Ads

Can I create service (hardware) profiles like you recommend in XP with Windows 7?

 FAQ, Services FAQ, Windows 7 FAQ  No Responses »
Oct 132009
 

Unfortunately, no. Hardware profiles no longer are supported in Windows 7 (or Vista) and do not perform like they did in XP. In fact, they appear to have been removed completely.

 Posted by Black Viper at 4:52 PM

How can I install or uninstall services in Windows 7?

 FAQ, Services FAQ, Windows 7 FAQ  No Responses »
Oct 132009
 

Several services have the ability to be uninstalled. You can add or remove these services by:

  • Head to Start
  • Select Control Panel
  • Select Programs
  • Select Programs and Features
  • Select Turn Windows Features on or off

I have found that the following Windows 7 Services can be installed or uninstalled:

 Posted by Black Viper at 4:49 PM

Vista: Can I create service (hardware) profiles like you recommend in XP?

 FAQ, Services FAQ, Technical FAQ, Windows Vista FAQ  No Responses »
Oct 132009
 

Unfortunately, no. Hardware profiles no longer are supported in Vista and do not perform like they did in XP.

You can, for example, disable a service in the logon tab, hardware profile section for “Undocked”, but:

  • Cannot create any new profiles
  • Vista automatically detects what profile to use.

As such, an example of this would be a laptop that has a “docking station” with additional hardware attached to it. Vista would use the normal profile while the system is “docked” and use the “Undocked” hardware profile when on the road. This reduces the amount of drivers loaded and hardware detection issues (PnP) resulting from adding and removing hardware all the time.

 Posted by Black Viper at 4:39 PM

Windows 7: Why are some services missing from the Custom Registry File Tool?

 FAQ, Services FAQ, Windows 7 FAQ  2 Responses »
Oct 032009
 

Several services states cannot be modified using a registry patch in Windows 7. These are not listed to avoid errors while applying the patch to your system.

All services that have the ability to be installed or uninstalled via Add/Remove Windows Components are not listed. This is in an effort to not break existing configurations.

I have found that the following Windows 7 Services states cannot be controlled by a registry file in normal or safe mode:

 Posted by Black Viper at 4:47 PM

Windows 7: How do I change the Automatic/Manual/Disabled function?!?

 FAQ, Services FAQ, Windows 7 FAQ  No Responses »
Jan 272009
 

With the default Category Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select System and Security
  4. Select Administrative Tools
  5. Select Services
  6. Select a service to adjust by double-clicking
  7. In the General tab, Startup type section, select Automatic (Delayed Start), Automatic, Manual or Disabled.

If you like, you can also do: Start –> All Programs –> Accessories –> Run –> type in services.msc –> Select OK.

After configuring all services that you desire to change, reboot to see the effects of your tweaking.

Note: Do not use msconfig to stop services. It basically is “disabling” a service. Use the above procedure and set to “manual” instead for testing purposes.

 Posted by Black Viper at 4:42 PM

Vista: Why are some services missing from the Custom Registry File Tool?

 FAQ, Services FAQ, Windows Vista FAQ  No Responses »
Oct 162007
 

Several services states cannot be modified using a registry patch in Windows Vista. These are not listed to avoid errors while applying the patch to your system.

I have found that the following Windows Vista Services states cannot be controlled by a registry file in normal or safe mode:

 Posted by Black Viper at 4:32 PM

Vista: How do I change the Automatic/Manual/Disabled function?!?

 FAQ, Services FAQ, Windows Vista FAQ  No Responses »
Apr 162007
 

With the default Category Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select System and Maintenance
  4. Select Administrative Tools
  5. Select Services
  6. Select a service to adjust by double-clicking
  7. In the General tab, Startup type section, select Automatic (Delayed Start), Automatic, Manual or Disabled.

If you like, you can also do: Start –> All Programs –> Accessories –> Run –> type in services.msc –> Select OK.

After configuring all services that you desire to change, reboot to see the effects of your tweaking.

Note: Do not use msconfig to stop services. It basically is “disabling” a service. Use the above procedure and set to “manual” instead for testing purposes.

 Posted by Black Viper at 4:30 PM

Can I ask you a technical question?

 BV and blackviper.com, FAQ, Services FAQ, Technical FAQ, Windows 2000 FAQ, Windows 7 FAQ, Windows Vista FAQ, Windows XP FAQ  No Responses »
Jan 062004
 

Unfortunately, the day has finally arrived when my information has become so popular that it has stretched my resources to the limit.

Each time I add something to the domain, more E-Mail is directed to my inbox. Some is positive feedback, but most are random technical support questions that I no longer have the time to answer.

I enjoy providing this domain to the Internet community, but my time has completely been overtaken by my desire to help as many people with their own personal computer issues. This desire to help has, thus far, outweighed my common sense when responding to technical questions.

At the onset a few years ago, it was a welcome event. I helped those that I could and the people that had questions that was beyond the capability to troubleshoot by E-Mail, I would point them in the right direction to help them resolve the issue on their own.

Then it became apparent that taking the time to point people in the right direction took too much time. Either I was "talking over their head" and spent lots of time trying to draft an E-Mail that everyone can understand about a complicated issue, or I was "talking under them" by automatically assuming this stranger that E-Mailed me does not know the first thing about computers. I began to ignore these more complex problems, sometimes after the sender has spent much time writing very extensive information about their particular issue, because I do not have as much time as the sender does to devote to a problem.

On March 25, 2003, I drafted the following: The Rant: Impossible Questions to Answer by E-Mail. This was in response to the large volume of E-Mail I get daily involving technical issues beyond what is humanly possible to solve remotely.

It hurts me to ignore people, as I have said many times before, if you have taken the time to send kind words about the domain my way, I will happily take the time to reply and thank you for them.

Feedback and encouragement has always fueled this domain. No banner ads are (or ever will) adorn this site. I provide the information because I enjoy my geekie hobby and encourage other people not to think of their own computer system as a toaster that "just works." However, saying "Thanks for the information on your web site" and my reply of "No problem, glad I can help" takes tons less time than to read a massive E-Mail about a technical issue that, in reality, is difficult if not impossible to solve from a remote location.

As such, I have to draw the line somewhere. I have dreaded this day from coming because, in part, I feel my domain has became popular because of my personal style of presentation and my responses to as many people as I can. The lack of obnoxious advertising bombarding the reader also plays a role. This word of mouth has came down to "don’t bother me, ask Black Viper! He will tell you the answer."

One person tells two friends, then those people tell other friends… before I knew it, I have 182 E-Mails waiting to be opened.

I have my own issues. Even though, on December 30, 2003, it took me relatively little time to "swap" the domain to a different computer and get it running, I spent several hours monitoring and testing to ensure everything was working.

I then got, once again, behind. I "just caught up" only the day before by spending several hours replying to E-Mail.

One day leads to more and again, I am behind. So, not only do I have to ignore and possibly make people mad by not responding or helping with their particular problem, but those that I finally get to their problem, I get a reply to my solution saying "I have already figured it out" or "you took too long." As such, I have spent time in replying for no greater good other than "seemingly wasting my already limited time."

Thus, I am going to further limit the amount of technical issues that get my personal response. I have tons of information that many people have utilized. I write it once, it is view by, not only hundreds, but thousands. A personal reply from one person, goes to that one person and is not an efficient use of my limited time.

Several times, as with the most recent Virus and Worm epidemic, I would post a page directing people on how to solve the problem. If I responded individually to each person that page helped, it would have taken more hours than what is in a day.

In closing, I thank all of my readers for visiting and utilizing what variety of information I offer to the internet community. I will still respond to those people with kind words or "specific issues" relating to my information. In the short term, that will not change. In the long run, that line may also need to be drawn.

This change of view does not mean that updates to content and additional articles will never happen. In fact, quite the opposite. Limiting the amount of one-on-one communication will free up some time to do just that. It also should not be thought of as a way for me to "leave my readers hanging." That, by far, is not the desire.

Feel free to use my forums for questions.

 Posted by Black Viper at 1:06 PM

Why is Remote Procedure Call shutting down my computer after 60 seconds?

 FAQ, Services FAQ, Technical FAQ, Windows 2000 FAQ, Windows XP FAQ  No Responses »
Aug 102003
 

Related Questions:

  1. Why is LSASS.exe shutting down my computer after 60 seconds?
  2. Why is svchost.exe crashing my computer?
  3. Why is dllhost.exe taking 100% of my CPU time?

A buffer overrun is the cause of an issue affecting many versions of Windows to include NT, 2000, XP and 2003. The main indication of this is a 60 second shutdown counter just after connecting to the internet or “right after” an attack attempt. “Strange” network activity while you are not downloading or surfing is another key factor.

Upon examination of my firewall log files, I discovered that every two to five minutes, the vulnerable ports are being scanned. Since I am behind a firewall, I have not been affected by any of these problems. However, due to the firewall activity, I must assume that the Remote Procedure Call vulnerability information publicly released on July 16, 2003 and the LSASS vulnerability released April 13, 2004 are being exploited. The latest security patch described below (in the Third step) will solve all issues.

As I touched on with my configuration, by default, all incoming Remote Procedure Call traffic is blocked with all firewall’s to include Windows XP’s built in firewall. Being as though that is a general statement, I am sure I am going to get burned by it. But in all honesty, regardless if you are behind a firewall or not, the latest security patch should still be installed as it is the most critical one recently released and affects such a mass amount of systems.

ABSOLUTLY DO NOT disable the Remote Procedure Call Service using any Registry Patches or Hardware Profiles no matter who told you or why!

Remote Procedure Call is a vital core process that is required for your system to function properly and install the security patch. If you have already disabled it somehow and looking for help, I have a way to try and fix it.

The following is steps that you can take to protect yourself from this vulnerability:

Note: If you do not have a firewall or use something other than Windows XP, skip the first step.

First

In an effort to ensure that your system will not be attacked while attempting to solve the problem, disconnect the computer from the internet.

Block inbound (from the internet) and outbound (from your computer) TCP and UDP ports 135, 137, 138, 139, 445 and 593 at your firewall and ensure your firewall is active. This will stop Remote Procedure Call and LSASS.exe inbound traffic from the internet reaching your computer.

You can enable the built in Internet Connection Firewall with Windows XP by doing the following:

With the default Category Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select Network and Internet Connections
  4. Select Network Connections
  5. Right click your “internet” connection, whether it is dial-up (your modem) or local area network (your network card if using broadband)
  6. Select the Properties option in the popup menu
  7. Select the Advanced tab
  8. Check the box next to “Protect my computer and network by limiting…
  9. Select the Ok button to apply the settings

With the Classic Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select Network Connections
  4. Right click your “internet” connection, whether it is dial-up (your modem) or local area network (your network card if using broadband)
  5. Select the Properties option in the popup menu
  6. Select the Advanced tab
  7. Check the box next to “Protect my computer and network by limiting…
  8. Select the Ok button to apply the settings

This action will start the Internet Connection Firewall Service.

Second

You can stop a computer from automatically rebooting during the 60 second countdown by doing the following:

  1. Head to the Start button
  2. Select Run…
  3. type shutdown -a in the popup window
  4. Select the Ok button to issue the command
Image 1.1: (45KB .jpg)

You can “stop” the Remote Procedure Call Service from shutting down the system after 60 seconds each time the attack is attempted. This does not apply to LSASS.exe. I absolutely do not condone this action as a “fix,” but it could be used to stop the system from rebooting while you are attempting to repair the issue and scan your computer for vulnerabilities if you have not already activated your firewall. In an effort to ensure that your system will not be attacked while attempting to solve the problem, disconnect the computer from the internet:

  1. Head to the Start button
  2. Select Run…
  3. type services.msc in the popup window
  4. Select the Ok button to issue the command
  5. Select the Remote Procedure Call Service from the list by double clicking it
  6. Select the “Recovery” tab
  7. The default for this service is “Restart the Computer” for all failures
  8. Change each one to “Restart the Service
  9. Select the Ok button to apply the settings

Again, this should not be done to fix the reboot issue, only to ensure that you have the proper amount of time to correct the problems.

Third

Ensure that all security patches are currently downloaded and installed. Before troubleshooting your computer any further, this step needs to be complete to be positive that this particular security issue is not being exploited and causing your problems.

Take note: Cryptographic Services in Windows XP and 2003 needs to be placed on automatic and/or started before installing security patches. Cryptographic Services requires the Remote Procedure Call Service. Again, do not disable Remote Procedure Call! It is required to install the patch! They both are placed on automatic by default.

Remote Procedure Call Information:

A security patch for Windows NT, 2000, XP and 2003 with additional information about the previous vulnerability is located here:

http://support.microsoft.com/?kbid=823980 (superceded by the latest update)

A security patch for Windows NT, 2000, XP and 2003 with additional information about the latest vulnerability, which includes the previous update, is located here:

http://support.microsoft.com/?kbid=824146

A Microsoft Security Bulletin MS03-026 was posted about the first issue:

http://technet.microsoft.com/en-us/security/bulletin/ms03-026

A Microsoft Security Bulletin MS03-039 was posted about the latest vulnerability:

http://technet.microsoft.com/en-us/security/bulletin/ms03-039

LSASS.exe Information:

A Microsoft Security Bulletin MS04-011 was posted about the latest vulnerability and includes details on where to get the patch to fix it:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Fourth

Scan your computer with the latest virus definitions. If your computer has already been attacked, any number of problems can arise from this:

  • A new user account could have been created with administrator privileges.
  • A trojan or worm could have been installed to attempt infection with other malicious code either to the local system or internet connected computers.

Exploits have already been circulating around the internet to include:

However, just because you have been hit with an attack against the Operating System vulnerability does not mean that you are automatically infected with anything.

Fifth

As far as I feel, if a system has been compromised, the only way to go would be to unplug the computer from the network and completely format the hard drives, turn off the computer, and then fire it back up and reinstall Windows clean. As far as I am concerned, that is the only way to ensure that all malicious code has been removed from the system in question. Understandably, this solution is not possible for everyone. However, if you patch the security hole and scan your computer for viruses, you should be closer to a safe system again.

Revision History

  • August 10, 2003:
    • Initial release.
  • August 11, 2003:
    • Added log file information.
    • Included information about possible virus and trojan infections with examples.
    • Added information on how to stop the Remote Procedure Call Service from rebooting the computer.
  • August 12, 2003:
  • August 13, 2003:
  • August 22, 2003:
    • Adjusted order of actions, placing activation of the firewall first.
  • September 10, 2003:
  • May 1, 2004:
    • Updated information to include latest LSASS.exe issue.
 Posted by Black Viper at 4:09 PM

I disabled Remote Procedure Call (before I read your advice) and my computer is broke! What do I do?

 FAQ, Services FAQ, Windows 2000 FAQ  No Responses »
Oct 282002
 

Boot into safe mode and install this registry patch. It will place RPC service back into automatic. After applying the registry fix, you should be able to boot normally.

This file contains only the “Start” key:

The “RpcSs” service, this information is applied:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Start"=dword:00000002

  • Download File Name:
    RpcRepair.zip ~ 288 bytes ~ Version .01 ~ October 28, 2002

If this does not fix the problem, you can attempt to reinstall Windows on top of the old installation. This usually repairs the OS, but keeps user data still accessible. However, I do not support such actions for obvious reasons and you will need to reapply all patches, driver updates and service packs.

Anything on this page is offered with zero guarantee. Back up everything vital.

 Posted by Black Viper at 12:04 PM
Page 1 of 3123

Ads

Copyright © 1999-2012 by Charles "Black Viper" Sparks. All Rights Reserved.
Contact BV | Disclaimer | Privacy Policy

 All comments are moderated. You will not see them appear instantly. Suffusion theme by Sayontan Sinha