I had a Java app pointing at a Forcepoint (formerly known as Websense) proxy server. The proxy server wasn’t working, and the app was giving me a 407 error.
We had Websense set to require NTLM authorization, but it turns out Java won’t do NTLM, so the Java traffic wasn’t even showing up in the monitor.
My workaround was to have users open a browser, then go to any web page immediately before opening the app. By letting the browser authenticate for it, the Java app worked thanks to Websense having the credentials cached.
If you want, you can launch the applet with a batch file that uses IEcapt to hit any web page, then starts the applet.
The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.
Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.
“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.
“What, Cygwin’s bash?” I asked.
“No, in CMD.EXE.”
I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.
My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool.
But there’s one thing that Du.exe does that makes the CLI worthwhile. It will output to CSV files for further analysis. Here’s the trick.
DU -L 1 -Q -C \\SERVERNAME\C$\ >> servers.csv
Sub in the name of your server for servername. You have to have admin rights on the server to run this, of course.
For even more power, run this in a batch file containing multiple commands to query multiple servers, say, in your runup to Patch Tuesday. Open the file in your favorite spreadsheet, sort on Directory Size, and you can find candidates for cleanup.
After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.
Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more
Here’s an old, old, but still useful tip that works on all NT-based versions of Windows (including XP and 7). Longtime reader Jim couldn’t find it here anymore, and I can’t either, so I’ll repost it for posterity. This is how to clear your print queue from the command line.
Open a command prompt, and issue these three commands:
net stop spooler
del /q c:\windows\system32\spool\printers\*
net start spooler
If you keep your printers folder open, you’ll see your stuck print jobs disappear, like magic.
If you’ve moved your print spooler to a ramdisk, like I recommend, substitute that directory for c:\windows\system32\spool\printers in the second line.
When you have a print job that’s stuck and keeping you from using your printer, this trick will get rid of it more reliably than any other method. It’s also much less infuriating than right-clicking on a hung print job and then waiting 15 minutes for it to finally disappear. If you find yourself doing this a lot, you might want to save it as a batch file and keep it someplace handy.
I’ve collected most of my scripting resources in a single post about scripting Windows sysadmin tasks.
Sometimes in a batch file I find myself needing to perform more than one operation on a server, especially inside a for loop. Rather than do a pair of for loops, which isn’t always desirable, you can use the & operator.
Every once in a great while, I have to answer a question like what version of Windows a range of servers is running. If the number of servers is very small, you can just connect to them with a Terminal Services client and note what comes up. But sometimes that’s impractical. Right now I’m working someplace that has 8,000 servers, more or less. I’m not going to check 8,000 servers manually. I’m just not.
Here’s a more elegant, much faster way to go about getting that information.