How to clear the MS Exchange mail queue quickly

Posted on December 2, 2010 by Ben Hamilton

Spent the day dealing with an exchange server that had been compromised. As a result, heaps of spam emails were in the exchange mail queue. Manually removing them is a major pain in the rear. Fortunately, others have shared how to clear the Microsoft Exchange mail queue of thousands for spam mails.

Stop the SMTP service.
Create a new spam folder for example in
C:\Program Files\Exchsrvr\Mailroot\vsi 1\Spam
With the SMTP service still stopped, move all the messages from the
C:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue
to the spam folder (in case you need to retrieve a message)
Restart the SMTP service.

Of course prior to doing that, the instructions at this Microsoft KB How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server is quite helpful in showing how to make sure your exchange server is not an open relay. It also shows how to test if it is an authenticated relay attack that is the problem.

How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server

Using registry values in scripts

Posted on August 22, 2010 by Ben Hamilton

I’m often writing scripts to do stuff. It makes my job easier. I’ve often wanted to be able to script the discovery of registry values in the Windows Registry.

Thus here is a short example on using the vanilla windows command line to find the value of a Windows registry key. From my testing these commands are all present by default in Windows XP, Vista, 7, Server 2003 and Server 2008.

Assume we want to find the Microsoft Windows Common Files directory. Using `Regedit` we can find that here: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir`

So the first thing we want to do is query the registry, we do that with the command line tool `reg` as follows ([more about reg][]):

[more about reg]:http://www.petri.co.il/reg_command_in_windows_xp.htm
“Read up on how to use the reg command for more than just a query”

`reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp`

This will spit out the following into the text file `1.tmp`:

—

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
CommonFilesDir REG_SZ C:\Program Files\Common Files

—

However, this isn’t of much use in a script. Really, we just want the value of the folder itself, not all the extra info.

So what we do is use the command line tool ‘findstr’ which essentially is a windows regex tool ([more about findstr][]). We use it to do this:

[more about findstr]:http://www.netexpertise.eu/en/windows/findstr-an-alternative-to-grep.html
“Read up on findstr – regex goodness on windows by default”

`findstr /r REG_SZ 1.tmp >2.tmp`

This spits out just the line that contains REG_SZ and puts it into the text file `2.tmp`. Now that we’ve just just the one line, we want to strip the first 32 characters off it. We do this by first setting it as an enviroment variale and then trimming it down using the following two commands ([more on set][]):

[more on set]:http://www.computing.net/answers/windows-2000/use-file-contents-to-set-variables/63174.html
“Using file contents to set enviroment variables”

`set /p CommFiles=<2.tmp`

And then we shorten that ([more on trimming][]):

[more on trimming]:http://www.dostips.com/DtTipsStringManipulation.php
"Read up on using set to trim environment variables"

`set CommFiles=%CommFiles:~32%`

Then we can echo the result to the screen using:

`Echo The Common Files directory is: %CommFiles%`

And here it is all in one easy to copy set:

---

Set CommFiles=C:\Temp
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp
findstr /r REG_SZ 1.tmp >2.tmp
set /p CommFiles=<2.tmp
set CommFiles=%CommFiles:~32%
Echo The Common Files directory is: %CommFiles%

—

With a little editing I’m sure that you can turn this to your own uses, pulling out the value of registry keys and using them in script files. You’re not limited to this registry key, you can use it to access all sorts of registry keys.

Please do tell me what uses you put this to.

Enjoy.

Finding user SID

Posted on August 22, 2010 by Ben Hamilton

Occasionally you may want to know the [SID][] of a windows user. If that made no sense to you, read no futher, this snippet is not for you.

[SID]:http://encyclopedia.thefreedictionary.com/Security+Identifier
“Read a definition of what the SID is”

Open up REGEDIT and browse to this key:

`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`

Here you will find a list of SID’s, under each is a subkey containing the name of the user it is associated with. Run through them until you find the username you’re looking for and bingo, it’s parent key is that users SID.

Found via [petri.co.il][]

[petri.co.il]:http://www.petri.co.il/forums/showthread.php?t=21332\
“petri.co.il is a wealth of tech goodness”

[Bonus link][]

[Bonus link]:https://secure.wikimedia.org/wikipedia/en/wiki/Security_Identifier
“More explaination of SID’s, decoding them etc”

Setting up WriteMonkey on WordPress

Posted on July 25, 2010 by Ben Hamilton

This post has been written using [WriteMonkey](http://writemonkey.com/ “Zenware for full screen distraction free writing”) as the text editor. Not only that but I’ve utilised Markdown as the method of text mark-up. All of this has been achieved using WordPress as my CMS, Firefox as my browser and a Firefox plug-in called It’s All Text.

My first impressions are actually good. Although its taken a little setup, I’m actually happy with the result. You see, using WriteMonkey as a text editor is, well, gorgeous. The screen is emptied of all distractions. With typewriter mode enabled, it is a pure joy to use.

Now to get this to work I did the following:

+ [disabled the visual editor](http://digwp.com/2010/06/blogging-in-markdown/ “Article by Chris Coyier on blogging in WordPress with Markdown”) in [WordPress](http://wordpress.org “The official WordPress site”),
+ installed the [It's All Text](https://addons.mozilla.org/en-US/firefox/addon/4125/contribute/roadblock/?src=addondetail “Firefox add-on page for It’s All Text”) Firefox plug-in,
+ installed the [PHP Markdown](http://michelf.com/projects/php-markdown/ “Download page for PHP Markdown”) [plug-in for WordPress](http://wordpress.org/support/topic/160189 “Help getting Markdown working in WordPress”),
+ started writing :)

Not so hard is it? Actually the writing bit is the hardest. But you knew that…

What it now means is that when I begin writing a new post in WordPress, I simple click the little edit button that appears, and WriteMonkey fires up, comes to the foreground and I start writing. To finish up, I press CTRL-Q and I click YES I do want to save it.

So I can whole-heartedly say that it’s worth the effort to setup [WriteMonkey](http://writemonkey.com/ “Zenware for full screen distraction free writing”). Go do it! It feels good.

Of course, now the hard bit is about to start, that is, do more writing.

PS: Only found out about WriteMonkey via [DownloadSquad](http://www.downloadsquad.com/2010/07/23/writemonkey-0-9-9-0-final-version-released-full-screen-text-lov/ “These guys are on the bleeding edge of shiny”)

How to: Clear Outlook Location list

Posted on July 23, 2010 by Ben Hamilton

Had an issue yesterday where we wanted to remove some entires from Outlooks location list.

Huh? When you book an appointment in Microsoft Outlooks calendar you can specify a location. If ACT! by Sage has a Resource that is designated as a location, when ACT! sync’s with Outlook that location list gets filled in.

So, we wanted to edit that list in Outlook. Well, you can’t.

But you can clear the list completely, which for our purpose suited us fine, it’ll get repopulated with the correct values.

Thus, without further ado, here is how you do this:

Open up Regedit and remove the value from this key:

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences\LocationMRU

Note that you will need to replace the version number for your version of Microsoft Office (14.0 = MSO2010, 12.0 = MSO2007).

Hat tip to superuser.com.

How to: discover open files on Microsoft Server

Posted on July 22, 2010 by Ben Hamilton

So you’re working on a Microsoft Server machine, merrily getting stuff done, when you get a message saying that it can’t continue because files are open. Sound familiar? It happens to me often.

Here is how I find out which files are open and who has them open:

If you’re working on a Microsoft Server 2008,
Start | Administrative Tools | Share and Storage Management | Manage Open Files…

Makes it a great deal easier, now you know which file needs closing, and who you need ask to do it.

Hope that helps you. Anything you’ve found helpful? Let me know in the comments.

Port Listening

Posted on October 13, 2008 by Ben Hamilton

If like me you need to test if network traffic is getting through a firewall then this tool will be of use to you as well.

You run it on the target/client system, specify which port you want it to listen on, a response message and click on listen. Able to listen on multiple ports even.

Get listen from here.

Resurrecting Terminal Server

Posted on September 16, 2008 by Ben Hamilton

A Terminal Server I was attempting to work on today gave quite a lot of grief. The first hint was that users were unable to login to it. When I then tried to login, it gave an error message of:
Login Failed
You are connected to the remote computer. Howerver, an error occured while an initial user program was starting, so you are being logged off. Contact the system administrator for assistance.

So I rebooted it remotely using the command shutdown /r /f /m \\TSERVER1 while having a continuous ping running, from the ping results I could see it go down, come back up. However on trying to login now, after entering a username/password I could see the logon script run, but no taskbar, start button appeared. Right clicking the desktop didn’t give any menu.

I could however navigate to the hard drive on that machine by pointing My Computer to \\tserver1\c$\.

Copying some of the tools at live.sysinternals.com I was able to view the event logs, no issues apparent, check status of various services, all ok.

So I connected via RDP once more (mstsc /v:tserver1 /console) and viewed the background (still no start button or taskbar) and pressed CTRL-ALT-END which allowed me to start the Task Manager. This allowed me to run a new task (File | New tas (run...)) so now I was able to copy the sysinternals autoruns program to the root of the C: partition, and run it from the affected terminal server. Running c:\windows\explorer.exe didn’t work tho.

Delving into it’s depths I found an entry for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer – renaming this entry then allowed Explorer to run. So I’ve exported the key (in case I do want it sometime) and then deleted it.

Rebooted the server once more and bingo, it lets everyone log in. Very satisfying after a couple of hours of mad hair tearing.

How to remove unwanted software

Posted on September 13, 2008 by Ben Hamilton

Like Symantec Anti-virus. At a friends house right now, and trying to uninstall the product, it won’t – it keeps saying that something else wants to keep it there. Very unhelpful error message by they way (if Symantec is listening).

Found a great page that explains how to remove unwanted software (surprise, they also trying to remove Symantec… hmmm….).

Here it is at it.toolbox.com/blogs/locutus.

In a nutshell this is how:

Open regedit, browse to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ WINDOWS\CURRENT VERSION\UNINSTALL
Then do a search for Symantec (or the name of the software you want to be rid of)
Copy the value of UninstallString
Open a command prompt (Start | Run | CMD) and paste the UninstallString here and add REMOVE=ALL to the end of that string, press enter.
It will look similar to this: MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} REMOVE=ALL
Done.

Terminal Server FTP without admin rights

Posted on July 9, 2008 by Ben Hamilton

I’ve just found myself needing to FTP some files to a clients site. The file are in the data directory on our company’s terminal server (which I don’t have admin rights on) and I need them on a SQL Server for a client.

I do have access to a FTP Server but the first step is to get the files up to the FTP Server then download them to the client site. Yes, I could use the command line tool ftp but that is just too painful at this time of day (read: night).

Thus a quick google turned up this: AnyClient – The Free No-Install FTP Client.

It is a java applet. What a lifesaver, nice gui (similar to Filezilla, which is my choice of FTP clients). Anyway, AnyClient is quick and easy to use. Just thought I’d share the find.

Oh, and of course, no admin rights needed, as there is no program installing. Yay!

ben.hamilton.id.au

what I find interesting in tech and CRM

Tag Archives: Howto