Enable debug GPOs

If  you like the userenvlog from Windows XP, you may want to know how to get more information from the GPSVR service in Windows 2008/Visa/Win 7.  If so then try this:

How to enable logging in the Gpsvc.log file To enable logging in the Gpsvc.log file, follow these steps. Click Start, click Run, type regedit, and then click OK.

1.  Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
3.  On the Edit menu, point to New, and then click Key.
4.  Type Diagnostics, and then press ENTER.
5.  Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
6.  Type GPSvcDebugLevel, and then press ENTER.
7.  Right-click GPSvcDebugLevel, and then click Modify.
8.  In the Value data box, type 0x30002, and then click OK.
9.  Exit Registry Editor.
10.  At a command prompt, type the following command, and then press ENTER: gpupdate /force
11. . View the Gpsvc.log file in the following folder: %windir%\debug\usermode

Tip, Verifying Windows Box state, before and after installing a software

Monitor an Install Program Without Using Any (Expensive) Tools

Finding out what files have been copied/updated by another install program is very easy when you know how.

   1. First of all, take a 'clean' machine, i.e. one that has only got an operating system on it.

   2. Make a dump of the file list.  This can be done by typing
      DIR c:\*.* /s/one >c:\before.txt
   3. Open REGEDIT.EXE and go to Registry->Export Registry File and save the registry as   c:\before.reg
   4. Install the product that you want to monitor

   5. Make another dump of the file list by typing
      DIR c:\*.* /s/one >c:\after.txt

   6. Open REGEDIT.EXE and go to Registry->Export Registry File, as before, and save the registry as c:\after.reg

You now have all the information required to find out everything about the program that you installed 
---------------------------------------- ---------------------------------------- ----------------------------------------

Troubleshooting group policy win7 / win2008r2 gpo

tips:

http://www.grouppolicy.biz/archives/tutorials/

http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx

http://technet.microsoft.com/en-us/library/cc749336%28WS.10%29.aspx

in "Microsoft Technet"

GPLogView

Often times, it is easier to read text files for troubleshooting instead of using the Event Viewer. In fact, exporting event logs into text files may be the only solution when troubleshooting computers in remote locations. GPLogView is a utility you can download and use to export Group Policy event data from the system and operational log into a text, html, or xml file. You can download GPLogView from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=75004). The following examples show the syntax of commonly used options for GPLogView.

Example 1: Export all Group Policy events

You can use GPLogView to export all Group Policy–related events from the system log and the operational log.

gplogview -o gpevents.txt

Example 2: Export Group Policy events with a specific Activity ID

GPLogView filters Group Policy–related events by Activity ID, which is useful when troubleshooting a specific instance of Group Policy processing.

gplogview -a 8A7C7CE5-F7D0-4d32-8700-57C650A53839 -o gpevents.txt

Example 3: Monitor Mode

You can use GPLogView to capture Group Policy events in real time. GPLogView writes all Group Policy related events to the command window, as they occur. Press CTRL+C to exit monitor mode, or press Q and ENTER.

gplogview -m

GPO preprocessing: + networking

http://technet.microsoft.com/en-us/library/cc727306%28WS.10%29.aspx

Nice feature do examine... Win7 / Win2008

Redirect built into windows?


netsh interface portproxy add v4tov4 listenport=8080 connectaddress=10.1.1.1 connectport=8080 protocol=tcp
.
Could it be used to redirect traffic?  probalbly ;)
.
hxxp://ipv6int.net/systems/windows_xp-ipv6.html
.
Basic IPv6 functions

Overview

I think on WinXP IPv6 is not active in a default installation. The IPv6 part has to be installed and activated manually on the command line:
netsh interface ipv6 install
Afterward IPv6 is active and ready to perform stateless autoconfiguration for local and global addresses.

Preference

Windows XP prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).

Privacy Extensions

Privacy addresses are enabled and used by default after the installtion of IPv6. They can be manually deactivated on the command line: netsh interface ipv6 set privacy disabled

Packet Filter/Firewall

Windows XP integrates since Service Pack 2 (SP2) a stateful IPv6 firewall into the base system firewall, called just Windows Firewall.

Tunnelling IPv4/IPv6

Configured tunnels

Windows XP supports configured tunnels with the integrated tunnel interface. Setting up a manual tunnel requires several steps on the command line.
Beforehand, you need the following information:

$host-ipv4

IPv4-address of the host

$router-ipv4

IPv4-address of the router/tunnel-server

$tunnel-v6host

(Tunnel) IPv6-address of the host

$tunnel-v6router

(Tunnel) IPv6-address of the router

Create the tunnel interface:
netsh interface ipv6 add v6v4tunnel "tunnel name" $host-ipv4 $router-ipv4


Add IPv6 address:
netsh interface ipv6 add address "tunnel name" $tunnel-v6host 


 Put IPv6 default route on the tunnel router:
netsh interface ipv6 add route ::/0 "tunnel name" $tunnel-v6router

6to4

When IPv6 is active and the system has a public IPv4 address, Windows XP automatically activates 6to4 if the interface does not have a global IPv6 address.


In our tests, the configuration of the public 6to4 anycast address was necessary:  
netsh interface ipv6 6to4 set relay 192.88.99.1

Other tunnels

As per the documentation, Windows XP SP2 supports several other tunnelling mechanisms:

• Automatic tunnels: Deactivated by default
• ISATAP: Activated by default
• 6over4: Deactivated by default
• Teredo: Deactivated by default
• PortProxy

tcpdump - for win :P

A friend of mine (thanks Kabrinsky ;) told me that there is a tcpdump for win boxes that doesn't need's instalation.

I searched... found it, and it's very nice, here are some brief tips, for me (i really don't have a good memory, soo a write stuff...to remember):

Where to find it:

hxxp://www.microolap.com/products/network/tcpdump/

usage: 

+ find your box interfaces

   tcpdump.exe -D

+ listen to everything on interface 5

   tcpdump.exe -i 5 -nn -vv

+ listen to everything on interface 5 and save it to a file

  tcpdump.exe -i 5 -nn -vv -w tt.pcap

+ listen only to some ip's and save it to a file

  tcpdump.exe -i 5 -nn -vv -w tt.pcap host 192.168.1.254 and host 192.168.1.64

+ to save all the packet data: -s 0
  tcpdump.exe -i 5 -nn -s 0 -vv -w tt.pcap host 192.168.1.254

that's it.

.

.