Category: Windows Server Tips

AntivirusMalwarePhishingSecurityVulnerabilty

Warning – Major WannaCry-like Windows Security Exploit

If you have a Windows computer different from Windows 10 and Windows 8, you need this update!

Windows 7, Windows XP, Windows Server 2003, Windows Server 2008 R2 and similar all need updates right now.

More on this

Here: https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

and here: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

Advertisements
AntivirusLittle TipsMalwareNetworkingPhishing

Microsoft SharePoint Under Attack – CVE-2019-0604

SharePoint is under attack as attackers have discovered and are exploiting vulnerability CVE-2019-0604. Find out more about the vulnerability in the linked security advisory by Microsoft below:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

– Microsoft SharePoint Remote Code Execution Vulnerability

According to an article by HelpNetSecurity, the attackers are able to install a web shell that then “allows them to achieve continuous access to the system and, potentially, to the internal network on which it resides.” The article also reports that, “According to the Canadian Centre for Cyber Security, researchers have identified compromised systems belonging to the academic, utility, heavy industry, manufacturing and technology sectors.”

What is the God Mode on Windows?
Little TipsWindows 10 TipsWindows PCWindows Server Tips

What Is This So Called God Mode on Windows and How Do I Access It?

Windows has a really cool tool you will be glad to discover if, like me, you like to have lots of power on you computer. Some people have called this feature the “God Mode,” but we will call it “Power Tools Mode,” because we fear God here.

The Power Tools Mode is easy to access. Just create an empty folder on your Desktop, Rename the folder to the following exact code with the brackets and dot and then press Enter.

PowerToolsMode.{ED7BA470-8E54-465E-825C-99712043E01C}

The folder icon should change to look like that of the Control Panel et voila!

Icon for the so-called God Mode on Windows

The new icon

This folder gives you access to tools like:

  • Shortcuts to several actions in the Action Center (including a shortcut to View the Reliability History discussed in one of our articles),
  • Several Administrative Tools,
  • Devices and Printers,
  • Several Accessibility features in the “Ease of Access Center.”

What is the God Mode on Windows?

Power Tools accessible via the so-called “God Mode” on Windows.

 

Reliability and Problem History
Windows 10 TipsWindows PCWindows Server Tips

What is Microsoft Windows Reliability Monitor?

One of the hidden gems on Windows computers is the Reliability Monitor. This tool can help you detect problems on your system before it is too late. The Monitor is hidden in the Control Panel > System and Security > Action Center > Reliability Monitor in some of the flavors of Windows, but the quickest way to unearth it on Windows 10 is to Windows Start / Search for “Reliability.” This should bring up a result to “View reliability history.” You can also find the tool by going to your Action Center > Maintenance, then under Check for Solutions to problem reports, click View reliability history.

Path to Reliability History

Control Panel > System and Security > Action Center > Maintenance > View reliability history

According Windows Help and Support, Reliability Monitor is an advanced tool that measures hardware and software problems and other changes to your computer. It provides a stability index that assesses your system’s overall stability on a scale from 1 to 10, 10 being the most stable. The history is presented such that, by selecting a specific period in time, you may review the specific hardware and software problems that have impacted your system.

Reliability and Problem History

A view of the Reliability and Problem History on Windows Server 2012

 

What to do when you can't delete a program in Windows
Little TipsMalwareWindows 10 TipsWindows PCWindows Server Tips

How To Manually Uninstall a Stubborn Service in Windows?

There are programs that are not easy to uninstall. Sometimes you can easily uninstall the said programs only to find out that they left a trail of files in C:\Program Files\ or C:\Program Files (86)\ that you then try to manually delete.

If all goes away and leaves your computer alone, great! You do not need this article. This article is for times when the program just won’t go away and reports that there is another system using it or another user currently running the program. If there is no user that you know of and there are not programs you are aware of that are still running the unwanted application:

  1. Try to kill the process in the Applications tab of your Windows Task Manager.
  2. If the problem persists, Check your Services tab of the Windows Task Manager and look for the name of the unwanted application or for anything related to it.
  3. If the application you are uninstalling had a server component, you will find it in the list of Services. (Hint: Sort the list by Name instead of PID you can at least identify the program by name.)
  4. Once you find the problematic service. Right mouse click on it to Stop the service and then try to delete the folder or application you had a hard time deleting.
  5. If that still does not let you remove it, then go ahead and run an elevated command prompt to run sc.exe
  6. The command  sc.exe delete <service name> should help you completely remove or delete the service, where <service name> is the name of the service itself as you see it in the service management console, not of the exe.
  7. Finally try to delete the folder you were attempting to delete from C:\Program Files\ or wherever you had installed the application.
  8. If all none of the above solves the problem, there are certainly other methods out here. Let us know what did the trick for you by commenting below. (Pro Tip: Consider bringing in some of the big guns like the Process Explorer from Microsoft’s SysInternals Utilities).
Local Session Manager
Little TipsNetworkingRDS - Remote Desktop ConnectionWindows Server Tips

How To Find Out All Remote Desktop Logon Sessions That Took Place On Windows Server 2012 R2

The first time I used these logs is when I was running an audit to figure out whether a specific user has recently accessed my server using Remote Desktop Connection.

In order to identify who has recently had a full session remotely running on your server, you: look at the events located at these two places:

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – Local SessionManager > Operational

and

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – RemoteConnectionManager > Operational

To have any events logged in here, you have to at least have these things in place:

  • You must be running the Windows Feature AppServer (Terminal Services Application Server)
  • The specified logs must be enabled.

With these conditions in place, these logs show give you the user names and computer names of all Remote Desktop sessions that have taken place between your computer and other client devices for a certain duration of time. Of course the length of the log depends on the properties you have set for the logs (e.g. Enabled logging, Maximum log size, what to do when maximum event log size is reached, etc.).

Please note that these logs can also be used to diagnose and troubleshoot RDS sessions that disconnect in an apparently random way.

One other place you can check is your Event Viewer > Windows Logs > Security which should have audit log of successful and failed logons if you had activated the “Audit logon events” in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy snap-in.

Finally, a rather simple way you can go about it is by using the command line as an administrator and typing the following command (more about it at the Windows Command Line reference below):

net user  username | findstr /B /C:"Last logon"

Do you know of any other ways to achieve this audit? Please let us know in the comment section.

Some other useful resources include:

NetworkingWindows Server Tips

Can’t Find Server in Network

You have installed Windows Server 2008 R2, you have installed the application you want to make available to multiple endpoints on your LAN (Local Area Network), and you have even created your Share on the server. Good!

Then comes the time to setup the endpoints or client computers that will consume your application, but there is one problem, Ma’am/Sir! You cannot find the Share on the network. In fact, you cannot even find your server on the network!! What do you do?

You go to your Services on the server and enable the service named Computer Browser. This service is disabled by default. So, turn it on and you are good to go! Go check on the endpoints’ list of network devices on your LAN and you should see your server there. If you do not, please leave a comment here.

Some external help here from the people at Websense:

1.Make sure that Windows Network File Sharing is enabled.
  a.Go to Start > Network > Network and Sharing Center.
  b.In the Sharing and Discovery section, set File Sharing to On.
2.Go to Control Panel > Administrative Tools > Services.
3.Double-click Computer Browser to open the Properties dialog box.
4.Set the Startup type to Automatic.
5.Click Start.
6.Click OK to save your changes and close the Services dialog box.

And from the people at Microsoft Technet.