Howto: Mount a Windows share on SLES linux using cifs

This post is mainly for my own benefit.  I mount Windows shares on my SuSE linux box so infrequently, I have to dig through past notes to remind myself what the syntax is.

To mount a Windows share on SLES linux using cifs:

mount -t cifs -o username=jsmith //po5/gwdompri /mnt/po5/gwdompri

  • jsmith is the user account to authenticate as
  • //po5/gwdompri is the Windows server and share you wish to mount
  • /mnt/po5/gwdompri is the location to mount the share, or where you access it on the local Linux box.
  •  you will be prompted for the password 
  • /mnt/po5/gwdompri must exist

Howto: Use msizap to remove orphaned cached Windows Installer Data Files to increase free disk space

Msizap is a command-line tool that can delete the configuration data that Windows Installer maintains for products that it installs, including the directories, files, registry subkeys, and registry entries in which Windows Installer stores configuration data.

Running msizap.exe with the G parameter removes orphaned cached Windows Installer data files for all users. Running this command on an old Windows XP machine allowed me to reduce the size of the C:\Windows\Installer directory from 3.6GB down to 875MB.

This computer had so many orphaned files due to the constant installation and uninstallation of software such as Java, Flash, Acrobat Reader, and other utility software over the years. Yes, orphaned files persist on your hard drive despite following proper uninstall procedures.

To run msizap, login to the machine as an administrative user and launch a command window. Navigate to the directory that contains msizap.exe, then type the following command:

msizap !G

The G option removes the orphaned cache files, the exclamation point forces a ‘yes’ response to any prompt.

While removing orphaned files should not have any negative impact on your Windows installation, be aware that msizap is a powerful tool that can cause problems if used incorrectly.

Msizap can be downloaded as a part of the Microsoft Windows Server 2003 Support Tools or the Windows Installer CleanUp Utility. I was unable to find the Windows Installer CleanUp Utility by searching Microsoft’s download site, so note that as of today the file’s name is msicuu2.exe if you the above link goes dead in the future.

If you don’t want to install the Windows Installer CleanUp Utility, use a program such as Universal Extractor (aka UniExtract) to extract the individual files. Once you extract the files, you’ll notice msizap.exe does not exist, but you will find MsiZapA.exe and MsiZapU.exe.

There are two versions of MSIZAP.EXE: MsiZapA.exe (for use in Windows 95, Windows 98 and Windows ME), and MsiZapU.exe (for use in Windows NT, Windows 2000, Windows XP, and Windows Server 2003). The appropriate executable should be renamed MsiZap.exe.

Current msizap.exe options are as follows:

Usage: msizap T[WA!] {product code}
msizap T[WA!] {msi package}
msizap PWSA?!

* = remove all Windows Installer folders and regkeys;
adjust shared DLL counts; stop Windows Installer service
T = remove all info for given product code
P = remove In-Progress key
S = remove Rollback Information
A = for any specified removal, just change ACLs to Admin Full Control
W = for all users (by default, only for the current user)
M = remove a managed patch registration info
G = remove orphaned cached Windows Installer data files (for all users)
? = verbose help
! = force ‘yes’ response to any prompt

For more information on the Windows Installer Cleanup Utility and msizap.exe see KB290301.

Howto: Generate many files of a particular size in Windows

I was recently performing some performance testing that required me to copy many files of a particular size from one Windows XP workstation to a Windows 2003 server. I had a heck of a time figuring out how to batch generate the test files.

Finally I cam across the fsutil tool, which is included on both Windows XP and Windows Server 2003.

The syntax for using fsutil is:

fsutil file createnew filename filesize

I used a simple loop to create files of a particular size using fsutil. Running from a command prompt:

For /L %i in (1,1,25000) do fsutil file createnew A%i.tmp 12288

will create 25,000 files of 12288 bytes (12KB) named A1.tmp, A2.tmp, A3,tmp…

to run this loop in a .cmd file instead of from the command line replace single % with double percent signs

For /L %i in (1,1,10000) do fsutil file createnew B%i.tmp 65536

will create 10,000 files of 65536 bytes (64KB) named B1.tmp, B2.tmp, B3,tmp…

For /L %i in (1,1,2500) do fsutil file createnew C%i.tmp 131072

will create 2,500 files of 131072 bytes (128KB) named C1.tmp, C2.tmp, C3,tmp…

For /L %i in (1,1,1000) do fsutil file createnew D%i.tmp 1048576

will create 1,000 files of 1048576 bytes (1024KB or 1MB) named D1.tmp, D2.tmp, D3,tmp…

I was able to create hundreds of thousands of files of a very specific size in a short amount of time using this procedure.

The deltree command equivalent for Windows 2000, Windows XP, Windows Server 2003, and beyond

Good old DOS and versions of Windows prior to Windows 2000 included the deltree.exe command. The deltree command could remove a directory and all the files the directory contained. Subdirectories could also be deleted when the /s option is used. This was extremely helpful for removing a directory structure that contained many files and folders. It’s usually much faster to delete files from the command line, rather than through Windows Explorer.

To remove multiple levels of files and directories in Windows operating systems that do not have deltree.exe, use the rd.exe or rmdir.exe command:

rd directoryname /s
rmdir directoryname /s

where directoryname is the name and path to the directory you want to remove. This will also delete all files and subdirectories.

Use the following command to remove all files from a directory and it’s subdirectories while maintaining the directory structure:

del *.* /s /q

This uses the del.exe command to delete all files from the current directory and subdirectories. The /q option instructs del.exe to run in quiet mode and not to prompt you to remove every folder it encounters.

Howto: Use DiskPart.exe with BartPE and Windows Server 2003 to align the boot disk partition before Windows Server setup runs

You can’t run DiskPart to align the boot partition during Windows setup, so we’ll need to create the partition prior to starting setup.  We’ll need the Windows Server CD/DVD and a copy of BartPE to accomplish this.

1)  Download the BartPE Windows live CD/DVD and extract the contents.
To summarize, you’ll need to create a /diskpartition directory inside BartPE’s /plugins directory.  Inside the /diskpartition directory, create a text file named diskpartition.inf.  
Copy and paste the following into diskpartition.inf, then save the file 
Signature= "$Windows NT$"</div>
Name="Diskpart functionality in Win2k3 - SP1 only"
; Assisted with this understanding was:


; Runs dependent DLL registration for Application usage
; 0x1= REG_SZ
; 0x1, "Software\Microsoft\Windows\CurrentVersion\Run", "DiskPartSupport", "%systemroot%\system32\regsvr32.exe /s %systemroot%\system32\vss_ps.dll"
; removed because the reg key is not read unless you use explorer as a shell.

; Win2k3 SP1 Only: RpcSS needs to lanuch DComLaunch Service first.
0x7, "ControlSet001\Services\RpcSs","DependOnService","DcomLaunch"

; New DComLaunch Service in Win2k3 SP1
0x1,"ControlSet001\Services\DcomLaunch","Description","DCOM Services"
0x1,"ControlSet001\Services\DcomLaunch","DisplayName","DCOM Services"
0x1,"ControlSet001\Services\DcomLaunch","Group","<a target="_blank">Event Log</a>"
0x2,"ControlSet001\Services\DcomLaunch","ImagePath","svchost -k DcomLaunch"

0x1,"ControlSet001\Enum\Root\LEGACY_DCOMLAUNCH000","DeviceDesc","DCOM Services."

0x1,"Classes\CLSID\{E0393303-90D4-4A97-AB71-E9B671EE2729}",,"VDS ProxyStub"



3) From the BartPE directory, run pebuilder.exe.  Configure the source to point to your Windows Server 2003 .iso file or installation file source
4)  Press the plugins button and configure RpcSS Needs to launch DComLaunchService first – SP2 only to enabled and select Close
5)  Build the BartPE CD, burn it and boot it on your soon-to-be Windows server
6)  If needed, press F6 to specify your server’s storage drivers from a floppy, CD, DVD, or USB drive
7) No need to start BartPE networking, but it won’t hurt anything if you do
8 ) From the GO menu, select Run and type in Diskpart
9)  Type: Select Disk 1
10) Create your boot partition and specifiy the alignment by typing:
Create partition primary align=64
align=64 is the suggested number, but depending on what your system is going to be used for, you may chose to use 32, 64, 128, or some other number that is divisible by 8KB.
This will use all the free disk space to create the boot partition.  If you don’t want that, specify the size=xxxxx  option when creating the partition, where xxxxx is the partition size in megabytes:
Create partition primary size=20480 align=64
11)  Exit DiskPart and BartPE.  Boot from the Windows Server 2003 CD/DVD
12) If needed, press F6 to specify your server’s storage drivers from a floppy, CD, DVD, or USB drive
13) At the setup screeen that displays the paritions, choose the partition we just created to install Windows onto by pressing enter.  Continue with setup as normal.

Microsoft has finally fixed their methodology for disabling Autorun on Windows operating systems

Technet article 91525 describes a registry key that can be set to disable the Autorun feature in Windows operating systems. 

The registry key is NoDriveTypeAutoRun, which can be found at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

This key disables the Autoplay feature on all drives of the type specified.  Autoplay begins reading from a drive as soon as media is inserted in the drive. As a result, the setup file of programs and the sound on audio media starts immediately.

Unfortunately, this key did not produce the desired result of disabling the Double Click and Contextual Menu features.  Microsoft just released KB 953252, which describes how to obtain updates that correct these broken registry key settings in the following Windows Operating Systems:

Windows 2000
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1 and 2
Windows Vista

Note: Windows Server 2008 is not affected.

The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:

• Double Click
• Contextual Menu
• AutoPlay

These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

Please see KB 952252 for security updates to each applicable operating system to disable autorun capabilities.  This KB also describes Group Policy settings to disable all Autorun features, plus instructions on selectively disabling specific Autorun features.

If you’re still not sure why you’d want to disable Autorun, check out Scott’s article on Autorun attacks.

Mark’s Windows 2008 DNS Server Command Line Cheat Sheet

If you’re a command line type administrator like myself you’ll want to check out Mark’s Mark’s DNS Server command line cheat sheet. He’s summarized the Windows Server 2008 CLI commands relating to DNS administration.


DNSCMD option



Do any dnscmd command on a remote system

dnscmd servername command

dnscmd /zoneprint


Create a primary zone

dnscmd /zoneadd zonename /primary

dnscmd /zoneadd /primary


Create a secondary zone

dnscmd /zoneadd zonename /secondary master IP address

dnscmd /zoneadd /secondary


Host a zone on a server based on an existing (perhaps restored) zone file

dnscmd /zoneadd zonename /primary /file filename /load

dnscmd /zoneadd /primary /file /load


Delete a zone from a server

dnscmd /zonedelete zonename [/f]

dnscmd /zonedelete /f

(without the /f, dnscmd asks you if you really want to delete the zone)

Show all of the zones on a DNS server

dnscmd /enumzones

dnscmd /enumzones


Dump (almost) all of the records in a zone

dnscmd /zoneprint zonename

dnscmd /zoneprint

Doesn’t show glue records.

Add an A record to a zone

dnscmd /recordadd zonename hostname A ipaddress

dnscmd /recordadd mypc A


Add an NS record to a zone

dnscmd /recordadd zonename @ NS servername

dnscmd /recordadd @ A


Delegate a new child domain, naming its first DNS server

dnscmd /recordadd zonename childname NS dnsservername

dnscmd /recordadd test NS

This would create the “” DNS child domain unter the DNS domain

Add an MX record to a zone

dnscmd /recordadd zonename @ MX priority servername

dnscmd /recordadd @ MX 10


Add a PTR record to a reverse lookup zone

dnscmd /recordadd zonename lowIP PTR FQDN

dnscmd /recordadd 3 A

This is the PTR record for a system with IP address

Modify a zone’s SOA record

dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL

dnscmd /recordadd @ SOA 41 1800 60 2592000 7200

Ignores the serial number if it’s not greater than the current serial number

Delete a resource record

dnscmd /recorddelete zonename recordinfo [/f]

dnscmd /recorddelete @ NS /f

Again, “/f” means “don’t annoy me with a confirmation request, just do it.”

Create a resource record and incorporate a nonstandard TTL

dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord

dnscmd /recordadd pc34 3200 A


Reload a zone from its zone file in \windows\system32\dns

dnscmd /zonereload zonename

dnscmd /zonereload

Really only useful on primary DNS servers

Force DNS server to flush DNS data to zone file

dnscmd /zonewriteback zonename

dnscmd /zonewriteback


Tell a primary whom to allow zone transfers to

dnscmd /zoneresetsecondaries zonename /nonsecure|securens

dnscmd /zoneresetsecondaries /nonsecure

That example says to allow anyone who asks to get a zone transfer

Enable/disable DNS NOTIFY

dnscmd /zoneresetsecondaries zonename /notify|/nonotify

dnscmd /zoneresetsecondaries /nonotify

Example disables DNS notification, which is contrary to the default settings.

Tell a secondary DNS server to request any updates from the primary

dnscmd /zonerefresh zonename

dnscmd /zonerefresh


Enable or disable dynamic DNS on a zone

dnscmd /config zonename /allowupdate 1|0

1 enables, 0 disables, 0 is default


Stop the DNS service

Either net stop dns or sc stop dns


(No dnscmd command for this)

Start the DNS service

Either net start dns or sc start dns


(No dnscmd command for this)

Install the DNS service on a 2008 full install system

servermanagercmd -install dns



Install the DNS service on a 2008 Server Core system

ocsetup DNS-Server-Core-Role


Case matters — ocsetup dns-server-core-role would fail

Uninstall the DNS service on a 2008 Server full install system

servermanagercmd -remove dns



Uninstall the DNS service on a 2008 Server Core system

ocsetup /uninstall DNS-Server-Core-Role



You’ll need to become intimately familiar with administering DNS via the command line if you’re running the Server Core version of Windows 2008.

Gone in 47.11 Seconds

I was performing a little security audit today, and used PWdump to dump the contents of the SAM file from a Windows 2000 Domain Controller.

I took the results from PWdump and imported them into LMcrack.  It took 47.11 seconds to enumerate 617 of the 2272 account passwords.

47.11 Seconds

Next I ran Richard Mueller’s DocumentGroups.vbs script which dumped the group membership of all the domain’s Active Directory accounts to a file.

Now I had a list of user and their passwords, plus a list of user account group memberships.  Are you suprised that three users with Domain Admin membership were on the cracked.dic list? 

I bet the entire process, from PWdump to LMcrack to DocumentGroups.vbs took all of ten minutes.   The local network admin was not happy with the strength of his user’s passwords.  Maybe now he’ll start enforcing stronger passwords.

Windows Server 2008 Firewall Ports

Mark Empson has published a nice list of firewall ports used by Windows Server 2008.

Possible Rule name




Active Directory Domain Controller – LDAP (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote LDAP traffic. (TCP 389)



Active Directory Domain Controller – LDAP (UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote LDAP traffic. (UDP 389)



Active Directory Domain Controller – LDAP for Global Catalog (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Global Catalog traffic. (TCP 3268)



Active Directory Domain Controller – NetBIOS name resolution (UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow NetBIOS name resolution. (UDP 138)



Active Directory Domain Controller – SAM/LSA (NP-TCP-In)

Inbound rule for the Active Directory Domain Controller service to be remotely managed over Named Pipes. (TCP 445)



Active Directory Domain Controller – SAM/LSA (NP-UDP-In)

Inbound rule for the Active Directory Domain Controller service to be remotely managed over Named Pipes. (UDP 445)



Active Directory Domain Controller – Secure LDAP (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Secure LDAP traffic. (TCP 636)



Active Directory Domain Controller – Secure LDAP for Global Catalog (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Secure Global Catalog traffic. (TCP 3269)



Active Directory Domain Controller – W32Time (NTP-UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow NTP traffic for the Windows Time service. (UDP 123)



Active Directory Domain Controller (RPC)

Inbound rule to allow remote RPC/TCP access to the Active Directory Domain Controller service.

Dynamic RPC


Active Directory Domain Controller (RPC-EPMAP)

Inbound rule for the RPCSS service to allow RPC/TCP traffic to the Active Directory Domain Controller service.



Active Directory Domain Controller (TCP-Out)

Outbound rule for the Active Directory Domain Controller service. (TCP)



Active Directory Domain Controller (UDP-Out)

Outbound rule for the Active Directory Domain Controller service. (UDP)



DNS (TCP, Incoming)

DNS inbound



DNS (UDP, Incoming)

DNS inbound



DNS (TCP, outbound)

DNS outbound



DNS (UDP, outbound)

DNS outbound



DNS RPC, incoming

Inbound rule for the RPCSS service to allow RPC/TCP traffic to the DNS Service



DNS RPC, incoming

Inbound rule to allow remote RPC/TCP access to the DNS service

Dynamic RPC


Nice reference Mark. I was just looking for a similar list for Windows Server 2003 R2 Domain Controllers, and had to pull the information from a variety of sources. I couldn’t find a nice summary like you’ve made.

Updated Documentation: Changes in Functionality From Windows Server 2003 With SP1 to Windows Server 2008


Microsoft has released a massive new document titled Changes in Functionality From Windows Server 2003 With SP1 to Windows Server 2008.

This document is 341 pages, and it applies to the released version of Windows Server 2008. It does not describe all of the changes that are included in Windows Server 2008, but instead highlights changes that will potentially have the greatest impact on your use of Windows Server 2008 and provides references to additional information.

The following topics have been added since the September 2007 version of this document:

· Authorization Manager

· Storage Manager for SANs

· Security Configuration Wizard

· Volume Activation

Topics about the following technologies or features received updates:

· DNS Server Role

· Server Manager

· Streaming Media Services

· Terminal Services

· Virtualization Role

· Windows Deployment Services Role

· Windows Server Backup

If you’ll be deploying Windows Server 2008 anytime soon, make sure to check it out.


Get every new post delivered to your Inbox.

Join 32 other followers