Windows Password Manager

start–>run–>rundll32.exe keymgr.dll, KRShowKeyMgr

Posted in Computers and Internet | Leave a comment

10 Powershell Concept

1: PS1 files

A PowerShell script is really nothing more than a simple text file. The file contains a series of PowerShell commands, with each command appearing on a separate line. For the text file to be treated as a PowerShell script, its filename needs to use the .PS1 extension.

2: Execution permissions

To prevent the execution of malicious scripts, PowerShell enforces an execution policy. By default, the execution policy is set to Restricted, which means that PowerShell scripts will not run. You can determine the current execution policy by using the following cmdlet:

Get-ExecutionPolicy

The execution policies you can use are:

  • Restricted – Scripts won’t run.
  • RemoteSigned – Scripts created locally will run, but those downloaded from the Internet will not (unless they are digitally signed by a trusted publisher).
  • AllSigned – Scripts will run only if they have been signed by a trusted publisher.
  • Unrestricted – Scripts will run regardless of where they have come from and whether they are signed.

You can set PowerShell’s execution policy by using the following cmdlet:

Set-ExecutionPolicy <policy name>

3: Running a script

For years now, if you wanted to run an executable file from the command line the practice was to navigate to the file’s path and then type the name of the executable file. However, this age-old method doesn’t work for PowerShell scripts.

If you want to execute a PowerShell script, you will usually have to type the full path along with the filename. For example, to run a script named SCRIPT.PS1, you might type:

C:\Scripts\Script.ps1

The big exception is that you can execute a script by simply typing its name if the folder containing the script is in your system’s path. There is also a shortcut you can use if you are already in the folder containing the script. Instead of typing the script’s full path in such a situation, you can enter .\ and the script’s name. For example, you might type:

.\Script.ps1

4: Pipelining

Pipelining is the term for feeding one command’s output into another command. This allows the second command to act on the input it has received. To pipeline two commands (or cmdlets), simply separate them with the pipe symbol (|).

To help you understand how pipelining works, imagine that you want to create a list of processes that are running on a server and sort that list by process ID number. You can get a list of processes by using the Get-Process cmdlet, but the list will not be sorted. However, if you pipeline the cmdlet’s output into the Sort-Object ID command, the list will be sorted. The string of commands used looks like this:

Get-Process | Sort-Object ID

5: Variables

Although you can use pipelining to feed one command’s output into another command, sometimes pipelining alone won’t get the job done. When you pipeline a command’s output into another command, that output is used immediately. Occasionally, you may need to store the output for a while so that you can use (or reuse) it later. This is where variables come into play.

It’s easy to think of a variable as a repository for storing a value, but in PowerShell, a variable can store a command’s full output. For example, suppose you want to store the list of processes running on a server as a variable. To do so, you could use this line of code:

$a = Get-Process

Here, the variable is named $a. If you want to use the variable, simply call it by name. For example, typing $a prints the variable’s contents on the screen.

You can assign a variable to the final output of multiple commands that have been pipelined together. Just surround the commands with parentheses. For example, to sort the running processes by process ID and then assign the output to a variable, you could use this command:

$a = (Get-Process | Sort-Object ID)

6: The @ symbol

By using the @ symbol, you can turn the contents of a list into an array. For example, take the following line of code, which creates a variable named $Procs that contains multiple lines of text (an array):

$procs = @{name="explorer","svchost"}

You can also use the @ symbol when the variable is used, to ensure that it is treated as an array rather than a single value. For instance, the line of code below will run the Get-Process cmdlet against the variable I defined a moment ago. In doing so, Windows will display all the processes used by Windows Explorer and Svchost. Notice how the @ symbol is being used in front of the variable name rather than the dollar sign that we usually see used:

Get-Process @procs

7: Split

The split operator splits a text string based on a character you designate. For example, suppose that you want to break a sentence into an array consisting of each individual word in the sentence. You could do so by using a command like this one:

"This is a test" -split " "

The result would look like this:

This
is
a
test

8: Join

Just as split can split a text string into multiple pieces, the join operator can combine multiple blocks of text into one. For example, this line will create a text string consisting of my first name and last name:

"Brien","Posey" -join " "

The space between the quotation marks at the end of the command tells Windows to insert a space between the two text strings.

9: Breakpoints

Running a newly created PowerShell script can have unintended consequences if the script contains bugs. One way to protect yourself is to insert breakpoints at strategic locations within your script. That way, you can make sure that the script is working as intended before you process the entire thing.

The easiest way to insert a breakpoint is by line number. For instance, to insert a break point on the 10th line of a script, you could use a command like this:

New-PSBreakpoint -Script C:\Scripts\Script.ps1 -Line 10

You can also bind a breakpoint to a variable. So if you wanted your script to break any time the contents of a$ changed, you could use a command like this one:

New-PSBreakpoint -Script C:\scripts\Script.ps1 -variables a

Notice that I didn’t include the dollar sign after the variable name.

There are a number of verbs you can use with PSBreakpoint including New, Get, Enable, Disable, and Remove.

10: Step

When debugging a script, it may sometimes be necessary to run the script line by line. To do so, you can use the Step-Into cmdlet. This will cause the script to pause after each line regardless of whether a breakpoint exists. When you are done, you can use the Step-Out cmdlet to stop Windows from stepping through the script. It is worth noting, however, that breakpoints are still processed even after the Step-Out cmdlet has been used.

Incidentally, if your script uses functions, you may be interested in the Step-Over cmdlet. Step-Over works just like Step-Into, except that if a function is called, Windows won’t step through it. The entire function will run without stopping.

1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:

Get-Help -Name Get-Process

and Windows will display the full command syntax.

You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:

Get-Help -Name Get-*

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:

  • Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
  • All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.
  • Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.
  • Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.

You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:

Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.

4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state.

5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.

To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.

To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:

Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:

Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:

Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:

Get-EventLog -Log "Application"

Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file.

9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.

10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:

Stop-Process -Name notepad
Stop-Process -ID 2668

Keep in mind that the process ID may change from session to session.

=================================================

Find system hogging files

function Get-LargeFiles( )
{
Param ( [ Parameter( Position = 0,
HelpMessage = “Enter the full path to a directory to examine for large files (default C:\)” ) ] [string]$Path = “C:\”,
[ Parameter( Position = 1,
HelpMessage = “Enter size (in units as given, default is 1)” ) ] [int]$Size = 1,
[ Parameter( Position = 2,
HelpMessage = “Enter file size units: KB, MB or GB (default is KB)” ) ] [string]$Units = “KB” )

switch ( $Units )
{
“MB” { $Size = $Size * 1MB; }
“GB” { $Size = $Size * 1GB; }
default { $Size = $Size * 1KB; }
}

Get-ChildItem -path $Path -recurse | Where-Object { Test-Path -Path $_.PSPath -PathType Leaf } | Where-Object { $_.Length -gt $Size} | Sort-Object -property length -Descending
}

===============================================================

#1: Report all of the USB devices installed

PowerShell is Windows Management Instrumentation (WMI) aware. From PowerShell, you can make a WMI call to retrieve the USB devices installed in a local or remote system:

gwmi Win32_USBControllerDevice -computername SERVER1 |fl Antecedent,Dependent

This will apply a filter to bring back the antecedent and dependent fields from the SERVER1 computer. Should you want the full export, you can omit the pipe and filter statement to have a comprehensive export of the USB devices on a system. I have found this useful to maintain a report for servers that have a USB license device installed so that their connectivity is maintained from the device perspective.

#2: Perform your favorite CMD tasks in PowerShell

Yes, you can stop using the DOS prompt and start doing all of those same tasks within PowerShell. This can make learning a little easier and help you become more familiar with the interface. Unfortunately, from the run prompt, there is no three-letter launcher like cmd. But powershell will launch it. You can also assign a shortcut key to PowerShell so Ctrl + Shift + P launches it directly.

#3: Kill a process in PowerShell instead of Task Manager

When you have a Windows service running that will not respond to stop commands, you can use PowerShell to perform the equivalent actions of ending the task within Task Manager. For instance, you’d do the following for BadThread.exe:

get-process BadTh*

The results will be similar to this:

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
28       4  -210844    -201128  -163    25.67   2792 BadThread

Once the Process ID has been identified, you can kill the errant process by entering:

stop-process -id 2792

At that point, the BadThread example will be hard stopped and you can resume your attempt to start the service. You can do that right here in PowerShell as well.

#4: Use PSDrive to view more than just drives

The PSDrive command lets you view objects of the Windows environment beyond traditional network, local, or removable drives. One popular view is the HKLM PSDrive to view the HKEY_LOCAL_MACHINE top-level hive of the registry. To get into the registry, enter the following command:

PS    C:>        cd HKLM:
PS    HKLM:/>

You are then transported into the registry hive and can view and even delete items, should you wish.

#5: Export NTFS folder permissions — recursive or not

Managing NTFS permissions is a whole separate matter, but with PowerShell, you can export the permissions to audit access or take a quick look at access control lists (ACLs) for the security configuration. This can be a great accountability mechanism to run in a scripted format periodically — or you can run it on demand to diagnose a particular issue. For example, take the following iteration:

PS    E:>Get-Acl N:Data

This will give you a quick report of your security rights to the specified path (note that it won’t give the share access). That alone is nothing too exciting, as it will report only the single specified path, but if you want to include recursion for the entire path, you can use other strategies. For the same path (N:\Data), you’d use the Get-ChildItem command (cmdlet) within PowerShell, combined with the Get-Acl command. Consider the following example:

PS    E:>Get-ChildItem N:Data -recurse | Get-Acl

This will span the entire N:\Data path and display the ACLs for the contents of the path. What happens here is that the Get-ChildItem provides an inventory of the file system objects, and that collection is passed to Get-Acl to provide the results for each item.

If you want to archive this to a comma-separated variable (CSV) document, you pass “| export-csv c:\filename.csv” at the end of the cmdlet. You can also pass the normal “> C:\filename.txt” to the end of the command to get it exported to a text file. Note that when you use the -recurse option, it does just that and will traverse the entire path you specify. So be careful when doing it across a large volume or over the network.

#6: Play with PowerShell 2.0

PowerShell 2.0 is in the Community Technology Preview (CTP) stage. It includes a graphical interface, Graphical PowerShell, and it is cool. The PowerShell scripts are saved as .ps1 files, making it easy to modify, import, and transfer scripts across systems. Figure A shows our NTFS permissions example while running in the graphical mode.

Figure A


One note on PowerShell 2.0: You have to configure the execution policy through PowerShell (nongraphical version) before using the tool. Configure one of the following execution policies:

PS C:>Set-ExecutionPolicy Restricted      (check only)
PS C:>Set-ExecutionPolicy AllSigned       (most secure)
PS C:>Set-ExecutionPolicy RemoteSigned    (medium secure)
PS C:>Set-ExecutionPolicy Unrestricted    (least secure)

When deciding to evaluate PowerShell 2.0, note that the WS-MAN v1.1 package is required, and if you want to use the graphical interface, Microsoft .NET Framework 3.0 is required.

#7: Work from the keyboard in Graphical PowerShell

If you are familiar with the Microsoft SQL Query Analyzer environment, you will appreciate some of these keyboard shortcuts. In Graphical PowerShell, you can select a single line or multiple lines and execute them by pressing the F5 key. Also, if you have modified your script, the familiar Ctrl + S to save, Ctrl + Z to undo, Ctrl + C to copy, and Ctrl + V to paste are available to save you time in the editing and testing.

#8: Background a time-consuming task

If you have a cmdlet that will take some time to run, you can use PowerShell to send it to the background to complete. In this way, you can send a series of commands to execute at once and let them complete on their own schedule. The command to launch a background job leads with the start-psjob -command parameter. You can query PowerShell on the status of any of the jobs with the following command:

PS C:>get-psjob

You’ll see a table of results showing the current status of your jobs, with a session identifier that is unique for each job. Figure B shows one failed job.

Figure B

You can remove the failed job by running the following command:

PS C:>remove-psjob 9

#9: Insert timestamps into PowerShell outputs

For your PowerShell tasks, you can have a timestamp entered in series so you can determine how long a single step occurs or to use as a logging mechanism for your scripts. I find this handy in Graphical PowerShell when I’m testing scripts. To insert a timestamp, enter one of the following commands as a single line within your .ps1 file:

Command Output example
“$(Get-Date -format g) Start logging” 2/5/2008 9:15 PM
“$(Get-Date -format F) Start logging” Tuesday, February 05, 2008 9:15:13 PM
“$(Get-Date -format o) Start logging” 2008-02-05T21:15:13.0368750-05:00

There are many other formats for the Get-Date command, but these three options would generally suite most applications for timestamp purposes.

#10: Stop and smell the roses

Within PowerShell, some commands have results that scroll through the screen very quickly. If you are not exporting the results to a file, it may be impossible to view the onscreen interaction. Let’s again use the Get-ChildItem command from previous example. This command can return many results depending on your path contents. We’ll create a function called EasyView to make it easy to view the results onscreen by displaying one line every half-second. The EasyView function would be created as follows:

function EasyView { process { $_; Start-Sleep -seconds .5}}

To make a PowerShell command use the EasyView function, call it with a pipe at the end of the command and then the function name as shown below:

Get-ChildItem N:Data | EasyView

The EasyView function is configured to display lines at a half-second interval. You can also use milliseconds for the value.

================================================================

Active Directory

Script 1: Show user accounts with a non-expiring password

The following PowerShell script will show user accounts with the password set to not expire, sorted by the user name, object class (user, computer, etc.), and UPN fields:

Search-ADAccount -PasswordNeverExpires | FT Name,  ObjectClass, UserPrincipalName

The output will list user accounts that do not have a password expiration, as shown in Figure A.

Figure A

Script 2: Display phone number values for all user accounts

Many organizations use Active Directory as a telephone directory. But there are usually some phone numbers that are unaccounted for. The following script will show the phone number value for the usernames of all user accounts:

Get-AdUser -Filter * -Properties OfficePhone | FT OfficePhone,UserPrincipalName

Each user and office phone number is displayed with this command, as shown in Figure B.

Figure B

More resources

The Active Directory Module for PowerShell provides an incredible realm for managing all aspects of Active Directory. The following resources can help you springboard additional Active Directory user management with PowerShell:

=======================================================

Extract Fields from AD

# Start of script

I needed to clear the screen before script execution to make sure there was no clutter that would confuse me when I looked at display results.

Cls

I added a processing loop to break down the Active Directory information into usable chunks. Prior to adding this loop, my script crashed because the machine on which I was running it ran out of memory trying to handle more than 600,000 records at once. Each item in the “targetou” section is an Active Directory organizational unit. Immediately below, you will see a line that outputs to the screen that OU is currently being processed. By displaying information at run-time, I know exactly where I am in a process.

foreach ($targetou in 'A','B','C','D','E','F','G','GUESTACCOUNTS','H','I','J','K','L','CONTRACTOR','M','N','O','P','Q','R','S','T',','U','V','W','X','Y','Z')
{
"Processing information for OU $targetou"

The $targetou variable above is the lowest point in the Active Directory hierarchy at which I worked. The $domainrootpath variable builds the full LDAP string to the OU against which the script was to run for each iteration.

$DomainRootPath='LDAP://OU='+$targetou+',OU=ORGUSER,DC=contoso,DC=com'

The next several lines create and populate an Active Directory searcher object in PowerShell.

$adsearch = New-Object DirectoryServices.DirectoryAdsearch([adsi]$DomainRootPath)

I limited the kinds of objects that would be returned. The line below limits results to user objects.

$adsearch.filter = "(objectclass=user)"

The PropertiesToLoad items below were necessary for the reporting task I had ahead of me. These lines modify the behavior of the Active Directory search by forcing it to return only what is specified rather than returning everything. Because of the size of the data set, I needed to limit the returned data to only what was essential.

$adsearch.PropertiesToLoad.AddRange(@("name"))
$adsearch.PropertiesToLoad.AddRange(@("lastLogon"))
$adsearch.PropertiesToLoad.AddRange(@("givenName"))
$adsearch.PropertiesToLoad.AddRange(@("SN"))
$adsearch.PropertiesToLoad.AddRange(@("DisplayName"))
$adsearch.PropertiesToLoad.AddRange(@("extensionAttribute1"))
$adsearch.PropertiesToLoad.AddRange(@("extensionAttribute2"))
$adsearch.PropertiesToLoad.AddRange(@("comment"))
$adsearch.PropertiesToLoad.AddRange(@("title"))
$adsearch.PropertiesToLoad.AddRange(@("mail"))
$adsearch.PropertiesToLoad.AddRange(@("userAccountControl"))
$adsearch.Container

This line executes the search based on the parameters specified above. For each iteration of the foreach loop, Active Directory will search the organizational unit for that loop and return all of the attributes specified above for each user account. The results of the execution will be stored in the variable named users. Unfortunately, as it exists, the information from this array can’t be simply written to a CSV file since that CSV file would contain only the Active Directory object name and an entry called “System.DirectoryServices.ResultPropertyCollection.” I needed to expand out and capture the individual Active Directory elements, which I do later in the script.

$users = $adsearch.findall()

As the script was running, I wanted to know how many objects were returned from each loop iteration, so I added the line below to show how many user accounts were being handled.

$users.Count

I initialized an array variable into which I’d write the individual Active Directory elements we wanted to capture.

$report = @()

I started another loop that executes for each Active Directory account for which we wanted to capture information.

foreach ($objResult in $users)
{

I needed to create a variable that houses the properties for an individual record. (There are other ways to do this, but I like to break things down to make them more readable.)

$objItem = $objResult.Properties

I created a new temporary object into which to write the various Active Directory attributes for this single record being processed in this processing iteration (remember, this is repeated for each record returned from Active Directory).

$temp = New-Object PSObject

For each individual Active Directory property that was returned from the Active Directory searcher, I added a named property to the temp variable for this loop iteration. Basically, this breaks out the single Active Directory record for a user into its individual components, such as name, title, email address, and so forth. (Case-sensitivity matters in this section.)

$temp | Add-Member NoteProperty name $($objitem.name)
$temp | Add-Member NoteProperty title $($objitem.title)
$temp | Add-Member NoteProperty mail $($objitem.mail)
$temp | Add-Member NoteProperty displayname $($objitem.displayname)
$temp | Add-Member NoteProperty extensionAttribute1 $($objitem.extensionattribute1)
$temp | Add-Member NoteProperty extensionAttribute2 $($objitem.extensionattribute2)
$temp | Add-Member NoteProperty givenname $($objitem.givenname)
$temp | Add-Member NoteProperty sn $($objitem.sn)
$temp | Add-Member NoteProperty useraccountcontrol $($objitem.useraccountcontrol)

I added the results of this individual record to the primary array into which we’re capturing the full results from the search for later export to CSV.

$report += $temp
}

This line creates the name of the file that will be written. I created a new file for each organizational unit processed.

$csvfile="AD-"+$targetou+".csv"

The line writes the entire file to disk and then notifies the user that processing for this OU has completed.

$report | export-csv -notypeinformation $csvfile
"Wrote file for $targetou"
}

Summary

For my purposes, this PowerShell script captured exactly the information that I needed, and I was able to complete my comparison task. If you know of a more elegant way to get this information, please post it in the discussion.

Posted in Computers and Internet | Leave a comment

Change Windows Explore Open Drives Instead of Library in Win 7

open properties of “windows explorer” change target to follow:

%SystemRoot%\explorer.exe /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Use some of the the Windows Explorer switches to open Explorer in the Folder View with the specific folder selected.

C:\WINDOWS\explorer.exe /e,/select,D:\folder\target

add the /root switch to make this the Root folder in the Folder pain

C:\WINDOWS\explorer.exe /e,/select,/root, D:\folder\target

http://support.microsoft.com/kb/152457

Posted in Computers and Internet | Leave a comment

Powershell Cheat Sheet

PowerShell is Microsoft’s replacement for cmd.exe, if you don’t have it yet, download it here.

PowerShell’s native commands are all based on a verb-noun syntax, for example, “get-childitem”.

Operation cmd PowerShell
Get a simple directory listing
dir
get-childitem
alias: dir
Get a recursive directory listing
dir /s
get-childitem -recurse
alias: dir -r
Get a wide directory list
dir /w
dir | format-wide
alias: dir | fw
List built-in commands
help
get-command

alias: help
Copy a file
copy foo.txt bar.txt
copy-item foo.txt bar.txt
alias: copy foo.txt bar.txt
Move a file
move foo.txt c:\
move-item foo.txt d:\
alias: move foo.txt d:\
Rename a file
ren foo.txt bar.txt
rename-item foo.txt bar.txt
alias: ren foo.txt bar.txt
Batch rename
ren *.one *.two
dir *.pdf | rename
  -newname {$_.name -rep ".one",".two"}
Set the current directory to d:\
d:
cd \
set-location d:\

alias: cd d:\
Clear the screen
cls
clear-host
alias: cls
List only directories
dir /ad
dir | where { $_.MshIsContainer }
Directory list, sorted by date
dir /od
dir | sort-object LastWriteTime
Directory list, sorted by date, descending order
dir /o-d
dir | sort-object LastWriteTime -desc
Show the current directory
cd
get-location
alias: pwd
See a command’s help
dir /?
get-help get-command
or: get-help get-command -detailed
or: get-help get-command -full
or: dir -?
List environment variables
set
dir env:
Delete a file
del foo.txt
remove-item foo.txt
alias: del foo.txt
Find all *.txt files
dir /s *.txt
get-childitem -recurse -include *.txt
alias: dir -r -i *.txt
Find all *.txt files containing a particular string
findstr "foo" *.txt
dir *.txt | select-string "foo"
Show a list of services
net start
get-service
Start a service
net start MyService
start-service MyService
Stop a service
net stop MyService
stop-service MyService
Show network shares
net share
gwmi Win32_Share
Show a list of running processes
tasklist
get-process alias: ps
Kill all notepad.exe processes
taskkill /im notepad.exe /f
ps notepad | kill

A few PowerShell commands that you can’t easily do with the standard Windows shell:

Operation PowerShell
Set the current directory to a UNC path
cd \\\\myserver\\\myshare
Get a list of event logs
get-eventlog -list
View entries in a particular event log
get-eventlog -newest 20 -logname System
Treat the registry like a filesystem
cd hkcu:
dir
Recursive directory, grouped by extension
dir -r | group extension
Search for a file containing a string, recursive
dir -r | select-string "foo"
List the 10 processes using the most memory
ps | sort -p ws | select -last 10
Count the results of a directory listing
(dir).count
Count the results of a directory listing
$f = Get-Content "myfile.txt"
foreach ($item in $f)
{do stuff with $item}

There’s a lot to PowerShell, and this only scratches the surface. This guide is meant to help you get going with some everyday commands, but be sure to read some of these great PowerShell blogs, and the PowerShell Script Center for more in-depth tips. (And here’s a good reference on PowerShell syntax).

 

Posted in Computers and Internet | Leave a comment

Proc to Rename a File

The calls to this routine are simple, it’s compiled to master but it could go anywhere, just change the prefix from sp_ !!!

The parameters are:

@Folder The folder where the file exists. REQUIRED.

@FileName The file to be renamed. REQUIRED.

@NewFileName The new file name. OPTIONAL – If not specified (NULL or empty / space) –

add a DateTime literal (_yyyymmddhhnnss) to the filename, as in filename.ext becomes filename_yyyymmddhhnnss.ext

@DateTimeType One of (not case sensitive): CREATED File Created DateTime, MODIFIED Modified DateTime, NULL / ” NULL or spaces. Value used to generate the DateTime literal for the default generated filename. OPTIONAL – If not specified (NULL or empty / space) – use GETDATE().

@Debug Switch to determine if debugging information should be output OPTIONAL – defaults to 0 (No).

An example of a call to this proc, to rename file ‘D:\SQL Log\Full Backups.log’ to ‘D:\SQL Log\Full Backups_200805010600.log’ (using the file creation date-time of 05/01/2008 06:00am)

EXECUTE .[sp_RenameFile]

@Folder = ‘D:\SQL Log\’

,@FileName = ‘Full Backups.log’

,@NewFileName = NULL

,@DateTimeType = ‘Created’

,@Debug = 0

Posted in Computers and Internet | Leave a comment

Ports DBA Need to Know

This list is about essential TCP/UDP port numbers that an administrator running SQL Server / Cluster requires to know when configuring the firewall or otherwise. It includes those used under OS, server-based programs & their subcomponents. Certainly do let me know for any corrections that I may have missed out.

Service

Type

Port#

Comments

Default Instance

TCP

1433 Official socket allocated by IANA to Ms for SQL Server, this can be changed to anything above 1024.
Named Instance TCP XXXXX As & what you assign in the dynamic port range. There have been changes since Win 6, see below for the available range.
DAC Default Instance

TCP

1434 Remote connections through DAC are disabled unless turned on manually. For named instance ports other than 1434 are used.
SQL Browser / SQL Server Resolution Protocol

UDP

1434 Used by an application level protocol SSRP on top of which the browser service runs.

It helps when connecting to non-hidden instances named instances. In such cases TCP port is dynamic (unless specified) & determined when the Database Engine starts. It’s not needed if all connections contain the port#. When uninstalling SQL 9.0 from a machine running SQL 8.0 check the existence of registry key IsListenerActive, because if it exists SSRP will fail to listen.

Denali Browser does not support sending information about SQL 8.0 instances.

Refer à http://msdn.microsoft.com/en-us/library/cc219750(v=PROT.10).aspx

DTS / SSIS 3882 Be cautious a malformed request to port 3882/tcp can cause DOS.

When communicating with remote SSIS port 135 is used & if it’s a SSIS package is running against a database server you need 1433 or as specified. Uses msdts1 protocol for service type msdts1.

SSAS TCP 2393, 2394, 2725 OLAP Services 7.0 used TCP ports 2393 & 2394. Though Ms has reserved UDP ports 2393 & 2394 those are not used by OLAP Services. Analysis Services uses TCP port 2725. For backward compatibility, Analysis Services uses TCP ports 2393 & 2394 when connected with an OLAP Services 7.0 client.
SSAS

TCP

2383 Standard port for the default instance of Analysis Services. User configurable;
Browser SSAS

TCP

2382 Client connection requests for a named instance of Analysis Services that do not specify a port number are directed to SQL Server Browser.
RDP

TCP

3389 Providing the remote desktop to a client or VDI keep your eyes open because the default encryption certificate (RSA pk stored in mstlsapi.dll), is there with widows base install. A Man-in-the-Middle (MITM) attack can intercept the exchange of RDP encryption information. Check here for safety ribbons secure RDP using Transport Layer Security http://technet.microsoft.com/en-us/library/cc782610%28WS.10%29.aspx

For 6.0 Network Level Authentication offers much stronger protection http://blogs.technet.com/askperf/archive/2008/02/16/ws2008-network-level-authentication-and-encryption.aspx

Dynamic Port Range To comply with Internet Assigned Numbers Authority recommendations, Ms has increased the dynamic client port range for outgoing connections. Since the release of Win 6.0 new default port range is 49152 – 65535 which was earlier 1025 through 5000.
Service Broker User configurable; there is no default port. BOL conventional configuration uses TCP 4022.
SSL

TCP

443 When used with HTTP forming HTTPS, it provides an encrypted communication channel.
HTTP endpoint Used when connecting through a url, this is user configurable; this can be customized while creating an endpoint. Port 80 for CLEAR_PORT traffic & 443 for SSL_PORT traffic.
HTTPS endpoint

TCP

443 Default instance running over an HTTPS endpoint, used for a connection through url which used SSL.
iSCSI 3260, 860
SQL Agent File Copy 135 Agent to copy backup files to the shared folder on the standby server.
137, 138, 139, 445 File copy on UNC shares.
SQL Debugger

TCP

135 Exception for IPsec traffic might also require you to set an inbound rule for 500 & 4500 if IPsec is used for network communication.

After opening port 135 include the applications Visual Studio à Devenv.exe / Management Studio à ssms.exe.

Database Mirroring User configurable; there is no default port. While setting multiple instances be cautious to not to break the quorum. BOL conventional configuration uses TCP 7022.
Replication TCP 1433 For push transactional replication a working 1433 between distributor & subscriber is all you need, however in pull subscriptions few other ports are needed; when you launch an initialization of a subscriber SQL uses the windows default port 445 for mapped drives to copy down scripts.

FTP (21) can be used initially to transfer schema & data over the internet; it can also use HTTP (80) or File & Print Sharing (ports 137,138, 139).

You can put merge replication to use WEB synchronization using port 80 or encrypted 443. Replication uses the IIS endpoint, when syncing over HTTP (80 by default but configurable), however IIS process connects to SQL Server through standard ports.

Keep in mind when synchronizing over the Web using FTP, there is no transfer between subscriber & IIS, it’s all amid IIS & the publisher.

Cluster Service

UDP

3343 Cluster services control & manage the cluster database. Like the Heartbeat process – Cluster network driver (Clusnet.sys) performs intra-node communication between each node of the cluster by periodically exchanging sequenced, unicast/multicast UDP datagrams in the cluster. This determines whether all nodes are running correctly & network links are healthy. Generally this does not happens over the public network.

There are cases when the range of random available IP ports that the cluster service uses to initiate communication through RPCs is less than 100 ports & connection to the Cluster Admin fails (refer to 154596(http://support.microsoft.com/kb/154596/ ) ).

RPC – 135 / Cluster Network Drv – 3343 / SMB – 445 / NetBIOS – 139 / RPC 5000-5099 / 8011-8031

  • 135 (RPC endpoint mapper/DCOM), (RPC endpoint mapper over UDP).
  • For nodes running multiple services, ports 5000-5099 (or more) may be needed for remote RPC connectivity. If closed, error 1721 might occur when you connect to a remote cluster.Cluster service requires at least 100 ports for communication through RPC. Count of ports available may get too low when other services like DNS, WINS, Ms SQL Server service & others are using some of the necessary ports.
  • Ports 8011-8031 must be open for internode RPC connectivity or the cluster log will indicate that a SPONSOR is not available. Again these errors occur because there are not enough ports available for RPC communication between a node trying to join the cluster & a node that can sponsor the new node.
Cluster Admin

UDP

137
Random Ports UDP Check dynamic port range
RPC

TCP

135
Filestream 139 & 445.
SSIS TCP 135 DCOM
WMI TCP 135 Used by SSCM, it runs over DCOM (aka Network OLE) when accessing remote data. After initial connection DCOM randomly assigns a port for further communication where some tools may require a TCP port > 1024 (aka TCP high port) opened on the remote host.
IPsec traffic UDP 500 & 4500 Should be set to allow ISAKMP traffic to be forwarded for both inbound & outbound filters.
MsDTC RPC Since NT 4, MSDTC has been performing as the transaction coordinator for components with COM & .NET architectures. Connected resources can be databases, message queues or file systems which may be distributed. Messages are sent on TCP 135 while the responses are on a dynamically assigned port.

In the end you may like to check these for further reading & detailed references for the above.

How to capture network traffic with Network Monitor KB 148942

Basics of Reading TCP/IP Traces KB 169292

Service overview & network port requirements for Windows Server system KB 832017

How to configure RPC dynamic port allocation to work with firewalls KB 154596

TCP Ports Needed for Communication to SQL Server through a Firewall KB 287932

Additionally check this for the loose vines you might don’t know that you have.

SELECT name, protocol_desc, port, state_desc, type_desc FROM sys.tcp_endpoints

Posted in Computers and Internet | Leave a comment

mount iSCSI from command line

You can use the iscsicli command-line interface to manage iSCSI. The first thing you need to do is enable iSCSI service and set it to start automatically, as you’ll see in the following code and corresponding output. The first command I entered was:

Users\john>sc config msiscsi start= auto

The output was:

[SC] ChangeServiceConfig SUCCESS

Then I entered:

Users\john>net start msiscsi

The output was:

The Microsoft iSCSI Initiator Service service is starting.
The Microsoft iSCSI Initiator Service service was started successfully.

Then, you use the Iscsicli command-line interface to connect to an iSCSI Target and list the available targets. The command I entered was:

Users\john>iscsicli QAddTargetPortal 192.168.1.31

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 
The operation completed successfully.

Next I entered:

Users\john>iscsicli ListTargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

Targets List:
quorum
data
The operation completed successfully.

You can then connect to a target using the following code as an example:

Users\john>iscsicli qlogintarget data

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 
Session Id is 0xfffffa800626e018-0x4000013700000006
Connection Id is 0xfffffa800626e018-0x5
The operation completed successfully.

The following code checked to make sure the operation was successful:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

Total of 1 mappings returned
Session Id : fffffa800626e018-4000013700000006
Target Name : data
Initiator : Root\ISCSIPRT000_0
Initiator Scsi Device : \\.\Scsi4:
Initiator Bus : 0
Initiator Target Id : 0
Target Lun: 0x0 <–> OS Lun: 0x0

The operation completed successfully.

You log out by using the logouttarget switch with the session ID, as the following sample code shows:

Users\john>iscsicli logouttarget fffffa800626e018-4000013700000006

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

The operation completed successfully.

To confirm the operation was successful, I entered the following code:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

No Mappings
The operation completed successfully.

The mappings obtained through the qlogintarget command aren’t persistent and will be lost at reboot. If you want a persistent connection, use the perssitenlogintarget switch, as the following code shows:

Users\john>iscsicli persistentlogintarget data T * * * * * * * * * * * * * * * 0

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

The operation completed successfully.

To confirm that the operation was successful, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

Total of 1 peristent targets
Target Name : data
Address and Socket : 192.168.1.31 3260
Session Type : Data
Initiator Name : Root\ISCSIPRT000_0
Port Number :
++Security Flags : 0x0
++Version : 0
++Information Specified: 0x20
++Login Flags : 0x8
++Username :

The operation completed successfully.

Entering T * * * * * * * * * * * * * * * 0 specifies all the required switches. To remove a persistent target, apply the information obtained from the listpersistentargets command, using the following code as an example:

Users\john>iscsicli removepersistenttarget Root\ISCSIPRT000_0 data * 192.168.1.31 3260

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000

The operation completed successfully.

To confirm the success of the operation, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 
Total of 0 peristent targets
The operation completed successfully.

You’ll notice that I passed the initiator name first, then the target name, the port number (which is *), and last of all the iSCSI target server IP address and socket.

Posted in VMWare | Leave a comment

IPv6 Address Space

The IPv6 Address Space

The most obvious difference between the two protocols is the length of their source and destination addresses. The whole point of making the switch to IPv6 is to compensate for a global shortage of IP addresses. It only makes sense that the IPv6 protocol has a larger address space than the IPv4 protocol does.

The IPv4 protocol uses a 32-bit source and destination address. These addresses are typically represented as a series of four octets. As I’m sure you know, a typical IPv4 address looks something like this: 192.168.0.1.

In contrast, an IPv6 address is 128 bits in length. This allows for a total of 3.4×1038 (or 340,000,000,000,000,000,000,000,000,000,000,000,000)  addresses. There are several different ways of representing an IPv6 address. An IPv6 address is normally written as eight groups of four hexadecimal digits, each separated by colons. For example, an IPv6 address looks like this: 2001:0f68:0000:0000:0000:0000:1986:69af.

You might be looking at the sample address listed above and thinking that typing an IPv6 address involves a lot of effort. Fortunately, IPv6 addresses can be shortened by eliminating zeros. There are two rules that must be followed when condensing an IPv6 address. First, a series of four consecutive zeros can be replaced by two colons, so long as there is only one set of double colons in the resulting address. Using this rule alone, our sample address from above could be condensed to look like this: 2001:0f68::0000:0000:0000:1986:69af

In the example above, we were only able to eliminate one block of zeros because the rule says that there can only be a single set of double colons in an address. Obviously, the sample address above is still a lot to type. Fortunately, the second rule will allow us to make this address a lot shorter. The second rule states that leading zeros in a group can be omitted. What this means is that if a block of four numbers starts with a zero, zero can be removed leaving three numbers in the block. If that three digit block of numbers happens to start with a zero, then the zero can be removed again. The process goes on and on so long as there is a zero in the left-hand position in a block. It’s a little tricky to try to explain the process, so I will demonstrate it below. I will start with our original sample address and then work toward condensing that address.

2001:0f68:0000:0000:0000:0000:1986:69af
2001:f68:000:000:000:000:1986:69af
2001:f68:00:00:00:00:1986:69af
2001:f68:0:0:0:0:1986:69af
2001:f68::1986:69af

Notice that in each line, I simply stripped away the leading zero from each section. Since there were several sections containing all zeros, I was able to completely remove the sections and replace them with a double colon. This was only possible because the sections containing all zeros were found in a row. If the sections of zeros had been scattered, then only one set of zeros could have been completely eliminated (because you are only allowed a single set of double colons). All the other sets of zeros would have to be represented as a single zero.

Using IPv6 Addresses in URLs

Although DNS servers make it possible to access a website by using a fully qualified domain name rather than an IP address, it is still a somewhat standard practice to enter an IP address as a part of a URL. For example, my personal website uses the URL http://www.brienposey.com, which corresponds to the IP address 24.235.10.4. It would be possible to access my website by entering the following URL: http://24.235.10.4

Most casual Web surfers do not make a habit of entering IP addresses in place of fully qualified domain names. Even so, the practice does exist. This is especially true for private Web applications. Not associating a fully qualified domain name with an application makes it a lot less likely for an unauthorized person to stumble onto the application accidentally.

When an IP address is used in place of a fully qualified domain name, a port number is sometimes specified as part of the address. If you simply enter HTTP:// followed by an address, then your Web browser assumes that you want to use port number 80. However, you can specify any port that you want by appending a colon and the port number to the end of the address. For example, if you wanted to access the http://www.brienposey.com website by IP address, and specifically require a port 80 to be used, then the command would look like this: http://24.235.10.4:80

 The IPv6 protocol can also be used as a part of a URL. If you pay attention to the IPv6 format, you’ll notice that an IPv6 address contains a lot of colons. This poses a bit of a problem since your Web browser typically treats anything after a colon as a port number. That being the case, IPv6 addresses are enclosed in brackets when they are used as a part of a URL. For example, if you were to use our sample IPv6 address in a URL, it would look something like this:

HTTP://[ 2001:0f68:0000:0000:0000:0000:1986:69af]/

Just as you can specify a port number alongside an IPv4 address, you can also specify a port number when using an IPv6 address. The port number follows the exact same format as it does when IPv4 is being used, and falls outside of the brackets. For example, if you were wanting to access the website at our sample IPv6 address over port 80, the URL would look something like this:

HTTP://[ 2001:0f68:0000:0000:0000:0000:1986:69af]:80/

Notice that the port number, in this case 80, falls between the close bracket and the ending slash. A colon is also used to designate the port number, just as it is in the IPv4 protocol.

If you’re familiar with IPv4, then you know that an IPv4 address consists of four different octets of data, each separated by a period. Part of this address is the network number and the remaining bits identify a specific host on the network. The actual number of bits that are dedicated to the network number and to the host number vary depending on the subnet mask.

Just as an IPv4 address is broken into different parts, so is an IPv6 address. In the previous article, you learned that IPv6 addresses are 128 bytes in length. When an IPv6 address is written in its full form, it is expressed as eight different sets of four numbers, each set separated by a colon. Each of these four digit sets represents 16 bits of data. Each of these 16 bit fields has its own specific purpose.

An IPv6 address is broken into three different parts; the site prefix, the subnet ID, and the interface ID. These three components are identified by the position of the bits within the address. The first three fields in an IPv6 address make up the site prefix. The next field represents the subnet ID, and the last four fields are used for the interface ID.

The site prefix is similar to an IPv4 network number. It is the number that is assigned to your site by an ISP. Typically, all of the computers within a site would share the same site prefix. The site prefix tends to the public in nature since that uniquely identifies your network and allows your network to be accessible from the Internet.

Unlike the site prefix, the subnet ID is private because it is internal to your network. The subnet ID describes the network’s site topology. The subnet ID works very similarly to the way that subnetting works in the IPv4 protocol. The biggest differences are that these subnets can be 16 bytes in length, and is expressed in hexadecimal format rather than in dotted decimal notation. An IPv6 subnet typically corresponds to a single network branch (site) just as an IPv4 subnet does.

The interface ID works similarly to an IPv4 host ID. This number uniquely identifies an individual host on your network. The interface ID (which is sometimes referred to as a token) is typically configured automatically based on the network interface’s MAC address. The interface ID can be manually configured in EUI-64 format.

To see how an IPv6 address is divided into its various subcomponents, take a look at the following address:

2001:0f68:0000:0000:0000:0000:1986:69af

The site prefix portion of this address would be: 2001:0f68:0000. The next field, 0000, represents the subnet ID. The remaining bytes (0000:0000:1986:69af) compose the interface ID.

Typically when a prefix is expressed, it is written in a special format. Zeros are suppressed in the manner explained in the previous article, and the prefixes followed by a slash and another number. The number after the slash indicates the number of bits included in the prefix. In my earlier example, I mentioned that the site prefix for the address 2001:0f68:0000:0000:0000:0000:1986:69af was 2001:0f68:0000. Since this prefix is 48 bits in length, we would add a /48 to the end of it to express it properly. With the zeros suppressed, a prefix looks like this: 2001:f68::/48

Types of IPv6 Addresses

Another thing that is unique about the IPv6 protocol is that there are actually three different types of IPv6 addresses; unicast, multicast, and anycast.

Unicast addresses are used to identify an individual host on a network. Multicast addresses, on the other hand, identify a group of network interfaces that typically reside on multiple computers. When a packet of data is sent to a multicast address, that packet is sent to all network interfaces in the multicast group.

Like multicast addresses, anycast addresses identify a specific group of network interfaces that usually reside on multiple computers. So what makes an anycast route different from a multicast group? When packets are sent to a multicast address, they are sent to all of the network interfaces in the group. In contrast, when packets of data are sent to an anycast address, the packets are not sent to the entire group. Instead, they are only sent to the member that is in the closest physical proximity to the sender.

Unicast Addresses

Earlier, when I showed you the format of an IPv6 address and what the various bit positions were used for, I was showing you an example of a unicast address. There are actually two different types of unicast addresses; global unicast addresses and link local unicast addresses. As the names imply, a global unicast address is globally accessible, while a link local unicast address is accessible only to other computers that share the link. The IP address format that I showed you earlier was that of a global unicast address. I chose to talk about this type of address because it is the most common.

Link local unicast addresses used a different address format from global unicast addresses. Like global unicast addresses, link local unicast addresses are also 128 bytes in length. The difference is that the bytes are distributed differently and the address uses a special site prefix.

In a link local unicast address, a site prefix occupies the first 10 bits of the address rather than the first 48 bits, as is the case with a global unicast address. The site prefix used by a link local unicast address is: fe80.

Since the site prefix space has been shortened (compared with a global unicast address), you may not be surprised to learn that the amount of space allocated to the subnet ID has been extended from 16 bits to 64 bits. What might surprise you is that these 64 bits are not actually used. Keep in mind that a link local IP address is only valid for machines sharing a common link. As such, there is no reason to have a subnet ID. The 64 bits of the address space that are reserved for the subnet ID are therefore expressed as zeros.

The interface ID for a link local unicast address is 54 bits in length. The interface ID is almost always derived from the 48 bit MAC address assigned to the network interface card to which the protocol is bound. Below is an example of a link local unicast address:

Fe80:0000:0000:0000:0000:0000:23a1:b152

Of course when IPv6 addresses are written out they are usually expressed with leading zeros suppressed. Therefore, the more technically correct expression of this address is:

Fe80::23a1:b152

When the addresses expressed are with zeros suppressed, the address might at first look like any other IPv6 address. Remember that you can tell the difference between a link local unicast address and other types of addresses because a link local unicast address will always began with fe80.

When a packet of data is sent to a multicast address, that packet is sent to all network interfaces in the multicast group. Like multicast addresses, anycast addresses identify a specific group of network interfaces that usually reside on multiple computers. The difference is that when packets are sent to a multicast address, they are sent to all of the network interfaces in the group. In contrast, when packets of data are sent to an anycast address, the packets are not sent to the entire group. Instead, they are only sent to the member that is in the closest physical proximity to the sender.

As you can see, there are at least some similarities between multicast and anycast addresses. In this article, I will conclude this series by discussing multicast and anycast addresses in more detail.

Multicast Addresses

As I explained earlier, multicast addresses are used to identify a group of network interfaces, known as a multicast group. These network interfaces are typically located on multiple computers, but this isn’t an absolute requirement. Multicast addresses are used to send information to any network interface that is defined as belonging to the multicast group.

One of the most interesting things about multicast addresses is that they are not mutually exclusive. Just because a network interface has a multicast address does not mean that the machine can not also have a unicast address or belong to other multicast groups. It is actually very common for a network interface to have a unicast address and to also be a member of multiple multicast groups. In fact, some operating systems add a computer’s network adapter to various multicast groups at the time that the network adapter’s unicast address is defined. For example, the Solaris operating system automatically adds network adapters to the Solicited Node and the All Nodes (or All Routers) multicast groups. In case you are unfamiliar with Solaris, the Solicited Node group is used for discovering other IPv6 enabled devices on the network. Windows Vista relies on a similar function.

Now that I have explained what multicast addresses are used for, I want to talk about what a multicast address looks like. Although an IPv6 address is 128 bits in length, it’s the first eight bits of the address that define an address as being a multicast address. Every multicast address uses a format prefix of 1111 1111. When expressed in colon hexadecimal notation a multicast address will always begin with FF.

The next four bits in a multicast address are known as flag bits. At the present time, the first three of these four bits are unused (and are therefore set to 0). The fourth flag bit is known as the transient bit. Its job is to express whether the address is a permanent or a temporary address. If the address is permanently assigned, this bit is set to 0, otherwise it is set to 1 to indicate that the address is transient (temporary).

The next four bits in a multicast address are known as the Scope ID bits. The amount of space reserved for the scope ID bits is 4 bits in length, which means that there are 16 different possible values. Although not all 16 available values are used at the present time, seven of these values are used to determine the address’ scope. For example, if an address has a global scope, then the address is valid across the entire Internet. The currently used scope ID bits are:

Decimal value          Binary Value              Address Scope

0                                  0000                            Reserved

1                                  0001                            Node-Local Scope

2                                  0010                            Link Local Scope

5                                  0101                            Site Local Scope

8                                  1000                            Organization Local Scope

14                                1110                            Global Scope

15                                1111                            Reserved

The remaining 112 bits make up the group ID. The group ID’s size allows multicast addresses to consume 1/256th of the total IPv6 address space.

To put this addressing scheme into prospective, I want to show you a few commonly used multicast addresses:

FF0x0:0:0:0:0:1
This is a multicast to all nodes. You might have noticed the X in the address, which is not a valid hexadecimal character. The X is a placeholder for the scope. This particular address can use the node local scope (FF01:0:0:0:0:0:1) or the link local scope (FF02:0:0:0:0:0:1).

FF0x:0:0:0:0:0:2
This multicast address is assigned to all routers within the defined scope. Again, the X in the address acts as a placeholder for the scope. Valid scopes are node local (FF01:0:0:0:0:0:2), Link Local (FF02:0:0:0:0:0:2), and site local (FF05:0:0:0:0:0:2).

Anycast Addresses

If you have some experience working with the IPv4 protocol, then you probably know that the concepts of unicast and multicast exist with the IPv4 protocol, although they are implemented differently. Anycast however, is unique to IPv6. Anycast works like a combination of unicast and multicast addresses. A unicast address is used to send data to one specific recipient, a multicast address is used to send data to a group of recipients, but an anycast address is used to send data to one specific recipient out of a group of recipients.

In case you are wondering, anycast was created as a way of making load balancing easier. Imagine a situation in which you need to provide a large number of users with access to either a service or to a router. In a situation like this, it often makes sense to use multiple servers to host the service that is being provided, or to use multiple routers, whichever the case may be. The reason is because doing so allows you to distribute the heavy workload among multiple devices so that no one single device is overwhelmed.

This type of load balancing is difficult to achieve using IPv4 (although it has been done). Using anycast addresses with IPv6 is an absolutely perfect solution to the need for load balancing. Think about it for a minute. You need to send a user request to one of many devices. You don’t really care which of the designated devices handles the request, as long as the request is taken care of. By using anycast addresses, each request is automatically sent to the device that is in the closest geographic proximity to the computer that is making the request. In certain situations, anycast can even be used to provide fault tolerance should a router fail. The failure can be detected, and requests can be redirected to the next closest router.

The most bizarre thing about anycast addresses is that there is no special addressing scheme. So far in this article series, you have seen that there are all sorts of rules governing the use and structure of unicast and multicast addresses. This simply isn’t the case with an anycast address. All you have to do to create an anycast address is to assign the same unicast address to multiple hosts. In doing so, the unicast address becomes an anycast address.

Posted in Computers and Internet | Leave a comment

Disable SMB 1.0

The Server Message Protocol (SMB) is the file sharing protocol used by default on Windows-based computers.  Although file sharing and network protocols are primarily supported by our Networking team, it is important to understand how SMB works given its importance to network activities.  SMB 2.0 was introduced in Windows Vista and Windows Server 2008.  SMB 1.0 was designed for early Windows network operating systems such as Microsoft LAN Manager and Windows for Workgroups.  SMB 2.0 is designed for the needs of the next generation of file servers.  Both Windows Server 2008 and Windows Vista support SMB 1.0 and SMB 2.0.

There are several enhancements in SMB 2.0, including:

  • Sending multiple SMB commands in the same packet which reduces the number of packets sent between a client and server
  • Larger buffer sizes
  • Increased scalability, including an increase in the number of concurrent open file handles on the server and the number of shares that a server can share out
  • Support for Durable Handles that can withstand short network problems
  • Support of Symbolic Links

The version of SMB used for file sharing is determined during the SMB session negotiation.  If both the client and server support SMB 2.0, then SMB 2.0 is selected during the initial negotiation.  Otherwise SMB 1.0 preserving backwards compatibility.  The table below shows the version of SMB that will be used in different client / server scenarios:

Client Server SMB Version
Windows Server 2008 / Vista Windows Server 2008 / Vista SMB 2.0
Windows Server 2008 / Vista Windows 2000, XP, 2003 SMB 1.0
Windows 2000, XP, 2003 Windows Server 2008 / Vista SMB 1.0
Windows 2000, XP, 2003 Windows 2000, XP, 2003 SMB 1.0

Both SMB 1.0 and 2.0 are enabled by default on Windows Vista and Windows Server 2008.  In some testing and troubleshooting scenarios it may be necessary to disable either SMB 1.0 or SMB 2.0.  However, it should be noted that this is not a recommended practice.  To disable SMB 1.0 for Windows Vista or Windows Server 2008 systems that are the “client” systems (accessing the network resources), run the following commands:

sc config lanmanworkstation depend= bowser/mrxsmb20/nsi 
sc config mrxsmb10 start= disabled

To disable SMB 1.0 on a Windows Vista or Windows Server 2008 system that is acting as the “server” system (hosting the network resources), a registry modification is required.  Navigate to the HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters key.  If there is no REG_DWORD value named Smb1, you will need to create it.  This value does not exist by default.  Once the value is created, set the value to 0 to disable SMB 1.0 or 1 to enable SMB 1.0.

Finally, to disable SMB 2.0 on Windows Vista or Windows Server 2008 systems that are acting as the “server”, navigate to the registry key listed above.  Instead of creating the Smb1 REG_DWORD value, you would create a REG_DWORD value called Smb2.  Set the value to 0 to disable SMB 2.0 and 1 to enable SMB 2.0.

Posted in Computers and Internet | Leave a comment

DFS slow in Win2008

DFS namespace link name was the same as the share name so when DFS fowarded the referral request it ended up back at the DFS namespace again instead of the computers share.

This issue was only found with 2008 as the DFS client works differently to 2003.

Solution is to either recreate the dfs namespace links with different names.  Change the share names and recreate dfs namespace links add a second name to the share and recreate dfs namespace links <- this is the method I’m taking to minimize disruption

Posted in Computers and Internet | Leave a comment