Version of System Center is targeted at the midrange market the number of manageable Windows systems is limited to 30 servers and 500 clients and the managed environment will only host one Management Server. There is also an option for ISPs who want to manage multiple SMB customers. In this case all of the managed SCE can be connected to a full version of System Center Operations Manager 2007 for central management.