Category Archives: MS Windows
Notes about various technical issues of supporting and administering Windows Servers.
Windows search path
The search path for DLL’s before Windows XP SP1 and Windows Server 2003 was:
- search in directory of executable
- search in working directory
- search in Windows system directory (SYSTEM32 as well as SYSTEM!)
- search in Windows directory
- search in path defined by variable %PATH%
Search sequence changed in windows XP SP1 and Windows 2003, a quote from article by Michael Howard, “Development Impacts of Security Changes in Windows Server 2003”:
QUOTE:
DLL Search Order Has Changed
No longer is the current directory searched first when loading DLLs! This change was also made in Windows XP SP1. The default behavior now is to look in all the system locations first, then the current directory, and finally any user-defined paths. This will have an impact on your code if you install a DLL in the application's directory because Windows Server 2003 no longer loads the 'local' DLL if a DLL of the same name is in the system directory. A common example is if an application won't run with a specific version of a DLL, an older version is installed that does work in the application directory. This scenario will fail in Windows Server 2003.
The reason this change was made was to mitigate some kinds of trojaning attacks. An attacker may be able to sneak a bad DLL into your application directory or a directory that has files associated with your application. The DLL search order change removes this attack vector.
The SetDllDirectory function, also available in Windows XP SP1, modifies the search path used to locate DLLs for the application and affects all subsequent calls to the LoadLibrary and LoadLibraryEx functions by the application.
This fact can have a major consequence when troubleshooting applications that depends on common libraries (such as msvcr*.dll). If safe search order is turned ON, the search sequence is: 1, 3, 4, 2, 5 from the list above.
My first thought (of course;-) was: how to disable safe search order feature?
According to article Dynamic-Link Library Search Order, all you need to do is, to add a registry value:
HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode and set it to 0.
Using RUNAS to launch Explorer as less-privileged user
As you probably know, runas.exe is a great tool for lowering the privileges under which some “unsafe” programs can run. One such example might be Firefox (or God forbid, Internet Explorer) or your favorite e-mail client, or perhaps Explorer itself. Well, explorer.exe is special in this case, because out of the box it doesn’t run with runas. I really never cared to find out why. Tonight was the night :-)
I entered the following magic keywords in Google search box: “Why can’t you run Explorer with runas” and few seconds later clicked on the very first hit Runas with Explorer that explains the topic quite well.
I prefer second suggested solution. Let’s say, that you have a special local user with minimal privileges, called Internet and that you would want to use that account for every (potentially) unsafe operation, including launching Explorer that’ll be used to run other programs and files.
You’ll have to change SeparateProcess flag for Explorer for the Internet user:
1) Log on locally as Internet user and open the registry editor – regedt32
Better yet, use runas:
cmd> runas /user:hostname\Internet regedt32
…where hostname is the name of your workstation.
2) Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced and change SeparateProcess from 0 to 1.
3) Now, you can create shortcut on your desktop to launch Explorer as Internet user:
Target: runas /user:hostname\Internet explorer.exe
Regards,
Ales
Critical bug in ArcServe Agent 9.0
If you still have ArcServe 9.0 (confirmed on Build 2050) Agents around the server farm, be very careful if you backup mounted volumes on Windows 2000/2003. This is usually the case on database servers to avoid the letters for the individual volumes.
Let’s say that you have the following mount points:
D:\ORADATA\ORADB\DATA01 —> pointing to VOLUME1
D:\ORADARA\ORADB\DATA02 —> pointing to VOLUME2
You prepare backup in ArcServe as usual, connecting to the Agent, selecting above directories, running the backup and everything seems kosher….until you try to do a restore. At that point you can find out that mount point D:\ORADATA\ORDB\DATA02 contains the files from some random volume. Yes, it means that backup is useless. No error, everything is working fine, it’s just that ArcServe Agent 9 gets somehow wrong information about the volume. For example out of 10 mounted volumes, nine of them will be backed up correctly and one will have unreasonable content – from another volume. One workaround is to add a drive letter with Disk Manager to the problematic mount point, then backup the drive by letter not by mount point.
I couldn’t find any official CA bug note, all I know is that this doesn’t happen with ArcServe 11.5 (SP3) agent.
The moral of this story is to test your restore procedures as much (or more) as you do the backup itself.
Regards,
Ales
Windows 2003 Standard Edition and /3GB switch
I was spending my day installing 32-bit Windows 2003 Standard Edition on one of our home build server with 4GB of RAM. Even thought the server could run x64 version of the operating system, I decided to install 32-bit Windows 2003 Standard Edition (the reason is out of the scope of today topic).
I know, that in the Windows 2000 time frame, only Advanced Server and Datacenter Server could really support 3GB user virtual memory space. Even thought, you could turn on /3GB switch on Windows 2000 Server and/or Windows 2000 Professional, the user virtual memory space is still limited to 2GB. Microsoft allowed this to help device driver developers – they could write and test the code without the need for Advanced Server.
The question that I asked myself was simple – is it possible to turn on /3GB switch on Windows 2003 Standard Edition? The answer is yes, but…According to Microsoft KB article “291988 A description of the 4 GB RAM Tuning feature and the Physical Address Extension switch” the /3GB switch in Windows 2003 Standard Edition is supported in production only for servers running Active Directory (DC). In all other cases, /3GB switch on W2K3 Standard Edition is not really supported by Microsoft; if application vendor is willing to take the risk – fine, otherwise you’re on your own.
I decided not use use /3GB switch – I’m not willing to take a chance, besides, the system will serve batch processing with little impact on system memory (up to 500MB) and the rest (up to 2GB) will be more than enough to run non-production Oracle XE instance.
On the bright side, I found some really good material on /3GB switch, searching the forum.sysinternals.com, I found excellent articles posted by Raymond Chen, a long time Microsoft employee and the author of the book “The Old New Thing: Practical Development Throughout the Evolution of Windows”.
Since /3GB switch (Virtual Memory in general) is so often miss understood, I’m sure you’ll enjoy reading short articles published by Raymond Chen on his blog:
http://blogs.msdn.com/oldnewthing/archive/2004/08/22/218527.aspx
ArcServe – how to reset forgotten caroot password
Another “lost” sticky note that I needed today :)
1) stop the ArcServe services with cstop utility:
cd C:\Program Files\CA\BrightStor ARCserve Backup
cmd> cstop
2) Find and rename directory with the SERVER NAME under directory named Discovery:
Rename directory:
?:\Program Files\CA\BrightStor ARCserve Backup\Data\discovery\SERVERNAME
to something like:
?:\Program Files\CA\BrightStor ARCserve Backup\Data\discovery\SERVERNAME.BAK
3) Start ArcServe services with cstart
4) Change caroot password:
cmd> authsetup /p newpwdforcaroot
That's it. From now on use the new password to authenticate as caroot.
dbaportal.eu 