I haven't posted in awhile. Time to get back into the swing of things with a little pre-Christmas Season silliness. Occasionally, the practice of network security makes us all a little goofy. Seemingly random pursuits overtake us. Silly thoughts fill our console. Perhaps this is a result of low light in the northern latitudes this time of year...In any event, should use wish to query all of the messages available in the "net helpmsg" file on Windows Vista, you can run a command like this:
for /l %i in (1,1,16000) do @( echo %i && net helpmsg %i ) 2>NUL
This will give a formatted output of every existing net help msg and all numbers that are not so.. Keep in mind that there are most probably less than 5000 of these messages, however they are numbered somewhat inconsistently in the sequence between 1 - 16,000. With cygwin or GNUWin32 utilities loaded you could add:
for /l %i in (1,1,16000) do @( echo %i && net helpmsg %i ) 2>NUL | egrep -B 2 -i [a-z] | tr -d /-/- | tr -d \r
This would produce a long list of only those numbers with messages and, after some substantial period of time and processor use, would yield some very interesting reading. Here are a few of my favorites:
581
A Windows Server has an incorrect configuration.
593
NTVDM encountered a hard error.
597
The parameter(s) passed to the server in the clientserver shared memory window were invalid. Too much data may have been put in the shared memory window.
598
The stream is not a tiny stream.
611
There is an IP address conflict with another system on the network
612
There is an IP address conflict with another system on the network
615
The policy of your user account does not allow you to change passwords too frequently.
This is done to prevent users from changing back to a familiar, but potentially discovered, password.
If you feel your password has been compromised then please contact your administrator immediately to have a new one assigned.
617
You have attempted to change your password to one that you have used in the past.
The policy of your user account does not allow this. Please select a password that you have not previously used.
629
A group marked use for deny only cannot be enabled.
670
WOW Assertion Error.
677
{Too Much Information}
The specified access control list (ACL) contained more information than was expected.
678
This warning level status indicates that the transaction state already exists for the registry subtree, but that a transaction commit was previously aborted.
The commit has NOT been completed, but has not been rolled back either (so it may still be committed if desired).
680
{GUID Substitution}
During the translation of a global identifier (GUID) to a Windows security ID (SID), no administrativelydefined GUID prefix was found.
A substitute prefix was used, which will not compromise system security. However, this may provide a more restrictive access than intended.
704
{Redundant Read}
To satisfy a read request, the NT faulttolerant file system successfully read the requested data from a redundant copy.
This was done because the file system encountered a failure on a member of the faulttolerant volume, but was unable to reassign the failing area of the device.
705
{Redundant Write}
To satisfy a write request, the NT faulttolerant file system successfully wrote a redundant copy of the information.
This was done because the file system encountered a failure on a member of the faulttolerant volume, but was not able to reassign the failing area of the device.
730
The system has awoken
746
{Connect Failure on Primary Transport}
An attempt was made to connect to the remote server hs on the primary transport, but the connection failed.
The computer WAS able to connect on a secondary transport.
1265
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
1274
The group policy framework should call the extension in the synchronous foreground policy refresh.
1282
The system detected an overrun of a stackbased buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
1292
An operation attempted to exceed an implementationdefined limit.
1349
The type of the token is inappropriate for its attempted use.
1350
Unable to perform a security operation on an object that has no associated security.
1353
The domain was in the wrong state to perform the security operation.
1370
An internal security database corruption has been encountered.
1384
During a logon attempt, the user's security context accumulated too many security IDs.
2228
There are too many names in the user accounts database.
2385
The Run server you requested is paused.
2431
The alert table is full.
3013
The printer driver is known to be unreliable.
3014
The printer driver is known to harm the system.
3029
Local security could not be started because the user accounts database
(NET.ACC) was missing or corrupted, and no usable backup
database was present.
THE SYSTEM IS NOT SECURE.
3060
The service did not respond to control and was stopped with
the DosKillProc function.
3194
Hanging up a stuck session to ***.
3413
Your logon time at *** ends at ***.
Please clean up and log off.
3513
More data is available than can be returned by Windows.
3950
Reissue the given operation as a cached IO operation
4006
Replication with a nonconfigured partner is not allowed.
6628
Log space is exhausted.
6730
The transaction does not have a superior enlistment.
8606
Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
8629
The specified uptodateness vector is corrupt.
8630
The request to replicate secrets is denied.
10038
An operation was attempted on something that is not a socket.
10059
Too many references to some kernel object.
10107
A system call that should never fail has failed.
11007
There are no senders.
11008
There are no receivers.
15250
The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria.
for /l %i in (1,1,16000) do @( echo %i && net helpmsg %i ) 2>NUL
This will give a formatted output of every existing net help msg and all numbers that are not so.. Keep in mind that there are most probably less than 5000 of these messages, however they are numbered somewhat inconsistently in the sequence between 1 - 16,000. With cygwin or GNUWin32 utilities loaded you could add:
for /l %i in (1,1,16000) do @( echo %i && net helpmsg %i ) 2>NUL | egrep -B 2 -i [a-z] | tr -d /-/- | tr -d \r
This would produce a long list of only those numbers with messages and, after some substantial period of time and processor use, would yield some very interesting reading. Here are a few of my favorites:
581
A Windows Server has an incorrect configuration.
593
NTVDM encountered a hard error.
597
The parameter(s) passed to the server in the clientserver shared memory window were invalid. Too much data may have been put in the shared memory window.
598
The stream is not a tiny stream.
611
There is an IP address conflict with another system on the network
612
There is an IP address conflict with another system on the network
615
The policy of your user account does not allow you to change passwords too frequently.
This is done to prevent users from changing back to a familiar, but potentially discovered, password.
If you feel your password has been compromised then please contact your administrator immediately to have a new one assigned.
617
You have attempted to change your password to one that you have used in the past.
The policy of your user account does not allow this. Please select a password that you have not previously used.
629
A group marked use for deny only cannot be enabled.
670
WOW Assertion Error.
677
{Too Much Information}
The specified access control list (ACL) contained more information than was expected.
678
This warning level status indicates that the transaction state already exists for the registry subtree, but that a transaction commit was previously aborted.
The commit has NOT been completed, but has not been rolled back either (so it may still be committed if desired).
680
{GUID Substitution}
During the translation of a global identifier (GUID) to a Windows security ID (SID), no administrativelydefined GUID prefix was found.
A substitute prefix was used, which will not compromise system security. However, this may provide a more restrictive access than intended.
704
{Redundant Read}
To satisfy a read request, the NT faulttolerant file system successfully read the requested data from a redundant copy.
This was done because the file system encountered a failure on a member of the faulttolerant volume, but was unable to reassign the failing area of the device.
705
{Redundant Write}
To satisfy a write request, the NT faulttolerant file system successfully wrote a redundant copy of the information.
This was done because the file system encountered a failure on a member of the faulttolerant volume, but was not able to reassign the failing area of the device.
730
The system has awoken
746
{Connect Failure on Primary Transport}
An attempt was made to connect to the remote server hs on the primary transport, but the connection failed.
The computer WAS able to connect on a secondary transport.
1265
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
1274
The group policy framework should call the extension in the synchronous foreground policy refresh.
1282
The system detected an overrun of a stackbased buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
1292
An operation attempted to exceed an implementationdefined limit.
1349
The type of the token is inappropriate for its attempted use.
1350
Unable to perform a security operation on an object that has no associated security.
1353
The domain was in the wrong state to perform the security operation.
1370
An internal security database corruption has been encountered.
1384
During a logon attempt, the user's security context accumulated too many security IDs.
2228
There are too many names in the user accounts database.
2385
The Run server you requested is paused.
2431
The alert table is full.
3013
The printer driver is known to be unreliable.
3014
The printer driver is known to harm the system.
3029
Local security could not be started because the user accounts database
(NET.ACC) was missing or corrupted, and no usable backup
database was present.
THE SYSTEM IS NOT SECURE.
3060
The service did not respond to control and was stopped with
the DosKillProc function.
3194
Hanging up a stuck session to ***.
3413
Your logon time at *** ends at ***.
Please clean up and log off.
3513
More data is available than can be returned by Windows.
3950
Reissue the given operation as a cached IO operation
4006
Replication with a nonconfigured partner is not allowed.
6628
Log space is exhausted.
6730
The transaction does not have a superior enlistment.
8606
Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
8629
The specified uptodateness vector is corrupt.
8630
The request to replicate secrets is denied.
10038
An operation was attempted on something that is not a socket.
10059
Too many references to some kernel object.
10107
A system call that should never fail has failed.
11007
There are no senders.
11008
There are no receivers.
15250
The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria.
Apparently there's been a wave of house burglaries in a nearby town during the last month. As you might expect, local residents responded by replacing windows with steel panels, front doors with vault entrances, floors with pressure-sensitive plates, and whatever else "security vendors" recommended. Town policymakers created new laws to mandate locking doors, enabling alarm systems, and creating scorecards for compliance. Home builders decided they needed to adopt "secure building" practices so all these retrofitted measures were "built in" future homes.
I just uploaded a 
If any lawyers want to contribute to this, please do. In my post 
