Wednesday, July 30, 2008

Microsoft Windows: Dump Load #1

CC Photo Credit: by Choctopus on Flickr

MSDump

For better or for worse, Microsoft’s Windows systems just seem to have a wealth of details about them that most people can blissfully avoid to no loss.

However, for a few geeks and OCD tech-addicts, it can create a world of entertainment and work.

For example take the following Windows-related links I have been collecting and sitting on for the past three to four weeks.

Surely someone might find some of them as fascinating as me:

Security Briefs

Microsoft’s TechNet Magazine always has at least two or three great articles or tidbits for consumption.

For example:

Both posts provide great insight into password and web security such as great security advice that most all users will ignore (use a different and “complex” password for each site). don’t write them down, “bad” security login designs, that image-based site validation schemes don’t really help make a site more “secure” for users, multi-factor login weaknesses, and how just because a site “looks” secure in its security presentation, it isn’t necessarily the case.

Good stuff and not too difficult to follow.

Then there is the technically useful:

Security: New Elevation PowerToys for Windows Vista – This post has some links to helpful tools to simplify the “Run As Administrator” action for Vista. A number of popular scripting tools are mentioned, along with code to work with them.  In addition, the author Michael Murgolo provides a new “Run as Another User” Power Toy.

What?  Stay with me!  It’s clever!

Suppose you (like me) normally run your Vista system under a “administrator” rights profile (not the “Administrator” account.  While that affords you more power, it still offers some protection as some actions still require use of “Run as Administrator” to operate correctly or UAC will knuckle it down.

This “Run as Another User” tool lets you execute a program, while running as an “administrator” but with the reduced rights of another user profile configured on your Vista system. Say you have to use the “administrator” profile to do some network monitoring, but you want to hop on the web why a network logging process runs.  So you also have a “regular” account on Vista.  Fire up your web-browser but use the “Run as Another User” to launch it under the limited-rights account.

Neat!

Not only that, Michael provides some additional hacks to add some more Power Toys to the shell that allow you to do “open-here” PowerShell prompts as “Administrator” and “System” account users, as well as similar command prompts for “Administrator” and “System.”  Finally there is a Vista Sidebar Widget that can accept drag-n-drop execution rights elevations.

(Almost) All code download is available via a link at the very top of the post in the “At a Glance” section.  Look for the Elevation2008_06.exe link.

Related:

Moving on we also find the following bits:

  • Security: Managing the Windows Vista Firewall – which covers Vista firewall rules, profiles and kicks up a considerable amount of sand with mention of “out-bound” filtering that Microsoft’s firewalls are often disparaged for a lack of attention to by default.

Finally, want to make your head spin?

Desktop Dirt from Wes

If security wasn’t enough, how about these?

The Desktop Files: Network-Booting Windows – While touching primarily on Windows Deployment Services (WDS), the article by Wes Miller does go into great detail on the Windows PXE environment which is of interest to me with my fascination in Windows PE 2.0 usage.

The Desktop Files: Dual Booting with Windows XP and Windows PE 2.0 - Yep!  Even more good stuff on PE 2.0.

The Desktop Files: Shared Computing with Windows SteadyState – I’ve mentioned Windows SteadyState before and am looking to deploying it at our training and “guest-user” locations. Wes has some great details in that post.

Digging Even Deeper…

I’m not sure what got me on this track, but somehow I recently got on a web-researching expedition on the Microsoft Kernrate Viewer.

Oh yeah!  I was watching Mark Russinovich put it through the paces in this The Case of the Unexplained…Live! webcast.  Go watch it.  Great on dealing with and approaching suspicious (malicious) processes on a Windows system.

Again, I’ve mentioned in passing here before on my blog but only recently in that video presentation did I get a better grasp on how it could be helpful.

Kernrate is a general-purpose profiling tool for tracking CPU utilization by kernel-mode and user-mode processes.

Its a deep-level tool that can be used to log and capture what is going on with your processor as it is working.  Good to look deeper into running processes when Process Explorer isn’t enough.

See also:

While we are at it, let’s not pass up mention of the Microsoft Windows Performance Tools Kit, v.4.1.1 (QFE)

The Windows Performance Tools (WPT) Kit contains performance analysis tools that are new to the Windows SDK for Windows Server 2008 and .NET Framework 3.5. The WPT Kit is useful to a broad audience, including system builders, hardware manufacturers, driver developers, and general application developers. These tools are designed for measuring and analyzing system and application performance on Windows Vista, Windows Server 2008, and later.

The tools currently include an xperf trace capture tool, an xperfview visualization tool (also known as Performance Analyzer), and an xbootmgr boot trace capture tool. The tools are designed for the analysis of a wide range of performance problems including application start times, boot issues, deferred procedure calls and interrupt activity (DPCs and ISRs), system responsiveness issues, application resource usage, and interrupt storms. The MSIs containing these tools are available in the SDK bin directory (one per architecture).

The tools are built on top of the Event Tracing for Windows (ETW) infrastructure. ETW enables Windows and applications to efficiently generate events. Events can be enabled and disabled at any time without requiring system or process restarts. ETW collects requested kernel events and saves them to one or more files that are referred to as "trace files" or "traces."

Tip: The MSI installer downloads (x86, x84, and Itanium versions) are on the right hand side in a little gray box.

More details on usage can be found under the following Microsoft Developer Network Page: Windows Performance Toolkit (WPT)

Located in that package is the On/Off Transition Performance Analyzer which helpfully can be configured to “…collect information during the on/off transition phases of Windows Vista. Data can be captured during boot, shutdown, standby and resume, and hibernate and resume.”

Neato!  Download the great white-paper from that website link to get the skinny on how to use it in your troubleshooting arsenal of techniques.

PC Tools Troubleshooting Gems

Since we are on a troubleshooting side-trip…

Enable Manual Crash Feature at Registry Guide for Windows – PC Tools tip.  This brief article shows how to enable a registry key change that allows you to enable the ability to manually crash your system and generate a blue-screen memory-dump file using a keyboard combo.  For Windows 2000.

PC Tools has even more tips on Windows crash troubleshooting for XP systems

Windows : Troubleshooting : Crash Control – PC Tools.

--Claus

No comments: