The network administrators started their brains and summed up a lot of network troubleshooting skills. However, by carefully reviewing these skills, we can see that some of the troubleshooting skills are performed on the Windows interface. Although these tricks are more convenient for users, it can also effectively improve the efficiency of network troubleshooting, but these tricks may not be applicable to all network faults. Some special network faults sometimes follow some network commands provided by the Windows system, clever use of these network commands may result in higher network troubleshooting efficiency!
Use SC command to solve service window failure
To prevent illegal users from attacking the local system or spying on important local privacy information through hidden sharing enabled by the local workstation system by default, we often open the Service List window of the local system, go to the Server service attribute settings page and manually stop the Server service, so as to disable local system sharing.
However, in some cases, no matter how we operate, we cannot enter the Server service attribute setting interface, so we cannot disable the system to hide sharing by disabling the Server service, in this case, when the service window cannot be opened, can we disable the hidden sharing in the local workstation?
The answer is no! We can use the built-in SC command of Windows workstation to cleverly stop the Server service in the workstation system, so as to disable all the hidden shares of the system at one time, the specific implementation steps of this method are as follows:
Log on to the local workstation system as a system administrator, and click the start and run menu options on the system desktop to open the system run box of the local workstation, enter the string command "cmd" and click the Enter key to enter the MS-DOS work window.
At the command line prompt in the MS-DOS window, run the "SC config lanmanserver start = disabled" string command when a success prompt appears.
So we can easily stop the System Service Server from running without entering the Server service attribute setting interface. When we view the hidden shared resources of the system, all the hidden shared resources are deleted at one time, so that illegal users cannot perform security attacks on the local workstation by hiding the shared resources.
In a LAN environment, All workstations in the LAN are often set to use static IP addresses in order to effectively improve the network logon speed of workstations and facilitate efficient network management by network administrators.
However, in a Windows window, if a common user encounters a network failure that cannot access the Internet, he or she will enter the TCP/IP attribute settings window of the corresponding workstation at will to randomly change the IP address, in this way, IP address conflicts frequently occur in the LAN, which negatively impacts the management and maintenance of the LAN.
To solve frequent IP address conflicts and faults in LAN workstations, we can use the Regsvr32 command in the system to hide the "Network Connection" icon, in this way, if a common user cannot find the "Network Connection" icon, the IP address of the workstation cannot be modified at will. The specific implementation steps of this method are as follows:
The user can modify the IP address of the workstation only after entering the "Network Connection" attribute setting interface. The "network connection" attribute setting interface is displayed with the system's dynamic link file Netshell. dll, Netman. dll, netmask X. dll-related, these linked files are all controls of the wks system, they are automatically registered by the Windows operating system by default.
Now, we can use the Regsvr32 command to unregister the above dynamic link files from the system. When a common user wants to enter the "Network Connection" attribute setting interface to modify the IP address of the workstation, because the system cannot find the corresponding dynamic link file, the "Network Connection" attribute setting interface is not displayed. In this way, normal users cannot modify the IP address at will.
In the dynamic link file Netshell. dll, Netman. dll, netmask X. during the dll anti-registration operation, we can log on to the local workstation system as a system administrator, and click "start" and "run" menu options on the system desktop, open the system run box for the local workstation, enter the string command "cmd", click the Enter key to enter the MS-DOS work window.
At the command line prompt in the MS-DOS window, execute "Regsvr32/u Netshell. dll "input string command. When the system prompts a message, it indicates the Netshell of the local workstation. dll Dynamic Link file is successfully unregistered from the system.
In the same way, run the string command "Regsvr32/u netmask X. dll, Regsvr32/u Netman. dll to dynamically link the file netw.x in the local workstation. dll, Netman. dll is not registered. When we try to modify the IP address of the workstation after the unregistration of all dynamic link files is completed, we will find that the TCP/IP attribute setting window in the system cannot enter, in this way, we can successfully resolve frequent IP address conflicts and faults.
Use netsh to solve system hidden network faults
There is a Vista workstation in the LAN, and the Internet connection fails. The specific phenomenon is that the local connection icon shows normal, with data packets sent and received packets, but the workstation cannot access the Intranet and Internet. I first checked the NIC device of the workstation and found that the yellow signal light of the device is bright but not blinking. The yellow signal light indicates that the NIC device has been connected to the network, if the signal light does not flash, it means that the workstation does not exchange data. Will it be a transient or broken connection of the network cable?
I quickly borrowed a professional cable tester from my friend to test the connectivity of the network connection cable. After the test, I found that the eight signal lights were highlighted in turn, which also proved that there was no problem with the network cable. At this point, I can basically conclude that the fault is not a network or hardware problem, but a problem with the settings of the workstation system. There are many factors that cause wks to be unable to access the Internet, but in general, the system settings can be considered from the following aspects:
First, go to the TCP/IP attribute setting interface of the Vista workstation and check whether the Internet access parameters of the local workstation are correct, including the IP address, gateway address, subnet mask, and DNS server address, the results show that these parameters are correctly set.
Go to the IE option settings page, check whether the proxy function is enabled, and the result is not displayed. Then go to the advanced option settings page of IE browser, all the settings are restored to the default status, and the Internet access is still unavailable after tests. After careful inquiry, no "ip address conflict" fault has occurred before the workstation, and no firewall software has been enabled. Is it possible that the physical address of the NIC device is lost or the wks system does not scan the NIC device?
So I follow the previous steps, enter the MS-DOS work window, And in the command line of the window to execute the string command "ipconfig/all ", as a result, the IP address and physical address of the NIC are correct.
Next, I try to fix the local connection and temporarily disable the local connection icon. After a while, I re-enable the local connection. Then, I found that the workstation still cannot access the Internet. I had to restart the Vista workstation, but this effort still had no effect.
In desperation, I searched for related faults on the Internet, and occasionally saw that the Vista system sometimes encountered a Winsock setup error, which may be the cause of the failure of Vista workstation to access the Internet. Therefore, I carefully follow the steps below to try to restore the Winsock setting status of Vista to the correct state:
First, log on to the local workstation system as a system administrator, and click the "Start" and "run" menu options on the system desktop to open the system running dialog box for the local workstation, enter the string command "cmd" and click the Enter key to enter the MS-DOS work window.
At the command prompt in the working window, enter the "netsh winsock reset" string command, and click the Enter key. After the Vista system starts to perform Automatic Restoration for Winsock settings, I restarted the Vista workstation system and tested the Internet connection. I found that the network failure that could not be accessed had disappeared. This indicates that the above network fault is caused by a hidden error in the Vista system. In the future, when we encounter a similar fault, we can try to use the netsh command to eliminate the hidden error in the Vista system.
Use RunAs to solve server faults that do not have the right to maintain
To ensure secure operation of LAN servers, we believe that many operators do not usually log on to the system using privileged accounts and maintain servers. However, in actual server maintenance, many applications can run only with system administrator privileges.
In this situation, many friends may use privileged accounts to log on to the server system again to run these special applications. However, in the privileged running status, the running security of the server is also greatly threatened. To ensure the security of the server and run some special applications normally, We Can skillfully use the RunAs Command provided by the server system, to allow the server to perform maintenance and management operations on the server under the normal account permission status. The following describes how to implement this method:
First, log on to the server system as a normal user so that the server runs under the normal account permission status, click Start or run commands on the system desktop one by one, enter the cmd string command in the pop-up system run box, and click Enter, switch the server system interface to the MS-DOS window.
Then, enter the string command "runas/user: cmd" at the command prompt in the window. "domain" indicates the domain of the server. If there is no domain in the LAN environment, "domain" is the host name of the local server, and "account" is the system privileged account name. When we click the Enter key, the system will ask us to enter the logon password of the privileged account.
Once the password is entered correctly, click the Enter key. In the pop-up command window, you can use the relevant network commands to maintain the server privileges; after the privileged maintenance operation is complete, we still need to remember to close the privileged command window in time so that the server security can be well guaranteed.