 |  |
11.5. Microsoft Windows
When documenting problems with Windows, the usual approach is to open a word processing file and copy and paste as needed. Unfortunately, some tools, such as Event Viewer, will not allow copying. If this is the case, you should look to see if there is a Save option. With Event Viewer, you can save the messages to a text file and then copy and paste as needed. If this is not possible, you can always get a screen dump. Unfortunately, the way to do this seems to change with every version of Windows. Typically, if an individual window is selected, only that window is captured. If a window is not selected, the screen is copied. For Windows 95 and NT, Shift-PrintScreen (or Ctrl-PrintScreen) will capture the contents of the screen, while Alt-PrintScreen will capture just the current window. For Windows 98, use Alt-PrintScreen. The screen is copied on the system's clipboard. It can be viewed with ClipBook Viewer. While it is included with the basic Windows distribution, ClipBook Viewer may not be installed on all systems. You may need to go to your distribution disks to install it. With Windows NT, be sure to select Clipboard on the Windows menu. Unfortunately, this gives a bitmapped copy of the screen that is difficult to manipulate, but it is better than nothing. As previously noted, vnc is available for Windows. The viewer is a very small program -- an executable will fit on a floppy so it is very easy to take with you. There are a number of implementations of ssh for Windows. You might look at Metro State College of Denver's mssh, Simon Tatham's putty, or Robert O'Callahan's ttssh extensions to Takashi Teranishi's teraterm communications program. If these don't meet your need, there are a number of similar programs available over the Web. Although I have not used them, there are numerous commercial, shareware, and freeware versions of syslog for Windows. Your best bet is to search the Web for such tools. You might look at http://www.loop-back.com/syslog.htm or search for kiwis_syslogd.exe. ntpd can be compiled for Windows NT. Binaries, however, don't seem to be generally available. If you just want to occasionally set your clock, you might also consider cyberkit. cyberkit was described in Chapter 6, "Device Discovery and Mapping". Go to the Time tab, fill in the address of your time server, select the radio button SNTP, make sure the Synchronize Local Clock checkbox is selected, and click on the Go button. The output will look something like this:The last line is the one of interest. It indicates that synchronization was successful. The help system includes directions for creating a shortcut that you can click on to automatically update your clock. Go to the index and look under tips and tricks for adding cyberkit to the startup menu and under command-line parameters for time client parameters. A commercial version of tripwire is available for Windows NT.Time - Thursday, December 28, 2000 09:02:59 Generated by CyberKit Version 2.5 Copyright © 1996-2000 by Luc Neijens Time Server: ntp.netlab.lander.edu Protocol: SNTP Protocol Synchronize Local Clock: Yes Leap Indicator 0, NTP Version 1, Mode 4 Stratum Level 1 (Primary reference, e.g. radio clock) Poll Interval 6 (64 seconds), Precision -8 (3.90625 ms) Root Delay 0.00 ms, Root Dispersion 0.00 ms Reference Identifier GPS Time server clock was last synchronized on Thursday, December 28, 2000 09:02:38 Server Date & Time: Thursday, December 28, 2000 09:02:38 Delta (Running slow): 1.590 ms Round Trip Time 29 ms Local clock synchronized with time server
|  | |
| 11.4. Security Tools |  | 12. Troubleshooting Strategies |
