Steve's OM Blog

http://theappleblog.com/2008/08/04/tutorial-build-a-simple-rss-reader-for-iphone/

http://developer.apple.com/iphone/manage/overview/index.action

This is the best link
http://www.youtube.com/user/maniacdev

Script to list all file rights on a particular folder.

Use this to try to spot "blocked inheritance" and excessive ACLs.

Most of this is taken from here

--------------------------
'==========================================================================
'
' NAME:
'
' AUTHOR: Stephen Hulse , Stephen Hulse
' DATE : 01/07/2009
'
' COMMENT:
'
'==========================================================================

Public objAccessRights
Set objAccessRights = CreateObject("Scripting.Dictionary")
AddRights()
ShowFolderList("E:\MyFolder")

Function ShowFolderList(folderspec)
Dim fso, f, f1, s, sf
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(folderspec)
Set sf = f.SubFolders
For Each f1 in sf
GetACE folderspec & "\" & f1.name
ShowFolderList(folderspec & "\" & f1.name)
Next
End Function

Function GetACE(strFolder)
'On Error Resume Next
If GetObject("winmgmts:\\.\root\cimv2").Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'").GetSecurityDescriptor(objSD) = 0 Then
For Each objAce in objSD.DACL
If objAce.AceFlags = 3 Then
If Isnull(objAce.Trustee.Name) Then
strName = objAce.Trustee.SIDString
Else
strName = objAce.Trustee.Domain & "\" & objAce.Trustee.Name
End If
WScript.Echo strFolder & " " & strName & " " & ListRights(objAce.AccessMask)
End If
Next
End If
End Function

Function ListRights(dblAccessMask)
Dim dblAccess, strRights
strRights = ""
For Each dblAccess in objAccessRights
If dblAccessMask >= dblAccess Then
strRights = objAccessRights(dblAccess) & ","
dblAccessMask = dblAccessMask - dblAccess
End If
Next
If len(strRights) > 1 Then
strRights = Left(strRights,Len(strRights) - 1)
End If
ListRights = strRights
End Function

Function AddRights()
objAccessRights.Add 2032127, "FullControl"
objAccessRights.Add 1048576, "Synchronize"
objAccessRights.Add 524288, "TakeOwnership"
objAccessRights.Add 262144, "ChangePermissions"
objAccessRights.Add 197055, "Modify"
objAccessRights.Add 131241, "ReadAndExecute"
objAccessRights.Add 131209, "Read"
objAccessRights.Add 131072, "ReadPermissions"
objAccessRights.Add 65536, "Delete"
objAccessRights.Add 278, "Write"
objAccessRights.Add 256, "WriteAttributes"
objAccessRights.Add 128, "ReadAttributes"
objAccessRights.Add 64, "DeleteSubdirectoriesAndFiles"
objAccessRights.Add 32, "ExecuteFile"
objAccessRights.Add 16, "WriteExtendedAttributes"
objAccessRights.Add 8, "ReadExtendedAttributes"
objAccessRights.Add 4, "AppendData"
objAccessRights.Add 2, "CreateFiles"
objAccessRights.Add 1, "ReadData"
End Function

So here is the mystery.
A script runs every 5 minutes successfully then at 05:00 in the morning it fails. Hmmmm The problem is it never runs again.
Reboot server and the script runs fine and again at 5:00 it stops running.

I used Sysinternals' Process Explorer to look for anything suspicious and there are 20 CSCRIPT processes running. Normally these processes appear and disappear quite quickly but on this machine the 20 processes stayed running for over 5 minutes.

Then... All of a sudden they all disappeared. and a minute later they started up again. Weird.

To cut a very long story short. I used VMWare Workstation to start an XP VM from this VM I started an RDP session to the server with the problem and started Process Explorer. Then I used the video recording feature of VM workstation to record for 10 mins or so. (time for a coffee).

Examining the video I could see the OpsMgr Agent (Health Service) stopping and starting every 10 mins.

-----

This would then force ALL the Management Pack Scripts to restart. Over the next few hours WMI slowly ground to a halt. Something else happens with OopsMgr at 5:00 that then kills WMI for good.

Same problem as this with same solution.

i.e. increasing Agent Restart Threshold to 300Mb for agents with this problem.

1. WMI health Management Pack
2. Backup Health MP
3. Integration Services Training

If I understand this correctly.

Clever deconstruction of the patch

It used to be possible to force a buffer overflow by forcing the netapi32.dll to load

\..\..\..\..\..\abc

This was fixed in MS06-040 by stripping off and \.. characters at the beginning of the string.

Therefore \..\..\..\..\..\abc becomes \abc

However some bright button noticed that

\abc\..\..\..\..\xyz does the same buffer overflow but MS06-040 does not catch this. Hence the quick release of MS08-067