zeshan.com

It’s about 2PM on a Saturday afternoon and you’re enjoying the weekend when out of the blue your phone rings and you see it’s a friend calling you who hasn’t talked to you for sometime. You think that it will be a nostalgic conversation, instead what greets you is a panicked voice saying that their computer is infected with a virus and they want you to come and help them.

One of the things that all IT Professionals advise when facing a serious malware infection is to disconnect the system and do an off-line virus scan. However, with so many different tools out there, it’s difficult to decide which is the best.  If you have been using MDOP, you may be aware of the Microsoft Standalone System Sweeper. A beta version of this tool is available publicly on the Microsoft Connect website.

The first step of using this tool is to download the appropriate version (either x86 or x64) from the Connect Website: http://connect.microsoft.com/systemsweeper

This tool then allows you to create the media required to troubleshoot the system. It can be either a USB flash stick, CD/DVD or even an ISO file.

When creating the media, the tool downloads the latest definitions from the Microsoft website.  The resulting file size for an ISO is no more than 250MB.

Once you have the MSSS media, you boot using it and it runs a scan to detect for malware using the Windows Defender Interface.

A full scan can take over 1 hour and it is best to have something else to do during this scanning phase. Once the scan is over you can simply remove it using the interface.

Simple but effective!

I recently delivered a remote training event to fellow online facilitators on the Microsoft Diagnostics and Recovery Toolset (DaRT).

Here are the slides from the session:
 

So I’m experimenting with VMware Player – a departure from the usual Microsoft flavours of Virtualization (only because Windows Virtual PC cannot handle x64 Operating Systems)- and I encountered two issues.

I set up a Windows Server 2008 R2 Domain; installed AD DS, AD CS, DNS, DHCP, RRAS and WDS. With that done, I attempted to create a new Windows 7 VM by using WDS to deploy the OS image. Unfortunately, I ran into a problem, an error message stating: WdsClient: There was a problem initializing wds mode

So, I checked all my server settings. Everything seemed fine so suspecting a DNS issues (it’s always a DNS issue) I ran NSLOOKUP from the DNS snap-in. It didn’t seem promising with the unknown server message. So I created a AAAA record for the server’s IPv6 address.

I re-ran the WDS deployment and it worked! Problem 1 solved!

The second problem that I encountered was joining the installed Windows 7 Enterprise client to the domain. It successfully obtained an IPv4 address but it could not seem to find the domain. So…it’s got to be a DNS issue (it’s always a DNS issue). However, this time it dawned on me that the Scope Option for the DHCP server was not telling my client the IP address of my test DNS server. Click-Click! Problem 2 solved!

But…had I fixed the DNS scope option problem first, I would not have got the first error message. Doh!

Live and learn etc. After all, it’s all about the DNS!