Windows

How to clean up a Windows server

Dave Farquhar security, Windows , , , , , ,

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Read more

Solving the Windows 0x13d error, aka the 317 error, and watch for the scams

Dave Farquhar scams, Windows , ,

Yesterday when performing a routine server inventory, I received a Windows 317 error, aka a Windows 0x13d error, when I tried to view some directories remotely from a batch file.

The exact text of the error message: The system cannot find message text for message number 0x13d in the message file for System.

If you’ve received a 0x13d error and you’re wondering what it means, it seems to be an unhealthy system’s way of saying “file not found.” In my case that’s what it appeared to be. If the lack of a human-readable error message bothers you, I found two possible culprits: One is system hardening–perhaps you’ve applied the recommendations from CIS, USGCB/NIST, or the DISA STIGs to the system–or the more likely culprit, services not running that need to be. Start with some very routine maintenance. Check the remote machine to make sure all the services that are set to start automatically are indeed running, and you might want to think about rebooting.

In case you need legitimate details, pay http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382%28v=vs.85%29.aspx a visit.

When researching the error code, I found an interesting scam—tons of sketchy web sites, some that did a decent job of impersonating Microsoft, offer programs to fix the issue. Microsoft doesn’t offer downloadable fix-its for error messages like this because these are the kinds of problems that require some human intelligence to resolve.

Read more

WMIC invalid global switch – solved

Dave Farquhar Windows , ,
WMIC invalid global switch – solved

I use WMIC a lot to gather data in my job. Querying computers that have dashes (a.k.a. the minus sign, the “-” character) in the names cause an error message that says “invalid global switch.” Microsoft operating systems use the dash as a reserved character to indicate command options. Here’s how to get rid of the WMIC invalid global switch problem.

Read more

Windows Vista’s market share is growing. After seeing 8.1, I know why

Dave Farquhar Software, Windows , , , , , , , , , , ,

I installed Windows Vista last week. I need a legal copy of a supported version of Windows to use to VPN in to work and run the corporate Citrix client. Vista fit the bill. It’s better than 8.1, and it’s supported until April 2017. I always hated Vista, but 8 and 8.1 made me realize it could have been a lot worse, and on recent hardware Vista does OK. It still prompts you for admin rights too much and too slowly and makes you work too hard to click yes, but at least you can find stuff. Read more

Computer, how old are you?

Dave Farquhar Windows , , ,

Yesterday I wrote about finding old computers. Here’s how I determine how old a computer is.

There’s a registry key called HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate that stores the system build time in Unix format (the number of seconds since 1 January 1970) and hexadecimal. With a few mad skilz you can make that data human-readable.

Read more

How to do one-off patches without an Internet connection

Dave Farquhar security, Windows

If you need to patch a small quantity of Windows servers or desktop PCs and don’t want to download four gigabytes of updates, or, worse yet, can’t download updates, WSUS Offline Update is your buddy. Don’t let its name fool you–it doesn’t require a Microsoft WSUS server in order to operate. But if you have a local WSUS server, you can point it at that to download updates, which is faster than downloading from Microsoft.

It’s a script that can download all existing updates for a given operating system, and then, you can run it off a network drive or removable media on individual systems to install missing patches and service packs. It’s a reliable way to quickly patch a small number of systems. I’ve had to use it a few times in my career and it’s worked well for me.

Patching hundreds of systems with it isn’t something I recommend–if you have a lot of machines, you need to stand up an enterprise patching solution–but this tool definitely has its uses, especially in small environments, or even for one-offs in large environments.

I can think of another good use for it: If you have a development network that doesn’t have an Internet connection, this will let you download and apply updates to it so your development network matches production, which is critical for a properly-working environment.

In the bad old days I used to use batch files to apply updates. This is better, because it will apply only the missing updates, and it does a reasonably good job of applying the updates in the proper order. Using batch files, sometimes I would have to run the file, reboot, and repeat a half dozen times to end up with a clean system, which didn’t make the security team happy. When I started using the predecessor to this tool, my security team and boss were a lot happier.

XP may not be as bad as it sounds

Dave Farquhar security, Windows ,

Patrick Gray and Darren Pauli of The Register blasted the continued use of XP on Risky Business last week.

But I think their criticism is based on an assumption that may not be correct. Read more

Some tips for trolling fake technical support calls

Dave Farquhar scams, security, Windows , , , , , , , , , , , , ,

I did a little more digging after getting yet another fake technical support phone call last week, and I’ve done some thinking on my own. If you want to troll these criminals when they call you, here are some ideas. Read more

Mr. Genius Man from “Windows Technical Support” gets nasty

Dave Farquhar scams, security, Windows , , , , , , , , ,

I got another “Windows Technical Support” call on Friday evening. My caller ID said Minneapolis, and since I have coworkers in Minneapolis, I answered. But the guy on the other end was a long way from Minneapolis and probably doesn’t know diddly about ice hockey.

I’m pretty sure it was the same criminal as last time, but over a better VOIP connection. I remember the voice pretty well, because his parting lines from last time, “Enjoy your broken computer, Mr. Genius Man!” struck me as funny. And he started the conversation with, “I’m calling you again about your Windows 7 computer.”

My conversation with him revealed a few things about why this scam is likely to be profitable.

Read more

Windows XP rises from the dead… accidentally

Dave Farquhar security, Windows ,

I’ve been hearing predictions for a year that after Windows XP went out of support, it would only be a matter of time before people started backporting patches to it.

As it turns out, they don’t have to. Windows XP has a close relative, Windows Embedded, that doesn’t go out of support until 2019. The people who are fretting over XP-based ATMs and cash registers don’t realize many of those devices–those built in 2009 or later–are running Windows Embedded. It looks just like XP, works just like XP, and installs a lot like XP, but it’s still supported. The bigger question is whether the people running it are patching it, but that problem has existed ever since Microsoft released Windows Update.

Well, with a simple registry hack, it’s possible to make Windows XP look like Windows Embedded and keep getting updates. Microsoft quickly issued a statement, and some people are predicting Microsoft will quickly close that loophole.

I’m not so sure about that. Read more