Home » Posts tagged 'sysadmin'

Tag Archives: sysadmin

VMware Networking Issues with Windows 7

If you need a Firewall between the physical host and its guest virtual machines, this workaround is not for you.

The problem is that on Windows 7 (x86/x64) the VMware virtual adapters and subnets are found and reported as “Unidentified Network”. This means that the built-in Windows Firewall can only treat the VMware networks, and thus the guest VMs, as type Public.

When the network type is set to Public, the Windows Firewall by default blocks Microsoft File & Print, and other most other network traffic, which effectively prevents useful direct communication between the physical host and its VM guests. You might, if allowed, disable the Firewall or configure exception rules for the VMware virtual subnets and/or hosts. Disabling the Firewall for all public networks is a bad security practice and managing the Windows Firewall is a tedious task that still leaves potential security holes.

Below are the instructions from the VMware Knowledge Base Article 1004813 that I used to change the VMware virtual network adapters to be endpoints. Endpoints do not show up in the “Network and Sharing Center” are also excluded from control of the Windows Firewall. This makes it easier to manage the Firewall rules and Home, Work, and Public network types for real, physical adapters.

This work around solution can be used until VMware updates their networking technology to meet current operating systems standards.

# VMware KB Article: 1004813
# Updated: Apr 29, 2010

Redefine the VMware virtual NICs as endpoint devices

This procedure is permanent and allows for the continued use of Bridged, NAT, and Host Only networking. However, doing this causes the VMware virtual NICs to disappear from the Network and Sharing Center, even though they remain visible under Network Connections. This also causes the VMware virtual NICs to be exempt from all Windows Firewall access rules. When implemented, the control of virtual machine network access must be done from the guest operating system of each virtual machine. This bypasses the default security model of Windows Vista with respect to the the VMware virtual NICs, and the implications of using this procedure must be carefully considered.

To redefine the VMware virtual NICs as endpoint devices:

  1. Click Start > Run.
  2. Type regedit and click OK.
  3. Double-click HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Class>{4D36E972-E325-11CE-BFC1-08002BE10318}.
    Caution: VMware recommends that you back up this registry key before proceeding:
    1. If {4D36E972-E325-11CE-BFC1-08002BE10318} is not still highlighted, click it.
    2. Click File > Export.
    3. Pick a location and name for the Registration File (*.reg).
    4. Click Save.
  4. Click 0000.
  5. Look at the content of the Data field associated with the DriverDesc entry.
  6. If you see VMware Virtual Ethernet Adapter for VMnetx , where x is replaced by a number, then:
    1. Right-click an empty space in the right content pane.
    2. Click New > Dword.
    3. Type *NdisDeviceType
      and press Enter.
      Note: Ensure to include the asterisk (*) at the beginning of the entry.
    4. Double-click *NdisDeviceType.
    5. Type 1 and press Enter.
  7. Repeat steps 4-6, replacing 0000 in step 4 with the next entry in numerical order, until you have reached the end of all numerical entries.
  8. Follow the Disable the VMware virtual NICs section of this article above.
  9. Repeat step 8 but click Enable this network device instead.

Reduce SQL Log and TempDB File Sizes

Shrink the TempDB:
use tempdb
-- this command shrinks the primary data file
dbcc shrinkfile (tempdev, 'target size in MB')
-- this command shrinks the log file, look at the last paragraph.
dbcc shrinkfile (templog, 'target size in MB')

Shrink Log File:

Examples of AD from the Command-line

User Information
Find DN of Currently Logged On User

Paste code as is:

dsquery * domainroot -filter “(samAccountName=%USERNAME%)”

Find User With Primary Email Address

Retrieve user object matching given address as primary SMTP e-mail.


dsquery * domainroot -filter “(&(objectClass=User) (mail=))” -l -d -attr *


dsquery * domainroot -filter “(&(objectClass=User) (mail=John.Doe@mydom.com))” -l -d mydom.local -attr *

Find User With Any Email Address

Retrieve user object matching any assigned e-mail address.


dsquery * domainroot -filter “(&(objectClass=User) (proxyAddresses=**))” -l -d -attr *


dsquery * domainroot -filter “(&(objectClass=User) (proxyAddresses=*John.Doe@mydom.com*))” -l -d mydom.local -attr *

Find Email of User when DN is Known

Retrieve user object matching given DN and show primary SMTP e-mail address.


dsquery * domainroot -filter “(distinguishedName=)” -d -l -attr mail


dsquery * domainroot -filter “(distinguishedName=CN=Kerekes\, Charlie,OU=Knoxville,DC=mydom,DC=local)” -d mydom.local -l -attr mail

Find Hidden GAL Recipients

Retrieve all user objects that are hidden from the Global Address List in Exchange.


dsquery * domainroot -filter “(&(objectClass=User) (msExchHideFromAddressLists=TRUE))” -l -d -attr displayName


dsquery * domainroot -filter “(&(objectClass=User) (msExchHideFromAddressLists=TRUE))” -l -d mydom.local -attr displayName

Users With Password Set to Never Expire

Retrieve list of users with the “Password never expires” attribute set.


dsquery * domainroot -filter “(&(objectClass=user) (userAccountControl>=65536))” -attr sAMAccountName userPrincipalName userAccountControl -d


dsquery * domainroot -filter “(&(objectClass=user) (userAccountControl>=65536))” -attr sAMAccountName userPrincipalName userAccountControl -d mydom.local

Group Information
List Members of a Group

Querying AD for group membership is a multi-step process. The reason is that AD stores group membership in two places. The first place is the most obvious—in the member attribute of the group object. The second is not as obvious—as an integer value in the primaryGroupID attribute of user objects.

For most scenarios, querying the member attribute of group objects will provide a complete list of members. However, if the group in question is set as a default group for any user object, that user will not be listed in the member attribute.

Query the Group’s “Member” Attribute

The sample below lists all members stored in the member attribute of the group. If this query is not showing all members, you will need to perform the queries in the next section as well.


dsquery * domainroot -filter “(&(objectClass=group)(name=))” -l -d -attr member


dsquery * domainroot -filter “(&(objectClass=group)(name=Help Desk Associates))” -l -d mydom.local -attr member

Query the User’s “primaryGroupID” Attribute

First, we determine the primary group ID for the group in question. We do this by finding the SID of the group object; the last segment of the SID is used as the primary group ID.


dsquery * domainroot -filter “(&(objectClass=group)(name=))” -l -d -attr objectSid


dsquery * domainroot -filter “(&(objectClass=group)(name=Help Desk Associates))” -l -d mydom.local -attr objectSid

The above query will produce an output similar to this:


Now we are ready to find all user objects that have the above group set as their default.


dsquery * domainroot -filter “(&(objectClass=user)(primaryGroupID=))” -l -d -attr cn


dsquery * domainroot -filter “(&(objectClass=user)(primaryGroupID=1169))” -l -d mydom.local -attr cn

List Group Members with Additional User Attributes

If we want more than the DN of group members, we need to use a FOR statement to first generate the list of members, then query each member object for the desired attributes.

Please be aware that the example below queries only the member attribute of the group and will miss any user objects with this group as their default. See the above section for details about the primaryGroupID attribute.


for /F “delims=*” %i IN (‘dsquery * domainroot -filter “(&(objectClass=group)(name=))” -l -d -attr member’) DO @dsquery * domainroot -filter “(distinguishedName=%i)” -attr


for /F “delims=*” %i IN (‘dsquery * domainroot -filter “(&(objectClass=group)(name=Help Desk Associates))” -l -d mydom.local -attr member’) DO @dsquery * domainroot -filter “(distinguishedName=%i)” -attr displayName samAccountName mail

Computer Information
List All Computer Objects


dsquery * domainroot -filter “(objectClass=Computer)” -attr name -l -d


dsquery * domainroot -filter “(objectClass=Computer)” -attr name -l -d mydom.local

List Computer Objects in a Specific OU

This example lists all computer objects stored in the mydom.local/Servers/Exchange OU.


dsquery * “” -filter “(objectClass=Computer)” -attr name -l -d


dsquery * “ou=Exchange,ou=Servers,dc=mydom,dc=local” -filter “(objectClass=Computer)” -attr name -l -d mydom.local

List All Domain Controllers


dsquery * “ou=domain controllers,

” -filter “(objectClass=Computer)” -attr name -l -d


dsquery * “ou=domain controllers,dc=mydom,dc=local” -filter “(objectClass=Computer)” -attr name -l -d mydom.local

Find DN of Computer Object in Current Domain

The DN contains the full directory path of the computer object and can be helpful in locating the computer using the GUI tools in a complex AD structure.


dsquery * domainroot -filter “(&(objectClass=Computer) (name=))”


dsquery * domainroot -filter “(&(objectClass=Computer) (name=exch19))”

MS SQL Server Version

A select statement that returns the Version, Service Pack Level, and Edition information: (MS SQL 2000 and above)

SELECT @@VERSION as 'MS SQL', SERVERPROPERTY('productversion') as 'Version', SERVERPROPERTY ('productlevel') as 'Level', SERVERPROPERTY ('edition') as 'Edition'

For MS SQL 7.0 and earlier use:


See Microsoft Knowledge Base KB321185 for more information.

Disable Driver Signing in Windows 7

I have not tried this in Win7x64, but in Win7 32-bit (x86) it works to disable the signed driver requirements in Windows 7.

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON

Please note that changing Driver Sign may be a security risk. I in no way endorse or recommend that this should be used by anyone who does not understand the risks involved.

Remote Desktop Settings

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]

wmic /node:”” /USER:”” RDTOGGLE WHERE ServerName=”” CALL SetAllowTSConnections 1

Manageing Window Data Execution Prevention

Command Line

Disable DEP
bcdedit.exe/set {current} nx AlwaysOff


Enable DEP
Enable DEP bcdedit.exe/set {current} nx AlwaysOn


Control Panel\All Control Panel Items\System –> Advanced system properties –> Performance | Settings… –> Data Execution Prevention


WinRM & WinRS multi-hop

Multi-Hop Support in WinRM

Windows Remote Management (WinRM) supports the delegation of user credentials across multiple remote computers. The multi-hop support functionality can now use Credential Security Service Provider (CredSSP) for authentication. CredSSP enables an application to delegate the user’s credentials from the client computer to the target server. CredSSP authentication is intended for environments where Kerberos delegation cannot be used. ***Support for CredSSP was added to allow a user to connect to a remote server and have the ability to access a second-hop machine, such as a file share. ***

To configure multi-hop support using CredSSP authentication for WinRM

CredSSP must be enabled in the client configuration settings.
winrm set winrm/config/client/auth '@{CredSSP="true"}'

CredSSP must be enabled in the WinRM service configuration settings.
winrm set winrm/config/service/auth '@{CredSSP="true"}'

Using CredSSP Authentication with Explicit Credentials
winm OPERATION –remote:https://myMachine –authentication:CredSSP –username:myUsername –password:myPassword

Reset Windows Local “Group Policy Objects” Back To Defaults

This is from MS KB/Q: 313222. It should not change or reset the IPSec settings, but you might want back them up just in case.

Use the SECEDIT command to copy the original setting that are stored in the “defltbase.inf” file.


Get BIOS Info from the Command Line using WMI

Use the WMI Command Line (wmic) utility to retrive WMI information including BIOS settings.

C:\>wmic csproduct get vendor,name,identifyingnumber
IdentifyingNumber   Name             Vendor
J**L**1             Latitude E6400   Dell Inc. 

Windows Domain Secure Channel Testing

Use the NLTEST.EXE utility to test domain communication methods.

U:\>nltest.exe /?
Usage: nltest [/OPTIONS]


Eject Removable Media command

From an administrative level command promt:

rsm eject /PF"Volume Label" /Astart

Windows 7 GodMode

Creating a folder with a specific name creates a folder window that contains all of the Windows settings, controls, and tools in one place.

Create a new folder and name it:


NTFS cluster size

To display detailed information about a NTFS drive or volume use this command:

C:\>fsutil fsinfo ntfsinfo C:

You should see something like this:

NTFS Volume Serial Number :       0x0af4abcdf4abb979
Version :                         3.1
Number Sectors :                  0x0000000009ffffff
Total Clusters :                  0x00000000013fffff
Free Clusters  :                  0x000000000088df34
Total Reserved :                  0x00000000000007e0
Bytes Per Sector  :               512
Bytes Per Cluster :               4096
Bytes Per FileRecord Segment    : 1024
Clusters Per FileRecord Segment : 0
Mft Valid Data Length :           0x0000000009a40000
Mft Start Lcn  :                  0x00000000000c0000
Mft2 Start Lcn :                  0x0000000000000002
Mft Zone Start :                  0x000000000080e620
Mft Zone End   :                  0x000000000081ae40
RM Identifier:        38C46565-B162-11DE-A33B-E580BFC3DE48

Variable expansion

Something to remember is that be default .bat and .cmd scripts do not process all the variable updates, or expansion, immediately. To use variable that are updated or created inside a loop for instance you must have Variable Expansion enabled.

A quick check to see if  variable expansion is enable in your command prompt is to run this:

If Variable Expansion is ON you will see:
c:\> echo !errorlevel!

If expansion is OFF you get:
c:\> echo !errorlevel!

When launching cmd.exe from a prompt; Command-line; Run…; or Search programs and files you can specify the /V:ON parameter to enable expansion.

Within a bat/cmd file variable expansion can be controlled through the SETLOCAL [ENABLEDELAYEDEXPANSION | DISABLEDELAYEDEXPANSION] statement.

Turn on variable expansion (delayed) and you will not be sorry.


Managing a Windows Internal Database – MICROSOFT##SSEE

Unfortunately the Windows Internal Database (WID) that is default for things like WSUS, SharePoint Services 3.0 and other MS products and roles does not allow TCP/IP connections.  In fact WID does not allow for remote connections at all.  It does allow local Name Pipes though.


Command line DHCP MAC address filtering

Enable or disable a filtering:

netsh dhcp server v4 set filter [enforceallowlist=1|0] [enforcedenylist=1|0] netsh dhcp server v4 set filter enforceallowlist=1 netsh dhcp server v4 add filter ["comment"] netsh dhcp server v4 add filter allow 00-21-70-AC-F2-D8 "Mike Wood"

DOS variables: %date% and %time%

Need to do some date and/or time manipulation in a DOS batch/command file? Here is a good example:

set filedatetime=%date:~10%-%date:~4,2%-%date:~7,2%_%time:~0,2%%time:~3,2%%time:~6,2%%time:~9,2%
echo %filedatetime% 2009-01-28_15120393

Hope this helps you with your batch files.