Open SQL Server Ports Via Script
So if you have installed MSSQL as late you will notice the server wants your Firewall disabled. Woot eh? Just think open databases for all.
I decided to look a little closer than just opening ports up to the world. Or just disabling my firewall all together.
Found I could just easily open up the SQL Server type ports so that those are the only ports open. Of course it still means that Open Databases for all but the rest of the traffic can be stopped. So make sure you lock down your databases and be ready for attack. woot!
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 "SQLServer"
@echo Enabling Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 "SQL Admin Connection"
@echo Enabling conventional SQL Server Service Broker port 4022
netsh firewall set portopening TCP 4022 "SQL Service Broker"
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh firewall set portopening TCP 135 "SQL Debugger/RPC"
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 "Analysis Services"
@echo Enabling SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 "SQL Browser"
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh firewall set portopening TCP 80 "HTTP"
@echo Enabling SSL port 443
netsh firewall set portopening TCP 443 "SSL"
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh firewall set portopening UDP 1434 "SQL Browser"
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE
Here run this to do all your work fast and easy.
How did I get these fake antivirus? How to keep from getting them.
Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:
Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java
Those are the top 3 applications being exploited right now. You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad. See the simple explanation below.
Here’s how Malvertising Works
- A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
- A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
- The ad goes live.
- At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
- Once an exploit is available the malicious ad injects malware into the clients PC.
- The anti-virus may or may not detect it, it’s really just luck. If the threat is old, then there’s a good chance it will. If it’s just a few minutes old then there’s a good chance it won’t.
- The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.
How can you stop these attacks?
- Keep your Adobe Reader and Flash Updated. This is not exactly an easy task since Adobe seems to find security holes every other week. Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!). Both programs do automatic update checking, however a lot of people just cancel the update. Bad idea.
- When Java alerts you that an update is available then yes…install it. Lot’s of my clients never install this update. It’s really important that you do.
- Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
- Browse the internet with Sandboxie as much as you can. That goes for everyone who uses the computer.
- Always download and install your Windows Updates.
- Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.
Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don't need these applications or you do not use applications that require these updates then promptly remove them.
You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.
Special thanks to the remove-malware.com people for the information.
Moving IIS Install from one system drive to another.
So you have a beefy new server with multiple drives. Let’s just say you have a C, D and E Drives just for argument sake. You want to move “all” of your server based applications off the C drive since the operating system drive is typically the first to die crash or be at a loss for data.
IIS is typically by default installed and assigned on the system drive C:\inetpub. However you want to move it to D:\intepub. So you start down the whole copy and paste which may seem like it will work however you still have to touch multiple Registry keys and paths. Well here is a simple script to make your IIS moving a snap. 
Also if you copy this make sure to name the file a .Bat file for Batch… Just in case.
REM PLEASE BE AWARE: SERVICING (I.E. HOTFIXES AND SERVICE PACKS) WILL STILL REPLACE FILES
REM IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
REM TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES
REM IS NOT POSSIBLE.@echo off
IF "%1" == "" goto err
setlocal
set MOVETO=%1:\REM simple error handling if drive does not exist or argument is wrong
IF NOT EXIST %MOVETO% goto errREM Backup IIS config before we start changing config to point to the new path
%windir%\system32\inetsrv\appcmd add backup beforeRootMoveREM Stop all IIS services
iisreset /stopREM Copy all content
REM /O - copy ACLs
REM /E - copy sub directories including empty ones
REM /I - assume destination is a directory
REM /Q - quietREM echo on, because user will be prompted if content already exists.
echo on
xcopy %systemdrive%\inetpub %MOVETO%inetpub /O /E /I /Q
@echo off
REM Move AppPool isolation directory
reg add HKLM\System\CurrentControlSet\Services\WAS\Parameters /v ConfigIsolationPath /t REG_SZ /d %MOVETO%inetpub\temp\appPools /fREM Move logfile directories
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:"%MOVETO%inetpub\logs\FailedReqLogFiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"%MOVETO%inetpub\logs\logfiles"REM Move config history location, temporary files, the path for the Default Web Site and the custom error locations
%windir%\system32\inetsrv\appcmd set config -section:system.applicationhost/configHistory -path:%MOVETO%inetpub\history
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/asp -cache.disktemplateCacheDirectory:"%MOVETO%inetpub\temp\ASP Compiled Templates"
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/httpCompression -directory:"%MOVETO%inetpub\temp\IIS Temporary Compressed Files"
%windir%\system32\inetsrv\appcmd set vdir "Default Web Site/" -physicalPath:%MOVETO%inetpub\wwwroot
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='401'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='403'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='404'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='405'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='406'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='412'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='500'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='501'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='502'].prefixLanguageFilePath:%MOVETO%inetpub\custerrREM Make sure Service Pack and Hotfix Installers know where the IIS root directories are
reg add HKLM\Software\Microsoft\inetstp /v PathWWWRoot /t REG_SZ /d %mOVETO%\inetpub\wwwroot /f
reg add HKLM\Software\Microsoft\inetstp /v PathFTPRoot /t REG_SZ /d %MOVETO%\inetpub\ftproot /f
REM Do the same for x64 directories
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathWWWRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\wwwroot /f
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathFTPRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\ftproot /fREM Restart all IIS services
iisreset /start
echo.
echo.
echo ===============================================================================
echo Moved IIS7 root directory from %systemdrive%\ to %MOVETO%.
echo.
echo Please verify if the move worked. If so you can delete the %systemdrive%\inetpub directory.
echo If something went wrong you can restore the old settings via
echo "APPCMD restore backup beforeRootMove"
echo and
echo "REG delete HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath"
echo You also have to reset the PathWWWRoot and PathFTPRoot registry values
echo in HKEY_LOCAL_MACHINE\Software\Microsoft\InetStp.
echo ===============================================================================
echo.
echo.
endlocal
goto successREM error message if no argument or drive does not exist
:err
echo.
echo New root drive letter required.
echo Here an example how to move the IIS root to the F:\ drive:
echo.
echo MOVEIISROOT.BAT F
echo.
echo.:success
This should take care of your IIS moving needs. Do not forget to reboot to make sure settings are happy.
Commerce Server 2007: Direct Mailer Is Not Working Please Help!
Cannot tell you how much fun this can be if it is not working correctly. First make sure SMTP is set up correctly in your IIS install (IIS6-IIS7.5(which uses IIS6 but thats for another story))
Direct Mailer Not working or not sending email or just needs to be configured correctly?
First lets make sure the server and users/groups are created right.
To grant the Marketing Web Service access to the Direct Mailer Service
1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
2. In the Component Services window, expand Component Services, expand Computers, expand My Computer, expand DCOM Config, right-click Microsoft Commerce Server DirectMailer Service, and then click Properties.
3. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Launch and Activation Permissions section, select Customize, and then click Edit.
4. In the Launch Permission dialog box, click Add.
5. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.
6. In the Launch Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Launch and Local Activation check boxes for Allow, and then click OK.
7. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Access Permissions section, select Customize, and then click Edit.
8. In the Access Permission dialog box, click Add.
9. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.
10. In the Access Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Access check box for Allow, and then click OK.
11. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, click OK
To grant the Marketing Web Service access to the Direct Mailer Service
1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
2. In the Component Services window, expand Component Services, expand Computers, expand My Computer, expand DCOM Config, right-click Microsoft Commerce Server DirectMailer Service, and then click Properties.
3. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Launch and Activation Permissions section, select Customize, and then click Edit.
4. In the Launch Permission dialog box, click Add.
5. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.
6. In the Launch Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Launch and Local Activation check boxes for Allow, and then click OK.
7. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Access Permissions section, select Customize, and then click Edit.
8. In the Access Permission dialog box, click Add.
9. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.
10. In the Access Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Access check box for Allow, and then click OK.
11. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, click OK
And verify that your web service identity is a member of the DML_SG group
Prepare the Members and Groups for COM component Services:
Member Manage:
Create the group DML_SG
Add the following users to the:
DML_SG
CSDMSvc
MarketingWebSvc
Add the following users to the:
MarketingAdminGroup
RunTimeUser
MarketingWebSvc
CSDMSvc
Add the following users to the:
Administrator
MarketingWebSvc
Go into services and make sure commerce server direct mailer is running and set to automatic.
Trouble Shooting
You can add the following registry change if these do not work.
Open Registry using regedit.exe.
Navigate to HK_LOCAL_Machine\Software\Microsoft\SchedulingAgent and give full control to NT account under which marketing system is working (or add authenticate users).
*Right click on the key and scroll down to permissions inside permissions add DML_SG and give full permissions.
Test Emailing by scheduling a DML run with dmlrun.exe:
dmlrun.exe /create:type=final;site="Buylifetime.com";id=30 /execute
If that doesn't work, try using the DirectMailer COM object to test your direct mail:
Dim dm
set dm = CreateObject("Commerce.DirectMailer", "<DML Server Name>")
call dm.TestDirectMail("StarterSite", 30)
save and do IIS reset
Last and most effective:
Open a Command Prompt go to (different for 32 and 64 bit servers(Provided is the 64bit version))) C:\Program Files (x86)\Microsoft Commerce Server 2007 Then run:
csconfig /r Feature.MS.CS.DirectMailer
Windows will not launch an exe after virus removal. How to fix.
So you got one of those great little virus’s going around. You were able to clean it off after a bit of time and gnashing of teeth. However now you cannot launch any applications or more specifically any executables (.exe)
Fixing the association settings using Registry editor
Click Start, Run and type CMD
Type the following commands one by one:
cd\windows
regedit
If Registry Editor opens successfully, then navigate to the following key:
HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command
Double-click the (Default) value in the right pane
Delete the current value data, and then type:
"%1" %*
(ie., quote-percent-one-quote-space-percent-asterisk.)*Interestingly some virus’s have changed the full path of default value to c:\users\HomerJSimpson<yourUserAccount>\appdata\local\happyvirus.exe /runas “%1” %*
Navigate to:
HKEY_CLASSES_ROOT\.exe
In the right-pane, set (default) to exefile
*Interestingly some virus’s have added things like “sfcfile”
Exit the Registry Editor.
Fix with a com executable
You can use a com object to run the fix
reboot and all should be happy. At least with Executables.
Special thanks to Ramesh for giving me the idea on how to do this.
Latest Tweet
Twitter Updates
Sponsored By:
Recent Posts
- Open SQL Server Ports Via Script
- How did I get these fake antivirus? How to keep from getting them.
- Moving IIS Install from one system drive to another.
- Commerce Server 2007: Direct Mailer Is Not Working Please Help!
- Windows will not launch an exe after virus removal. How to fix.
"/forceit" .NET .NET and You Alpha Windows Attributes Changing via command line. Backup important Data Block Access BSOD Command Line Commerce Server 2007 Corrupt Filesystem Data Backup Dell Bios Switch Dos Drive Mapping File Flv Folder Fresh install with upgrade media FTP Fun God Must Be a Unix Admin Hidden Features How to Convert VHD to ISO ID IIS IIS 7.5 IIS MIME Types In the Beginning Isolate Users Keep evil empire away Know your file extension List Drivers Mount VHD via Double Click event NTFS.SYS Ntoskrnl.exe Ntoskrnl corrupt Silverlight SQL Change Owner Script Streaming Media MIME Types System Administrator Commandments VHD to ISO conversion Windows 7 Windows 7 fresh install Windows 8
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
