404 Tech Support

Microsoft yesterday announced a dangerous exploit for users with Windows XP or Windows Server 2003 operating systems and use Internet Explorer. You can read more about the exploit with this article from The Register. If you are using Windows Vista or Windows Server 2008, you are not susceptible to this bug.

This is an odd announcement for Microsoft to make; usually, they will only announce that such bugs exist when they are releasing a fix to the problem. This prevents more malicious people from knowing about the exploits before there is a patch available. It seems in this instance and the reason for the rush announcement is that enough malicious people are actively exploiting the problem that Microsoft needed to announce the problem to make the general public aware of it as well. In this article, you can learn a number of different steps you can take to prevent the exploit from impacting you.

While looking around for a particular utility, I ended up on Google Code just dredging through all the projects they have online. As I went through, I kept opening tabs to more and more applications that sounded interesting. I found enough applications worth sharing that I decided to post one per day this week and highlight some hidden treasures of Google Code.

Day #5: Unregistry

Unregistry is simple in principle but very helpful in practice. Messing around with the Registry gets to be a day-to-day task for some IT. There exist these horribly written programs that store too much in the Registry and in keys that standard user’s don’t have permission to write in. There are also just standard troubleshooting errors and permissions problems; you are not likely to be a stranger to the Registry. Unregistry helps serve one vital role with mucking around in the Registry: removing keys that were put there.

Unregistry makes use of a .REG script. It could be a fix you downloaded from the Internet or a key you exported from your own Registry. Normally, if you double-click on a .REG script, Windows will add the values in the script to your Registry. If you use Unregistry, you can load that same .REG script and it will remove the values specified in the script. Optionally, you can also have it delete empty keys that are emptied by Unregistry.

If you’re running a batch script from a network share, you might see a message like this:

CMD.EXE was started with the above path as the current directory. UNC paths are not supported. Defaulting to Windows directory.

This is just a warning message and not an error but it can still cause confusion among users even if the script works perfectly. You can allow the Command Prompt to use UNC paths as the current directory by adding a value to the registry.

With Green Initiatives becoming the norms these days, lots of people are looking for elaborate ways to save electricity and reign in their energy-sucking computers. Looking at the numbers, we can see that just turning off something like a CRT monitor when it’s not in use can save a lot of juice. There are quite a number of elaborate schemes and utilities (both hardware and software) to try to reduce the draw of these necessary components. Windows provides Power Schemes to allow you to control the behavior of computer components when they are not in use and this article will cover a lot of the related tools that can hook into the Window provided components, but make it easier to control from a centralized location with group policies, scripting, or just a change of interface.

If you haven’t heard already, there is a buffer overflow attack in the wild that exploits the fully-patched and latest versions of Adobe Acrobat and Adobe Reader, 8.3 and 9.0. The exploit can come in the form of opening a malicious or poisoned PDF file. You can read more about the specifics of the attack and how it works from an article at The Register. To summarize the problem, Javascript inside of a PDF can allow for code to be run on your computer. Variants of the exploit exist including one that installs a trojan virus and could allow a malicious user remote control over the computer.

SysInternals offers a lot of useful tools for Windows computers. These can either add more functionality, work-around different quirks, or gather more information for debugging.

This article is divided into two sections. I tried to separate the utilities into General use and IT use. Those in the General use category might have a larger interested audience and those in the IT category would be of particular interest to those in IT or regular computer maintenance.

Useful for everybody:

Desktops allows you to create up to 3 additional virtual desktops for your computer. This only requires about 5 megabytes of memory for the process and allows you to keep your organizational spaces organized. You could have one desktop where you are browsing, another for working on a document,  and etc. As you can see in the screenshot below, you can configure hotkeys to switch easily between desktops and enable the program as a service so it starts up with your computer.

Unfortunately, Firefox has the same issues as having more than one session with Remote Desktop. You can open Firefox on more than one desktop if you use a different profile on each one otherwise you’ll get a message that the profile is in use.

If you’re trying to script a restart function for users, you’ll unfortunately find that shutdown.exe does not work for non-Administrators, nor does psshutdown. Shutdown.exe requires privileges for the shutdown process and psshutdown.exe requires privileges to add and start services.

One of many ways around this problem is to create a visual basic script. This also offers the functionality of allowing the user to abort the restart with a simple cancel button, a functionality which shutdown.exe lacks (unless your user runs shutdown.exe -a within the time limit).

Windows XP SP2 and beyond use Windows Firewall to prevent from outside attack. If you have a legitimate program that needs access you can add an exception to the computer for that program. You can do this through the Control Panel on each machine, the Group Policy for multiple machines (more info from Microsoft), or through a script for maximum flexibility.

The scripting syntax for adding an exception looks like this:

netsh firewall add allowedprogram "c:\program files\my program\Program32.exe" Program ENABLE

netsh firewall gets into the ability to modify the firewall. To add a program you need both add and allowedprogram. Then type the path to the program, the name of the program, and ENABLE.