Iain

@VaKo - I doubt I'd get anywhere close to that number of activations. It is, after all, for evaluation/learning! I've seen Technet mentioned on amazon.co.uk. I know that you're also based in the UK. Did you get your Technet locally or did you go via Microsoft.com? If I went down the amazon.co.uk route (I think that the cost is lower than via Microsft.com), would I still be eligible to deceide whether to get the media and downloads version or downloads version only? If I decide to renew the subscription, how does it work if I purchase the renewal via amazon.co.uk? @moonlit - do you mean the free Technet subscription that was all around the 'net within the last week? I know that it got pulled very quickly. I guess it's because that was so tantalisingly close (along with my imminent "significant" birthday) that I've decided to take the plunge. I just need to decide on appropriate hardware that will run several VMs comfortably in VMWare Server. I'm going to do some research and then probably start a new thread (if I can't find anything here already) to check that my proposed hardware wouldn't be an absolute waste of time and money.

Thanks moonlit - just the answers that I was hoping for. I'll search for the T&C/EULAs and just hope that the keys all allow multiple installations. I read somewhere (quite a while ago) that the server OS keys allow only one installation but I don't know how reliable that is/was. I suppose I could ask Microsft directly and I will if I can't find a definitive and trusted answer.

I've been following the virtualisation discussion and episodes and they've stimulated me into getting on with something, particularly as I have a "significant" birthday approaching! I don't want to virtualise a real live network but I would like to create a virtual domain so I can learn. Does anyone have a Technet subscription who could answer some questions? 1. Is it possible to install the various operating systems into VMWare Server or can they be installed only into real systems (I ask because I have had no luck installing an unused OEM XP Pro into Microsoft Virtual PC)? 2. Can I install the software to create several virtual XP Pro PCs or W2K3 servers simultaneously (to have a realistic virtual domain) in VMWare Server? I realise that the software is for evaluation purposes and shouldn't be used in a real live network. 3. If I cancel the subscription after the first year, could I continue to use the software that I had or would I have to uninstall it? Would the keys still work? Thanks for your time.

@cykio - I'm looking into getting some new kit. Can you tell me the make and manufacturer of the low (maybe 1.25m high) cabinet with the door in the first photo in your post on 13 May. Thank you

Thanks for the link to the UBCD forum. It's clearly possible and whilst the UBCD has a very easy process to create the "Kicker CD", I'd like to "get under the hood" and know exactly the steps to follow to create my own CD from scratch.

Thanks digip. I know about the HP USB format tool and, since posting earlier today, I've been playing around with UBCD4Win which does exactly what I've been thinking about. I followed the instructions to the letter to create a bootable USB flash drive but it doesn't work. If I use the "Kicker CD" with the UBCD4Win, the USB flash drive loads correctly. I suppose I'd like to create my own "Kicker CD" so I can, for instance, have BackTrack on the USB flash drive and a mini CD in my wallet so I can boot to it even if the PC or laptop can't boot from USB. I'll look into the suggestions to see if I can get a CD to pass control to the USB.

I'm not sure if this is possible: I have a laptop which is about 4 years old. There's no option within BIOS to boot from a USB memory stick though it will boot from a USB floppy. There is no BIOS update available on the manufacturer's website. Is it possible to have it boot from CD initially then pass the control to the USB to load the OS from there? I've seen credit card sized mini CDs so one would fit into a wallet easily. Such a small CD wouldn't hold the iso. I've burned the iso to CD and everything works normally. If it's possible, can I have some key terms that I can research to investigate how to go about creating the bootable CD? Of course, this might be completely impossible, in which case I might be forced into getting a new laptop (not a bad thing though ;) ) Thanks for your time.

@filip007 - if you don't like what happens here, no-one's forcing you to continue visiting. Perhaps you should find somewhere that impresses you more. Goodbye.

I've been working for my CCNA (got it now!) so I want to turn my attention to some MS Certs. I had thought of going down the 70-270, 70-290 and MCSA or MCSE route but I'm conscious that there are a whole load more certifications aimed at Vista (I want to avoid that if possible and concentrate on XP or Windows 7) and Server 2008. What recommendations do folks here have (other than "ditch MS in favour of Linux")? Do I stick with my original plan or should I consider some more up to date certifications? As far as I know, getting the 70-270 or 70-290 would give me MCP status and that, in turn would allow me to access free software downloads from MS. Is that correct? Does the same apply to the new MS certifications? I'd add that I'm doing this because IT and, specifically, netadmin are a hobby. I'm not working in the sector though I suppose that *might* be a possibility in the future. Thanks for your time.

I'm a mature student at college in the UK ("mature" is an official term for "over 25"), studying an IT-related course. One of the network administrators had to visit us recently and we got talking. The network is locked down very hard and he volunteered some information about something that they'd identified and had had to deal with (no, I *wasn't* engaged in social engineering!). He mentioned that some students had tried to access cmd.exe, regedit.exe etc. by converting to hex and entering into start>run. For instance, enter %63%6d%64%2e%65%78%65 (the equivalent of cmd.exe) and he showed me that it was blocked. I tried a similar manoeuvre at home on my own system but it doesn't work, so I suspect that he was either mistaken in the exact technique or he was giving me BS. I know there have been MANY, MANY posts about "how to open a command prompt" etc., along with multiple novel techniques, but I'd not heard about anything like this. Does anyone know more about this (or a similar) technique. Does it work? Has it ever?

@donito - can you post a network diagram for your setup (or describe it) please? EDIT - thanks donito for editing your post and including the information that I requested. I wondered what the 8 boxes at tbe bottom of the stack were.

It would be interesting to know how Darren et al will respond to this proposal. I know that there's a fine line between black and white hat activity and the distinction lies in the intent and the posession of authorisation to "do the deed". I suspect that if there is an episode or segment, it would be prefaced heavily with "this is for educational purposes" or "this is what responsible netadmins must know in order to protect their network" etc., otherwise there might be a visit to the HakHouse by some guys (or gals!) displaying frightening badges!

My experience of those sites is that the experts there won't divulge any dodgy techniques until a newcomer has been around for a while and has posted some useful messages. They're aware that it's easy to register and then ask noob-type questions. Some have a hidden inner sanctum to which invites are given ... then you get access to all sorts of information.

I'm in the same situation regarding my assessment of my own knowledge. Cons are almost unknown in the UK and I'd really like to visit some of the major ones in the US. I will one day! I guess that even if I were to attend, I'd be inclined to hover and watch/ask others about what they're up to so I could soak up as much as possible. My skills are on rung 2 of a long ladder and I know that they'd be trumped easily by the majority of other attendees. The philosophy that I have is that everyone has to start somewhere ... and that's the bottom of the ladder

I'd be inclined to go for a 2600 (or 2800) series router and a 2950 switch. Obviously, the more up to date the kit, the more expensive it will be. By getting some fairly recent hardware, you'll be able to use it in real life for your home network (firewall with ACLs, NAT and VLANs etc.), rather than just for some Cisco labs. If you plan to go on to CCNP, you'll definitely need access to more hardware.

I doubt that many would complain about such fascinating material. I just saw all four practical sections which amounted to over 35 minutes. I realise that it was done "live" and there were times when you were doing things not directly related to the demo (i.e. getting back on the WLAN) so I guess that it could all be compressed into maybe 20 - 25 minutes. It would have been interesting to see some of the other options at the stage when you created the executable (RAW and php) but maybe that's for another time! As a side issue, I've accessed the vimeo video on your site which you posted on 2 March 2009 and it stops playing at 1:08. This is the same despite using two different PCs to view it. I don't know what the problem is, but I suspect that it's something to do with the video, rather than at "my end". Thanks for educating all of us!

That's fascinating. I look forward to the next instalment. It would be interesting to have this as a formal segment in one of the shows but it might just be a little too dark!

But I didn't use net.exe from the CD (the "installation" in RAM is designated automatically to x:, i.e. x:\windows\system32\net.exe). I navigated to net.exe on my XPP installation, i.e. c:\windows\system32\net.exe. I thought that, if I navigated to the installed net.exe, it would add the user as I had wanted. I'm interested to know WHY it didn't. Can anyone shed any light on this please? Do you have any recommendations about an offline SAM manipulation utility? I'll look into it myself but am interested to have any recommendations. OK - thank you.

So, if I run Bart's PE as a live CD, I can add a new account to the local machine and it will show up when rebooted? I've tried the <net user Name /add> trick then added Name to the Administrators localgroup by using a Windows PE live disk and, whilst it says "Task completed successfully" (or similar), the new account isn't there when I booted into Windows. Can I create a service on the local PC using Bart's PE? Again, I've tried with Windows PE and it failed.

I have some questions about this: 1. What's the reason for adding the new account to the SpecialAccounts\UserList? I realise that these accounts are built in automatically and aren't ordinary user accounts. 2. Is it possible to add a user whilst offline - for instance using Bart's PE or Windows PE live CD? 3. Is it possible to create a service (again, whilst offline) which runs as System and is running at the time that the logon screen appears? No, the utilman method doesn't work on my fully patched XP Pro SP3 system. It fails whether I put the renamed cmd.exe --> utilman.exe only into c:\windows\system32 or c:\windows\system32\dllcache or into both folders. I don't know how it's bypassed - perhaps the MD5 (or other signature) of the file is assessed so utilman.exe runs ONLY if it's the real thing? Does anyone have any information about how Microsoft have closed this security hole? What about other ways of adding a new administrator-level account?

Sorry - I think I've been misunderstood. By "protect", I meant add a file to the list in the .dll so it will be restored automatically by WFP if the user deletes it. I realise that I'd have to put the backup copy of the file in the dllcache folder. I'd still like to know how to find the PE Header checksum and change it so it matches the checksum when I've modified the .dll. I understand that, following hex editing the file, the value of the checksum in the PE Header won't match the actual checksum.

I've been looking into WFP recently: how to disable it for a specific file and how to add a file that I'd like to be protected. I have XP Pro SP3 and understand that those files which are protected are listed in a .dll in c:\windows\system32. The .dll can be hex edited to alter one of the file names which will remove it's protection. However, I came across some comments about the PE Header checksum of the .dll requiring modification. I'm happy to use a hex editor to make the changes to the file name then use a live cd to move the .dll because I suspect that I can't do that whilst Windows is running. I'm afraid that editing the checksum in the PE Header is beyond me. Can anyone give any tips about how to do that? The other side of my experiment is to add a file that I might want to protect. Does anyone have any ideas about that? I hasten to add that I do not have any malicious intent (though I realise that any techniques used could be adapted for wrongdoing) but I simply want to investigate how WFP works.

I'm amazed that such a simple tweak works to prevent AV doing it's "thing". I was under the impression that AV looks at data within the file (as a signature), rather than simply the file extension.

Is Netbios routable? I thought it could be used only on a LAN.

Maybe the netadmin has blocked it?