Category Archives: Windows knowhow

Howto do some things in Windows

Security, Windows knowhow

Windows: Read Bitlocker encrypted drive in Windows PE

Leave a comment

Hi,

in WinPE it is possible to read bitlocker encrypted drives.

Check state
manage-bde -status c:

If the drive is only protected by a password use
manage-bde -unlock c: -pw
Continue reading Windows: Read Bitlocker encrypted drive in Windows PE

Security, Windows knowhow

Windows: Recover lost passwords from memory

2 Comments

Hi,

if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.

Two tools are needed:

  • Microsoft’s sysinternals procdump
  • mimikatz. A tool to play with windows security. Take care when download precompiled binaries. Better get the source code from github and compile it yourself.  Its very easy

Lets start. Login as a User with administrator permissions and dump the lsass process
Continue reading Windows: Recover lost passwords from memory

Windows knowhow

Windows: Extract all files from a msi file

Leave a comment

Hi,

first post in 2015 🙂

msiexec offers the ability to extract all files included in an msi file to a specified folder by alter the TARGETDIR proberty of the msi package.

Syntax is
msiexec /a msifile.msi /qb TARGETDIR=D:\target
Continue reading Windows: Extract all files from a msi file

Windows knowhow

Windows: How to enable IP routing

2 Comments

Hi,

its not recommended, but Windows can act as a IP Router.

To enable routing set

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter to 1:

c:\>reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v IPEnableRouter /D 1 /f

change the startup type of the service “Routing and Remote Access” to auto

sc config RemoteAccess start= auto

and start the service

sc start RemoteAccess

Thats it

Michael

Windows knowhow

Windows: Only register primary IP Address in DNS

Leave a comment

Hi,

if you want to change the IP Address (new Address is in the same subnet) a of Windows Server by a minimal downtime for the users?

In pure Active Directory domains this is not a problem because the server itself updates its A Record at the DNS server and the Active Directory replicates the entry immediately.
In large environments with a heterogeneous DNS structure the TTL of the DNS entry respectively of the DNS zone becomes very important, because the entry is cached for this time by the requesting server, so the time when the new DNS A record reaches  each DNS Server can take some time.
Continue reading Windows: Only register primary IP Address in DNS