What a pain! but this works. Add references to:
using System.ServiceModel.Channels;
using System.Net;
.....
Then this will get the client's IP address from the incoming message header on your IIS hosted WCF Web Service and resolve to the host:
string ComputerName = "NOTFOUND";
try
{
var remp = OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
string[] computer_name = Dns.GetHostEntry(remp.Address).HostName.Split(new Char[] { '.' });
ComputerName = computer_name[0].ToString();
}
catch (Exception e)
{
ComputerName = "NOTFOUND";
}
Monday, December 6, 2010
Tuesday, November 9, 2010
Updating cached credentials
Updating cached credentials for full time work at home users...
I have a client that uses a VPN client and does not allow users to logon from the Windows logon screen, rather they have to already be logged in using cached credentials and then launch the VPN client and authenticate...
Now this poses a significant issue deploying applications via SCCM based on a user's groups for those users who are full time work at home or road warriors, as the user's windows security token, that stores the SIDs for all their groups, never gets updated through an interactive domain logon...
thus far the only solution I've found is... write a utility that prompts for the user's current password and then launch a new process / thread with those credentials just like runas.exe. This then updates the cached credentials... force the user to logoff and logon and voila the token has the new groups...
I have a client that uses a VPN client and does not allow users to logon from the Windows logon screen, rather they have to already be logged in using cached credentials and then launch the VPN client and authenticate...
Now this poses a significant issue deploying applications via SCCM based on a user's groups for those users who are full time work at home or road warriors, as the user's windows security token, that stores the SIDs for all their groups, never gets updated through an interactive domain logon...
thus far the only solution I've found is... write a utility that prompts for the user's current password and then launch a new process / thread with those credentials just like runas.exe. This then updates the cached credentials... force the user to logoff and logon and voila the token has the new groups...
Sunday, August 29, 2010
Migrate DHCP from 2003 to 2008
The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another. The information below details the necessary steps.
Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data.
Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.
Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration - Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the "access is denied" error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.
Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data.
Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.
Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration - Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the "access is denied" error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.
Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
Thursday, August 19, 2010
Useful Windows Shortcuts - reposted
Control Panel shortcuts. & Start Run commands
Note: Not all commands work on all systems (ie Xp Vista)
To get to Control Panel directly:
Start->Run-> Control
Accessibility access.cpl
Add/Remove Programs appwiz.cpl
Console console.cpl
Date and Time timedate.cpl
Display desk.cpl
Fax fax.cpl
Hardware Wizard hdwwiz.cpl
Infrared Port irprops.cpl
International and Regional intl.cpl
Internet Settings inetcpl.cpl
Joystick joy.cpl
Licensing liccpa.cpl
Mouse and Keyboard main.cpl
Mail mlcfg32.cpl
Sound & Multimedia mmsys.cpl
Modem & Phone modem.cpl
Network and connectivity ncpa.cpl
Network and Dial-up Connectivity netcpl.cpl
Netware Client nwc.cpl
ODBC odbccp32.cpl
PC Card devapps.cpl
Ports ports.cpl
Power Management powercfg.cpl
Scanner & Camera sticpl.cpl
Server Management srvmgr.cpl
Speech Properties sapi.cpl
System sysdm.cpl
Telephony telephon.cpl
TweakUI tweakui.cpl
User Manager nusrmgr.cpl
WSP Client wspcpl32.cpl
Using "Control"
You may also change to a specific tab in a Control Panel Applet
As an example:
This will open System Restore tab in System Properties
control mmsys.cpl,,4
This will open the Advanced tab in System Properties
control sysdm.cpl,,3
This will just open System Properties:
control sysdm.cpl
Using Shell options
Where these files live in registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
and then search for rundll32.exe in the run command
This is quite good at helping finding exact un-install strings for instance
---------------------------------------------------
Control Panel
module: CONTROL.EXE
command: rundll32.exe shell32.dll,Control_RunDLL
result: displays all the Control Panel icons in an Explorer view
---------------------------------------------------
Accessibility Properties
module: ACCESS.CPL
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,5
result: displays the Accessibility General properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1
result: displays the Accessibility Keyboard properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,2
result: displays the Accessibility Sound properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,3
result: displays the Accessibility Display properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,4
result: displays the Accessibility Mouse properties
---------------------------------------------------------
Add New Hardware Wizard
module: hdwwiz.cpl
command: rundll32.exe shell32.dll,Control_RunDLL hdwwiz.cpl @1
result: runs the Add New Hardware wizard
---------------------------------------------------
Add New Printer Wizard
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinter
result: runs the Add New Printer wizard
---------------------------------------------------
Add/Remove Programs Property Page
module: APPWIZ.CPL
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,1
result: displays the Install/Uninstall tab selected
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2
result: displays the Windows Setup tab selected
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,3
result: displays the Startup Disk tab selected
---------------------------------------------------
Briefcase
module: SYNCUI.DLL
command: rundll32.exe syncui.dll,Briefcase_Create
result: Creates a new Briefcase on the desktop
---------------------------------------------------
Copy Disk Dialog
module: DISKCOPY.DLL
command: rundll32.exe diskcopy.dll,DiskCopyRunDll
result: displays the Copy Disk dialog for removable media
---------------------------------------------------
Create New Shortcut
module: APPWIZ.CPL
command: rundll32.exe apwiz.cpl,NewLinkHere %1
result: Displays the Create New Shortcut dialog. Completing the filename in the dialog creates a shortcut at the location specified by %1
---------------------------------------------------
Date & Time Properties
module: TIMEDATE.CPL
command: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0
result: displays Set Date & Time properties tab
command: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1
result: displays the Time Zone properties tab
---------------------------------------------------
Dial Up Networking (DUN)
module: RNAUI.DLL
command: rundll32.exe rnaui.dll,RnaDial {name of connection to establish}
result: displays the Connect To dialog for the passed connection. If connected, displays the connection status dialog.
command: rundll32.exe rnaui.dll,RnaWizard
result: displays the Dial Up Networking Connection Wizard
MORE:
;Launch a specific Connectiod
;Win 95/98
Run("rundll32.exe"," rnaui.dll,RnaDial {Connectiod}")
*OR*
;Win NT/2000/XP
Run("rasdial.exe","Connectiod")
---------------------------------------------------
Display Options (Standard Windows Display Property Page*)
module: DESK.CPL
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
result: displays the Background tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1
result: displays the Screen Saver tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2
result: displays the Appearance tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3
result: displays the Settings tab selected
comments: Note: Your video adapter may install other property pages into DESK.CPL dynamically when selected with its own icon (i.e an ATI or Matrox control panel icon).
Additionally, it also may invoke its own control panel applet mimicking the Windows display options.
---------------------------------------------------
FindFast
module: FINDFAST.CPL
command: rundll32.exe shell32.dll,Control_RunDLL findfast.cpl
result: displays the Office FindFast control
panel applet (if installed)
---------------------------------------------------
Fonts
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolder
result: displays the Fonts Folder in Explorer view
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
result: Also displays the Fonts Folder in Explorer view
---------------------------------------------------
Format Drive Dialog (floppy disk only)
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHFormatDrive
result: displays the floppy disk Format Drive dialog.
Causes the Drive A to be accessed on showing.
---------------------------------------------------
Game Controllers
module: JOY.CPL
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,0
result: displays the Game Controllers General property page
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,1
result: displays the Game Controllers Advanced property page
---------------------------------------------------
HTML
module: MSHTML.DLL
command: rundll32.exe mshtml.dll,PrintHTML (HTML doc to print)
result: sends the passed file to the printer
Internet Explorer Control Panel
module: INETCPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl
result: displays Internet Properties, General Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
result: displays Internet Properties, General Tab (same as above)
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,1
result: displays Internet Properties, Security Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,2
result: displays Internet Properties, Content Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,3
result: displays the Internet Control Panel, Connection Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,4
result: displays the Internet Control Panel, Programs Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,5
result: displays the Internet Control Panel, Advanced Tab
---------------------------------------------------
Joystick Properties (also see Games)
module: JOY.CPL
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl
result: displays the Joystick property page
---------------------------------------------------
Mail and Fax Options
module: MLCFG32.CPL
command: rundll32.exe shell32.dll,Control_RunDLL mlcfg32.cpl
result: displays the Microsoft Exchange Profiles general property page
---------------------------------------------------
Mail Postoffice Options
module: WGPOCPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL wgpocpl.cpl
result: displays the Microsoft Postoffice Workgroup Admin property page
---------------------------------------------------
Main Group Options/Properties
module: MAIN.CPL
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @0
result: displays Mouse Properties
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1
result: displays Keyboard Properties, Speed tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,1
result: displays Keyboard Properties, Language tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,2
result: displays Keyboard Properties, General tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2
result: displays the Printers Folder (including Add Printer)
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
result: displays the Fonts Folder in Explorer view
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @4
result: displays Power Management Properties
---------------------------------------------------
Modem
module: MODEM.CPL
command: rundll32.exe shell32.dll,Control_RunDLL modem.cpl,,add
result: Runs the Add New Modem wizard
---------------------------------------------------
Multimedia & Sound Properties
module: MMSYS.CPL
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0
result: displays the Multimedia/Audio property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,1
result: displays the Multimedia/Video property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,2
result: displays the Multimedia/MIDI property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,3
result: displays the Multimedia/CD Music property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,4
result: displays the Multimedia/Advanced property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl @1
result: displays the Sound Properties page
---------------------------------------------------
Network Properties
module: NCPA.CPL
command: RUNDLL32 SHELL32.DLL,Control_RunDLL NCPA.CPL
result: displays the Networks properties, Configuration tab
---------------------------------------------------
ODBC32 Data Source Administrator
module: ODBCCP32.CPL
command: rundll32.exe shell32.dll,Control_RunDLL odbccp32.cpl
result: displays the ODBC32 Data Source Administrator
properties dialog
---------------------------------------------------
Open With
module: SHELL32.DLL
command: rundll32.exe shell32.dll,OpenAs_RunDLL {drive:\path\filename}
result: displays the application/file "Open With" dialog
result: passing the full file drive, path and name as a parameter will cause the dialog to display the line "Click the program you want to use to open the file '{filename}'".
---------------------------------------------------
Passwords Properties
module: PASSWORD.CPL
command: rundll32.exe shell32.dll,Control_RunDLL password.cpl
result: displays the Passwords properties, Change Passwords tab
---------------------------------------------------
Power Management Properties
module: POWERCFG.CPL
command: rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl
result: displays the Power Management properties, Power Schemes tab
---------------------------------------------------
Printer
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder
result: displays the Printers Folder (including Add Printer)
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2
result: Also displays the Printers Folder (including Add Printer)
Regional Settings
module: INTL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,0
result: displays the Regional Settings property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,1
result: displays the Numbers property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,2
result: displays the Currency property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,3
result: displays the Time property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,4
result: displays the Date property page
---------------------------------------------------
Screen Saver Installation
module: APPWIZ.CPL
command: rundll32.exe desk.cpl,InstallScreenSaver c:\windows\system32\sspipes.scr
result: Installs the new screen saver and runs the display/screen saver preview property page
---------------------------------------------------
System Properties
module: SYSDM.CPL
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,0
result: displays the General property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,1
result: displays the Device Manager property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,2
result: displays the Hardware Profiles property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,3
result: displays the Performance property page
---------------------------------------------------
Shutdown
module: USER.EXE
command: rundll32.exe user.exe,restartwindows
result: forces Windows to perform a proper shutdown,
and restart the computer
command: rundll32.exe user.exe,exitwindows
result: forces Windows to shutdown, and wait either
to be turned off, or reset
---------------------------------------------------
Taskbar and Start Menu Properties
module: n/a
command: "rundll32.exe" shell32.dll,Options_RunDLL 1
result: displays Taskbar and Start Menu Properties
---------------------------------------------------
Telephony Properties
module: TELEPHON.CPL
command: rundll32.exe shell32.dll,Control_RunDLL telephon.cpl users
result: displays the Dialing Properties dialog
---------------------------------------------------
Themes
module: THEMES.CPL
command: rundll32.exe shell32.dll,Control_RunDLL themes.cpl
result: displays the Themes control panel app (if installed)
---------------------------------------------------
TweakUI
module: TWEAKUI.CPL
command: rundll32.exe shell32.dll,Control_RunDLL tweakui.cpl
result: displays the TweakUI control panel applet (if installed)
---------------------------------------------------
Users Properties (Win98)
module: INTECPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl users
result: displays the Multi-User Settings properties dialog
(MS Family Networking Login)
---------------------------------------------------
Wireless Wizard
command: rundll32.exe shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
result: runs the Wireless Wizard
Some MSC Shortcuts (just thought I'd throw in)
compmgmt.msc Computer management
devmgmt.msc Device manager
diskmgmt.msc Disk management
dfrg.msc Disk defrag
eventvwr.msc Event viewer
eventvwr.exe \\computername View the Event Log at a remote computer
fsmgmt.msc Shared folders
gpedit.msc Group policies
lusrmgr.msc Local users and groups
perfmon.msc Performance monitor
rsop.msc Resultant set of policies
secpol.msc Local security settings
services.msc Various Services
Enviromentals:
%ALLUSERSPROFILE% C:\Documents and Settings\All Users
%APPDATA% C:\Documents and Settings\username\Application Data
%CLIENTNAME% Console
%CommonProgramFiles% C:\Program Files\Common Files
%COMPUTERNAME% computername
%ComSpec% C:\WINDOWS\system32\cmd.exe
%HOMEDRIVE% C:
%HOMEPATH% \Documents and Settings\username
%ProgramFiles% C:\Program Files
%SESSIONNAME% Console
%SystemDrive% C:
%SystemRoot% C:\WINDOWS
%TEMP% C:\DOCUME~1\username\LOCALS~1\Temp
%TMP% C:\DOCUME~1\username\LOCALS~1\Temp
%USERDOMAIN% Domain Name
%USERNAME% username
%USERPROFILE% C:\Documents and Settings\username
%windir% C:\WINDOWS
Note: Not all commands work on all systems (ie Xp Vista)
To get to Control Panel directly:
Start->Run-> Control
Accessibility access.cpl
Add/Remove Programs appwiz.cpl
Console console.cpl
Date and Time timedate.cpl
Display desk.cpl
Fax fax.cpl
Hardware Wizard hdwwiz.cpl
Infrared Port irprops.cpl
International and Regional intl.cpl
Internet Settings inetcpl.cpl
Joystick joy.cpl
Licensing liccpa.cpl
Mouse and Keyboard main.cpl
Mail mlcfg32.cpl
Sound & Multimedia mmsys.cpl
Modem & Phone modem.cpl
Network and connectivity ncpa.cpl
Network and Dial-up Connectivity netcpl.cpl
Netware Client nwc.cpl
ODBC odbccp32.cpl
PC Card devapps.cpl
Ports ports.cpl
Power Management powercfg.cpl
Scanner & Camera sticpl.cpl
Server Management srvmgr.cpl
Speech Properties sapi.cpl
System sysdm.cpl
Telephony telephon.cpl
TweakUI tweakui.cpl
User Manager nusrmgr.cpl
WSP Client wspcpl32.cpl
Using "Control"
You may also change to a specific tab in a Control Panel Applet
As an example:
This will open System Restore tab in System Properties
control mmsys.cpl,,4
This will open the Advanced tab in System Properties
control sysdm.cpl,,3
This will just open System Properties:
control sysdm.cpl
Using Shell options
Where these files live in registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
and then search for rundll32.exe in the run command
This is quite good at helping finding exact un-install strings for instance
---------------------------------------------------
Control Panel
module: CONTROL.EXE
command: rundll32.exe shell32.dll,Control_RunDLL
result: displays all the Control Panel icons in an Explorer view
---------------------------------------------------
Accessibility Properties
module: ACCESS.CPL
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,5
result: displays the Accessibility General properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1
result: displays the Accessibility Keyboard properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,2
result: displays the Accessibility Sound properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,3
result: displays the Accessibility Display properties
command: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,4
result: displays the Accessibility Mouse properties
---------------------------------------------------------
Add New Hardware Wizard
module: hdwwiz.cpl
command: rundll32.exe shell32.dll,Control_RunDLL hdwwiz.cpl @1
result: runs the Add New Hardware wizard
---------------------------------------------------
Add New Printer Wizard
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinter
result: runs the Add New Printer wizard
---------------------------------------------------
Add/Remove Programs Property Page
module: APPWIZ.CPL
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,1
result: displays the Install/Uninstall tab selected
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2
result: displays the Windows Setup tab selected
command: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,3
result: displays the Startup Disk tab selected
---------------------------------------------------
Briefcase
module: SYNCUI.DLL
command: rundll32.exe syncui.dll,Briefcase_Create
result: Creates a new Briefcase on the desktop
---------------------------------------------------
Copy Disk Dialog
module: DISKCOPY.DLL
command: rundll32.exe diskcopy.dll,DiskCopyRunDll
result: displays the Copy Disk dialog for removable media
---------------------------------------------------
Create New Shortcut
module: APPWIZ.CPL
command: rundll32.exe apwiz.cpl,NewLinkHere %1
result: Displays the Create New Shortcut dialog. Completing the filename in the dialog creates a shortcut at the location specified by %1
---------------------------------------------------
Date & Time Properties
module: TIMEDATE.CPL
command: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0
result: displays Set Date & Time properties tab
command: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1
result: displays the Time Zone properties tab
---------------------------------------------------
Dial Up Networking (DUN)
module: RNAUI.DLL
command: rundll32.exe rnaui.dll,RnaDial {name of connection to establish}
result: displays the Connect To dialog for the passed connection. If connected, displays the connection status dialog.
command: rundll32.exe rnaui.dll,RnaWizard
result: displays the Dial Up Networking Connection Wizard
MORE:
;Launch a specific Connectiod
;Win 95/98
Run("rundll32.exe"," rnaui.dll,RnaDial {Connectiod}")
*OR*
;Win NT/2000/XP
Run("rasdial.exe","Connectiod")
---------------------------------------------------
Display Options (Standard Windows Display Property Page*)
module: DESK.CPL
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
result: displays the Background tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1
result: displays the Screen Saver tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2
result: displays the Appearance tab selected
command: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3
result: displays the Settings tab selected
comments: Note: Your video adapter may install other property pages into DESK.CPL dynamically when selected with its own icon (i.e an ATI or Matrox control panel icon).
Additionally, it also may invoke its own control panel applet mimicking the Windows display options.
---------------------------------------------------
FindFast
module: FINDFAST.CPL
command: rundll32.exe shell32.dll,Control_RunDLL findfast.cpl
result: displays the Office FindFast control
panel applet (if installed)
---------------------------------------------------
Fonts
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolder
result: displays the Fonts Folder in Explorer view
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
result: Also displays the Fonts Folder in Explorer view
---------------------------------------------------
Format Drive Dialog (floppy disk only)
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHFormatDrive
result: displays the floppy disk Format Drive dialog.
Causes the Drive A to be accessed on showing.
---------------------------------------------------
Game Controllers
module: JOY.CPL
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,0
result: displays the Game Controllers General property page
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,1
result: displays the Game Controllers Advanced property page
---------------------------------------------------
HTML
module: MSHTML.DLL
command: rundll32.exe mshtml.dll,PrintHTML (HTML doc to print)
result: sends the passed file to the printer
Internet Explorer Control Panel
module: INETCPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl
result: displays Internet Properties, General Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,0
result: displays Internet Properties, General Tab (same as above)
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,1
result: displays Internet Properties, Security Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,2
result: displays Internet Properties, Content Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,3
result: displays the Internet Control Panel, Connection Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,4
result: displays the Internet Control Panel, Programs Tab
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,,5
result: displays the Internet Control Panel, Advanced Tab
---------------------------------------------------
Joystick Properties (also see Games)
module: JOY.CPL
command: rundll32.exe shell32.dll,Control_RunDLL joy.cpl
result: displays the Joystick property page
---------------------------------------------------
Mail and Fax Options
module: MLCFG32.CPL
command: rundll32.exe shell32.dll,Control_RunDLL mlcfg32.cpl
result: displays the Microsoft Exchange Profiles general property page
---------------------------------------------------
Mail Postoffice Options
module: WGPOCPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL wgpocpl.cpl
result: displays the Microsoft Postoffice Workgroup Admin property page
---------------------------------------------------
Main Group Options/Properties
module: MAIN.CPL
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @0
result: displays Mouse Properties
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1
result: displays Keyboard Properties, Speed tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,1
result: displays Keyboard Properties, Language tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,2
result: displays Keyboard Properties, General tab
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2
result: displays the Printers Folder (including Add Printer)
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
result: displays the Fonts Folder in Explorer view
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @4
result: displays Power Management Properties
---------------------------------------------------
Modem
module: MODEM.CPL
command: rundll32.exe shell32.dll,Control_RunDLL modem.cpl,,add
result: Runs the Add New Modem wizard
---------------------------------------------------
Multimedia & Sound Properties
module: MMSYS.CPL
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0
result: displays the Multimedia/Audio property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,1
result: displays the Multimedia/Video property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,2
result: displays the Multimedia/MIDI property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,3
result: displays the Multimedia/CD Music property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,4
result: displays the Multimedia/Advanced property page
command: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl @1
result: displays the Sound Properties page
---------------------------------------------------
Network Properties
module: NCPA.CPL
command: RUNDLL32 SHELL32.DLL,Control_RunDLL NCPA.CPL
result: displays the Networks properties, Configuration tab
---------------------------------------------------
ODBC32 Data Source Administrator
module: ODBCCP32.CPL
command: rundll32.exe shell32.dll,Control_RunDLL odbccp32.cpl
result: displays the ODBC32 Data Source Administrator
properties dialog
---------------------------------------------------
Open With
module: SHELL32.DLL
command: rundll32.exe shell32.dll,OpenAs_RunDLL {drive:\path\filename}
result: displays the application/file "Open With" dialog
result: passing the full file drive, path and name as a parameter will cause the dialog to display the line "Click the program you want to use to open the file '{filename}'".
---------------------------------------------------
Passwords Properties
module: PASSWORD.CPL
command: rundll32.exe shell32.dll,Control_RunDLL password.cpl
result: displays the Passwords properties, Change Passwords tab
---------------------------------------------------
Power Management Properties
module: POWERCFG.CPL
command: rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl
result: displays the Power Management properties, Power Schemes tab
---------------------------------------------------
Printer
module: SHELL32.DLL
command: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder
result: displays the Printers Folder (including Add Printer)
command: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2
result: Also displays the Printers Folder (including Add Printer)
Regional Settings
module: INTL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,0
result: displays the Regional Settings property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,1
result: displays the Numbers property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,2
result: displays the Currency property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,3
result: displays the Time property page
command: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,4
result: displays the Date property page
---------------------------------------------------
Screen Saver Installation
module: APPWIZ.CPL
command: rundll32.exe desk.cpl,InstallScreenSaver c:\windows\system32\sspipes.scr
result: Installs the new screen saver and runs the display/screen saver preview property page
---------------------------------------------------
System Properties
module: SYSDM.CPL
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,0
result: displays the General property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,1
result: displays the Device Manager property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,2
result: displays the Hardware Profiles property page
command: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,3
result: displays the Performance property page
---------------------------------------------------
Shutdown
module: USER.EXE
command: rundll32.exe user.exe,restartwindows
result: forces Windows to perform a proper shutdown,
and restart the computer
command: rundll32.exe user.exe,exitwindows
result: forces Windows to shutdown, and wait either
to be turned off, or reset
---------------------------------------------------
Taskbar and Start Menu Properties
module: n/a
command: "rundll32.exe" shell32.dll,Options_RunDLL 1
result: displays Taskbar and Start Menu Properties
---------------------------------------------------
Telephony Properties
module: TELEPHON.CPL
command: rundll32.exe shell32.dll,Control_RunDLL telephon.cpl users
result: displays the Dialing Properties dialog
---------------------------------------------------
Themes
module: THEMES.CPL
command: rundll32.exe shell32.dll,Control_RunDLL themes.cpl
result: displays the Themes control panel app (if installed)
---------------------------------------------------
TweakUI
module: TWEAKUI.CPL
command: rundll32.exe shell32.dll,Control_RunDLL tweakui.cpl
result: displays the TweakUI control panel applet (if installed)
---------------------------------------------------
Users Properties (Win98)
module: INTECPL.CPL
command: rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl users
result: displays the Multi-User Settings properties dialog
(MS Family Networking Login)
---------------------------------------------------
Wireless Wizard
command: rundll32.exe shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
result: runs the Wireless Wizard
Some MSC Shortcuts (just thought I'd throw in)
compmgmt.msc Computer management
devmgmt.msc Device manager
diskmgmt.msc Disk management
dfrg.msc Disk defrag
eventvwr.msc Event viewer
eventvwr.exe \\computername View the Event Log at a remote computer
fsmgmt.msc Shared folders
gpedit.msc Group policies
lusrmgr.msc Local users and groups
perfmon.msc Performance monitor
rsop.msc Resultant set of policies
secpol.msc Local security settings
services.msc Various Services
Enviromentals:
%ALLUSERSPROFILE% C:\Documents and Settings\All Users
%APPDATA% C:\Documents and Settings\username\Application Data
%CLIENTNAME% Console
%CommonProgramFiles% C:\Program Files\Common Files
%COMPUTERNAME% computername
%ComSpec% C:\WINDOWS\system32\cmd.exe
%HOMEDRIVE% C:
%HOMEPATH% \Documents and Settings\username
%ProgramFiles% C:\Program Files
%SESSIONNAME% Console
%SystemDrive% C:
%SystemRoot% C:\WINDOWS
%TEMP% C:\DOCUME~1\username\LOCALS~1\Temp
%TMP% C:\DOCUME~1\username\LOCALS~1\Temp
%USERDOMAIN% Domain Name
%USERNAME% username
%USERPROFILE% C:\Documents and Settings\username
%windir% C:\WINDOWS
Friday, July 30, 2010
asklots.com search redirection bastardos
asklots.com search redirect virus is a bitch and comes in many flavors, after running numerous anto-malware and spyware tools the only utility I found that worked was ComboFix. BUT read the disclaimer carefully it's not for the faint hearted and I've been working with PCs and Windows for 20 years...
http://www.asklots.com/ are a bunch of wa#ker$!
http://www.asklots.com/ are a bunch of wa#ker$!
Sunday, February 14, 2010
Useful tool to trace Windows 7 startup - netsh trace
When debugging performance and logon issues in large corporations, where hooking up a sniffer can be just slightly less painful than pointy stick time, I've often found it 'painful' to get a full trace of Windows startup including network traffic. However Windows 7, though having taken away the useful userenvdebuglevel and userenv.log, have introduced full tracing 'out of the box' akin to but more evolved than old netcap.exe... and the wunderkind is:
NETSH TRACE START CAPTURE=YES
Drop this into a scheduled task set to run, fully elevated, at boot time, after the NIC is active and you have a full trace and log of all system actvity during the boot process. All you need do is run:
NETSH TRACE STOP (Best to run from a command prompt so you can see all the files saved extract all the contents of the NetTrace.cab and use the report.etl file as well as the NetTrace.etl)
After you've logged in with the shell loaded and you'll have all the logs you need to dig into the guts of boot and logon issues.
The only pain with this is the new .ETL network log format only works in MS Network Monitor (and you have to set the parsers to Full) and cannot be opened in WireShark... but the new MS Network Monitor is pretty good just takes a little getting used to... note there are newer parsers published on www.codeplex.com
Another useful article is here http://blogs.technet.com/netmon/archive/2010/01/04/capturing-a-trace-a-boot-up.aspx and covers using nmcap.exe to take the trace but you could just as easily replace nmcap with another capture tool e.g. winpcap
The netmon blog is a great resource for debugging...
NETSH TRACE START CAPTURE=YES
Drop this into a scheduled task set to run, fully elevated, at boot time, after the NIC is active and you have a full trace and log of all system actvity during the boot process. All you need do is run:
NETSH TRACE STOP (Best to run from a command prompt so you can see all the files saved extract all the contents of the NetTrace.cab and use the report.etl file as well as the NetTrace.etl)
After you've logged in with the shell loaded and you'll have all the logs you need to dig into the guts of boot and logon issues.
The only pain with this is the new .ETL network log format only works in MS Network Monitor (and you have to set the parsers to Full) and cannot be opened in WireShark... but the new MS Network Monitor is pretty good just takes a little getting used to... note there are newer parsers published on www.codeplex.com
Another useful article is here http://blogs.technet.com/netmon/archive/2010/01/04/capturing-a-trace-a-boot-up.aspx and covers using nmcap.exe to take the trace but you could just as easily replace nmcap with another capture tool e.g. winpcap
The netmon blog is a great resource for debugging...
Saturday, January 23, 2010
Subscribe to:
Posts (Atom)