If you ever experience an issue where clients don’t get correct IP addresses or your PXE Service might not work or respond, then before knocking on the Network guy’s door, you might want to run the RogueChecker utility. The RogueChecker utility is a nice little FREE tool that can help detecting rogue (misconfigured or unauthorized) DHCP servers in your network.

To get the tool reporting a rogue server I enabled both the Microsoft DHCP server and the integrated DHCP Service on our Wireless Access point. 

The tool provides the following features:

• The tool can be run one time or can be scheduled to run at specified interval.
• Can be run on a specified interface by selecting one of the discovered interfaces.
• Retrieves all the authorized DHCP servers in the forest and displays them.
• Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information
• Minimize the tool, which makes it invisible. A tray icon will be present which would display the status.

The tool can be downloaded from the Microsoft Windows DHCP Team Blog.

During the past weeks we have seen quite some messages about the MS10-015 security update which can cause bluescreens after being installed. According to a recent post on the Microsoft Security Response Center blog there is a revised installation package for MS10-015 that prevents the update from installing if abnormal conditions exist such as an infection of a computer virus as the Alureon rootkit. More details about the updated MS10-015 security update can be found here

In addition Microsoft today also released the Kernel Update Compatibility Assessment Tool that allows systems administrators who are concerned about deploying MS10-015 throughout their enterprise to perform an upfront assessment to identify clients that could have a compatibility issue with MS10-015.

Beside the Compatibility Tool mpsyschk.exe itself Microsoft has also added a sample batch file that could be added to a corporate logon or startup script. The script executes mpsyschk.exe and reports the status into a log file that can be stored on a central share. In a very large environment you also want to consider to write the status into a local log file and collect the results through a custom inventory on your Systems Management system.

Just found another nice FREE Utility. As the name says SoftPerfect Network Scanner allows you to scan your network and allows you to find any IP, NetBIOS or SNMP enabled devices. The tool also supports Remote WMI, Registry and Service access that can be customized to your own needs.

The Tool does not require installation. Download SoftPerfect Network Scanner from here

If you have BranchCache deployed within your enterprise environment you might be interested in the
BranchCache Bandwidth Saving Calculation PowerShell Script for the SMB Protocol which allows you to collect and measure the amount of WAN bandwidth that is saved by your BranchCache deployment.

Get the documentation and script from here

For those of you that do already use Windows 7 DirectAccess or plan to do so in the near future have a look at the Microsoft DirectAccess Connectivity Assistant (DCA).

The Microsoft DirectAccess Connectivity Assistant (DCA) helps organizations reduce the cost of supporting DirectAccess users and significantly improve their connectivity experience. DCA informs mobile users of their connectivity status at all times; provides tools to help them reconnect on their own if problems arise; and creates diagnostics to help mobile users provide IT staff with key information if necessary—all to help customers operate with more efficiency, and at a lower cost.

DCA adds an icon to the Taskbar and informs users about their DirectAccess Connectivity Status and Configuration.

More information and download details for DCA can be found here

Related Articles
Windows7 – DirectAccess video
DirectAccess in Windows 7 and Windows Server 2008 R2

During an Application Compatibility webcast I attended recently the presenter mentioned the Fiddler Tool. There are many network traffic monitoring Tools out there, but if you are just after capturing HTTP traffic, this one should get your attention.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data

Fiddler is FREE and can be downloaded from here and some demonstration videos here

Yesterday evening I was reading Justin Rodino’s blog post “Dear Adobe, I Don’t Want Your Stupid Desktop Icon (nor your software anymore)” where he mentions the Foxit Reader which is an alternative PDF Reader.

Since the Adobe Reader has become the de facto standard for reading PDF files, most people don’t spend any thoughts on replacing it by another software product.  Personally I don’t have much of an issue with the desktop shortcut it creates (Justin does..), but I have always been wondering why the Adobe Reader has such a large footprint. A fresh install of the Adobe Reader 9.03 takes approx. 213 MB, when removing the Setup Files which are left in the application installation folder, the Reader still consumes 99 MB. To install Adobe Reader you must first download the Adobe Reader installer which is 27 MB.

To Install the Foxit Reader you must download the Setup package which is only 5.3 MB and once installed the Foxit Reader only uses 9.6 MB. In all fairness I did not look at the functionality differences of the two tools, well possible that the Adobe Reader does provide more functionality and therefore requires a larger footprint. However most of us use the Adobe Reader just to read PDF files and that is what the Foxit Reader allows you to do as well, with just a much smaller application footprint.

The Foxit Reader can be downloaded from here and a feature overview can be found here. The Foxit Reader is available for Windows, Linux, and Windows Mobile.

Having trouble with a client not getting updates from your Windows Update Services Server ? Then have a look at the WSUS Client Diagnostics Tool.  The tool performs various system checks and tests the communication between your client and the WSUS server.

The Tool can be downloaded from the Windows Server Update Services Tools and Utilities site at Microsoft TechNet.

I’m currently busy with integrating the Symantec Endpoint Protection software into a Windows 7 build for one of our customers. I wondered if the Security team had really provided me with the latest and greatest version and ended up searching for that information on the Symantec web site where I came across a post mentioning the Symantec Endpoint Protection Support Tool.

For those that have a SEP 11 version prior RU5 the tool can be downloaded from here and as of RU5 (11.0.5002.333) the tool can also be downloaded from within the Symantec Endpoint Protection client by opening the Client user interface and selecting Help & Support > Download Support Tool.

when completed all results are listed in categories.

and for my case, answering my question whether I am using the latest and greatest version.

The tool provides much more information than just the current version, so if you are a Security Professional (then you probably know this tool already) or an IT Pro this is a must have for SEP troubleshooting or information gathering.

Additional Information: (thanks to Grant Hall)
About the Symantec Endpoint Protection Support Tool
The Symantec Endpoint Protection Support Tool

In an earlier post Using BITS for file downloads I wrote about how to use BITS for file transfers. Today I had a BITS related topic at work, so needed a brief refresher and found some additional interesting things.

First I came across a TechNet Utility Spotlight article Scripting Trouble-Free downloads with BITS. If you are interested in creating your own BITS based download scripts, read this article and download the provided bitsjob.vbs and bitsjob.cmd files. Note that the article is dated back from 2006, so no mention about Windows 7 here, but no worries bitsadmin.exe is included in Vista and Windows 7 already.

But then a few clicks later I came across this awesome nice FREE Tool called Bits GUI Admin. The tool provides a detailed view on all running BITS processes on your machine, so useful for troubleshooting as well. Note that the utility download does include a (old) bitsadmin.exe as well, but if you are running Windows Vista, Windows 7 or Server 2008(R2), I recommend that you overwrite that with the version of the OS. If you are running Windows XP or Server 2003, use the latest version which is available in the Service Pack 2 SP2 support tools.

The tool does not require installation, so just extract the files, update if the bitsadmin.exe if you like  and launch the bitsguiadmin.exe as Administrator. If you don’t see any existing processes running, simply go to Windows Update and select an available optional or security update to be installed or run a bitsadmin.exe command as described in one of my previous posts.

Bits GUI Admin can be downloaded from here

Related Articles
Vista SP1 download using BITSADMIN
Using BITS for file downloads

Microsoft has spend a great effort on optimizing the power consumption for Windows 7, But here’s another FREE tool that I consider as a nice enhancement over the build in features in Windows 7. Power Plan Assistant for Windows 7 can be downloaded from here. For a brief feature overview read this.

My favorite feature is the instant “Power off the Display” option that can be invoked with just a double click on the tool’s tray icon.

Related Articles
ToolTip – PowerPlan Switcher for Windows
Power Consumption in standby mode
Windows 7 Energy Efficiency
Troubleshoot Power Management Settings in Windows 7

Assume that for whatever reason occasionally you do not want your system to enter the sleep mode, but you also do not want to change your power plan ? Then have a look at insomnia a free tool to temporarily prevent a machine from going to sleep.

The Tool can be downloaded from here:

During my periodic visit on CodePlex I came across the Windows Services Dependency Viewer utility. The tool provides access to the following information:

• Windows service dependent and antecedent services
• Services grouped by process
• Service details (from Win32_Service WMI class)
• Service process details (from Win32_Process WMI class

This tool might come in handy once you start changing a specific Service’s startup mode.

The Windows Services Dependency Viewer can be downloaded from here Additional documentation can be found here

Related Posts
Windows Services, what changed from Vista to Windows7 Part1
Windows Services, What changed from Vista to Windows7 – Part2

Microsoft Security Essentials (MSE) is Microsoft’s free Antivirus Software which helps protecting clients against viruses and spyware. For years I had used other free Antivirus programs on my home based clients, but have switched them all to MSE since it’s release in September 2009.

The MSE binaries are located in the following folder: C:\Program Files\Microsoft Security Essentials. In that folder we also find the MpCmdRun.exe which provides a command line interface for MSE. The tool provides the following options:

-? / –h
Displays all available options for this tool

-Trace [-Grouping #] [-Level #]
Starts diagnostic tracing

-RemoveDefinitions [-All]
Restores the installed signature definitions to a previous backup copy or to the original default set of signatures

-RestoreDefaults
Resets the registry values for Microsoft Antimalware settings to known good defaults

-SignatureUpdate [-UNC]
Checks for new definition updates

-Scan [-ScanType]
Scans for malicious software

-Restore -Name <name> [-All]
Restore the most recently or all quarantined item(s) based on name

-GetFiles
Collects support information

When I booted my Windows 7 client this afternoon, the virus and spyware definition status was set as shown in the picture below.

After running mpcmdrun –SignatureUpdate the definition files were updated.

When using the –scan option you can define whether you want to run a default, quick or full system scan. To run a quick scan simply type MpCmdRun –scan –1 at the command prompt.

By running MpCmdRun –Getfiles a file called MPSupportFiles.cab is being generated and stored under C:\ProgramData\Microsoft\Microsoft Antimalware\Support. The cab file contains all relevant data related to MSE. (log files, registry settings and events)

Additional Information
Microsoft Security Essentials Home
MSE – Microsoft Security
How to manually download the latest definition updates for Microsoft Security Essentials

Intel vPro/AMT enabled systems allow you to remotely reboot a system from a redirected CD-ROM aka as IDE-R.  So if one of your users devices doesn’t boot its OS properly anymore, you can remotely boot that system with a diagnostics CD that you have stored on your local disk drive.

As long as that recovery CD has a text based interface such as the SystemRescueCD the system can be remotely managed through the remote VT100 terminal, but unfortunately that doesn’t work for graphical interfaces such as WinPE. So we need an alternative method to remotely manage that device. Since Microsoft’s own remote desktop (RDP) does not work under Windows PE, we are going to use VNC which is small and FREE.

Assuming that some of you might be interested to try this out themselves, here’s what you need:

• Intel  Manageability Developer Tool Kit
• Windows Automated Installation Kit (AIK) for Windows 7
• UltraVNC

You will need two clients, where one serves as your administration console and the other as the client which you are going to remotely manage. Make sure that at least the second client (the one that your remotely manage) have vPro/AMT enabled. Here’s a video that explains how to configure your client in SMB mode, which is good enough to test this scenario.

First install the Intel Manageability toolkit on the Administration Console client, which contains the Manageability Commander Tool and allows us to connect to the AMT enabled device, configure IDE-R and power on and off the machine remotely.  Register the client within the console through File, Add, Add Intel AMT Computer.

Once the client is registered click on the “Connect” button.

When the connection is established, select the Remote Control Tab and click on the “Take Control” button.

Now let’s move to the VNC Installation and configuration. Install UltraVNC Server and Viewer on the Administrator Console client.  When installed, start the VNC Server and configure it.  There are a lot of configuration settings available, configure at least the following ones: Authentication – set a password for full and view only access. Misc – To avoid graphics related issues, i proactively disabled Aero and Wallpapers. Query on incoming connection – Default Action set to Accept.

Now copy the following files located under C:\Program Files\UltraVNC\ into a new separate folder like C:\PE_VNC. These are the files that we will integrate into WinPE.

authadmin.dll
authSSP.dll
ldapauth.dll
logging.dll
logmessages.dll
SCHook.dll
vnchooks.dll
workgrpdomnt4.dll
MSLogonACL.exe
uvnc_settings.exe
vncviewer.exe
winvnc.exe
ultravnc.ini

The last thing we need to prepare now is the bootable ISO which includes WinPE. I assume you are familiar with creating a WinPE boot image, if not have a look at the Walkthrough: Create a Custom Windows PE image documentation on TechNet. Once you are at “Step 5 of the above referenced Walkthrough (Add Additional Customizations) you can add the VNC Server sources that you copied into C:\PE_VNC.

To avoid that you get the “Press any key to boot from CD” message when remotely booting the client from the redirected CD-ROM, you must remote the bootfix.bin file from the boot folder within your mounted image.

if you are familiar with WinPE, I also recommend that you look at the Walkthrough: Create an Optimized Windows PE Image. Optimizing your WinPE image can help you to reduce the size of your WinPE image, which helps reducing network traffic and boot time. By optimizing my WinPE image I managed to reduce its size from 152 MB down to 98 MB.

Now that we have our WinPE ISO file, let’s go back to the Intel Manageability Commander Tool. Select Disk Redirect menu, Change Target CD-ROM, Redirect to Image File and point to the previously created ISO file. Then select the Disk Redirect menu again and select Redirect Active.
Finally we can now boot the remote client from the redirected CD-ROM. Select Remote Command, Remote Reboot to Redirect CD.

Because now the whole ISO file content is being transferred over the wire, you will have to be patient, booting from a redirected CD-ROM can easily take a few minutes.  Remember that we removed the bootfix.bin file form WinPE, so if all goes well, the client will immediately boot into WinPE.

There is one thing which i have not yet figured out, and that is a convenient way how to find out the assigned IP address of the remote client, but maybe that is just an issue related to my test environment. So for the my own convenience I added some code to the startnet.cmd batch file, which displays the assigned IP Address.

Below you find the most important part of the startnet.cmd

: enable networking
wpeinit
: disable firewall
wpeutil disablefirewall

:: +——————————————————————–+
:: Start a minimized command prompt for troubleshooting
:: +——————————————————————–+
echo  * Starting a fallback console for troubleshooting…
start /min cmd.exe /k trouble.cmd

:: +——————————————————————–+
:: Launching VNC
:: +——————————————————————–+
echo  * Starting VNC…
x:
cd x:\vnc
start winvnc.exe

Echo  * Gathering IP Address
IPCONFIG |FIND "IP" > %temp%\TEMPIP.txt
FOR /F "tokens=2 delims=:" %%a in (%temp%\TEMPIP.txt) do set IP=%%a
del %temp%\TEMPIP.txt
set IP=%IP:~1%
echo %IP% >%temp%\ip.txt
echo The current IP address is "%IP%"

So let’s assume you know the IP address (the user was kind enough to read it for you) you can now initiate a remote desktop session through the VNC Viewer. I personally had an issue where the VNC viewer crashed right after establishing the connection with the remote client. I managed to get rid of that by setting the Connection Options to only use 256 Colors instead of Full Colors.

If all went well you should now be able to remote control your client.

I hope this was useful. As always, feedback and comments are more than welcome.

Alex