Runas does not accept a password on the command line, nor can you pipe it to it on STDIN. It requires keyboard input.
However, to make life easier, there’s a Visual Basic Script available that will allow you to use Runas from the command line and supply a password to it. It is created by Jefferey Hicks (MS MVP Powershell) and is called VBRunas.
cscript //nologo runas.vbs <Username> <Password> <Command>
You can download the script from my server, or from Jeffery’s website.
Location of CryptoLocker binaries:
If the malware has executed, one or more of the following registry keys will be present:
Stop the binaries from executing by applying GPO to block the following:
It is also possible to stop execution by creating a Software Restriction Policy (SRP).
Below are SRP rules to assist in blocking CryptoLocker. You may have to tweak some of these rules for your environment.
———–
Block CryptoLocker executable in %AppData%
Path: %AppData%*.exe
Security Level: Disallowed
Description: Don’t allow executable to run from %AppData%.
Block CryptoLocker executable in %LocalAppData%.
Path if using Windows XP: %UserProfile%Local Settings*.exe
Path if using Windows Vista/7/8: %LocalAppData%*.exe
Security Level: Disallowed
Description: Don’t allow executable to run from %AppData%.
Block executable run from archive attachments opened with WinRAR:
Path if using Windows XP: %UserProfile%Local SettingsTempRar**.exe
Path if using Windows Vista/7/8: %LocalAppData%TempRar**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinRAR.
Block executable run from archive attachments opened with 7zip:
Path if using Windows XP: %UserProfile%Local SettingsTemp7z**.exe
Path if using Windows Vista/7/8: %LocalAppData%Temp7z**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with 7zip.
Block executable run from archive attachments opened with WinZip:
Path if using Windows XP: %UserProfile%Local SettingsTempwz**.exe
Path if using Windows Vista/7/8: %LocalAppData%Tempwz**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinZip.
Block executable run from archive attachments opened using Windows built-in Zip support:
Path if using Windows XP: %UserProfile%Local SettingsTemp*.zip*.exe
Path if using Windows Vista/7/8: %LocalAppData%Temp*.zip*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened using Windows built-in Zip support.
———–
The following PowerShell script will list all files that are currently encrypted on the local system. To execute this, run PowerShell as administrator and paste the following code:
(Get-Item HKCU:SoftwareCryptoLockerFiles).GetValueNames().Replace(?,) | Out-File CryptoLockerFiles.txt -Encoding unicode
I’m preparing for a project that involves upgrading an existing Microsoft Exchange 2003 infrastructure to Exchange 2013.
There are about 50 mailboxes all varying in size. 70% of the mailboxes are less than 2GB. 15% of the mailboxes are 10GB or more, with that biggest being 30GB. The rest fall somewhere between 2-10GB.
ExMerge supports exporting of mailboxes up to 2GB in size. This will work for about 70% of the infrastructure.
The remaining mailbox exports will require some workarounds.
Microsoft states the following for working around this issue:
Microsoft KB916085
- Request that the mailbox owner delete all e-mail messages that are not required. Alternatively, request that the mailbox owner create a .pst file on the local computer and then move all messages that are not required to that local .pst file. This is to bring the mailbox size to less than 2 GB before you run ExMerge against the mailbox. Note Because the Exchange Server single instance storage benefits are lost when you convert the mailbox to a .pst file by using ExMerge, the mailbox must be less than 2 GB.
- Export the mailbox to a .pst file by using Outlook 2003 instead of by using the ExMerge tool.
- Use ExMerge to export individual folders or groups of folders from the mailbox into individual smaller .pst files instead of exporting the whole mailbox to a single large .pst file.
To address these mailboxes, my plans are to use bullet point 3 from the above Microsoft KB article workaround notes.
If this was a mixed environment, meaning if I had Exchange 2003 and 2007 or 2010 in the infrastructure, I could use the PowerShell cmdlet to export the mailboxes. Darn.
Once these are exported, I plan to use PowerShell to import the mailboxes into Exchange 2013 using the New-MailboxImportRequest cmdlet provided in PowerShell.
This is a Powershell cmdlet that will import a directory of .PST to the Mailbox alias defined by the .PST name.
Dir \SERVER01PSTshareRORecovered*.pst | %{ New-MailboxImportRequest -Name RecoveredPST -BatchName Recovered -Mailbox $_.BaseName -FilePath $_.FullName -TargetRootFolder SubFolderInPrimary}
Get a headstart evaluating Window 8—guided by a Windows expert who’s worked extensively with the software since the preview releases. Based on final, release-to-manufacturing (RTM) software, this book introduces new features and capabilities, with scenario-based insights demonstrating how to plan for, implement, and maintain Windows 8 in an enterprise environment. Get the high-level information you need to begin preparing your deployment now.
• Performance, reliability, and security features
• Deployment options
• Windows Assessment and Deployment Kit
• Windows PowerShell™ 3.0 and Group Policy
• Managing and sideloading apps
• Internet Explorer® 10
• Virtualization, Client Hyper-V, and Microsoft Desktop Optimization Pack
• Recovery features
Download eBook Direct Link (PDF): http://go.microsoft.com/FWLink/?Linkid=268295
Informational Site: http://blogs.msdn.com/b/microsoft_press/archive/2012/11/13/free-ebook-introducing-windows-8-an-overview-for-it-professionals-final-edition.aspx