All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.

IE7 Move Menus To The Top

Since I started to use a computer back in 1990, the menus of every single application have been located at the top of the screen.  So when Microsoft decided to put the address bar above the menu bar in Internet Explorer 7… well, I just had to get rid of that.

Now this “hack” requires a little bit of registry editing, so the standard warranties apply.  Don’t do this unless you’re comfortable editing the registry.  Don’t know what regedit is?  Then this “hack” isn’t for you.

Step 1.  Open regedit.

Step 2.  Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

Step 3.  Create a DWord Key.

Step 4.  Name of DWord Key: ITBar7Position

Step 5.  Value: 1.

Step 6.  Close and reopen IE7.

Common BSOD Errors in Windows 2000 XP

BSOD = Blue Screen Of Death

STOP: 0x0000000A
IRQL_NOT_LESS_OR_EQUAL

This Stop error, which can be caused by either software or hardware, indicates that a kernel-mode process or driver attempted to access a memory location it did not have permission to access or a memory location that exists at a kernel interrupt request level (IRQL) that was too high. A kernel-mode process can access other only processes that have an IRQL that’s equal to or lower than its own.

STOP: 0x0000001E
KMODE_EXCEPTION_NOT_HANDLED

This Stop error indicates that indicates that the Windows XP kernel detected an illegal or unknown processor instruction. The problems that cause this Stop error can be either software or hardware related and result from invalid memory and access violations, which are intercepted by Windows’ default error handler if error-handling routines are not present in the code itself.

STOP: 0x00000050
PAGE_FAULT_IN_NONPAGED_AREA

This Stop error indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop error.

STOP: 0x0000007B
INACCESSIBLE_BOOT_DEVICE

This Stop error indicates that Windows XP has lost access to the system partition or boot volume during the startup process. Installing incorrect device drivers when installing or upgrading storage adapter hardware typically causes this Stop error. This error could also indicate a possible virus infection.

STOP: 0x0000007F
UNEXPECTED_KERNEL_MODE_TRAP

This Stop error indicates a hardware problem resulting from mismatched memory, defective memory, a malfunctioning CPU, or a fan failure that’s causing overheating.

STOP: 0x0000009F
DRIVER_POWER_STATE_FAILURE

This Stop error indicates that a driver is in an inconsistent or invalid power state. This Stop error typically occurs during events that involve power state transitions, such as shutting down, or moving in or out of standby or hibernate mode.

STOP: 0x000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL

This Stop error indicates that the system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by faulty or mismatched RAM or a damaged pagefile.

STOP: 0x000000EA
THREAD_STUCK_IN_DEVICE_DRIVER

This Stop error indicates that a device driver problem is causing the system to pause indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter or a faulty video driver.

STOP: 0x00000024
NTFS_FILE_SYSTEM

This Stop error indicates that a problem occurred within Ntfs.sys, the driver file that allows the system to read and write to drives formatted with the NTFS file system. (A similar Stop message, 0x00000023, exists for the file allocation table [FAT16 or FAT32)] file systems.)

STOP: 0xC0000218
UNKNOWN_HARD_ERROR

This Stop error indicates that a necessary registry hive file could not be loaded. The file may be corrupt or missing. The registry file may have been corrupted due to hard disk corruption or some other hardware problem. A driver may have corrupted the registry data while loading into memory or the memory where the registry is loading may have a parity error.

STOP: 0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH

This Stop message indicates driver, system file, or disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this Stop message to appear.

STOP: 0x0000008e
This is usually an issue with RAM, but it all depends on the system. Most often it will happen with Windows XP SP2.

Secure Your Linux Box

Here are just a few small tricks to use to secure your linux based machines.

Disable Direct SSH Access For Root – Hackers must break or know TWO passwords to damage your system
1. SSH into your machine as root
2. cd /etc/ssh
3. nano /sshd_config
4. Under Authentication change PermitRootLogin to “no”
5. service sshd restart (Ubuntu is sudo /etc/init.d/ssh restart)

Slow Down SSH Attempts – This slows down attempts to no more than 3 per minute
1. SSH into your machine and su to root
2. iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
3. iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
4. iptables-save
5. iptables restart

[UPDATE 01.28.2008]
This requires a new(er) kernel with built-in support for the “recent” tag
1. SSH into your machine and su to root
2. iptables -N SSH_CHECK (this will create a new chain to lable all incoming SSH connections as SSH_CHECK)
3. iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_CHECK (Checks the connection state port 22)
4. iptables -A SSH_CHECK -m recent –set –name SSH (labels the session type as SSH)
5. iptables -A SSH_CHECK -m recent –update –seconds 60 –hitcount 4 –name SSH -j DROP (Drops the connection if the hit counter reaches 4 in 60 seconds)

And then in Ubuntu
6. nano /etc/network/interfaces
7. After your eth0 or other network connection, add pre-up iptables-restore /etc/iptables.rules and post-down iptables-restore /etc/iptables.rules

[UPDATE 05.05.2009]
Running on Debian 5 this one works:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

[UPDATE 01.06.2010]
Running on Ubuntu 9.10 this works:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 240 --hitcount 3 -j DROP

This only allows 3 connection attempts (or successes) for every 6 minutes. Since my box is a small one that doesn’t require a lot of logins, I’d probably go even higher than this. Too high, though, and you could be locked out of your own box by others.

If you were to reboot your machine right now, your iptables configuration would disappear. Rather than type this each time you reboot, however, you can save the configuration, and have it start up automatically. To save the configuration, you can use iptables-save and iptables-restore.

[UPDATE 02.15.2010]
You can also limit based on username and IP address:

Limit based on Username:
nano /etc/ssh/sshd_config

PermitRootLogin no
AllowUsers userA userB@localhost userC@IPaddress

Limit based on IP address:
nano /etc/hosts.allow

sshd : localhost
sshd : 127.0.0.1
sshd : 192.168.0.0/24
sshd : localhost 127.0.0.1 192.168.1.* 172.16.34.253

nano /etc/hosts.deny

sshd : all

[UPDATE 08.31.2010]
You should probably make sure that your phpmyadmin and webmin installations are secured as well. It’s not hard to check the logs and see that there are many bots trying to gain access to these two installations – even if you don’t have them installed/configured on your box. Damn bots…

nano /etc/apache2/conf.d/phpmyadmin.conf

Obviously add your own IP’s into the config file. Then save the file and exit. Then restart apache.
apache2ctl restart

hal.dll Is Missing

I’ve had this issue almost as many times as I’ve had the NTLDR issue. So I decided to be a great guy and explain how I fix(ed) it.

Here’s the error: Windows could not start because the following file is missing or corrupt: \system32\hal.dll. Please re-install a copy of the above file.

1.) Boot off your Windows XP Disk
2.) If you require a HD driver (if you use SATA for example) make sure you have a floppy of the SATA drivers handy – you will need it.
3.) After the setup finishes loading, press R for repair.
4.) A recovery console will appear, select the installation of Windows you want to repair (usually C:\Windows)
5.) Type in your administrator password. In most cases this is actually blank.
6.) Type BootCfg /Rebuild (this will take a while, select the option ALL).
7.) You will have to select a few options here if you have more than one Windows bootable drive. ALL usually works just fine.
8.) Enter Load Identifier shows up. Type in something you’ll remember (I usually type TESTing)
9.) Enter Operating System Load Options shows up. Type /fastdetect

10.) Type exit. You should be done.

Installing NANO instead of PICO

This is a Linux type issue, so if you use Windows you need not read. I love having simple text editors. Who likes knowing how to exit out of VI or how to get the menus to work on emacs? And who has even heard of, let alone used, ee?

I grew up on PICO. Pico comes with most basic installations of Linux because it’s packaged with PINE (the email client). Pico gets the job done whenever I’ve needed it. I like using EE more, but it’s also harder to find on every system (FreeBSD is great). Enough buzz words? OK, on to the meat of the article.

Since no one likes to install extra software (you need to install PINE in order to get PICO on a system), I found a program called NANO. Here’s the simple steps to get it to install:

Oh, be warned that it requires at least a simple C+ compiler (oops).

Open up a terminal session.
type “wget http://www.nano-editor.org/dist/v1.2/nano-1.2.5.tar.gz” without the quotes
cd to the directory you downloaded the tar.gz to.
type “gtar xvvzf nano-1.2.5.tar.gz” without the quotes.
cd into the nano-1.2.5 directory.
type “./configure” without the quotes – this will tell you if there are any problems before compiling the program.
type “make install” without the quotes – this will actually install the required files into sbin and usr directories.
after the installation is finished, you can type “nano” or “nano {filename}” and run this very simple text editor.

Windows XP Hidden Files Boot.ini

Working in an IT environment, I find myself needing to make a lot of visual basic (.vbs) and batch files (.bat). Windows XP, in it’s infinite wisdom, defaults to hide the file name extensions that I need to change. Here’s a simple diagram on how to view these file extensions.

main window

Here you’ll see that I tried to make a batch file (.bat), but it’s still just a text file. Windows naming is then “batchfile.bat.txt”. In order for this file to run as a batch file, it needs to be “batchfile.bat”.

folder options

In any Windows explorer window, click on “Tools” and select “Folder Options…”

Then you’ll see this window:

folder options window

If you uncheck “Hide extensions for known file types” you will be able to see .doc, .bat, .txt, .html, .rtf and the like.

If you select “Show hidden files and folders” you’ll be able to see most of the hidden Windows folders and files throughout the system.

If you uncheck “Hide protected operating system files (Recommended)” you will be able to see the boot.ini file and edit it as well.