Blank Desktop, No Mapped Drives

Had a weird issue pop up recently. The background is this. The client had a new Windows 2012 server installed running as a domain controller, DHCP, DNS, and file server. Some new switches were installed.

The issue I came in to help with was that people were not able to connect to the network for some reason. These were people who just came back from a long period of time and logged in but were not getting connectivity to the network drives or printers. We thought that the solution was to put them into another port on the switches which did work for some people but for some reason it didn’t work that day.

As I was trying to figure out this problem, another issue arose. I rebooted someone’s PC who was having network connectivity problems and all I got was a blank desktop with a cursor for the mouse. Even in safe mode, I got the same symptom. Checking IPCONFIG I got the 169.x.x.x address. You know what that means, it wasn’t getting an IP assignment from the DHCP server.

Another tidbit of information – this network didn’t have folder redirection or roaming profiles so it wasn’t either of those that was causing issues. After some trial and error, I was able find a Band-Aid while we worked towards a solution. The temporary fix was to disconnect the LAN cable, log in, then connect back up. After that, people were able to use their PCs. But the issue still remained without employing the Band-Aid fix. Why are they getting blank screens with a mouse pointer and nothing else?

We don’t know exactly what fixed it but we did a few things and either one or a combination of the things we did apparently fixed the problem. Rebooted all the switches. And I found that the DHCP wizard was complaining about something not being completed. I ran through the wizard to finish it all up. I don’t remember exactly what it was but some final steps needed to be completed. I believe there are some accounts/groups that needed some DHCP service permissions that it found wasn’t done. Rebooted the new 2012 server.

After doing those, the network authentications problems, network connectivity issues, and blank screens all disappeared. My personal feeling is that the DHCP wizard needed to finish up the permissions. The reason I think that is because of the fact that client PCs were not getting IP assignments. In any case, the problem was fixed and everyone was back to work within a few hours.

Hope this helps someone.

Advertisements

Trinity Rescue Kit allowed me to access files off a PC that wouldn’t boot into Windows

The Trinity Rescue Kit (“TRK” as I’ll refer to it in this article) is a wonderful tool to have in your tool bag if you’re an IT person. I’ve used this many times to reset the local Windows administrator password on PCs. If you’re game to navigate its text-only, non-GUI, non-mouse, user interface, then make sure you have a copy of it with you. I won’t go over how to create a bootable Trinity Rescue Kit CD because that’s on the web.

But what I will talk about is a cool way I’ve used it recently. I had a customer who recently purchased a Mac and wanted to copy her data from her old PC to it. Problem was the OS on the PC was corrupt. I tried some basic stuff to get the PC up and running. It wouldn’t boot into safe mode and an in-place upgrade wasn’t going to fit in the time frame that I needed to get the work done in.

Thankfully I had the TRK CD with me. Up until today, I’ve only used it as a local password reset tool as I mentioned. I booted it up with the intention of finding some sort of BART PE or other bootable environment so I can access the files, copy them to external storage, then copy it to the Mac.

Guess what I found to my surprise which turned out to be a much better solution?

Enter TRK’s Fileserver Utility

TRK has a fileserver utility which makes it able to share files over a network. I proceeded to set up the parameters which amounted to just enabling the fileserver and setting up a user and password. Then I used TRK’s IP configuration utility to assign a fixed IP address to what it called Ethernet 0 (or 1, I forget). The adapter it found was the onboard CAT5 NIC. I just tested to see if I could ping it once the cable was plugged into the customer’s switch and used SMB from the Mac’s Finder to connect to the TRK fileserver on the old PC using the IP address I gave it then connected using the credentials I set up.

Voila! It worked! I could see the file system on the old PC from the Mac, so I copied the files over the network to the Mac user’s home folders.

The customer now has all the data she needed from her old PC. I didn’t have to repair the OS or reinstall in on the old computer. All I had to do was boot into TRK, enable the fileserver, assign a user/password, then assign a fixed IP address. The only thing that could’ve messed me up was a corrupt file system on the old hard drive, but that wasn’t the case.

Trinity Rescue Kit saved my skin again!

Is Windows or Mac slow, getting pop-ups, seeing too many ads, or is it freezing?

You probably have some form of malware. I consider malware to be software that causes your computer to act funny when you know the hardware is in good working order. Whenever I get reports that a person’s computer is suddenly doing things out of the norm, I immediately suspect malware as the cause. If it boots up into safe mode and acts like it should, then that’s a confirmation something is wrong on the software side of things.

If it still acts shows symptoms in safe mode then I may be some other problem. It could be a bad hard drive, motherboard, memory, or even malware that’s embedded itself in the lower levels of the operating system. A hardware diagnostics will more than likely tell us if it’s hardware. Most big name manufacturers include diagnostics software. You just have to find out how to get to it. In most cases it’s in the form of interrupting the normal boot up process with an F-key. Those keys at the top of your keyboard – F1 through F12, usually. If that comes back with everything passing, then you have malware.

If a system restore doesn’t rid your computer of the malware symptoms, I have three anti-malware tools that I use often in situations like these. Other techs have theirs and there are several out there. Here are the tools I use.

1. Kaspersky’s TDSSKiller

2. Malwarebytes

3. ComboFix

All are free to download and use. I usually run Malwarebytes first. Nine times out of 10 it’ll find what’s infected your computer. If problems still persist then I run TDSSKiller and ComboFix.

While Malwarebytes is scanning away, I’ll do couple other things.

I’ll check add/remove programs and see if there are any recently installed programs. If they look suspicious, I just remove them. If I’m not sure, I ask the owner or user if they’re familiar with and use the programs in question. If not then it’s removed. I find a lot of coupon or shopping applications as well as so-called “tune-up” programs that aren’t really viruses but cause the computer to run really slow. These are usually culprits for slowness and freezing problems. If you downloaded freeware from an unknown site and right afterwards the computer started acting up, then guess what, you probably got a Trojan malware.

It doesn’t really matter how you got malware. By virtue of being connected to the internet, you are prone to get some malware sometime. The good news is that you can get rid of them most of the time. Even the dreaded CryptoLocker. The way to remove it that worked for me several times is this. Google how to remove it manually – seriously. There are steps you can follow. Follow them. Run a Malwarebytes and ComboFix scan. You may get some message that CryptoLocker has been removed or tampered with or something like that and that your files are still locked and you still need to pay to unlock them. You won’t be able to open any files. Before paying the ransom try this. Create a brand new user profile. I don’t guarantee it’ll work for everyone but it’s worth a shot.

Running these free malware removal tools is free and easy. If you feel like you might have malware, try using them. Other tools that are free to download and use are SuperAntiSpyware, Spybot Search and Destroy, Avast, and Ad-Aware by Lavasoft. Malware is a fact of life in the connected world but with diligence and knowledge as well as these free malware removal tools, you can get your computer back to normal in no time.

What about Apple’s Macs?

Believe it or not, there are malware programs directed at you too! Don’t worry, big name antimalware companies have products for you. There are a couple free ones as well. Sophos Free and ClamXav are two I’m familiar with.