Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Softpanorama Search

Windows Security

News

See also

 Recommended Books Recommended Links Recommended Papers Fighting spyware

Antispyware tools

  

Fighting viruses
Integrity checking Registry security Internet Scams Creating baseline Creating Norton Ghost based baseline images Integrity checkers Windows Process Viewers Hardening Etc

Windows security consists of several  areas the most prominent of which is now Fighting spyware.  Due to the complexity of the system the main method of fighting complex Trojans like most spyware is to use regular baselines of you boot partition (usually C drive). Norton Ghost is probably the best method to create a baseline of boot partition that can serve you both as a backup and for investigation of security problems.

It makes sense to keep the size of boot partition small (less then 16G) so that the image can fit on one double layer DVD. 

Other important parts of baseline are:

To view programs that occupy your tray you can use msconfig or (especially in Windows 2000, in which msconfig is not available) Mike Lin's Startup Control Panel. You can also use Windows XP version of msconfig on Windows 2000 (that's true for most other utilities too).

Dr. Nikolai Bezroukov

Notes:
  • This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected.
  • The site contain some broken links as it develops like a living tree... Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link.
Google Search
Open directory
Research Index

Old News ;-)

2005 2004 2003 2002 2001

Appsec.exe: Application Security

  1. Clusrest.exe: Cluster Quorum
    Ctrlist.exe: Counter List Last Updated: 11/12/1999 - Lists
  2. DcDiag.exe: Domain Controller Diagnostic Tool
    Analyzes the state of domain controllers in a forest or enterprise to assist in troubleshooting.
  3. DELRP.exe: Delete File and Reparse Points Last Updated: 09/25/1999 - Deletes a file or directory and any associated NTFS reparse points.
  4. Delsrv.exe Last Updated: 12/02/1999 - Unregisters a service with the service control manager.
  5. DH.exe: Display Heap Last Updated: 11/30/1999 - Displays information about heap usage in a user-mode process or pool usage in kernel-mode memory.
  6. Dhcpexim.exe: DHCP Database Export Import Tool Last Updated: 10/26/2001 - Exports a DHCP database and server configuration from a server running Windows NT 4.0 Server or Windows 2000 Server for import into a destination DHCP server running Windows 2000.
  7. Diruse.exe: Directory Disk Usage Last Updated: 12/02/1999 - Displays information about a disk and the contents of its partition table.
  8. Diskmap.exe Last Updated: 12/02/1999 - Displays information about a disk and the contents of its partition table.
  9. Diskpart.exe: Diskpart Command Line Utility Enables storage configuration from a script, remote session, or other command prompt.
  10. Dmdiag.exe: Disk Manager Diagnostics Last Updated: 11/19/1999 - Saves disk volume configuration to a text file and writes a signature to a disk partition.
  11. Drivers.exe: List Loaded Drivers Last Updated: 10/27/1999 - Displays information on installed device drivers, their files, and their code.
  12. Drmapsrv.exe: Drive Share Hotfix - Automatically configures NET SHARE and NET USE client drives for Terminal Services server access.
  13. Dumpel.exe: Dump Event Log Last Updated: 12/02/1999 - Dumps an event log to a tab-separated text file.
  14. Dumpfsmos.cmd: Dump FSMO Roles Dumps the Flexible Single Master Operations roles.
  15. Dureg.exe: Registry Size Estimator Last Updated: 11/04/1999 - Shows how much data is stored in the registry, or in any registry subtree, key, or subkey.
  16. Efsinfo.exe: Encrypting File System Information Last Updated: 11/04/1999 - Displays information about encrypted files on NTFS partitions.
  17. Exctrlst.exe: Extensible Performance Counter List Last Updated: 11/19/1999 - Displays information on extensible performance counter DLLs installed on a computer.
  18. Extract.exe: Extract Cabinet Last Updated: 11/12/1999 - Extracts files from cabinet (.cab) files.
  19. FAZAM 2000, Reduced-Functionality Version Last Updated: 08/03/2000 - Extends Group Policy management functionality of Windows 2000.
  20. Getmac.exe: GetMAC Last Updated: 12/02/1999 - Gets a computer's MAC (Ethernet) layer address and binding order.
  21. Getsid.exe: Get Security ID Last Updated: 12/02/1999 - Compares the security IDs of two user accounts.
  22. Gpotool.exe: Group Policy Verification Tool Last Updated: 11/04/1999 - Allows administrators to check Group Policy object integrity and monitor policy replication.
  23. Gpresult.exe: Group Policy Results Last Updated: 11/30/1999 - Displays information about the result Group Policy has had on the current computer and logged-on user.
  24. Guid2obj.exe: GUID to Object Last Updated: 12/02/1999 - Maps a GUID to a distinguished name.
  25. Heapmon.exe Last Updated: 10/27/1999 - Enables user to view system heap information.
  26. Hlscan.exe: Hard link display tool Last Updated: 09/11/2001 - Displays hard links on an NTFS volume or in specified files or directories of the volume.
  27. Ifmember.exe Last Updated: 09/07/2001 - Checks whether the current user is a member of a specified group.
  28. IIS Migration Wizard Last Updated: 05/16/2001 - Migrates Web server configuration settings.
  29. Installation Monitor Last Updated: 11/12/1999 - Tracks changes made by setup programs in the registry, .INI files, and other child processes.
  30. Inuse.exe: File-In-Use Replace Utility Last Updated: 11/04/1999 - Performs on-the-fly replacement of files currently in use by the operating system.
  31. Ipsecpol.exe: Internet Protocol Security Policies Tool Last Updated: 04/23/2001 - Configures Internet Protocol Security (IPSec) policies in the Directory Service, or in a local or remote registry.
  32. Kerbtray.exe: Kerberos Tray Last Updated: 11/30/1999 - Displays ticket information for a given computer running the Kerberos protocol.
  33. Klist.exe: Kerberos List Last Updated: 12/02/1999 - Views and deletes the Kerberos tickets granted to the current logon session.
  34. Netdiag.exe: Network Connectivity Tester Last Updated: 05/03/2000 - Helps isolate networking and connectivity problems.
  35. Now.exe Last Updated: 12/02/1999 - Echoes the current date and time plus any arguments passed to it.
  36. Ntdetect.com (Installd.cmd) Last Updated: 11/19/1999 - Installs a debug version of Startup Hardware Detector used for troubleshooting hardware detection issues.
  37. Oh.exe: Open Handles Last Updated: 11/12/1999 - Shows the handles of open windows, processes, or objects.
  38. Oleview.exe: OLE/COM Object Viewer Last Updated: 11/30/1999 - Browses, configures, and tests Microsoft Component Object Model classes installed on a computer.
  39. Pathman.exe: Path Manager Last Updated: 12/02/1999 - Adds or removes components of the system or user path.
  40. Perms.exe: File Access Permissions per User Last Updated: 12/02/1999 - Displays a user's access permissions for a file or directory.
  41. Pfmon.exe: Page Fault Monitor Last Updated: 11/30/1999 - Lists the source and number of page faults generated by an application's function calls.
  42. Pstat.exe: Process and Thread Status Last Updated: 11/30/1999 - Shows the status of all running processes and threads.
  43. Pulist.exe Last Updated: 12/02/1999 - Lists processes running on local or remote computers.
  44. Qslice.exe: CPU Usage by Processes Last Updated: 12/02/1999 - Shows the percentage of total CPU usage per process.
  45. Rdpclip.exe: File Copy Hotfix - Copies files between Terminal Services server and client.
  46. Relog.exe Last Updated: 9/11/01 - Extracts performance counters from logs created by the Performance Logs and Alerts service.
  47. RPCCfg.exe: RPC Configuration Tool Last Updated: 11/02/2001 - Configures Microsoft Remote Procedure Call (RPC) to listen on specified ports.
  48. Rpcdump.exe: RPC Dump Last Updated: 12/02/1999 - Dumps all endpoints in the endpointmapper database, pings each endpoint, gathers other stats, sorts and displays the data.
  49. RPC Ping: RPC Connectivity Verification Tool Last Updated: 11/03/1999 - Verifies that Windows 2000 Server services are responding to remote procedure call requests from network clients.
  50. Setspn.exe Last Updated: 05/08/2002 - Manage Service Principal Names for an Active Directory directory service account.
  51. Setx.exe Last Updated: 12/02/1999 - Sets environmental variables in the the user or computer environment.
  52. Showperf.exe: Performance Data Block Dump Utility Last Updated: 11/11/1999 - Dumps the contents of the Performance Data block so you can view and debug the raw data structure.
  53. Sonar.exe: FRS Status Viewer Monitors key statistics and status, including traffic levels, backlogs, and free space, of file replication service (FRS) replica set members.
  54. Soon.exe: Near-Future Command Scheduler Last Updated: 12/02/1999 - Schedules commands to run within the next 24 hours.
  55. Sysdiff.exe: Automated Installation Tool Hotfix - Pre-installs applications as part of an automated setup.
  56. Timethis.exe: Timethis Last Updated: 12/02/1999 - Times how long it takes to execute a given command.
  57. Tracedmp.exe: Trace Dump Last Updated: 11/22/1999 - Processes a trace log file or real time trace buffers and converts them to a .csv file.
  58. Traceenable.exe: Trace Enable Last Updated: 12/02/1999 - Enables tracing and displays current tracing options.
  59. Tracelog.exe: Trace Log Last Updated: 11/04/1999 - Starts, stops or enables trace logging.
  60. Terminal Server Capacity Planning Tools Hotfix - Suite of tools that assist organizations with Windows 2000 Terminal Services capacity planning.
  61. User State Migration Tool Last Updated: 06/12/2000 - Helps migrate a user's documents and settings (state) before an operating system migration to Windows 2000.
  62. Vadump.exe: Virtual Address Dump Last Updated: 11/30/1999 - Shows the state and size of each segment of virtual address space.
  63. Whoami.exe Last Updated: 12/02/1999 - Returns the domain or computer name and the user name of the user currently logged onto the computer on which the tool runs.
  64. Winsta.exe: WinStation Monitor Last Updated: 10/08/1999 - Monitors the status of all users logged on to a Windows 2000 Terminal Server.
  65. Wntipcfg.exe: Windows NT IPConfig Utility Last Updated: 05/07/2001 - Gives you information about your IP configuration.
  66. Xcacls.exe Last Updated: 05/08/2002 - Sets all file-system security options accessible in Windows Explorer.

Download Free Windows 2000 Resource Kit Tools

[Oct 17, 2004] LinuxDevCenter.com PC Hacks for Linux Use the SystemRescueCD to repair a blown GRUB or LILO boot on double boot PCs.

Linux has advanced disk management and repair tools too. Of note is the SystemRescueCD from http://www.sysresccd.com. SystemRescueCD is offered as an ISO file that can be written to a CD-R to make a bootable rescue CD. The packages includes several essential tools for fixing Linux boot-up problems, including:

GNU Parted
Used for editing disk partitions under Linux.
QtParted
A Linux-based clone of PartitionMagic.
Partimage
A Linux-based clone of Ghost/Drive Image to create images of disks and partitions.
Sfdisk
A tool that lets you back up and restore a partition table.

It also includes a variety of filesystem tools that allow you to format, resize, and debug an existing partition of your hard disk supporting e2fs, reiserfs, xfs, jfs, ntfs, and DOS partition types.

With these tools on hand, you may never have to reinstall a Linux operating system again.

[Oct 10, 2004] Spyware became a real problem for Windows desktop. To help to fight it I created:

[Jan 2, 2004] Two nice windows implementations of Unix tools:

Recommended Links

In case of broken links please try to use Google search. If you find the page please notify us about new location
Google     

  • Scripts

    Scripts by Rick Kasten

    To use these scripts yourself:

    Click on a script to see the text.

    • Copy/paste the script to an editor (vi, Notepad) and save it with the proper extension

    Windows NT Command Line Scripts Windows Script Host Windows Script Components Active Server Pages Perl Scripts UNIX Shell Scripts

  • Windows NT Command Line Scripts

    Script (.CMD)

    Description
    FS Monitors the free space of the drive sent as a parameter.
    FSM Monitors the size of the file sent as a parameter.
    MM Monitors the free space of a drive and the size of a file hardcoded in the script. Combination of FS and FSM above.
    MMService MM script above that runs as a service.
    ReplicateWeb Script suite that automates and logs a Site Server replication project.
    ReplicateWeb Calls all scripts and sets the order and number of replications.
    Replicate Does the bulk of the work.
    ReportState Provides report checking for the replication project.
    LogWrite Writes string to logfile and the active window. If /t switch is used, the string gets written with a timestamp.
    RemoveReadOnly Removes read-only attribute from files and directories within hidden directories. Good for resetting attributes of webs copied off of CD.
    CycleLog Cycles Windows NT logfiles in UNIX format, i.e. logfile.1.txt -> logfile.2.txt, logfile.txt -> logfile.1.txt
    CycleAuthorLog Cycles the FrontPage Extensions author.log file. Offshoot of the CycleLog.cmd
    DelAll Deletes all files and folders from a directory. Includes all hidden and read-only files.
    DelDirs Deletes all folders from a directory. Just a different flavor of the above script.
    KillProc Searches for and deletes all processes matching the name given.
    NewIP Script suite that automates adding a second IP address to a machine and later removing the original. Designed to be used in a logon script to assist in moving a large number of machines to a new IP range.
    AssignNewIP Assigns a second IP address to the local machine.
    RemoveOldIP Removes second IP address from the local machine.
    Automated IIS 4.0 Security Checklist Automates many of the recommended security steps mentioned in the Microsoft Internet Information Server 4.0 Security Checklist. You can download the whole suite or check out the script and the registry changes.
    SecRecs.reg This registry file can be imported, implementing most of the registry-based security recommendations.
    SecRecs.bat Performs all of the non-registry recommendations and some of the registry changes that cannot be imported in a .REG registry file.
    Tripwire Email Reporting This suite does a few things. First, it contains Tripwire policy files for two web servers that I setup. These would be a good place to start when designing a Tripwire security policy. Second, it contains a configuration file that implements a sendmail-type of service for Tripwire running on Windows NT. The sendmail-type mail client is "twmail.exe" and it is a very simple RFC822-compliant mailer that allows you to set the From: address of the Tripwire report to anything you want (fixes a potential SMTP/firewall security issue). Third, it contains a Perl script that runs on the server end - the destination address to which the Tripwire report is mailed. The script parses the email and breaks it down into the added, changed and removed files, and then breaks each of those lists down further. If there are any files changed to the wwwroot directory, it emails an alert to a pager. Also, if there were any registry changes, an email page is sent.

    For more information on Tripwire security products, check them out on the web.
    TWReport.cmd Command-line script that is designed to execute a Tripwire security check and then a database update as a scheduled job.
    tripwire.pl The Perl script that parses the Tripwire report.
    twmail.exe Tripwire mailer. I don't know if this will work in any other function than with Tripwire.
    SetDate Sets the date of the system to a variable %Date% in YYYYDDD format where DDD is the day number of the year. For example, October 9, 2000, would be 2000283. Completely leap year compliant.
    SvcStat Spans all the servers in the domain, checks for the status of a service and reports the servername if the service is stopped.
    MakeUserShare Creates a folder share in a Windows 2000 cluster.

    Script (.VBS)

    Description - VBScript-based
    CycleAuthorLog.vbs A "port" of the CycleAuthorLog.cmd. Copies the FrontPage author.log file to a date format and then opens a command shell to compress it.
    FixDT.vbs Just a script that sets little items on my desktop the way I like them (Explorer settings, Control Panel, etc). An example of file/folder access and registry editing.

    To run the script, click here, select Run and hit OK.

    TimeSynch VBScript-based suite that installs a time synchronization process
    InstallTimeSynch.vbs Installs the proper version of the SynchTime.vbs script on the client.
    SynchTime.vbs The script that does the work. It just runs a shell that does a "net time /domain" and makes an entry to the Event Log.
    TimeService.vbs Installs the NT Time Service and starts the service. Currently (v1.15) requires the Time Service files and the INI file to exist in a certain location. That can be edited, but I am working on adding those settings automatically to the script and on putting the TimeService files on the web, so the script will automatically install everything with just a click.

    To run the script, click here, select Run and hit OK.

    ChangeLogDirectory.vbs Goes through all the webs on the local IIS 4.0 server and changes the directory where the web stores its log files to the "\logs" subdirectory of the local path.

    For example: Local Path = C:\InetPub\wwwroot
    LogFileDirectory = C:\InetPub\wwwroot\logs

    Windows Script Components

    Script (.wsc)

    Description
    QuickSort Update to component by Michael Harris which encapsulated QuickSort algorithms implemented in VBScript by Jim Staricka. I added some basic error handling.

    Active Server Pages

    Script (.asp)

    Description
    One-Day Password Enabler This ASP searches through an LDAP tree for accounts which match the account name of the client and return accounts named ~*. The client can then set the password of the '~' account. The account name is also added to a database which is parsed nightly by a process which disables the passwords on all the accounts whose passwords were set that day.

    This is designed to be used in order to allow logon access one a day-by-day basis.

    OneDayPW.asp The main ASP that searches for the matches and handles the POST.
    RemoveOneDayPW.vbs Disables the passwords of the One-Day Password accounts that had their passwords set that day. Runs as an automated process.
    One-Day Password Enabler Administration Main page foir administrators to promote users to One-Day Password managers and to remove those rights.
    AddManager Grants a user administrative permissions to One-Day Password accounts.
    RemoveManager Removes a user from having administrative permissions.

    Perl Scripts

    Script (.pl)

    Description
    NSPReporter.pl Parses the logs from Netscape Proxy Server and creates a comma-delimited report file. It handles nslookups, non-HTTP protocol handling and translates requests from unknown users into true users. Finally, it sends the report with BLAT (this runs natively on NT).
    tripwire.pl The Perl script that parses the Tripwire report. See the Tripwire suite above.
    Dictionary Editor Adds and remove words to your local dictionary. For use with pine and spell. Set the following environment variable:
    SPELL=spell +/home/uid/.dictionary


    To add a word: 

    dict.pl -a word

    To delete a word: 

    dict.pl -d word
    ListGroupMembers.pl Searches for an LDAP group and creates an LDIF file that lists the attributes for each uniquemember of the group.
    CreateOldAccessLogs.pl
    CreateOldErrorsLogs.pl    		 Parse through Netscape Proxy Server logs and create new daily access and errors log files.

    UNIX Shell Scripts

    Script (.sh)

    Description
    AddCron.sh Adds a script to your crontab. I use this to run jobs via cron only when I am logged in. I execute this script from within my .profile.
    RemoveCron.sh Removes a script to your crontab. I use this remove the job I added with AddCron when I logout. I execute this script from within my .profile.

    Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

    Disclaimer:

    Last modified: November 08, 2008