Windows

Quickly Find Local Open Ports

sysop

Usually, if you want to see all the used and listening ports on your computer, you’d use the NETSTAT command.

Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).

Open Command Prompt and type:

C:'WINDOWS>netstat -an |find /i "listening"
TCP   0.0.0.0:135   0.0.0.0:0   LISTENING
TCP   0.0.0.0:445   0.0.0.0:0   LISTENING
TCP   0.0.0.0:1025   0.0.0.0:0   LISTENING
TCP   0.0.0.0:1084   0.0.0.0:0   LISTENING
TCP   0.0.0.0:2094   0.0.0.0:0   LISTENING
TCP   0.0.0.0:3389   0.0.0.0:0   LISTENING
TCP   0.0.0.0:5000   0.0.0.0:0   LISTENING

You can redirect it to a text file by adding >c:’openports.txt to the command, if you want to:

    netstat -an |find /i "listening" > c:'openports.txt

netstat -an |find /i “listening” > c:’openports.txt

You can also change “listening” to “established” to see what ports your computer actually communicates with:

    C:'WINDOWS>netstat -an |find /i "established"
    TCP   192.168.0.100:1084   192.168.0.200:1026   ESTABLISHED
    TCP   192.168.0.100:2094   192.168.0.200:1166   ESTABLISHED
    TCP   192.168.0.100:2305   209.211.250.3:80   ESTABLISHED
    TCP   192.168.0.100:2316   212.179.112.230:80   ESTABLISHED
    TCP   192.168.0.100:2340   209.211.250.3:110   ESTABLISHED

Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:

C:'WINDOWS>netstat -ao |find /i "listening"
TCP   pro1:epmap   pro1.dpetri.net:0   LISTENING   860
TCP   pro1:microsoft-ds   pro1.dpetri.net:0   LISTENING   4
TCP   pro1:1025   pro1.dpetri.net:0   LISTENING   908
TCP   pro1:1084   pro1.dpetri.net:0   LISTENING   596
TCP   pro1:2094   pro1.dpetri.net:0   LISTENING   596
TCP   pro1:3389   pro1.dpetri.net:0   LISTENING   908
TCP   pro1:5000   pro1.dpetri.net:0   LISTENING   1068

You can use PULIST from the W2K Resource Kit (Download Free Windows 2000 Resource Kit Tools) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don’t have any Internet Explorer or other browser windows open. You want to find out what process is using that session.

C:'WINDOWS>netstat -no

Active Connections

Proto Local Address Foreign Address State PID
TCP   192.168.0.100:2496   212.179.4.7:80   ESTABLISHED   1536

You can then use PULIST with the FIND command:

C:'WINDOWS>pulist |find /i "1536"

Process   PID   User
LUCOMS~1.EXE   1536   DPETRI'danielp

In this case, LUCOMS~1.EXE is run by DANIELP (myself) and as it happens, it’s the Symantec Live Update process.

You can also look in Task Manager for the respective PID.

  1. To set up Task Manager to show the PID column open Task Manager by using CTRL+SHIFT+ESC.
  2. Go to the Processes tab, click View and then Select Columns.

  1. In the Select Columns windows click to select PID and then click Ok.

  1. You can sort the PID column to display the PIDs in descending or ascending order.

 

Remote Shutdown – XP, Server 2003

sysop

From the command line, you can shut down or reboot any Windows Server 2003 computer (or even Windows XP or Vista machines) with the Shutdown.exe command. (Note: The exe file extension is optional for the Shutdown command.) Shutdown.exe contains a number of switches that allow you to specify different actions for the server when the Shutdown command executes. The Shutdown.exe switches are as follows:

/? Displays the Help listing
/i Displays the graphical user interface (GUI); it must be the first option
/l Logs off the current user; it cannot be used with the /d or /m options
/s Shuts down the computer
/r Shuts down and restarts the computer
/g Shuts down and restarts the computer and then restarts any registered applications
/a Aborts system Shutdown
/p Turns off the local computer with no timeout or warning
/h Hibernates the local machine
/e Documents the reason for shutting down the computer
/m Specifies the target computer; it is used with \\computername
/t xxx Where xxx is the number of seconds before Shutdown
/c “comment” Where “comment” is the reason for the Shutdown or restart
/f Forces running applications to close without warning users
/d [p|u:]xx:yy Provides the reason for the Shutdown action: p = planned; u= unplanned; xx supplies the major reason code; yy = supplies the minor reason code

When you enter a Shutdown with no arguments, the Help listing will display. The Help listing also includes the reason codes available for use with the /d switch. The reason codes are shown below:

Reasons on this computer:
E=Expected U=Unexpected P=Planned c=Customer Defined
Type Major Minor Title
U

0

0

 Other(Unplanned)
E

0

0

 Other(Unplanned)
EP

0

0

 Other(Planned)
U

0

5

 Other Failure: System Unresponsive
E

1

1

 Hardware: Maintenance(Unplanned)
EP

1

1

 Hardware: Maintenance(Planned)
E

1

2

 Hardware: Installation(Unplanned)
EP

1

2

 Hardware: Installation(Planned)
P

2

3

 Operating System: Upgrade (Planned)
E

2

4

 Operating System:
Reconfiguration (Unplanned)
EP

2

4

 Operating System:
Reconfiguration(Planned)
P

2

16

 Operating System:
Service Pack (Planned)
U

2

17

 Operating System:
Hotfix (Unplanned)
P

2

17

 Operating System:
Hotfix(Planned)
U

2

18

 Operating System:
Security Fix(Unplanned)
P

2

18

 Operating System:
Security Fix(Planned)
E

4

1

 Application: Maintenance(Unplanned)
EP

4

1

 Application: Maintenance(Planned)
EP

4

2

 Application: Installation(Planned)
E

4

5

 Application: Unresponsive
E

4

6

 Application: Unstable
U

5

15

 System Failure: Stop Error
E

5

19

 Security Issue
U

5

19

 Security Issue
EP

5

19

 Security Issue
E

5

20

 Loss of Network Connectivity
(Unplanned)
U

6

11

 Power Failure: Cord Unplugged
U

6

12

 Power Failure: Environment
P

7

0

 Legacy API Shutdown

You can use many of these switches in conjunction with one another when issuing the Shutdown command. A usage example for the Shutdown command follows:

Shutdown /r /c “Hanging Application or service” /t 30

This example would restart the local machine storing the comment provided with the /c switch. Windows would wait 30 seconds before initiating the restart. You might also create a batch file to use when it is necessary to restart a server in a remote location. The batch file might look like this:

Shutdown /m \\computername /r /c “Remote Restart” /t 45

By saving this command in a batch file, it can save you time if you routinely restart the same remote server.

Steps to move a DHCP database from a Windows Server 2003 or 2008 to another Windows Server 2008 machine

sysop

The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another.  The information below details the necessary steps.

Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008

To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:

1.   Log on to the source DHCP server by using an account that is a member of the local Administrators group.

2.   Click Start, click Run, type cmd in the Open box, and then click OK.

3.   Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.

Note: You must have local administrator permissions to export the data.

Configure the DHCP server service on the server that is running Windows Server 2008

1.   Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.

2.   In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.

Import the DHCP database

1.   Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.

2.   Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.

3.   Verify that the DHCP service is started on the Windows Server 2008-based computer.

4.   Click Start, click Run, type cmd in the Open box, and then click OK.

5.   At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.

Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:

Error initializing and reading the service configuration – Access Denied

Note You must have local administrator permissions to import the data.

6.   To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.

7.   If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.

Authorize the DHCP server

1.   Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.

Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.

2.   In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.

3.   Right-click the server object, and then click Authorize.

4.   After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.

 

IE is a pain

sysop

Have you ever been browsing the Internet using IE happily until all of a sudden you get this horrid “Internet Explorer has encountered a problem and needs to close”error message, after which IE completely shuts down and you lose all of your tabs along with any forms you might have been filling out? Now that I use Firefox religiously, this has not happened to be even once, but it happened all the time with Internet Explorer.

So for those poor souls still using IE 6 or 7, here’s a quick list of steps you can take to try and fix the underlying problem. The cause of this error can be any number of things, so you may have to try a few things before it actually fixes the problem. Your error may look something like this:

Error sign
AppName: iexplore.exe AppVer. 7.0.5730.11 ModName: unknown
ModVer: 0.0.0.0 Offset: 61eb77e0

internet explorer

So what the heck to do if you get this error? Try each one of these steps and see if the problem goes away:

  • Open IE, go to ToolsInternet Options, and clear out the temporary Internet files. Click Delete All and choose the option to delete all offline content also. In case you downloaded some executable file that is causing the problem, this will remove it.
  • Run anti-spyware and anti-virus software on the computer. Download Adware andSpybot and run each to remove any malware. Also, download CCleaner andHiJackThis and run both applications. Remove unwanted entries that you see when you run HiJackThis (you’ll have to read the docs to know what to remove).
  • Go to StartRun and then type in MSCONFIG. Click on the Startup tab and uncheck all items and then re-start the computer. This disables all startup programs from running. If you still get the error, go ahead and turn them back on the same way.
  • Disable Smarts Tags in Internet Explorer by going to ToolsInternet Options,Advanced tab, and then clearing the Enable Smart Tags check box.
  • Install the latest updates from Microsoft Update web site. If you started receiving this error AFTER installing the latest updates, you will have to perform a System Restore to the point before you installed the updates. You can access the System Restore feature by going to StartAll ProgramsAccessories, and then System Tools.
  • Use System File Checker to scan for changes or modifications to Windows protected files. If any files were overwritten or deleted, etc, SFC will automatically retrieve the correct version of the file and replace it. You can run SFC by going to Start, and then Run, typing in CMD and then typing sfc /scannow in the command window.
  • Re-register Internet Explorer DLL files. Click on Start, then Run, type in CMD and then type the following lines and press Enter after each one:

    • regsvr32 softpub.dll
    regsvr32 wintrust.dll
    regsvr32 initpki.dll
    regsvr32 dssenh.dll
    regsvr32 rsaenh.dll
    regsvr32 gpkcsp.dll
    regsvr32 sccbase.dll
    regsvr32 slbcsp.dll
    regsvr32 cryptdlg.dll

  • Disable all third party addons to Internet Explorer by going to StartControl Panel,Internet OptionsAdvanced tab and then un-checking the “Enable third party browser extensions” check box. You will have to scroll down a couple of lines.