Process Explorer 16 and VirusTotal integration

Posted by & filed under Server Admin.

I came across this today and had to share. The latest version of Process Explorer has native integration with VirusTotal This means you can have Process Explorer analyze the processes running and compare them with the VirusTotal database.

Process Explorer 16 w/ VirusTotal integration

Enable:

Usage:

  • Select options -> Check VirusTotal.com┬áto initiate a scan of the processes. The VirusTotal column will populate with scores for the process.
  • Click a score to be taken to the detailed results on VirusTotal.
    procexp-vtuse-2

How It Works:

  • Creates a SHA256 hash of the file.
  • Submits to VirusTotal.
  • The hash of the process is then looked up in VirusTotal’s database, and the results are displayed in Process Explorer.

[Windows] Finding a string in a bunch of files, then processing each of those files

Posted by & filed under Programming, Server Admin.

I had a task where there were thousands of files in a folder. Some of them contained a specific string and needed to be processed.

A quick n dirty method is to use grep (or windows grep in this case www.wingrep.com/) to identify the files and generate a list of filenames in plaintext. Then using a quick batch for…loop to process the files from the command line… nice and simple.

Substitute [process] for your command. %A contains the filepath from grep. In my case I wanted to just delete the file so I just replaced [command] with del. Done!

TechNet Reference: technet.microsoft.com/en-us/library/bb49…

Windows ping.exe to csv script (ping2csv)

Posted by & filed under Programming.

Whipped up a quick vbscript to take the output of the ping.exe command and parse it out to a csv so it can be graphed. Behold the fruits of my labor (and my horrid latency issues with my wireless)

AutoHotkey — Toggling window transparency

Posted by & filed under Code Snippets, Software.

Everyone loves eyecandy! I was missing my transparent console windows, and found a nice way to have them again in Windows 7. It’s as simple as installing AutoHotkey and adding the below script. Let me explain…

Autohotkey has a method called WinSet that allows the manipulation of various GUI related settings. One of them being… you guessed it… transparency. Linki: www.autohotkey.com/docs/commands/WinSet….

An here is the AHK script. Once the script is added and reloaded, it is triggered with Alt+Shift+T.

I HATE WMI

Posted by & filed under Programming, WMI.

Trying to retrieve the wireless stats:

VB.Net Class:
Public Class clsWMI
Private objOS As ManagementObjectSearcher
Private objCS As ManagementObjectSearcher
Private objMgmt As ManagementObject
Private m_strComputerName As String
Private m_strManufacturer As String
Private m_StrModel As String
Private m_strOSName As String
Private m_strOSVersion As String
Private m_strSystemType As String
Private m_strTPM As String
Private m_strWindowsDir As String

Public Sub New()

objOS = New ManagementObjectSearcher("SELECT * FROM Win32_OperatingSystem")
objCS = New ManagementObjectSearcher("SELECT * FROM Win32_ComputerSystem")
For Each objMgmt In objOS.Get

m_strOSName = objMgmt("name").ToString()
m_strOSVersion = objMgmt("version").ToString()
m_strComputerName = objMgmt("csname").ToString()
m_strWindowsDir = objMgmt("windowsdirectory").ToString()
Next

For Each objMgmt In objCS.Get
m_strManufacturer = objMgmt("manufacturer").ToString()
m_StrModel = objMgmt("model").ToString()
m_strSystemType = objMgmt("systemtype").ToString
m_strTPM = objMgmt("totalphysicalmemory").ToString()
Next
End Sub

Public ReadOnly Property ComputerName()
Get
ComputerName = m_strComputerName
End Get

End Property
Public ReadOnly Property Manufacturer()
Get
Manufacturer = m_strManufacturer
End Get

End Property
Public ReadOnly Property Model()
Get
Model = m_StrModel
End Get

End Property
Public ReadOnly Property OsName()
Get
OsName = m_strOSName
End Get

End Property

Public ReadOnly Property OSVersion()
Get
OSVersion = m_strOSVersion
End Get

End Property
Public ReadOnly Property SystemType()
Get
SystemType = m_strSystemType
End Get

End Property
Public ReadOnly Property TotalPhysicalMemory()
Get
TotalPhysicalMemory = m_strTPM
End Get

End Property

Public ReadOnly Property WindowsDirectory()
Get
WindowsDirectory = m_strWindowsDir
End Get

End Property

End Class

And a way to invoke it:

Dim objWMI As New clsWMI()
With objWMI
Debug.WriteLine("Computer Name = " & .ComputerName)
Debug.WriteLine("Computer Manufacturer = " & .Manufacturer)
Debug.WriteLine("Computer Model = " & .Model)
Debug.WriteLine("OS Name = " & .OsName)
Debug.WriteLine("OS Version = " & .OSVersion)
Debug.WriteLine("System Type = " & .SystemType)
Debug.WriteLine("Total Physical Memory = " & .TotalPhysicalMemory)
Debug.WriteLine("Windows Directory = " & .WindowsDirectory)
End With

And my refrence link dump:

Managing Wireless Network Adaptors with Powershell and WMI

Posted by & filed under Powershell, Programming, Projects, TNSC, Windows.

I have been researching how to create a script that will display network status as well as allow the users to reconnect to the wireless network if needed.

PS C:\Windows\system32> Get-WmiObject -Namespace root\wmi -list | Where-Object { $_.Name -match "MSNdis_80211" }

NameSpace: ROOT\wmi

Name Methods Properties
---- ------- ----------
MSNdis_80211_ReceiveAntennaSelected {} {Active, InstanceName, Ndis80211ReceiveAntennaSelected}
MSNdis_80211_RTSThreshold {} {Active, InstanceName, Ndis80211RTSThreshold}
MSNdis_80211_AddWEP {} {Active, InstanceName, KeyIndex, KeyLength...}
MSNdis_80211_ConfigurationInfo {} {ATIMWindow, BeaconPeriod, ConfigLength, DSConfig...}
MSNdis_80211_ReloadDefaults {} {Active, InstanceName, Ndis80211ReloadDefaults}
MSNdis_80211_BssIdListScan {} {Active, InstanceName, UnusedParameter}
MSNdis_80211_InfrastructureMode {} {Active, InstanceName, Ndis80211InfrastructureMode}
MSNdis_80211_ConfigurationFH {} {DwellTime, FHLength, HopPattern, HopSet}
MSNdis_80211_BaseServiceSetIdent... {} {Active, InstanceName, Ndis80211MacAddress}
MSNdis_80211_ReceivedSignalStrength {} {Active, InstanceName, Ndis80211ReceivedSignalStrength}
MSNdis_80211_NetworkType {} {Ndis80211NetworkType}
MSNdis_80211_PrivacyFilter {} {Active, InstanceName, Ndis80211PrivacyFilter}
MSNdis_80211_TransmitPowerLevel {} {Active, InstanceName, Ndis80211TransmitPowerLevel}
MSNdis_80211_NetworkInfrastructure {} {Ndis80211NetworkInfrastructure}
MSNdis_80211_WLanBssId {} {Ndis80211Configuration, Ndis80211InfrastructureMode, Ndis8...
MSNdis_80211_NetworkTypesSupported {} {Active, InstanceName, Ndis80211NetworkTypes, NumberOfItems}
MSNdis_80211_NetworkTypeInUse {} {Active, InstanceName, Ndis80211NetworkTypeInUse}
MSNdis_80211_RemoveWEP {} {Active, InstanceName, Ndis80211KeyIndex}
MSNdis_80211_NumberOfAntennas {} {Active, InstanceName, Ndis80211NumberOfAntennas}
MSNdis_80211_AuthenticationMode {} {Active, InstanceName, Ndis80211AuthenticationMode}
MSNdis_80211_FragmentationThreshold {} {Active, InstanceName, Ndis80211FragmentationThreshold}
MSNdis_80211_Statistics {} {ACKFailureCount, Active, FailedCount, FCSErrorCount...}
MSNdis_80211_BSSIList {} {Active, InstanceName, Ndis80211BSSIList, NumberOfItems}
MSNdis_80211_WEPStatus {} {Active, InstanceName, Ndis80211WEPStatus}
MSNdis_80211_PowerMode {} {Active, InstanceName, Ndis80211PowerMode}
MSNdis_80211_Configuration {} {Active, InstanceName, Ndis80211Config}
MSNdis_80211_ServiceSetIdentifier {} {Active, InstanceName, Ndis80211SsId}
MSNdis_80211_TransmitAntennaSele... {} {Active, InstanceName, Ndis80211TransmitAntennaSelected}
MSNdis_80211_Disassociate {} {Active, InstanceName, UnusedParameter}
MSNdis_80211_DataRates {} {Active, InstanceName, Ndis80211DataRate}
MSNdis_80211_DesiredDataRates {} {Active, InstanceName, Ndis80211DesiredRate}
MSNdis_80211_ReceivedSignalStren... {} {Active, InstanceName, Ndis80211ReceivedSignalStrengthTrigger}

And also this snippet which will display the network adapters labeled as wireless:

PS C:\Windows\system32> Get-WmiObject -Class Win32_NetworkAdapter | Where-Object {$_.Name -like "*Wireless*"}

ServiceName :
MACAddress :
AdapterType :
DeviceID : 14
Name : Linksys Wireless-G USB Network Adapter
NetworkAddresses :
Speed :

Sources: www.powershellcommunity.org/Forums/tabid…
blogs.technet.com/b/heyscriptingguy/arch…

Wireless Network Scanner in Powershell: defaultset.blogspot.com/2010/04/powershe…

Configuring Wireless in Windows thru the Command Line

Posted by & filed under Networking, WiFi, Windows.

So using the netsh wlan command allows us to manipulate the various properties of a wireless connection. Other potentially cool stuff:

  • netsh wlan set tra yes – Enables wireless debug traces in %WINDIR%\tracing\wireless
  • netsh wlan
  • Creating/moving wireless profiles quickly
  • There is more, but this is prolly what I need to use when I write a app for a client to view wireless connection status.

    Source: www.windowsnetworking.com/articles_tutor…

Activating Server 2008 without MAK using KMS

Posted by & filed under Server Admin.

slmgr.vbs (Vista and Server 2008)Software Licensing Management Tool (C:\windows\system32\slmgr.vbs)
Syntax
slmgr [MachineName [Username Password]] [Option]
Key -dli Display the current license information with activation
status and partial product key.

-dlv Verbose, similar to -dli but with more information.

-dti Display Installation ID for offline activation

-ipk Key Enter a new product key supplied as xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

-xpr Show the expiry date of current license (if not permanently activated)

-upk Uninstall current installed product key and return license status back to trial state.

-ato Activate Windows license and product key against Microsoft’s server.

-atp Confirmation_ID Activate Windows with user-provided Confirmation ID

-skms activationservername
or
-skms port
or
-skms activationservername:port
Set the KMS server and the port used for KMS activation
(where supported by your Windows edition)

-rearm Reset the evaluation period/licensing status and activation state of the machine

-ckms Clear the name of KMS server used to default and port to default.

-cpky Clear product key from the registry (prevents disclosure attacks)

-ilc License_file Install license

-rilc Re-install system license files

machinename The machine to administer, by default the current local machine.

username An administrator equivalent user account for the computer.

password The password for the user account.
Running slmgr.vbs requires elevated administrator privileges.
Examples
C:\windows\system32\slmgr.vbs wkstn0064 administrator password1 -dli
slmgr.vbs -skms 192.168.10.1:8090
slmgr.vbs -skms KMSServer:8090
“One resolution I have made, and try always to keep, is this: To rise above little things” – John Burroughs

Fixing MS FTP Service from needing the domain prefix for user logins

Posted by & filed under Windows.

The MS FTP server by default requires a domain name prefixed on the username. We don’t want this for our FTP users:

1. Change to the %Systemroot%\Inetpub\Adminscripts directory.
2. Type the following:
Adsutil Set MSFTPSVC/DefaultLogonDomain “Domain Name”
Make sure when you type in the Domain Name that it is enclosed in quotation marks.
3. Stop and restart the FTP Service.

This applies to IIS 4 thru IIS7. FOr IIS7 I copied the adsutil.vbs form the inetpub/adminscripts folder on a IIS6 box.