Posts Tagged: windows

defaultNo Comments
8
Oct 09

How to remove ZoneAlarm from Windows

We have very frequent problem at work – users with some ZoneAlarm .dll leftovers cannot open any HTTP web site. Here is the solution (taken from here). Removal of .dll in \windows\system32\ works like a charm for me.

How to remove ZoneAlarm

This is what has always worked well for me in the past:

A) Uncheck “Load Zone Alarm (Pro) at startup”
B) Shutdown Zone Alarm.
C) Disable Antivirus Software running in real time.
D) Empty Internet Log directory.
E) Empty Recycle Bin.
F) Reboot.
G) Run Uninstaller from Add/Remove Programs.

DELETE:
1) C:\Documents and Settings\All Users\Start Menu\Programs\Zone Labs
2) C:\Program Files\Zone Labs
3) C:\WINDOWS\Internet Logs (Empty Contents)
4) C:\WINDOWS\Profiles\All Users\Start Menu\Programs\Zone Labs
5) C:\WINDOWS\Profiles\All Users\Start Menu\Programs\Startup\zonealarm (pro)
6) C:\WINDOWS\System32\vsdata.dll
7) C:\WINDOWS\System32\vsdatant.sys
8) C:\WINDOWS\System32\vsmonapi.dll
9) C:\WINDOWS\System32\vsnetutils.dll
10) C:\WINDOWS\System32\vspubapi.dll
11) C:\WINDOWS\System32\vsutil.dll
12) C:\WINDOWS\System32\Zone Labs
13) C:\WINDOWS\Temp (Empty Contents)

Go into the registry, Find & F3 and DELETE:

14) Zone Alarm
15) ZoneAlarm
16) ZoneAlarm Pro
17) Zone Labs
18) minilog
19) InternetAlert
20) ZAMailSafe and all sub-keys.
21) zapro.exe
22) VSMON
23) VSDATANT

24) Run; ‘ regedt32 ‘ give ‘Security’ permission to ‘Everyone’ and delete:

HKLM\System\ControlSet001\Enum\Root\LEGACY_VSMON
HKLM\System\ControlSet001\Enum\Root\LEGACY_VSDATANT

25) AND;

HKLM\System\ControlSet002\Enum\Root\LEGACY_VSMON
HKLM\System\ControlSet002\Enum\Root\LEGACY_VSDATANT
———————————————————
Verify to ensure the above has removed all these keys from the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs\XXXXXX
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Pro
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog
HKEY_CURRENT_USER\Software\Zone Labs
HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert
HKEY_CLASSES_ROOT\ZAMailSafe
————————
Last but not least, delete the hidden license file in C:\WINDOWS\system32 called ‘zllictbl.dat ‘

defaultNo Comments
2
May 08

Samba 2.2, Domain 2003 and big problems

This week for a some reason almost all of our Samba 2.2.7 AIX servers stopped working. We have domain with 2003R2 domain controllers and for some reason all our attempts to join these Samba servers to the domain gave us:

server:/> smbpasswd -j SCC_NT -U Administrator
Passowrd:
Error connecting to DC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN

After couple of fights with our System Engineering department and intensive googling I’ve found a solution. Original post could be found here:

http://lists.samba.org/archive/samba/2003-May/066356.html

I just changed registry value on one of our domain controllers and specify it the smbpasswd command:

server:/> smbpasswd -j SCC_NT -U Administrator -r DC2
Password:
Joined domain DOMAIN.

Hooray! Our engineers promised me to upgrade Samba to 3.0 there soon (this is another solution for this problem), but on AIX 5.1 for some reason Samba 3.0 doesn’t work properly.

Here is the mirror of this great knowledge from the link above :)

> So, W2K doesn’t need SMB-packets signatures and we have no problems, but we
> want it to work with Windows 2003. What’s the difference between Windows 2000
> and Windows 2003 when it comes to security signatures of SMB-packets?

By default, a Windows Server 2003 requires signature of SMB packets (at least, a Windows Server 2003 DC).

> Can we disable signatures in Windows 2003 Server or do we have to make
> some changes in Red Hat/Samba? Is ther another way to get around this
> problem?

Yes, you can look for the following security option

Microsoft network server: Digitally sign commnunications (always) :

and set it to Disabled, instead of Enabled.

This security option modifies the following registry value:

Key: HKLM\SYSTEM\CCS\Service\lanmanserver\parameters\
Value: RequireSecuritySignature
Content: 0 to disable, 1 to enable

If you don’t want to reboot after that change, you can stop the srv.sys driver and services that depend on it using the following command:

C:\>net stop srv

Then, you can restart it, as well as the services that depend on it (in particular, netlogon)

C:\>net start srv

Jean-Baptiste Marchand

UPDATE: It is important to remove old record about host from AD.

defaultNo Comments
18
Apr 08

How to remove 1000 inactive computer records from Active Directory?

Today I got request from our MIS staff to remove about 1000 computer records from AD. Of course some script needed. Here is 5-minutes solution (use with caution!):

Add-PSSnapin Quest.ActiveRoles.ADManagement
  • Run this:
gc C:\scripts\targets.txt| % { Get-QADComputer -name $_ } | % { Remove-QADObject -force $_.DN }

And one more time – use with extreme caution. Be sure you are removing exactly what you need.

Newer Entries →