Archive

Archive for the ‘Windows’ Category

Change windows 2008 RDP Port from command line

February 22, 2012 Leave a comment

You can follow the steps mentioned below to change the windows 2008 rdp port from command line. The windows “reg” command is used for this purpose.

1) Start command prompt by typing “cmd” in Run .

2) To get the current RDP port number.

REG QUERY "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber

The above command will display RDP port in hexadecimal format. To convert from hexadecimal to decimal use the python interpreter or some other tools you like,

u1@h1:~$ python -c "print int(0xd3d)"
3389
u1@h1:~$ 

3) If you want to change the port number to 10000, convert it to hexadecimal format as follows,

u1@h1:~$ python -c "print hex(10000)"
0x2710
u1@h1:~$

Overwrite the data section of key value PortNumber with the new port number(0x2710 = 10000 ).

REG ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x2710 /f

4) Now restart terminal services. If you are logged in using rdp, then
better restart terminal services from “services.msc”

NOTE: Before restarting terminal services make sure that new rdp port is opened in firewall.

net stop TermService /y
net start TermService /y

That’s it:)

Now verify that its running using “netstat”

netstat -ano|findstr /i "10000"
Categories: Windows

Linux rdesktop client disk device redirection

February 11, 2012 3 comments

 

While using rdesktop to access a windows machine from linux we can specify device redirection(with -r command line option) for a local folder in linux machine. This makes a folder in linux client to be mounted as a share in windows machine, which can be viewed from windows “My Computer”.

 

The following example demonstrates the procedure to map a directory named “/home/u1” in linux machine to a share named “test” in windows.

 

[u1@TOO4]$ pwd
/home/u1
[u1@TOO4]$ rdesktop -r disk:test=/home/u1 68.44.51.20 -u user -p’pass’
Autoselected keyboard map en-us
WARNING: Remote desktop does not support colour depth 24; falling back to 16

 

The mounted share as viewed from inside the windows machine is shown in the image below,

 

DirectoryMounted

 

This option could be used for easily transferring files between linux and windows machine.

 

 

Plesk change admin password (Windows)

February 7, 2012 Leave a comment

In order to change the plesk password of a windows server to “1LOvePl3sk!”(without quotes) from command line, please follow the below steps:

cd %plesk_bin%
plesksrvclient.exe -set 1LOvePl3sk! true -nogui
Categories: Plesk, Windows

This file came from another computer and might be blocked to help protect this computer

October 27, 2011 6 comments

Recently I encountered the following situation while trying to install php in IIS. After downloading and extracting the php files to “C:\Program Files(x86)\PHP”, I saw that all the files and folders inside that directory was blocked due to some inherent group policy settings.

This file came from another computer and might be blocked to help protect this computer

In order to solve this issue I downloaded the “streams” utility from sysinternals website and copied the “streams” binary to “C:\Windows“. You can copy the binary to any other directory which is included in the PATH environment variable(it can be viewed using “echo %PATH%“).

streams” binary provides two switches “-s” (for recursive action) and “-d” (for deleting streams). The details is provided below. After changing directory to “C:\Program Files(x86)\PHP” I ran “streams -d -s *” to remove the block from all files and folders inside the PHP directory.


C:\Program Files (x86)\PHP>streams

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - http://www.sysinternals.com

usage: streams [-s] [-d]
-s Recurse subdirectories
-d Delete streams

C:\Program Files (x86)\PHP>streams -d -s *

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - http://www.sysinternals.com

C:\Program Files (x86)\PHP_TEST\dev\php5ts.lib:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_bz2.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_curl.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_enchant.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_exif.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_fileinfo.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_gd2.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_gettext.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_gmp.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_imap.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_interbase.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_intl.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_ldap.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_mbstring.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_mysql.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_mysqli.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_oci8.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_oci8_11g.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_openssl.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_firebird.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_mysql.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_oci.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_odbc.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_pgsql.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pdo_sqlite.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_pgsql.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_shmop.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_snmp.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_soap.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_sockets.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_sqlite.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_sqlite3.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_sybase_ct.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_tidy.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_xmlrpc.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP_TEST\ext\php_xsl.dll:
Deleted :Zone.Identifier:$DATA
C:\Program Files (x86)\PHP>

The reason for this blocking issue is that the “Do not preserve zone information in file attachments” setting was disabled. Details of this feature as collected from windows help is pasted below,

This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (i.e. restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information Windows cannot make proper risk assessments.

If you enable this policy setting Windows does not mark file attachments with their zone information.

If you disable this policy setting Windows marks file attachments with their zone information.

If you do not configure this policy setting Windows marks file attachments with their zone information.

To solve this issue for future downloads follow the steps mentioned below,

Step 1) Take run and type “gpedit.msc”
Take run prompt and type "gpedit.msc"

Step 2) In group policy editor choose “User configuration”

Step 3) Under “User configuration” choose “Administrative Templates”

Step 4) Under “Administrative Templates” choose “Windows Components”

Step 5) Under “Windows Components” choose “Attachment Manager”

Step 6) Double click the setting “Do not preserve zone information in file attachments” and “enable” it and then click “Apply”.

From now onwards the newly downloaded files won’t be blocked by default. Hope this might help someone:)

Categories: Windows

Open rdesktop port 3389 in firewall via command line

October 24, 2011 4 comments


netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389

In order to block remote access to a particular service(say mssql, port 1433) from an ip 22.75.175.213 , use the following from command line.



netsh advfirewall firewall add rule name="Block mssql attack ips" dir=in action=block protocol=TCP localport=1433 remoteip=22.75.175.213

Categories: Windows