Monitorando LOGON com vbs

Eu uso aqui no trabalho e funciona muito bem! Um amigo usou o mesmo script e colocou como script de logon e logoff.
Nas configurações de segurança de pastas concedo permissão ao usuário para somente alterar, e desmarco a opção excluir!

‘Inventario basico da Estação de Trabalho
‘Romeu –

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\”& strComputer & “\root\cimv2″)

Set colSettings = objWMIService.ExecQuery (“Select * from Win32_ComputerSystem”)
Set colBIOS = objWMIService.ExecQuery (“Select * from Win32_BIOS”)
Set colDisks = objWMIService.ExecQuery (“Select * from Win32_LogicalDisk”)

Set IPConfigSet = objWMIService.ExecQuery (“Select IPAddress from Win32_NetworkAdapterConfiguration “)

Set oNetwork = CreateObject(“WScript.Network”)

‘Basta alterar o caminho UNC para onde vc queira armazenar os logs.
UNC = “\\caminho\invent$\”

strComputer = oNetwork.ComputerName
struser = oNetwork.UserName
systime = Now()
srtDay = cstr(day(systime))
strMonth = cstr(month(systime))
strYear = cstr(year(systime))
strTime = cstr(Time())
Const ForAppending = 8

For Each objComputer in colSettings
strManufac = objComputer.Manufacturer
strModel = objComputer.Model
strMemo = objComputer.TotalPhysicalMemory/1024000
Next

For each objBIOS in colBIOS
strSerial = objBIOS.SerialNumber
strBVersion = objBIOS.Version
Next

For Each strIPConfig in IPConfigSet
If Not IsNull(strIPConfig.IPAddress) Then
For i=LBound(strIPConfig.IPAddress) _
to UBound(strIPConfig.IPAddress)
‘WScript.Echo strIPConfig.IPAddress(i) &” – i=”& i
strIP0 = strIPConfig.IPAddress(0)
‘strIP1 = strIPConfig.IPAddress(1)

Next
End If
Next

For each objDisk in colDisks
strDiskTotal = objDisk.Size/1024
strDiskFree = objDisk.FreeSpace/1024
Next

Set fso = CreateObject(“Scripting.FileSystemObject”)

StrNew = UNC & strIP0 &”.log”

set sf=fso.OpenTextFile (StrNew, ForAppending, True)
sf.writeline “NOME DO HOST =” & strComputer & “; UserID =”& strUser &”; Date =”& srtDay &”-”& strMonth &”-”& strYear &”; Time =”& strTime & _
“; Manufacturer =” & strManufac & “; Model =”& strModel &”; Serial Number =”& strSerial & “; BIOS Version =:”& strBVersion & _
“; Memoria Fisica Total =”& strMemo &”; MAC ADDRESS =”& strMac & “; IP ADDRESS =”& strIP0 & _
“; Disk Size =”& strDiskTotal &”; Free Space =”& strDiskFree

Como ativar acesso SSH no ESX 4.0

Por padrão o esx 4.0 vem com o acesso de root via ssh desabilitado! veja como habilitar neste link em inglês!

http://www.vladan.fr/how-to-activate-root-ssh-access-in-esx-4/

01.) First you must login as a root at the console of your ESX 4 Server.

02.) Then you must navigate to the /etc/ssh directory. Just type in:  cd /etc/ssh

03.) Open nano (text editor, easy to use…) type: nano sshd_config

Navigate to the line saying PermitRootLogin no and change it to Yes.

04.) Type then CTRL+X to exit. On the prompt answer Y (as Yes to save the modified file).

05.) Then you’ll need to restart the sshd service typing: service sshd restart.

06.) While you are in the cosole just type in the following two commands to open firewall ports:

esxcfg-firewall -e sshServer
esxcfg-firewall -e sshClient

svchost viewer

FONTE: http://svchostviewer.codeplex.com/

Project Description
A program to see what all those svchost.exe are running.

Ever wondered what all those svchost.exe processes are running ?? Well here is an app
to tell you, it gives you some basic information like the Name and description.

- No installation required.
- Only requirement is that you have .net installed (ver 2.0 or newer).
- Work in Windows XP (sp2) and Vista and Windows 7(Beta).
- Coded in C#

DOWNLOAD

Transformando o windows 7 e o 2k8 em um Wifi Hot Spot

Desenvolvido por Chris Pietschmann

The Wireless Network create/shared with Virtual Router uses WPA2 Encryption, and there is not way to turn off that encryption. This is actually a feature of the Wireless Hosted Network API’s built into Windows 7 and 2008 R2 to ensure the best security possible.

You can give your “virtual” wireless network any name you want, and also set the password to anything. Just make sure the password is at least 8 characters.

DOWNLOAD AQUI

Entendendo ataques Man in the middle

Exelente matérial sobre ataques man in the middle escrito por Chris Sanders’

Understanding Man-in-the-Middle Attacks – ARP Cache Poisoning (Part 1)

Understanding Man-In-The-Middle Attacks – Part2: DNS Spoofing

Understanding Man-In-The-Middle Attacks – Part 3: Session Hijacking

BlueScreenView – View BSOD (blue screen) crash information stored in dump files. Exelente ferramenta para auxilio com tela azul da morte do fucking hell!!!!

acesse para download http://www.nirsoft.net/utils/blue_screen_view.html

Description

BlueScreenView scans all your minidump files created during ‘blue screen of death’ crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version).
For each crash displayed in the upper pane, you can view the details of the device drivers loaded during the crash in the lower pane. BlueScreenView also mark the drivers that their addresses found in the crash stack, so you can easily locate the suspected drivers that possibly caused the crash.

VirtualCenter Server service cannot be started

No connection could be made because the target machine actively refused it x.x.x.x:443

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003926

Hoje um amigo nos avisou que o vcenter não estava conseguindo se conectar.  No nosso caso era a base do sql estava full!

Troubleshooting the VMware VirtualCenter Server service when it does not start or fails

Symptoms

• You cannot connect to VirtualCenter
• If you try to connect to VirtualCenter, you see the error:

  Cannot connect to host <server>: No connection could be made because the target machine actively refused it.

• If you try to start the VMware VirtualCenter Server service, you may see the errors:
• • Could not start the VMware VirtualCenter Server service on Local Computer.  Error 1067: The process terminated unexpectedly.
  • Could not start the VMware VirtualCenter Server service on Local Computer.  Error 1069: The service did not start due to a logon failure.
  • The VMware VirtualCenter Server Service on Local Computer started then stopped.  Some services stop automatically if they have no work to do, for example the Performance Logs and Alerts service.

Purpose

This article guides you through the process of troubleshooting VirtualCenter when it does not start. The article helps you eliminate common causes for your problem by verifying the configuration of your database, validating network connectivity, and verifying the configuration of the VirtualCenter Server service.

Resolution

Please validate that each troubleshooting step below is true for your environment. Each step provides instructions or a link to a document that helps eliminate possible causes and take corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.

To troubleshoot the VMware VirtualCenter Server service when it does not start or fails:

Note: If you perform a corrective action in any of the following steps, attempt to restart the VMware VirtualCenter Server service.

1. Verify that the VMware VirtualCenter Server service cannot be restarted.

   Open the Microsoft Services control panel and check the status of the service. For more information on starting the VirtualCenter service if it has stopped, see Stopping, starting or restarting vCenter services (1003895).

2. Verify that the configuration of the ODBC Data Source (DSN) used for connection to the database for VirtualCenter is correct. For more information, see Troubleshooting the database data source used by vCenter Server (1003928).

   Note: Ensure that you are using SQL authentication if you are using a Microsoft SQL server. Windows NT authentication is not supported.
   

3. Verify that ports 902, 80, and 443 are not being used by any other application. If another application, such as Microsoft Internet Information Server (IIS), is utilizing any of the ports, VirtualCenter cannot start. For more information, see Port already in use when installing VirtualCenter (4824652).

   If you see an error similar to the following when reviewing the logs, another application may be using the ports:

4. • Failed to create http proxy: Resource is already in use: Listen socket: :<port>

     Or
     

   • proxy failed on port <port>: Only one usage of each socket address (protocol/network address/port) is normally permitted.

     For more information on checking ports, see Determining if a port is in use (1003971).
     

5. Verify the health of the database server that is being used for VirtualCenter. If the hard drives are out of space, the database transaction logs are full, or if the database is heavily fragmented, VirtualCenter may not start. For more information, see Investigating the health of a VirtualCenter database server (1003979).
   
6. Verify that the Microsoft Active Directory domain is not accessible. If the domain is not available and you have permissions assigned to users in the domain, VirtualCenter may fail or refuse to start completely. For more information, see Investigating Active Directory when it causes the VirtualCenter server to stop or fail to start (1003996).
   
   Note:  If you are using Active Directory, ensure that the VMware VirtualCenter Server service is running as the local system account and not a domain account.
7. Verify the VMware VirtualCenter Service is running with the proper credentials. For more information, see VirtualCenter Server service cannot be started after installation (1004280).
   
8. Verify that critical folders exist on the VirtualCenter Server host. For more information, see Missing folders prevent VirtualCenter Server service from starting (1005882).

Note: If your problem still exists after trying the steps in this article, please:

• Gather the VMware Support Script Data. For more information, see Collecting diagnostic information for VMware products (1008524).
• File a support request with VMware Support and note this KB Article ID in the problem description. For more information, see How to Submit a Support Request .

Additional Information

Reviewing the vpxd log files is another common method of diagnosing the VirtualCenter Server when it does not start. By reviewing the log files, you can quickly determine the cause of the problem based on the error message reported.

For VirtualCenter 2.5.x the log files are stored in the following directory by default:

c:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs

For VirtualCenter 2.0.x the log files are stored in the following directory by default:

c:\Windows\Temp\vpx

To review the logs, open the most recent log in an editor such as Notepad, and navigate to the bottom of the file. The file contains any errors that occurs during the startup of the VirtualCenter Server service.

Habilitar (enable) Allow previously unused ActiveX controls to run without prompt via GPO

Pois é precisei habilitar esta opção via GPO em alguns servidores citrix e o que descobri?

Descobri que não consegui encontrar esta opção nas configurações de IE na GPO de usuário! Nem usando o .adm mais novo para IE 7!

então tive que apelar pro registro do windão! criei a seguinte chave:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\{Zone} -> Zone pode ser 0, 1, 2,3 e 4

Nome: 1208

Tipo: REG_DWORD

Dados: 0×0 (unchecked in the UI – Default) 0×1 (enabled – checked in the UI)

Só criar o arquivo REG e importar usando um script.

Eu como no nosso dominio usuário não tem permissão para executar alterações no registro, usei a dica do meu amigo latino!

regedit.exe /s \\caminho do arquivo.reg,

tentei usar o reg add e o reg import mas dá erro devido a restrições.

Local no IE para habilitar:

Tools->Internet Options->Zones->{zone}->ActiveX controls and plug-ins->Allow previously unused ActiveX controls to run without prompt

Windows 2008 R2 and Windows 7 Freeze on VMware – Windows 2008 R2 and Windows 7 congelando/travando no VMware

VMware KB 1011709 Excerpt… To deselect the SVGA drivers installed with VMware Tools: When you install VMware Tools, select VMware Tools Custom Install and deselect the SVGA driver. Alternatively, remove the SVGA driver from the Device Manager after installing VMware Tools
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1011709

Top 10 Windows Server tips of 2009

Acesse! Exelente material de WINDÃO

http://searchwindowsserver.techtarget.com/generic/0,295582,sid68_gci1377170,00.html?track=NL-1112&ad=741425&asrc=EM_NLT_10460800&uid=6314508

01 Troubleshooting poor client logon performance
By Gary Olsen, Published 06.15.2009

02 Troubleshooting your toughest Windows server crashes
By Bruce Mackenzie-Low, Published 04.22.2009

03 10 things you don’t know about Windows 2008 R2
By Jonathan Hassell, Published 09.25.2009

04 Troubleshooting Windows print spooler crashes
By Bruce Mackenzie-Low, Published 05.26.2009

05 Simple techniques for finding Windows memory leaks
By Bruce Mackenzie-Low, Published 06.25.2009

06 How to find and remove lingering objects in AD
By Gary Olsen, Published 11.04.2009

07 Troubleshooting app crashes or hangs in Windows
By Bruce Mackenzie-Low, Published 10.02.2009

08 Scripting DC installations: A must for Server Core
By Greg Shields, Published 02.13.2009

09 Top 25 Windows PowerShell commands
By Jonathan Hassell, Published 09.01.2009

10 How Windows servers get hacked
By Kevin Beaver, Published 12.09.2009