Misc stuff

Win7 Library Tool

September 15th, 2010

Download

Posted in Microsoft Server 2008, Microsoft Windows 7 | No Comments »

SPLiteH2240

August 30th, 2010

SPLiteH2240

Tags: SPLiteH2240
Posted in Diverse | No Comments »

HUGE system volume Information

August 7th, 2010

vssadmin resize shadowstorage /for=x: /on=x: /maxsize=500MB

Tags: svi, vssadmin
Posted in Microsoft Server 2008 | No Comments »

Large numbers of .tmp files are being created in the xfer_tmp or 7.5/xfer folder

August 3rd, 2010

Large numbers of .tmp files are being created in the xfer_tmp or 7.5/xfer folder and are being detected as threats.

Question/Issue:
After Symantec Endpoint Protection detects an infection, the xfer_tmp folder generates a large number of temporary (.tmp) files. How can I get this to stop?

After Symantec AntiVirus detects an infection, the 7.5\xfer and/or 7.5\xfer_temp folders starts generating numerous temporary (.tmp) files. How can I get this to stop?

After a migration from Symantec AntiVirus to Symantec Endpoint Protection the xfer_tmp folder starts generating a large number of .tmp files. How can I get this to stop?

Symptoms:
Large numbers of temporary (.tmp) files are generated in any of the following locations:

Symantec Endpoint Protection

- - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp
  - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer
- - C:\Program Data\Symantec\Symantec Endpoint Protection\xfer_tmp

Windows 2000/XP/2003
Windows Vista/7/2008

Symantec AntiVirus

NOTE:

- - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer
  - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp
- - C:\Program Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer
  - C:\Program Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp

Windows 2000/XP/2003
Windows Vista/7/2008

Solution:

To take advantage of code improvements which make such detections much less likely, please ensure that the latest release of SEP 11 or SAV is installed on the client .
If such detections continue after deleting old .tmp files and updating to SAV_CE 10.1 MR9 or SEP 11 RU6a, see the following:

Stop the Symantec service

- Click Start, then Run
- Type: smc -stop
- Click OK
- Click Start, then Run
- Type: services.msc
- Click OK
- Right-click and Stop the Symantec AntiVirus or Symantec Endpoint Protection service

Symantec Endpoint Protection
Symantec AntiVirus

Deleting the files

NOTE:

Open the Command Prompt

1. Type the following command in Command Prompt. (The following string will vary depending on the user name.) Replace “<NAMEOFUSER>” with the username of the desired Windows user you wish to empty the temp folder for:
  - - Windows 2000/XP/2003
      DEL /F /Q “C:\Documents and Settings\<NAMEOFUSER>\Local Settings\Temp”
    - Windows Vista/7/2008
      DEL /F /Q “C:\Users\<NAMEOFUSER>\AppData\Local\Temp”
2. Deleting the contents of the temp folder at the root of C:\
  - - Type the following command in Command Prompt:DEL /F /Q C:\temp
3. Deleting the contents of the Windows Temp folder
  - - Type the following command in Command Prompt:DEL /F /Q C:\WINDOWS\Temp
4. Deleting the contents of the xfer and/or xfer_temp directories
  - - Type the following command in Command Prompt:
      - Windows 2000/XP/2003
        DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp\”DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\”
        
        Windows Vista/7/2008
        DEL /F /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer_tmp\”DEL /F /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer\”
    - Type the following commands in command prompt:
      - Windows 2000/XP/2003
        DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer”DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp”DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp”
        
        DEL /F /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer”
        
        Windows Vista/7/2008
        DEL /F /Q “C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer”DEL /F /Q “C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp”DEL /F /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer_tmp”
        
        DEL /F /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\xfer”
- Click Start, then Run
- Type: cmd
- Click OK

Deleting files from User Temp folder

The Quarantine Folder

- - - Type the following commands in the Command Prompt:
      - Windows 2000/XP/2003
        DEL /F /S /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine”RD /S /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine”
        
        Windows Vista/7/2008
        DEL /F /S /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine”RD /S /Q “C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine”
  - - Type the following commands in Command Prompt:
      - Windows 2000/XP/2003
        DEL /F /S /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”RD /S /Q “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”
        
        Windows Vista/7/2008
        EL /F /S /Q “C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”RD /S /Q “C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”
- - - Type the following command in Command Prompt:
      - Windows 2000/XP/2003
        MD “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine”
        
        Windows Vista/7/2008
        MD “C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine”
  - - Type the following command in Command Prompt:
      - Windows 2000/XP/2003
        MD “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”
        
        Windows Vista/7/2008
        MD “C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine”

NOTE: The following instructions are to be done from the Command Prompt as attempting to open the Quarantine folder in the Windows user interface may result in delays and Windows Explorer application hangs due to the large amount of files that can reside there.

Delete the Quarantine Folder
Recreate the Quarantine Folder

Start the Symantec service

- Click Start, then Run
- Type: smc -start
- Click OK
- Click Start, then Run
- Type: services.msc
- Click OK
- Right-click and Start the Symantec AntiVirus or Symantec Endpoint Protection service

Tags: Symantec, xfer_tmp
Posted in Symantec | No Comments »

SPF not moving to Junk Mail Folder

July 5th, 2010

Pick a user that fails to end up in Junk. Go in his Outlook and make sure his own address is not added to trusted senders or to his own contacts and that the checkbox trust emails from my contacts is selected.
It could be that ME moves them to Junk but when you open Outlook it sees them in trusted lists and moves the emails to Inbox.

Tags: Junk Mail Folder, spf
Posted in GFI | No Comments »

an error caused a change in the current set of domain controllers

June 29th, 2010

Open Exchange Management Console -> Right Click Organization Configuration -> Click Modify Configuration Domain Controller -> Check Use Default Domain Controller

Posted in Exchange 2010 | No Comments »

User Profile Wizard 3.0 for Windows 2000/XP/Vista/Windows 7

June 25th, 2010

Profwiz3

Link

Tags: profil
Posted in Microsoft Vista, Microsoft Windows 2000, Microsoft Windows 7, Microsoft Windows XP | No Comments »

Q: Why do I see DNS Failure on the iSCSI network name cluster resource?

June 13th, 2010

A: The default network properties will force the Network Name resource to attempt to register itself with a DNS Server. This may result in slower than expected iSCSI resource group movement between Windows Storage Server 2008 cluster nodes. The recommendation is to remove the DNS registration requirements by adjusting the appropriate network properties.

1. Open the Network Sharing Center on one of the Windows Storage Server 2008 systems.

2. Select Manage network connections.

3. Select Properties for the iSCSI Network.

4. Select Properties for Internet Protocol Version 4 (TCP/IPv4).

5. Select the Advanced tab.

6. Select the DNS tab.

7. Deselect the Register this connection’s addresses in DNS.

8. Close the Properties for the iSCSI Network.

9. If there are any additional iSCSI networks, repeat Step 3 to 8 for each one.

Link

Tags: DNS Failure, ISCSI
Posted in ISCSI, Microsoft Server 2008 | No Comments »

Should I disable NetBIOS over TCP/IP on my Windows Server 2008 R2 Cluster Shared Volume (CSV) cluster networks?

June 13th, 2010

Yes. To improve performance, it’s recommended that you disable NetBIOS over TCP/IP on your cluster network NIC and other dedicated-purpose NICs, such as for iSCSI and Live Migration. NetBIOS isn’t used in Server 2008 R2 clusters.

To disable NetBIOS over TCP/IP, access the IPv4 properties of your network adapter. To do this, open the Network and Sharing Center, select Change Adapter Settings, right-click the network connection, and select Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click the Advanced button in the displayed dialog.

Select the WINS tab and select the Disable NetBIOS over TCP/IP. Perform this on all network connections that aren’t general purpose management/connectivity NICs, and perform it on all nodes in the cluster.

Additionally, make sure you enable jumbo packets on all network adapters, if you haven’t done so already.

Make sure you don’t disable Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks on the NIC used for CSV—they’re requirements. You could disable these for networks used for iSCSI and other dedicated purposes.

Link

Tags: cluster networks, csv, NetBIOS over TCP/IP
Posted in ISCSI, Microsoft Server 2008 | No Comments »

Roaming user profile issues on Server 2008

April 28th, 2010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Tags: profil
Posted in Microsoft Server 2008, Microsoft Terminal | No Comments »

Large numbers of .tmp files are being created in the xfer_tmp or 7.5/xfer folder and are being detected as threats.

Categories

Tags