cluberti

You *can* use the kernel to address memory over the 4GB boundary (2^32) from an x86 OS, but you still have the limitation that the CPU (when in x86 mode) can only ever actually address 4GB of address space at any one time, no matter where you set your base address. Ultimately, you can get a 32bit Windows OS to do a lot of things with the physical RAM over 2^32, but it's really a lot of smoke and mirrors (good smoke and mirrors, mind you, but it's still not native) and you're still never actually using a RAM window larger than 4GB (the CPU has to move that window up and down, over and over, to make it work). Geoff is a smart guy, and his test will work good enough for most desktop applications, I would think. However, it's worth mentioning that it's not supported at all by the vendor (Microsoft), you have to put your system into test signing mode to get it to work (bypassing kernel driver signing security, amongst other things), and you're still only ever actually addressing 4GB of memory address space (in a sliding window, of course) at any one time. If you want to do all that just to avoid installing an x64 OS, you're free to do so. However, given that we've had 2 versions (3, if you count XP x64) of Windows client that can run and natively do under x64 what the test x86 kernel is doing and taking a perf hit to do so (small, but it's there), there's no real reason anymore to run x86 and perform a bit of hackery like this unless you *absolutely, unequivocally have something that needs to run on x86 and won't run on x64*, and that's gonna be pretty rare. It is worth closing though, just due to the nature of the flame fest that always ensues - closing the thread. If you want to discuss it with Geoff, he has a forum and is more than willing to chat with you about it in technical detail, but it's been beaten to death and back again here.

Use a USB key formatted NTFS? I have a 7GB WIM with quite a few versions of Vista / 2008 and 7 / 2008 R2 in it, and it works fine from a 64GB USB key formatted NTFS.

You forget that some of the logic in the script is Vista+, hence why my script checked build #s. XP, 2003, and 2000 don't have a lot of good reporting data you can call via WMI, whereas Vista+ does. Hence the script limitations - they're actually easier to work around in vbs than .NET, too, because in this specific instance, .net is much more inflexible and requires a lot more lines of code to emulate things that can be easily hacked together in a VBS. I'll maybe take a look at this when I get some time and see if I can get some things working, but don't hold your breath .

Cool. I'm with Andre, I'm not one for script much, but sometimes a little dirty script is "good enough" to get by. I'm still not a fan of .net for a few reasons (a big one is no .net support in WinPE, where a decent amount of my tools are run) as well as speed. However, it's a pretty cool implementation for vb.net .

As long as you're using the same key on the same machine, you can indeed install Windows from an OEM CD that you made custom from the original source with the XP key that came with your computer.

It depends on the refurbishing/repairing done to the refurbished PC. Basically, if you replace specific hardware components (like the motherboard) or make significant changes to the components than what originally shipped on the PC, you invalidate the OEM license that was sold and shipped with the original PC, and require a new one. The MAR program offers system refurbishers to replace at a reduced cost the OS license as part of the repair cost.

No, because the question is asinine - the answer is the desire itself. If you want to reverse engineer/develop countermeasures/etc, you simply learn how to do those things. The term "hacker" is pretty vague in and of itself (and those older amongst us will probably view a "hacker" differently from what the term has become over the last 10 years or so), and being a hacker simply means you have skills and you use them certain ways. If you want to learn to do things that will allow you to "hack" at sofware, for example, you learn C, C++, assembler, etc., and how to use (and abuse) debuggers. If you want to reverse-engineer, you will need to know how something works "forward engineered" first, then you work on reversing using previously mentioned skills. I guess the problem is you want to learn to do something that isn't really "something" at all - hacking is simply using skills in manners that perhaps weren't intended on their targets in... interesting and sometimes useful ways. I'm assuming you mean a hacker who hacks at computer programs, rather than security hacking or social engineering, etc. - but again, there are all kinds of things that could be deemed "hacking", and pretty much all of them are using the "hacking" terminology to mean someone who is using a certain skillset (probably in this case programming, disassembly, reversing, and otherwise debugging) for ends that weren't necessarily intended uses of whatever it is that person is "hacking" at. I don't mean to be rude, but the question is best left to be pondered by the person posing the question - whatever "thing" it is you desire to "hack", learn (and perfect, as much as possible) the skills needed to be good at doing that "thing" first. Then start going at it in all of the unusual ways you can think of, and you're "hacking". It's not much more complicated than that. The notion that there is a specific OS to use, or a specific skillset is simply something you learn from traditional media stereotypes (movies, news, etc) that don't really exist in the "real world" where most of us actually reside. I have known quite a few good "hackers" in my day, and none of them were stereotypical (they regularly bathed, had families/weren't loners, didn't dress in T-Shirts and ratty jeans, didn't have posters for anime or sci-fi about their work or living areas, only one actually used Linux to hack, etc).

Well, first off, did you /Add-device to add the /device you're calling (if it's not in the db, it won't recognize it if you try to modify it using wdsutil)? Secondly, if the machine has a GUID for the machine account associated with that hardware in AD, it's quicker and easier to use the GUID for the machine rather than the MAC, although this isn't required. Third, if you're using a 2008 or 2008 R2 server, you should also use the /architecture:x86 (or amd64) parameter appended to the end of the command for non-microsoft ROMs to avoid other errors (staging or bootstrapping). I believe the WDSLinux article here might be of use.

Considering the heavy WinSxS requirement for .net, I'd be interested to hear if anyone gets .net (full or embedded/compact) to work in WinPE at all. Hopefully (soon) a version of WinPE will ship with .net support inbox, but if anyone gets it working it'd be quite a coup. You could use this tool (nonfree), although you have to test your code because it's running without the framework, so interesting and undesired things may/can happen in that environment. There's also this "plugin" which was designed for WinPE 2005, and I've not heard of it working in WinPE 2.x or 3.0 (but it would be worth a try, I suppose). Otherwise, you could look into a custom PE like BartPE, which does have reports of .net working there with the previously linked plugin. Not sure how legal or supported it would be, of course. Given Microsoft's desire that WinPE be locked down and minimalist, however, I can understand the lacking inclusion of powershell, .net, and a whole host of other things as it's meant as a deployment platform only (hence the name, Windows Preinstallation Environment, WinPE). I've gotten by with HTA/vbscript and jscript in a pinch, and a real C++ app when the need arose for something less ugly and more professional, as Microsoft suggests. Technically you can do a lot with script and HTA, and native executables aren't really needed by most. I'd still like .net in WinPE as it would make development for WinPE deployment apps easier and quicker, but it isn't a pre-requisite for doing so. Using C++ takes a little longer, but it does work and I can't really complain much about writing native code over managed code.

Considering the issue, I'm not sure you can say it's not the drivers because you made a change that is seemingly not driver related and it fixed it - you've changed services from being demand start (or delayed start) to automatic, which means that when the driver is loaded the services are already started. Given that a *properly functioning* Windows 7 network driver should be able to handle the services not being started (aka, the *default settings*), I'm still quite certain this is a *driver issue* that you've fixed by making Windows 7 behave more like Vista and XP (which should be a hint, honestly).

It's probably the caret on this line: Wscript.Echo " Volume Size: " & FormatNumber(objDiskItem.Size/1024^3, 2) & " GB" Try this instead: Wscript.Echo " Volume Size: " & FormatNumber(objDiskItem.Size/1024/1024/1024, 2) & " GB" If that isn't it, then you likely have a volume returning NULL for the Size parameter of the class, and since I'm checking fixed disks only (type = 3) that would be very odd indeed. However, the only other reason (if your system isn't liking the caret) would be volume.size of this class returning a NULL.

Gunsmokingman gave me an idea, and I ran with it - I made a simple "computer info" script based on his idea to case out the locale and SKU, amongst other things. I've posted this in the Code Repository. This also uses my ElevateThisScript subroutine (if you need/desire), which is also available in the Code Repository. '// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// NAME: osinfo.vbs '// '// Original: http://www.cluberti.com/blog '// Last Update: 28th December 2009 '// '// Comment: VBS example file for use as an OS info gathering template. '// '// NOTE: Provided as-is - usage of this source assumes that you are at the '// very least familiar with the vbscript language being used and '// the tools used to create and debug this file. '// '// In other words, if you break it, you get to keep the pieces. '// '// Also, if you want to use this on W2K, prepare to hack, as this '// was really designed with XP+ systems in mind. '// '// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// This script will require elevated privileges if run from a non-admin account, so '// calling the ElevateThisScript() Sub should get the script a full admin token. This is '// currently disabled, but if you need non-admin users to run this script, enable the '// call to this subroutine to pop-up a dialog box (they'll of course need administrative '// credentials to put in the challenge dialog before the script will execute with an '// administrative token): ' ElevateThisScript() '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables and wMI connections for scripting against: CONST HKEY_LOCAL_MACHINE = &H80000002 CONST SEARCH_KEY = "DigitalProductID" Dim arrSubKeys(4,1) Dim foundKeys Dim iValues, arrDPID foundKeys = Array() iValues = Array() arrSubKeys(0,0) = "Windows PID Key: " arrSubKeys(0,1) = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" arrSubKeys(2,0) = "Office XP PID Key: " arrSubKeys(2,1) = "SOFTWARE\Microsoft\Office\10.0\Registration" arrSubKeys(1,0) = "Office 2003 PID Key: " arrSubKeys(1,1) = "SOFTWARE\Microsoft\Office\11.0\Registration" arrSubKeys(3,0) = "Office 2007 PID Key: " arrSubKeys(3,1) = "SOFTWARE\Microsoft\Office\12.0\Registration" arrSubKeys(4,0) = "Office 2010 PID Key: " arrSubKeys(4,1) = "SOFTWARE\Microsoft\Office\14.0\Registration\{10140000-0011-0000-1000-0000000FF1CE}" strComputer = "." Arch = "" Sku = "" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime") Set colOSItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_OperatingSystem",,48) Set colProcItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_Processor",,48) Set colCompSysItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_ComputerSystem",,48) Set colTZItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_TimeZone",,48) Set colCompSysProdItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_ComputerSystemProduct",,48) Set colBIOSItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_BIOS",,48) Set colDiskItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_LogicalDisk",,48) Set colNetAdapConfigItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_NetworkAdapterConfiguration",,48) Set colVideoItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_VideoController",,48) Set colSoundItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_SoundDevice",,48) '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Get OS SKU from Win32_OperatingSystem class: For Each objOSItem in colOSItems If objOSItem.BuildNumber => 6000 Then Arch = objOSItem.OSArchitecture Select Case objOSItem.OperatingSystemSKU Case 0 Sku = "Unknown Windows version" Case 1 Sku = "Ultimate Edition" Case 2 Sku = "Home Basic Edition" Case 3 Sku = "Home Premium Edition" Case 4 Sku = "Enterprise Edition" Case 5 Sku = "Home Basic N Edition" Case 6 Sku = "Business Edition" Case 7 Sku = "Standard Server Edition" Case 8 Sku = "Datacenter Server Edition" Case 9 Sku = "Small Business Server Edition" Case 10 Sku = "Enterprise Server Edition" Case 11 Sku = "Starter Edition" Case 12 Sku = "Datacenter Server Core Edition" Case 13 Sku = "Standard Server Core Edition" Case 14 Sku = "Enterprise Server Core Edition" Case 15 Sku = "Enterprise Server Edition for Itanium-Based Systems" Case 16 Sku = "Business N Edition" Case 17 Sku = "Web Server Edition" Case 18 Sku = "Cluster Server Edition" Case 19 Sku = "Home Server Edition" Case 20 Sku = "Storage Express Server Edition" Case 21 Sku = "Storage Standard Server Edition" Case 22 Sku = "Storage Workgroup Server Edition" Case 23 Sku = "Storage Enterprise Server Edition" Case 24 Sku = "Server For Small Business Edition" Case 25 Sku = "Small Business Server Premium Edition" Case Else Sku = "Could Not Determine Operating System SKU" End Select End If '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Get current OS locale setting from Win32_OperatingSystem class: Select Case objOSItem.Locale Case 0436 Locale = "Afrikaans (South Africa)" Case 041c Locale = "Albanian (Albania)" ' Case 045e Locale = "Amharic (Ethiopia)" Case 0401 Locale = "Arabic (Saudi Arabia)" Case 1401 Locale = "Arabic (Algeria)" Case 3c01 Locale = "Arabic (Bahrain)" Case 0c01 Locale = "Arabic (Egypt)" Case 0801 Locale = "Arabic (Iraq)" Case 2c01 Locale = "Arabic (Jordan)" Case 3401 Locale = "Arabic (Kuwait)" Case 3001 Locale = "Arabic (Lebanon)" Case 1001 Locale = "Arabic (Libya)" Case 1801 Locale = "Arabic (Morocco)" Case 2001 Locale = "Arabic (Oman)" Case 4001 Locale = "Arabic (Qatar)" Case 2801 Locale = "Arabic (Syria)" Case 1c01 Locale = "Arabic (Tunisia)" Case 3801 Locale = "Arabic (U.A.E.)" Case 2401 Locale = "Arabic (Yemen)" Case 042b Locale = "Armenian (Armenia)" Case 044d Locale = "Assamese" Case 082c Locale = "Azeri (Cyrillic)" Case 042c Locale = "Azeri (Latin)" Case 042d Locale = "Basque" Case 0423 Locale = "Belarusian" Case 0445 Locale = "Bengali (India)" Case 0845 Locale = "Bengali (Bangladesh)" Case 141A Locale = "Bosnian (Bosnia/Herzegovina)" Case 0402 Locale = "Bulgarian" Case 0455 Locale = "Burmese" Case 0403 Locale = "Catalan" Case 045c Locale = "Cherokee (United States)" Case 0804 Locale = "Chinese (PRC)" Case 1004 Locale = "Chinese (Singapore)" Case 0404 Locale = "Chinese (Taiwan)" Case 0c04 Locale = "Chinese (Hong Kong SAR)" Case 1404 Locale = "Chinese (Macao SAR)" Case 041a Locale = "Croatian" Case 101a Locale = "Croatian (Bosnia/Herzegovina)" Case 0405 Locale = "Czech" Case 0406 Locale = "Danish" Case 0465 Locale = "Divehi" Case 0413 Locale = "Dutch (Netherlands)" Case 0813 Locale = "Dutch (Belgium)" Case 0466 Locale = "Edo" Case 0409 Locale = "English (United States)" Case 0809 Locale = "English (United Kingdom)" Case 0c09 Locale = "English (Australia)" Case 2809 Locale = "English (Belize)" Case 1009 Locale = "English (Canada)" Case 2409 Locale = "English (Caribbean)" Case 3c09 Locale = "English (Hong Kong SAR)" Case 4009 Locale = "English (India)" Case 3809 Locale = "English (Indonesia)" Case 1809 Locale = "English (Ireland)" Case 2009 Locale = "English (Jamaica)" Case 4409 Locale = "English (Malaysia)" Case 1409 Locale = "English (New Zealand)" Case 3409 Locale = "English (Philippines)" Case 4809 Locale = "English (Singapore)" Case 1c09 Locale = "English (South Africa)" Case 2c09 Locale = "English (Trinidad)" Case 3009 Locale = "English (Zimbabwe)" Case 0425 Locale = "Estonian" Case 0438 Locale = "Faroese" Case 0429 Locale = "Farsi" Case 0464 Locale = "Filipino" Case 040b Locale = "Finnish" Case 040c Locale = "French (France)" Case 080c Locale = "French (Belgium)" Case 2c0c Locale = "French (Cameroon)" Case 0c0c Locale = "French (Canada)" Case 240c Locale = "French (DRC)" Case 300c Locale = "French (Cote d'Ivoire)" Case 3c0c Locale = "French (Haiti)" Case 140c Locale = "French (Luxembourg)" Case 340c Locale = "French (Mali)" Case 180c Locale = "French (Monaco)" Case 380c Locale = "French (Morocco)" Case e40c Locale = "French (North Africa)" Case 200c Locale = "French (Reunion)" Case 280c Locale = "French (Senegal)" Case 100c Locale = "French (Switzerland)" Case 1c0c Locale = "French (West Indies)" Case 0462 Locale = "Frisian (Netherlands)" Case 0467 Locale = "Fulfulde (Nigeria)" Case 042f Locale = "FYRO Macedonian" Case 083c Locale = "Gaelic (Ireland)" Case 043c Locale = "Gaelic (Scotland)" Case 0456 Locale = "Galician" Case 0437 Locale = "Georgian" Case 0407 Locale = "German (Germany)" Case 0c07 Locale = "German (Austria)" Case 1407 Locale = "German (Liechtenstein)" Case 1007 Locale = "German (Luxembourg)" Case 0807 Locale = "German (Switzerland)" Case 0408 Locale = "Greek" Case 0474 Locale = "Guarani (Paraguay)" Case 0447 Locale = "Gujarati" Case 0468 Locale = "Hausa (Nigeria)" Case 0475 Locale = "Hawaiian (United States)" Case 040d Locale = "Hebrew" Case 0439 Locale = "Hindi" ' Case 040e Locale = "Hungarian" Case 0469 Locale = "Ibibio (Nigeria)" Case 040f Locale = "Icelandic" Case 0470 Locale = "Igbo (Nigeria)" Case 0421 Locale = "Indonesian" Case 045d Locale = "Inuktitut" Case 0410 Locale = "Italian (Italy)" Case 0810 Locale = "Italian (Switzerland)" Case 0411 Locale = "Japanese" Case 044b Locale = "Kannada" Case 0471 Locale = "Kanuri (Nigeria)" Case 0860 Locale = "Kashmiri" Case 0460 Locale = "Kashmiri (Arabic)" Case 043f Locale = "Kazakh" Case 0453 Locale = "Khmer" Case 0457 Locale = "Konkani" Case 0412 Locale = "Korean" Case 0440 Locale = "Kyrgyz (Cyrillic)" Case 0454 Locale = "Lao" Case 0476 Locale = "Latin" Case 0426 Locale = "Latvian" Case 0427 Locale = "Lithuanian" ' Case 043e Locale = "Malay (Malaysia)" ' Case 083e Locale = "Malay (Brunei Darussalam)" Case 044c Locale = "Malayalam" Case 043a Locale = "Maltese" Case 0458 Locale = "Manipuri" Case 0481 Locale = "Maori (New Zealand)" ' Case 044e Locale = "Marathi" Case 0450 Locale = "Mongolian (Cyrillic)" Case 0850 Locale = "Mongolian (Mongolian)" Case 0461 Locale = "Nepali" Case 0861 Locale = "Nepali (India)" Case 0414 Locale = "Norwegian (Bokmål)" Case 0814 Locale = "Norwegian (Nynorsk)" Case 0448 Locale = "Oriya" Case 0472 Locale = "Oromo" Case 0479 Locale = "Papiamentu" Case 0463 Locale = "Pashto" Case 0415 Locale = "Polish" Case 0416 Locale = "Portuguese (Brazil)" Case 0816 Locale = "Portuguese (Portugal)" Case 0446 Locale = "Punjabi" Case 0846 Locale = "Punjabi (Pakistan)" Case 046B Locale = "Quecha (Bolivia)" Case 086B Locale = "Quecha (Ecuador)" Case 0C6B Locale = "Quecha (Peru)" Case 0417 Locale = "Rhaeto-Romanic" Case 0418 Locale = "Romanian" Case 0818 Locale = "Romanian (Moldava)" Case 0419 Locale = "Russian" Case 0819 Locale = "Russian (Moldava)" Case 043b Locale = "Sami (Lappish)" Case 044f Locale = "Sanskrit" Case 046c Locale = "Sepedi" Case 0c1a Locale = "Serbian (Cyrillic)" Case 081a Locale = "Serbian (Latin)" Case 0459 Locale = "Sindhi (India)" Case 0859 Locale = "Sindhi (Pakistan)" Case 045b Locale = "Sinhalese (Sri Lanka)" Case 041b Locale = "Slovak" Case 0424 Locale = "Slovenian" Case 0477 Locale = "Somali" ' Case 042e Locale = "Sorbian" Case 0c0a Locale = "Spanish (Spain - Modern Sort)" Case 040a Locale = "Spanish (Spain - Traditional Sort)" Case 2c0a Locale = "Spanish (Argentina)" Case 400a Locale = "Spanish (Bolivia)" Case 340a Locale = "Spanish (Chile)" Case 240a Locale = "Spanish (Colombia)" Case 140a Locale = "Spanish (Costa Rica)" Case 1c0a Locale = "Spanish (Dominican Republic)" Case 300a Locale = "Spanish (Ecuador)" Case 440a Locale = "Spanish (El Salvador)" Case 100a Locale = "Spanish (Guatemala)" Case 480a Locale = "Spanish (Honduras)" Case 580a Locale = "Spanish (Latin America)" Case 080a Locale = "Spanish (Mexico)" Case 4c0a Locale = "Spanish (Nicaragua)" Case 180a Locale = "Spanish (Panama)" Case 3c0a Locale = "Spanish (Paraguay)" Case 280a Locale = "Spanish (Peru)" Case 500a Locale = "Spanish (Puerto Rico)" Case 540a Locale = "Spanish (United States)" Case 380a Locale = "Spanish (Uruguay)" Case 200a Locale = "Spanish (Venezuela)" Case 0430 Locale = "Sutu" Case 0441 Locale = "Swahili" Case 041d Locale = "Swedish" Case 081d Locale = "Swedish (Finland)" Case 045a Locale = "Syriac" Case 0428 Locale = "Tajik" Case 045f Locale = "Tamazight (Arabic)" Case 085f Locale = "Tamazight (Latin)" Case 0449 Locale = "Tamil" Case 0444 Locale = "Tatar" Case 044a Locale = "Telugu" ' Case 041e Locale = "Thai" Case 0851 Locale = "Tibetan (Bhutan)" Case 0451 Locale = "Tibetan (PRC)" Case 0873 Locale = "Tigrigna (Eritrea)" Case 0473 Locale = "Tigrigna (Ethiopia)" Case 0431 Locale = "Tsonga" Case 0432 Locale = "Tswana" Case 041f Locale = "Turkish" Case 0442 Locale = "Turkmen" Case 0480 Locale = "Uighur (China)" Case 0422 Locale = "Ukrainian" Case 0420 Locale = "Urdu" Case 0820 Locale = "Urdu (India)" Case 0843 Locale = "Uzbek (Cyrillic)" Case 0443 Locale = "Uzbek (Latin)" Case 0433 Locale = "Venda" Case 042a Locale = "Vietnamese" Case 0452 Locale = "Welsh" Case 0434 Locale = "Xhosa" Case 0478 Locale = "Yi" Case 043d Locale = "Yiddish" Case 046a Locale = "Yoruba" Case 0435 Locale = "Zulu" Case 04ff Locale = "HID (Human Interface Device)" Case Else Locale = "Could Not Determine OS Locale" End Select '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_OperatingSystem class: Caption = objOSItem.Caption CSDVersion = objOSItem.CSDVersion CSName = objOSItem.CSName Version = objOSItem.Version BuildType = objOSItem.BuildType BuildNumber = objOSItem.BuildNumber SerialNumber = objOSItem.SerialNumber objSWbemDateTime.Value = objOSItem.InstallDate InstallDate = objSWbemDateTime.GetVarDate(True) objSWbemDateTime.Value = objOSItem.LastBootUpTime LastBootUpTime = objSWbemDateTime.GetVarDate(True) Status = objOSItem.Status Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_ComputerSystem class: For Each objCompSysItem in colCompSysItems CurrentTimeZone = objCompSysItem.CurrentTimeZone DaylightInEffect = objCompSysItem.DaylightInEffect TotalMemory = FormatNumber(objCompSysItem.TotalPhysicalMemory/1024^3, 2) Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_TimeZone class: For Each objTZItem in colTZItems TZName = objTZItem.StandardName Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_ComputerSystemProduct class: For Each objCompSysProdItem in colCompSysProdItems CompSysName = objCompSysProdItem.Name IdentifyingNumber = objCompSysProdItem.IdentifyingNumber UUID = objCompSysProdItem.UUID Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_BIOS class: For Each objBIOSItem in colBIOSItems SMBIOSVersion = objBIOSItem.SMBIOSBIOSVersion Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Start echoing output to the screen Wscript.Echo " ------------------------------------------" Wscript.Echo " System Details" Wscript.Echo " ------------------------------------------" Wscript.Echo "" Wscript.Echo " Computer Name: " & CSName Wscript.Echo "" Wscript.Echo "" Wscript.Echo " Operating System Information:" Wscript.Echo " =============================" Wscript.Echo " Operating System: " & Caption & Arch Wscript.Echo " Version: " & Version & " " & Sku & " " & CSDVersion Wscript.Echo " Build Type: " & BuildType Wscript.Echo " Locale: " & Locale Wscript.Echo " Serial Number: " & SerialNumber Wscript.Echo "" Wscript.Echo " Current Time Zone: " & TZName Wscript.Echo " Offset from UTC: " & CurrentTimeZone/60 & " hours" Wscript.Echo " DST In Effect: " & DaylightInEffect Wscript.Echo "" '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Get the product keys (function at the end of script): GetKeys() Wscript.Echo "" Wscript.Echo " Install Date: " & InstallDate Wscript.Echo " Last Boot Time: " & LastBootUpTime Wscript.Echo " Local Date/Time: " & Now() Wscript.Echo "" Wscript.Echo " System Status: " & Status Wscript.Echo "" Wscript.Echo "" Wscript.Echo " Hardware Information:" Wscript.Echo " =====================" '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set and echo variables gathered from Win32_Processor class: For Each objProcItem in colProcItems Select Case objProcItem.Architecture Case 0 CPUArch = "x86" Case 1 CPUArch = "MIPS" Case 2 CPUArch = "Alpha" Case 3 CPUArch = "PowerPC" Case 6 CPUArch = "Itanium" Case 9 CPUArch = "x64" Case Else CPUArch = "Could Not Determine CPU Architecture" End Select Wscript.Echo " CPU: " & objProcItem.Name & " (" & CPUArch & ")" Next Wscript.Echo "" Wscript.Echo " Physical Memory: " & TotalMemory & " GB" Wscript.Echo "" '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_VideoController class: For Each objVideoItem in colVideoItems Wscript.Echo " Video Card: " & objVideoItem.Name If Not objVideoItem.AdapterDACType = "" Then Wscript.Echo " Adapter DAC: " & objVideoItem.AdapterDACType End if Wscript.Echo " PNP Device ID: " & objVideoItem.PNPDeviceID If Not objVideoItem.AdapterRAM = "" Then Wscript.Echo " Video RAM: " & objVideoItem.AdapterRAM/1024^2 & " MB" End If Wscript.Echo " Driver Version: " & objVideoItem.DriverVersion objSWbemDateTime.Value = objVideoItem.DriverDate DriverDate = objSWbemDateTime.GetVarDate(False) Wscript.Echo " Driver Date: " & DriverDate Wscript.Echo "" Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_SoundDevice class: For Each objSoundItem in colSoundItems Wscript.Echo " Sound Card: " & objSoundItem.Name Wscript.Echo " Manufacturer: " & objSoundItem.Manufacturer Wscript.Echo " PNP Device ID: " & objSoundItem.PNPDeviceID Wscript.Echo "" Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_LogicalDisk class: For Each objDiskItem in colDiskItems If objDiskItem.DriveType = 3 Then Wscript.Echo " Volume: " & objDiskItem.Caption Wscript.Echo " Compressed: " & objDiskItem.Compressed Wscript.Echo " File System: " & objDiskItem.FileSystem Wscript.Echo " Volume Size: " & FormatNumber(objDiskItem.Size/1024^3, 2) & " GB" Wscript.Echo " Free Space: " & FormatNumber(objDiskItem.FreeSpace/1024^3, 2) & " GB" Wscript.Echo "" End If Next '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Set variables gathered from Win32_NetworkAdapterConfiguration class: For Each objNetAdapConfigItem in colNetAdapConfigItems If isNull(objNetAdapConfigItem.IPAddress) Then '// Skip adapter, not currently used Else Wscript.Echo " Network Adapter: " & objNetAdapConfigItem.Description Wscript.Echo " MAC Address: " & objNetAdapConfigItem.MACAddress Wscript.Echo " DHCP Enabled: " & objNetAdapConfigItem.DHCPEnabled Wscript.Echo " IP Address: " & Join(objNetAdapConfigItem.IPAddress, ",") Wscript.Echo " Subnet Mask: " & Join(objNetAdapConfigItem.IPSubnet, ",") Wscript.Echo " Default Gateway: " & Join(objNetAdapConfigItem.DefaultIPGateway, ",") If objNetAdapConfigItem.DHCPEnabled = True Then objSWbemDateTime.Value = objNetAdapConfigItem.DHCPLeaseObtained DHCPLeaseObtained = objSWbemDateTime.GetVarDate(True) Wscript.Echo " Lease Obtained: " & DHCPLeaseObtained objSWbemDateTime.Value = objNetAdapConfigItem.DHCPLeaseExpires DHCPLeaseExpires = objSWbemDateTime.GetVarDate(True) Wscript.Echo " Lease Exipres: " & DHCPLeaseExpires Wscript.Echo " DHCP Servers: " & objNetAdapConfigItem.DHCPServer End If Wscript.Echo " DNS Server: " & Join(objNetAdapConfigItem.DNSServerSearchOrder, ",") If Not objNetAdapConfigItem.WINSPrimaryServer = "" Then Wscript.Echo " WINS Primary Server: " & objNetAdapConfigItem.WINSPrimaryServer If Not objNetAdapConfigItem.WINSSecondaryServer = "" Then Wscript.Echo " WINS Secondary Server: " & objNetAdapConfigItem.WINSPrimaryServer End If Wscript.Echo " Enable LMHosts Lookup: " & objNetAdapConfigItem.WINSEnableLMHostsLookup End If Wscript.Echo "" End If Next Wscript.Echo "" Wscript.Echo " System Information:" Wscript.Echo " ===================" Wscript.Echo " Computer: " & CompSysName Wscript.Echo " Serial Number: " & IdentifyingNumber Wscript.Echo " BIOS Version: " & SMBIOSVersion Wscript.Echo " UUID: " & UUID Wscript.Echo "" '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// This pause call is disabled, but you may wish to enable it if running this script '// with the ElevateThisScript() subroutine call enabled above: ' PressEnter() '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Functions: GetKeys() and decodeKey(iValues, strProduct) '// '// Credit where credit is due - I found and modified script posted by user "Parabellum" '// found on http://www.visualbasicscript.com/m42793.aspx, hacked it up a bit, and used '// it here to post keys: Public Function GetKeys() For x = LBound(arrSubKeys, 1) To UBound(arrSubKeys, 1) objReg.GetBinaryValue HKEY_LOCAL_MACHINE, arrSubKeys(x,1), SEARCH_KEY, arrDPIDBytes If Not IsNull(arrDPIDBytes) Then Call decodeKey(arrDPIDBytes, arrSubKeys(x,0)) Else objReg.EnumKey HKEY_LOCAL_MACHINE, arrSubKeys(x,1), arrGUIDKeys If Not IsNull(arrGUIDKeys) Then For Each GUIDKey In arrGUIDKeys objReg.GetBinaryValue HKEY_LOCAL_MACHINE, arrSubKeys(x,1) & "\" & GUIDKey, SEARCH_KEY, arrDPIDBytes If Not IsNull(arrDPIDBytes) Then Call decodeKey(arrDPIDBytes, arrSubKeys(x,0)) End If Next End If End If Next End Function Public Function decodeKey(iValues, strProduct) Dim arrDPID arrDPID = Array() For i = 52 to 66 ReDim Preserve arrDPID( UBound(arrDPID) + 1 ) arrDPID( UBound(arrDPID) ) = iValues(i) Next Dim arrChars arrChars = Array("B","C","D","F","G","H","J","K","M","P","Q","R","T","V","W","X","Y","2","3","4","6","7","8","9") For i = 24 To 0 Step -1 k = 0 For j = 14 To 0 Step -1 k = k * 256 Xor arrDPID(j) arrDPID(j) = Int(k / 24) k = k Mod 24 Next strProductKey = arrChars(k) & strProductKey If i Mod 5 = 0 And i <> 0 Then strProductKey = "-" & strProductKey End If Next ReDim Preserve foundKeys( UBound(foundKeys) + 1 ) foundKeys( UBound(foundKeys) ) = strProductKey strKey = UBound(foundKeys) Wscript.Echo " " & strProduct & "" & foundKeys(strKey) End Function '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Subroutine: PressEnter() '// '// Adds a pause with a "Press the ENTER key to continue." message when called. '// '// Usage: Call this Subroutine to get a pause that will clear when the user presses the '// ENTER key (and ONLY the ENTER key) on their keyboard: Sub PressEnter() Wscript.Echo "" strMessage = "Press the ENTER key to continue. " Wscript.StdOut.Write strMessage Do While Not WScript.StdIn.AtEndOfLine Input = WScript.StdIn.Read(1) Loop End Sub '//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '// '// Subroutine: ElevateThisScript() '// '// Forces the currently running script to prompt for elevation if it detects that the '// current user credentials do not have administrative privileges. '// '// If run on Windows XP / Server 2003 this script will cause the RunAs dialog to appear '// if the user does not have administrative rights, giving the opportunity to run as an '// administrator. '// '// If run on Windows Vista / Server 2008 this script will cause a UAC dialog to appear '// if the user does not have administrative rights and UAC is enabled, giving the '// opportunity for the script to run properly for a LUA user. '// '// This Sub Attempts to call the script with its original arguments. Arguments that '// contain a space will be wrapped in double quotes when the script calls itself again. '// '// Usage: Add a call to this sub (ElevateThisScript) to the beginning of your script to '// ensure that the script gets an administrative token. Sub ElevateThisScript() Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 const KEY_QUERY_VALUE = 1 Const KEY_SET_VALUE = 2 Dim scriptEngine, engineFolder, argString, arg, Args, scriptCommand Dim objShellApp : Set objShellApp = CreateObject("Shell.Application") scriptEngine = Ucase(Mid(Wscript.FullName,InstrRev(Wscript.FullName,"\")+1)) engineFolder = Left(Wscript.FullName,InstrRev(Wscript.FullName,"\")) argString = "" Set Args = Wscript.Arguments For each arg in Args 'loop though argument array as a collection to rebuild argument string If instr(arg," ") > 0 Then arg = """" & arg & """" 'if the argument contains a space wrap it in double quotes argString = argString & " " & Arg Next scriptCommand = engineFolder & scriptEngine Dim strComputer : strComputer = "." Dim objReg, bHasAccessRight Set objReg=GetObject("winmgmts:"_ & "{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") 'Check for administrative registry access rights objReg.CheckAccess HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Control\CrashControl", _ KEY_SET_VALUE, bHasAccessRight If bHasAccessRight = True Then HasRequiredRegAccess = True Exit Sub Else HasRequiredRegAccess = False objShellApp.ShellExecute scriptCommand, " """ & Wscript.ScriptFullName & """" & argString, "", "runas" WScript.Quit End If End Sub

Vista and Windows 7, yes; XP, not so easily. It can be done with a custom PE image, or using MDT 2010 to build the installers (the way I do it), but the Vista and Windows 7 installers bootstrap setup.exe to put down a WIM file, and neither the XP flat-file setup nor creating an XP WIM will allow you to use Vista or Windows 7's setup routine to install XP.

Not sure - initially I moved it here, but now I notice it's more of an overall issue with more than just MSFN. Assuming IE doesn't have the settings set like "Delete Browsing History on Exit" or have something that is deleting your cache on you on process shutdown, it could be perhaps an add-on or activex control running inside IE. It could also be that your cache folder size is too small, or that it's full (what happens if you totally clear your cache and then logon, close IE, and re-open IE and come back?).

There is a newer driver on their site, but it's a Vista x64 driver. You might want to give that one a try before giving up entirely.

Looks like the message is in portuguese, and it states that two parameters must refer to a location within a sequence, and the length parameter is incorrect. I would agree, however, that the OP should attach the last_session.ini (and probably settings.ini). I do have a question for the OP though - are you trying to incorporate an ENU update pack on a portuguese OS, or is this being done to an ENU source, just running nLite on a portuguese OS?

Hacking generally involves a bit of anonymity too, so posting about it on an indexed internet site might not be a good idea long-term, either .

Sure, but you might also just want to search the internet for old MCSE exam questions (and answers). MCSE exams are pretty basic overall, so a good admin should be able to answer those sorts of questions for starters.

Those are good starts, but given this network admin "test" it should align with the business goals of the organization giving it as well. For example, knowing what tools would be used (there are lots, maybe naming one or more would be sufficient) to capture and analyze a network trace; or for another example if there are Cisco switches in the environment, knowing basic IOS commands would probably be a necessity for a network admin; another, knowledge of how to go about creating/updating/removing routing table entries on the OS(es) used in your environment would be another fairly useful question. Also, your post seems to indicate this person is more of a SYSTEMS administrator, not necessarily just a NETWORK administrator - if so, any Windows admin worth their salt at least knows a bit of vbscript or powershell, a *good* systems administrator knows how to read and write code in C/C++ or any number of .NET languages (again, this looks like a Windows environment admin job), and a *very good* administrator can also use a debugger to solve problems. If your candidates don't know at least how to create and run vbscripts or can not answer the basic questions/answers posed here, know you are going to end up with an "average" admin at best even at that point (and likely worse). Of course this is just my opinion, but having been an admin many times over at many different places in the past, this was the one common trait amongst the "tiers" of Windows sysadmins at every place I ever worked. Ultimately, it comes down to the fact that just about anyone can point and click or type a few commands at a terminal, and most people with a brain can do very basic troubleshooting and maintenance. However, an admin who can at least script shows some knowledge of automation, usually an indicator of administering multiple systems. An admin who can read/write code shows a deeper understanding of how programs work, with the OS, the network, etc., and an admin who can debug is someone who likely understands LOTS of things useful to being a good sysadmin, and likely knows enough about the OS and application stack (and how they do and do not work together) to be able to chew through lots of problems fairly quickly. An admin who's good with a debugger is hard to find, though if you do find one it would behoove you to keep him or her around. There are LOTS of questions you would expect someone wanting to be a sysadmin to know, but without knowing MORE about the environment it is a bit difficult to do much more than guess at generic types of questions.

The registry keys are a by-product of the trojan, they're not the cause. A quick Google search on "virtumonde removal" should get you started.

Can anyone tell me, does Firefox require IE ? Firefox requires winsock, that's it.

First, welcome to THE forums. Second, a few suggestions on your log (feel free to do what you wish with them): If you don't need to print to PDF from applications other than the Acrobat app, this one is safe to remove from startup: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe This is the MS Office alternative user input/language bar binary - unless you need to input text in ways other than a keyboard in MS Office, this one is safe to remove from startup: C:\WINDOWS\system32\ctfmon.exe Orphaned BHO entry for the CyberDefender security toolbar BHO - safe to remove: O2 - BHO: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - (no file) Installed by Dell on your machine, responsible for redirection of 404 error pages to a custom (usually Google) search page. Unless you need this, I'd suggest removing it: O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file) Unless you need the Cyberlink PowerDVD UPnP server running on the machine, this is safe to remove from startup: O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" This is the IntelliSonic systray applet for the IntelliSonic Speech Enhancement application. Again, unless you need this, this is safe to remove from startup: O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe I'd suggest disabling this and then checking whether or not Adobe Acrobat takes a long time to load on your machine - if not, this can be removed from startup: O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" If you don't need to print to PDF from applications other than the Acrobat app, this one is safe to remove from startup: O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" Sun Java update scheduler - if you're ok with a process running all the time who's only purpose is to check for updates to the Java runtime, this is safe to remove from startup: O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" According to Symantec and McAfee (and I'm sure the others, but I didn't bother to check further), these are malicious and belong to Trojan.Virtumonde: O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 They are downloader trojans, so removal is definitely a good idea (not sure why the McAfee antivirus installation on your machine isn't catching them - might want to look into that). Orphaned - safe to remove: O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? This is a Dell utility to check for a digital modem line - unless you're using the modem, this is safe to delete: O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe I'd suggest disabling this and then checking whether or not MS Office applications take a long time to load on your machine - if not, this can be removed from startup: O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Orphaned button on the IE toolbar - safe to remove: O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nBd8eOa39 (file missing) Again, I'd suggest disabling this and then checking whether or not Java applications take a long time to load on your machine - if not, this service can be disabled: O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe Given that this machine appears to be "unclean" and running at least one trojan that HJT found, it might be wise to see if McAfee on your system really is getting updated - and if so, why it isn't finding a running trojan. However, I'd get to work right away on cleaning this particular machine.

You will only get read/write access to an NFS share on a remote unix box with SFU when the User Name Mapping server component is installed, and the UID for the current user matches the UID of a user on the unix system. I've not tried SFU for the client, but I know on Windows server after installing SFU 3.5 these were required, or the behavior you see is expected.

The only valid links to downloading an ISO of Windows 7 Enterprise would be from Technet or MSDN for subscribers, or from your Volume Licensing software page (since you have an enterprise key, you do have a Microsoft volume licensing agreement... right?). Otherwise, links elsewhere would be links to a product that Microsoft does not provide the rights to redistribute, and that would violate rule 1.b here.

You can only set permissions on local accounts in a workgroup setting. The only way to emulate this is to make sure the user has the same user/pass on both machines. Otherwise, you need a domain.