Today I was deploying some IBM x3550 and x3650 servers with Altiris Deployment Server. IBM Delivers a toolkit for Altiris that contains amongst others jobs for configuring raid arrays.

To do this you need to create a raid policy file and deploy this. I created this policy file:

[Policy.RAID-1]

AppliesTo.1 = t:ServeRAID-8k-l,d:4

Array_Mode = CUSTOM
Array.A = 1,2
Array.B = 3,4

Logical_Mode = CUSTOM
Logical.1 = A:FILL:1
Logical.2 = B:FILL:1

As you can see the policy only applies to the type of array controller in my servers (t:ServeRAID-8k-l). This way we prevent applying the policy to other configurarions. I have a 4 disk configuration (d:4) and want to create to RAID 1 arrays (A & B). On each array one Logical drive with the maximum size (FILL parameter).

(more…)

I needed a script to logoff all running Terminal Server sessions in order to rollout an install package. As you might know there is a commandline tool to logoff a session, it’s called logoff.exe.

These are the commandline options:

LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V]

sessionname The name of the session.
sessionid The ID of the session.
/SERVER:servername Specifies the Terminal server containing the user
session to log off (default is current).
/V Displays information about the actions performed.

No option to logoff all sessions is there?

On a Terminal Server there is a special session called the Listener session, you can see it with TSAdmin in the sessions tab:

A Listener is associated with a protocol (Microsoft RDP by default) and is used to setup new sessions. If you logoff a Listener session it will logoff all session that were created through it. Great, just what we need!

So Logoff 65536 will do the trick? Let’s try:

So Logoff is smart enough to ask for confirmation, we can prevent this by using the following commandline:

Echo Y ! Logoff 65536

Justin Shepard converted my code to encrypt RPD passwords to VB.NET:

A new website (blog) was opened for the Jedi Apilib and Jedi Security Library. I invite you all to take a look!

You can find it here

Today I received an e-mail from Softpedia telling me that they have listed one of my commandline tools, LaunchRDP. I don’t know how they found or why they think that it should be listed, but it’s nice to see that they respect the author and informed me. If you want to rate it, here’s your chance!

Datarescue has release IDA 4.9 as freeware. IDA Pro is the de-facto standard for the analysis of hostile code, vulnerability research and reverse engineering in general. You can find IDA freeware here: http://www.datarescue.com/idabase/idadownfreeware.htm

I was contact by Danila Galimov a while ago because he was working with my JwaWinsta unit. Together we were able (and are still working on) uncovering more of the undocumented API’s in winsta.dll.

 We found several new classes for WinStationQueryInformationW that return lots of information:

• The user’s password (under special circumstances).
• The Windows Product ID (server and client’s).
• Client Info such as Timezone information.

We got the following API’s working:

• WinStationGetAllProcesses
• WinStationGetTermSrvCountersValue (“QWinsta /Counter”)
• WinStationFreeGAPMemory
• WinStationSendMessage
• WinStationCloseServer
• WinStationDisconnect
• WinStationReset
• WinStationShutdownSystem

Further testing is needed to determine if the functions work on different OS versions and produce the same results.

There were 2 ways (known to me) of extending Windows XP to offer mulitple concurrent Terminal Sessions. One with the RC1 version of XP SP2 and one that patches Winlogon and Termsrv.dll. The latter offers not only multiple sessions but also multiple sessions under the same account and sessions to the local machine.

Seems like the someone hacked Windows Vista Terminal server too by patching Termsrv.dll. Read more at source.

I was curious how many times my posts are viewed. So I installed this plugin which was made by Lester ‘GaMerZ’ Chan. If you use WordPress take a look at his other plugins, there are some good ones there!

If this is your first visit, take your time and look around. Here are some things you might be looking for:

• SasLibEx: a library that can simulate the Secure Attention Sequence (Ctrl-Alt-Del) but it can even unlock a workstation or session without entering or needing the user’s credentials (and many more things).
• Who locks my file?
• Patch 32 bit Windows to use the full 4 GB (and even more) memory
• Patch Terminal Server to allow more Concurrent Sessions: 2003, Windows XP X64, 2003 X64, 2008, Vista
• Some of my freeware tools such as LaunchRDP, RDP Password Encryption, Active Directory Excel Addin, RDP Clipboard Fix (well this list can go on and on, see also the Downloads section).

Do you like my work? Did my work help you?

• Leave a comment and tell me how it was usefull to you.
• If you want you can make a donation with the Paypal Donate Button in the right Sidebar.

Thank you!