I needed to adjust the scope of a built-in firewall rule in a couple of servers, restricting the remote IPs to a list of UVM subnets in CIDR notation. The netsh documentation describes the syntax for a list as comma-separated values (no spaces). But I kept getting errors with the command:
netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" remoteip="10.10.0.0/16,10.11.0.0/16,10.12.0.0/16"
Finally, I actually read the error message:
For ‘set’ commands, the ‘new’ keyword must be present and must not be the last argument provided.
And the related part of the usage text:
Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made.
One little three-letter keyword was all I needed:
netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" new remoteip="10.100.0.0/16,10.101.0.0/16,10.102.0.0/16"
Recently, I wanted to provide a client with a list of groups that related to some work he was doing. I wanted the group names as well as their location with AD. Although I often use the ds* commands or excellent ADfind tool for this type of task, I had been working in PowerShell on another project, so I decided to use the PowerShell ActiveDirectory module.
The Get-ADGroup Cmdlet pulled out the groups easily enough, but the there wasn’t a property representing the group object’s parent, nor is there an LDAP property that I could request (AFAIK). The object’s parent is contained within the DistinguishedName (DN) property, though.
For a group with the following DN:
I just need to strip off the CN. I could split the DN on commas, remove the first element, and then reassemble what’s left to get the parent. I also needed to avoid splitting on an LDAP-escaped comma where a value actually contains a comma (e.g., CN=).
PS> $dn -split '(?<![\\]),'
ESET has fixed the problem that caused widespread system hangs. If you followed my instructions to disable NOD32, you can re-enable it by repeating those steps and changing one word: replace disabled with auto.
1. Boot into safe mode
2. In either the Run dialog or the Vista Start Menu search box, type the following:
cmd /k "sc config ekrn start= auto"
(Please note that the space after
start= is required; goodness knows why)
3. Watch for the success message, and reboot.
I’ve spent most of the day trying identify a systematic way to work around the campus antivirus solution, which is causing widespread system hangs. Our vendor has tentatively identified a problematic recent update, and is recommending that affected users temporarily disable the Eset Service service until a patch is available.
Disabling ESET NOD32 / ekrn Service.
If your system become unresponsive, in most cases soon after logging into the system, you may be affected. Please follow these instructions to disable the ESET service:
1. Restart your system in safe mode
2. In either the Run command ( Start->Run or [Windows Key]+R)
OR in the Vista Start menu search box
3. Enter the command below
cmd /k "sc config ekrn start= disabled"
(Please note that the space after
start= is required; goodness knows why…)
4. Watch for the success message:
Reboot and stay tuned to your friendly neighborhood technical support resources for updates.
PS. for what it’s worth, here’s my current ESET version info, which hangs my system.
I like GUIs, but I also like getting things done via the command line. I was hunting around to see if there was a way to change the MTU setting for my NICs without having to edit the registry, and I found that the netsh interfaces context exposes this attribute:
netsh interface ipv4 show subinterfaces
netsh interface ipv4 set subinterface "Local Area Connection" mtu=1500 store=persistent
I used this to change the MTU for my Wifi and Ethernet interfaces from 1300 — Cisco’s preferred setting from Win9x days — back to the Windows default. And now the performance problem I was having yesterday has been resolved. 🙂
[ via http://www.annoyances.org/exec/forum/winvista/t1158155937]