Archives for February 2016

Using Windows builtin “PortProxy” to forward ports

I found a question on the Microsoft Technet Forums, how can I forward connections to for instance Telnet (tcp/23) to a virtual machine.
So Brian Komar already did a correct answer but since I am not really sure that the original poster did really understand the subtle difference between a proxy and a forwarding of IP ports.

But I think it is important to also explain that you can use the PortProxy function built into Windows. It allows you to terminate the TCP session and open a new session to the endpoint. This allows an enduser to telnet to your machine and end up somewhere else.

Adding a portproxy to google

Required commands

[Read more…]

Avoid setting up a domain trust for a single users needs

I found a question on the Microsoft Technet Forums, how can I allow a users to use a ERP software in another domain without using his credentials.

So this solution does not really give a solution that allows the local user account any rights, but stores the remote domain username/password for the user so the user doesn’t get bugged for those all the time.

Using CMDKEY to add username-password for alternative domain

 

Find Netbios targets in a serverbased DFS

So a while ago I posted how to find NetBIOS in domain based DFS’s. So I wrote how to find NetBIOS targets on standalone DFS machines.

DFS-Standalone-Target-NetBIOS

Script

[Read more…]

Cleaning out NetBIOS Hostnames from your DFSs

So you have been using DFS for a while and is happy. But you still get some complaints. Smaller companies usually hear that employees have problems accessing the DFS from home on their own computers. In larger companies it is usually not allowed to use private computers anyway. But there we have the problem with partner or purchased companies having problems with the DFS. So what is up?

The common problem is that you still are using hostnames instead of FQDN. So what does that matter really? It works great on my workstation. Most commonly companies automatically tries with the domain that the computer is joined into. This works great for the employees computers but not others. So what is happening then? Suppose we have a company called Contoso with a domain called contoso.local (I know its bad to have a .local domain name). You request the DFS called \\contoso.local\dfs, you will then contact the domain controllers in contoso.local domain and get which file servers are working as the root servers. If the response only contains netbios names the clients will try to attach the domain suffix from DNS (Unless configured differently using GPOs).

So I was at a customers doing a brief DFS analysis. So these are the scripts I ran to check the domainbased DFS. So these are some screenshots from a non-production environment:

DFS-Domain-Target-Netbios

DFS-Domain-Root-Netbios

Scripts:

[Read more…]