Previous Posts

 Install Windows 2003 Recovery Console

Get ready for Windows 2008

Vulnerability in Virtual PC

Backup and Restore Outlook 2003 auto complete data...

Force Windows Activation Dialog to Show

Encrypt your files the free and easy way

Free New Zealand Daylight saving patch released fo...

Windows Vista SP1 beta to be released soon

Try out Windows 2008

Daylight Saving Time Patch - New Zealand Update



Archives

May 2005

January 2006

April 2006

May 2006

June 2006

July 2006

September 2006

October 2006

November 2006

December 2006

January 2007

February 2007

March 2007

April 2007

May 2007

June 2007

July 2007

August 2007

September 2007



Subscribe to our Feed:

Add/Remove Programs Cleaner - New version released

We have released a new version of our freeware add/remove programs utility. It allows you to remove those pesky applications that have a broken uninstall.

Make sure you try the applications uninstall first - this program will simply remove it from the Add/Remove programs list, no actual uninstall procedures are called

As always - no spyware or adware, just freeware goodness.



Find it in our downloads section


Posted By: Steve Wiseman on Thursday, May 25, 2006

Check out our utilities for windows

 



VNC Flaw - Proof of concept

Update (June 2006): We have created a vulnerability testing tool . It is free, and can be downloaded from here

Update 5/12/2006: We contacted the RealVNC team with our findings. They were able to verify the flaw, and release a fix within only a few short hours. I would highly suggest downloading 4.1.2 if you are running RealVNC on any internet facing computers - Steve

In our previous post I discussed a flaw in VNC that we discovered by accident. It essentially allows you to access a host running Real VNC 4 without knowing the password.

I have put together a proof of concept application (VNC Flaw Test). If you visit this page from the server or machine running VNC, it will attempt to connect back and display a snapshot. If it says your safe - then hey your safe. If not, you got to wonder how many million people have this installed and they have a wide open security flaw.

Now it is still possible we are wrong, since every machine we have had the chance to test has been touched by our software. Try it and see if you are vulnerable - and remember you need to browse to the testing page *from* the machine running VNC, and this machine and VNC port has to be accessible from the Internet.


Posted By: Steve Wiseman on Wednesday, May 10, 2006

Check out our utilities for windows

 



How to setup a logon script on your Windows 2000/2003 Active Directory Network

We are still looking through our code to find the reason for the flaw in VNC 4 - we will keep you updated as we find more.

On to another question. It may be easy for some of you, but setting up a logon script in active directory is not always that simple. Lets walk through setting one up.

First, open "Active Directory Users and Computers" on the domain controller



Now right click on the user you want to have the logon script and select the properties menu.

A properties dialog like the one shown below will appear. Select the 'Profile' Tab



Here is the confusing part. If I just put any old batch file name in the logon script field, where does windows try to find it from?

Lets find out. First, type in this field 'logon.bat'

Click OK.

Now, we need to find the folder where the server loads logon scripts. It follows this format:

\\(SERVERNAME)\sysvol\(DOMAIN NAME)\scripts

So, if my server was named DCServer1, and my domain was intelliadmin.com, we would browse to this path:

\\DCServer1\sysvol\intelliadmin.com\scripts



Now that we know where to put it, creating the script is easy. Just open up notepad, and write your batch file. For our test batch file we will put in a line that loads our profile generator for Microsoft Outlook XP



We are done with the script, so we save the text file as:

\\DCServer1\sysvol\intelliadmin.com\scripts\logon.bat

Now, the next time this user logs in, they will load the login script.


Posted By: Steve Wiseman on Wednesday, May 10, 2006

Check out our utilities for windows

 



Security flaw in RealVNC 4.1.1

Update (June 2006): We have created a vulnerability testing tool . It is free, and can be downloaded from here

Update (05/10/2006) - We have contacted the RealVNC team. Quickly they released a new version that fixed the security issue. If you are running WinVNC 4.1.1 I suggest you get to www.realvnc.com today and update your software.

Update (05/08/2006) - We have installed RealVNC 4.1.1 on as many fresh computers as possible. We wanted to make sure this is a real problem - indeed it is. Every single time we were able to access the machine without a valid password. We are still trying to see what is different about our viewer that exposes this flaw.

We are currently developing a new product that would allow users to remotely install VNC, and manage current VNC installations.

Our viewer is totally 100% new code that we created from the VNC spec and not from the open source Real VNC source tree.

I got a big surprise today when I was testing the viewer code: I was able to view the remote machine without the proper password!

It had to be some type of mistake, so I installed Real VNC 4.1.1 on a test machine:



I set the password to a really huge value that I could not have possibly left in our code by accident. Got back on the development machine and clicked connect:



Instantly I had a view of the remote machine!

I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.

Then I downloaded RealVNC 4.0 and installed it on another fresh test machine. Same thing as Tight and Ultra - I get disconnected right away.

So it looks like a flaw is in the current RealVNC 4.1.1 authentication process. I am not going to give any clues as to what it is until I can figure it out totally, and promptly let the RealVNC team know so they can resolve the issue.

Please note that I have only tested this on the windows versions of the above software.


Posted By: Steve Wiseman on Monday, May 08, 2006

Check out our utilities for windows

 



Reboot computers on your network

We just released a new version of our freeware remote reboot utility. It is a replacement for one we have had on our site for quite some time now. We added the ability to manually pick a hostname, and pick alternate credentials



No extra dlls, or .net runtimes are required. It just runs without any installation, and can be found in our downloads section. As always no spyware, adware - Just freeware goodness.

Requires at least Windows 2000.


Posted By: Steve Wiseman on Sunday, May 07, 2006

Check out our utilities for windows

 



Force IE to default to your home page

I have been asked this a few times now. How can you force Microsoft Internet Explorer to default to a custom home page?

It really is a simple group policy setting, but with many group policy options - it is not always easy to find.

First, for this to work I am assuming you have a Windows 2003/2000 network with Active Directory, and your client workstations are joined to the domain

Get on the domain controller, go to Administrative Tools, and Launch Active Directory Users and Computers.

Right click on the domain where you would like to create the policy.



A menu will popup - select properties. A dialog box will be displayed.



Click on the Tab that says "Group Policy"

Now Click on the Edit Button

A tree view of policies will be displayed.



Drill down to this key:

User Configuration -> Windows Settings -> Internet Explorer Maintenance -> URLS


Now, double click on Important URLS. You should see a dialog box that lets you change the default Help, Home, and Search pages of IE.



Make your change, and wait. I will take some time before the change replicates across the network - workstations will also need to be rebooted for the change to take effect.


Posted By: Steve Wiseman on Wednesday, May 03, 2006

Check out our utilities for windows

 



Numlock and Capslock - The enemy of Citrix and terminal services

Citrix, and Microsoft Terminal services have had an annoyance for quite some time now. Numlock and Capslock just don't default to what you want.

It seems that if the user is not an administrator - both are cleared at login. No matter what registry hacks you try, the user is still stuck with these settings.

Finally I found a simple solution the the problem. It is an easy VB script that you call when the user logs in:

To turn Numlock on:
set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys "{NUMLOCK}"

To turn capslock on:
set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys "{CAPSLOCK}"

Uh. Yea...I didn't think you would even care about scroll-lock, so we wont spend another minute thinking about that waste of keyboard space.


Posted By: Steve Wiseman on Monday, May 01, 2006

Check out our utilities for windows

 
Home|Downloads|Products|Blog
Copyright © IntelliNavigator Inc, 2006. All Rights Reserved
Privacy Policy