Archive for : February, 2012

post image

Not! Why you get dual screen monitors

This is not why I spent 1 hour installing a dual screen monitor on your desktop!  They weren’t sure that they where going to use them.  Turns out they did use them!

 

530c0e28-2ea9-495f-afeb-190e9576ba4cGotta Love people…  Don’t think I will ever forget this one!

I did remove the second monitor from this station.

 

 

 

 

VBScript – Automate Joining domain and changing name

This script will do the following:

  1. Rename the computer
  2. Checks to see if name matchs what you want it to be “domain-” plus the computer services tag
  3. Set a task to execute the script again in 2 mins
  4. Restart the computer
  5. When the script runs again (number3) it then joins the domain 
  6. delete itself from the local host
  7. restart the computer

 This script works with windows XP – it can be modified to work with other versions of windows link 2000 and 7. 

 {code lang:vb id:13}{/code}

 

This script should be placed in the root of the c: drive.  The great thing is that it delete’s itself when it is finished. I use it by adding it to my sysperep file.  Using it to run this task after it has done its tasks..  

 

Let me know how it works for you. 

 

Thanks 

Automate Renaming and Joining a domain using vbs

This script will do the following:

  1. Rename the computer
  2. Copy the script locally
  3. Set a task to execute the script in 2 mins
  4. Restart the computer
  5. When the script runs again (number3) it will see that the computer name matches the “domain” plus services tag serial and join it to the domain
  6. restart the computer
  7. delete itself from the local host

This script works with windows XP – it can be modified to work with other versions of windows link 2000 and 7.   {code lang:vb id:13}{/code}

Multiboot USB Disk that does everything

YUMI-Boot-MenuMultiboot USB Disk that does everything

Download Yumi 

Using Yumi to give you the edge for USB boot Disks. 

 

List of Supported boot Disks

 

YUMI can create a Bootable UFD containing the following

 

 

 

Back Door Admin Discovery and Removal

Scenario:

You are working with a computer in your domain and you discover a unknown user account in the document and settings or users (windows 7) folder of the computer.  You search your Active Directory for that user and don’t find them.  You then check the local computer users and computers to find that this is a backdoor administrator. Then you have to ask several questions: (I added my answers below each question)

  1. How did this local user account come to be on this computer?
    •  A boot disk was used to bypass the local security and create a backdoor administrator account.
  2. How did they compromise your security?
    • They where able to use the F12 to gain access through the boot menu.
  3. Who is the most likely to be responsible for compromising the security of the system?
    • This computer was a student computer and is most likely caused by students.
  4. How far spread is this problem?
    • Upon check several computers in this computer cart I discovered it was a school wide problem.  = ( 
  5. How can we fix this?
    • Remove the Local Admin users
    • Remove ability to boot to USB drive and CD/DVD drive
  6. What is the next step?
    • Create a script to do it for me to all computers on the server!

 

Students  created backdoor admin accounts with Hiren’s Boot CD http://www.hiren.info/pages/bootcd it allows them to boot in from the cd drive and add backdoor admin that can be used to bypass the security of the domain.

 

The Solution

Bios Settings

In the Bios you will need to ensure the following

  • The bios is password protected
  • In the boot order remove the
    •  USB Drive
    • CD Drive
    • DIskette Drive

Discover how wide spread the problem is 

To Discover how wide speard this problem is I need to create a script that does several functions.  I first need it to go through a list of computers (within my Active Directory) and then have it test if the computers is on, if it is I want it to get a list of all the local accounts with Local Administrator Access to the machine.

Script for Discovering local admins in your domain.

Run this script as a domain admin

{code lang:vb id:11}{/code}

Explained:

This script looks at a list of computers located on a server.  It will use the name of each line, break then go to the next line.  Once it has the computer name it will then  check that the computer is online.  If it is online it will then write to a file a list of accounts listed in the local Administrators group.  When the script is fhinished it will prompt completed.

It run my entire directory it took about 45mins and returned about 275 computers that where on.

Delete the Local Admins

This code will delete the local compters based on their names.

{code lang:vb id:12}{/code}

The End Results

  • I removed the ability to boot to another other device than the Harddrive.
  • Was able to list all the local admin accounts to determine the usernames of backdoor administrators
  • Ran a script that deleted the local admin accounts on the machines
In the end I was able to locate the local admin in each computer on my domain.  I could then look for users that didn’t belong in the local administrator group adding each suer the script. Then I took each compuoter that had a rouge admin account and add it to the script. Running the final script will delete the users from the computers all from the comfort of your chair!

See attched Sample files for examples of the files used with this script.