Monthly Archives: June 2013

User Account Control (UAC)

User Account Control (UAC) is a security component that allows an administrator to enter credentials during a non-administrator’s user session to perform occasional administrative tasks.

Tasks that require administrator privileges will trigger a UAC prompt.The following tasks require administrator privileges.
Running an Application as an Administrator
Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
Installing and uninstalling applications
Installing device drivers
Installing ActiveX controls
Changing settings for Windows Firewall
Changing UAC settings
Configuring Windows Update
Adding or removing user accounts
Changing a user’s account type
Configuring Parental Controls
Running Task Scheduler
Restoring backed-up system files
Viewing or changing another user’s folders and files
Running Disk Defragmenter

In Windows 2008

1. Click Start, and then click Control Panel.

2. In Control Panel, click User Accounts.

3. In the User Accounts window, click User Accounts.

4. In the User Accounts tasks window, click Turn User Account Control on or off.

5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.

6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.

7. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window.

Here is the Microsoft Office Article: http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx

In Windows 2008 R2 or Windows 7

Using GUI:  Follow below steps or in windows explorer bar just type “Control Panel\User Accounts\User Accounts” & press enter – it will take you there. Even in Windows 7 old Vista command works “UserAccountControlSettings.exe“

Also can use belowcommands

run > sedpol.msc > security settings > local policies > security options > Useraccount control
run MSCONFIG and go to the Tools tab > change uac settings
Type UAC  in search bar

 

Port query a command line utility

Portqry.exe is a command-line utility that can use to help troubleshoot TCP/IP connectivity issues. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.

THis reports the status of a TCP/IP port .PortQry version 2.0 features

Listening
A process is listening on the port on the computer that you selected. Portqry.exe received a response from the port.

Not Listening
No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) “Destination Unreachable – Port Unreachable” message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set.

Filtered
The port on the computer that you selected is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times, and UDP ports are queried one time before a report indicates that the port is filtered.

portqry -n domain.com -p tcp -e 25 ;which means resolve “domain.com” to an IP address and then queries TCP port 25 on the corresponding host

portqry -n myserver -p udp -e 389 ; response from the LDAP server to the user.

portqry -n myserver -p udp -e 135 ;his query returns (dumps) all the end points that are currently registered with the RPC endpoint mapper.

portqry -n 127.0.0.1 -e 161 -p udp -cn !secure123! ;determine whether SNMP port 161 is listening specific community name rather than a default community name public (-cn),

The following command tries to resolve “169.254.0.11” to a host name and then queries TCP ports 143,110, and 25 (in that order) on the host that you selected. This command also creates a log file (Portqry.log) that contains a log of the command that you ran and its output.
portqry -n 169.254.0.11 -p tcp -o 143,110,25 -l portqry.log

The following command tries to resolve my_server to an IP address and then queries the specified range of UDP ports (135-139) in sequential order on the corresponding host. This command also creates a log file (my_server.txt) that contains a log of the command that you ran and its output.
portqry -n my_server -p udp -r 135:139 -l my_server.txt

portqry -n 192.168.1.20 -e 1434 -p udp ; queries UDP port 1434 to query all the SQL Server named instances that are running on a SQL Server

portqry -n myproxy-server -p udp -e 1745; queries ISA server port 1745 to communicate with Winsock proxy clients and with firewall clients.

Command line mode:

portqry -n name_to_query [-p protocol] [-e || -r || -o endpoint(s)] [-q]
[-l logfile] [-sp source_port] [-sl] [-cn SNMP community name]

Command line mode options explained:
-n [name_to_query] IP address or name of system to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] single port to query (valid range: 1-65535)
-r [end point range] range of ports to query (start:end)
-o [end point order] range of ports to query in an order (x,y,z)
-l [logfile] name of text log file to create
-y overwrites existing text log file without prompting
-sp initial source port to use for query
-sl ‘slow link delay’ waits longer for UDP replies from remote systems
-nr by-passes default IP address-to-name resolution
ignored unless an IP address is specified after -n
-cn specifies SNMP community name for query
ignored unless querying an SNMP port
must be delimited with !
-q ‘quiet’ operation runs with no output
returns 0 if port is listening
returns 1 if port is not listening
returns 2 if port is listening or filtered

Notes:  PortQry runs on Windows 2000 and later systems
Defaults: TCP, port 80, no log file, slow link delay off
Hit Ctrl-c to terminate prematurely

examples:
portqry -n myserver.com -e 25
portqry -n 10.0.0.1 -e 53 -p UDP -i
portqry -n host1.dev.reskit.com -r 21:445
portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53
portqry -n host2 -cn !my community name! -e 161 -p udp

downloadables
command tools can be download from http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en

And UI can be download from
http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe

Refferences:http://support.microsoft.com/kb/832919

Windows 2008 R2 AD Recycle Bin

This is a new feature in windows 2008 R2

Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers(The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline).

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

For example, An account accidently deleted and having back up before made any group memberships of user accounts can’t restored by Authoritative restore.From here we can restored user accounts automatically regain all group memberships and corresponding access rights that they within and across domains.After that the object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are lost and goes to new container called recycled object and can even restore using autoritive back up then finally deletes physcically from database.

objects——–deleted——recycled——–physically deleted

To enable AD recycle bin using LDP.exe
Start > run > ldp.exe > connect and bind the server
Click view > tree >in Base DN,select configuration directory partition
In console tree, double click distingished name of configuration directory partition  and navigate to CN=partition container
right click CN=partition container > distiguished name > modify and make sure DN box empty
edit attribute > type EnableOptionalFeature and in values type
CN=Partiotions,Cn=configuration,DC=mydomain,Dc=com:766ddcd8-acd0-445e-f3b9-a7f9b6744f2a

Noe:766ddcd8-acd0-445e-f3b9-a7f9b6744f2a is AD Recycle bin GUID

%d bloggers like this: