Mclairs Tech Corner

Win2k3 SBS w/o AD? Its possible!

2008-12-09T19:56:00.000-08:00

Installation of SBS requires you to complete the entire setup by installing services like Exchange, AD & etc. Failure to do so will result the server to shutdown after 60minutes after booting up the server.

To stop the server from shutting down, you will need to do the following:

Download: Process Explorer http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

As you probably know, you have a service called SBCore or "SBS Core Services", which executes the following process: C:\WINDOWS\system32\sbscrexe.exe

If you kill it, it just restarts – and if you try and stop it you are told Access Denied.

If you fire up Process Explorer, you can select the process and Suspend it, now we can start to disable the thing.

Run regedit and expand the nodes until you reach the following hive / key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBCore

Right click this, hit permissions and give the "Administrators" group on the local machine full access ( don't forget to replace permissions on child nodes ). F5 in regedit and you'll see all of the values and data under this key.

Select the "Start" DWORD and change it from 2 to 4 – this basically sets the service to the "Disabled" state as far as the MMC services snap-in (and windows for that matter) is concerned.

Next, adjust the permissions on the file C:\WINDOWS\system32\sbscrexe.exe so that EVERYONE account is denied any sort of access to this file.

Then go back to process explorer, and kill the sbscrexe.exe process, if it doesn't restart – congratulations!

Load up the services MMC snap-in and you should find that "SBS Core Services" is stopped and marked as Disabled.

autorun.inf safe or dangerous?

2008-11-21T20:37:00.001-08:00

Been thru sooo many cases that ppl have been infected with rootkits tat antivirus program unable to detect it.

In the past, autorun.inf makes our life simpler, upon inserting ur thumbdrive/cd/dvd, u will get a splash screen of installation blah blah blah.

Now? Not anymore, many ppl haf found out the exploit which they can modify the contents of autorun.inf to execute rootkits/malware w/o ur approval. Thanks to microsoft.

In order to curb out. Many ppl have come out different kinds of solutions. And here am i what can u do in order to stop rootkit infecting ur computer.

1) Create a folder called "autorun.inf" of coz w/o the quotes. Set folder as Read-Only.

OR

2) Create a .reg file(eg. disable-autorun.reg) and insert this. *Note: This will disable autorun functions:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Once u have save it as a .reg.. double click and add to your registry.

In-order to reverse the changes create another .reg file (eg. enable-autorun.reg):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

This will solve your most of the problems.

I will cover more on spyware/rootkits in the next chapter

Welcome to my troubleshooting/information corner.

2008-11-19T06:26:00.000-08:00

Decided to open this blog for quite some time.

This blog will consists on my experience in troubleshooting in IT hardware/software.

As long as i'm alive, i will try to keep this blog as updated as possible.