Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Uncategorized’ Category

Configuring IBM Raid controller with Altiris

Today I was deploying some IBM x3550 and x3650 servers with Altiris Deployment Server. IBM Delivers a toolkit for Altiris that contains amongst others jobs for configuring raid arrays.

To do this you need to create a raid policy file and deploy this. I created this policy file:


AppliesTo.1 = t:ServeRAID-8k-l,d:4

Array_Mode = CUSTOM
Array.A = 1,2
Array.B = 3,4

Logical_Mode = CUSTOM
Logical.1 = A:FILL:1
Logical.2 = B:FILL:1

As you can see the policy only applies to the type of array controller in my servers (t:ServeRAID-8k-l). This way we prevent applying the policy to other configurarions. I have a 4 disk configuration (d:4) and want to create to RAID 1 arrays (A & B). On each array one Logical drive with the maximum size (FILL parameter).


I needed a script to logoff all running Terminal Server sessions in order to rollout an install package. As you might know there is a commandline tool to logoff a session, it’s called logoff.exe.

These are the commandline options:

LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V]

sessionname The name of the session.
sessionid The ID of the session.
/SERVER:servername Specifies the Terminal server containing the user
session to log off (default is current).
/V Displays information about the actions performed.

No option to logoff all sessions is there?

On a Terminal Server there is a special session called the Listener session, you can see it with TSAdmin in the sessions tab:Listener

A Listener is associated with a protocol (Microsoft RDP by default) and is used to setup new sessions. If you logoff a Listener session it will logoff all session that were created through it. Great, just what we need!

So Logoff 65536 will do the trick? Let’s try:


So Logoff is smart enough to ask for confirmation, we can prevent this by using the following commandline:

Echo Y ! Logoff 65536

Encrypting RDP Passwords in VB.NET

Justin Shepard converted my code to encrypt RPD passwords to VB.NET:

A new website (blog) was opened for the Jedi Apilib and Jedi Security Library. I invite you all to take a look!

You can find it here


Today I received an e-mail from Softpedia telling me that they have listed one of my commandline tools, LaunchRDP. I don’t know how they found or why they think that it should be listed, but it’s nice to see that they respect the author and informed me. If you want to rate it, here’s your chance!

IDA 4.9 released as freeware

Datarescue has release IDA 4.9 as freeware. IDA Pro is the de-facto standard for the analysis of hostile code, vulnerability research and reverse engineering in general. You can find IDA freeware here:

  • 1 Comment
  • Filed under: Uncategorized
  • I was contact by Danila Galimov a while ago because he was working with my JwaWinsta unit. Together we were able (and are still working on) uncovering more of the undocumented API’s in winsta.dll.

     We found several new classes for WinStationQueryInformationW that return lots of information:

    • The user’s password (under special circumstances).
    • The Windows Product ID (server and client’s).
    • Client Info such as Timezone information.

    We got the following API’s working:

    • WinStationGetAllProcesses
    • WinStationGetTermSrvCountersValue (“QWinsta /Counter”)
    • WinStationFreeGAPMemory
    • WinStationSendMessage
    • WinStationCloseServer
    • WinStationDisconnect
    • WinStationReset
    • WinStationShutdownSystem

    Further testing is needed to determine if the functions work on different OS versions and produce the same results.

    Multiple Terminal Sessions in Windows Vista

    There were 2 ways (known to me) of extending Windows XP to offer mulitple concurrent Terminal Sessions. One with the RC1 version of XP SP2 and one that patches Winlogon and Termsrv.dll. The latter offers not only multiple sessions but also multiple sessions under the same account and sessions to the local machine.

    Seems like the someone hacked Windows Vista Terminal server too by patching Termsrv.dll. Read more at source.

    Post Views

    I was curious how many times my posts are viewed. So I installed this plugin which was made by Lester ‘GaMerZ’ Chan. If you use WordPress take a look at his other plugins, there are some good ones there!

    Dear Visitor

    If this is your first visit, take your time and look around. Here are some things you might be looking for:

    Do you like my work? Did my work help you?

    • Leave a comment and tell me how it was usefull to you.
    • If you want you can make a donation with the Paypal Donate Button in the right Sidebar.

    Thank you!

  • Comments Off on Dear Visitor
  • Filed under: Uncategorized
  • Blogroll