Dual boot Windows 7 x64 Pro/Ent/Ultimate with Ubuntu 10.04.3LTS x64
Inssider – Great for finding SSIDs, models of access points, security information, and channels of wireless networks
Angry IP Scanner – My favorite IP scanning utility is great for finding open web servers, DNS servers, or anything with RDP open
Putty – Terminal emulation software
FireFox – I still enjoy this more than Chrome, but they both have their place. Include Adblock Plus, Web Developer, NoScript, and GreaseMonkey with Youtube Auto Buffer and experts-Exchange
Terminals – My favorite RDP saving utility
CDBurnerXP – Burns ISOs, music, data
ISORecorder – Creates ISOs from folders or drives
CPUID’s CPU-Z and HWMonitor – Monitoring hardware in your system
NMAP-Zenmap GUI – NMAP for windows
WinSCP – SCP client for windows
Notepad++
NetIQ ADCheck
TightVNC
ThreatFire
Secunia PSI
Nod32
Filezilla
Iometer
Gimp
Orca
Pidgin
java
7zip
Category Archives: Microsoft
All Microsoft Products (Exchange, SQL, Windows, Server)
Force WSUS Update
It doesn’t happen too often, but I find myself requiring this script from time to time:
net stop wuauserv
REG DELETE “HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v LastWaitTimeout /f
REG DELETE “HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v DetectionStartTime /f
Reg Delete “HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
Or just open a command prompt and type
wuauclt /detectnow and see if that works.
Server 2003 BSOD processor.sys
There was a server that converted from a physical machine to a virtual one on a Virtual Server 2005 box. I was tasked with moving this server from 2005 to proxmox.
Transfer success! BSOD after reboot. Turns out there’s a registry key that’s a little funky:
http://blogs.msdn.com/b/virtual_pc_guy/archive/2005/10/24/484461.aspx
basically hklm\system\current control\services\processor
change the start value to ‘4’ – mine was at 3. no more bsod.
Owncloud Ubuntu
I was recently tasked again to come up with a better solution than using dropbox. iFolder is great when it was working, at least from an IT perspective. The end users thought it was a little bit bulky and wanted something a little easier to use and understand. That’s when I saw owncloud – It had all the features of webdav without many of the headaches.
Owncloud is opensource – they even have packages for Ubuntu! I was excited.
apt-get install mp3info curl libcurl3 libcurl3-dev php5-curl zip build-essential
wget http://owncloud.org/releases/owncloud-1.2.tar.bz2
tar xvjf owncloud-1.2.tar.bz2
mv owncloud /var/www/
chown -R www-data:www-data owncloud/
**EDIT2** it’s now up to final 2.0 http://owncloud.org/releases/owncloud-2.tar.bz2
Browser to http://serveripaddress/owncloud
There is no LDAP setup quite yet. Maybe next revision?
Since I wanted to connect a windows machine to this server as a test, I setup a user and then attempted to connect to the webdav.
Unfortunately we require another piece of software to be installed to support owncloud:
http://www.netdrive.net/
NetDrive is free for personal use. Webdrive, a variant of NetDrive, is not free. If this gets approved by the PTB, then we’ll end up buying maybe 25 licenses (for developers).
After the install of netdrive and a reboot, you can connect to your owncloud server!
You may have noticed on the http://serveripaddress/owncloud site when you logged in as the administrator, you can see at the very bottom of the page:
“Hint: Mount it via webdav like this: webdav://address/to/your/webdav/here/owncloud.php”
You will need that entire address to connect using NetDrive.
After connection you will see your webdav drive as a shared drive on My Computer.
***EDIT***
Turns out that you don’t require this software. You can just edit a registry key and add it to you windows 7 machine without issues:
Start the WebClient service
Add the following key in regedit
HKLM\SYSTEM\CurrentControlSet\services\WebClient\Parameters
“BasicAuthLevel” set to “2”
Since this is an external/internal facing server, I had to secure it up a bit.
Firewall rule only allowing ports 80, and 443. SSH can be accessed internally only.
I edited the hosts file to deny all, and only allow certain ranges for my networks:
Hosts.deny
sshd:all
Hosts.allow
sshd:internaliprange/24 publicip anotherip
nano /etc/fail2ban/filter.d/apache-owncloud.conf
# Fail2Ban configuration file
# Author: TheLibrarie.com
# $Revision: 001 $
#[Definition]
failregex =-.* 401 499
OR
failregex =-.*POST.*/index\.php
ignoreregex =
Test with the regex
fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/apache-owncloud.conf
As that worked, I put the following in my /etc/fail2ban/jail.local
[owncloud]
enabled = true
port = http,https
filter = apache-owncloud
logpath = /var/log/apache/access.log
maxretry = 5
/etc/init.d/fail2ban restart
I also noticed that someone could simply navigate to http://servername/owncloud/data and see all the usernames and then drill down into all of the files. Obviously a huge issue.
I edited /etc/apache2/sites-available/default to disallow directory listing for the entire site:
nano /etc/apache2/sites-available/default
Under “Directory /var/www/>” Change the following line from:
Options Indexes FollowSymLinks MultiViews
To
Options -Indexes IncludesNOEXEC FollowSymLinks MultiViews
apache2ctl restart
Final Thoughts:
After I run through some more testing on my end, I will unleash it to the QA department to hit the crap out of it. If it still passes testing, I’ll implement SSL. And then test again. Then release to the masses.
**EDIT3**
I’ve installed the 2b1 beta – there is LDAP, but I haven’t configured just yet. I had to write this down before I forget:
Change PHP to allow larger than 2MB file uploads
nano /etc/php5/apache2/php.ini
Search for “2m”
Change to 10m
Save, quit, restart apache
**EDIT4**
IE9 has some issues with compatibility mode for this software. I had to add this to the html meta portion (:
meta http-equiv="X-UA-Compatible" content="IE=9" /
**EDIT5**
I was having problems with downloading certain docx files – the server was thinking these were actually compressed archives. I had to edit the mimetypes.fixlist.php file with the following:
nano /owncloud/lib/mimetypes.fixlist.php
'docx'=>'application/msword',
ETC – add any other applications you require
Cannot Mount New Database Exchange 2010
I had created a new Exchange infrastructure for a customer:
2x Mailbox Role servers, each will have 4x 40GB databases
1x CAS and Hub role server
OK, so it sounded more impressive before I typed it out, but I digress…
I created a new database and attempted to mount it and received some cryptic MAPI error. Googled it:
http://support.microsoft.com/kb/977960
Basically AD isn’t replicating fast enough when you have multiple domains in the same forest.
Fix:
Open Exchange PowerShell
Set-ADServerSettings -PreferredServer FQDN.of.your.primary.global.catalog
Console Performance Windows VMWare
I had been installing plenty of Windows Server 2008/R2 servers on the VMWare infrastructure as of late. The only issue I could find was after installation – the console connection would drag. It seemed like the server was very slow at responding. RDP into the server and blamo, everything slow about the console went away. I didn’t really think much of it until a fellow IT worker (Bib) brought it up after his first time using ESXi. Apparently it all comes down to a driver that doesn’t get installed by default.
ESXi 4.1 patched through April 2011 (two outstanding updates slated for install next month)
Windows Server 2008 R2 as a test
VM Tools fully up to date
Windows Updates fully patched
Here’s the fix:
Open Device Manager
Expand Display adapters – you should see Standard VGA Graphics Adapter
Right-click on this and choose Update Driver
Select Browse my computer for driver software
Browse to C:\Program Files\Common Files\VMware\Drivers\wddm_video
Finish the wizard, then reboot the guest
Next time you’re in the console you should see VMware SVGA 3D driver listed for the display adapter. And you’ll notice the system seems a lot more peppy.
Import Export PST Exchange 2010
In 2003 we could use a standalone utility called Exmerge. In 2007/2010 we’re forced to utilize the built-in standards of the PowerShell. I’m not complaining too much as I really enjoy the command line more than the GUI, but I’d prefer if Microsoft would keep to the same standard through all the version increases (exmerge worked in 5.5, 2000, and 2003 exchange).
So first thing is first – assign the Mailbox Import Export role to your user. Note: even if you’re using the domain administrator account with which you installed Exchange 2010, you will have to do this – by default NO users have this ability.
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User YOURUSERNAMEHERE
Or if you want to give an AD group this role, and avoid any future powershell typing:
New-ManagementRoleAssignment -Role "Mailbox Import Export" -Group ADGROUPHERE
Now you must install Outlook 2010 x64 on the Exchange Server. I honestly have no idea why this is required, but apparently you get the following message if it’s not installed:
To export to or import from a .pst file, the 64-bit version of Outlook 2010 or later must be installed on the server to which you are connecting (server fqdn).
So then run the following command to export:
Export-Mailbox -Identity USERNAME -PSTFolderPath c:\path\to\saving\file.pst
Then you can import using a similar command:
Import-Mailbox -Identity USER@EMAILADDRESS.TLD - PSTFolderPath c:\path\to\saved\file.pst
If you want to import all of the pst files in a certain directory, make sure the pst is named with ‘alias.pst’ where alias is the name of the mailbox to which the data shall be imported.
Dir c:\path\to\pstfiles | Import-Mailbox -StartDate 01/01/2010
If you leave off the startdate, it will merge all mail in the PST
http://technet.microsoft.com/en-us/library/bb629586.aspx
***EDIT***
So apparently the above did not work on the Exchange 2010 SP1 system I was running against – command not found. Perhaps it was because I refused to install Outlook 2010 x64 on the system. Perhaps that was meant for pre-SP1? Or maybe 2007? I stopped really caring.
You still have to assign the Mailbox Import Export role to the user running the command.
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User USERNAMEHERE
Export the mailbox to a PST
New-MailboxExportRequest -Mailbox MAILUSERNAME -FilePath "\\path\to\dir_or_c:\path\to\dir\FILENAME.pst"
Check the progress of your export
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics
Remove the request after completion
Get-MailboxExportRequest | Remove-MailboxExportRequest
Thanks to Stevieg http://www.stevieg.org/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst/