Wednesday, 30 November 2011

port numbers

0 comments

  Side ASide B   Side ASide B
1.IMAPInteractive Mail Access Protocol, Version... 10.SNMPSimple Network Management ProtocolPort 161TCP,...
2.SFTPSimple File Transfer ProtocolPort 115TCP 11.POP3Post Office Protocol 3Port 110TCP
3.TFTPTrivial File Transfer ProtocolPort 69UDP 12.HTTPHyperText Transfer ProtocolPort 80TCP
4.BOOTP ClientBootstrap Protocol ClientPort 68UDP 13.BOOTP ServerBootstrap Protocol ServerPort 67UDP
5.GraphicsPort 41TCP, UDP 14.DNSDomain Name SystemPort 53TCP, UDP
6.SMTPSimple Mail Transfer ProtocolPort 25TCP 15.RIPRouting Information ProtocolPort 520UDP
7.Telnet ProtocolUsed for remote accessPort 23TCP 16.FTP ServerFile Transfer ProtocolPort 21TCP
8.FTP ClientFile Transfer ProtocolPort 20TCP 17.RTSPReal Time Streaming ProtocolPort 554TCP,...
9.DHCP ClientDynamic Host Configuration Protocol ClientPort... 18.DHCP HostDynamic Host Configuration Protocol Jost Port...

Tuesday, 29 November 2011

What is IP Spoofing?

0 comments


IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value. Internet is a packet switched network, which causes the packets leaving one machine may be arriving at the destination machine in different order. The receiving machine resembles the message based on the order value embedded in the IP header. IP spoofing involves solving the algorithm that is used to select the order sent values, and to modify them correctly.

Monday, 28 November 2011

The Support Tools

0 comments


Support Tools are the tools that are used for performing the complicated tasks easily. These can also be the third party tools. Some of the Support tools include DebugViewer, DependencyViewer, RegistryMonitor, etc. -edit by Casquehead I beleive this question is reffering to the Windows Server 2003 Support Tools, which are included with Microsoft Windows Server 2003 Service Pack 2. They are also available for download here:

http://www.microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-939B-A772EA2DF90&displaylang=en

You need them because you cannot properly manage an Active Directory network without them.
Here they are, it would do you well to familiarize yourself with all of them.

Acldiag.exe
Adsiedit.msc
Bitsadmin.exe
Dcdiag.exe
Dfsutil.exe
Dnslint.exe
Dsacls.exe
Iadstools.dll
Ktpass.exe
Ldp.exe
Netdiag.exe
Netdom.exe
Ntfrsutl.exe
Portqry.exe
Repadmin.exe
Replmon.exe
Setspn.exe

Sunday, 27 November 2011

The Global Catalog

0 comments


The global catalog contains a complete replica of all objects in Active Directory for its Host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object.

The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.

Saturday, 26 November 2011

What is Subnet Mask?

0 comments


An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>). It is called a subnet mask because it is used to identify network address of an IP address by perfoming bitwise AND operation on the netmask.
A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host.
Examples of commonly used netmasks for classed networks are 8-bits (Class A), 16-bits (Class B) and 24-bits (Class C), and classless networks are as follows:
ClassAddress# of HostsNetmask (Binary)Netmask (Decimal)
CIDR/4240,435,45611110000 00000000 00000000 00000000240.0.0.0
CIDR/5134,217,72811111000 00000000 00000000 00000000248.0.0.0
CIDR/667,108,86411111100 00000000 00000000 00000000252.0.0.0
CIDR/733,554,43211111110 00000000 00000000 00000000254.0.0.0
A/816,777,21611111111 00000000 00000000 00000000255.0.0.0
CIDR/98,388,60811111111 10000000 00000000 00000000255.128.0.0
CIDR/104,194,30411111111 11000000 00000000 00000000255.192.0.0
CIDR/112,097,15211111111 11100000 00000000 00000000255.224.0.0
CIDR/121,048,57611111111 11110000 00000000 00000000255.240.0.0
CIDR/13524,28811111111 11111000 00000000 00000000255.248.0.0
CIDR/14262,14411111111 11111100 00000000 00000000255.252.0.0
CIDR/15131,07211111111 11111110 00000000 00000000255.254.0.0
B/1665,53411111111 11111111 00000000 00000000255.255.0.0
CIDR/1732,76811111111 11111111 10000000 00000000255.255.128.0
CIDR/1816,38411111111 11111111 11000000 00000000255.255.192.0
CIDR/198,19211111111 11111111 11100000 00000000255.255.224.0
CIDR/204,09611111111 11111111 11110000 00000000255.255.240.0
CIDR/212,04811111111 11111111 11111000 00000000255.255.248.0
CIDR/221,02411111111 11111111 11111100 00000000255.255.252.0
CIDR/2351211111111 11111111 11111110 00000000255.255.254.0
C/2425611111111 11111111 11111111 00000000255.255.255.0
CIDR/2512811111111 11111111 11111111 10000000255.255.255.128
CIDR/266411111111 11111111 11111111 11000000255.255.255.192
CIDR/273211111111 11111111 11111111 11100000255.255.255.224
CIDR/281611111111 11111111 11111111 11110000255.255.255.240
CIDR/29811111111 11111111 11111111 11111000255.255.255.248
CIDR/30411111111 11111111 11111111 11111100255.255.255.252


Subnetting an IP network is to separate a big network into smaller multiple networks for reorganization and security purposes. All nodes (hosts) in a subnetwork see all packets transmitted by any node in a network. Performance of a network is adversely affected under heavy traffic load due to collisions and retransmissions.
Applying a subnet mask to an IP address separates network address from host address. The network bits are represented by the 1's in the mask, and the host bits are represented by 0's. Performing a bitwise logical AND operation on the IP address with the subnet mask produces the network address. For example, applying the Class C subnet mask to our IP address 216.3.128.12 produces the following network address:
IP:   1101 1000 . 0000 0011 . 1000 0000 . 0000 1100  (216.003.128.012)
Mask: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000  (255.255.255.000)
      ---------------------------------------------
      1101 1000 . 0000 0011 . 1000 0000 . 0000 0000  (216.003.128.000)


Subnetting Network 
Here is another scenario where subnetting is needed. Pretend that a web host with a Class C network needs to divide the network so that parts of the network can be leased to its customers. Let's assume that a host has a network address of 216.3.128.0 (as shown in the example above). Let's say that we're going to divide the network into 2 and dedicate the first half to itself, and the other half to its customers.
216 .   3 . 128 . (0000 0000)  (1st half assigned to the web host)
   216 .   3 . 128 . (1000 0000)  (2nd half assigned to the customers)
The web host will have the subnet mask of 216.3.128.128 (/25). Now, we'll further divide the 2nd half into eight block of 16 IP addresses.
216 .   3 . 128 . (1000 0000)  Customer 1 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1001 0000)  Customer 2 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1010 0000)  Customer 3 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1011 0000)  Customer 4 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1100 0000)  Customer 5 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1101 0000)  Customer 6 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1110 0000)  Customer 7 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1111 0000)  Customer 8 -- Gets 16 IPs (14 usable)
   -----------------------------
   255 . 255 . 255 . (1111 0000)  (Subnet mask of 255.255.255.240)


CIDR - Classless Inter Domain Routing 
Classless InterDomain Routing (CIDR) was invented to keep the Internet from running out of IP Addresses. The IPv4, a 32-bit, addresses have a limit of 4,294,967,296 (232) unique IP addresses. The classful address scheme (Class A, B and C) of allocating IP addresses in 8-bit increments can be very wasteful. With classful addressing scheme, a minimum number of IP addresses allocated to an organization is 256 (Class C). Giving 256 IP addresses to an organization only requiring 15 IP addresses is wasteful. Also, an organization requiring more than 256 IP addresses (let's say 1,000 IP addresses) is assigned a Class B, which allocates 65,536 IP addresses. Similarly, an organization requiring more than 65,636 (65,634 usable IPs) is assigned a Class A network, which allocates 16,777,216 (16.7 Million) IP addresses. This type of address allocation is very wasteful.
With CIDR, a network of IP addresses is allocated in 1-bit increments as opposed to 8-bits in classful network. The use of a CIDR notated address can easily represent classful addresses (Class A = /8, Class B = /16, and Class C = /24). The number next to the slash (i.e. /8) represents the number of bits assigned to the network address. The example shown above can be illustrated with CIDR as follows:
216.3.128.12, with subnet mask of 255.255.255.128 is written as
   216.3.128.12/25

   Similarly, the 8 customers with the block of 16 IP addresses can be
   written as:

   216.3.128.129/28, 216.3.128.130/28, and etc.
With an introduction of CIDR addressing scheme, IP addresses are more efficiently allocated to ISPs and customers; and hence there is less risk of IP addresses running out anytime soon. For detailed specification on CIDR, please review RFC 1519. With introduction of additional gaming, medical, applicance and telecom devices requiring static IP addresses in addition to more than 6.5 billion (July 2006 est.) world population, the IPv4 addresses with CIDR addressing scheme will eventually run out. To solve shortage of IPv4 addresses, the IPv6 (128-bit) address scheme was introduced in 1993.

SYSVOL folder

0 comments


- All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition.

- The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest.

This is a quote from microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder structure

Friday, 25 November 2011

Install, configure, and use Microsoft’s iSCSI initiator?

0 comments
(iSCSI) has taken the storage world by storm. No longer is shared storage a niche enjoyed by only large, wealthy corporations. Internet SCSI is leveling the playing field by making shared storage available at a reasonable cost to anyone. By leveraging the ubiquitous Ethernet networks prevalent in most organizations, IT staff training costs for iSCSI are very low and result in quick, seamless deployments.
Further, operating system vendors are making it easier than ever to get into the iSCSI game by making iSCSI initiator software freely available. iSCSI networks require three components:
An iSCSI target — A target is the actual storage array or volume, depending on how you have things configured.
An iSCSI initiator — An iSCSI initiator is the software component residing on a server or other computer that is installed and configured to connect to an iSCSI target. By using an iSCSI initiator, target-based volumes can be mounted on a server as if they were local volumes and are managed as such.
A gigabit Ethernet network infrastructure — iSCSI requires an IP-based Ethernet network for its transport between systems with initiators (servers) and targets (storage arrays).

Folders are related to AD

0 comments


AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure

ntds.dit

edb.log

res1.log

res2.log

edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t present, AD will use the edb.log file to update the AD database.

Thursday, 24 November 2011

Active Directory to other 3rd-party Directory Services?

0 comments


-Yes you can connect other vendors Directory Services with Microsoft’s version.

-Yes, you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell or NDS (Novel directory System).

-Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )

Active Directory to other 3rd-party Directory Services?

0 comments


-Yes you can connect other vendors Directory Services with Microsoft’s version.

-Yes, you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell or NDS (Novel directory System).

-Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )

Wednesday, 23 November 2011

iSCSI initiator configuration in RedHat Enterprise Linux 5

0 comments
[root@rhel5 ~]# rpm -ivh /tmp/iscsi-initiator-utils-6.2.0.871-0.16.el5.x86_64.rpm Preparing… ########################################### [100%] 1:iscsi-initiator-utils ########################################### [100%] [root@rhel5 ~]# [root@rhel5 ~]#rpm -qa | grep iscsi iscsi-initiator-utils-6.2.0.871-0.16.el5 [root@rhel5 ~]# rpm -qi iscsi-initiator-utils-6.2.0.871-0.16.el5 Name : iscsi-initiator-utils Relocations: (not relocatable) Version : 6.2.0.871 Vendor: Red Hat, Inc. Release : 0.16.el5 Build Date: Tue 09 Mar 2010 09:16:29 PM CET Install Date: Wed 16 Feb 2011 11:34:03 AM CET Build Host: x86-005.build.bos.redhat.com Group : System Environment/Daemons Source RPM: iscsi-initiator-utils-6.2.0.871-0.16.el5.src.rpm Size : 1960412 License: GPL Signature : DSA/SHA1, Wed 10 Mar 2010 04:26:37 PM CET, Key ID 5326810137017186 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.open-iscsi.org Summary : iSCSI daemon and utility programs Description : The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks
[root@rhel5 ~]# chkconfig iscsi on
[root@rhel5 ~]# chkconfig iscsid on
[root@rhel5 ~]#
[root@rhel5 ~]# chkconfig –list | grep iscsi iscsi 0:off 1:off 2:on 3:on 4:on 5:on 6:off iscsid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@rhel5 ~]# service iscsi start iscsid is stopped Starting iSCSI daemon: [ OK ] [ OK ] Setting up iSCSI targets: iscsiadm: No records found! [ OK ]
[root@rhel5 ~]# [root@rhel5 ~]# service iscsi status iscsid (pid 14170) is running…
[root@cl-node1 ~]# cat /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.redhat:2551bf29b48
[root@rhel5 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.126.60 192.168.126.60:3260,1 iqn.2003-10.com.lefthandnetworks:mlab:62:lv-rhel01
[root@rhel5 ~]# service iscsi restart Stopping iSCSI daemon: iscsid dead but pid file exists [ OK ] Starting iSCSI daemon: [ OK ] [ OK ] Setting up iSCSI targets: Logging in to [iface: default, target: iqn.2003-10.com.lefthandnetworks:mlab:62:lv-rhel01, portal: 192.168.126.60,3260] Login to [iface: default, target: iqn.2003-10.com.lefthandnetworks:mlab:62:lv-rhel01, portal: 192.168.126.60,3260]: successful [ OK ]
[root@rhel5 ~]# lsscsi [0:0:0:0] disk VMware, VMware Virtual S 1.0 /dev/sda [2:0:0:0] disk LEFTHAND iSCSIDisk 9000 /dev/sdb [root@rhel5 ~]# [root@rhel5 ~]# fdisk -l /dev/sdb Disk /dev/sdb: 156.7 GB, 156766306304 bytes 255 heads, 63 sectors/track, 19059 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk /dev/sdb doesn’t contain a valid partition table

What is LDAP?

0 comments



The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying directory services running over TCP/IP. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.

Tuesday, 22 November 2011

Technical Interview Questions

0 comments

What is Active Directory?

An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.

An active directory (sometimes referred to as an AD) does a variety of functions including the ability to rovide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.

Active Directory is a hierarchical collection of network resources that can contain users, computers, printers, and other Active Directories. Active Directory Services (ADS) allow administrators to handle and maintain all network resources from a single location . Active Directory stores information and settings in a central database

Monday, 21 November 2011

How to Mount an ISO

0 comments


An ISO file is an image that contains all the data files and file system metadata (i.e. boot code, structures, and attributes) of a CD/DVD. In order to mount an ISO image, a disk image emulator that will allow the content of a CD/DVD to be read from an ISO image via a virtual drive is needed. Depending on the Operating System being used, the user can open built-in disk image emulators or download and install free software from the Internet.
How to Mount an ISO Image under Microsoft Windows

Windows OS users can download and install free disk image mounting programs like Daemon Tools Lite, the non-commercial version of Daemon Tools Pro Standard. It has a graphical user interface (GUI) and command-line interface. It can support up to 4 virtual SCSI CD/DVD devices and can bypass copy protection schemes like SafeDisc and SecuROM.



To mount an ISO image using Daemon Tools, take the steps listed below:
After installation, right click the Daemon Tools icon (lightning bolt) located in the system tray.
Point the mouse to the Virtual CD/DVD-ROM menu. The Set number of devices sub-menu will appear. Choose the number of virtual drives wanted.
Right click the icon then point to the Virtual CD/DVD-ROM menu. A new sub-menu will appear. This is the virtual drive (Device 0: [Letter:] No media). Point the mouse to the virtual drive then click Mount Image.
Finally, choose the desired ISO image to be mounted (To unmount: click the Unmount all drives option under the Virtual CD/DVD-ROM menu).

Another free software that Alcohol Soft created is Alcohol 120%. It can support Media Descriptor Image (.mds/.mdf) disc image formats aside from the usual disk image files like .iso, .ccd, .img, .sub, etc. It bypasses the same protection schemes as Daemon Tools with the addition of Data Position Measurement (DPM), which protects CDs against duplication by detecting small differences in the positions of the data in the disk.

To use Alcohol 120% to mount an ISO image, take the steps listed below:
Right click the icon that appears in the system tray after installation. A list of available virtual drives will appear under Easy Mounting Menu.
Select the desired drive, choose the ISO image to be mounted, then open it.

Other free programs that can be downloaded and used to mount disk images are WinZip 12 Pro (Free Trial), WinRAR (convert .iso to .rar and vice versa), WinISO, and ISOBuster (for CD/DVD data recovery).
How to Mount an ISO Image under Linux

For Linux OS users, the “mount” command line utility instructs the Operating System that a file system is ready to be used. Linux, in turn, associates the file with a particular point in the file system hierarchy (i.e. mount point).

To mount an image directly from a Linux OS, take the steps listed below:

Log in or use the “[$su -]” command to switch to root user.
Use “[# mkdir -p /mnt/disk]” command to create a mount point.
Mount the image using the command “[# mount -o loop imagefile.iso

/mnt/disk]“.
Change directory to list it using “[# cd /mnt/disk] and [# ls -l]“.

There are also free Linux compatible software made for disk image mounting tasks like Acetone ISO, which allows users to mount and manage image files.
It supports ISO, MDF, NRG, BIN, and DAA disk image formats.

How to Mount an ISO Image under MacOS

Mac OS users can accessthe Disk Utility program from the Mac OS X command line with the “diskutil” and “hdiutil” commands.
Dis Utility can create, convert, compress, encrypt, and mount CD images like .dmg and .cdr. Another built in disk image emulation program for Mac OS X is the DiskImage Mounter, which is found in /System/Library/CoreServices.

Sunday, 20 November 2011

PXE Boot

0 comments


PXE Boot (Pre-eXecution Environment) is a protocol that boots computers without using a hard drive or an operating system. It is often used in industrial computers that do not require a graphical user interface, but require other applications to be run. PXE Boot is run over a network of computers and may or may not include Internet access. It is almost exclusively used in systems that are connected to a central server and uses subsequent computers to run virtual operating systems or DOS-like APIs.

How PXE Boot Works

PXE Boot requires that the computer it is installed on to boot from a network before any other operating systems or hard drives. If a local hard drive is connected to the computer, PXE Boot will be able to access it, but will also run if the hard drive is corrupted or nonexistent. PXE Boot receives all of its commands directly from the network server that it is connected to, with the network server handling all storage and user accessibility. The network server sends the name of the application that PXE Boot should run on the client computer so that PXE Boot can download the program from the server and execute it.

Applications


PXE Boot is often used in industrial and commercial computer systems that involve the use of a central server and client computers that connect to it in order to carry out commands over a network. This allows system resources to be widely distributed as not everything is run on one system. It also allows many different users to use a specific program on separate terminals without having access to administrative tools.

Advantages

PXE Boot can be run over a network and does not require local hard drives or an operating system. However, if a hard drive is attached to the client computer, PXE Boot will have access to it as long as the computer boots from the network first. Likewise, an operating system may be accessed through PXE Boot if the operating system exists on the client computer and the server commands PXE Boot to do so. PXE Boot can be deployed without Internet access if the client computer is connected to a central server through a LAN (Local Area Network).

Saturday, 19 November 2011

How to Use Recovery Console

0 comments


What is The Recovery Console?

The Recovery Console is a command-line prompt that is available in most versions of the Windows Operating System. It allows users to repair/replace broken, corrupted, or missing system files. These files are crucial to Windows' normal functionality and performance and the entire operating system can stop working if these files are damaged. In fact, Windows may not startup at all when these files are missing and requires the user to open the Recovery Console from the Installation CD or boot menu. The Recovery Console can be found in Windows XP, Windows 2000, and Windows Servers 2003. However, it has been replaced in Windows Vista and Windows 7 with an array of features known as System Recovery.

How To Install The Recovery Console
Users can take advantage of the Recovery Console by using the installation CD that came with the computer. If this disc is no longer available, the user can open the Recovery Console in the boot menu, but only if it has been previously installed on the computer. This can be done by inserting the installation CD into the CD-ROM or mounting a virtual disc using a Windows XP ISO file and a mounting software such as Daemon Tools. Click Start and open the Run application. Type in F:i386winnt32.exe /cmdcons, with "F:" being the CD Drive letter. The Recovery Console installation process will begin. When the Recovery Console installs itself, it will connect to the Internet to perform a Dynamic Update that will update all of its system files in order to provide the user with a reliable backup. The user can opt out of this update by pressing ESC, causing the Recovery Console to use the system files it already has. The installation process is complete and the user should restart his/her computer.

How To Use The Recovery Console

The Recovery Console can be used to repair and replace virtually any system file for the Windows Operating System. The user can find a full list of commands by typing "Help" into the command prompt. Some examples of Recovery Console commands are listed below:

Attrib Change file and directory attributes.
Batch Execute specified text file (batch) commands.
Bootcfg Configure boot file (boot.ini) settings.
ChDir (Cd) Change/display the current directory.
Chkdsk Check a disk for errors. Report capability.
Cls Clear the screen.
Copy Copy a file. Change file location or name.
Delete (Del) Delete files.
Dir Display a list of subdirectories and files.
Disable Disable a device driver or system service.
Diskpart Manage disk partitions.
Enable Enable device driver or system service.
Exit Exit Recovery Console and reboot.
Expand Extract files from a compressed file format.
Fixboot Write a new boot sector to a selected partition.
Fixmbr Repair the Master Boot Record (MBR).
Format Format a disk partition.
Help Display a list of Recovery Console commands.
Listsvc Display available drivers and system services.
Logon Log off and on to another Windows installation.
Map Display drive letter mapping.
Mkdir (Md) Create a directory.
More Display (scroll) a text file.
Net Use Connect drive letter to a network share.
Rename (Ren) Rename files.
Rmdir (Rd) Delete directory.
Systemroot Switch from current directory to system root directory.
Set Display/set environment variables.
Type Display a text file.

How To Remove The Recovery Console

The Recovery Console is a very helpful tool and is a good software to have installed on any computer. If the software causes problems, however, it is important to remove it from the computer or replace it with a fresh copy. In order to remove the Recovery Console, go to the Start Menu and open My Computer. In the hard drive that the Recovery Console was installed on, go to the Tools Menu, then Folder Options, and click View.
Click "Show hidden files and folders" and uncheck the box that says "Hide protected operating system files." Click Apply, OK, and go to the root folder.
Locate and delete the "Cmdcons" folder and the "Cmldr" file.
Locate and right-click the Boot.ini file, click Properties, and uncheck the Read-only checkbox.
The Recovery Console should now be removed from the computer.

Friday, 18 November 2011

usbehci.sys

0 comments


Usbehci.sys is a USB controller driver for Windows XP Service Pack 1. Usbehci.sys is a required file that manages USB ports and Plug-and-Play services. While Usbehci.sys should be included in any Windows Operating System installation, this file is often missing and may prevent the user from installing Windows XP properly. Usbehci.sys runs exclusively on the Windows Operating System and can be found in the Drivers subfolder of the primary hard drive’s System32 folder.



How Usbehci.sys Works

Usbehci.sys is the software component that allows the computer to run its USB ports and recognize USB-based devices that are connected to it. If Usbehci.sys is missing from the computer, the user may not be able to install the Windows Operating System properly, make repairs to it, or use the USB ports. If Usbehci.sys is not included in the Windows XP Service Pack 1 or Windows Operating System installation disc, the copy of either of these services is most likely corrupted or faulty.



Is Usbehci.sys Harmful?

Usbehci.sys is not a harmful program, but rather a critical component of the Windows Operating System. However, if the user downloads Usbehci.sys as a stand-alone file, it may be corrupted or infected with malicious software such as trojans, worms, or spyware. Users should be careful when downloading such files and should always scan the file with an anti-virus software immediately. Users should also note that Usbehci.sys is not a process and, therefore, should never be found running in the Task Manager’s Processes tab. If it is found there, the user should assume the file is a malicious program and remove it immediately with an anti-virus software such as Spyware Terminator, Advanced SystemCare, or Malwarebytes’ Antimalware.



How to Replace Usbehci.sys

If Usbehci.sys is missing from Windows XP Service Pack 1 or the Windows Operating System installation disc, the user can easily replace the file by downloading a copy of it from the computer manufacturer. The computer manufacturer will often have a Downloads section on its website. Usbehci.sys can be found in the Drivers or USB Drivers category. Once the user has obtained a copy of Usbehci.sys, he/she can place it in the Drivers subfolder of the primary hard drive’s System32 folder, which can be found at C:\Windows\System32\drivers. The user can then reinstall Windows XP Service Pack 1.

Thursday, 17 November 2011

csrss.exe

0 comments


Csrss.exe (Client/Server Runtime Subsystem) is a critical Windows Operating System process that manages console windows such as command line interface tools, command line interpreters, and text editors that do not need to display images. Csrss.exe runs in the Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows Server 2008, and Windows 7 operating systems and can be found in the primary hard drive’s C:\Windows\System32 folder.



How Csrss.exe Works

Csrss.exe works bridges the gap between kernel space and user space on the computer. Kernel space refers to an area of the hard drive that is dedicated to running the core system files and maintaining the programming that supports the Windows Operating System. User space refers to an area of the hard drive that is dedicated to applications, programs, tools, and other software on the computer, whether it is system-related or not. By translating information between these two hard drive sectors, Csrss.exe is able to help maintain the Windows Operating System.



Is Csrss.exe Harmful?

Csrss.exe is not harmful, but like any process, malicious software can corrupt or mimic it in order to hide from anti-virus software. If the user suspects that Csrss.exe is a corrupted or malicious file, he/she should run an anti-virus software such as Spyware Terminator, Advanced SystemCare, or Malwarebytes’ Antimalware. The user should also run a registry cleaner, such as CCleaner, in order to check the Windows Registry for errors and fix them. The user should not, however, attempt to remove the file.



How to Remove Csrss.exe

Csrss.exe is a critical Windows process and neither Windows Task Manager nor the popular third party software known as TaskKill can remove it. When the user attempts to remove it, he/she will receive this error message: “This is a critical system process. Task Manager cannot end this process.” However, Csrss.exe can be stopped from running in the Windows Vista Task Manager if it is running in Administrator mode, but doing so causes the Windows Operating System to stop running properly. If the user is experiencing problems with Csrss.exe, such as too much CPU usage, he/she should use the Windows Installation disc to repair the operating system, rather than remove Csrss.exe.