Removing viruses, trojans, and other malware from your Windows computer

Removing viruses, trojans, and other malware from your Windows computer


These steps are easy when you know exactly when your Windows computer  has been infected (e.g. inserting a USB stick, visiting a website with malicious software on your browser).

At the time of infection or shortly after infection, perform the following steps:

  1. Immediately turn off your computer and unplug it from the network / internet (remove the network cable or if you are using wireless, try to turn off the wireless connection / router – if you are not sure, just leave it).
  2. Reboot Windows and go into safe mode. You only need the basic safe mode without any networking, etc.
  3. To get into the Windows Safe Mode, as the computer is booting press and hold your “F8 Key” which should bring up the an options menu as shown below. Use your arrow keys to move to “Safe Mode” and press your Enter key. More information on safe mode can found on the Microsoft site by searching “Windows safe mode” along with your version of Windows.
  4. Use the Microsoft system restore to restore your computer to an early point before the infection began. This restore will revert system changes done by the virus, trojans, and other malware. The restore does not impact the “My Documents” and personal settings, so keep that in mind if you saved infected files to My Documents folders.
  5. System restore may be found differently depending on your version of Windows. The easy way is to use the built in Windows help (F1) in safe mode and search for system restore to find the program. If on Windows Vista/7, use the search on “restore system”. There are also instructions off the Microsoft site.

Sources:

Advertisements
Resize and Expand a Virtualbox Hard Drive and Media in 4 Steps

Resize and Expand a Virtualbox Hard Drive and Media in 4 Steps


Updated April 1, 2014

Often, people find their virtual machine hard disks are too small for usage needs. Below are steps showing you how to resize and expand an existing VMDK or VDI virtual hard drive in VirtualBox for use with a guest virtual machine (VM).

Things to Know Before You Start

  • If you already have a dynamically allocated disk that is VDI or VHD linked to the virtual machine, simply use the VBoxManage modifyhd –resize command. e.x. VBoxManage modifyhd <your filename> --resize 100000. That command would be for 100GB. You can then skip to the resize your guest OS step in this guide. If you’re not sure or don’t have it, read on.
  • If your hard drive is VDI, you can try the CloneVDI tool to resize your disk easily without and skip to the resize your guest OS step in this guide.
  • There are suggestions below to help you avoid having to resize virtual drives ever again by using large dynamically expanding storage and can be completed in 10-20 minutes.
  • Ensure your guest VM is powered off before executing the steps and that all hard disks involved are not connected to VMs.

Step 1: Create a New Hard Disk

Use VirtualBox to create a new hard disk (vdi) with your desired size. You can use the dynamically expanding storage or a fixed size disk. If you are expanding the hard disk capacity, choose a size significantly larger (e.g. double the size) than the original hard disk to avoid problems.
Note: Starting with version 4.0 of VirtualBox, to create new disk images, use the “Storage” page in a virtual machine’s settings dialog because disk images are now by default stored in each machine’s own folder. The screenshot below pertains to VirtualBox 3.0.

Disk Type should be the Same

Make sure the new disk you create is of the same type as your old disk you want to expand. So if you have an IDE hard disk already, create a new IDE disk. The same applies for a SATA disk.

Recommendation: Use a large size dynamically expanding storage

It is to your advantage to use a large dynamic hard disk with a high maximum storage space to save you from having to go through this resizing process frequently. Having a dynamic 300 GB or 2 TB virtual disk won’t actually take up 300 GB or 2 TB on your hard drive and only takes up the actual disk space used on the disk. The exception to the recommendation would be if the system storing your virtual hard disks has space restrictions and your hard disks tend to grow quickly (e.g. a virtualized database server sitting on a host machine with a small hard drive).

Use of a fixed-size storage

It is best to use dynamic storage; however, some people have experienced problems using the dynamically expanding storage and using the fixed-size storage solved their problems.

Step 2: Clone Your Old Hard Disk

You can clone your old hard disk with the VirtualBox VBoxManage command. Make sure your VirtualBox directory containing the VBoxManage command is in your operating system path or you can execute the command below from the VirtualBox with absolute paths (e.g. ~/.VirtualBox/HardDisks/old_hard_disk.vdi). If you are in the directory containing your HardDisk folder (e.g. ~/.VirtualBox/HardDisks), run the following:

VBoxManage clonehd old_hard_disk.vdi new_hard_disk.vdi ––existing
Notes on using VBoxManage:

  • There are *2* dashes before ––existing.
  • The commands shown are case sensitive and should be entered as shown. VirtualBox documentation contains more info on VBoxManage and command syntax.
  • If you are running VBoxManage in Windows and are not running the command in the same directory as the hard disks you are cloning, you may have to add quotations ” ” around your hard disk paths so the command can recognize the location of the hard disks. For example:

C:Program FilesOracleVirtualBox>VBoxManage clonehd "c:extUbuntu64Studio.vdi" "C:Folder With SpaceNewHardDisk.vdi" --existing

  • Make sure to follow the syntax ordering given by the VBoxManage command, otherwise you may get an error like Invalid parameter ‘C:FolderWithSpaceNewHardDisk.vdi’.

The command will work if your old disk is in the vdi and also the VMDK format. The “–existing” parameter tells VirtualBox that the clone operation is to an already existing destination medium. Only the portion of the source medium which fits into the destination medium is copied. Since the new_hard_disk.vdi for us is larger than the old_hard_disk.vdi, all the source will be copied to the destination (e.g. entire guest hard disk).

Note for VMDK images: Your original VMDK guest image could be in one VMDK file or split into multiple VMDK files done by a virtualization program like VMWare. The advantage of having split files is it makes it easier to backup to DVDs and discs. After the cloning, you will only have one large VDI. To back up to disc media you’ll have to use a program to split the guest image (e.g. guest’s own tools or file splitters)

Cloning hard disks… you see something like the following

Oracle VM VirtualBox Command Line Management Interface Version 3.2.12
(C) 2005-2010 Oracle Corporation All rights reserved.
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Clone hard disk created in format 'VDI'. UUID: ee28ab8b-8232-4c76-8c1b-184afdd1dd27

Step 3: Update the Guest Hard Disk

Replace the old guest hard disk with your new hard disk (i.e. new_hard_disk.vdi):

  1. Go to the settings for the guest VM and choose the “Storage” options.
  2. Select the appropriate controller (e.g. IDE Controller, SATA Controller) and add your new hard disk.
  3. Remove the old hard disk from the Storage section of your guest.

Step 4: Resize the Guest File System

If you boot into your guest operating system (OS), the file system will continue to only use the old hard disk partition set up. To use the increased disk space visible the OS, you can use disk partition management commands. The steps for the resizing the disk can depend on your operating system.

For Windows environments

Windows 7, Windows Server 2008

You can boot into Windows using the new hard disk and use the “Disk Management” utility to extend your hard disk volume. Right click on the drive you are extending and select the extend command.

Windows XP, Windows Server 2003, Windows 2000

Microsoft has a good knowledge base article on partition management for these versions of windows. Alternatively, you can use this partition manager tool from Aomei which works on a variety versions of Windows.

For other environments like Linux and Mac

You can use a Gnome Partition Editor GParted boot disk / live CD to resize the disk partition so the guest file system knows about the increased disk space. To use GParted on the guest, configure the guest to boot from the GParted CD (General -> Advanced tab set CD/DVD Rom as the first boot device, then select GParted CD). Instructions for using GParted and resizing disk partitions can be found at the GParted website or Google GParted resizing for several walkthroughs.

Note on Logical Volume Management (LVM) disks / partitions (common for Fedora installations)

You can graphically manage lvm partitions using the system-config-lvm Linux tool. Documentation for system-config-lvm is available for various flavors of Linux online and a comment from David in the comments section has confirmed this method works on Ubuntu 10 Server.

If you cannot use system-config-lvm, here are other options:

  1. Try GParted. GParted currently (December 2012) has some support for lvm (source: http://en.wikipedia.org/wiki/GParted). There is no easy way to expand a partition using lvm with the file system in the logical volume as supposed to ext3 or ext4 partitions.
  2. If the lvm partition does not contain the operating system, just create a new partition using GParted with ext3 or 4 (ext3 is safe) with the new virtual disk space. Go into the OS and copy all files from the lvm to the ext partition. Remove the lvm partition later after you have confirmed the files are converted and not in use.
  3. If the lvm partition contains your operating system (root lvm), either (1) copy your key files (e.g. /home/) to a backup and reinstall the OS or (2) attempt to convert the lvm to a different kind of partition or expand it. The (2) second option’s instructions are more complex due the active root partition and other things like resizing the file system. However, if you know Logical Volume Management (LVM) administration well, you can find some instructions on the internet and comments on this article from “zuzu”.

References

Six hard disk drives with cases opened showing...

Photo credit: Wikipedia

People’s Experience with These Steps

You can find in the comment section of this article other people’s experiences with these steps and their tips.

THANK YOU Readers!

This post has been enhanced several times thanks to reader comments.

Fix Audio Quality Issues in Windows Movie Maker 2.6

Fix Audio Quality Issues in Windows Movie Maker 2.6


If you are experiencing low, degraded, or bad audio quality in the movies you created in Windows Movie Maker 2.6 (MM 2.6), check out possible solutions below.

The solutions are aimed at when you are adding audio to a movie such as adding soundtracks with wav and mp3 files. The quality of these input audio files may be high, but for some reason the output file (movie file you save) and the movie preview (storyboard or timeline) in MM has worse audio quality than the audio files you used for the soundtrack of the movie.

Check existing codecs

Playback issues for movies are often related to codecs installed on your machine. Codecs are likely the cause of most sound input issues since MM may use different codecs for playback when the audio files are in your collections as supposed to when the audio file is now part of your soundtrack. Solving issues with codecs is difficult since everyone computer will have different ones installed and being used during the MM preview and playback. Possible solutions are:

  1. Observe if codec icons show up during movie playback or preview. Check the options for these codec icons.
  2. Change audio codecs: you could uninstall audio codecs being used and use the Window defaults or install new audio codecs.
  3. For advanced users, use a tool like G-Spot and check if you have the required codecs for an audio file installed.

Check Windows Movie Maker filters

In Windows Movie Maker, try going to “Tools > Options > Compatibility” and unchecking all the filters ending in .ax. It is possible these .ax filters are causing low audio quality in the movie preview and saving. This solution is common if you have installed a bunch of new codecs and filters. Also, if audio quality was fine before and now is low, it may be due to installation of new filters.

When saving the movie…

Check audio export settings during saving of movie

After you have completed your editing in MM and are ready to save your movie, look in “other settings” and select the appropriate audio settings. Note configuration of settings may work best with WMV output and may not solve problems with people saving to DV formats.

Convert soundtrack files to stereo or use alternative profiles when saving

Use alternative output file profiles (either the Windows Movie Maker defaults or custom profiles) within MM when saving the movie. Sometimes your audio may be configured to be mono only or stereo only which affects the soundtrack in the saved movie. WMV formats may allow more customization.

Audio file tuning

Here are possible solutions to common audio problems. They may not be useful if you really have codec issues, but can work if there are problems with the audio files used for your movie soundtrack.

  • If using MP3s, convert MP3s to wav. Use Audacity/TMPGEnc if you need to convert audio channels on sound files (e.g. mp3, wav) used in your soundtrack.
  • Play around with MP3 bitrate: e.g. if MP3 is at 256Khz, reduce it to 192Kbps @ 44.1kHz.

References

Find and match open ports and services in Windows

Find and match open ports and services in Windows


When running Windows, operating system tools allow you to find the mapping of a open TCP/UDP ports to a running service or application.

Netstat: Displays protocol statistics and current TCP/IP network connections

Use

> netstat /?

to find information about the options and usage for the command. To find all connections and listening ports, use:

> netstat -abo

To list the executables used in creating those connections, and finding the process ID for each connection. Using these commands, you can find all the open ports and process IDs listening on the system you are executing the netstat.

Task manager: Matching process IDs to processes

After obtaining the process ID from netstat, Windows Task Manager can be used to find out what those processes are. First add the PID column to the Task Manager processes list. After that, look for the process IDs you are interested in and found from netstat.

Tasklist: Getting service executable information

svchost.exe is a common service found in the task manager process list and sometimes there are several instances.

If you are using XP Professional, Vista, or Windows 7, to find more information on svchost, use the following command

tasklist /SVC

to find the executable name, process ID, and possibly some service information details.

Network connectivity troubleshooting step by step with commands

Network connectivity troubleshooting step by step with commands


This post is an enhanced version of my post on common practices for troubleshooting firewall rules that have been implemented to allow a server to connect with another server.

To help users in troubleshooting problems with network connectivity and firewall rule implementations, included below are step by step commands one can execute on a Windows or Unix system.

Step 1: Confirm network connectivity

On the source server, perform a operating system level connectivity test on established ports from source server/firewall to destination server/firewall. The test should verify routing, network address translation, ports, and URLs where applicable.

Telnet

Telnet is a good command to start your network connectivity tests. Open a command prompt on your server (e.g. cmd.exe or Powershell on Windows and a console or SSH session in Unix) and execute the following:

Note for Windows 7 users, you may have enable the Telnet client/command. To enable telnet on Windows 7, search in the start menu for “Turn Windows features on or off”. Click into that menu item and turn on the “Telnet client”.

<source_server> command prompt>> telnet <destination> <destination_port>

$ telnet justintung.wordpress.com 80

If there is connectivity from the source server to the destination, the telnet session should begin. On Windows and Unix, a blank screen or area should appear with a prompt. If there is no connectivity, it will just hang after the telnet command like the following:

Connecting To <destination_server>…

and then finally show:

Connecting To <destination_server>…Could not open connection to the host, on port <destination_port>: Connect failed.

Telnet hang on Windows PowerShell. Same thing happens on the normal cmd.exe window.

Moments later, we know the connectivity failed.

Other Telnet Failures

It is also possible you receive a message:

telnet: Unable to connect to remote host: Network is unreachable

This telnet message could occur from:

  • Routing issues – Try a ping to the destination server (ping <destination>). Hopefully the ping is successful, if not check the netstat -rn to examine gateways used for routing. It could be that a static/alternatve route needs to be created to the destination server using an alternative gateway.
  • Network infrastructure down – It is possible a piece of the network on the path to your destination server is down.
  • Incorrect information in telnet command – Make sure the IPs or fully qualified domains you are using in telnet are correct.

Terminology

<source_server> is the server we are coming from and where the command is being executed on the operating system. The firewall should be opened from the source server and its source ports to the destination server and its destination ports.

<destination> is the destination server IP or fully qualified domain name (FQDN). The IP should work whether you are using an IPv4 or IPv6 address. However, if you are testing IPv6 connectivity, it is likely you will use a FQDN due to the long length of IPv6 addresses.

<destination_port> is the port on the destination server you are trying to get to. The destination server should be listening on this port. The following command  (netstat -a) can be used on the destination server to check if the port is listening and you should be looking for the port after the IP address and whether its state is listening:

$ netstat -a

 Proto  Local Address          Foreign Address        State

 TCP    10.86.32.211:80            fcore:0                LISTENING

In this example, we know the machine where we are executing the command is listening on port 80 on the IP address 10.86.32.211.

If there is no connectivity, follow steps below for troubleshooting procedures.

Step 2: Check other stuff

Check firewall rule and network implementation

Check you have the right IPs, fully qualified domain names (FQDN), and ports for the servers. Sometimes firewall rules are not requested properly and more work needs to be done to make connectivity happen such as:

  • Host file entries
  • Routing: static routes, address resolution protocol (ARP) configurations
  • Network Address Translation (NAT)
  • Security: VPN configuration, If applicable, ensure SSL certificate trust is in place and/or certificate exchanges installed and in place (e.g. 1-way, 2-way SSL certificates installed, and destination network can see successful SSL handshakes).
  • Servers may have several IPs – make sure the correct ones are used and seen on the firewall(s)

Another type of test: Application Interface Test (depending on application availability)

This type of testing occurs from the application running on the source server and is common if you do not have access to the servers themselves and may be easier to perform. In this test, the application on the source server generates a test message/request to be received on the destination server interface and source confirms a valid response. This test confirms URL in place and basic messaging interface is available.

Step 3: Network connectivity troubleshooting on server

1. Test Connectivity on source server(s)

a. Initial test by server operator:
Telnet to destination IP via destination port. If IPs are using network address translation (NAT), choose the appropriate IP from source server – the IP the firewall sees and translates from the source server.

b. If telnet fails:
Check if static routing is done in source server routing table. Make sure routing goes to the correct default gateway and ping default gateway to check if it works.

Netstat – Checking the IP configuration on the server

netstat -rn

to check IP configuration on server and:

ping <destination_server>

Runs in Windows natively and in Unix sometimes under /usr/sbin/ping

c. If server routing table is ok:
Conduct the telnet test while having network resources monitor firewalls between source and destination points.

d. If traffic is not picked up on firewall:
Check points along the network path. If possible trace the network route. Traffic bound for the destination address should be monitored in case source server IPs are not seen on the firewall.

Traceroute – Find network routes

Use:

/usr/sbin/traceroute

to destination server and check for default gateway (assuming devices along the way do not have ICMP blocked).

Step 4: Network protocol/packet analyzers

If you have exhausted the steps outlined above and there is still no connectivity … 😦
you may have to use logging tools and applications traces.

The use of Wireshark, TCPdump, or similar tools for network protocol and packet analysis on the source and/or destination servers and firewalls will aid in the troubleshooting by checking for abnormalities or errors in packets.

Analyzing application logs

If you are working with applications that need the network connectivity, you can enable verbose logging on the application. When testing web services, you can enable logging for protocol level APIs. For example, if a Java application is a web service client and is connecting to the web service endpoint, we could enable logging of the HTTP implementation in Java via JVM arguments or look at the verbose logging of the Java SSL or Java Secure Socket Extension (JSSE) APIs.

Random thoughts:

There is no place like ::1

System administration 1: Useful Commands and Locations on Windows and Unix/Linux

System administration 1: Useful Commands and Locations on Windows and Unix/Linux


This post lists common commands used in Windows and Linux/Unix system administration, server support, and troubleshooting.

Linux/Unix

The first command indicates the command name (searchable with a man page). The parens indicate useful extensions

File Searching, Browsing

Command Usage/Function
ls (-al) List files and directories
find (./ -name  or expression ‘in quotes’) -print Find files given filename and other parameters.Some usage patterns are below.-exec is powerful since it defines what to do with the file(s) found by the find command. For example, you can use grep to look for information inside those files (see below).
find / -type f -exec grep -l “string_here” {} ; Find files containing a string called “string_here”
find / -type f -print -exec grep -l “string_here” {} ; >Find files containing a string called “string_here” and output the lines from those files that contain that string. -print will show which files were found.
find . -name ‘*s’ -print To see which files within the current directory and its subdirectories that end in s
grep Display files and extract information containing word / pattern after the command
egrep Extract line containing word / pattern after the command
pwd Print (output to console) current working directory
less, more Console content control/reader
locate
Cp
mv
Rm (-Rf) Remove (with recursive and forced)

ampersand (&) – Executed after a UNIX command makes the command run while providing the command prompt back. Using & allows you to continue to type more UNIX commands.

Common use of the ampersand ( & ) is at the end of commands that open their own windows like a web browser or an editor..

The amperand (&) means something different when used immediately after a greater than (>) for output redirection or after the pipe symbol ( | ) for passing output to other commands.

Utility

Command Usage/Function
cat
man Manuals (help pages) for system commands.
ln –s Create symbolic links between files
touch
ftp File transfer protocol program
ping
finger
telnet
ssh Secure Shell
bash Bash shell (running activates bash shell on console if it is available).
Rm (-Rf) Remove (with recursive and forced)
nslookup OR dig OR host Domain name service lookupdig -x <ip> or nslookup <ip> does reverse lookup
whois Query
traceroute Trace network route
lynx Text based HTML browser
mount, unmount Mount or unmounts file systems
date Date/time on system
runmqsc (WebSphere Messaging Queue MQ) ex. runmqsc <queue>

DISPLAY CHSTATUS(*) 
- display all channels info
DISPLAY CHSTATUS('<queue>')
STOP CHANNEL('<queue>')
RESET CHANNEL('<queue>')
START CHANNEL('<queue>')
DISPLAY CHANNEL('<queue>')
wget GNU tool to retrieve web or file content.
Example of using wget to create of backup of a website (web archive) stored on your local computer. See the wget manual for more options.Get/backup website content for offline viewing:

[dark_box]wget -c -m -k -K -E -P/tmp http://url_of_the_website[/dark_box]

Get/backup website content for offline viewing. Limit rate to reduce load on the target website and ignore robots file. Ignoring the robots file is helping for backuping up everything under a website and for WordPress blogs.

[dark_box]wget -c -m -k -K -E -P/tmp –limit-rate=300k -e robots=off http://url_of_the_website[/dark_box]

Here is what each option means:

  • wget > Download web content
  • -c continue from partially downloaded files, useful for finishing a partial wget in the past
  • -m or –mirror > recursively with time-stamping (), while
  • -k -K > converting links for local viewing
  • -E or –html-extension > and add .html extension for html files if not present.
  • -P or –directory-prefix=… > Download the web content to the directory indicated; in this case /tmp.
  • http://&#8230; > Location where to start the web backup / archival
  • ––limit-rate (e.g. –limit-rate=300k ––wait=2> To limit your download rate and prevent overloading or taxing the performance of the web server

ystem Administration

Command Usage/Function
prstat: report active process statisticssar: System activity reportermpstat : Report per-processor or per-processor-set statistics Check CPU utilization, per CPU statistics. (e.g. sar 1, sar -u 10 60, mpstat 10 60)(e.g. Stats by zone: prstat -Z, Stats by Projects/users prstat -J)
useradd (Solaris) Create a user Example: useradd -d /export/home/smithjo -m -k -s /bin/bash -c “John Smith” -g100 smithjo
userdel (Solaris) Remove a user. Example: userdel -r smithjo
The -r option removes the users home directory and login information
groupadd (Solaris) Modify a user’s information like group
usermod (Solaris) Modify a user’s information like group
rpm (Redhat based systems) Package manager
ifconfig (-a) Display IP address information including loopback and inet interfaces, sometimes in /usr/sbin
hostname (-f) Obtain hostname information of server
domainname Display a servers domain name
pkgadd (Solaris), yum (Fedora, RPM)package-cleanup Package manager tools (e.g. yum install <program name>
chkconfig
chownchmodchgrp File ownership and rights management. E.g. chown <new owner> <filename>chmod 664 <filename> for rw-rw-r
File compressions and ExtractionCompressgzip -c file1 file2 > foo.gztar cf – target_file_or_directory | gzip -c > target.tgzgtar -cvzf target output.tgzUncompressgzip -dc output_file.tar.gz | tar -xf – Related commandsCreate a tar file:tar cvf <tar.filename> <files.to.tar.up>Extract a tar file:tar xvf <tar.filename>Check the contents of a tar file:

tar tvf <tar.filename>tar (-xzif)

Unzip

unzips a zip filegunzip :unzips tar.gz files

sendmail Mailer
mail Email management
head
tail (-f) See near end of file or stream file with -f
passwd User password management
su Assume root user or user specified after command. Will prompt for password.
sudo Assume root user only for command following sudo. Will prompt for password.
last
who
df (-akh) Reports on disk space on mounted and mounted file systems
md5 Checksum command
cron Scheduler
uname (-a) System/machine information
ps (-ef) (-Al) List (all) processes and their details
xinetd
kill (-HUP) Send signals to process. E.g. kill -9 <pid> kills a process with pid specified
shutdown (now) (-r) Shutdown operating system e.g. -r restart afterwards “now” shuts the system down right away without a time delay
netstat (-an) Network information for system, port listeners and addresses. E.g. netstat –rn to view existing kernel IP routing table

Programming

Command Usage/Function
gcc (or cc) C compiles
pico, nano File editors
make Builder program

Useful Concepts for Linux/Unix

Directory Structure

Logs, spoools, and file resources (mail, logs, temp, etc.): /var

Configuration Files: /etc, /etc/rc.init (startup scripts). /etc/sendmail.cf

Unix “blackhole”: /dev/null

Core Command locations if not in path: /usr/(s)bin, /usr/local/(s)bin, /usr/sfw/bin/ | Solaris: /usr/openwin

Devices (I/O): /dev

Mounted Systems: /mnt, /media

Code Libraries/Modules: /usr/lib, /usr/local/lib

Stored source: /usr/src

Services: /etc/services – example of entries in services file (ports and protocols associated with the ports.

netstat         15/tcp
ftp             21/tcp                 # File Transfer
ssh             22/tcp                 # Secure Shell
telnet          23/tcp

Platform Specific

User settings ~/.<user setting folder>

e.g. ~/.kde/share/apps stores KDE desktop settings and configurations.

Checking serviers and ports in netstat

less /etc/services | grep <service name>

netstat -a | grep <service name>| grep <keyword, e.g. LISTEN>

Checking Memory

Check Total physical memory:

# prtdiag -v | grep Memory # prtconf | grep Memory

Check Free physical Memory:

# top (if available) # sar -r 5 10 Free Memory = freemen*8 (pagesize=8k) # vmstat 5 10 Free Memory = free

For swap:

# swap -s # swap –l

Windows

Command Usage/Function
certmgr.msc Certificates
ciadv.msc Indexing Service
comexp.msc Component Services
compmgmt.msc Computer Management, central administration panel for Windows. Can also be used to access IIS administration console.
control mouse Open control panel for mouse
defrag, dfrg.msc Disk Defragmenter
devmgmt.msc Device Manager
diskmgmt.msc Disk Management
eventvwr.msc Event Viewer
fsmgmt.msc Shared Folders
gpedit.msc Group Policy
lusrmgr.msc Local Users and Groups
msconfig Startup files and processes configuration
ntmsmgr.msc Removable Storage
ntmsoprq.msc Removable Storage Operator Requests
perfmon.msc Performance monitor
regedit Registry editor
rsop.msc Resultant Set of Policy
sc query Find function. E.g. Find a Windows services called “WSearch”sc query | FINDSTR /i /r WSearch
secpol.msc Local Security Settings
services.msc Services and Process manager
wab Windows address book
wmimgmt.msc Windows Management Infrastructure (WMI)

Remote Desktop Management related commands

ERROR The terminal server has exceeded the maximum number of allowed connections

If you encounter this error, you can either reboot the terminal server you are trying to remote desktop to or log into the machine as an administrator.

To log in as the administrator:

mstsc /v:<ip address e.g. 192.168.2.32) /console

By using /console at the end of the command you will be logging in as if you were at the server. Alternatively, if you are using Windows Server 2003, run this comment instead (replace /console with /admin)

mstsc /v:<ip address e.g. 192.168.2.32) /admin

If you can telnet or ssh to the server you can use the following command. This command will kill all active RDP sessions to free one so you can connect.

tsdiscon /1

tsdiscon /2

tsdiscon /3

tsdiscon /4

Session cleanup

When you execute the commands above, log in as an administrator on the machine. That log in allow you to use the console on the server.

Remove any disconnected users via the Terminal Services Manager

Start > All Programs > Administrative Tools > Terminal Services Manager

Click on the name of your server and the right side should show a list of users. If the users are disconnected, reset the users to free up the two normal remote desktop connections. Right clicking the disconnected user and selecting “Reset.”

It is good practices to only use the console to disconnect inactive sessions and not for anything else. Make sure you disconnect inactive user sessions first with the instructions above, otherwise if you get disconnected again you will have to physically access the server.

Remote Desktop sessions should always be closed using the Windows <<Log Off>> function rather than disconnecting by closing the window as using the X to close will disconnect from the session but leave it active.

References

Random thought:

Despite carefully following installation and configuration procedures for various programs, they still tend not be smooth.