Category Archives: Miscellaneous

Anything and Everything

Linux, Microsoft, Miscellaneous

Forgotten Passwords

Leave a comment

I can’t tell you the number of people that come up to me and ask if I can retrieve their password. For certain devices I can either reset the password or I can figure out a way to reset the password. Several websites give options to reset your password. Several Instant Messaging programs give the option to reset your password. I’m really just trying to see how many times I can type “reset your password”.

So here’s the lowdown on what can be reset, and a mostly “how-to” do it:

Mac OS 6.* – 8.5: If you set up a password you’re a fool. The OS doesn’t support native passwords and is a single user OS. You set one? Reformat and start from scratch. Or just live with it.
Mac OS 8.6 – 9.*: Read above. The OS was meant to be a single user Operating System, but somewhere along the line someone decided it would be a good idea to include basic password login protection. Usually a reboot will yield an “auto login” situation where you can change the preferences of a screen saver password. Otherwise you’ll have to reformat once again.
Mac OS X.*: Here’s the really easy part – Apple has included the utility to reset the password for you. It’s on the Apple Installation Disc. Don’t have the disc? You’ll have to download or buy one then. Have the disc? Boot off of it (press and hold C while turning on the computer), and then when you see a menu at the top of the screen click on Utilities. You’ll now see a “reset password” option. You can get the rest from there.

Windows 95/98: Press ESC instead of trying to login.
Windows ME: Burn your computer and that crappy Operating System and buy a new one.
Windows 2000/NT/XP/2003/Vista: Find a linux boot disc (knoppix should work) that can edit SAM files and reset administrator passwords.

Ubuntu: Press ESC at the grub prompt, Press E for edit, Select the line that begins with Kernel and press E, Go to the very end of the line and add “rw init=/bin/bash” without the quotes, Press enter and then B to reboot. This will give you full root shell access, so then type “passwd ” to reset that user’s password.

A lot of people work in corporations with Active Directory Microsoft Windows computers. Here’s a couple things that people should know:
1.) Administrators do NOT know your password for your login to the computer. We can reset it, but we can’t retrieve it (with normal means)
2.) Administrators do NOT know your password for your personal chatting application. We, like EVERY OTHER PERSON, can go to the provider’s website (ie yahoo.com/aim.com/msn.com) and have them send a reset password email to the registered email address.
3.) Administrators do NOT know the POP server or IMAP settings to your personal email. I actually block access to POP and IMAP so I don’t have to hear this one daily.

Miscellaneous

No I Will Not Fix Your Computer

Leave a comment

I stole this from another site (http://www.broowaha.com):

The real reason your company’s computer guy doesn’t want to work on your personal PC.

“I’m sorry, I don’t work on personal PC’s. It’s nothing personal, I promise”.

Have you ever heard these words come from the lips of your company’s in house IT guy? Have you ever asked and been rebuffed? Well don’t fret. Rest assured dear user, it really isn’t personal. A lot of us computer guys just don’t work on personal PC’s.

“But why not?” you ask. A computer is a computer right? If it’s broke you can certainly fix it and maybe make a little money on the side. It shouldn’t take you long, you’re an expert.

As tempting as tax free money on the side sounds, it usually just isn’t worth the hassle. That’s right, I said it. It’s a hassle for us to work on personal PC’s. The laundry list of why it is a hassle is long, but I will try to just touch on the most significant aspects of it.

First off you have to realize that people that work in a corporate or government IT dept are used to dealing with standardized hardware and software configurations and being in total control over the goings on of their network. We know the hardware and software inside and out. We are in control of the inventory, we know what types of printers we have, and know what the most common problems are that occur with our standardized hardware and software. We like to be in control. When you bring us your personal PC from home, we don’t know what kind of software you have installed, where it came from, or what kind of hardware you may have connected to it that may or may not be causing your issues.

Secondly, we don’t like to have to “overlook” stuff you may have on your computer that may or may not be “legal”. Is that copy of Office 2007 you have installed on your PC properly licensed? Did you pay for the thousands of mp3’s you have in your “My Music” folder? It honestly bothers us to work on somebody’s computer and see software like Limewire or the likes of it, because we then know you are illegally downloading music. Honestly we want no part of that. We don’t want to know because many of us possess professional technical certifications from Microsoft and others, and with those designations come ethical responsibilities and the like. These companies are our bread and butter if you will, and we don’t like to see them ripped off. Plus when you get sued by the RIAA, we don’t want to be called on to testify against you.

Thirdly, we honestly can’t charge you what our time is actually worth. When you bring in your PC loaded down with viruses and trojans, we could literally have to spend hours cleaning it up, and even then we may not be able to successfully clean it. Nasty infections are generally very difficult to get rid of and usually require that the operating system be reinstalled from scratch, which just adds time to our task.

Fourthly, (is that even a word?) we don’t enjoy working on computers as much as you might think. You know those guys you see on TV that are always messing with computers and talking about the latest whiz bang graphics card that renders a bajillion polygons per second? Guess what. We’re not them. We are IT professionals. We are usually highly specialized in our fields and concentrate on one area of expertise. We usually don’t know about the latest graphics card unless one of our AutoCAD users is getting a new machine and it requires a high end graphics processing unit. To us computers are just a job, a way to make a living. When we go home at night, we want to spend time with our families, chilling in front of the tube and eating dinner. We don’t want to spend all evening trying to figure out why your ipod won’t talk to your computer.

Please understand I’m not trying to be rude. I’m just trying to make it easier for you to understand that it’s really not personal, it’s not that we don’t like you. We really just don’t like to work on personal PC’s.

Miscellaneous

Disable Folder Redirection Synchronization

Leave a comment

I came across this issue when we had an employee with a personal computer (that turned into a work computer) leave the company. I had to remove all the work applications and put the computer back to the state it was before we applied all the group policies and such to it.

As a side before we start, I know that I could just reformat the machine and then reinstall the drivers. But that just takes too long. Uninstalling 4 applications, removing the computer from the domain, and performing a few other tasks takes about 15 minutes to accomplish.

Here’s how to disable folder redirection with My Documents synchronization:
1.) Open MMC (Start >> Run >> MMC)
2.) Control M to add a module
3.) Alt D to add the snap-in module
4.) Navigate to Group Policy Object Editor (or a similar name)
5.) Click Add, and then finish (you’ll want it to be on the local machine anyway)
6.) Click Close, then OK
7.) Navigate to Local Computer Policy >> User Configuration >> Administrative Templates >> Network
8.) Disable Synchronize all offline files when loggin on, logging off, and before suspend.
9.) Reboot

Miscellaneous

Linux Show Hard Drive Lifetime Specs

Leave a comment

This is a pretty cool tool I came across while doing research for another topic. Basically if you run Linux you can run this tool.

1.) sudo smartctl -a /dev/sda (or in my case it’s hda)

And that’s it. If it gives you an error, try running sudo smartctl by itself. If it says it requires tools to be installed, you can use apt-get install smartmontools.

This will give you all the details as reported by the SMART hardware system built into all newer drives. Total hours in use, power cycles, temperature, recovered errors, failures. Some of the data can be a little bit off (my initial reading of HD temperature was 705757226C) but overall it’s pretty neat.

Microsoft, Miscellaneous, Troubleshooting

Microsoft System Tools MRT SFC

Leave a comment

Here are some hidden gems within the Microsoft Windows OS. I’m pretty sure these still apply to the newest Vista OS, but if not then it’s for XP ONLY.

Start >> Run >> “MRT”.
This will load up the Microsoft Removal Tool (Also known as Microsoft Windows Malicious Software Removal Tool). This will scan all of your files to see if some of the well-known Trojans or Viruses are loaded on your machine. This is NOT a replacement for AntiVirus software.

Start >> Run >> “SFC /SCANNOW”.
This will load up the System File Checker tool (Also known as Microsoft Windows XP Windows File Checker Version 5.1). This program will find all altered system files and fix them to the original. You’ll need a copy of your i386 folder (found on the Windows XP CD-ROM) in order to take full advantage of this tool.

Computer Hardware, Miscellaneous

Video Settings

Leave a comment

I figured this might help someone, including myself.

Computers:
CGA: 320 x 200
QVGA: 320 x 240
VGA: 640 x 480
WVGA: 800 x 480
SVGA: 800 x 600
XGA: 1024 x 768
SXGA: 1280 x 1024
SXGA+: 1400 x 1050
UXGA (UGA): 1600 x 1200
WSXGA+: 1680 x 1050
WUXGA: 1920 x 1200
QXGA: 2048 x 1536
WQXGA: 2560 x 1600
QSXGA: 2560 x 2048
WQUXGA: 3840 x 2400

Television:
NTSC: 720 x 480
HD 720: 1280 x 720
HD 1080: 1920 x 1080

Linux, Miscellaneous

Secure Your Linux Box

Leave a comment

Here are just a few small tricks to use to secure your linux based machines.

Disable Direct SSH Access For Root – Hackers must break or know TWO passwords to damage your system
1. SSH into your machine as root
2. cd /etc/ssh
3. nano /sshd_config
4. Under Authentication change PermitRootLogin to “no”
5. service sshd restart (Ubuntu is sudo /etc/init.d/ssh restart)

Slow Down SSH Attempts – This slows down attempts to no more than 3 per minute
1. SSH into your machine and su to root
2. iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
3. iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
4. iptables-save
5. iptables restart

[UPDATE 01.28.2008]
This requires a new(er) kernel with built-in support for the “recent” tag
1. SSH into your machine and su to root
2. iptables -N SSH_CHECK (this will create a new chain to lable all incoming SSH connections as SSH_CHECK)
3. iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_CHECK (Checks the connection state port 22)
4. iptables -A SSH_CHECK -m recent –set –name SSH (labels the session type as SSH)
5. iptables -A SSH_CHECK -m recent –update –seconds 60 –hitcount 4 –name SSH -j DROP (Drops the connection if the hit counter reaches 4 in 60 seconds)

And then in Ubuntu
6. nano /etc/network/interfaces
7. After your eth0 or other network connection, add pre-up iptables-restore /etc/iptables.rules and post-down iptables-restore /etc/iptables.rules

[UPDATE 05.05.2009]
Running on Debian 5 this one works:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

[UPDATE 01.06.2010]
Running on Ubuntu 9.10 this works:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 240 --hitcount 3 -j DROP

This only allows 3 connection attempts (or successes) for every 6 minutes. Since my box is a small one that doesn’t require a lot of logins, I’d probably go even higher than this. Too high, though, and you could be locked out of your own box by others.

If you were to reboot your machine right now, your iptables configuration would disappear. Rather than type this each time you reboot, however, you can save the configuration, and have it start up automatically. To save the configuration, you can use iptables-save and iptables-restore.

[UPDATE 02.15.2010]
You can also limit based on username and IP address:

Limit based on Username:
nano /etc/ssh/sshd_config

PermitRootLogin no
AllowUsers userA userB@localhost userC@IPaddress

Limit based on IP address:
nano /etc/hosts.allow

sshd : localhost
sshd : 127.0.0.1
sshd : 192.168.0.0/24
sshd : localhost 127.0.0.1 192.168.1.* 172.16.34.253

nano /etc/hosts.deny

sshd : all

[UPDATE 08.31.2010]
You should probably make sure that your phpmyadmin and webmin installations are secured as well. It’s not hard to check the logs and see that there are many bots trying to gain access to these two installations – even if you don’t have them installed/configured on your box. Damn bots…

nano /etc/apache2/conf.d/phpmyadmin.conf

Obviously add your own IP’s into the config file. Then save the file and exit. Then restart apache.
apache2ctl restart