Sunday, January 11, 2009

Audit Process Tracking-Windows XP

Tracking process for audit purpose in the event of suspected virus activity

1. Enable Audit Process Tracking
start:run->gpedit.msc->computer configuration->windows settings->security settings->local policies->audit policy->audit process tracking (set security setting to success)

2. Show Event Viewer
start:run->eventvwr->security

3. Disable Audit Process Tracking
Disable audit process tracking

Labels: , ,

NETSH utility

NETSH utility used in Windows XP for network configuration

Frequently used configurations

1. Reset TCP/IP?
netsh interface ip reset c:\resetlog.txt

2. Enable DHCP?
netsh interface ip set address name="Local Area Connection" source=dhcp
(OR)
netsh interface ip set address local dhcp

3. Manual IP/Gateway?
netsh interface ip set address name="Local Area Connection" source=static addr=192.168.1.2 mask=255.255.255.0 gateway=192.168.1.1 gwmetric=0
(OR)
netsh interface ip set address local static 192.168.1.2 255.255.255.0 192.168.1.1 0

4. Manual DNS?
netsh interface ip set dns name="Local Area Connection" source=static addr=192.168.1.1
(OR)
netsh interface ip set dns local static 192.168.1.1

5. Automatic settings
netsh interface ip set address local dhcp

6. Manual settings
netsh interface ip set address local static 192.168.1.2 255.255.255.0 192.168.1.1 0
netsh interface ip set dns local static 192.168.1.1

7. View TCP/IP setting?
netsh interface ip show config

8. Backup?
netsh -c interface dump > c:\net-backup.cfg

9. Restore?
netsh -f c:\net-backup.cfg

10. Test?
netsh diag show test

Labels: