Dave's Techytips

VB.Net code to control mouse movement and click

2011-06-10T10:07:00.000-07:00

VB.Net code to perform mouse movements and clicks.

Include references at the top of the class code file to Windows interface libraries:

    Public Declare Auto Function SetCursorPos Lib "User32.dll" (ByVal X As Integer, ByVal Y As Integer) As Integer
    Public Declare Auto Function GetCursorPos Lib "User32.dll" (ByRef lpPoint As Point) As Integer
    Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)

Some fixed constant values will be needed, so include these as basic names:

    Public Const MOUSEEVENTF_LEFTDOWN = &H2
    Public Const MOUSEEVENTF_LEFTUP = &H4
    Public Const MOUSEEVENTF_MIDDLEDOWN = &H20
    Public Const MOUSEEVENTF_MIDDLEUP = &H40
    Public Const MOUSEEVENTF_RIGHTDOWN = &H8
    Public Const MOUSEEVENTF_RIGHTUP = &H10
    Public Const MOUSEEVENTF_MOVE = &H1

This provides three types of capabilities to move the mouse pointer, determine the mouse pointer location and to perform click events.

Set the mouse position on the screen:

Dim X As Integer, Y As Integer
X = 428
Y = 256
SetCursorPos(X, Y)

Get the mouse position on the screen:

Dim lpPoint As Point
GetCursorPos(lpPoint)
X = lpPoint.X
Y = lpPoint.Y
System.Diagnostics.Debug.WriteLine(String.Format("X: {0}, Y: {1}", X, Y))  'output the current position to the debug window

Lastly, perform click operations, notice that a complete click is a "down" followed by "up" action, otherwise you're holding down the click button:

Call mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
Call mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)

I Don't Need No Stinking Antivius -- But Will You Please Get It?

2011-04-18T23:56:00.000-07:00

People often ask me what antivirus I use. The answer is that I don't use any AV. I typically know the metrics on what my programs are doing, so viruses aren't something I tend to get.

Don't get me wrong; there are a few times I've been exposed to malware, but I had put myself in a risky position and knew what to expect from it. Downloading music or alternative software are both prime examples of such situations. When viruses run amok throughout a computer system, it’s imperative to know how to seek and destroy the many tentacles with which it can take hold. It's actually kind of fun not only to kill, but to observe the hacking creativity (I have a small collection of well designed viruses).

There are some nasty programs out there. It’s important to act very quickly upon getting infected with a virus or malware because it could start transferring private files to the net almost immediately. To make matters worse, once a single piece of malware makes it through, it very often creates a backdoor that provides easy access for other hostile programs, and the scenario inevitably repeats itself. I've cleaned a few systems with literally 100+ virus processes running.

If you install Windows XP out of the box, you can get a virus by visiting a basic website and not even clicking on anything (trust me; I've even experienced it from my own website). To prevent most of the bad stuff, you should run Windows Update (or automatically enable to download) since the folks at Microsoft are pretty much on the forefront of security patches.

Should you come down with an unfortunate case of sporadic applications, browser pop-ups or some other malware, you need to be quick to disable the network adapter and kill the processes. On one occasion, I had to pull the plug on my system as a rouge process was maliciously wiping data files.

I take the care and tending of my system resources very personally and don't want my programs running amuck. I consider AV programs, like Norton, one of the worst offenders. That having been said, please take note that I am a power user and I oversee a farm of web and database servers for my local SEO company- I use hotkeys everywhere, I've created macros to do repetitive tasks and I program automation processes to accelerate and interoperate.

The problem with AV programs is that they operate by constantly scanning inputs & outputs of all your files and internet activity. This adds processing time and latency in just about everything you do. In most situations, this is may be a minor resource utilization and probably goes unnoticed by most users; nevertheless, it’s a burden I'm not inclined to accept. However, unless are prepared to a) avoid malware in the first place, and b) are capable of completely cleaning up something that may have slipped in, then I'd strongly recommend you use AV software.

About a month ago, I was (un)lucky enough to be part of the 0.02% of Google users affected with an outage. Accidents do happen, and antivirus software is like an insurance policy. In fact, if you get a virus on your system, it can often spread to your local and office networks. Nothing is worse than having your co-worker’s computer contaminate the network! So for the other 99.98% of internet users, I recommend you get a solution in place.

If I ever have an AV program installed on my system, I will disable all active monitoring of said program and enable it to perform detection only when I ask it to do so. I personally like to use Microsoft Defender and legacy versions of AdAware (before they went commercial), both of which I've linked on the side of my blog. A nice feature about periodically running AV programs is that they can scan and cleanse unnecessary objects, such as clear wasted registry pointers & marketing/tracking cookies.

Malware Prevention Tips:

Don't Click. Just Close It-- when you're prompted with something that you don't want, clicking on anything, even something that looks like "Cancel" or "No" might be a trick. Instead, hit the Escape button, Ctrl-W (a switch to shutdown a browser tab), or Alt-F4 (close application).
Keep Windows Patched -- visit http://www.WindowsUpdate.com if you’re not sure.
Use Google Chrome or Firefox – both are resilient, yet functional, browsers. Stay far away from Internet Exposer.

Dealing With Malware:

· Disconnect -- pull the network plug or shutdown your wi-fi. That tends to stop most popup based ads.

· Ctrl-Alt-Del -- Open Task Manager and look at the list of processes, sorted by CPU desc. Take note of oddly named processes that you don't see on other computers (call a nerdy friend and ask them to compare). Kill any suspicious ones. If they come back alive, you may need more professional help.

· Run AV -- hopefully you've contained the malware, now eradicate it with Microsoft Defender, AVS, AdAware or your $60 Fry's special software.

· (advanced) -- Seek and Destroy yourself by performing tricks such as: deleting or renaming the malware file, opening Regedit and searching for the process.

Google's Automated Search Query Capture

2010-04-12T09:46:00.000-07:00

It's known that Google takes preventative measures to reduce automated use of their search engine. In fact, Googles terms of service restrict the use of automated queries. Normally human users with real browsers will not be suspect of such use and thereby should not trigger firewall rules that detect queries that appear to be automated.

However I found myself in just that position. After running several varied queries, I came back to running the repeating a past query (through the browser drop down query history) and received the following:

HTML Source

Interesting to note is that the page response header is a 503 error code.

I suspect this was triggered by my complex query, retrieving multiple pages or results, and repeated usage in a short period. Google knowledge base on this topic suggests that users that have this problem may also have a virus or other spyware on their computer or another in the network.

DNS Settings for Linux

2010-02-17T16:45:00.000-08:00

File for client DNS resolution as well as the default domain search is: /etc/resolve.conf

Modify this file:
vi /etc/resolve.conf

to appear like:

search relevantads.com
nameserver 4.2.2.1
nameserver 4.2.2.4

No restart should be required.

You can replace the term "relevantads.com" with your local domain name. That will allow for pinging a machine without fully qualified domain name.

The nameserver records should ideally be provided by your ISP. The above 4.2... records are gold TLD's which may block abusive traffic.

Finding Googlebot IP Addresses In IIS Server Logs

2010-02-02T08:45:00.000-08:00

I’ve made a parser command to find all references of GoogleBot (case insensitive) in our server logs, extract their source IP addresses, and summarize the hit count. To do this in Windows with your IIS logs files, you will need to have Gnu CoreUtili tools.

First try this from command prompt, type in:

grep -i "GoogleBot" c:\temp\logs\*.log | grep " / " | more

You should get an output of text log records, each containing a GoogleBot request.

Notice:

· My log files are located in c:\temp\logs

· I’m looking for requests to the root (“ / “); optional

Next, extract the column containing the requestors IP address; in my log file, it is column number 9:

grep -i "GoogleBot" c:\temp\logs\*.log | grep " / " | cut -f 9 -d " “

Lastly, sort, summarize and store the results to a local file:

grep -i "GoogleBot" c:\temp\logs\*.log | grep " / " | cut -f 9 -d " “ | sort | uniq –c > c:\temp\googlebot-class-c.txt

Note: It’s possible/probably that some of the request headers are fabricated and not actually coming from Google.

How to Test a Website Through Command Prompt

2010-01-29T08:40:00.000-08:00

The information that is exchanged through our internet browsers travels over standard communication protocols. Most of these protocols are compatible with basic keystrokes (ASCII) characters and can be accessed in their raw format through a few keystrokes in command prompt.

1) Prepare a notepad window with the HTTP request codes that you want to run;


GET / HTTP/1.1
Host: www.google.com

2) Copy the commands to the clipboard;
3) Open command prompt and telnet;

telnet www.google.com 80

4) Paste the HTTP code by right-clicking; then hit enter a couple times;

Note that you will get a blank screen (unless you have full duplex connection) and will not see the keystrokes that you enter.

At this point you will see a stream of text fill the screen. You should be able to scroll back in the command prompt window; you may need to change the command prompt properties to scroll all the way back.

Reference

Debug Browser Requests

Your browser will pass many headers in each request it makes. In the past, we used to have to run HTTP monitoring tools to see what the browser was doing, but now Firefox has a great add-on called Live HTTP Headers that makes it much easier.

Protocols

There are several protocols that can be used in telnet, here is a list of ones I have used:

Service	Standard Port
HTTP (websites)	80
SMTP (email sending)	25
FTP (file transfer)	21
POP3 (fetch messages)	110
IMAP (email server)	143

Other online HTTP testing tools

Pingdom is great as it shows time to first/last byte
Uptrends - several geographical sources to test from.
Site-perf
LinkVendor

Windows 7 God Mode

2010-01-11T17:53:00.001-08:00

Godmode in windows 7 lets you have a single place to configure most windows settings:

Make a folder called: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Or from cmd (command prompt) run:


cd \
mkdir "GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}"

Astricon 2009 - Open Source Maximus

2009-10-14T15:33:00.000-07:00

I'm at Astricon 2009, the Asterisk Development conference. Asterisk is an internet based, free phone system. Quite an interesting crowd of open source developers, solution providers, VOIP resellers, and hardware manufacturers; about 500 persons in total.

Chris DiBona of Google gave the keynote this morning and focused on Open Source. He pointed out that the majority of time that Google is interested in a technology company that they fund/support the company to get to a stable build and then make it available to the entire Open Source community. There are somewhere around 32 billion lines of open source code; a code base that will outgrow and out-maneuver most proprietary software applications. Ironically Google does not use Asterisks; Google Voice is a proprietary application that is specifically works of off Google's core servers; which Asterisk will not. So much for embracing open source!

I've been hanging out in the Coders Zone most of the day. The breadmaker and soda's are keeping the me and the developers here happy. Half the people here seem to either work for Digium (the inventor of Asterisk) or are a reseller of Digium. Although I've been a customer of Digiums; they are too big these days to care for the little guy; nevertheless, in my quest to find a phone system consultant they referred me to Leif, a fellow that literally wrote the book on Asterisks, and hopefully he can build our custom solutions.

The exhibit hall has shown a few phone system solutions of interest:

Presenceco.com - a whole customer service platform (really sweet/complete system)
VICIdial.com - call center management system
Loquendo.com - text to speech solutions
Braxtel.com - contact center people
LumenVox.com - Speech-to-text provider

All-in-all; It's been a successful days quest here in Glendale, AZ.

Asterisk: Identify and Hanging Up a Call

2009-09-11T12:02:00.000-07:00

When using an Asterisk with a SIP client like X-Lite; sometimes a disruption in the X-Lite client may occur, but Asterisks keeps the call active. If you're paying by the minute, this can be an expensive annoyance.

Identify if Asterisk is still on the line by running the command:
core show channels


pbx*CLI> core show channels
Channel              Location             State   Application(Data)
Zap/16-1             (None)               Up      Bridged Call(SIP/7118-b6b1c5d8
SIP/7118-b6b1c5d8    s@macro-dialout-trun Up      Dial(ZAP/g0/48###71268|300|tT)
Zap/13-1             (None)               Up      Bridged Call(SIP/7112-b6b0d0f8
SIP/7112-b6b0d0f8    s@macro-dialout-trun Up      Dial(ZAP/g0/8884588762|300|tT)
Zap/7-1              (None)               Up      Bridged Call(SIP/7103-b6e0dc68
SIP/7103-b6e0dc68    s@macro-dialout-trun Up      Dial(ZAP/g0/60###77511|300|tT)
Zap/11-1             (None)               Up      Bridged Call(SIP/7114-b6b2b8b0
SIP/7114-b6b2b8b0    s@macro-dialout-trun Up      Dial(ZAP/g0/61###02929|300|tT)
Zap/6-1              (None)               Up      Bridged Call(SIP/7104-b6efd110
SIP/7104-b6efd110    s@macro-dialout-trun Up      Dial(ZAP/g0/50###8698|300|tT)
Zap/1-1              (None)               Up      Bridged Call(IAX2/freepbx-3125
IAX2/freepbx-3125    s@macro-dialout-trun Up      Dial(ZAP/g0/80###75414|300|tT)
Zap/2-1              (None)               Up      Bridged Call(SIP/7113-b67f3ed8
SIP/7113-b67f3ed8    s@macro-dialout-trun Up      Dial(ZAP/g0/41###16000|300|tT)
Zap/10-1             (None)               Up      Bridged Call(SIP/7106-b67241a0
SIP/7106-b67241a0    s@macro-dialout-trun Up      Dial(ZAP/g0/95###26252|300|tT)
Zap/4-1              (None)               Up      Bridged Call(SIP/310-b607b0d0)
SIP/310-b607b0d0     s@macro-dialout-trun Up      Dial(ZAP/g0/3083446400|300|tT)
SIP/323-08806ba8     (None)               Up      Bridged Call(Local/317@from-in
Local/317@from-inter s@macro-dial:7       Up      Dial(SIP/323|22|trTM(auto-blkv
Local/317@from-inter 1001@from-internal:1 Up      Bridged Call(Zap/9-1)
Zap/9-1              1001@ext-queues:20   Up      Queue(1001|t||custom/RelevantA
Zap/5-1              33BBACE092CA83BA9E39 Up      MeetMe(33BBACE092CA83BA9E39E8C
Zap/pseudo-331706926 s@from-zaptel:1      Rsrvd   (None)

In the above, I determined that the MeetMe call was our stale conference call session. You then, hangup a line, with the command:
soft hangup Zap/5-1

Killing Excessive Blocking Transactions in SQL

2009-03-25T12:10:00.000-07:00

I recently made a small error in a SQL Server parsing function that caused an endless loop. Unfortunately SQL doesn't escalate an error and will allow these transactions to go on endlessly.

I quickly realized the error and attempted to correct the SQL function. However since there were users stuck in this endless loop, my ALTER FUNCTION transaction was being blocked.

KILLing individual SPIDs didn't work since I could not keep up with the number of backup of user requests.

To circumvent this, I ran a process to KILL all queries blocking my SPID:


declare @bCont bit, @i int, @s varchar(100)
set @bCont = 1

while @bCont = 1
Begin
 select @i = blocked
 from    master..sysprocesses
 where    spid = 113

 if isnull(@i , 0) <> 0
   BEGIN
     set @bCont = 1
print @s
     SET @s = 'kill ' + convert(varchar(12), @i)
     exec (@s)
waitfor delay '00:00:00.05'
   END
 else
   SET @bcont = 0
end

ASP.net Session Error remedy

2008-10-01T00:16:00.000-07:00

Has your SQL server restarted lately; well if you're ASP.net application is reporting errors like these it might need some reconfigurations:

SELECT permission was denied on the object 'ASPStateTempSessions', database 'tempdb', schema 'dbo'.
INSERT permission was denied on the object 'ASPStateTempSessions', database 'tempdb', schema 'dbo'.
UPDATE permission was denied on the object 'ASPStateTempSessions', database 'tempdb', schema 'dbo'.

The cause of this is that your ASP.net application uses SQLServer session storage. This is generally a good design pattern; the SQLServer session storage allows you to have multiple webserver and thereby scale your infrastructure. SQLSession is one of three possible session storage method and is defined in the web.config with a directive like:

<sessionstate mode="SQLServer" timeout="1440" sqlconnectionstring="Data Source=RelevantYellow.sql.relevantads.com;User ID=WebSession;Password=password" cookieless="false"></sessionstate>

However it relies upon a temporary database in SQL server. Each time the server is rebooted, the entire database is recreated along with the access permissions. Your database server is doing its rightful job of blocking non-administrative accounts from doing things without authorization.

Solution
Instant Fix. Grant permissions to you WebSession database user to tempdb. Simply make it a db_owner. This is okay, however, you'll need to repeat the step each time the server is restarted.

USE [tempdb]
GO
EXEC sp_addrolemember 'db_owner', 'WebSession'

Temporary Relief.
Grant sysadmin privledges to the WebSession account:

EXEC master..sp_addsrvrolemember @loginame = 'WebSession', @rolename = 'sysadmin'

However granting such copious rights to this account is dangerous. Should you web application be compromised, hacked or be exposed, you could be caught with your shorts down.

Best Solution
Instead of relying on tempdb, the session data can be stored in permanent tables. Install the SQL script:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallSqlState.sql

Alternatively, from the command prompt, run:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe -ssadd -E -sstype p

Hyperlink behavior - forcing popup window

2008-09-22T14:32:00.000-07:00

"I'm clicking the link, but nothing happens"

Many websites use popup hyperlinks. While that has been fine in the past, with the advent of tabbed browsers, hyperlink popup windows will not behave as predictable as they once did. Furthermore, since users may have several websites open, it adds to the possibility that another site is using the same windows entitled "new".

The problem is that the hyperlink uses the directive target="new" to cause the popup window. Subsequent clicks to that hyperlink will cause the new windows to be refreshed. Microsoft Windows will bring that Internet Explorer to focus or cause it to flash until clicked. However, with tabbed browsing only newly opened tabs will come into focus. So when a user clicks on an already opened tab, it will not be flashing or be focused on.

If the web experience intent is to guarantee that the user will be shown the hyperlink in a popup form; instead use target="_blank". However if you want the end-user to use a single browser window, use the "new" declaration of another name.

Example:

Target Link Test	Experience
new	Subsequent clicks does not yield new popups.
_blank	Each click gives its own popup.

Note that "_new" is treated the same as "new".

Blocking brute force administrator account attack via FTP

2008-06-17T01:03:00.000-07:00

Dissection of the ASP SQL Injection Outbreak

2008-05-12T20:06:00.000-07:00

Several website owners this past week, including the United Nations and the UK Government, were left with a compromised database after being hit with the notorious SQL injection bug. This is a flaw in which a basic ASP webpage can run malicious script on a SQL server.

The mass attack hit a number of website that were ASP driven and supported querystring paramters for database lookup. Webpages can allow for dynamic retrieval of information based upon querystring parameters; however if programmed in a basic manner, it might allow for a malicious script to be run.

Here is a basic example of a page that is vulnerable:

Page: BadCode.asp
Dim myVar myVar = Request("input") ... objComm.CommandText = "Select * from myTable where ID=" & myVar objRS.Open objComm.Execute ...

In the normal situation, this will query the database for the specified record. However if the value of input is passed in as a malicious script, it could be run by the SQL server and run amok! Lets have a look...

Example SQL ASP Malicious Script

Given our BadPage.asp example, consider what the following HTTP request would do:
http://samplesite/BadCode.asp?input=555;EXECUTE("MALICIOUS SCRIPT")

In the mass attacks we've seen from China (IP=222.91.65.191) in the past week, the actual querystring script was encoded into hexadecimal so that it was interpreted by SQL, but not munged by ASP.

***REMOVED PER GOOGLE EDITORIAL GUIDELINES***

Here is the script as interpreted by SQL:


***REMOVED PER GOOGLE EDITORIAL GUIDELINES***

The outcome of this executing the SQL command would result in modifying all the text content in the entire database. The text content would direct your website users to download malware to their desktops.

Identifying Websites Vulnerable To SQL/ASP Bug

A basic query for ASP pages to Google can be performed to identify potential sites with the flaw.
Combine this script with a mass crawler to identify the querystring parameters, then hit the pages in mass coordination worldwide; pretty cleaver stuff indeed... The actual purpose of this latest infection from China was even more impressive as it ran a javascript to end-user coming to the website. That javascript contained several other fun forms of malware; which fortunately my browser decided to pass on...

SQL Injection Fix

There is no patch that prevents this flaw. A fully patched, secure and locked down server can be susceptible to this problem. It is only eliminated with good coding practices. I recommend exclusively using stored procedures to gain access to the database; in that way you tightly control all access levels and can avoid the pitfalls of rouge or poor programmers and basic exploits.

In short, don't allow uncontrolled, dynamic SQL statements to be run from the web application.

Lanier cannot connect to Windows 2003 Domain Folder share

2008-04-03T15:23:00.000-07:00

This is likely due to a secure channel connection being requested by the server. Lanier 232c and Lanier 122; connect through SMB network file sharing. They do not support secure connection.

In the Group Policy Editor, Select Security Settings\Local Policies\Security Options, details pane, locate and Disable:
Microsoft network server: Digitally sign communications (always).
Microsoft Network Server: Digitally Sign Communicates (If Client Agrees).
Domain member: Digitally encrypt or sign secure channel data (always).
To apply the Group Policy change immediately either, (1) restart the domain controller; (2) open a command prompt, and type:
gpupdate

If you change these setting and still have a problem, check the following settings. 1. Open the Default Domain Controllers Policy to edit the properties.

1. Under Computer Configuration, expand Windows Settings\Security Settings\Local Policies\Security Options.
2. In the details pane, locate and
Microsoft network server: Digitally sign communications (always)
Domain member: Digitally encrypt or sign secure channel data (always)
To apply the Group Policy change immediately either, (1) restart the domain controller; (2) open a command prompt, and type:
gpupdate

ASP.Net Remote Debugging & Local Host Alias

2008-03-30T06:13:00.000-07:00

Visual Studio Error: "Unable to start debugging unknown user name or bad password"

Here is an even better solution than using locolhost with some bugus port. There was a security change in SP1 for Windows 2003 that prevents debugging on anything but localhost. There's an obscure KB article about it here:

http://support.microsoft.com/?kbid=896861

The fix is simple:

1.	Click Start, click Run, type regedit, and then click OK.
2.	In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.	Right-click Lsa, point to New, and then click DWORD Value.
4.	Type DisableLoopbackCheck, and then press ENTER.
5.	Right-click DisableLoopbackCheck, and then click Modify.
6.	In the Value data box, type 1, and then click OK.

(reboot may be necessary)

If the other computer is truly remote, it will be necessary to define debugging permissions on that machine:
Click Start, click Microsoft Visual Studio 2005, point to Visual Studio Tools, and then click Visual Studio 2005 Remote Debugger Configuration Wizard.

Also configure in Administrative Tools: "Local Security Policy" / "User Rights Assignment". The policy "Debug Programs" should be granted to your User.

Obtaining HTTPcmd : Command line utilities

2008-03-27T23:56:00.001-07:00

Windows 2000 Resource kit has a tool call httpcmd to perform GET operation.
Microsoft offers no downloads for this tool of the Windows 2000 ResKit. The Window 2003 Res Kit does not contain that command; instead obtain the IIS 6 Resource Kit.

Down from here.
Use the tool tinyget:

tinyget -srv:raweb01 -uri:http://relevantads.com -d

Also use the tool wfetch to perform detailed HTTP requests and response anaylsis.

Disable Road Runner domain advertising landing page

2008-03-17T21:13:00.000-07:00

Recently Road Runner began advertising to its users advertisements in the way of web landing pages. When Road Runner detects an invalid domain (or DNS error) it will redirect the browser to a web site with a mixture of ads and search results served by Yahoo.

Some users are even complaining that Road Runner is redirecting valid domains to this landing page such as www.google.com!

Fortunately, Road Runner does provide a way to disable this default DNS service. On the bottom of the landing page is a link to service settings http://ww23.rr.com/prefs.php.

From here, simply disable the entire service. This may take a few minutes to take effect and it will affect every computer in your local network. The settings are tied to your Cable modems MAC address. You can revisit the settings page to modify the values should you ever want that.

"Search for word or phrase in a file" - Windows flaw

2007-12-31T17:03:00.000-08:00

Microsofts MSN property is far behind in online search; taking a far 3rd position. To further demonstrate how far behind Microsoft is in Search, they're own OS fails to adequately search documents.

When performing a search for "A word or phrase in a file", the feature has had several flaws. A big issue is that Windows outright ignores files is doesn't recognize. So unless you're looking for a simple Office document, you're out of luck.

There is a work-around, but it takes considerable steps, here are two potential methods:

a)

1.	Click Start, and then click Search (or point to Search, and then click For Files or Folders).
2.	Click Change preferences, and then click With Indexing Service (for faster local searches).
3.	Click Change Indexing Service Settings (Advanced). Note that you do not have to turn on the Index service.
4.	On the toolbar, click Show/Hide Console Tree.
5.	In the left pane, right-click Indexing Service on Local Machine, and then click Properties.
6.	On the Generation tab, click to select the Index files with unknown extensions check box, and then click OK.
7.	Close the Indexing Service console.

or B)
Set the FilterFilesWithUnknownExtensions DWORD value to 1 in the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex

ASP file searching STILL fails

Even beyond that, Windows may need explicit instructions to search specific file types. In order to change that behavior, the default handler of a specific file type needs to be set:


HKEY_CLASSES_ROOT\.asp\PersistentHandler

to {Default} REGSZ value of:

{5E941D80-BF96-11CD-B579-08002B30BFEB}

Note that a reboot will be needed after this step.

Moving a SQL Server Database

2007-12-31T02:11:00.001-08:00

Should your SQL server need to be decommission, it will be necessary to move the databases.

Two method: backup or detach.
Backing up requires an intermediate BAK file, so I prefer the detach method.

1) Shrink the datafile. You can truncate the log by:

    BACKUP LOG dbname WITH TRUNCATE_ONLY

2) Then use the GUI to shrink the log file, or if you know the log file name use: dbcc shrinkfile (file_name)
3) Detach

 sp_detach_db 'dbname'

4) Copy the database to the new server
5) On the new server attach the database:

 sp_attach_db 'dbname','D:\Sqldata\mydbdata.mdf','L:\Sqllog\mydblog.ldf'

6) Repair/fix SQL logins. If new server already has the same named logins, use the below command:

 EXEC sp_change_users_login 'auto_fix', ''

To compliment step 6, you can determine which logins need repair by running a discrepancy check:


select 'EXEC sp_change_users_login ''auto_fix'', ''' + name + ''''
from sysusers su
where hasdbAccess = 1
and  not exists ( SELECT 1 FROM master..syslogins sl WHERE su.sid = sl.sid )

Help and Support and System Information fail to start

2007-08-12T23:09:00.000-07:00

A system issue with the Windows applications System Information and Help and Support won't start. (The application processes are msinfo32.exe & helpctr.exe)

The System Information was likely corrupted by an unexpected termination, malware, spyware, virus or the like. It can be recovered by reinstalling System Information and Help and Support services.

Restore Help and Support and System Information by perform the following in command prompt:

net stop helpsvc
cd /d %windir%\pchealth\helpctr\binaries
start /w helpsvc /svchost netsvcs /regserver /install
start /w helpsvc /register

System Information and Help and Support should run correctly now.
Also see: Restoring Windows Original Files

Restoring Windows Original Files

2007-08-12T20:17:00.000-07:00

Before running this, you might first try to retsore Windows Help and Support and System Information.

To restore Windows files to the original state run the Windows System File Checker (sfc.exe), with the command:
sfc /scannow

You'll need to run it from the Windows native console, so if you are in Remote Desktop, use the console switch:
%SystemRoot%\system32\mstsc.exe -console

The program will need the original Windows CD. To use a different source directory, i.e. you have a copy of the windows CD in a local folder, change the registry key at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Named: SourcePath

For detailed information on using this tool see here.

Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)

2007-08-12T16:59:00.001-07:00

Windows Networking Firewall failure Error

Upon trying to open and configure the Windows built-in Firewall, you receive the error:
"Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)"

Cause is due to settings left in by "Routing and Remote Access" service. Even if the service is stopped, Windows will still report this error because the network card bindings are still being held by RRAS.

Disable RRAS by opening the MMC for it and "Disable Remote Access and Routing". This can also be found by Right-clicking "My Computer", opening the Service and Application node.

By Disabling RRAS in this way, the network protocol interface bindings are removed allowing for the Windows Firewall and Connection Sharing service to take over.

Windows Computer Alias for sharing

2007-08-09T00:29:00.001-07:00

Windows natively supports NFS shares through the URI \\server-name \\ip.add.ress. Often though, you want to give the computer a different alias for example:
\\dev.relevantads.com
Or multiple aliases:
\\vss.relevantads.com, \\corp-file-server, \\Printer-Stations, etc.

Typically you would accomplish this you by changing the NetBIOS name to "dev", but instead, you can specifically define the aliases though the registry key:
HKEY_Local_Machine\System\CurrentControlSet\Services\LanmanServer\Parameters
Add Value: OptionalNames REG_SZ String: "Alias"
Make it a type REG_MULTI_SZ to support multiple aliases.

Moreover, you can support all aliases; i.e. tell Windows to accept any share request that comes to its IP. This is the registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters

    Data Type: DWORD

    Value Name: DisableStrictNameChecking

Value: 1

A reboot is necessary (or possibly just restarting the Server | Workstation service) to allow the changes to take effect.

Lastly:
Don't forget that you'll also need File & Printer sharing enable, Firewall off or an exception for File sharing, and that the alias name must resolve either through DNS or a custom HOSTS declaration.

Computer Browser is stopping and won't start

2007-08-09T00:27:00.000-07:00

Upon tying to start the Computer Browser, it immediately returns:
"computer browser service on local computer started and then stopped"

Try:

1) In the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList

2) Change MaintainServerList to either Auto or Yes.

Task Manager, CMD, Regedit Virus

2007-07-15T18:22:00.000-07:00

Once every 6 months or so, I do get a virus. I came across this one from Limewire.

Symptoms: regedit, cmd & task manager lost! "in use by another program"

After using Ad-Aware and Microsoft Defender, my system was reported as clean; only clearing out some cookies.

Several sites report the problem: Cannot open task manager; task manager fails, regedit and cmd same issue.

The virus takes hold of these application pointers, fortunately I use an application as a replacement for command prompt so I was able to source the issue.

Resolution:
Two files need to renamed/deleted:
b.exe (in Windows root folder) and svchost.exe located in Startup. The virus uses a trusted name (svchost.exe) but puts the file in the Startup folder.

Background:
I don't use any memory resident virus prevention software. I rarely come across malware, however when looking for a software crack, questionable software, or the like. In this case, I downloaded something from Limewire. Many of the listings on Limewire these days are viruses and such, so you do need to be careful. I believe the software operates as a Limewire distributor for the virus itself. I cannot find anything it does beyond redistribution of itself.

Remove Acrobat Toolbar Plugin From Outlook and Office

2006-06-20T12:24:00.000-07:00

After installing Acrobat Reader or Professional, a toolbar surfaces in Microsoft Office applications. It wouldn't be so bad except that even when you select to remove the Plugin, it comes right back after the office application restarts. Worse yet, the toolbar puts itself on a new line each time, reducing the usable window size.

Since I rarely use this toolbar and would rather open Acrobat explicitly to use the print, email, or save as PDF features, I got rid of the toolbar. Adobe doesn't make this easy, forcing the toolbar to always be visible, unfortunately you have to modify the windows registry. Warning, don't casually modify the windows registry; since it effectivley controls Windows and most applications.

1. Begin by closing the office applications.
2. Then click start, Run, and type: regedit
3. Browse to the below registry keys and delete each one.

Note that HKEY_LOCAL_MACHINE is referenced as HKLM in regedit.

Outlook

HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat\PDFMaker\7.0\Outlook\AttachAsPDF
Value Name: OutlVisible

HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat\PDFMaker\7.0\Outlook\EmailToPDF
Value Name: OutlVisible

Excel

HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\Excel\Addins\PDFMaker.OfficeAddin Value
Value Name: LoadBehavior

Word

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddin
Value Name: LoadBehavior

Acrobat Reader is Slow to Open

2006-06-20T10:28:00.000-07:00

When Adobe starts, the application scan its plugin folder. Each API file that is here is loaded into the application, taking additional load time and much more memory. You can safely prevent Adobe from using these. The developers and product managers at Adobe stuffed several goodies which most end-users rarely use. I recommend getting rid of most of these with the exception of Searching & Form entry.

DWTips posted this, but I found the steps slightly different, here is what I recommend::

Close Adobe if it is open.
Browse to the folder C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins
Create a new folder named Optional
Move all files (.api files) to Optional, except EWH32.api, Search.api and AcroForm.api.

Now Adobe should starts much quicker.

Cannot run an application: Windows cannot access the specified device, path or file.

2006-05-10T10:04:00.000-07:00

This error was most frustrating when trying to help people remotely. After giving them the files through IM (MSN Messenger) however they are unable to run the install application I give them. This is apparently a built in protection from XP or IM.

The file has an attribute which prevents Windows from executing it.

Right click on the executable and choose "Properties" and look to the bottom of the "General" tab. Click the "Unblock" button provided. Now you should be able to run the application.

svchost.exe Hangs and Automatic Update hangs

2006-04-28T12:32:00.000-07:00

Here is a Windows problem which had me spun for a few hours on two occasions.

Symptoms Overview:
The system is slow and svchost.exe is taking 50%+ CPU (or 100% CPU on a non-HT machine).
Windows update (http://windowsupdate.microsoft.com/) hangs .
See below for detailed diagnoses.

Cause:
A previous Windows Update was prematurely terminated. Windows Update is attempting to failing to recover the session and the partial downloads. It is stuck in a loop in the recovery and determining where to continue the downloads.

Solution:

Stop and terminate the Automatic Updates (svchost.exe) process.
Delete all files and folders in C:\Windows\SoftwareDistribution). Windows Update will automatically obtain all the files it needs later.
Start the "Automatic Update" service.
Retrieve the latest Windows Updates from Microsoft.

You should no longer have the CPU usage problem with svchost.exe.

Detailed diagnoses - Confirming the symptoms
1) Turn off Automatic Updates and BITS. Do this from Control Panel, Administrative Tools, Services. Find "Automatic Updates" and "Background Intelligent Transfer Service", right-click and Stop these two services.
2) If stopping the service takes a long time and eventually fails you have a problem with the Windows Update.

Terminating svchost.exe
Terminate the svchost.exe process which is slowing your system.
Steps:
a) Hitting Ctrl-Alt-Delete, select Task Manager.
b) Click on the "Processes" tab and sort the processes by name by clicking the "Image Name" column header.
c) Select the line which Find the svchost.exe process which has a non 0 value (i.e it is taking up CPU ticks), and then click "End Task".

Your CPU usage should be back to normal at this point.

Environment:
I've only encountered this on Windows 2003 server, but it could potentially exist with any version of windows since its actually a flaw with Automatic Updates.