Updating virus definitions for Symantec AntiVirus Corporate Edition

To copy an .xdb file to a Symantec AntiVirus client

• Copy the .xdb file to the correct folder, depending on the program version:
  • For clients that run Windows 2003/XP/2000, the default folder is one of the following:
    • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\

      The Application Data folder may be hidden.

  • For clients that run Windows 98/Me, the following is the default folder:
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ or C:\Program Files\Symantec AntiVirus\
  • For clients that run Windows NT 4.0, the following is the default folder:
    C:\WinNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\

Source: http://service1.symantec.com/support/ent-security.nsf/docid/2002103012571948

2007 Spell Check Not working

Start Regedit and goto the following key:
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing
Tools\1.0\Override\en-US

I had 2 entries (DLL and LEX) pointing to non-existing files.

Rename these to oldDLL and oldLEX.

After this change all Spell Checking worked normal again.

Source: http://help.lockergnome.com/office/2007-Spell-Check-working-ftopict928009.html

Global address not updating under Outlook cache mode

n cached mode, users will appear the next morning. Exchange rebuilds the Offline address book at 4am(i think). If you want to force a manual update..

Expand Recipients, click on Offline Address List. Right click on Default Offline Address List in the right pane. Click Rebuild. The Rebuild could take some time depending on how many users you have.

To get the new users to appear in outlook once the rebuild has been done: Open Outlook, Click Tools –> Send/Receive –> Download Address Book. Then place a check in Download Changes since last Send/Receive. Click OK. The new OAL will download.

Source: http://forums.msexchange.org/m_1800427039/mpage_1/key_/tm.htm#1800427039

How to block IP address ranges in uTorrent – using ipfilter.dat

In case that you experience lots of hash fails in your uTorrent client, or just simply want to filter out suspicious IP addresses, you should use an IP blocklist.

Here is how:

1. Download an appropriate IP blocklist. The file will be saved in .gz format, therefore you will have to unzip it. The result is a file called “ipfilter.dat”, that is the IP blocklist.

2. Copy/paste the ipfilter.dat file into your %appdata%\utorrent folder. This folder looks like “C:\Documents and Settings\<your Windows username>\Application Data\uTorrent”.

3. Start uTorrent, go into Options -> Preferences -> Advanced, set the ipfilter.enable option to True and hit Apply/OK.

If you have successfully executed the above steps, then on the Logger tab of uTorrent, you should see something like “Loaded ipfilter.dat (xxxx entries). If you see there “0 entries”, then something went wrong.

You can reload the list without restarting uTorrent, by simply setting the ipfilder.enable option to False/OK and then True/OK.

The same ipfilter.dat file can also be used in your eMule client.

Source : http://decoding.wordpress.com/2007/05/24/how-to-block-ip-address-ranges-in-utorrent-using-ipfilterdat/

Very slow download from Updates from Microsoft

BITS uses idle system time. If your machine is too busy it’ll take forever
to download. Try setting the BITS foreground bit like this:

WsusDebugTool.exe /Tool:SetForegroundDownload

Source: http://forums.techarena.in/server-update-service/233749.htm#post865019

How To View and Kill Processes On Remote Windows Computers

Windows provides several methods to view processes remotely on another computer. Terminal Server is one way or you can use the command line utility pslist from Microsoft Sysinternals site. While both options are good alternatives, Windows XP and Vista provides a built in utility for viewing and killing process on remote Computers using Tasklist and Taskkill commands.

Both tasklist.exe and taskkill,exe can be found in %SYSTEMROOT%\System32 (typically C:\Windows\System32) directory.

To view processes on a remote Computer in your home, you will need to know the username and password on the Computer you want to view the processes. Once you have the user account information, the syntax for using tasklist follows:

tasklist.exe /S SYSTEM /U USERNAME /P PASSWORD

(To view all tasklist options, type tasklist /? at the command prompt)

To execute, click on Start \ Run… and in the run window type cmd to open a command prompt. Then type the tasklist command, substituting SYSTEM for the remote computer you want to view processes, USERNAME and PASSWORD with an account/password on the remote Computer.

(NOTE: if you are in a Domain environment and have Administrator rights to the remote Computer, you will may not need to specify a Username and Password)

tlist1.png

Now if there was a process that needed to be killed, you can use the taskill command. As with tasklist, you will also need the Username and Passoword on the remote Computer. The syntax for using taskkill is

taskkill.exe/S SYSTEM /U USERNAME /P PASSWORD /IM PROCESS

(To view all taskkill options, type tasklll /? at the command prompt)

Where SYSTEM, USERNAME, PASSWORD is the same as above for the tasklist command, and IM is the process image name you want to kill. In the above screen shot we will kill firefox.exe by typing the following at the command prompt:

taskkill.exe /S wtn1 /U joe /P ddd1234 /IM firefox.exe
SUCCESS: The process “firefox.exe” with PID 196 has been terminated

You can also kill a process using the PID (Process ID) of the process. In the above example the PID for firefox.exe is 196:

taskkill.exe /S wtn1 /U joe /P ddd1234 /PID 196

If the process does not terminate, you can use /F to forcefully terminate the process.

taskkill.exe /S wtn1 /U joe /P ddd1234 /PID 196 /F

Source: http://www.watchingthenet.com/how-to-view-and-kill-processes-on-remote-windows-computers.html

WSUS Client Self Update has stopped working

If I manually install WindowsUpdateAgent20-x86.exe /wuforce on the clients
and then run wuauclt /detectnow updates will pop immediately and all is fine
after that.

Source: http://forums.techarena.in/server-update-service/466615.htm

WSUS client problem

Failure Software Synchronization Windows Update Client failed to detect with error 0×8024400e.

Try issuing the command ‘proxycfg -u’ on a few of the clients. Then
issue ‘wuauclt /resetauthorization /detectnow’.

Source: http://forums.techarena.in/server-update-service/753433.htm

WSUS – Client Troubleshooting Tool Requirement

Client Troubleshooting Tool Requirement

I’d like to see either one tool (i.e wuauclt.exe) that does “everything”, or two tools: wuauclt (that runs client stuff) and waucltLINT (that sorts out issues, ala DNSLINT, etc). I can live with either, although there might be value in having 2. But in what follows, I’ve assumed that JUST wuauclt.exe is to be used.

The following feartures/switches are needed.

1. /? – list parameters and usage

/? – describes usage of wuauclt.exe

The /? switch should be supported and give details of wuauclt usage. If client options are in error, this summary is displayed following an explanation of why the error occured. ALL command line tools should support this option.

2. Verbose mode console logging, with multiple levels

/v – verbose mode
/vv – very verbose mode

Both switches cause wuauclt to output normal log information to the command line (STDIO). /v provides basic information, while /vv logs greater detail. /vv is what is logged in normal logs. While wuauclt can log to a log file, it’s more work for the admin when troubleshooting, The admin has to run the command, then navigate over to another folder, find the log, the navigate to the end of it, to find out where the run began. This is harder than it needs to be, and the /v, /vv options could just pipe log entries to stdio.

3. List client configuration

/configlist – lists WUAUCLT configuration.

This option lists all configuration items current by the client, and includes the client version number, AU policy/registry settings and provide details of all AU clients files, version numbers, file dates, etc.

This helps admins (and MS) to ensure that the right client versions are loaded.

4. Install the correct AU client by force

/installAUclient
/installAUclientFromMicrosoft

This option causes the system to contact either the confiugred WSUS server, or Microsoft’s WU server, and to reinstall forefully the latest version of the AU client.

This enables admins (and MS) to ensure that the latest client versions are loaded, and enables download from Microsoft for roaming systems.

5. Make /DetectNow a little less silent

/DetectNow – forces a client AU detection and logs details

The /detectnow option should log to stdio what it is doing. This includes what WU server is it contacting, how many updates are on the WU server, and how many are needed by the client, etc, and any information being sent back the server. This is really no change, just requesing some level of output to stdio. This makes troubleshooting quicker.

6. Clear Log File

/clearlogfile – clears the client update log file
/clearandsaveogfile – saves the current client update log file to a named file, then clears the update log.

Currently, the client log appears to be non deletableand just grows. This is a potential DOS vector. Also, for troubleshooting, it’s helpful to be able to clear the log (possibly saving it first for later detailed exam).

7. Download Updates Now

/downloadnow – initiates an immiate downoad of any requried update using BITS
/downloanowfast – initiates an initiates an immiate downoad of any requried update using HTTP.

This option forces the AU client to start downloading of any outstanding updates. the secton version downloads using HTTP, and is therefore much faster in elapsed time and is mainly used for troubleshooting isues (or possibly to speed up larger updates). Often, expecially for laptops that have been ‘abroad’ for awhile, you want to just get all the approved updates NOW, and not wait for the next detection time.

8. Stop Downloading AU Updates

/stopdownload – stops any AU updates being downloaded (either using HTTP, or BITS).

This option stops the downloading of any AU updates either queued, or in progress. Just as you can invoke a download, you need to be able to stop it.

9. Test WSUS Server Connecttion

/TestWSUSServer – checks connection with configured WU Server

This option attempts to coonect to the WSUS server configured, and checks that a connection can be made, and that communcations between AU client and WSUS server is working. This would be useful for example, to diagnose network communications failures, or an internal firewall that might be accientally blocking some traffic between client and server.

Source: http://www.wsuswiki.com/ClientTroubleshootingTools

Auto logon for Windows XP

Would you rather not have to log on after your computer starts? If you’re the only person who uses your computer, you can make life a little easier by skipping the Welcome screen completely and having Microsoft Windows XP take you straight to your desktop.

To automatically log on to Windows XP upon startup

Click Start, and then click Run.

Note: Remember your user name at the top of the Start menu, because you’ll need it later.

In the Open box, type control userpasswords2 and click OK.

Clear the Users must enter a user name and password to use this computer check box. Click OK.

Click the User name box, type the user name that was displayed on the Start menu in step 1. If you normally type a password to log on, type your password in both the Password and Confirm Password boxes. Otherwise, leave these boxes blank. Click OK.

Automatically Log On dialog box

Auto logon now allows anyone to start and use your computer without typing a password.

Source: http://www.microsoft.com/windowsxp/using/setup/tips/advanced/autologon.mspx