Although this particular problem has been around for some time, I am surprised at how many times I am asked about the solution. Many programs use an HTML help system that requires Internet Explorer and ActiveX to run (CHM – Compiled HTML Help). After security updates 896358 and 890175, some HTML content outside of the “local machine” zone was disabled. This would affect many network based programs or programs that connect to an outside server for HELP files. When accessing the Help system, an error saying “Page Cannot Be Displayed” would show up. Luckily the fix is easy.

In Notepad, copy and paste the code you need and name it “htmlhelpfix.reg” Then double-click on the file and click “YES” when it asks if you want to enter it into the registry.

Enable Local Machine, Local Intranet and Trusted Site Zones to display ActiveX HTML Help. This is the most commonly referred to fix – this is probably the one you want. You can also download the zipped htmlhelpfix.reg file here.

Enable Local Machine Zones to display ActiveX HTML Help. This is the default entry, you can use it to reset.

Enable Local Machine and Local Intranet Zones to display ActiveX HTML Help.

Enable Local Machine, Local Intranet, Trusted Site and Internet Zones to display ActiveX HTML Help.

Enable Local Machine, Local Intranet, Trusted Site, Internet and Restricted Zones to display ActiveX HTML Help. NOT RECOMMENDED!

No Comments |  Print This Post

The Windows Recovery Console is required to fix many startup issues caused by malware, viruses, and corrupt system files. The Recovery Console can be booted from the Windows Setup disc, but many machines (including Netbooks) do not have CD drives or easy access to the Windows Setup disc.

Below are the instructions to install the Recovery Console on any Windows XP machine as a boot list option. You will no longer need physical access to the Windows Setup disc (except to install initially) when things go wrong.

• Insert the Windows XP setup disc.
• Click Start -> Run and type: “%windir%\i386\winnt32.exe /cmdcons“
• Click YES on the Windows Setup box to install the Recovery Console.

• Setup will attempt to connect to the Internet to update any setup files from the disc. Press ESC to interrupt the setup and use the files on the disc only.
• Once the Recovery Console is installed a confirmation box will pop up. Click OK.

Some Windows XP passwords will not be recognized by the Recovery Console. To remove the password requirement, modify the following registry key:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
• Set the DWORD SecurityLevel value to 1.

No Comments |  Print This Post

The PC-OFF.BAT virus loads a shutdown script when logging onto Windows XP. A few seconds after logging in, Windows will shutdown. This also affects safe mode. The countdown timer is set to only a few seconds, not allowing the user to enter “shutdown – a” in the run box. You may not even see the emergency shutdown dialog before you are automatically shutdown.

In order to remove the files, you’ll need the Windows XP CD. Other options include putting the hard drive into another computer, or using a LiveCD (BartPE or Linux) to remove the files.

Remove the files from your hard drive using the Windows XP CD

1. Insert the Windows XP disc into the CDROM. You may need to adjust your BIOS settings to boot the CDROM first.
2. When the “Welcome to Setup” screen appears, press “R.”
3. Select the installation you wish to access (there should be only one option for most systems).
4. Enter the administrator password when asked.
5. Once at the Recovery Prompt, press ENTER after typing the following command: chdir c:\windows
6. Press ENTER after typing the following command: del bar311.exe
7. Press ENTER after typing the following command: del password_viewer.exe
8. Press ENTER after typing the following command: del photo.zip.exe
9. Press ENTER after typing the following command: del pc-off.bat
10. Press ENTER after typing the following command: exit
11. Remove the Windows XP disc and restart your computer.

Once pc-off.bat is removed from the Windows directory, you’ll be able to logon to Windows without it shutting down immediately. There are still remnants left over in the registry though – best to clean those up.

1. Go to Start -> Run and type “regedit” and press ENTER.
2. Go to HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon and find the key: “Userinit=C:\WINDOWS\system32\userinit.exe,xxxxxx.exe” where xxxxxx.exe is bar311.exe, photo.zip.exe or password_viewer.exe.
3. Delete bar311.exe, photo.zip.exe or password_viewer.exe from the key, but be sure to leave userinit.exe! If you delete that, you will be unable to logon to Windows.
4. Go to HKEY_CURRENT_USER \software\microsoft\windows\currentversion\explorer\advanced and set the following key values: “Hidden=dword:00000001 (1)” “HideFileExt=Dword:00000000 (0)” “ShowSupperHidden=Dword:00000001 (1)”
5. Go to HKEY_CURRENT_USER \software\microsoft\Command Processor and find the key: “autorun=c:\windows\pc-off.bat” and remove “c:\windows\pc-off.bat”

No Comments |  Print This Post

February’s Patch Tuesday was eventful to say the least. Many have noticed that Patch #977165 (Security Bulletin MS10-015) causes a blue screen on some systems (Stop Error: PAGE_FAULT_IN_NONPAGED_AREA). While the initial outrage was directed at Microsoft for a shoddy patch, eventually it was found that the Alureon Rootkit was the cause of the blue screen after KB977165 was installed.

But don’t worry! – the makers of the Alureon Rootkit have actually updated it and patched the flaw! Hurray!

For everyone else there are two options:

1. Use a LiveCD to scan your hard drive for the rootkit and remove it. This will resolve the issue. Try Knoppix STD (http://www.knoppix-std.org/) or BartPE (http://www.nu2.nu/pebuilder/).
2. Remove MS10-015 (977165) from your system.

How to remove Security Bulletin MS10-015 (977165) from your system

1. Insert the Windows XP disc into the CDROM. You may need to adjust your BIOS settings to boot the CDROM first.
2. When the “Welcome to Setup” screen appears, press “R.”
3. Select the installation you wish to access (there should be only one option for most systems).
4. Enter the administrator password when asked.
5. Once at the Recovery Prompt, press ENTER after typing the following command: CHDIR $NtUninstallKB977165$\spuninst
6. Press ENTER after typing the following:  BATCH spuninst.txt
7. Press ENTER after typing the following:  systemroot
8. Press ENTER after typing the following:  exit
9. Remove the Windows XP CD and restart.

No Comments |  Print This Post

Backups are a necessary evil in System Administration, and although most of us dislike the process, it is by far the most critical element under the IT umbrella. I like to think of the whole process as a Recovery Plan instead of a backup plan, because in the end all I care about is that the data is recovered properly and quickly. One of the biggest pitfalls new System Administrators or System Administrators new to a particular company do, is that they do not test their own backups. Not being able to recover information from a system you designed or recommended is the quickest and surest way to get fired. 

 

1. Risk Assessment

Although this sounds simple, a true risk assessment is rarely done and far out of the reach of the average business. Although hiring actuaries and combing through insurance statistics is ideal, this is far from what companies are willing to do for a data recovery plan. Many System Administrators find companies that have not experienced data loss are less willing to be thorough in their analysis and budgeting.

One of the first things in a recovery plan is to write down the possible external risks, some examples:

1. Fire
2. Flood
3. Earthquake
4. Tornado
5. Physical Break-in / Theft
6. Virtual Break-in (Cracker)

Ask your Insurance Company what some likely issues will be, they will be happy to tell you every possible disaster scenario.

Next, think of internal risks such as:

1. Viruses/Malware
2. Data Corruption
3. Hardware Failure (Electrical or Mechanical)
4. User Error (accidental deletion)
5. User Malice (non-accidental deletion)

To supplement risks, look through your company’s history for any previous data loss and the reasons for it. Enlist the help of your industry colleagues for any scenarios not on the list. You’ll be amazed at some of the “once-in-a-lifetime” stories you’ll hear – some may be applicable to you.

 

2. Impact Rating

An impact analysis on each scenario listed above should be created. This involves the hardware, software and data (all systems) that are affected and how. Does the impact involve a full or partial outage? If hardware is likely damaged, how quickly can it be replaced? Etc. Suppose there is a fire in a server room and the servers are damaged. You have the LTO tapes as backups, but no server, and no LTO drive to restore it with. How many days will it take to get an LTO drive and from where? During this phase of planning a vendor and consultant list should be compiled.

 

3. Risk Rating

This can be included in the budgetary section, or done beforehand. Combine the risk assessment items and impact ratings and sort them. This is important. You should implement a recovery plan that encompasses as many items as possible. By sorting, it makes the budgetary step easier when you need to cut coverage because of costs. 

 

4. Methods

There are many methods to ensure data continuity in certain scenarios, but be careful as there is rarely a one-size-fits-all approach to backups.

Mirroring: Is designed to mitigate single-point hardware failures. If your database server fails, having a mirrored server will ensure your data is available. Mirroring at another location may also solve router, switch and connection issues for external clients. Mirroring does not protect against corruption, viruses, user error or malice. On-site mirroring does not protect against theft, fire, flood, etc.

Removable Backup Media: Backups to media protect against issues such as corruption, viruses, user error or malice. If you leave these items on-site they will not protect against theft, fire and flood. If they are taken off-site, it will take longer to retrieve your data in case of loss. With backup tapes, hard drives and cds, the backup data itself is typically a day or older. If this method of backing up is your only method, be sure your business can survive with older data. Be sure to have multiple days of backups, or a weekly backup with incremental backups per day. Often times users will not report data loss until days after the event, by which time relevant backups have already been overwritten with newer, useless backups.

Non-removable Backup Media: Items such as NAS (Network Attached Storage), DAS (Direct Attached Storage) or SAN (Storage Area Network) can be used to backup servers, virtual machines and data. The issue with these is that they are not removable. This will not protect against theft, fire, flood, etc.

Be careful of proprietary systems used to backup your data. Be sure to audit your recovery scenario regularly to ensure your backups can be recovered. Companies go out of business, and items are discontinued. Do you have any backups on jazz drives? How difficult would it be to recover if you had to find a new jazz drive? Don’t know what a jazz drive is? Exactly!

 

5. Budgetary Concerns

With your sorted list in hand, you can now plan for the items you need to mitigate any disasters. Protecting against many scenarios may prove to be prohibitive in cost. If you do not make the budgetary decisions, be sure that your list is as comprehensive as possible. It is up to IT to determine the impact of all scenarios, and it is up to the budgetary members to determine how much they want to spend. If they say no, you have at least outlined all the possibilities.

In your cost analysis, include replacement or redundancy items such as:

1. Backup Storage (Tapes & Tape Drives, Hard Drives, CDs)
2. Backup Servers, NAS, SAN, DAS
3. Mirrored Servers
4. Redundant Connections (Internet and Cabling)
5. Backup Routers, Switches, etc

Part of your impact analysis should include what is damaged or lost. If you have the tapes, but no tape drive, you will need to replace it in order to retrieve the data. Make sure you have the ability to read your backups when you need. If it takes 3 days to ship a new tape drive, but the cost is minimal, consider having a backup tape drive in stock.

While they are numbers out there for determining how much to spend on a backup and recovery system, you should make your decisions based on the impact and risk. If your data is your business’ main asset, you should spend a larger chunk of your budget to protect it. If time is critical in retrieving your data, the solution may include keeping extra hard drives, servers, router and switches in stock. If time is not an issue and an outage can be handled for days, you can order items at the time of recovery.

Determining budget can be a mix of preventative costs and the cost of downtime to the business (lost sales, lost productivity). Ideally disaster scenarios should have a cost to the business attached to them. If a server failure results in $0 productivity for the day, the overall impact can be many thousands of dollars per day – that fact alone may convince management to have a redundant server available.

 

6. Deployment and Testing

Don’t forget this step! Backups are useless unless they can be recovered. Take a weekend to simulate a likely recovery scenario. You may be surprised at all the “gotchas” when recovering data. Common stumbling blocks include not backing up database logs that are critical to recovery (ex. Exchange Server), or recovering to dissimilar hardware (Ex. RAID5 on a different controller).

No Comments |  Print This Post