Wednesday, January 21, 2015

Windows Group Policy - Be Careful!

I just got done helping a friend in Mequon with an Exchange server that would no longer work as an Exchange server.


The Exchange services would not start. Fortunately, he had already figured out that a group policy was part of the problem. The IT guy who came before had tried to secure the network by restricting some rights. He changed the “Access this computer over the network” such that “Everyone” was no longer in the list. Now, that sounds like a great idea. Why would Microsoft allow EVERYONE to access this server over the network? Being an Exchange server, however, certain services would not start. We changed the policy back to default and a FEW of the Exchange services worked again.


Next, the AD Topology service would not start. Looking through the event logs and searching for the error codes led me to this… The Domain Controllers policy “Manage auditing and security log” did not include “Exchange Servers” in the permissions. I fixed that, applied the policy to the domain controllers, and we were back to normal – Which is a HUGE relief!


The moral of this little technobabble story is: If you change Group Policy on a Windows domain, be CAREFUL! Document what it was before, what you changed it to, and when you changed it. You may run into unintended consequences!



Windows Group Policy - Be Careful!
Posted by at No comments:
Labels: , ,

Wednesday, January 14, 2015

Poweliks Malware Removal

I just got done cleaning a “Poweliks” infection from a client’s PC in Muskego. It went undetected by two anti-virus / anti-malware products. Symptoms of this Trojan horse include slow performance, high disk activity, lots of connections displayed when you type netstat at a command prompt, and powershell appears in task manager for no good reason.


By far, the fastest way to clean it up is a free Poweliks malware removal tool at: http://www.bleepingcomputer.com/virus-removal/remove-poweliks-trojan. Download the file and run it. Very quickly, it will tell you if you are affected or not. If you have the Malware infection, the tool will allow you to remove it. You should then reboot.


After the reboot, run the program again and it should come up clean. Then, run another virus/malware scan to find any other malicious programs. Why doesn’t your anti-virus / anti-malware program detect this? Because Poweliks lives in your registry, rather than as a file on the hard drive.


Let’s be careful out there!



Poweliks Malware Removal
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Comments (Atom)