SysAdminHell

Yahoo Messenger and Internet Proxies

2009-05-12T14:17:00.002-05:00

I hate proxies but they seem necessary in the Corporate world. Getting all the websites, programs, widgets, etc working as people want can cause much pain and suffering.

This is a simple post, but hopefully it'll save someone a few hours of frustration.

We have a group that has to use Yahoo! Messenger for chat. So I put them on our web filter/proxy, allowing the Yahoo IM access. (Note, our proxy requires NTLM/Active Directory authentication to allow traffic). Those not using Yahoo's client (like those using Pidgin) connected fine. But the official Yahoo client seemed like it wasn't passing the Windows Authentication to the proxy and not connecting. Setting the client's proxy settings to Direct Connection did not work; Yahoo was still pulling Internet Explorer's proxy settings.

After a few hours of searching, I came across this Microsoft KB article: How to Set Up Yahoo Messenger to Use Only Integrated Authentication on Your ISA Server Computer. In the article, it advises that you set your Internet Explorer settings to enable "Use HTTP 1.1 through proxy connections".

Apparently Yahoo Messenger client doesn't send a keep-alive header in it's NTLM request, thus not keeping itself authenticated. Telling it to use HTTP 1.1 forces this, since the keep-alive header is default in 1.1.

Check out the Microsoft article (linked above) for more information, but this simple checkbox fixed the issues for my users. It's not JUST for ISA; I'm not using ISA and it worked for me.

iSCSI, Windows 2003, SANSurfer, and VDS

2009-04-07T15:19:00.010-05:00

So I have a site with two servers having identical problems, a iSCSI volume will not initialize in Window's Disk Management utility (or create a partition in DiskPart).

In the GUI Disk Management, I get the error "Logical Disk Manager: The operation did not complete. Check the System Event Log for more information on the error." In DiskPart, I get the error "The disk management services could not complete the operation." The event log doesn't have an error directly explaining these errors, but sometimes I'll get an Application Error 1004, mentioning vds.exe (Virtual Disk Service) faulted. Google and multiple forum searches don't yield much result.

A little about the setup. I have an IBM DS3300 iSCSI SAN attaching LUNs to two Dell PowerEdge 1950s via a Qlogic QLE4062c cards, using SANSurfer software. (They're not sharing a LUN, each server gets a different one).

So I won't bore you too much, I'll leave out the majority of my troubleshooting and homicidal hatred towards these two systems and just give you the answer (or at least the answer that worked for me).

Turns out that the issue lies in the Virtual Disk Service, which Microsoft has a hotfix for here: Article ID: 948699. Once I installed the fix and rebooted I was able to initialize the disk, format, label, and use.

iSCSI File Shares Disappear

2009-04-02T12:57:00.005-05:00

A quick tip for those new to iSCSI, the Microsoft iSCSI Initiator, and using the two for file sharing.

Setting up the LUN, mapping it as a disk, and putting your file shares on it is great, but there are a few configuration steps you need to take if you experience your share settings disappear every time you reboot (even thought the files remain).

First, ensure that the Server service is dependent on the Microsoft iSCSI Initiator Service. To do this, go into the Services MMC, open the Server service properties, and check under the Dependencies tab. No Microsoft iSCSI Initiator? Open Regedit (Run - regedit.exe) and navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver. Find the key "DependOnService" and set it's value to MSiSCSI. The Server service is responsible for creating the shares; if this service starts up before the iSCSI LUNs are ready on the server, then the shares will not appear.

Second, make sure you set up the Microsoft iSCSI Initiator to automatically restore the connection and drive letters. Under the Targets tab, when you highlighted the target and clicked "Log On", did you check "Automatically restore this connection when the system boots"? If not, remove the connection and log it back on, this time selecting the correct option.

Third, after the drive has been set up and you assigned it a drive letter, go back into the Microsoft iSCSI Initiator software and click on the Bound Volumes/Devices tab. You'll see some funky volume path that looks like gibberish. Highlight it and click Add. Put in the drive letter you assigned and click Ok. This will cause the iSCSI Initiator service to not completely start until the volume has been mapped to the drive letter. Since the Server service now depends on the iSCSI service starting up, it'll have to wait until the volume is available before it can assign share settings.

VMWare Virtual Center and SQL 2005 Native Driver, Part 2

2009-03-30T16:51:00.004-05:00

A quick follow up on a post I did last December, VMWare Virtual Center and SQL 2005 Native Driver. When upgrading your VMWare Virtual Center (vCenter, whatever), it will require you to use the SQL Server Native Client 10.0 in your ODBC when using an external 2005 SQL server.

If you remember, we installed the SQL Server Native Client 10.0 during installation as asked, but couldn't get the service to run after install. To fix the issue, we had to delete the DSN and create a new one using the standard SQL Server driver with the same settings.

Before doing the upgrade, delete your current DSNs and create new ones using the Native Client 10.0 with the same exact settings. Run the upgrade, let it do its thing, then it'll fail when attempting to upgrade the Converter and Update Manager (because at this point the VirtualCenter Server service can't start with the Native 10.0 driver). That's ok, just delete the OBDC connections and recreate them using the "SQL Server" driver. Then go into the Services MMC (Start - Run - services.msc) and start the VMWare VirtualCenter Server service. Give it a few minutes to figure itself out (Virtual Center will reconfigure HA, etc). Then run the upgrade again, this time only selecting Converter and Update Manager to upgrade.

Proxy PAC Files, How to Use With Laptops and Local Bypass

2009-03-30T09:57:00.015-05:00

First, I *HATE* proxy .pac files. With that said, here's some tips on setting up your file.

Here's the challenge. You have a web filter/proxy in your network and you need everyone to go through it. You also need to allow unfettered access to local resources, which can sometimes cause fits with your proxy. Some examples of such fits: not being able to route back to certain local resources, having issues with with special applications that install a local http server (Google Desktop comes to mind here), access to local webservers with certain programs (Microsoft Frontpage), or local webservers that run code that the proxy doesn't like (we have a site that does a lot of perl, designed for internal use only that the proxy just has issues with).

If your client machines are local desktops or Terminal Server sessions that don't leave the network, setting up bypasses for all of this with Group Policy is easy. Just put the IP address or subnet in the Exceptions part of the Proxy Settings configuration window. But what if your clients have laptops that leave the network? Forcing them to use the VPN for web traffic is one way to work around this; it forces all Internet usage on the company machine to be accounted for in the web filter and is easy to configure in their GPO. But what if management doesn't like this option; the clients have to be filtered while in the office but can hit whatever they want when they leave? The answer to this problem is to set up a proxy .PAC file.

The PAC file allows you to configure a user's proxy in many different ways. It's a text file that is referenced by the browser for proxy configuration, and uses a JavaScript function (FindProxyForURL(url, host)) to pull this off. In this post, I'm only going to focus on my requirements to build my PAC file: determining if the user is on the office network and bypassing local resources.

There's quite a few examples of PAC files on the Internet, and I'll provide links to these sites on the bottom of this post. They're all worth a look; considering the custom nature and the many configuration options to PAC files it's a good idea to see what everyone else is doing and develop your own configuration from there.

First, let's determine a way to figure out if you're on the local network or not. Some examples I've seen attempt to determine if the machine is part of the local subnet, then bases the configuration on that. If you're like me and have a lot of different subnets (either internal vlans or different sites), that may not work. So, what I do is configure the PAC file to determine if it can communicate with the proxy. If yes, it uses it. If not, then it goes "DIRECT" to the Internet. For me, it's a simple one-liner:

function FindProxyForURL(url,host) { return "PROXY 192.168.10.100:3128; DIRECT"; }

This will cause the web browser to look for the PROXY IP address (in the example 192.168.10.100:3128). If it finds it, then it uses it and you should see the traffic hit your logs. If it can't find it, it'll take a minute to time out then drop the user directly on the Internet with no proxy.

Ok, the first requirement is done; mobile users will be on the web filter while at the office and will be off of it away from the office. Now, we need to bypass local resources; a task that causes a little more fuss. Let me note that before I bash on web filters, or at least come off as bashing them, most of my local resources tested just fine with no further configuration. A lot of my monitoring tools, local wikis, etc had no issue. But some, such as our phone system configuration site, didn't work at all in testing. Your mileage may vary; for a lot of people stopping at this point would work for them just fine. But for those who do have issues, we'll continue.

Next determine the subnets you want to bypass. In this case, we'll use 10.10.1.x, 10.100.x.x, 192.168.10.x, and all local addresses 127.0.0.x).

function FindProxyForURL(url,host) { 

if  (
(isInNet(host,"10.10.1.0","255.255.255.0")) || 
(isInNet(host,"10.100.0.0","255.255.0.0")) || 
(isInNet(host,"192.168.10.0","255.255.255.0")) || 
(isInNet(host,"127.0.0.0","255.255.255.0")) 
)
return "DIRECT";
else
return "PROXY 192.168.10.100:3128; DIRECT"; }

Now, when testing, any host that uses an IP address or resolves to an IP address in the subnets you're bypassing should not show up in your logs. All other traffic should show up just fine. Make sure you set the appropriate subnet mask. The || pipes mean "OR", so you can add as much as needed.

Now, lets say you have a specific site you want to bypass, on your network or not. For example, you want to bypass traffic to your external web site, or you use a hosted email solution that has issues in your web filter. Just add the following line within the "if ( )" statement:

(dnsDomainIs(host, ".bypassed_url.com")) ||

Note that there is no need to put anything more than the domain name; no need for http://, *://, or the full URL. Also, don't forget the OR (||) if you intend to put any more statements below it. Your last line in the if( ) should not have ||.

Now that all of our requirements are met it's time to save the file and test it. There are several methods of the PAC file placement involving web servers or network shares, but since the client is on a laptop I prefer to place the file locally. Save your PAC file on the local drive. Next, open Control Panel and Internet Options. Click the Connections tab and the LAN Settings button. Uncheck everything except "Use automatic configuration script". For the address, put in file://c:/PAC_file_location/name_ of_PAC_ file, example: file://c:/pxy/pxy.pac

In a future posting I'll go over how I deploy the PAC file via login script and how I use Group Policy to force my users to use the file. I may even do a write-up on blocking other browsers, such as Firefox, Chrome, Safari, and Opera.

A quick note: PAC files are read when the browser is opened. If your laptop user has an open browser then pulls their laptop off the network (hibernate) then attempts to use the same browser window off the network, it most likely will not work. They'll have to restart the browser. Same concept when they enter the network; if they were working in a browser window off the network unfiltered, the same browser window will remain in DIRECT configuration until it is restarted.

As promised, some useful links:

Wikipedia:Proxy_auto-config
Craig Johnson Consulting: Autoconfigure Scripts for Proxy Settings - good overview, but I couldn't get the if (shExpMatch(url, method to work..
Novell: Cool Solutions: Proxy Failover (without Clustering) - great article, the author dissects the code and explains it.
Jason Curnow: Writing Effective Proxy PAC Files - wow, I JUST found this site.. Read this.
Microsoft Technet: Using Automatic Configuration, Automatic Proxy, and Automatic Detection - lots of examples here.

vSwitches and vmnic Linking - When the NIC Name Changes

2009-01-15T12:36:00.006-06:00

I had one of my ESX servers die over the weekend. Upon inspection (and some calls to support to verify) it seems the system board needed replacing. I pulled the machine and had it fixed. This machine has two on-board NICs and a quad-port NIC PCI-X card. When I booted up the server (after the repair) I noticed that the server tech reinstalled the quad port card into the wrong PCI-X slot. I shut down the machine and corrected the mistake.

Then I powered on the machine and plugged in the network cables. Unfortunately I could no longer access this server via network (nor could it access the network). ifconfig showed that all the NIC ports on the quad port card had different labels, going from vmnic0 and vmnic5 to vmnic10 and vmnic14. Nice, but not too much of an issue.

When you set up the service console earlier (during install), it puts the configuration in a virtual switch (such as vSwitch0) and then "links" that switch to your physical NIC (such as vmnic0). So this is what we need to do to get network connectivity. Run the command esxcfg-vswitch -l. This lists all of your virtual switches and their configuration. Look for the vSwitch that contains your Service Console port group. This is the switch you need. In this example, it is vSwitch0.

Next we need to link the vSwitch to the correct NIC. If all of the NIC ports are on the same vLAN or physical network, then this part isn't hard. But each NIC port on this card is plugged into a different vLan (set by our network switches), so it's important that I find the correct vmnic.

If you have physical access to the machine, and you need to determine which NIC port is assigned to which vmnic# label, do this:

Unplug all network cables from the machine.
As root, type esxcfg-nics -l in the console. This lists all the vmnic ports, the manufacturer, and link status.
Next, take a network attached Cat5 cable and plug it into a port.
Run the command again, noting wich vmnic show UP for the link status.
Repeat the process for each NIC port.

(note: You can also just link each vmnic to the vSwitch, one by one, until your network access is achieved, if you don't have physical access to the machine. But, if you're not careful, that method may not be accurate.)

When you've determined the vmnic to use, linking it to the vSwitch is just one command: esxcfg-vswitch -L vmnic# vSwitch#. In my case, it was esxcfg-vswitch -L vmnic10 vSwtich0. Once I entered that, I could get on the network. Now, you can fix the rest of the nics/switches with this command, or you can connect to the server via Virtual Center and do it through the GUI.

VMWare Virtual Center and SQL 2005 Native Driver

2008-12-03T10:49:00.007-06:00

So, I'm setting up a new VMWare Virtual Center server, using a separate server for my database (running SQL 2005). This is on a Windows Server 2003 R2 SP2 machine. Installation goes as planned until it asks for the ODBC connection. I set it up, choosing SQL server and everything tests out ok. But when VMWare decides to use it, it complains that the driver I'm using can't be used with SQL 2005. So I found and installed the "SQL Native Client 10.0" and the install continued.

After the server and client components installed, the add-on components Update Manager and Converter attempted to install. After asking for credentials, the installation failed because the Virtual Center service could not be reached. A quick check with the VMWare Infrastructure Client failed as well.

Going into the Services MMC, the VMWare Virtual Center Server service was stopped. Starting it took a few seconds and it showed started. Hitting refresh showed that it stopped pretty much immediately after starting. The Event Log showed the same thing, although was useless to find the cause.

I did a repair, no luck. Uninstall/reinstall, no go. Uninstall, manually remove registry entries, reinstall, nope.

According to the troubleshooting guide (Troubleshooting the VMware VirtualCenter Server service when it does not start or fails), there are a few things to check.

One is the SQL connection/setup. The ODBC connections tested perfectly and the SQL server was up. I also verified that there was plenty of open disk space. (See: Troubleshooting the database data source used by VirtualCenter Server (1003928))

Next is permissions. The service was set to run as local System. I configured it to run as a domain administrator account, same results. I also tried a bad password, to see what error appeared. It actually complained about an authentication error, which is not what it's doing otherwise. I set it back to local System.

Port conflicts is another thing to check. In a command prompt, enter netstat -ban and see if anything is taking up port 80, 902, or 443 on the machine. In my case, it was not. (See: Verifying if a port is in use (1003971))

After some other troubleshooting, I decided to check out the file the service wants to start, "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe". So I opened an command prompt and navigated to that folder. Entering vpxd.exe /? showed a list of options. I tried vpxd.exe -u to unregister the service. Then I tried vpxd.exe -r to register the service back. Still was getting the same issue. I tried vpxd.exe -s to run Virtual Center Server in non-service mode. After a bunch of text flashed on the screen, it failed but this time with an error.

Part of the error it left was "Fractional second precision exceeds the scale specified", and mentioned a bunch of tables it couldn't update. It also mentioned the SQL Native Client 10.0 driver. Google searching this error didn't help me much since I'm not an SQL programmer. However, this was leading me in the right direction. After thinking for a minute, I wondered what would happen if I removed the SQL Native Client 10.0 ODBC connection and set up a new connection with the same name and settings, but using the standard SQL Server ODBC driver.

It worked. Now I'm running my new Virtual Center server without issue. It does seem odd that the standard SQL Server driver won't work during setup, but is what works after setup.

VMWare: Orphaned Templates

2008-08-15T09:10:00.002-05:00

Stolen from this Message Board Thread.

Right click on your orphaned template
Select "Remove from Inventory"
From the host you would like the template to reside on...
Select you host
Select the "Configuration" tab
Select "Storage" under the Hardware pane
Double click on the storage device in the right pane..this will bring up the "Datastore Browser"
Browse to your orphaned template's location
Right click on the template file..it will have a ".vmtx" extention with the Type displayed as "Template VM"
Choose "Add to Inventory"
Go through and answer the wizard information to complete the "fix"

Local to Mapped Printer Migration

2008-05-18T16:41:00.004-05:00

Sorry I haven't been posting regularly, I've been really really busy at work
lately and the little time I've had off I didn't want to do ANYTHING
sysadmin related. Hopefully things will be a bit slower now and I can post
some of the stuff I've been saving up. On to the topic...

I love terminal servers. Unfortunately they can be a bit fragile at times,
especially under higher loads. One load-inducing problem that can occur is the existence of local printer queues on the server itself. Locally mapping a user's printer to the terminal server may seem like a good idea, but typically it isn't the best way to do things. Local printers cause a lot of I/O traffic on your local disks, the drivers take up memory (some drivers will load a nice hunk of memory for each logged in user), and the spooler service will also take up resources that will affect other users. Throw in memory leaks that some printer drivers may have and you'll end up with a pretty good issue as your users pile into the server.

On my network I ran into this exact issue with one of my oldest stand-alone terminal servers. I'm running Windows Server 2003, older but still decent hardware, and about 50-60 heavy users all getting a full desktop. Since I didn't know the issues with local printers when I first deployed the server, I ended up with over 30 local printers, most of which were mapped to printers over slower WAN links. Users started complaining about the server being slow. Investigating, I found a memory leak in the spooler service (restarting it helps a little), and two printer drivers taking up 5 megs each in every user session. (That's about 500 megs of ram wasted when I've got 50 users on the server). At this point I decided to do something about it.

There are two options at this point. I could either manually move each user to a mapped printer on another server (which involved contacting each user, taking over their session, and migrating them), or I could script the move (and the users won't know the difference). I chose the scripting method, especially since I don't like to track down and interrupt the users when it can be avoided.

First things first, set up each printer queue on a print server. This is necessary in either option. Hopefully you have a standard naming convention, because scripting is a lot easier if you don't have to change the printer names. (I'll show you a way to handle printer renames later in this post, but it gets messy if there's more than just a few exceptions).

Next, write up your script. Here's what I've done:


'Find the default locally mapped printer, move it to a print server mapping.
Dim ws, dflt, nCount, to_server
Dim WshNet, WshShell
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network")

' The server where the new print queues are hosted.
to_server = "\\printserver01"

' Find the default printer from the registry, strip out unneeded text.
Set ws = WScript.CreateObject("WScript.Shell")
dflt = ws.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device")
nCount = instr(dflt,",") -1
dflt = left(dflt,nCount)

' Create the printer mapping for the client.
On error Resume Next
objNetwork.AddWindowsPrinterConnection  to_server+"\"+dflt

' Set the created printer mapping as the default.
On error Resume Next
objNetwork.SetDefaultPrinter  to_server+"\"+dflt

To map to a renamed printer queue, add this to the script, right before the part of the script where the printer mapping occurs. If the printer name matches what you specify, it will rename it to the new, renamed print queue.


' Specific mapping for Joe Blow's printer.  Change dflt to the printer you want to match.
if dflt="JoeBlow_HP4000" then
       ' Change dflt to the renamed print queue.
       dflt = "Site2_HP4100-JoeBlow"
       to_server = "\\printserver02"
End if

Also, if you have a client that uses more than one printer, use the below script to determine this, map them to all their printers, and then set their default printer. The script will try to compare their mapped printer with any one of the printers they need to activate this section of script. This script does an Exit Function, which assumes that this migration piece is part of a function.


' Specific mappings for store 3's printers.  This will see if dflt is the name of either of this store's printers
if dflt="str3_HP4250-1" or dflt="str3_HP4250-2" then
' Map both printer that the store employee's use.
 objNetwork.AddWindowsPrinterConnection  "\\printserver01\str3_HP4250-1"
 objNetwork.AddWindowsPrinterConnection  "\\printerserver01\str3_HP4250-2"
' Set the default printer to the default the user previously had.
 objNetwork.SetDefaultPrinter  to_server+"\"+dflt
 Exit Function
End if

Personally, I incorporated this code as part of my login script, which runs each time a user logs in. After a few days, all of my users should have their printers mapped to the print server and I'll delete the local print queues and remove the printer drivers.

Using Wireshark to determine bandwidth needs and top bandwidth users

2008-04-04T01:32:00.004-05:00

Today I'll show a couple of tricks to determine bandwidth of a conversation between two hosts and a trick to help quickly determine top bandwidth users on a network. To do this, download and install the massively powerful free Network Protocol Analyzer, Wireshark.

First, we'll look at how to determine the average bandwidth between two hosts. I first came across the need for this information when I was tasked to plan a move of a department from one site to another. The users of this department need to use a specialized application hosted at the original site, but bandwidth may be an issue. To test, we bought one user's computer to the second site and had him log in and use the software. Even if the test is successful, we need to know the bandwidth impact of not just one user, but of the entire department (in this case, ten users). We needed to find this one user's usage, then we could multiply by the number of users and get an approximate average bandwidth need. To find this:

1. Open Wireshark.
2. Click on Capture, then Interfaces.
3. Your available network interfaces will appear. Find the interface you wish to monitor, then click Options.
4. The Capture Options window will appear. Since we're monitoring the communication between two hosts, we only want to see the traffic between the two. Type host {IP of one host} && host {IP of other host} next to the Capture Filter button. This feature is actually really powerful, allowing you to monitor just per port, per network, exclude hosts or port or networks, etc. For a good list of capture filter options, look at The Wireshark Wiki or this site: http://home.insight.rr.com/procana/.
5. It's a good idea to save your capture to a file. To set this up, enter a location and file name next to the File field.
6. Click the Start button to start your capture.
7. At this point you'll start seeing the packets being captured. Start running your tests.
8. After you're done testing, click Capture, then click Stop. Depending on the size of the capture, it may take a minute or two for the capture to fully stop.
9. Now, click Statistics and click Summary. The Wireshark:Summary window will appear.

Here is the summary of the communications between the two hosts. In my example, the Avg bytes/sec is 4555.791, or approx 4.6Kbps. This can help you determine your bandwidth needs for an application or will help you recognize if one client is taking up more bandwidth than it should. When determining bandwidth needs, you have to realize that this is the AVERAGE bytes per second, not the maximum. There may be certain times that the host could take exceed that, such as on an application open or save. With proper testing, such as taking measurements during each section of the test, you can verify if this is the case and can help you plan accordingly.

You can also use this method to determine if a client is taking up much more bandwidth than it should. If you can capture all communications on a network, such as mirroring your WAN (or Internet) port, you can find out what host is transmitting the most packets or the most bytes. To do this:

1. Start a capture like listed above, but skip the Capture Filter.
2. Once you feel that you have an adequately sized sample, stop the capture.
3. Click Statistics and choose Conversations.
4. I typically choose the IPv4 tab.
5. You can sort by Packets or by Bytes.

In my example, you can see that the top conversation between Address A and Address B has sent many more packets and many more Bytes than the next host. This can help you find out your biggest bandwidth users and will show you whom they are talking to. I've actually used this method to find out some of my bigger users of my Internet bandwidth and was able to determine that the biggest bandwidth hog was those users listening to streaming Internet radio, which gave justification for web filtering.

Wireshark is powerful tool as shown above, but it is much more powerful if utilized well. Also to note, Wireshark was previously known as Ethereal. When searching for more information, most Ethereal information should be applicable to Wireshark.

Software Review: The Hobbit Monitor

2008-03-31T21:25:00.005-05:00

When looking for server and network device monitoring, there are quite a few options, ranging from very expensive to free. Today I focus on a free solution that I use, The Hobbit Monitor.

Hobbit is a system based on a plug-in for the Big Brother Monitoring software. Big Brother has been around for quite some time and was bought by Quest Software a few years ago. Hobbit is very comparable the Big Brother system, keeping most of the same general interface and functionality but adding many new features and overall speed improvements.

Hobbit is a monitoring solution for servers and network devices and allows you to write or use extensions to monitor just about anything that responds over a network connection. A central server controls and collects the monitoring and displays the results via a fairly easy to use web interface. It will track history and trends (via rrd) and provides a built-in reporting tool. If there is an issue (that you've defined), such as a down host, the interface will turn red and will performs any alerting actions that you've defined, such as sending an email or sms message.

A member of the Hobbit team provides a live demo here: http://www.hswn.dk/hobbit/

The alerting function has some great features and is very customizable, but is less than straight forward in its setup. An example the configuration file:

$PHONE=MAIL mycell@acme.com SERVICE=conn REPEAT=2h FORMAT=sms DURATION>10m
$SYSADMIN=MAIL admin@acme.com REPEAT=2h DURATION>10m TIME=*:0600:2300

PAGE=servers/siteone TIME=*:0700:2100
MAIL a_sysadmin@acme.com SERVICE=conn REPEAT=50h FORMAT=plain

HOST=%^win.*
$PHONE
$SYSADMIN

Breaking it down a bit, the configuration is in two parts, the definition and rules of the targets and definitions of the monitoring rules.

The $PHONE definition will email mycell@acme.com only if the conn test (ping test) fails, will repeat the alert every two hours, send the alert in sms format. It will also only trigger if the system has been in alert status for more than ten minutes. The $SYSADMIN definition will email admin@acme.com every two hours on ANY failed test lasting over ten minutes and only between the hours of 6am and 11pm. Those two lines define the targets (whom to email) and the conditions at which to email those addresses.

The PAGE=servers/siteone definition will monitor all the hosts on a page on the server. If your server is http://hobbit.acme.com, then it will monitor all the hosts on http://hobbit.acme.com/servers/siteone. Continuing on that line, the section TIME=*:0700:2100 will only trigger the alert if a host is in alert status between the hours of 7am and 9pm. The next line specifies a target, in this case an email address with some extra rules. The HOST=%^win.* will monitor any hosts that has win. in the name. For example, if you name several servers inside Hobbit win.server, like win.mailserver, win.fileserver, win.appserver. No matter where in Hobbit you have these servers, they will be monitored under this rule. The next two lines, $PHONE and $SYSADMIN just call the predefined targets and use the rules defined there.

As you can see, the alerting functionality is very customizable and, even if the setup isn't point and click, not that hard to set up once you have a little understanding about it. Hobbit also features an easy way to pause or stop alerts via it's web interface. You can stop alerts by test type (like ping test, telnet test, etc), set a duration for the stopage (like no alerts for this host for the next two hours, or until the test turns ok), or even schedule a stopage when you are scheduling some downtime for a host.

As I mentioned before, Hobbit can be extended and customized for greater functionality. You can add more tests either by enabling those built in (refernce the help file for details), by writing your own port tests (also in the help), or by adding extensions. See deadcat.net for a lot of extensions and additional tests. Although the majority of these are geared towards Big Brother, with a little bit of code tweaking they can be easily adapted to Hobbit.

Although this system seems to be Linux/Unix oriented at a quick glance, it provides a lot of functionality for Windows systems utiliziing an agent called BBWin. With BBWin, you can monitor resources such as CPU usage, disk usage, memory usage, running processes and services, uptime, and netstat results. You can also add additional extensions (called externals in BBWin) to test for other things. Configuration is done in an XML file on each server and is very customizable.

You can customize the default warn and panic levels for the CPU usage:

Disk monitoring can be configured with a default warning and panic levels:

Or you can specify specific levels per drive based on a percentage or just an amout of space left:

Remote drives and optical drives can be monitored as well:

Services can be monitored wheter they are running or not. You can also automatically restart the service if you so configure it. You can specify any process running on the server just by adding another line with it's service name. Processes are configured similarily:

Example of the Hobbit overview of some Windows servers utilizing BBWin:

Example of the CPU usage monitoring:

Example of the OpenManage extension I use for my Dell servers:

As you can see, Hobbit is a very powerful and customizable alternative to the other server and network monitoring products out there. With a little bit of reading and some work, you can get this system up and monitoring your systems without too much hassle. Hobbit is definately worth a try if you need a solution and don't have the funds to drop for a commercial solution.

Awesome Utility: TestDisk

2008-03-16T21:46:00.002-05:00

So, a family member brought me a laptop from a small business owner who he helps with computer issues. Well, the laptop is broke. It looks like it'll boot into Windows (XP Home) and then blue screens. Safe mode does the same thing. Although the BIOS will see the disk, the Windows install media doesn't. And of course the laptop's owner really needs the company data off of it, can't afford data recovery, and, of course, has no backups.

We pulled the drive out of the laptop and used a IDE to USB converter to hook it up to my laptop. Windows recognizes the disk and assigns it a drive letter, but took forever (like 10 minutes) before it showed up in My Computer. Attempting to access the drive via My Computer, command prompt, or even by Run (e:\) would error out. So I figured the disk is in some way corrupt and a third party recovery software was needed.

I tried several recovery softwares, but the one that eventually worked was TestDisk. TestDisk is OpenSource freeware designed specifically for drives with lost partitions or recovering data from non-bootable drives.

From thier website, TestDisk can:

* Fix partition table, recover deleted partition
* Recover FAT32 boot sector from its backup
* Rebuild FAT12/FAT16/FAT32 boot sector
* Fix FAT tables
* Rebuild NTFS boot sector
* Recover NTFS boot sector from its backup
* Fix MFT using MFT mirror
* Locate ext2/ext3 Backup SuperBlock

It can also run under DOS, Windows, Linux, BSD, MacOS, and SunOS and can handle MANY different file systems.

For my issue in particular, I did the following:

1. Hook the drive up your computer. I used an IDE to USB adapter, but I'm sure setting the drive into slave mode and installing it into a PC will work as well.
2. Allow Windows to find the drive (I'm not sure if this is necessary since Windows XP found the drive for me. It may work without Windows recognition).
3. Open TestDisk (did I mention that no install is required?).
4. It asks to create a log file, I chose Create.
5. Select the drive and choose Proceed.
6. Choose the partition table type. Since this drive was running Windows, I chose Intel.
7. Here's the meat of the software. I chose Advanced.
8. Choose your partition you want to analyze. Some drives have more than one partition; even if there's only one presented to Windows, some manufacturers have a Diagnostic or Restore partition.
9. The next option I chose is List.
10. This should list the files on the drive. Select the drive by using the Up or Down arrows. Enter will bring you into a folder. The Left arrow will bring you up a level in the folder tree.
11. Select the file or folder you want to recover and hit the C key to copy. It will present you with an option to choose the directory on the local machine (the machine you're running TestDisk from) where you want to copy the file to. Hit Enter with your choice.
12. After the copy is complete, the text "Copy done!" will appear in green text. You can now choose another file or directory to copy or hit the Q key to quit.

Also be aware that if you copy a large amount of data it will be fairly SLOW. Or at least slower than most people's standards. But you will have your data, so a little time should be no big deal.

Seriously, add TestDisk to your Admin toolbox immediately.

A Couple of VMWare Issues

2008-03-15T18:16:00.002-05:00

Sorry for the lack of posting this month; building a 200 person call center from scratch has been dominating my time. It is almost done though, but I still need to find time to post.

Today we discuss a couple VMware issues.

"Operation Failed Since Another Task Is In Progress"

I've seen this error a couple of times. Basically what happens is that a VM will show running but is actually frozen. Any attempts to force a VM shutdown or restart results in the error "Operation Failed Since Another Task Is In Progress". Same if attempted to Vmotion the machine.

Basically this turns out to be a snapshot issue. To fix this without rebooting the ESX server, we can just kill the VM process via command line. I took this tip from a VMware Communities post and cleaned it up a little. The post can be found here.

1. SSH into the ESX server that is currently running the affected VM (or you can use the console).
2. At the cmd prompt enter: cat /proc/vmware/vm/*/names

This lists the running VM's on the host server you are logged on to. Look for the vmid=##

vmid=1069 pid=-1 cfgFile="/vmfs/volumes/45.../server1/server1.vmx"
uuid="50..." displayName="server1"
vmid=1107 pid=-1 cfgFile="/vmfs/volumes/45.../server2/server2.vmx"
uuid="50..." displayName="server2"
vmid=1149 pid=-1 cfgFile="/vmfs/volumes/45.../server3/server3.vmx"
uuid="50..." displayName="server3"
vmid=1156 pid=-1 cfgFile="/vmfs/volumes/45.../server4/server4.vmx"
uuid="50..." displayName="server4"

3. At the cmd prompt enter: less -S /proc/vmware/vm/1149/cpu/status

It will now clear the console screen and show a bunch of numbers and stats. Hit the right arrow key until you see the section about group. Example:

group
vm.1058

With this ID number you can safely kill the VM without corrupting it.

4. At the cmd prompt enter: /usr/lib/vmware/bin/vmkload_app -k 9 1058

(Then number 1058 in the command is an example; your VM's group number goes here.)

5. If you see "Warning: Apr 20 16:22:22.710: Sending signal '9' to world 1058." this means your VM has been closed successfully. You can now start your VM back up and run it.

Unable to migrate due to "Remote Backing" issues with CD/DVD

When trying to VMotion two VM machines, I received the error: "Unable to migrate from VMESX2 to VMESX1: Virtual machine is configured to use a device that prevents migration: Device 'CD/DVD Drive 1' is a connected device with a remote backing.". Going into Edit Settings didn't help; all CD/DVD options where greyed out. I had recently set both systems to use the client device and to disconnect.

I was able to fix one of them; the VMware Tools was still waiting to be installed. I right-clicked on the VM and choose "End VMware tools install". That did the trick and it VMotioned fine.

The other system didn't have that option. I ssh'd into the esx host and from the command prompt ran service mgmt-vmware restart

After about two minutes (including a scary "disconnected" state in Virtual Center that lasted about a minute), it allowed me once again mess with my CD/DVD settings and I was once again able to Vmotion.

More on this issue in this VMWare Communities thread.

Using DSADD.exe to Bulk Create Users in Active Directory

2008-03-03T22:28:00.002-06:00

So I had to add about 70 user accounts to Active Directory in preparation for a new call center. Sounds like boring, tedious work if you ask me. Well, it would be without the magic of dsadd.exe, a command in Windows 2003 command line that allows you to create Active Directory objects, such as users, computers, groups, contacts, and OUs. My focus here is on adding multiple user accounts.

Focusing on my needs, I wanted to add the user, set the display name, set a password, set a description, set the office, their title and department, and their logon script while forcing a password change and the ability to change the password. I also wanted these accounts to start disabled since it might be a week or two before the users are ready for them. Have the accounts created in the proper OU would also be nice. Also, my users would be logging with accounts based on their phone extension numbers, since high turnover is a concern.

So, I set up a user, called cc70215. Since I want him in his proper OU, I set him up as cn=cc70215,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com. This was no big deal, I already had the list of users, just copy/paste and some text replacement set up the list of users. With all I wanted to do, I set up the command as such:

DSADD user cn=cc70215,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com -display cc70215 -pwd mypassword -office "Call Center" -title "Customer Service Associate" -dept Collections -loscr cc_li.vbs -mustchpwd yes -canchpwd yes -disabled yes

A success message will return if successful and navigating to the CallCenter, Users OU will reveal my new account. But this is a pain to set up 70 times. And it was 30 minutes before time to go home. So, I got dirty a bit and cheated with the batch script FOR command. First, I got all my users in a comma-separated list. I also had to put quotes around each user. A quick text replacement in my favorite text editor (Notepad2) did the trick. Then I created a batch file, and put in the following:

FOR %%D in ("cn=cc70216,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70217,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70218,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70219,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70220,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com") DO DSADD user %%D -display %%D -pwd mypassword -office "Call Center" -title "Customer Service Associate" -dept Collections -loscr cc_li.vbs -mustchpwd yes -canchpwd yes -disabled yes

For this example I only used 5 users, but you get the point.

Put a pause and exit in there and run it as a domain admin. With all luck, your accounts will show up in no time. Now, I did find one issue with this method. Here I'm telling it to set the -display (Display Name) with the variable %%D. What this does is set the Display Name for the account as "cn=cc70216,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", which is not ideal. Since I was under some time constraints, I just changed the Display Name for the new accounts manually (took me about 10 minutes to prep the script, 2 minutes to run it, then another 10 to fix the Display Name issue). Researching other ways to do this now that I have some free time, I could have done this via wscript (using arrays), used the built-in Windows command CSVDE.exe (see this Technet article for more info), or bought one of several different commercial applications. Even with the one flaw, it did all I wanted it to do for free and under 30 minutes.

A Few Print Server Tips (for Windows)

2008-03-01T21:23:00.006-06:00

I was setting up an old server to act as a print server today and decided to share a tip or two.

Move your print spools to another disk.

Since spooling can take up a bit of I/O, moving this to a disk other than on your system disk can help speed things up a bit. This also helped me a few years ago when I had a 12 GB system partition (remember when vendors shipped drives like that) and needed to free up some space.

1. Open the Printers and Faxes applet.
2. Click on File and Server Properties.
3. Click the Advanced tab.
4. Change the directory of the Spool Folder to the other drive.
5. Click apply.
6. Restart the Print Spooler. Open a command line and run net stop spooler && net start spooler.

Install only the DRIVERS, not the software.

I've seen people do this before, especially with HP or Dell (Lexmark) printers. When setting up a printer on a server, don't run the printer's "install" utility, don't install their special "printer monitor", and don't run any "driver install packages". Always install only the drivers. This avoids all the unnecessary services and processes running on your server. I've found that most of these programs are bulky, eat memory, and will slow down your printing. I've seen a few from the vendors I mentioned already that have memory leaks.

Beware printers on a terminal server.

Actually, don't beware of them. Just don't put them on the terminal server in the first place. Set up all your printer queues on a different server. There are several reasons for this.

1. Disk I/O is an important resource in Terminal Server. When you have 60+ users hammering the same disk at the same time, you don't need 20 print jobs trying to do the same. If you HAVE to have printer queues on the Terminal Server, follow my first tip and move the spools to another disk.
2. Memory usage is another important resource. The print queues will take up memory, but some drivers will spawn a process for each and every user on the system. This adds up quick if you have two or three of these processes per user and a large number of users.
3. If you have a limited amount of hard drive space, periods where there is a high volume of printing will make things much worse (unless you move the spools to another drive).
4. All of your users will see all of the print queues on the system. This can provide some amount of confusion for your users, and you might find them printing to the wrong printer or changing printer settings.

Printer pools and other tips

I found the article Configure IT Quick: Configure print queue servers for efficient printing informative if it's applicable for your environment.

Also see the article Get IT Done: Boost printer performance by adjusting Windows' spool file settings.

SysAdmin Related Podcasts, Part 2

2008-02-29T01:02:00.002-06:00

A couple new shows, and a couple updates on the shows I mentioned before but I hadn't really listened to all that much.

New: Casting from the Server Room: I think this is one of my new favorite shows. It's a group of guys, all admins for school systems, just chatting tech. They put a heavy focus on the deeper Sysadmin stuff, discussing things like SANs, backups (or lack thereof), servers, file shares, Active Directory, etc. It's very informal yet it flows and stays on track very well. I really enjoy this show and highly recommend it.

New: IT idiots: These guys do a video podcast where they discuss a focused topic (like for example, Windows 2008 Terminal Server or Active Directory Administration) and include screencasts of the product in action. I've only watched a couple of these episodes, but what I've seen is very informative (especially if you don't have the product at your testing disposal) and I look forward to watching the bulk of these episodes.

New: PaulDotCom Security Weekly: I had only downloaded one of their shows, but I found myself downloading more the first chance I got. Haven't gotten a chance to listen to more, but it's definitely going to be something that I do soon (as long as the rest of the shows are on the level as the one I listened to).

New: The SysAdminShow: These guys actually product (so it seems) an actual radio show on on 98.9 FM Radio Free Nashville called the SysAdmin Show. I listened to one show and turned it off half way through. To be fair, they were doing a live show at a local conference and were more focused on that than on any tech. I also hate live remote shows. I'll give them a chance and will listen to a couple other episodes before dismissing them. You can download the episodes via iTunes (where I'm getting ALL of these episodes).

Update: Microsoft TechNet Podcast: The couple I listened to were pretty informative, but very bland. It seems that the presenters are actually reading Microsoft whitepapers word for word, you even hear the paper shuffling and everything. The two episodes I heard were just about as boring as actually reading a MS whitepaper (or any whitepaper for that matter). I'll still listen for the information content.

Update: Realtime Community: Windows Server: I listened to three or four of these episodes. It seems the format focuses more on interviews with product/solution vendors discussing how their products can help. I feel sorta dirty listening to it due to the fact that I can't stand anything more than to listen to another vendor hawk their wares, but it is a good way to learn about some new products without having to cough up information or have to shake a vendor's salesman off your back.

Update: Realtime Community: IT Compliance: Discussion of legal topics bore me to death. Actually, I can use recorded legal talks as a sleep aid, but the couple episodes I listened to were extremely informative. I actually forwarded this one on to my boss, just as a "hey did you know half of this stuff??" type of thing. I really suggest that everyone listens to at least the Demystifying Privacy Laws: What You Need to Know to Protect Your Business episode.

Update: Run Your Own Server: First, I just wanted to point out that this podcast seems to have gone stale, last episode was Nov 07. Doesn't mean you shouldn't listen to the already recorded shows. I listened to quite a few and most are well done and pretty good. Some of the discussion seems pretty basic, maybe focused more on the beginner side of things, but there were a few good tidbits to be had. Also, Episode 16, One Admin, One Server, well, listen to it and let me know if you agree with me that the speaker is just plain nuts.

Encrypt Your Scripts

2008-02-28T09:11:00.003-06:00

Need a quick and easy way to encrypt the contents of a vbs script to keep its contents safe (well, decently safe)? Microsoft has a tool called Script Encoder that does such a thing. The operation is pretty easy, just install the tool on your workstation, create a working script, and drop to a command prompt.

C:\Program Files\Windows Script Encoder>screnc.exe "c:\scripts\original.vbs" "c:\scripts\encrypted.vbe"

Didn't have to install anything on the client side, script ran just fine on Windows 2003 SP2.

For more info, including examples and syntax, check out the MSDN Script Encoder Overview. They also have info on encrypting JScript.

Lest We Remember: Cold Boot Attacks on Encryption Keys.

2008-02-22T14:16:00.004-06:00

Wow. This is amazing and scary at the same time. Basically, some researchers figured out that in order to bypass harddrive encryption when you have physical control over the device, you can read the contents of the RAM chips to obtain the encryption key. This is not an attack on the encryption itself. It's like finding the key to the super-secure door under the welcome mat. Even if power is cut from the device, data stays in RAM for a certain amount of time (this time can be expanded by freezing the chips with a bottle of canned air). Booting the device to a special tool allows for the memory to be copied and analyzed. They can even remove the ram chip and put it in another laptop for analysis. The only secure way to protect yourself is to power the laptop down completely and guard it for a few minutes for the memory to finally clear.

Be sure to spend the 5 minutes watching the video in the article.

What's even more interesting is that most folks transport their laptops in a power saving mode, such as in standby or hibernation. Even I carry my laptop around in standby. All it takes is for someone to steal the laptop and the encryption won't matter.

This just proves that carrying information around is not safe. The approach I've been trying to take with my users is to give up the fat client laptops for a thin client laptop approach, such as offerings from Neoware or HP. The idea is to leave all information on the corporate network and require my traveling users to log in via secure VPN and RDP directly to their desktops. On top of not storing information, the thin clients are sturdy, don't have moving parts, run our VPN software just fine, easy to replace (no user specific information to transfer to another laptop), and are fairly cheap (approx a third of the cost of a regular laptop). I usually just keep a couple laying around for loaners; so if someone who doesn't travel much can check one out and I don't have to set up anything on it for them, only have to enable RDP on their desktops.

Account Lockouts and Password Resets Delegation Taskpad

2008-02-21T09:07:00.009-06:00

So I've been struggling a little bit with delegation and taskpads. A little background: We're creating a new call center, eventually holding 200 users, and adding any additional support staff is out of the question. About every 20 users there will be a supervisor, and there will be 2 or 3 guys supervising them. They're also going to be working weekends, which would add a lot of headache on me and my crew (we don't have a weekend help desk, just one guy on call). So delegating password resets and account unlocks is pretty critical for our sanity (not to mention speedier service for the end user).

Following the articles I posted earlier, setting up a taskpad view and even setting up the unlock rights/password change rights wasn't too difficult. Getting the password task was also easy, but finding a way for the end user to unlock an account without having to go into the account's properties was more of a challenge. I tried numerous scripts, wrote some scripts, but couldn't get it to work for some reason. Finally, I found the article How can I add an "unlock user account" option to the Active Directory Users and Computers context menu? at the Petri IT Knowledgebase. I followed the instructions exactly step-by-step and I ended up with a nice (and working) Unlock User option when right-clicking on a user account. After that, adding it to the taskpad view was as easy as adding the Reset Password function.

A quick overview of how I set these up:

Set up delegation for account lockouts and password resets.

1. Create an AD group, populate with those folks whom you want to have delegation rights.
2. Right click the OU you want to delegate, click "Delegate Control".
3. Add your created group when prompted in the wizard.
4. Choose to create a custom task.
5. Choose ONLY user objects as the scope of what you want to delegate.
6. For permissions, choose only General and Property-specific. Check "Change password", "Reset password", "Read lockoutTime", and "Write lockoutTime".

Note: If you want to check who has what delegation rights, or if you want to edit an existing delegation, check the security of the OU in question. In Active Directory Users and Computers, click View, Advanced Features. Then right-click the OU and choose properties. Click the Security tab, then Advanced. There you should see who has what permissions on this OU.

Create a taskpad.

1. Open mmc.exe (Start, Run, mmc.exe).
2. Add Active Directory Users and Computers to your view.
3. Choose the OU you're delegating.
4. Right-click the OU and choose new window from here. This is the view you want your users to ONLY see.
5. Click Action, New Taskpad View.
6. Choose the style you like (I like the Vertical list, Text).
7. If you want them to be able to view the sub-OUs (child OUs) with the same view, select "All tree items that are the same type as the selected tree item" and "Make this the default taskpad".
8. To edit or add your tasks, right-click the OU and choose Edit Taskpad.
9. Choose the Tasks tab and click the New button.
10. To add the Reset Password task, choose Menu command.
11. Highlight a user account in the left window and choose Reset Password in the right window.
12. Put in a description, choose and icon, and you're set to go.
13. To add the Unlock User task, follow these instructions from the Petri IT Knowledgebase website. Do that first. Then repeat steps 9 - 12, but choosing the Unlock user task.

Lock it down.

To customize views, click the MMC icon next to the File menu. Choose Customize View. Select what you want your users to see. I personally remove everything except Console tree and Taskpad navigation tabs.

After you're ready to deploy, click File and choose Options. In Console mode, select User mode - limited access (I use single window). Uncheck Allow the user to customize views (this is optional depending on what you want your users to do). Then save. Your users shouldn't be able to do much more than reset passwords and unlock accounts.

To edit your saved .msc, right click it and choose Author. This will open it in editing mode.

SysAdmin Podcasts

2008-02-16T13:45:00.004-06:00

Well, running out of the few Admin podcasts I have, I went on a search for more. Since I've already done the research, I'll share my findings:

A Couple of Admins: These guys are two (or three usually) guys who work in the Admin field. I've listened to quite a few of their shows and always finding myself coming back for more. There's more non-related banter than I would like, but it flows well and the focused content makes up for it. They also seem to do a good job at researching their topics, for example, episode 13 Code Of Ethics roundtable was excellent. Put this show on your podcast playlist.

In the Trenches: It is unfortunate when you come across something awesome only to find out that it's now over. Well, In the Trenches (ITT), was one of those something awesomes. Luckily you can still download and listen to the older podcasts, which is something completely awesome.

DABCC Radio: Virtualization Podcasts: This podcast is completely devoted to virtualization technologies, such as server virtualization, application virtualization, Citrix, VMWare, VDI, application deployment, and more. All the episodes I've listened to seem to follow an interview-type format and is very professional and well done.

Microsoft TechNet Podcast: This one looks extremely promising and as a Windows-focused SysAdmin, I'm really excited about this podcast. Lots of focused technical topics discussing specific Microsoft technologies.

Microsoft TechNet Raido: Don't know much about this one (found it while searching for TechNet Podcast website), looks interesting though.

The Microsoft IT Manager Podcast: I haven't listened to this yet, but some of the episode descriptions seem very promising.

Realtime Community: Windows Server: I haven't had a chance to listen to this podcast yet, but I'm excited by the show descriptions.

Realtime Community: IT Compliance: IT Compliance is usually better understood heard rather than read. Just subscribed today so I don't have much feedback on them yet.

Run Your Own Server: I JUST subscribed to their podcast, but all the topics seem very much Sysadmin oriented. Also it seems that the majority of topics seem to lean towards a focus on Linux. Reading some of the show notes this seems to be a very good podcast.

Windows IT Pro Radio: I just found out about this podcast, but Windows IT Pro magazine is top notch, so their podcast probably will be too.

Delegation Day

2008-02-15T16:23:00.001-06:00

We have a new call center coming up and one of the projects I'm working on is Active Directory Delegation. This would allow me to give supervisors and call center managers the ability to reset the passwords and unlock the accounts of their users without calling me or my guys. Here's some resources:

Here's Microsoft's .doc guide regarding delegation:

Best Practices for Delegating Active Directory Administration

This Microsoft article tells you how to delegate the Unlock Account Right. (2003 users, skip the part about editing the Dssec.dat file; 2003 has that already enabled, and the setting isn't even there anyways):

How To Delegate the Unlock Account Right

This MS article is more of a collection of other MS articles regarding delegation:

How to Delegate Basic Server Administration To Junior Administrators

When looking at using Active Directory Delegation for those non-technical, look at using Taskpads:

Making use of Active Directory Taskpads

(I'm only linking to one page of a pretty decent article, so check out the rest of it as well.)

This is the best taskpad article I've found:

How can I easily perform management operations in AD from a customized Taskpad?

This is a quick article of someone whom needed to Delegate Unlock Account rights and describes his fun. He has some vbs script code that integrates into the taskpad that will take the highlighted user, unlock them, and log who unlocked whom on a domain controller. I'm currently looking at using this, but at the moment I'm getting errors:

WindowsITPro, Unlock User Accounts

lol 1 year hiatus

2008-02-14T17:31:00.006-06:00

Seems that I took EXACTLY one year off of this blog. Well, maybe it's time to get back into it.. possibly make it less of a link dump and more personal... We'll see.

Here's a great tool:

MX Lookup Tool.

Do MX Lookups, Diagnostics, and test your mail server against 147 RBLs.

Active Directory Replication over Firewalls

2007-02-14T16:25:00.001-06:00

Active Directory Replication over Firewalls: "This white paper explains how to get replication to function properly in environments where an Active Directory directory forest is distributed among internal perimeter networks (also known as DMZ, demilitarized zones, and screened subnets) and external (Internet-facing) networks."

Ran into this issue when attaching a remote office over a gateway-to-gateway VPN involving two ciscos. The firewall still treated the VPN as an external network, and applied firewall rules to it. We didn't follow this (basically added a rule to allow all traffic from this VPN, then lock it down via switch acls) but it's good info to have.

How to delete all Outlook Calendar items in Outlook 2002 and in Outlook 2003

2007-02-14T16:22:00.001-06:00

How to delete all Outlook Calendar items in Outlook 2002 and in Outlook 2003: "This article describes how to delete all of the items in the Outlook Calendar folder."

Simple, but useful.

Anti-Dupe

2007-02-13T15:11:00.001-06:00

Anti-Dupe: "Anti-Dupe for Microsoft Outlook is a free Outlook addin utility that analyzes and removes duplicate Outlook entries. With Anti-Dupe you can:

* Remove Outlook duplicate emails.
* Remove Outlook duplicate contacts.
* Remove Outlook duplicate appointments.
* Remove Outlook duplicate tasks."

How to repair Outlook folders using the Inbox Repair Tool

2007-02-13T12:18:00.001-06:00

How to repair Outlook folders using the Inbox Repair Tool: "If Microsoft Office Outlook 2000 (or higher) can not open your mailbox folders and it is reporting that your Inbox folders or Outlook PST file may be damaged, then you should use the Inbox Repair Tool supplied by Microsoft. "

Simmons Consulting » Remote Desktop (RDP) window state

2007-02-13T08:48:00.001-06:00

Simmons Consulting » Remote Desktop (RDP) window state - Tip on how to open your RDP sessions maximized.

Microsoft's daylight-saving time (DST) patch -- Does it matter to AD?

2007-02-01T15:12:00.002-06:00

Microsoft's daylight-saving time (DST) patch -- Does it matter to AD?

Clear the Temporary Internet Files using the Windows XP Disk Cleanup utility

2007-01-30T11:29:00.000-06:00

Clear the Temporary Internet Files using the Windows XP Disk Cleanup utility: This article explains you how to clear the Temporary Internet Files using the Disk Cleanup utility, Automate the cleanup task, and explains you how to add a cleanup button to the Internet Explorer standard toolbar for people who need to clear the Temporary Internet Files cache very frequently.

Why windows takes so long to start up.

2006-09-09T12:31:00.001-05:00

Most of us have had a brand new computer at one time. It's a great feeling. You boot up windows and within 30 seconds you are surfing the net, checking your email, or playing your favorite game. 10 months down the road things aren't so nice anymore. You power up your computer and it seems to take forever to load.

read more | digg story

Do Everything Right From the Command Line: the Internet

2006-09-07T13:48:00.001-05:00

UNIX provides hundreds, if not thousands, of commands with which you can manipulate a large variety of resources available in the kernel and user space. Martin Streicher, Editor-in-Chief, Linux Magazine, looks at three essential UNIX utilities that deliver the entire Internet to your command line.

read more | digg story

Have a spare working PC around? FREEnas it.

2006-09-07T13:14:00.001-05:00

What is FreeNAS ?

FreeNAS is a small (less than 32Mo) Operating System based on FreeBSD 6 that provide Free Network-Attached Storage services (CIFS, FTP and NFS).

read more | digg story

Wormy bots exploiting Windows Server flaw

2006-09-01T16:51:00.001-05:00

Wormy bots exploiting Windows Server flaw: "It took less than a week for underground programmers to modify their bot software to take advantage of the latest Windows flaw, described in security bulletin MS06-040."

IP, TCP, UDP, and ICMP Header Drawings

2006-08-23T23:43:00.000-05:00

"Here are some drawings I did to better understand the structure of the headers for IP, TCP, UDP and ICMP. Please feel free to used them for personal uses. If you would like to include them in a publication, please contact me at the address in the drawings. I created the drawings in OmniGraffle on a Mac."

read more | digg story

Imminent Worm Attack: Experts Warn Of 'The Big One'

2006-08-11T12:05:00.002-05:00

As the spotlight on a dangerous Windows vulnerability grows brighter by the hour, security analysts Thursday said that it's not hype driving the alarms, but genuine fear that a major worm attack is just days away. This is no drill. Thursday's deepening concern was fueled by several releases of new exploit code.

A lot of exploit code activity over this one. See yesterday's post about eEye's scanner for help identifying systems that haven't been patched.

read more | digg story

Retina MS06-040 NetApi32 Scanner

2006-08-10T10:09:00.000-05:00

eEye Digital Security Retina MS06-040 NetApi32 Scanner: "The Retina MS06-040 NetApi32 Scanner is being made available free of charge by eEye. The tool will scan multiple addresses at once to determine if any are vulnerable to the Server Service flaw reported in the Microsoft Bulletin MS06-040. If an IP address is found to be vulnerable, the Retina MS06-040 NetApi32 Scanner will flag that IP address.

This tool does not require administrative privileges on the scanned machines in order to determine if the systems are vulnerable."

Much props to Marc Maiffret, the Chief Hacking Officer at eEye Digital Security. I applaud his company's community involvement.. It's nice to see a company ask the community if they have a need for a product and then go out of their way to deliver, free of charge.

Ultimate boot CD

2006-08-06T23:23:00.000-05:00

A Linux boot diagnostic CD that has many different anti virus,hard disk,networking,bios,system info, and benchmarking apps

read more | digg story

Excel tutorial for beginners

2006-07-22T01:57:00.000-05:00

This is a basic, useful tutorial of Excel.

read more | digg story

Guide to Those Useless Windows XP Services

2006-07-19T16:06:00.000-05:00

here is a look at the default set of services that come with a fresh installation of Windows XP. "We'll tell you the ones that you don't need and try to tell you why, so you can disable them without any problems."

read more | digg story

One in The Hand

2006-07-19T14:06:00.000-05:00

One in The Hand: "Weekly video cast that promotes knowledge in the handheld arena specifically treos which also contributes to the destruction of the digital divide between the have(knowledge) and have nots."

Reinstall and Restore Win XP Activation

2006-07-19T12:16:00.000-05:00

If you have to reinstall Win XP on the same equipment, you know what a pain it is to reactivate XP. This simple guide tells how to backup and restore two small files so you can avoid reactivation.

read more | digg story

ISO Recorder v 2

2006-07-18T14:49:00.000-05:00

ISO Recorder v 2: "ISO Recorder is a tool (power toy) for Windows XP, 2003 and now Windows Vista, that allows (depending on the Windows version) to burn CD and DVD images, copy disks, make images of the existing data CDs and DVDs and create ISO images from a content of a disk folder."

TechNet Webcast: Windows Hang and Crash Dump Analysis (Level 400)

2006-07-13T09:56:00.001-05:00

TechNet Webcast: Windows Hang and Crash Dump Analysis (Level 400): "Learn to analyze Microsoft Windows crash dumps, diagnose the cause, pinpoint a solution, and resolve the problem. Intended for system administrators, this webcast explains how system crashes occur and what happens when you reboot a crashed system. We lead you through the crash dump analysis process step by step, introducing the latest tools from Microsoft and handy tricks for isolating the cause of a crash.

Presenter: Mark Russinovich, Chief Software Architect and Cofounder, Winternals Software"

Confessions of an IT Pro: My Nine Biggest Professional Blunders

2006-07-13T00:15:00.000-05:00

Over the past 16 years of being paid to make computers and people work together in perfect harmony, I have collected a number of incidents that make me wince and blush in embarrassment when I think of them. The mistakes I've made fall roughly into three categories: technical, political, and career management.

read more | digg story

Information Tools - Part 2: RSS Feeds

2006-07-12T14:57:00.000-05:00

This post contains some of the RSS feeds I subscribe to:

Ars Technica
http://arstechnica.com/index.ars/rss

CNET News.com - Security
http://news.com.com/2547-1009_3-0-10.xml

Digg.com
http://www.digg.com/rss/index.xml

k-otik Exploits
http://www.k-otik.com/exploits.xml

Help Net Security - News
http://www.net-security.org/dl/bck/news.rss

IronGeek's Security Site
http://www.irongeek.com/irongeek.rss

Lockergnome's IT Professionals
http://feeds.lockergnome.com/rss/it.xml

Microsoft Security Bulletins
http://www.microsoft.com/technet/security/bulletin/secrss.aspx

Schneier on Security
http://www.schneier.com/blog/index.rdf

SecurityFocus News
http://www.securityfocus.com/rss/news.xml

Slashdot
http://slashdot.org/slashdot.rss

Slipstick - Outlook and Exchange News
http://www.slipstick.com/rssnews/rssnews.aspx

SysAdminHell
http://sysadminhell.blogspot.com/atom.xml

Sysinternals
http://www.sysinternals.com/sysinternals.xml

Techdirt
http://www.techdirt.com/techdirt_rss.xml

TechNet Events (Texas)
http://www.technetbriefings.com/public/RSS/TX.xml

TechNet Magazine
http://www.microsoft.com/technet/technetmag/rss/recent.xml

The Blogcast Repository
http://blogcastrepository.com/roller/rss.ashx

Wired News: Top Stories
http://www.wired.com/rss//index.xml

I use RSS Popper: http://rsspopper.blogspot.com/. It integrates into Outlook. Others that I've used are FeedReader www.feedreader.com (standalone) and Wizz RSS Reader https://addons.mozilla.org/firefox/424/ (Firefox extension).

Information Tools - Part 1: Magazines

2006-07-12T14:42:00.000-05:00

Part of being a SysAdmin is collecting information and staying on top of the change curve. Our industry is in constant change; things you learned a year ago can be obsolete now, and new products are introduced every day. Many issues affect the way things are done, and new concepts change the landscape of IT.

How do you stay on top of these changes? Stay informed. With the shear volume of information out there, it's not an easy task. Magazines, RSS feeds, Email lists are just some of the ways to stay informed.

This post focuses on Magazines. These are the ones I get:

Free (as in no money) Magazines

Network World
www.networkworld.com

InfoWorld
www.infoworld.com

Technet
www.technetmagazine.com

Computer World
www.computerworld.com

Information Week
www.nwc.com

eWeek
www.eweek.com

Information Security
www.infosecuritymag.com

SC Magazine
www.scmagazine.com

Network Computing
www.networkcomputing.com

InfoStor
www.infostor.com

Continuity Insights
www.continuityinsights.com

Most of the free magazines can be found at TradePub.com http://www.tradepub.com/ . They link to the subscription page for quick application.

Cost Magazines

Wired
www.wired.com

Windows IT Pro
www.windowsitpro.com/

Learn the Linux Command Line and Shell Scripting

2006-06-29T13:09:00.000-05:00

You have Linux installed and running. The GUI is working fine, but you are getting tired of changing your desktop themes. You keep seeing this "terminal" thing. Don't worry, we'll show you what to do.

read more | digg story

The COMPLETE command line list for Linux, Windows, Oracle, and MacOS

2006-06-21T01:06:00.003-05:00

Complete list of command line tools you would need. Check it out!

read more | digg story

How to enable remote desktop - Remotely

2006-06-21T01:06:00.002-05:00

Remote desktop is a nice feature of Windows that lets you remotely work on the system as if you were there. Many times you find that you need it enabled - but the machine you are trying to access is tough to reach. This is a simply way to remotely enable it.

read more | digg story

ReviewLinux.Com: GParted LiveCD 0.2.5-1 A Must Have Disc!

2006-06-21T01:06:00.001-05:00

Excellent review on GParted LiveCD 0.2.5-1 ( Gnome Partition Editor ). This review works you through the process of repartitioning a WindowsXP NTFS hard drive. The LiveCD is a must have for all Linux users.

read more | digg story

Tutorials bringing you from newbie to coding pro

2006-06-21T01:06:00.000-05:00

I was looking for a way to learn coding (PHP, Javascript, CSS), and I found this website. Its created by Ron, the maker of "SayBox". It brings you from the ground up with extremely descriptive tutorials in many different coding subjects. Its growing quickly, and more tutorials are being added very often... give it a look and digg on!

read more | digg story

97% of IT workers feel "traumatized" by their job

2006-06-15T17:14:00.000-05:00

According to a survey released this month by Dublin-based consulting firm SkillSoft, 97 percent of IT professionals feel traumatized by their daily work. Indeed, 80 percent of them get tense just thinking about going to the office.

read more | digg story

Running any Linux in Windows without a CD-ROM (for free)

2006-06-13T15:40:00.000-05:00

Running any Linux in Windows without a CD-ROM (for free): "If you are afraid of installing Linux in your hard drive, here you have an article on how to run any version of Linux inside windows without using a CD ROM and with only freeware. Using Easyvmx, VMWare player and a Linux ISO file."

This is incredibly awesome. I've used VirtualPC and VirtualServer (from MS), and both seemed to be fairly good (although I never used them for Linux). I've been plesantly surprised by the performance of VMWare player, and my installation of Ubuntu was quick, easy, and painless using the methods above.

Slashdot | Visual Tour of Office 2007 Beta 2

2006-05-24T10:35:00.000-05:00

Slashdot | Visual Tour of Office 2007 Beta 2: "'Computerworld has a review and visual tour of the newest installment of Office. No more toolbars & menus; those have been replace with 'ribbons.' Of the various products in the suite, Word is the most changed. Styles are easier to invoke, but no easier to create or understand. A couple of the redeeming characteristics is the ability to save as PDF and XPS and an improved Track Changes. Bigger spreadsheets are available in Excel -- over 1 million rows and over 16,000 columns per worksheet -- and new and better visualization abilities. Lots new in Outlook including multiple calendars and direct support for RSS feeds. And the apps all work together better than before."

The RFID Hacking Underground

2006-05-05T15:46:00.001-05:00

Wired 14.05: The RFID Hacking Underground: "They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground."

The best person to hack your system is you

2006-05-01T13:02:00.001-05:00

Computerworld > The best person to hack your system is you: "I’ve always been a firm believer in the idea of hacking yourself. After all, if you don’t hack yourself, the hackers will. So, if you’re a good security administrator, you must learn about the various hacking tools that might be used against your environment, become familiar with them, and use them. "

Security Reference Guide > Handheld War-driving

2006-04-30T15:08:00.002-05:00

Security Reference Guide > Handheld War-driving: "This article will take a look at handheld devices and the tools/equipment that are available for the war-driver on the go. As you will see, there are some facets of PDA based war-driving that have no equal in the PC world (for the price)."

How to Get Vista Back on Track: Open Source It

2006-04-30T15:08:00.000-05:00

How to Get Vista Back on Track: Open Source It: "Opinion: Seriously. It's clear that Microsoft can't do the job right, so why not embrace the enemy and be done with it? "

Theoretical Hacking for IT Managers | Linux Journal

2006-04-30T15:07:00.001-05:00

Theoretical Hacking for IT Managers | Linux Journal: "Not everyone has 'l33t skilz' or mass amounts of hardened TCP/IP stack programming experience. When I'm at work, I don't look at logs all day long, nor do I run security audits every five minutes. I do my job, which takes all of my time. This is the situation for most small to medium sized companies that have only a few IT guys. So how does an everyday IT guy handle the constant threat of impending attack?"

Beyond Rootkits: World's First Standalone Kernel Mode Bot?

2006-04-07T07:58:00.001-05:00

Beyond Rootkits: World's First Standalone Kernel Mode Bot?: "A European student has just developed a Proof of Concept for what the developer believes is the world's first kernel mode IRCbot.

The creator, Tibbar ('Rabbit' spelled backwards), says the difference between this innovation and standard Windows rootkits lies in its crossover ability. Most Windows-based rootkits hide in device drivers, then depend on outside, usermode applications to get anything done."

Microsoft Virtual Server 2005 R2

2006-04-04T13:47:00.000-05:00

Microsoft Virtual Server 2005 R2: "Discover the most cost-effective server virtualization technology engineered for the Windows Server System platform, now available as a free download. A key part of any server consolidation strategy, Virtual Server increases hardware utilization and enables organizations to rapidly configure and deploy new servers."

Wink - Tutorial and Presentation Creator

2006-03-29T15:43:00.000-06:00

Wink - [Homepage]: " Wink is a Tutorial and Presentation creation software, primarily aimed at creating tutorials on how to use software (like a tutor for MS-Word/Excel etc). Using Wink you can capture screenshots, add explanations boxes, buttons, titles etc and generate a highly effective tutorial for your users."

Freeware (for personal and business use), cross-platform, multiple output formats (Flash, exe, PDF, HTML)... Awesome.

Microsoft Delays IE's Active X D-Day

2006-03-29T11:12:00.000-06:00

Microsoft Delays IE's Active X D-Day: "Microsoft is moving full steam ahead with a plan to permanently modify the way Internet Explorer renders multimedia content on Web pages, but in what amounts to an admission that the changes could be disruptive, the software maker plans to give Web developers an extra 60 days to continue making preparations.

The IE update, which results from a multimillion-dollar patent spat with Eolas Technologies, changes the way the browser handles ActiveX controls and could have a significant impact on how online advertising and streaming media content is delivered over the Internet."

Nice. MS is having some issues of late with patent disputes. Not too long ago I received a letter saying that due to a patent dispute, all Office 2003 users need to upgrade to Service Pack 2. Now they're forcing a major change in IE. My suggestion to Microsoft: Think about forcing a major change in your legal department.

GPO Software Restrictions: Software List for Path Restrictions

2006-03-27T15:49:00.000-06:00

So I decided to set up Software Restrictions on my Active Directory network. Of course, I needed a good list of paths to block (I'm using the path method). Unfortunately, I could find no such list and had to resort to digging through HiJackThis logs on Usenet and searches on Google. To help others, here's the list I'm using:

Chat

%ProgramFiles%\MSN\MSNCoreFiles\msn.exe - MSN IM Client 1
%ProgramFiles%\MSN\MSNIA\msniasvc.exe - MSN IM Client 2
%ProgramFiles%\MSN Messenger\msnmsgr.exe - MSN IM Client 3
%ProgramFiles%\Messenger\msmsgs.exe - Messenger IM Client
%ProgramFiles%\AIM\aim.exe - AOL IM Client
%ProgramFiles%\skype\phone\skype.exe - Skype VOIP/IM Client
%ProgramFiles%\AIM+\AIM+.exe - Aim+ IM Client

P2P

%ProgramFiles%\Kazaa Lite K++\kpp.exe - Kazaa Lite P2P Software
%ProgramFiles%\kazaa\kazaa.exe - Kazaa P2P Software
%ProgramFiles%\BearShare\BearShare.exe - Bearshare P2P Software
%ProgramFiles%\LimeWire\LimeWire.exe - Limewire P2P Software
%ProgramFiles%\Shareaza\Shareaza.exe - Shareaza P2P Software
%ProgramFiles%\Gnucleus\*.exe - Gnucleus P2P Software
%ProgramFiles%\Grokster\*.exe - Grokster P2P Software
%ProgramFiles%\eDonkey2000\edonkey2000.exe - eDonkey P2P Software
%ProgramFiles%\Audiogalaxy Satellite\AGSatellite.exe - AudioGalaxy P2P Software
%ProgramFiles%\WinMX\WinMX.exe - WinMX P2P Software
%ProgramFiles%\iMesh\Client\iMeshClient.exe - iMesh P2P Software

Spyware

%ProgramFiles%\free surfer\fs20.exe - Free Surfer Spyware
%ProgramFiles%\MyWay\bar\2.bin\MWSOEMON.EXE - MyWebSearch Email Spyware
%ProgramFiles%\WEBSHOTS\WEBSHOTSTRAY.EXE - Webshots Spyware
%ProgramFiles%\HOTBAR\BIN\4.1.8.0\HBSRV.EXE - HotBar Spyware 1
%ProgramFiles%\Hotbar\bin\Hbinst.exe - HotBar Spyware 2
%ProgramFiles%\COMMON FILES\GMT\GMT.EXE - Gator Spyware 1
%ProgramFiles%\COMMON FILES\CMEII\CMESYS.EXE - Gator Spyware 2
%ProgramFiles%\webHancer\Programs\whAgent.exe - WebHancer Spyware
%ProgramFiles%\AllSpamGone\AllSpamGone.exe - AllSpamGone Spyware
%ProgramFiles%\AdsGone\adsgone.exe - AdsGone Spyware
%ProgramFiles%\Morpheus\Morpheus.exe - Morpheus P2P Software
%ProgramFiles%\iMesh\Client\FTP_back.exe - iMesh Trojan
%ProgramFiles%\POP Peeper\POPPeeper.exe - PopPeeper Spyware
%ProgramFiles%\Power Soft\Free Notes\FreeNotes.exe - FreeNotes Spyware
%ProgramFiles%\SmartBarXP BETA4.9\SmartBarXP.exe - SmartBarXP Spyware
%ProgramFiles%\MYWEBSEARCH\bar\1.bin\mwsoemon.exe - MyWebSearch Toolbar Spyware
%ProgramFiles%\SAVE\SAVE.EXE - WhenU SaveNow Spyware
%ProgramFiles%\BullsEye Network\bin\bargains.exe - Bargain Buddy Spyware 1
%ProgramFiles%\Bargain Buddy\bin2\bargains.exe - Bargain Buddy Spyware 2
%ProgramFiles%\Internet Optimizer\optimize.exe - MoneyTree Dialer Spyware
%ProgramFiles%\Web_Rebates\WebRebates1.exe - TopRebates Spyware 1
%ProgramFiles%\Web_Rebates\WebRebates0.exe - TopRebates Spyware 2
%ProgramFiles%\Speed Disk\nopdb.exe - Speed Disk Spyware
%ProgramFiles%\GetRight\getright.exe - GetRight Spyware
%ProgramFiles%\Common files\WinTools\WToolsA.exe - HuntBar Spyware 1
%ProgramFiles%\Common files\WinTools\WSup.exe - HuntBar Spyware 2
%ProgramFiles%\Common files\WinTools\Wtoolss.exe - HuntBar Spyware 3
%ProgramFiles%\EbatesMoeMoneyMaker\EbatesMoeMoneyMaker.exe - Ebates Spyware
*\win*\System32\msbb.exe - 180Solutions Spyware
%ProgramFiles%\INTERNET OPTIMIZER\ACTALERT.EXE - MoneyTree Dialer Spyware
%ProgramFiles%\ISTsvc\istsvc.exe - IST Spyware
%ProgramFiles%\PrecisionTime\PrecisionTime.exe - Gator Spyware 2

Of course, there are probably hundreds of spyware entries that I didn't include, but these are the most common I've seen. I also could have included more chat apps, like Gaim, Trillian, or Yahoo, but we currently use those in limited deployment. I'm also sure there's more P2P apps, but I don't use P2P so I've just included the ones I've heard of. Also, other apps like iTunes, Winamp, etc could also be inappropriate on other networks, but I tolerate it here.

Please feel free to comment with additional programs that you block...

Here's a link on how to set this up for your network:
Microsoft Windows XP: Using Software Restriction Policies to Protect Against Unauthorized Software: "Using Software Restriction Policies to Protect Against Unauthorized Software"

Microsoft Confirms 'Highly Critical' IE Hole

2006-03-23T09:01:00.001-06:00

Microsoft Confirms 'Highly Critical' IE Hole: "Microsoft plans to release a pre-patch advisory with workarounds for a 'highly critical' vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers."

Microsoft Windows XP: Using Software Restriction Policies to Protect Against Unauthorized Software

2006-03-15T16:48:00.000-06:00

Microsoft Windows XP: Using Software Restriction Policies to Protect Against Unauthorized Software: "Software restriction policies are a new feature in Microsoft® Windows® XP and Windows Server 2003. This important feature provides administrators with a policy-driven mechanism for identifying software programs running on computers in a domain, and controls the ability of those programs to execute. Software restriction policies can improve system integrity and manageability—which ultimately lowers the cost of owning a computer."

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

2006-03-14T16:04:00.001-06:00

A summary of the 10 best LiveCD distributions dealing with security (pen testing, forensics & recovery). With links to download and a little information about each one.

read more | digg story

MSFN's Unattended Windows Guide

2006-03-10T09:10:00.000-06:00

MSFN's Unattended Windows : Unattended Windows Introduction: "Have you ever wanted a Windows CD that would install Windows by automatically putting in your name, product key, timezone and regional settings? And have it merged with the latest Service Pack to save time? Followed by silently installing all your favourite applications along with DirectX 9.0c, .Net Framework 1.1 and then all the required hotfixes, updated drivers, registry tweaks, and a readily patched UXTheme.dll without any user interaction whatsoever? Then this guide will show you how you can do just that! "

Awesome guide, very detailed, easy to read, tons of screenshots.

Checklist: What to do when you've been hacked

2006-02-20T16:38:00.000-06:00

Checklist: What to do when you've been hacked: "You have just gotten the call from an associate at work that the network you're responsible for has been hacked. You're going to need to make some decisions very quickly as to what needs to be done. Individuals who haven't planned for such an event may actually be thinking, 'Do I have a current copy of my resume?'"

Windows XP 15 Minute Tune-Up - Fix Sluggish Performance for Free

2006-02-19T17:30:00.000-06:00

Windows XP 15 Minute Tune-Up - Fix Sluggish Performance for Free: "We've seen Pentium II machines with 128 MB RAM run XP faster than Pentium IVs with 4x the clock speed and 4x the RAM - so what gives? This article will help you figure out why your PC is running slow and outline exact steps to fix it quickly, before throwing in the towel with a format, restore, or new PC purchase."

- A bit newbie -ish but could be a decent resource for a poweruser aspiring user.

Anatomy of a Break In (w/ Ira Wrinkler)

2006-02-17T21:51:00.000-06:00

In two days, Ira Wrinkler and Co. not only pwned a multinational Fortune 500 company's data, but also did so while sitting in their offices and wondering around their data center!!

Awesome read.

read more | digg story

Irongeek: Coffee and Confidential Computer Communications

2006-02-16T12:02:00.000-06:00

The focus of this article is on keeping others from intentionally violating your privacy while you use your laptop at a local coffee house, but most of the principles also apply to other wireless networks you may encounter. - A simple (less-technical) explaination...

read more | digg story

Black Tuesday

2006-02-14T15:42:00.000-06:00

Microsoft Security Bulletin Summary for February, 2006: "Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are 2 Critical and 5 Important"

Only seven this month. Also, due to laziness, I'm just going to link to the Summary from now on.

How To Troubleshoot Any Networking Problem

2006-02-14T12:50:00.000-06:00

Tech author extraordinaire Mark Minasi shares a bit over two dozen "rules of network troubleshooting." This will be new for some, a good review for others, and a handy reference for all.

read more | digg story

Experience of Migrating from WinXP to Linux (Kubuntu)

2006-02-11T01:48:00.000-06:00

Blogger talks about his experiences in switching from WinXP to Kubuntu linux for his primary desktop. Mentions some great apps you may not have heard of (Katapult), screenshots of Amarok in action etc. He also compares some of the Kubuntu apps to the equivalent app in Mac OS X (he has an iBook too).

read more | digg story

Bill Xia, Chinese Firewall Killer

2006-02-11T01:33:00.000-06:00

I know China's firewall has been covered extensively before, but this is an interesting article about Bill Xia, a member of a banned Chinese sect Falun Gong, whose mission is to bring banned information to the Chinese masses.

read more | digg story

Slashdot | Time Management for System Administrators

2006-02-10T14:08:00.000-06:00

Slashdot | Time Management for System Administrators: "'System administrators have a stereotypical reputation for grumpiness and irritability. Sometimes this misanthropy is a cultivated pose, designed to deter casual or trivial requests that would take time away from more important activities like playing nethack and reading netnews. More often, however, sysadmins are disgruntled simply because they can't seem to make any headway on the dozens of items clogging up their todo lists. If you're an example of the latter case, you may find some help in Time Management for System Administrators, the new book from Thomas Limoncelli (who you may recognize as one of the co-authors of the classic The Practice of System and Network Administration). Read the rest of genehack's review."

99 performance tips for WinXP

2006-02-10T13:05:00.000-06:00

Massive list of simple tweaks to improve your rig's performance.

read more | digg story

Programmers get their own search engine

2006-02-08T10:43:00.000-06:00

A tool, known as Krugle, is designed to deliver easy access to source code and other highly relevant technical information in a single, clean, easy-to-use interface for programmers. Krugle works by crawling, parsing, and indexing code found in open source repositories and code that exists in archives, mailing lists, blogs, and Web pages.

read more | digg story

How to Add Patches/Modules to the Back|Track Pen-testing Live CD

2006-02-07T09:52:00.000-06:00

New video from IronGeek showing how to add patches and extra modules to the Back|track pen-testing Live CD using MySlax.

read more | digg story

Security of Live Web Services

2006-02-03T17:21:00.000-06:00

Marc Maiffret is a worried man.

...

"Today I can buy software, test it and confirm for myself that it's secure for my use. In the new world, even if Live.com is secure today, Microsoft could make changes tomorrow and there's no way to know if I'm secure tomorrow. That's a legitimate concern."

read more | digg story

DNS Stub Zones in Windows Server 2003

2006-02-03T16:52:00.001-06:00

DNS Stub Zones in Windows Server 2003: "Stub zones are a new feature of DNS in Windows Server 2003 that can be used to streamline name resolution, especially in a split namespace scenario. They also help reduce the amount of DNS traffic on your network, making DNS more efficient especially over slow WAN links. This article will look in detail at what stub zones are, how they work, and when to use them."

Active Directory Sites and Services

2006-02-03T16:52:00.000-06:00

Active Directory Sites and Services: "This guide explains how to use the Active Directory Sites and Services snap-in to administer replication topology both within a site in a local area network (LAN) and between sites in a wide area network (WAN)."

Portable Apps Suite

2006-02-01T14:41:00.000-06:00

Portable Apps Suite | PortableApps.com: "Portable Apps Suite™ is a collection of portable apps including a web browser, email client, web editor, office suite, word processor, calendar/scheduler, instant messaging client and FTP client, all preconfigured to work portably and be easy to back up. Just drop it on your portable device and you're ready to go.

Portable Apps Suite Contains: Portable Firefox (web browser), Portable Thunderbird (email client), Portable OpenOffice.org (office suite), Portable AbiWord (word processor), Portable NVU (web editor), Portable Sunbird (calendar & task list), Portable FileZilla (FTP client), Portable Gaim (instant messenger) and will fit on a 256Mb USB thumbdrive."

Removing unused device drivers from Windows XP machines

2006-02-01T12:55:00.000-06:00

"Did you know that unless you uninstall a device driver on a Windows XP machine that it still may be sucking up valuable system resources? Here are step-by-step instructions on how you can view and remove these unnecessary devices."

read more | digg story

The Top 10 Infosec Myths

2006-02-01T09:23:00.000-06:00

The Top 10 Infosec Myths: "When it comes to information security, there's a lot of popular wisdom available, but much of it is unfounded and won't necessarily improve your organization's security.

Here are 10 network security myths that bear further examination."

Why Reboot?

2006-01-30T22:43:00.000-06:00

Exodus WhyReboot is a small (60KB) Windows application that displays a list of pending file operations that will occur after rebooting your computer. This is useful in determining why an installer has notified you that a reboot is needed.

- Nice utility.. I've needed something like this many times in the past.

read more | digg story

List of RSS readers

2006-01-29T20:25:00.000-06:00

This is a comprehensive list of RSS aggregators, organized by platform. It includes many lesser-known ones, as well.

Lists for Windows, Mac, Linux, Mobile phone, PDA, and Blackberry.

read more | digg story

Make your own VMs with hard drive for free: VMware Player + VMX Builder (Hacking Illustrated Series)

2006-01-25T17:31:00.000-06:00

Make your own VMs with hard drive for free: VMware Player + VMX Builder (Hacking Illustrated Series): "In my last video I showed how to use the free VMware Player to boot a Live CD ISOs. This time I’m going to show how to use Robert D. Petruska’s VMX Builder to make your own VMs with hard drives (vmdk file) and pretty much any virtual hardware you want."

Active Directory Step-by Step-Guides

2006-01-24T16:30:00.000-06:00

Active Directory Step-by Step-Guides: "These guides step through the fundamentals of the Windows Server 2003 operating system, with emphasis on features enabled by Active Directory. Learn about common scenarios, including desktop and server management, the Group Policy Management Console, and using Active Directory to strengthen security. Whether you support a small, medium, or large enterprise, these guides help you take advantage of Active Directory's key benefits: increased operational efficiency, improved security, and enhanced productivity."

NetBackup Faq-O-Matic

2006-01-22T10:12:00.000-06:00

NetBackup Faq-O-Matic: "This FAQ is automatically maintained by members of the NetBackup Mailing List. "

Looks like a good resource for those "lucky" souls tasked with maintaining a Veritas NetBackup system.

Lifehacker Pack - Lifehacker

2006-01-22T09:32:00.000-06:00

Geek to Live: Lifehacker Pack - Lifehacker: "Recently Google released a collection of free software for Windows called Google Pack. The big G made some good applications choices for the Pack and a couple of atrocious ones (RealPlayer *cough* Norton *cough*).

Coincidentally, a year ago, when Lifehacker was still just a turkey in the oven, my publisher and I discussed releasing a CD of the best free software. We never got around to it, but if we did, here’s a list of applications I’d include in Lifehacker Pack."

Data Mining using Google

2006-01-20T15:56:00.000-06:00

CyberWyre » Data Mining using Google: "Google (and many other search engines) has the ability not only to search on keywords, but also using a more “database-ish” query language to really narrow down your search results. Below is a summary of a few of the most useful lesser known features. "

How to raise domain and forest functional levels in Windows Server 2003

2006-01-20T11:54:00.000-06:00

How to raise domain and forest functional levels in Windows Server 2003: "This article describes how to raise the domain and forest functional levels that are supported by Microsoft Windows Server 2003 domain controllers. Functional levels are an extension of the mixed/native mode concept introduced in Microsoft Windows 2000 to activate new Active Directory features after all the domain controllers in the domain or forest are running the Windows Server 2003 operating system. When a computer that is running Windows Server 2003 is installed and promoted to a domain controller, new Active Directory features are activated by the Windows Server 2003 operating system over its Windows 2000 counterparts. Additional Active Directory features are available when all domain controllers in a domain or forest are running Windows Server 2003 and the administrator activates the corresponding functional level in the domain or forest. "

System Information for Windows Freeware

2006-01-18T16:57:00.000-06:00

System Information for Windows by Gabriel Topala - "The Freeware SIW is a Read-Only / Display-Only System Information tool that gathers detailed information about your system properties and settings.

SIW is an utility that displays detailed specs for motherboard, BIOS, CPU, devices, memory, video, disk drives, ports, printers, operating system, installed programs, processes, services, serial numbers (CD keys), users, open files, system uptime, network, network shares, as well as real-time monitors for CPU, memory, page file usage and network traffic."

Very nice utility, especially since it does not require an install to get all of the data needed.

Scott Hanselman's 2005 Ultimate Developer and Power Users Tool List

2006-01-18T13:35:00.000-06:00

ComputerZen.com - Scott Hanselman - Scott Hanselman's 2005 Ultimate Developer and Power Users Tool List: "Everyone collects utilities, and most folks have a list of a few that they feel are indispensable. Here's mine. Each has a distinct purpose, and I probably touch each at least a few times a week. For me, util means utilitarian and it means don't clutter my tray. If it saves me time, and seamlessly integrates with my life, it's the bomb."

Awesome (HUGE!) list.

nubuntu - Network Ubuntu

2006-01-17T16:52:00.000-06:00

nubuntu - Network Ubuntu: "nUbuntu is a collection of network and server security testing tools, piled on top of the existing Ubuntu system. While aimed to be mainly a security testing platform, nUbuntu also operates as a desktop enviroment for the advanced linux user."

Useful Links to ASU sites

2006-01-17T16:51:00.000-06:00

Quick Reference Cards - Nice collection of Reference Cards.

2006-01-09T16:53:00.000-06:00

Quick Online Tips: 50 Best Firefox Extensions for Power Surfing

2006-01-01T14:40:00.000-06:00

Quick Online Tips: 50 Best Firefox Extensions for Power Surfing: "There are hundreds of firefox extensions on the web. Which ones do you use? Here is my attempt to collect the 50 best and popular firefox extensions which make your browsing, downloading and navigation in Firefox as easy as possible, while harnessing the full power and features of Firefox."