Forcing an application to use a specific network card

Forcing an application to use a specific network card in Windows is something that may end up being super handy at times. For instance, if you’re connected to your company’s corporate [restricted] network via the Ethernet cable and also connected to the Guest [open] network via the wireless network card, you may decide to route an application through of one the two. Note that Windows uses the “metric” of a network card to choose which NIC have priority over the other, and if you want to keep that unchanged, then forcing an application to use a specific network card is what you need.

In order to achieve this, we will use a 3rd party application called ForceBindIP, available at this link http://www.r1ch.net/stuff/forcebindip/.

The nice thing of ForceBindIP, is that it comes as a portable application (or you can choose the installer version). If you go ahead with the portable version, make sure you keep the files (.dll and .exe) together.

Extract the zipped folder and you will find 4 files, 2 DLLs and 2 EXEs:

forcebindip

As you can see, two files (DLL and EXE) are for 64bit systems/applications and the other two are for 32 bit systems/applications. If you are using a 64bit OS, keep both versions. In fact, you will need to use both, depending on the application you’re going to launch. For instance, Firefox on a 64 bit OS, will still run as a 32 bit application, and for that you will need to use ForceBindIP. Instead, the Microsoft Remote Desktop tool (mstsc.exe), on a 64bit OS, must be ran with ForceBindIP64.

Let’s make an example on how ot use this application:

  • I have 2 NICs, one connected to the corporate network that has this IP address: 10.1.1.55. The second NIC, is connected to the guest network and has this IP address: 192.168.50.20.
  • I want firefox to use the guest network.
  • 64bit OS

Open the command prompt and type:

That’s it! It’s that simple, really. Firefox will launch and will be using the guest network.
Here’s an example if you want to run mstsc.exe (on a 64bit system) with the guest network:

Or, if you have a .rdp file saved:

Have fun! :)

 

Read More

How to run a powershell script in the background

This article is meant to give a quick and simple example on how to run a powershell script in the background (hide the console) without using a 3rd party script (VBS scripts is what you see a lot on the internet).
Now, consider that the method I will show you will still show the Powershell console for a few instants before disappearing.

For instance, on a computer I own, I have a script that starts every hour and runs only when the user is logged on. The powershell console will appear in front of everything else, making a bit annoying, especially if you’re watching a movie or working on something.

So, in order to run the script in the backgroup, add the following code at the beginning of the script:

You may even keep the console opened and decide to hide it in the middle of the script, for instance:

Read More

Breaking a nested ForEach in Powershell

Breaking a nested ForEach in Powershell might be challanging if you don’t know that you can use labels to point the script to another location. Normally, you will require to stop a loop when you’re comparing objects from different arrays and want to terminate the loop when they match. There’s a command called “break” which is the key to breaking a nested ForEach in Powershell, however using just break will actually break all of the loops where the command is contained.

Let’s make an example. Let’s say we have two arrays, $arrayA and $arrayB. $arrayA contains the letters “a”, “d” and “f” whilst $arrayB contains “a”, “b”, “c” and “d”. We want to check each single element in $arrayA against each single element in $arrayB. This is when we will need a nested ForEach cycle.
Now, we want to compare them in order to report when an object in $arrayA is contained in $arrayB, in that case, we also need to quit the current ForEach to avoid a wrong report to show (keep reading to understand better this point).

This is how the script will look like:

o, when $a equals to $b, we must break the cycle because the object has been found and we no longer need to double check it against the other objects. If we do not use the break command, the script will continue.

Let’s try to use the script logic to explain why we need to break it, by showing what would happen when break isn’t used:

  • We’re comparing “a” (from $arrayA) with “a”. Good, it matches, so we set $temp_entryMatch to 1.
  • Now we compare “a” (from $arrayA) with “b”. Nope, they do not match, set $temp_entryMatch to 0 (zero).
  • Now we compare “a” (from $arrayA) with “c”, then “d” with the same results: setting $temp_entryMatch to 0 (zero).
  • Now that we’re done with the first nested foreach, we check if $temp_entryMatch has a different value than 0. It doesn’t, so we will write that “a” is NOT contained in ArrayB.

But hang on a minute! “a” it’s contained in $arrayB! What went wrong? Well, simply the fact that we didn’t break the loop once “a” matched “a”, so the temp variable ($temp_entryMatch) got reset to 0 (zero).
This is really important in these sort of loops where you store data to a temporary variable.

Here’s the output when I run the script as reported above:

Nested-ForEach-PowerShell_with-Break

And here’s what happens when I run it without the “break” command.

Nested-ForEach-PowerShell_WITHOUT-Break

As you can see, only “d” is reported to be contained in $arrayB just because of luck, in fact it was the last item in the loop and it happened to match. This is it on Breaking a nested ForEach in Powershell!

Read More

Migrate DHCP Reservations with Powershell

In order to Migrate DHCP Reservations with Powershell, you just need one simple line of code. It works also with different OS, for instance I managed to migrate the DHCP Reservations I had on a Microsoft Windows 2008 R2 server over to a Windows Server 2012 R2.

I suggest to run the command from the OS where you’re migrating to, which in theory is going to be the newer version.

The above command will first get (Get-DhcpServerv4Reservation) the current reservations on SRV01 for the Scope ID 10.220.0.0, then, it’ll add each reservation (Add-DhcpServerv4Reservation) to the server called NEWSRV02 for the Scope ID 10.220.0.0.
Migrating DHCP reservations with powershell will make migrations a bit less painful :) .

Read More

How to stop McAfee Client Proxy (mcpservice.exe)

McAfee Client Proxy (mcpservice.exe) Version 2.3.0.0 no longer has its own service, so when you try to stop the process, even as SYSTEM, it’ll fail with an Access Denied error.

mcafee-client-proxy_mcpservice.exe_2.3.0.0_unable-to-terminate_access-denied

So, how to stop McAfee Client Proxy (mcpservice.exe)? Well, with the help of Process Hacker (Process Explorer should also do). Before continuing, let me say that you’ve got to be extra careful and that you’ll be responsible should anything go wrong (these are easy steps though..).

Download link for Process Hacker: http://processhacker.sourceforge.net/

Once I ran Process Hacker, I noticed that the McAfee Client Proxy had a parent process called mfemms.exe that starts from a service called McAfee Service Controller. So that means we’re still going to be able to try and stop this process by working on the parent’s.

mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-properties

Note: If you’re running an old version of McAfee Client Proxy Service, that has its own service, you may follow the steps below that I will action against mfemms.exe and then stop the process.

So, back in Process Hacker (remember to run it as an administrator!):

  • Go to the Services Tab.
  • Go to mfemms’s properties.
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-mfemms-properties
  • Under the tab Security, click Advanced and change the owner to Administrators. Click Ok twice, until mfemms’  properties window closes. You must run this step in order to run next’s!
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-mfemms-properties-security-advanced
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-mfemms-properties-security-owner
  • Now assign Full Control to Authenticated Users and Administrators (just Administrators didn’t work for me). Do the same for SYSTEM if you’re running as SYSTEM.
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-mfemms-properties-security-permissions
  • You can finally stop the service.
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-stop-mfemms
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-mfemms-stopped
  • Now that the parent service is stoppped, go back to the Processes Tab and kill mcpservice.exe.
    • mcafee-client-proxy_mcpservice.exe_2.3.0.0_process-hacker-terminate
  • After a reboot, the process will start again. You may disable mfemms service to prevent it from starting again (not suggested as this service may be controlling other important processes/services).

Read More