run services in safe mode

Open registers (regedit)

the special keys are HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal for Safe mode and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network for Safe mode with networking.

All you have to do is to create a subkey named as the service you want to start and to change default value to „Service” (without quotes).

example:
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Apache” /VE /T REG_SZ /F /D “Service”

Windows Program Automatic Startup Locations

Many programs that you install are automatically run when you start your computer and load Windows. For the majority of cases, this type of behavior is fine. Unfortunately, there are programs that are not legitimate, such as spyware, hijackers, trojans, worms, viruses, that load is this manner as well. It is therefore important that you check regularly your startup registry keys regularly. Windows does offer a program that will list programs that are automatically started from SOME of these locations. This program, Msconfig.exe, unfortunately, though, only lists programs from a limited amount of startup keys.

Below are the various list of registry keys that can start a program when Windows boots. I have tried to keep the keys in the exact order that they load. Keep in mind, that some of the keys are set to load at the same time, so it is possible that the order will change on each boot up. These keys generally apply to Windows 95, 98, ME, NT, XP, and 2000, and I will note when it is otherwise.

Upon turning on the computer the keys start in this order as Windows loads:

RunServicesOnce – This key is designed to start services when a computer boots up. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\…\RunOnce registry can start loading its programs.

Registry Keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

RunServices – This key is designed to start services as well. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\…\RunOnce registry can start loading its programs.Registry Keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

Logon Prompt is placed on Screen. After a user logs in the rest of the keys continue.

RunOnce Local Machine Key – These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. All entries in this key are started synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE\…\Run, HKEY_CURRENT_USER\…\Run, HKEY_CURRENT_USER\…\RunOnce, and Startup Folders can be loaded. The RunOnce keys are ignored under Windows 2000 and Windows XP in Safe Mode. The RunOnce keys are not supported by Windows NT 3.51.Registry Keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Run – These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe mode. If you prefix the value of these keys with an asterisk, *, is will run in Safe Mode.Registry Keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key

All Users Startup Folder – For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup
Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup

User Profile Startup Folder – This folder will be executed for the particular user who logs in. This folder is usually found in:Win 9X, ME c:\windows\start menu\programs\startup
Windows XP C:\Documents and Settings\LoginName\Start Menu\Programs\Startup

RunOnce Current User Key – These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not use, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. The RunOnce keys are ignored under Windows 2000 and Windows XP in Safe Mode. The RunOnce keys are not supported by Windows NT 3.51.Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Explorer Run – These keys is generally used to load programs as part of a policy set in place on the computer or user.Registry Keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

UserInit Key – This key specifies what program should be launched right after a user logs into Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will launch from this key by separating the programs with a comma. For example:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit =C:\windows\system32\userinit.exe,c:\windows\badprogram.exe.

This will make both programs launch when you log in and is a common place for trojans, hijackers, and spyware to launch from.Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Load Key – This key is not commonly used anymore, but can be used to auto start programs.Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

Notify – This key is used to add a program that will run when a particular event occurs. Events include logon, logoff, startup, shutdown, startscreensaver, and stopscreensaver. When Winlogon.exe generates an event such as the ones listed, Windows will look in the Notify registry key for a DLL that will handle this event. Malware has been known to use this method to load itself when a user logs on to their computer. Loading in such a way allows the malware program to load in such a way that it is not easy to stop.Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

AppInit_DLLs – This value corresponds to files being loaded through the AppInit_DLLs Registry value.

The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded. As most Windows executables use the user32.dll, that means that any DLL that is listed in the AppInit_DLLs registry key will be loaded also. This makes it very difficult to remove the DLL as it will be loaded within multiple processes, some of which can not be stopped without causing system instability. The user32.dll file is also used by processes that are automatically started by the system when you log on. This means that the files loaded in the AppInit_DLLs value will be loaded very early in the Windows startup routine allowing the DLL to hide itself or protect itself before we have access to the system.Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

ShellServiceObjectDelayLoad – This Registry contains values in a similar way as the Run key does. The difference is that instead of pointing to the file itself, it points to the CLSID’s InProcServer, which contains the information about the particular DLL file that is being used.

The files under this key are loaded automatically by Explorer.exe when your computer starts. Because Explorer.exe is the shell for your computer, it will always start, thus always loading the files under this key. These files are therefore loaded early in the startup process before any human intervention occurs.Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

SharedTaskScheduler – This section corresponds to files being loaded through the SharedTaskScheduler registry value for XP, NT, 2000 machines..

The entries in this registry run automatically when you start windows. Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

The following are files that programs can autostart from on bootup:

1. c:\autoexec.bat
2. c:\config.sys
3 . windir\wininit.ini – Usually used by setup programs to have a file run once and then get deleted.
4. windir\winstart.bat
5. windir\win.ini – [windows] „load”
6. windir\win.ini – [windows] „run”
7. windir\system.ini – [boot] „shell”
8 . windir\system.ini – [boot] „scrnsave.exe”
9. windir\dosstart.bat – Used in Win95 or 98 when you select the „Restart in MS-DOS mode” in the shutdown menu.
10. windir\system\autoexec.nt
11. windir\system\config.nt

Though it is good to know these details, if you just need a program to quickly scan these keys and produce a list for you, you can use Sysinternals Autoruns program. While you are at that site, you should browse some of the other excellent utilities.

Autorun a program in safe mode

Place a value in the following key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once. The value name must be preceeded by an * to run in safe mode. For example a value name of *safeprog with data of C:\Runthis.exe.

Un urs si un iepure se afla în arestul politiei.
Cum stateau ei pe gînduri, în celula e bagata si o camila.
Iepurasul se uita lung la ea, se scarpina între urechi si zice catre urs:
– Batrîne, am încurcat-o, astia au mîna grea!…
Uite-n ce hal l-au adus pe calu’ asta!

reset windows 2008 domain administrator password

Booteaza serverul in Directory Restore Mode (f8)
Logheaza-te cu user administrator sau echivalent.

Dezarhivati arhiva srvany undeva pe computer, preferabil pe discul C, dar nu in windows. (D:\temp)
copiaza in acelasi loc si cmd.exe din \windows\system32

Instalam un serviciu nou numit passrecovery
instsrv PassRecovery „d:\temp\srvany.exe”

in registrii (regedit), navigheaza la cheia HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery
Creezi o noua subcheie numita Parameters
Aici creezi doua siruri: name: Application , type: REG_SZ (string), value: d:\temp\cmd.exe

si

name: AppParameters , type: REG_SZ (string) , value: /k net user administrator 123456 /domain Ai grija, 123456 este parola si trebuie sa fie una strong, in functie de politicile de securitate ale serverului. pentru inceput, o parola care satisface cerintele implicite de securitate este P@ssw0rd1!

Deschide appletul servicii (services.msc sau Control Panel\Administrative Tools\Services)
cauta serviciul passrecovery. pune-l pe automatic si interact with desktop.

Restarteaza serverul normal.
Intra cu user administrator si parola definita mai sus.
Nu uita sa dezactivezi sau sa stergi serviciul passrecovery

ta daa

Windows Server : Too Many users Logged In

When you’ve got too many users logged in via Remote Desktop (2, if the server is configured for remote administration mode) you have one additional option.
You can use Remote Desktop’s ‘/console’ switch to remote into the actual console session.
Open a command prompt and cd to %SystemRoot%\system32
Type mstsc.exe /console and press enter to launch
Login!

Satul era amenintat de viitura. Toata lumea alerga disperata sa-si salveze bunurile si pe ei insisi din calea prapadului, numai Ion, mai credincios din fire, nu se agita deloc. Vecinii lui il intreaba:
– Ce faci, Ioane? Nu vezi ca vin apele peste noi?!? Fugi, salveaza-te!
– Nici nu ma gandesc! Eu stau aici cuminte, ca ma salveaza Dumnezeu…
Zis si facut. Vin suvoaiele peste sat. Ion, se urca pe acoperisul casei si sta si asteapta. Un grup de oameni trece pe langa casa lui intr-o barca de salvare.
– Ce faci, Ioane, acolo sus? Sari in barca, ca ai sa te ineci!
– Nu, raman aici! Dumnezeu e mare si puternic si ma va salva!
– Treaba ta!
Mai sta ce mai sta, trece si cea de-a doua barca pe langa el.
– Hai, Ioane, sari in barca si salveaza-te!
– Nu, nu! Dumnezeu e mare si ma va salva!
– Ma, Ioane, esti nebun, hai odata, ca te ia apa!
– Nu!
Pleaca si a doua barca. La cea de a treia barca, povestea se repeta. Apoi, Ion moare inecat si ajunge in Rai. Ajuns la portile Raiului, furios nevoie mare, bate cu putere si cere sa fie lasat sa vorbeasca cu Dumnezeu.
– Pai bine, Doamne! Eu ma rog atata la tine… iti dau toata increderea mea si tu ma lasi sa mor?!?
– Cum ziceai ca te cheama? intreaba Dumnezeu.
– Ion.
Cauta Dumnezeu in registrul lui si gaseste numele lui Ion.
– Mai, Ioane, nu stiu cum sa-ti spun… dar la mine aici scrie ca ti-am trimis trei barci!