The “SERVER” and “WORKSTATION” services


Why are they named so??

The file and printer sharing service in Windows is called the “SERVER” service but every other server service has a name which explains what it serves, like DNS Service or the DHCP service then why does the file and printer sharing service call itself as just SERVER as if it were an all encompassing service and all the other server based services are dependent on it? Although other services are not dependent on it but it’s name gives that illusion. Here’s the actual reason……….

In the olden days when Microsoft started writing network software there was just one thing that the OSs served – File and Printer Sharing. So, any server meant file and printer sharing server and hence the name was given to the service which provided it. Over the years nobody bothered to change the name and it just remained that way. That also explains the name “WORKSTATION” given to the client service for file and print server.

Posted in IT Infrastructure | Tagged , , | Leave a comment

Hiding Folders with Access Based Enumeration (ABE)


Invisible Folders

We have a heavily used Windows File Server which acts as the only way to share files within a department and with other departments in the corporate head office. The folders are all secure with NTFS permissions wherein every user is authorized to access the folders which he/she needs to but would be greeted with an “Access Denied” message if the user tried to access any other folder. Pretty good security by any standards but we started facing a peculiar problem which was not related to technology at all. Some users started requesting rights for folders which they had no business to access, we have a proper authorization policy in place which says that the HOD of a particular department needs to authorize a person wanting to access any folder belonging to that department. But still such requests led to sticky situations when very senior people in the organization requested such rights as it was difficult to tell them to follow the proper process when it’s more than clear that they don’t want to go the proper way. This led to a thought that if users couldn’t see the folders which they had no access to then they won’t ask for it and this problem could be minimized if not eliminated completely. It sounded very cool but I had never heard about any particular way to do it in Windows although I knew that the novell guys could do it with their OS.

That’s when ABE came to the rescue which was released with Microsoft Windows Server 2003 SP1. ABE is a feature of the SERVER service, the windows service that provides file and printer sharing. It works by modifying a feature of the server service called “enumeration”, which basically means how the server service answers the question, “What files and folders exist in  a given share?” Windows Explorer does the same thing when you open a folder. That flashlight which shines for a second sometimes when you open a share is the way explorer entertains you while it enumerates the folder contents.

ABE only works on Windows Server 2003 SP1 and higher, it’s not enabled by default and needs another small program to be turned ON or OFF. To be able to see a file/folder when ABE is turned ON, a user will need at least READ permissions on it. ABE works on both files and folders but only when accessed through a share, when someone directly logs on to the computer ABE has no affect on what the user is able to see.  Even through a share all files/folders, irrespective of their NTFS permissions, will be visible to anobody who is a member of the administrator’s group on the server hosting the share. This means, if you are an administrator, everything will be visible to you even if you don’t have even READ rights on some or any of the files/folders. This can be particularly tricky while you are testing the affects of ABE after enabling it, you might believe that ABE is not working because you can still see all the files/folders.  The tool used to enable/disable ABE is called abeui.msi and is downloadable from microsoft.com, it’s installation is pretty simple and once installed you can turn ABE ON or OFF for all shares or only some particular shares. Although you can do the same during the installation as well when the following dialog box is presented to you.

A new tab is added to the properties dialog box, of every share on the server on which ABEUI is installed, by the name “Access-Based Enumeration” as shown in the image given below.

  

Checking the first check box enables ABE for that particular share and checking the next one enables ABE for all the shares on that particular server. There is also a CLI for doing the same but since I’m not a big CLI fan, I have never tried that out myself. The installation of ABEUI is necessary even to get the CLI for ABE.

In Windows Server 2008, ABE comes pre-installed and pre-enabled. You can however, disable it for some or all shares if you need to.

If nothing then at least enabling ABE on your shares will reduce the temptation of your users to play internal hacker. And yes I enabled ABE on my File Server and it resulted in reduction of the problem that it was intended to reduce but then as luck would have it, the management decided to give at least READ access of all the folders on the file server to every user in the office 😉

Posted in IT Infrastructure | Tagged , , , , | Leave a comment

Windows 7 Supports RAID1


Disk Mirroring for Desktops, umm interesting!!

I just found out that Windows 7 Supports RAID 1 or Disk Mirroring as it’s commonly known as. It’s the first MS Client OS to support RAID1. For me it’s interesting to see RAID for desktops as untill recently it was something so niche that it was only available for servers. It’s amusing how niche tech becomes common place so fast.

Posted in IT Infrastructure | Tagged , , , , | 2 Comments

Notebook Entry: Leftover of Conficker/Downadup/Kido Worm


Another Leftover Story

Talking about virus leftovers – I recently noticed a leftover of the Conficker worm which is used by the virus to reinfect the systems, they are scheduled tasks on windows systems. I have only noticed them on Server OSs, they are named like ‘At’ and then any random numbers, usually starting with 1 like At1, At2……….At15, At4098 etc. As files they are named as At1.job…..At4753.job etc. as .job is the extension for secheduled tasks.

These tasks are used to run the infected dlls at a particular hour in a day, so, if a server has got 10 such jobs then it means that an attempt to resurrect the kido virus is made 10 times a day. These jobs try to run dlls followed by some random characters, one example would be “rundll32.exe ecaosp.hwo,cpmjb”.

Our antivirus (Kaspersky) doesn’t detect them – mainly because they are not viruses themselves but just a tool to re-enable the virus. Mcafee does detect them and cleans them up. The manual cleanup process for these jobs is well documented at http://support.microsoft.com/kb/962007 . If a system is infected with conficker the jobs are said to reappear after a few hours upon manual deletion but I didn’t see this behaviour on my servers may be because the servers were all cleaned up and only the jobs remained as  –     the leftovers.

Posted in IT Infrastructure | Tagged , , , , , , | 1 Comment

No “Folder Options” under the ‘Tools’ menu


No “Folder Options” under the ‘Tools’ menu – The common leftover after a virus infection

The “Folder Options” from the ‘Tools’ menu of the windows explorer disappears mainly due to a virus infection. Brontok has been seen as the main culprit behind this apart from many other viruses which do this. Apart from removing the folder options such viruses also disable booting into safe mode.

There are many tools available which have a cure to these problems or at least claim to have a cure, like the RRT Tool etc. but in my experience there isn’t any single tool which works every time and on all PCs. Also, this problem may seem to be trivial for a seasoned administrator but in a large and complex environment it can really cause some pain.

Sometime back, after successfully tackling another zero day attack (have faced three so far), I found that the virus in question (later named as sality.z) has had the same affects on the infected PCs i.e; no folder options, no safe boot etc. which didn’t go away even though the computers were now completely disinfected. This time I didn’t want to use any random (read ‘unreliable’) tool as a workaround because the affected PCs were in geographically disparate locations and I wanted something 100% reliable and something which could be pushed centrally to all the infected PCs.

That’s when my good friend Mr. Murali Murugesan suggested using the Kido Killer tool from Kaspersky. Murali handles Kaspersky support in India. My current organization is the largest client (in terms of number of licenses) of Kaspersky in India. I have to say that this is the most reliable tool, I have ever used for this very common problem. Kido is the name given by Kaspersky to the now famous conficker/downadup virus. The main job for this tool, which is updated frequently, is to fight the kido/conficker/downadup virus but by using some of the available command line switches, one can easily use it as the most potent tool against the “No Folder Options” problem.

This tool can be found here for download.

After downloading the zip file, extract the contents (kk.exe file) to a folder, if that folder is stored in D:\Kido then open the command prompt and type “D:\kido\kk.exe –x –a –j –y” without the double quotes and press enter. If you are not able to open the command prompt, you can create a batch file (type the same command as above in a notepad and save it with .bat extension instead of the usual .txt extension) and run it on your PC. The tool runs, scans for the kido virus, re-enables the lost settings in the registry and then disappears. Folder Options and safe boot should be back after a quick reboot.

However, I used an automated way of doing the same (I’m an automation freak, you know) by pushing the kk.exe file with the said command line switches to the infected PCs through Kaspersky’s administration console. You can do the same by using any piece of software which can remotely execute files and takes command line switches as an option or you could use theKaspersky administration kitas that is also free to use.

Here’s the complete list of command line switches which can be used with Kido Killer

-p <Scan path> – scan a defined folder
-f – scan hard disks
-n – scan network disks
-r – scan flash drives, scan removable hard disks connected via USB and Fire Wire
-y – end program without pressing any key
-s – silent mode (without a black window)
-l <file_name> – write info into a log
-v – extended log maintenance (the switch -v works only if the -l switch is entered in the command prompt)
-j – restore the registry branch SafeBoot (if the registry branch is deleted, computer cannot boot in safe mode)
-z – restore the services 

  • Background Intelligent Transfer Service (BITS), 
  • Windows Automatic Update Service (wuauserv),
  • Error Reporting Service (ERSvc/WerSvc)
  • Windows Defender (WinDefend),
  • Windows Security Center Service (wscsvc).

-t – registry clean up from the services that remain after removing the network worm using Kaspersky Lab’s       products.
-x – restore display of hidden system files
-m – monitoring mode to protect the system from getting infected
-a – disable auto start from all drives

 

Please do share your experiences with the kk.exe tool by commenting on this blog post.

 

Posted in IT Infrastructure | Tagged , , , , , , , , , | Leave a comment

Windows 7 lifts Microsoft


Windows 7 takes Microsoft to cloud 9

The last sentence of my previous blog (windows 7) said that Windows 7 is Microsoft’s best desktop OS to date and I have been proved right by Microsoft’s latest financial results. Microsoft has sold more than 60 million copies of Windows 7 till date and not only did Microsoft pull in nearly $19 billion with an impressive net income of nearly $7 billion, but sales rose 60 percent compared to a year ago.

This is Microsoft’s best quarter ever – All because of the fantastic Windows 7!!

Last night Mr. Steve Ballmer called me to join Microsoft’s Product Approval Panel but before we could finish our conversation – damn……. I woke up!! 😉

Posted in IT Infrastructure | Tagged , , , | Leave a comment

Windows 7


On October 22 Microsoft will launch it’s next version of Windows, Windows 7

(Originally posted at my previous blog address on 07 September 2009)

I have been running the RC (Release Candidate) version on my laptop since the day it was released and I’m delighted with it’s performance. If I had to give an opinion it will be – Windows 7 is Windows Vista 2.0

The obvious comparison with vista is because of several reasons. First, Windows users had by now got into a habit of expecting an entirely new and better user interface with each new release of Windows since Windows XP offered a hugely improved GUI than Windows 2000 Professional or Windows 98 and Windows Vista took it to the next level. But with Windows 7 you don’t get that, in fact, one can’t even differentiate between Windows 7 and Windows Vista by just looking at the GUI the way you could in case of XP or Vista from their previous versions. Secondly, Windows 7 doesn’t have any significant feature improvements when compared to Vista. In fact, it is clearly visible that Microsoft has not developed a new operating system but has rather tried to take out all the negatives of vista and make it much more useful.

You may be thinking that I’m making self contradictory statements, first I said that I’m happy with Windows 7 and then I’m telling you that it isn’t too different from Vista, which was not liked by a lot of people. Well, I would again like to say that Windows 7 is fantastic but it does not have the novelty factor that was there with XP and Vista. When I first used Windows XP, it felt like the 21st century had finally arrived. Windows Vista made me feel like I have time travelled and i’m using a computer in the 22nd century. But, Windows 7 didn’t take me to the 23rd century. So, people expecting a hugely differently GUI and many new exciting features may get disappointed by Windows 7, that’s why I told you in the very beginning that it’s not too different from vista. Actually, Windows 7 is vista done right.

Now, let’s dive into the new features that Windows 7 offers, I have been stressing on GUI changes till now although many people believe that GUI changes are nothing better than eye candy but in my opinion the GUI of an client operating system is as important as the features it offers. Too many changes in the GUI can cause a steep learning curve and too little don’t make it all that different from the previous version. Windows XP UI enhancements was one of the key reasons for it’s widespread adoption. Windows 7 also has it’s share of UI enhancements, the new taskbar features enlarged icons with no text on a translucent surface. One can say that the quick launch bar has been merged with task bar as it includes both running as well as non running applications. You can pin an item to the taskbar to make it easily accessible. When an application is running, the icon gets a subtle border. When you hover the mouse over a running application’s icon, a group of thumbnail images representing each open instance of that application appears, If you then move the mouse over one of those thumbnail images, that instance of the application is displayed on the desktop, even if it’s minimized. Another new feature in the taskbar is Jump Lists. Right-clicking a taskbar icon displays a list of the recently used documents.

AeroSnap is also a cool desktop feature. When you drag a window to the left edge of your display and another window to the right edge, AeroSnap automatically aligns and resizes the Windows so that they each fill half the screen. This feature is handy for comparing documents and directories.  AeroShake is another cool feature, when you move a non maximized window left-right in a shaking manner all the other open Windows on the desktop get minimized. Inspite of being too similar to vista, Windows 7 is Microsoft’s best UI to date.

Windows 7 has a lot additional enhancements beyond the new UI improvements. For better manageability, Windows 7 includes the new PowerShell 2.0 release. Windows 7 ships with about 20 troubleshooting packs which are essentially powershell scripts that identify and resolve problems. You can access and run the troubleshooting packs through the troubleshooting applet in the Windows 7 control panel. Windows 7 has a number of new enterprise-oriented network enhancements. Two of the new features, BranchCache and DirectAccess, work in conjunction with Windows Server 2008 R2. When BranchCache is enabled, remote users’ requests for files stored on a Server 2008 R2 machine are routed to locally cached copies of the files. This local caching can significantly improve file-access performance. Server 2008 R2 tracks file changes and makes sure that all clients access the most current files. BranchCache supports Server Message Block (SMB), HTTP, and HTTP Secure (HTTPS) file access. Remote users don’t need to be on the same subnet. DirectAccess provides an alternative to VPNs for remote access. DirectAccess enables organizations to provide secure remote connectivity for mobile workers without the use of key fobs or SecurID tokens. To use this feature, you need a DirectAccess server running Server 2008 R2. The server must have two network cards—one for Internet traffic and one for internal connectivity. In addition, DirectAccess requires IPsec and IPv6. DirectAccess can work together with Server 2008 Network Access Protection (NAP) to ensure that only secured clients with the required patching levels and malware protection are allowed to access network resources.

One of the best improvements to Windows 7 is UAC. Widely reviled in Vista, UAC was a great example of a good idea gone wrong. UAC’s overly enthusiastic prompting caused many users (myself included) to disable UAC entirely. However, disabling UAC also removes the protection it affords. When UAC is disabled, Protected Mode IE is disabled because UAC is the protection for the Win32 directory as well as file and registry virtualization. UAC in Windows 7 is a much more livable experience. Prompting is much less frequent and the level of prompting is configurable. UAC is one tool you can use to secure a desktop but it’s not the only one. AppLocker lets you create policies that explicitly control the applications and executables (e.g., .exe files, scripts, DLLs) that can be installed or run on a desktop. Its allow rules limit the execution of applications to whitelisted applications, blocking all others. Its deny rules permit the execution of all applications, except those that are blacklisted. AppLocker lets you create allow or deny exceptions for specific applications. It uses digital signatures to identify applications and executables, which gives you granular control down to the version level. For instance, you can set up AppLocker to allow only Adobe Reader 10.0 or later to be executed. AppLocker rules can be applied to specific users or groups in an organization. AppLocker, which only comes with Windows 7 Enterprise Edition, can be managed across the enterprise with Group Policy.

Introduced with Vista, BitLocker is a great security technology for laptops and other unsecured physical systems. It lets you encrypt your hard drives, thereby securing your data in case your laptop is stolen or lost. Using BitLocker is easier in Windows 7. You no longer have to perform the manual drive partitioning that Vista requires. Windows 7 BitLocker automatically creates and hides a 200MB partition on your boot drive. You can enable BitLocker by simply right-clicking your drive in Computer and selecting Turn on BitLocker from the context menu. Windows 7 extends BitLocker’s drive encryption capability to USB flash drives using a new feature called BitLocker ToGo. To access the contents of USB drives encrypted with BitLocker ToGo, you need to supply a password or pin. Just think about how many of these USB drives you have (and how many you’ve lost) and you’ll know what an important technology this is.

Feature-wise Windows 7 is a major release, and there are more features than I can cover here. Some of the other important features in Windows 7 include:

  • Action Center. The new Action Center provides a central place to view and respond to system alerts.
  • Problem Step Recorder. This feature lets end users record a series of screen shots to document a problem.
  • Windows Recovery Environment. Windows RE, which is installed by default, is used to recover from system failures.
  • Boot from VHD. In Windows 7, you can mount a Virtual Hard Disk (VHD) just like a drive and can even boot from it. Each VHD is like a hard drive with a primary partition. Boot from VHD is useful for setting up multi-boot environments.
  • Mobile Broadband. Windows 7 includes enhanced Mobile Broadband support. It now supports plug and play (PnP) for 3G cards and third-party connection managers.
  • Location-aware printing. Location-aware printing enables laptops to select the best configured printer based on the system’s location.

Now, let’s talk about performance. As I said earlier, I’m delighted with Windows 7’s performance. My laptop has just got 1 GB of RAM and runs on a 1.86 GHz CPU, I used to run Vista earlier and was not particularly happy with it’s performance but Windows 7 has been performing very well, in fact I may not go back to vista now even after the RC version expires next year. One can see significant differences in the time taken to boot up & shut down. The performance enhancements can be best seen while the system is waking up from sleep mode, it’s a snap, the fastest I have seen for any version of Windows. The applications also run faster than Vista and if one app crashes, it doesn’t bring the entire system down. System errors are handled gracefully and I’m yet to see the blue screen of death with Windows 7.

Windows 7 delivers an excellent desktop experience. Its UI is much richer than XP’s UI. The usability and performance is much better in Windows 7 than in Vista. For enterprise customers, features such as BitLocker, BitLocker ToGo, PowerShell 2.0, Troubleshooting Packs, Problem Step Recorder and Windows RE make Windows 7 Microsoft’s best desktop OS to date.

Posted in IT Infrastructure | Tagged , , , , | 1 Comment

Internet Explorer 8


Going beyond page loads is what Microsoft’s brand new browser, Internet Explorer 8, does

(Originally posted at my previous blog address on 26 March 2009)

It’s about getting things done in an faster, easier and safer manner. The idea is very novel but if one comes to think of it, that is what actually matters when you browse the web. It hardly matters whether you can open a webpage in 1 second or 1.2 seconds, what matters is whether you can complete the task for which you opened the web page within a shorter duration of time or not. For example, you are browsing the web for some info which you need to send to your boss and as always your boss needs it URGENTLY. On a regular browser you would open your favorite search engine and type away the key words, look at the various links displayed, dive into a couple of them and then copy the relevant info from some page, open your email on another page or tab, click on compose mail and then paste the info to send it to your boss. Can you cut down on these steps?? with IE 8 you can and you can with a lot of ease. Where IE 8 helps is from the moment you highlight the relevant text for copying, instead of right clicking the selected text to click on copy you can straight away click on a link which says something like send with yahoo mail and before you blink you have a tab opened with yahoo mail on which the compose mail link is already open and the selected text already in the email body. Just type in your boss’s email id and click on send. These things are rightly called “accelerators” in IE 8. This saves a lot more time than faster page loads…………. doesn’t it?? Actually it is not only faster, it’s also easier.

 That doesn’t mean that Internet Explorer 8 doesn’t load pages fast. It does and it does it at some speed. Microsoft had done some benchmarking tests before releasing IE8. It was based on loading the world’s 25 most visited websites and IE 8 beat it’s competition (firefox and chrome) by miles. The funny thing in those tests was firefox loaded microsoft.com faster than IE 8 and IE 8 loaded Google faster than anybody else, including google’s very own chrome. So, IE 8 is faster in both the conventional and non conventional ways. It can also save you money in a way by cutting down on your online time if you pay per minute for accessing the internet.

To elaborate further on ease of use let’s take my own example; “what’s hot” is a section on msn India’s home page. It has the right blend of top news stories from politics, sports, movies, fashion etc. most news bits here are of interest to me. So, I wanted to have a look in every time the news bits were updated and the only way to do it was to add it as a home page. I already had my live spaces page as the home page but then one can have more than one home page with internet explorer 7 and it will open them in different tabs but I personally found it a bit annoying. IE 8 has come to my rescue, now I continue to have my live spaces page as the ONLY home page and I have added the “what’s hot” section as a “webslice” on my browser’s toolbar. The webslice gets highlighted whenever the section is updated on msn and I can have a look in whenever I want no matter which website I’m browsing. One can add other useful stuff too like eBay bids etc.

Most web navigation is about taking you somewhere you have already been, the developers of IE 8 knew this well, when you start typing on the address bar you get recommendations based on your history, favorites and feeds you have subscribed to and mind you this feature is much more useful practically than what it sounds to be.

It’s not that other browsers have never done anything innovative. Google’s chrome came out with a feature called incognito mode, which allowed you to surf the web without any of your personal info including what websites you visited being recorded. This was pretty cool and now we have it in IE 8 too known more intuitively as “in private browsing”. The simplest of things like naming new features can also affect it’s widespread adoption. I never knew what the word incognito meant before I got to hear about this nifty feature from chrome. This can lead to limited usage of the feature by users who may have not heard about it and the name given to it doesn’t make it so intuitive. The developers might come up with a great new feature and call it something which sounds like straight out of a sci fi movie but that very name can make it less widely used. Hence, it’s one thing to be innovative and quite another to convert it into a successful product feature. All features need to be intuitively named to make them easily discoverable.  An average user is more likely to explore something named “in private browsing” than something called incognito mode. Moving on, one of the coolest things to have happened to browsers is tabbed browsing, which was first introduced by netcaptor in 1998 and more popularly by opera and firefox later on. Internet Explorer was the last to adopt it in 2006 but IE added something to it which added tremendously to it’s usefulness. It was being able to open an new tab in just one click something which firefox still lacks, in firefox you need to open a new tab by first going to the File menu and then clicking on ‘new tab’. This is again something very obvious that users should be able to complete most tasks through a minimum number of clicks but browsers like firefox still lack it. According to me, this is because products from smaller organizations lack the background research which is required to develop a truly world class product. Making a product user friendly and more so to make it beat it’s well placed competitors requires a lot of solid research done across it’s user base which is most of the time across the globe. Smaller organizations cannot match up to much larger ones in this and hence the difference can be seen in their products.

Now let’s dive into the hot realm of online security. Most people carry out their financial transactions online. I have myself NEVER been to my bank branch plus I have not signed a bank cheque since ages. All my banking and other financial transactions are done online. This means I need a very secure browser to be able to do so and I have never trusted anything other than Internet Explorer. Now, IE 8 takes online security to a whole new level, several features have been either added or tweaked. “Domain highlighting” makes it easier to detect phishing websites by highlighting the domain part of the URL in the address bar. The good old phishing filter has been rechristened as “smart screen filter” with better capabilities and additional features like warning about dangerous downloads whenever you are about to download something which is suspicious.

All in all it’s is a whole new paradigm for judging browser performance as I perceive there would be a limit to the conventional page loading benchmark, being able to complete your work faster, more easily and safely makes much more sense. With IE 8 Microsoft has shown it’s class and has risen well above it’s competitors who are still busy with the fastest page load rat race. Microsoft thought not just one step but miles ahead. It addressed the actual crux and didn’t go after the superficial gloss.

So, as the line goes in Microsoft videos about IE 8, start putting the web at your service, today!!

Posted in IT Infrastructure | Tagged , , , , | Leave a comment