Author Archives: AnonIT

SBS Monitoring Database cleanup

The SBS monitoring database can be a pain.  If left unmanaged and unloved it will eventually consume too many resources on the server, causing performance issues.  To clearup the database, you can follow the details here:

https://docs.microsoft.com/en-us/archive/blogs/sbs/how-to-recreate-the-sbsmonitoring-database

The PS1 script is hosted on onedrive, so let me know if it disappears and I’ll see if we can recover it.

Extract the PS1 file to c:\windows\temp\, check to ensure the script isn’t blocked and that script execution is enabled.

SBS2008 – Open an admin powershell prompt, and run the script

SBS2011 – run “c:\program files\windows small business server\bin\movedatapowershellhost.exe” as administrator, and then run the script.

Nextcloud v18 using OCC

I was struggling to use Nextcloud as I found some of the documentation to be out of date.  I kept finding references to using occ to run commands, but couldn’t work out how to use it.  I finally found this page https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html which outlined the full command to use.  This needs to enter the full path to the occ file.

EG:

sudo -u www-data php /var/www/nextcloud/occ

(You can open the occ file in nano, it is simply a php file.

Scheduled Task “The task image is corrupt or has been tampered with”

When opening task scheduler I was faced with the error “Task User_Feed_Synchronization-{20EECAD6-F054-4C21-B0F6-EC6DA-99BD2C8}: The task image is corrupt or has been tampered with.”

clip_image002

and

“Task ServerCeipAssistant: The task image is corrupt or has been tampered with.”

clip_image002[5]

There are a number of locations the corrupt task can be stored:

C:\windows\system32\tasks\

And

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft

Looking at the data stored in these two locations it should be enough information to delete and recreate the task.

Reference:

https://www.ghacks.net/2011/07/28/fix-the-task-image-is-corrupt-or-has-been-tampered-with-errors/

List table sizes in SQL

I needed to get a list of table sizes from SQL to find out why a database was excessively large.  I used the following:

CREATE TABLE #RowCountsAndSizes (TableName NVARCHAR(128), rows CHAR(11), reserved VARCHAR(18), data VARCHAR(18), index_size VARCHAR(18), unused VARCHAR(18))

EXEC sp_MSForEachTable ‘INSERT INTO #RowCountsAndSizes EXEC sp_spaceused ”?” ‘

SELECT TableName, CONVERT(bigint, rows) AS NumberOfRows, CONVERT(bigint, left(reserved, len(reserved)-3)) AS SizeinKB

FROM #RowCountsAndSizes

ORDER BY NumberOfRows DESC, SizeinKB DESC, TableName

DROP TABLE #RowCountsAndSizes

Allow non admins to manage RDS connection

I had a server 2016 RDS server using a combination of Terminal Servers and remoteapps, and we had a user that wanted the ability to log users off.  The user in question was not a local admin on the server, so I created an AD group, added her and ran the following command from an elevated prompt on the RDS Server:

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName=”RDP-Tcp”) CALL AddAccount “anonit\USR-SEC-AllowRDSLogoff”,2

Where anonit\USR-SEC_AllowRDSLogoff is the group that would have permission to logoff users.

 

This ONLY takes affect once the accounts have logged in.  eg:  User1 is the kicker and User2 is the kickee.  Once I’ve modified the server, User1 doesn’t have permission to log User2 out until User2 has initiated a new logon session.

 

References:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753032(v=ws.11)?redirectedfrom=MSDN

https://social.technet.microsoft.com/Forums/en-US/0d119172-1100-4f9d-accd-e2504e5f4908/rds-2012-configure-permissions-for-remote-desktop-services-connections?forum=winserverTS

https://docs.microsoft.com/en-us/troubleshoot/windows-server/remote/add-user-services-rdp-permissions

https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tspermissionssetting

https://docs.microsoft.com/en-us/windows/win32/termserv/win32-tspermissionssetting-addaccount (explains the magic number 2)

 

MAC OS X 10.3 user password reset

I recently picked up a Powermac G4, running Mac OS X 10.3, and it had an account on it with unknown credentials.  I needed to reset the account.

Boot into single user mode (reboot, at the grey Apple screen press Command-S (or Windows-S))

I typed the commands:

Mount –uw /

cd /var/db

rm .AppleSetupDome

reboot

On boot, the new mac wizard ran.  I was able to create a new account and remove the old one.

Old Servers listed in DHCP Server list

When opening a DHCP console on domain that had been in operation since 2008, and gone through a number of upgrades, migrations and repairs, a number of old servers were still listed.

To remove these, as a domain administrator, verify the data by running:

netsh dhcp show server

To remove the servers, use the command:

netsh dhcp delete server %FQDN% %IPADDRESS%

eg:

netsh dhcp delete server dc03.anonit.local 192.168.168.3

If the response is

Deleting server with dc03.anonit.local, 192.168.168.3
The specified servers are not present in the directory service.

Open adsiedit.msc and navigate to Configuration / CN=Configuration / CN=Services / CN=NetServices

In this container, depending on what you see is how you proceed:

In the example above, the DhcpRoot container DHCPServers attribute was empty, and we needed to remove one of the extra entries (the bottom one on the list).  Once deleted, the output from netsh dhcp show server was correct, and there were no more extra servers showing up in the list.

References:

https://blogs.technet.microsoft.com/networking/2009/02/27/old-dhcp-servers-appear-in-the-list-of-authorized-servers-after-a-domain-rename/

Synology exFAT support

I had a Synology DS418 NAS drive, and needed to attach a USB drive to get some data off it as a one off operation.  I found the drive formatted as a exFAT drive, and out of the box, Synology doesn’t support that.  They have an add on in their store for $3, but given the amount of money I paid for the unit, and I knew it ran linux, and this was a one off operation, I thought I’d do some digging to see if I can bypass that restriction, and learn something in the process.

Requires:

A Synology NAS;

A linux PC (a Raspberry pi was used in this example);

(A Windows PC was used to download the files and transfer them via winscp).

Download the relevant exfat-fuse file for the NAS architecture from https://packages.debian.org/stretch/armel/exfat-fuse/download (In this example I used exfat-fuse_1.2.5-2_arm64.deb)

Transfer this file to the Linux PC if necessary (it can’t be extracted on the NAS itself).

Extract the files:

$ dpkg –extract exfat-fuse_1.1.0-2_armel.deb .

(Note the full stop at the end of the line)

In the control panel of the NAS web UI, enable SSH, and login via SSH.

Copy the extracted file /sbin/mount.exfat-fuse to the NAS placing in the /opt/sbin/ directory.

Without the USB drive attached to the NAS, run an ls /dev/, then connect the usb drive, and do the same.  Look for differences in the directory, this will be the USB drive.  In my case it was listed as sdq, and the partition I wanted was sdq2.

Run the commands:

$ mkdir /mnt/exfatusb
$ ./mount.exfat-fuse /dev/sdq2 /mnt/exfatusb

to mount the USB drive.  You can then copy the files to the required directory and unmount the drive:

$ cp -av /mnt/exfatusb /volume1/retroPIE
$ umount /mnt/exfatusb

From the above command you may also be able to work out a project I am currently working on!

I have attached the relevant files here:

Synology exFAT support

References:

https://forum.synology.com/enu/viewtopic.php?t=62473&start=90#p390456

Opening HLP files on Windows 10 x64

I needed to open a HLP file on Windows 10 x64 v1903.

There are a number of posts and threads, and some differing advise.  I found the following:

https://www.majorgeeks.com/files/details/winhlp32_for_windows_10.html

Download the msi file.

SHA256:  CE4C0FFB97BDAE423D197EC902DB88F298B699E7279F315C0694C7F48A7BD546

SHA1: AC30060E6442CF260C63D47FB12E2DE0DE1FE661

MD5: 10BA7330EAB7DBAEC93BEE5112DF47D4

Upload to VirusTotal to check.

I then ran the MSI and installed the application.

This allows the file to be opened from within Explorer.  Native help within applications may still fail.

Get the command line of a running process via powershell

If you need to get the command line of a running process you can use powershell:

gwmi win32_process -filter "name='vmware-vmx.exe'" | where-object {$_.commandline -like "*ex02*"} | select commandline, processid | fl

The above will get the commandline and processid of the vmware-vmx.exe process that has a command line containing *ex02*