When The PC Support Group recently received a call about a non-booting computer we were able to trace it to an attempted installation of XP service pack 3. The user has a Dell Dimension 9200 with XP service pack 2. Service pack 3 had installed perfectly but upon rebooting to complete the installation they were greeted with the well-known blue-screen-of-death (or BSOD) with stop code 0x0000007E stating "there was an attempt to Execute non-executable memory". This also happened in safe mode. It did not happen in any live CDs so the approach we took was to uninstall the service pack.
So step 1. take an image backup using Acronis True Image to make sure that if the worst happens you still have a copy of all the data.
step 2. boot the computer using the original install CD and select the recovery console
step 3. Use the recovery console approach here to uninstall the service pack
Alternative step 2.
If you do not have the original install CD then you may be able to use an alternative install CD, but in this case the computer has a RAID setup that is not supported by the standard XP install CD. In this case the best option available for us was to boot from an Ultimate Boot CD for Windows (UBCD4Win). In order to use the RAID drivers you need to add the Mass Storage drivers from the Driver-pack plugin (this would be at step 7 in their how to http://www.ubcd4win.com/howto.htm).
This did work for us, but something worth noting is that Dell drivers are available from their public FTP site ftp.us.dell.com
Alternative step 3.
Once into the UBCD4Win environment then launch a command shell and type:
cd c:\Windows\$ntservicepackuninstall$\spuninst
ren spuninst.txt spuninst.bat
spuninst.bat
You should now be able to boot into Windows.
Wednesday 20 July 2011
Monday 18 July 2011
Kaseya script to silently uninstall Microsoft Security Essentials
Microsoft security essentials is a good anti-virus program for small businesses because it is a capable program and its End User License Agreement (EULA) allows its use for free where the business has less than 10 PCs. However, if you are a managed server provider like The PC Support Group then you may well be using software like Kaseya with its automated scripting engine for preventative maintenance routines and its 24/7 monitoring and alerting features. A new customer would typically take the Kaseya Endpoint Security (KES) thus allowing an integrated management service. So using Kaseya, how do you uninstall Microsoft Security Essentials prior to installing KES? With a script of course (this script was taken courtesy of SMason on the Kaseya Forums):
Script Name: Uninstall Security Essentials
Script Description:
IF True
THEN
Execute File - (Continue on Fail)
Parameter 1 : %PROGRAMFILES%\Microsoft Security Client\setup.exe
Parameter 2 : /x /s
Parameter 3 : 3
OS Type : 13
Execute File - (Continue on Fail)
Parameter 1 : %ProgramW6432%\Microsoft Security Client\setup.exe
Parameter 2 : /x /s
Parameter 3 : 3
OS Type : 13
Execute File - (Continue on Fail)
Parameter 1 : %PROGRAMFILES%\Microsoft Security Essentials\setup.exe
Parameter 2 : /x /s
Parameter 3 : 3
OS Type : 13
Execute File - (Continue on Fail)
Parameter 1 : %ProgramW6432%\\Microsoft Security Essentials\setup.exe
Parameter 2 : /x /s
Parameter 3 : 3
OS Type : 13
ELSE
Saturday 9 July 2011
Free Software Downloads for Microsoft Partners
At The PC Support Group, we subscribe to the Microsoft Action Pack (MAP) because this gives us use of a lot of the Microsoft products for a simple yearly subscription. To qualify you need to pass a short technical test to prove that you're a competent Microsoft reseller and then you pay your subscription. The MAP software although extensive is perhaps not all the software that you may need. Recently I needed to download Windows Home Server 2011 and found that only WHS 2008 was available through the MAP. Then I discovered that the software was available through a Technet subscription. Thankfully this is included now as part of the MAP benefits the tricky part is figuring out how to link the subscriptions.
Thanks to this Blog (http://msmvps.com/blogs/bradley/archive/2010/05/24/technet-plus-now-part-of-action-pack.aspx) I was able to access Technet fairly quickly.
It is worth noting the differences in the terms of use, the Technet software is available as trial editions, whereas the MAP software is available for internal use. It may nevertheless be just what you need, as it was for me on this occasion.
Thanks to this Blog (http://msmvps.com/blogs/bradley/archive/2010/05/24/technet-plus-now-part-of-action-pack.aspx) I was able to access Technet fairly quickly.
It is worth noting the differences in the terms of use, the Technet software is available as trial editions, whereas the MAP software is available for internal use. It may nevertheless be just what you need, as it was for me on this occasion.
Tuesday 5 July 2011
Forgotten your Windows Password?
If you have forgotten your Windows password, be it a simple login password or the local administrator password for a Windows Server then there are a few approaches you can take, listed in order or difficulty/time-taken:
1. Guess the password
2. Use an alternative administrative account to reset the password
3. Try to crack the password
4. Try to clear the password
5. Enable a hidden administrative account and then reset the password
1. Guess the password, or guess the password of another user with administrator privileges some common passwords can be found here http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
Of course try some themes which may mean something the person who owns the account.
2. In any version of Windows, if you have another account that is an administrator and you know the password then you can log-in with that account and use this method to reset any passwords. In Windows XP the administrator account is rarely used and often has a blank password. Access it by going in to safemode - press F8 just before the "Starting Windows" splash screen shows. Once you have logged on as administrator you can go to Start > Run: control userpasswords2
Select the user and then the "Reset Password" button.
3. Try to crack the password with Ophcrack http://ophcrack.sourceforge.net/. Password cracking will work in most cases for XP and a lot of cases for Vista. However, if you look through the tables page on the website you'll see that using this technique is virtual impossible for a password longer than 8 characters that includes upper and lower case letters, numbers and symbols.
Write the Ophcrack iso to a cd/dvd and reboot the computer from the CD.
If Ophcrack fails to run first time then it could be that it failed to mount the Windows partition. So you will need to figure out which partition it is. I did this with trial and error like so: (Open a terminal window)
a) mkdir /mnt/cdrive
b) mount /dev/sda1 /mnt/cdrive
c) ls /mnt/cdrive
In step c) you are looking out for a directory listing the same as your Windows C drive, the presence of a Windows directory is an obvious giveaway. If /dev/sda1 does not hold your C drive then try /dev/sda2, then try /dev/sda3. On older systems, i.e. with PATA (IDE) rather than SATA drives then you might find it is /dev/hda1 etc.
Once you have located and mounted your windows partition. Then you need to re-run the cracking utility:
d) /home/tux/launch.sh
If you get permission denied errors then you should run the command starting with sudo, e.g. sudo mount /dev/sda1 /mnt/cdrive
Check out the FAQ for more information http://sourceforge.net/apps/mediawiki/ophcrack/index.php?title=Frequently_Asked_Questions
4. Try to clear the password with chntpw
This method has worked for me on XP, 2003 and Vista installs and I have no reason to believe that it wouldn't work on Windows 7 or Server 2008. The caveat is that servers tend to have RAID disks and so you will need a Linux distro with RAID drivers, such as Ubuntu server.
a) mount the drive (see Method 3)
b) sudo apt-get install chntpw (at this step it failed, make sure you're connected to the Internet, in some cases you may need to first run sudo apt-get update)
c) cd /mnt/cdrive/Windows/System32/config
d) chntpw -u Administrator SAM
e) select option 1 to clear the password, choose "y" to write the hive file, then reboot.
In Vista, the built-in administrator account is disabled by default and perhaps it is someone else's account which you need to clear the password on so choose chntpw -u "Joe Bloggs" SAM.
The last time I tried this it failed to clear the password. So that's why I've written method 5.
5. Enable a disabled administrative account with chntpw then reset the password from that account. Note: if there is another administrator account in Windows which you do know the password for then you should use method 2.
You begin this one exactly the same as method 4 except at step e).
a) mount the drive (see Method 3)
b) sudo apt-get install chntpw
c) cd /mnt/cdrive/Windows/System32/config
d) chntpw -u Administrator SAM
e) select option 4 to unlock and enable, choose "y" to write the hive file, then reboot.
f) Log on to Windows using the Administrator account, then proceed as in Method 2.
g) Log-off Administrator and Log-on to the User who now has a new password.
h) Finally hide the Administrator account again start a command prompt, in Vista or 7 type cmd into the start menu then right-click on cmd.exe and choose "run as administrator"
i) type: net user administrator /active:no
Subscribe to:
Posts (Atom)