These are from Erica's notes and need to be verified:
Power on the client and be ready to press F12 when prompted.
Choose the Remote Installation
Client Installation Wizard appears press ENTER
Enter Username & Password (use the administrator password)
Choose PING 2.01
Keep hitting Enter until prompted for password (enter our default administrator password)
Choose Restoration
Spacebar
Enter
OK
Choose LABclient V3/4
Restore should begin.
When computer reboots in the setup wizard, enter the client name eg LAB5
Wednesday, 24 June 2009
Saturday, 14 February 2009
RHS ADSL Router
If the internet isn't working then you can either check the lights on the router or point your Internet Browser at 192.168.0.253.
When everything is OK with the ADSL the page should look like this:
This is an example of how it looks when it isn't working:
Note how the PPPoE is no longer green and without an IP address.
Thursday, 12 February 2009
RHS IP addresses
At Rehoboth High School the IP network is 192.168.0.xxx using a subnet mask of 255.255.255.0.
192.168.0.1 is the fixed address for Labserver, the domain controller and DNS server.
192.168.0.100 - 192.168.0.250 are used for DHCP addresses
192.168.0.210 - 192.168.0.220 are reserved for LAB1 -LAB20
192.168.0.252 is the fixed address for the Wireless access point in the staff room
192.168.0.253 is the fixed address for the ADSL router
192.168.0.254 is the fixed address for the Wireless access point in the computer room
192.168.0.1 is the fixed address for Labserver, the domain controller and DNS server.
192.168.0.100 - 192.168.0.250 are used for DHCP addresses
192.168.0.210 - 192.168.0.220 are reserved for LAB1 -LAB20
192.168.0.252 is the fixed address for the Wireless access point in the staff room
192.168.0.253 is the fixed address for the ADSL router
192.168.0.254 is the fixed address for the Wireless access point in the computer room
Basic Troubleshooting
So the client PC isn't working - what next?
- Is the power on? Don't forget that there might be a powerswitch on the PSU at the rear of the PC.
- Is the network cable plugged in? Is there a green light next to the network plug showing that the link is up?
- Do you have a valid IP address? Press the Windows key and R to get a Run box, type in cmd and click OK.
In the command window type ipconfig. Check that the IP address is valid for your network. (See RHS IP addresses)
- Check that the gateway is available with the ping command - in the example above you would type ping 192.168.0.253
- Check that the Internet is up - I would normally use either ping or tracert to see if a server like http://www.google.com/ is available.
Sunday, 25 January 2009
Viruses and the aftermath
I'd never seen so many viruses before... I wished I had a memory stick with a write protect switch as whenever I used it to transfer antivirus software etc I ran the risk of it being infected.
Up to date virus definitions are essential here more than anywhere. At the school we used NOD32 as the school had a license for the Enterprise version which like many Enterprise versions allows the download of the virus definitions to a central location from where the client computers can get their updates. Thus minimising the use of the limited bandwidth to the internet.
For personal computers AVG Free or Avast Home can be used. As the school I was at had a very slow dial up connection I tried to keep a reasonably up to date copy of the virus databases on my computer and updated it whenever I had a good internet connection. With AVG you can download the latest virus definitions from http://free.avg.com/download-update
With Avast the updates are at http://www.avast.com/eng/updates.html
One of the most common ways of infections is through USB disk drives and Autorun so we have turned off Autorun on all the client computers. The article "How to correct "disable Autorun registry key" enforcement in Windows"
(http://support.microsoft.com/kb/953252)
is the most recent article on Autorun that I could find and explains why when I first tried editing the registry keys/group policy it didn't work! Note you can't use group policies on XP/Vista Home editions.
On computers that are infected with a virus starting up in safe mode will give you the best chance to disinfect them.
Reenabling registry editing
Many viruses disable editing the registry to make it difficult to remove their payload. I use regtools.vbs from http://www.dougknox.com/security/scripts/regtools.vbs
Reenabling Find/Search
This script will reenable the Find/Search functions: http://www.dougknox.com/security/scripts/find.vbs
Reenabling Task Manager
One virus I came across disabled the Task Manager and also if you then reenabled it and did manage to start Task Manager would kill the Task Manager if you weren't quick enough to kill the virus - this is why it is recommended to start in Safe Mode where only the basic Windows functions are started.
The registry key is:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DisableTaskMgr
Set it to 0 to stop the disable ie enable Task Manager.
Note with Vista you will need to run the scripts above with administrative privilege.
Startup Errors
Many times I would come across a computer that would give error messages when starting up. These would indicate that a program wasn't able to start as files hadn't been found. Usually this was caused by an infected computer having startup entries that pointed to viruses that had previously been deleted by an antivirus program.
Here is a list of places that I discovered invalid startup programs, you need to check in both HKLM and HKCU
\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\Software\Microsoft\Windows\CurrentVersion\RunServices \Software\Microsoft\Windows\CurrentVersion\Run \Software\Microsoft\Windows\CurrentVersion\RunOnce \Software\Microsoft\Windows\CurrentVersion\RunOnceEx (XP)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This one is a favourite the userinit.exe should be there but you can add others in a comma separated list:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
Then of course there are the more obvious places:
Documents and Settings\All Users\Start Menu\Programs\Startup
Documents and Settings\"username"\Start Menu\Programs\Startup
(If you have upgraded from NT, then the path is Profiles\"username"\Start Menu\Programs\Startup
Spybot S&D will automatically clean up many of the registry problems detailed above ans is available at:
http://www.safer-networking.org/en/download/index.html
Up to date virus definitions are essential here more than anywhere. At the school we used NOD32 as the school had a license for the Enterprise version which like many Enterprise versions allows the download of the virus definitions to a central location from where the client computers can get their updates. Thus minimising the use of the limited bandwidth to the internet.
For personal computers AVG Free or Avast Home can be used. As the school I was at had a very slow dial up connection I tried to keep a reasonably up to date copy of the virus databases on my computer and updated it whenever I had a good internet connection. With AVG you can download the latest virus definitions from http://free.avg.com/download-update
With Avast the updates are at http://www.avast.com/eng/updates.html
One of the most common ways of infections is through USB disk drives and Autorun so we have turned off Autorun on all the client computers. The article "How to correct "disable Autorun registry key" enforcement in Windows"
(http://support.microsoft.com/kb/953252)
is the most recent article on Autorun that I could find and explains why when I first tried editing the registry keys/group policy it didn't work! Note you can't use group policies on XP/Vista Home editions.
On computers that are infected with a virus starting up in safe mode will give you the best chance to disinfect them.
Reenabling registry editing
Many viruses disable editing the registry to make it difficult to remove their payload. I use regtools.vbs from http://www.dougknox.com/security/scripts/regtools.vbs
Reenabling Find/Search
This script will reenable the Find/Search functions: http://www.dougknox.com/security/scripts/find.vbs
Reenabling Task Manager
One virus I came across disabled the Task Manager and also if you then reenabled it and did manage to start Task Manager would kill the Task Manager if you weren't quick enough to kill the virus - this is why it is recommended to start in Safe Mode where only the basic Windows functions are started.
The registry key is:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DisableTaskMgr
Set it to 0 to stop the disable ie enable Task Manager.
Note with Vista you will need to run the scripts above with administrative privilege.
Startup Errors
Many times I would come across a computer that would give error messages when starting up. These would indicate that a program wasn't able to start as files hadn't been found. Usually this was caused by an infected computer having startup entries that pointed to viruses that had previously been deleted by an antivirus program.
Here is a list of places that I discovered invalid startup programs, you need to check in both HKLM and HKCU
\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\Software\Microsoft\Windows\CurrentVersion\RunServices \Software\Microsoft\Windows\CurrentVersion\Run \Software\Microsoft\Windows\CurrentVersion\RunOnce \Software\Microsoft\Windows\CurrentVersion\RunOnceEx (XP)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This one is a favourite the userinit.exe should be there but you can add others in a comma separated list:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
Then of course there are the more obvious places:
Documents and Settings\All Users\Start Menu\Programs\Startup
Documents and Settings\"username"\Start Menu\Programs\Startup
(If you have upgraded from NT, then the path is Profiles\"username"\Start Menu\Programs\Startup
Spybot S&D will automatically clean up many of the registry problems detailed above ans is available at:
http://www.safer-networking.org/en/download/index.html
Windows Update Alternative
When I arrived I came equipped with XP Service Pack 3 thinking that I would be able to just download the most recent patches once I was here... then I discovered that I could at best get a download speed of 1.8K :-(
Now, I know I could have gone with the WSUS setup as the school does have a Windows 2003 Server but I was also doing work at NETS (Namibia Evangelical Theological Seminary) where they didn't have that luxury.
After a bit of research I found heise Security's Offline Update. I have been using this for a while and apart from one hiccup on an XP system back in the UK have found that it does exactly what it says on the can.
You can download the software (free of charge) from http://www.heise.de/ct/projekte/offlineupdate/download_uk.shtml
The first step is to unpack the zip file to a disk that has enough space to hold all the updates that you want to download (My folders which contain the updates for W2K3, XP, Vista, Office 2003, IE7 and .NET framework total just under 5GB without the iso files).
Browse down the resulting folders to the ctupdate4 folder and run UpdateGenerator.exe:
You can just about see I have selected Windows XP English, Windows Server 2003 English, Vista and the .NET framework. There are also options here for creating ISO images which can then be transferred on to CD/DVD's (depending on the size). There is also a Tab for Office Suites:
Once you click on start it is pretty automatic unless you are running it on Vista when it requires a couple of user interventions due to the User Account Control during the Office download. You will see a number of cmd windows looking something similar to this:
The first time you run this it will take hours especially if you include the Sevice Packs. When it completes you will see a confirmation:
Then depending on your situation you can either mount a network drive or burn the ISO images to CD/DVD and then run the UpdateInstaller from the client directory on the computer you want to update.
What you see will depend on what is installed on the client computer, select the extras you want to update and click Start, I haven't tried the Automatic Reboot so I don't know whether the warning is a common problem.All that remains to do now is to work out a way of making the clients on my school network run the Offline Update occasionally.
Subscribe to:
Posts (Atom)
