Microsoft Windows – General
Group Policy supports the management of
machines and users in an Active Directory environment. By
creating and editing Group Policy Objects (GPOs) that
contain associated policy settings and linking these
GPO's to groups of machines or users, specific configuration
policy settings can be managed from a central
location. In this way,
an administrator in an Active Directory
environment can granularly apply settings to
potentially thousands of machines
You cannot apply group policy to groups
GPOLIST API called and processes machine
settings. Reads machine policy on DC, SITE, DOMAIN, OU
and MACHINE in that
order. (See diagram below)
New key for group policy application
gpupdate /force Forcefully rereads
settings. Looks for updates GUIDS and removes local cache copies.
Win 2000 Command to forcefully reread policy
Ned gets No
Help, No Run and No Control Panel.
Bart gets No
Help, No Run and No Logon Button.
Bart now gets
Help, Run and Logon Button.
In Cartoon Town
group policy tab select No override
Bart now gets No
Help, but gets Run and Logon Button due to Block Inheritance being selected.
Note: - No
override only works on the policy applied to. If you want to enforce must set
New user Barney,
new group Flanders Users, add Ned to Flanders Users
GPMC – Policy –
Security Filtering add Flanders Users
Barney now has
Control Panel, Ned doesn’t
if member of OU and Group. You can filter using groups but cannot apply policy.
WIN 2000 +
Partitions Only Volumes Only
Primary Use 1MB of storage on each volume to
Primaries, 1 Extended Configuration Data
Extended, many logical NOT on laptops
Command line for managing disks
diskpart>select disk 0
diskpart>select partition 2
diskpart>extend size=100 disk=0
Junction points are links to virtual drives.
Can now extend
volumes. You can extend any directory other than the root directory containing
Can have spanned and
striped volumes. Cannot do mirroring!!
Select Disk and Right click
Lose 1MB when
create new disk all new disks to take into account possible conversion to
Dynamic Disk later.
Permissions are the
LEAST restrictive of the two. Bart has Full
Control due to the fact that he is a member
of the Simpsons Group; however, the
ACL on the file only gives Simpsons Modify so Modify is all Bart
Bart gets Modify overall, Modify from share permissions, Full
Control from ACL, hnce Modify is the least
File Permission Inheritance
Move files on same
drive ACL’s stay the same
Copy files on same
drive ACL’s inherit from parent
Move between drives
ACL’s inherit from parent = Copy and delete
Files stored on the
server uses Servers resources to uncompress when user accesses them.
Compressions is 4
Zipped is about 9
Can compress or
encrypt, not both.
You attempt to set up a connection with a secure web server.
It sends you back a certificate. Internet
Explorer has inbuilt public keys belonging to all Trusted Certificate
Authorities. Will decrypt Certificate
with embedded Trusted CA Private Key on the fly. A session is then set up.
If a popup box appears
when trying to negotiate https access you should be wary
XP generates a File
Encryption Key (FEK) using 3 DES symmetric keys. If you encrypt file with Barts
Public Key only Bart can decrypt.
If you also encrypt file with Homers Public Key both can share and
file.The Private key is
stored in a users profile and encrypted with the users password.
Should a users
profile become corrupted the only way of recovering this file is to use a
- Resource Kit Tool tells you who has encrypted file and who it belongs to.
Tools for Recovery
Last Known Good
Problems (Shell Console only.)
Problems (Services Load downwards only.)
Problems & System Partition Problems
regedt32 Load Hive Navigate to DC Select User
Profile and edit ntuser.dat
Boot from CD
At Welcome to
Setup Screen select R
Type HELP for
list of commands available
All files on cd
are compressed and need to be expanded
i.e. expand halaacpi.dll_ d:\
Note: - Version
of XP CD must match OS trying to update files to
for changing the environment for 1 boot up only – Excellent for troubleshooting
In startup tab
deselect items you do not want to boot
tab select /bootlog which will save the boot information (including errors) to
Does not save data
just system settings at time of restore. If you install a .msi product the
system will automatically
save a restore point
Strips out dll and exe files on rollback,
leaves a lot of files and directories from previous installations i.e.
Office directory still present alongside 80%ish
Just designed to
keep the machine running.
Note: - Don’t
restore before a service pack
Found in system
volume information folder on root directory under _restore …..
RP0, RP1 to RPn
directory numbering structure
Win XP cd winnt32 /cmdcons
Computer A and C
receive IP addresses from the DHCP server. If the RFC 1542 compliant
configured both sides B would
also. DHCP enabled
computers not receiving address will assign
themselves a 169.254.x.y address.
This is due to Automatic Private IP addressing (APIPA) scheme.
From Windows 98
R2 DHCP is:
Discover Offer Request Acknowledge (DORA)
Local Computer Policy Windows Settings Security
Restrictions Right Click Create New
Select .exe file to
restrict or allow – this is done by adding a new hash rule.
You CAN circumvent
these rules by using the following workaround:-
Open a command prompt:
echo h >> nmap.exe
or open file using notepad etc.
May also get this to work on
Windows File Protection Files by amending the
registry as by default all windows protected files are
automatically replaced if corrupted, lost, deleted
Remote Installation Services
Second F12 press
triggers TFTP server (UDP 69) which copies down Client Information Wizard (CIW)
and add in RIS
RIS done in Active Directory
Users and Computers, Right Click, Properties on DC box should have a RIS tab)
Note: - DHCP server
needs to be authorised in Active Directory
Note: - RIS server
needs to be authorised in Active Directory
Strips out machine uniqueness and then asks for RIS server location and sends it
to SIS on
RIS server. This is not a
ghost file. Point to Point installation only so a lot of bandwidth
required. Will not
be able to carry out integration
Connection established with Point to Point Protocol
Encrypted with Point to Point Tunnelling Protocol (MS Point to Point Encryption)
Layer 2 Tunnelling Porotocol (IPSEC)
Authentication PAP Password Authentication Protocol
SPAP Sheva Password
CHAP Challenge Handshake
CHAP (Reversible Encryption)
MSCHAPv2 (Mutual Authentication)
Note: - Least
secure PAP to most secure EAP
Applying Security Templates via MMC
Open MMC and load
Security Configuration and Analysis snap-in (SCAT)
click SCAT, create a new database
click SCAT choose either:
computer against template or
Configure computer to template
Increases workstation security
Significantly increases workstation security
Reduces security settings to allow legacy applications to run
completion – Windows Command Line
FAT to NTFS
convert c: /fs:ntfs
Windows contains the "Media Sensing"
feature to detect whether a NIC is in a "link state." A "link state"
is when the NIC connecting or inserting itself on
the network has a "link" light to indicate the current
connection status. Whenever Windows detects a "down" state on
the media, it removes the bound
protocols from that adapter until it is detected as "up" again. There may be
situations where you may
not want your network adapter to detect this state, and you can configure this by
editing the registry.
To prevent your network adapter from
detecting the link state, follow these steps.
1. Use Registry Editor
(Regedt32.exe) to view the following key in the registry:
Add the following registry value:
Data Type: REG_DWORD -Boolean
Value Data Range: 0, 1 (False, True) Default:
Description: This parameter controls
DHCP Media Sense behavior. If you set this value data to 1,
DHCP, and even
non-DHCP, clients ignore Media Sense events from the interface. By default,
Sense events trigger the DHCP client to take an action, such as
attempting to obtain a lease (when a
connect event occurs), or invalidating the interface and routes
(when a disconnect event occurs).
2. Restart your computer.
Disable Netbios Null Sessions (Registry)
HKLM/ SYSTEM/ CURRENT_CONTROL_SET/
CONTROL/ LSA/ RESTRICT_ANONYMOUS
Local Security Policy --> Local Policies --> Security Options
Access Do not allow enumeration of SAM Accounts (Enabled)
Access Do not allow anonymous enumeration of SAM accounts and shares
HKLM/SYSTEM/CURRENT_CONTROL_SET/CONTROL/LSA/RESTRICT_ANONYMOUS = 1
SP2 to XP
(full) "Network Install" of the Service Pack (English
version [266 MB]), and save it
to a directory (folder) on your hard drive
Copy your Windows XP CD
to your hard drive. i.e to D:\XP-CD).
Open a Command Prompt,
and go to the folder where you downloaded SP2 (cd \[FOLDER_NAME]).
Type the command: [SERVICE_PACK][FILENAME]
Windows XP-KB835935-SP2-ENU /integrate:D:\XP-CD.
N.B. Does not work on a Windows 2000