Senthil Murugan's Blog

Home » technical

Category Archives: technical


Jasperserver report supporting multiple language like Chinese

Create the report (jrmxl) with font name Arial Unicode MS and follow the below steps

1. Arial Unicode.jar (size 14829kb) file needs to be copied into jasper server folder (C:\Jaspersoft\jasperreports-server-cp-6.3.0\apache-tomcat\webapps\jasperserver\WEB-INF\lib)

2. Restart the jasper service

All the reports like below

replace: fontName=”Arial Unicode MS” pdfEncoding=”Identity-H”

upload the file and you can get the Chinese character on the report


Top 10 reason to upgrade oracle 12c from old version

While your database may be running “fine” and your DBAs could be understandably skittish about rocking the boat by upgrading, in truth there are many tangible benefits to gain from upgrading to Oracle Database 12c.

In this expert e-guide Brian Peasland, a DBA with over 20 years of experience, breaks down 10 reasons you should upgrade. Here are the first 3:

  1. Increased Oracle support
  2. Updated hardware and operating systems
  3. Security patches

Learn the remaining 7 inside now.

Thanks to TechTarget

CRITICAL ALERT – Wannacry/ WannaCrypt Ransomware

Dear Friends,

Many organizations around the world were victims of malicious “WannaCrypt” software last week. Seeing businesses and individuals affected by cyberattacks such as this is painful. Our teams have worked relentlessly over the last few days to take all possible actions to protect our customers.

Here are a few things for your reference:

  • If you are using Windows Vista, 7, 8.1 & 10: In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Security Update enabled are protected against attacks on this vulnerability.
    For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • Activate Windows Defender: For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider whether they are protected.
  • If using older version of Windows: Customers running versions of Windows that no longer receive mainstream support may not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we have released a Security Update for platforms in custom support only. Windows XP, Windows 8 and Windows Server 2003 Security Updates are broadly available for download now (see links below).
  • Additional Steps to consider: This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect againstSMBv1 attacks, customers should consider blocking legacy protocols on their networks). Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources.

More information on the malware is available from the Microsoft Malware Protection Center though the Windows Security blog. We are working with our customers to provide additional assistance as the situation evolves, and will update this blog with details as appropriate.

You may also want to read though the blog posted by Brad Smith, President and Chief Legal Officer, Microsoft, looking at the broader implications of the malicious “WannaCrypt” software attack.

If you have any questions or concerns:

· Webinar: You may want to join the Webinar on Wannacry Attack Q&A, 22nd May, 11am. Join here.

· Email: Please write to us Our team will respond to you on priority.

Thanks and regards,

Microsoft India Team


Further resources:

Download English language security updates: Windows Server 2003 SP2 x64,Windows Server 2003 SP2 x86,Windows XP SP2 x64,Windows XP SP3 x86,Windows XP Embedded SP3 x86,Windows 8 x86,Windows 8 x64
Download localized versions for the security update for Windows XP, Windows 8 or Windows Server:
Read general information on ransomware:
Download MS17-010 Security Update:


Where can I find the official guidance from Microsoft?

Is the update available for Windows 2003 & Windows XP as well?

Yes. The link for download of the update is available at the end of this article

Will the update run on unlicensed Windows?

It is recommended that the update is run on a licensed version.

What about Windows 2003 R2?

The Windows 2003 update should get applied on Windows 2003 R2 as well.

Will the installation of the patch, prevent the occurrence of ransomware?

No. Applying MS17-010  is just preventing the malware from spreading, not giving protection against the infection itself. Based on reports, this malware is using Social Engineering to target companies.Please warn your users to not open, click or enable macros on email reception.

  • The priority is that your anti-virus can detect the malware.
  • Verify that you have up-to-date signatures, along with patching the Windows systems
  • Make sure that users have the level of knowledge required to never click on suspicious attachments even if they are displayed with a familiar icon (office or PDF document). Where an attachment opening offers the execution of an application, users must under no circumstances should accept the execution and in doubt, users should you consult and/or consult the administrator.
  • Implementation of strong filtering in O365:

  • Exchange Online Protection

Security tips to Protect against Ransomware

Is the ransomware effective only if the user has administrative rights on the client machine?

No. This piece of ransomware, like most of others, once executed, encrypts all files it can reach in the context of a user, if the user is an admin on the box the outcome is more devastating. In addition this ransomware also tries to disable shadow copies and make some registry changes in HKLM hive which require administrative privileges.

When it tries to spread it uses a vulnerability, which once exploited gives the malware SYSTEM level access on the target system. All this means that this attack maybe very successful and destructive even if the users don’t have admin privileges on their unpatched workstations/servers.

Is only disabling SMB v1 Server (LanmanServer) on all our machines helps us to protect from this vulnerability?

Patch installation would be the first option. To answer the question, Yes. SMBV1 should be removed, but in a planned way. Please refer the below link

Do we need to disable SMB v1 client (Lanmanworkstation) as well on all our machines?

No. It is only the SMBv1 server component (which means Lanmanserver), on the client machine and not Lanmanworkstation on the client machine.

What is the impact of removing SMBv1?

  • You’re still running XP or WS2003 under a custom support agreement
  • Windows XP will not be able to access shares on a Windows 2003 Server or any other Operating System
  • Windows Vista and above Operating System will not be able to access shares on a Windows 2003 Member Server or Domain Controller (if you still have them in the environment)
  • You have some decrepit management software that demands admins browse via the ‘network neighborhood’ master browser list
  • You run old multi-function printers with antique firmware in order to “scan to share”

Please refer the below article for more details

If we have to disable smb v1 Server service, what are the registry values to disable it?

When using operating systems older than Windows 8.1 and Windows Server 2012 R2, you can’t remove SMB1 – but you can disable it: KB 2696547- How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

Please refer to the below link for more details

How do we know SMB v1 is active in our environment.  Can we proactively check it?

Yes. Please test this, before using in the production environment.

Windows 2016 and Windows 10 provides a way to audit usage of SMBv1, which can be found here

Is Windows 10 affected as of now?
The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack as of now.
Customers running Windows 10 were not targeted by the attack today.

That being said, Windows 10 systems also need to be patched, because the variants can be developed. In addition to this, it would be recommended to remove SMBv1 from the clients and Windows servers, after doing a complete review of the below mentioned article.


Best Practices to prevent randsomware attacks

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Establish a Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through browser
  • Restrict execution of powershell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging, and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA%, %PROGRAMDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations. Enforce application whitelisting on all endpoint workstations.
  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
  • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Maintain updated Antivirus software on all systems
  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
  • Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)
  • Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
  • Network segmentation and segregation into security zones – help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
  • Disable remote Desktop Connections, employ least-privileged accounts.
  • Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, Check regularly for the integrity of the information stored in the databases.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications.
  • Enable personal firewalls on workstations.
  • Implement strict External Device (USB drive) usage policy.
  • Employ data-at-rest and data-in-transit encryption.
  • Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.
  • Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

whitelist ip with microsoft–hotmail and yahoo mail service

Please use the below link to submit your mail server information, so that microsoft will whitelist your ip address after validating your information

Remote Desktop Printing for the end-users

Thanks to

TS Easy Print technology was first introduced in Windows Server 2008 as an alternative to the use of traditional printing subsystem on Remote Desktop servers. Easy Print avoids the installation of drivers for the redirected printers on a terminal server and allows mapping of client redirected printer to the Easy Print driver. This significantly increases the stability and performance of work of the Print Spooler service and RD server as a whole.

Easy Print functionality is based on the specifications defined in the standard XPS (XML Paper Specification) for printer’s drivers. The main advantages of XPS format: open document format, portable and independent from the hardware platform, low requirements for channel bandwidth (through the use of more lightweight XML standard). XPS print job through an RDP session are transferred to the client PC and processed by a local print driver.

Easy Print — Client Side Settings

To use the Easy Print on the client side, it must meet the following requirements:

  • Operating System — Windows XP SP3 or higher
  • RDP client 1 (mstsc.exe — 6.0.6001) or newer
  • .NET Framework 3.0 SP1 or .NET 3.5
  • In the properties of RDP connection properties on Local Resources tab – Printers redirections should be enabled

rdp devices

If instead of the client mstsc.exe, you run preconfigured RDP shortcut (.rdp), make sure that it contains the following string:  redirectprinters:i:1

READ ALSO How to Install VPN Server on Windows Server 2012 R2

rdp redirectprinters

How to Enable Easy Print on the Remote Desktop Server Side

Easy Printer Driver is installed on the server when you deploy Remote Desktop Services role, and in the printer list appears a new printer named Microsoft XPS Document Writer. This print driver supports a variety of printer models.

windows printers

You can enable the Easy Print on the side of RDS server running Windows Server 2012 R2 only via Group Policy.

  • Open the local (gpedit.msc) or domain (GPMC.msc) Group Policy console
  • Navigate to Computer Configuration –> Administrative Templates –> Windows Components -> Remote Desktop Services –> Remote Desktop Session Host -> Printer Redirection (similar settings are available in the user GPO section)
    gpo easy print
  • Edit and enable the policy Use Remote Desktop Easy Print driver first
    easy print

Tip. If the client doesn’t support Easy Print driver, RDS server looks for a matching printer driver on RD server.

Now, it’s time to test the policy.

  1. Update the policy on the RD server by running command gpupdate /force
  2. Finish your remote desktop connection and login again as an RDP user
  3. Go to Control Panel -> Devices and printers
  4. Find your redirected printer and open it properties
  5. Make sure that Remote Desktop Easy Print driver is used in the Advanced tab
    devices printers easy print
  6. Send the test print job and make sure that it is properly printed on a local printer

READ ALSO How to install printer on Windows 10

By default, the number of redirected printers is limited to 20. This behavior can be corrected by adding to the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
parameter MaxPrintersPerSession and set it value to the desired maximum number of redirected printers.

For better performance, you can redirect only one default printer from clients PC. In this case, enable the policy named Redirect only the default client printer.

enable redirect printer

Thus, by using the Easy Print greatly simplified configuration of Remote Desktop servers. Another thing is that the Administrator will no longer need to install the same printer drivers on the server and the local computer.

"The file you are trying to open … different format than specified by the file extension" while opening XLS (HTML saved as XLS)using Excel 2007, 2010 or 2013

Dear Friends,

Due to various reason, software are saving HTML file as XLS and allowing users to open the file using excel software.

Users are getting the above error message, to avoid this error message, you can add the below entry in registry, so that this warning message will disappear while opening the file.

Excel 2007

Excel 2010

Excel 2013


Thanks to IBM Support Team

How to Create an Execution Plan–SQL Tuning


Autotrace in SQL Developer

This is a step up over the SQL*Plus version. It displays the stats for every step of the plan. So for each operation you can see metrics such as:

  • How many buffer gets it used
  • How long it took to run
  • How many disk reads and writes it did

For more information, please check the below.

Thanks to Oracle  –