Dales Diary
Musings of a sysadmin
More Free Tools
0
This tool originally I had a bit of trouble finding a use for but the more I used it the better I thought it was. This is basically a dialogue box that pops up when you press alt-space and you tap in the name of the application you want to launch and it will start. Now normally you would think that the vista search bar would be the same thing but launchy is quicker and seems to find alot more of your applications than the search bar does, and obviously in XP you don’t have that option anyway.
Lansurveyor Express Limited Free Edition
Well this is not normally free but solarwinds the people behind lansurveyor have opted to give away its express version absolutely free for a limited time only. This scans and creates a visio document of your live network. So its a great quick way of actually creating a network map which should save a good few hours of messing about with visio. Normally this tool retails for $499 so even if you don’t think you need it now I would urge you to get it because one day you will be asked for a network layout. CLICK ME for a quick demo of lansurveyor
Next Steps
01045 days
by admin
in Uncategorized
Well, I’ve managed to get SQL enterprise edition installed on a server and also citrix xenapp installed on another. At the moment the install on both were a bit more of a bodge than I’d like but obviously as I learn more then I’ll rip them down and do a couple of reinstalls to home the skills. As I say I’ve never really used sql much so whilst I’ve installed the server and also the tools I’ve no idea what to do with it. Which is kinda cool in a way because it means I’m going to be learning something totally new to me.
Hooray
01050 days
by admin
in Uncategorized
Well that’s it then, on my second try I passed the 291 exam with 842, much improved score than my first 641 so now I’m a a fully paid up MCSA. So at the moment I’m a very happy man and am busy updating all the people that need to know, the welcome kit has also already been ordered so should get that through in a few weeks.
Now I shall have a few weeks rest before embarking on any more studying, but I already have the books for the next exams. I have ordered Citrix xenapp book as I am really interested in learning more about citrix (and also becoming a CCA) and also I have ordered a book on SQL 2005 (exam 70-431) which is another technology I am interested in. Both exams will benefit my employer as both products are used and whilst I administer a couple of Citrix farms I know very little about sql so I thought this exam will ease me in nicely and will also be my elective sorted for the MCSE if I decide to go the whole hog (as we are a Novell shop then at the moment there is no point).
So where does this leave the blog, well I think it will probably have to be updated to show what I am studying at the time so you will see plenty of posts on sql server and Citrix Xenapp, but please still feel free to pop by if something is pepping your interest.
So now I’m re-thinking my lab and I’ll already removed my rras servers as I wont be needing those for a while and I’ll have to create a couple of new servers to house sql databases and citrix applications. So once I have my lab sorted I’ll post a new network diagram.
www.dales-diary.co.uk
01062 days
by admin
in Uncategorized
Hi all,
Just a quick post to say that in a few days the blog will have a new domain name. www.dales-diary.co.uk. The host will not change so you will still be able to access the blog from www.dales-diary.blogspot.com but you will be presented with a redirect message (accept that and you will still have normal access). So if im lucky enough to A have any regular readers at all and B you are subscribing through an RSS reader then you may need to update the reader to point to the new domain.
Security Templates
01063 days
by admin
in Uncategorized
Hi all, thought I would do a quick blog with a basic run down of the names and functions of the security templates that are available by default in windows server 2003. I’ll post a bit more on their usage when I’ve actually read about them.
| COMPATWS | This template amends file and registry security permissions to assist older applications to run. |
| DCSECURITY | This applies the default security setting for a domain controller. |
| HISECDC | This template secures a domain controller by increasing NTLM security and disabling additional services and applying more stringent registry and file permissions. It also removes all members of the power users group on the domain controller. This template is more secure than the securedc template. |
| HISECWS | This as the name implies is very similar to the hisecdc but it also limits members of the local admins to the domain admins accounts and the local administrator. |
| LESACLS | This template changes registry key permissions that are part of Internet Explorer to everyone full control. |
| ROOTSEC | Applies root permissions to a system drive. |
| SECUREDC | This template limits account policies and only allows NTLMv2 and Kerberos to be used for logons. |
| SECUREWS | This template applies the same restrictions as the securedc except of course its applied to a workstation. |
| SETUP SECURITY | This template sets security permissions the same as when the operating system was first installed. |
| DEFLTSV | This applies the default server template used during its installation. |
| DEFLTDC | This applies the default domain controller template used during a dcpromo. |
Network Security
01063 days
by admin
in Uncategorized
I’ve now finished reading up on DNS in my MSPress book, hopefully that will be enough to do me well on the big day, so i am now on network security which is another area that I got around the 50-60% mark in my first attempt. So you may see a few security related posts going up shortly. I’m just about to write one listing the security templates and their usage so that will be making an appearance soon.
Hmailserver
01069 days
by admin
in Uncategorized
Well, I’ve been very surprised by this little product. Its fantastic at the moment I’m only using it internally to email event logs and stuff to specific address but it works brilliantly. Also it works great with clamwin AV and also can be integrated with opensource webmail providers like squirrelmail. Also you can add spam filters to it by similar means.
Its so easy to set up and get this the install file is only 2.8MB. It requires the .net framework to be installed as a dependency but it really is a great little server app and if I ever become a sys admin for a small cash strapped company I would seriously consider this as an option! Granted it probably cannot synch with BES or anything funky but for an email platform its perfectly adequate for the job.
Aging and Scavenging
0Hi all,
I’ve just written up a quick tutorial on aging and scavenging, its only really a scrappy quick one but as usual please feel free to download it, and tell me what you think.
Secure Dynamic DNS updates
0So reading a bit more about DNS I’d thought I’d write a little about the secure DNS update feature.
When the Zone properties of an Active Directory Integrated zone is modified to allow secure updates Kerberos is used.
Things to keep in mind is that legacy clients cannot perform dynamic updates (think pre windows 2000 systems) in which case the dhcp server can be configured to update the dns records for the legacy client.
Good things about secure updates.
Because it uses the Kerberos protocol you can be sure that the client has authenticated to the domain and has a valid computer account (have a look at my Kerberos tutorial for more info).
So that’s the good stuff, now consider that because Kerberos is used to authenticate the client. Consider a win98 box. This cannot perform dynamic updates of any kind so a DHCP server can register the DNS records for it (if configured to do so). Because Kerberos is used to authenticate the originating client the DHCP server then becomes the owner of that record. Now a slight issue arises from a good idea. Owners of a record are the only clients that can update the resource record in DNS (from an automagical system point of view).
Now consider that the Windows 98 box is upgraded to windows XP (unlikely I know because of the probable age of the hardware but still worth knowing for the exam). Now the upgraded Windows XP box can perform its own dynamic updates. So XP boots and attempts to update its DNS record and….. its fails. Because the “OWNER” of the DNS record is the DHCP server that used to handle updates for it when it was a windows 98 OS. In that instance someone would have to manually delete the record and either recreate it correctly or reboot/renew etc the client pc so it attempts to update DNS again.
This can be resolved by adding systems to a group called DNSUpdateProxy, which stops the owner information being sent when the client/dhcp server attempts to perform a DNS update.
Also worth a thought is what happens if you have a network with one DHCP server/200 win XP boxes and 50 win 98 boxes. Friday evening (it always happens on a Friday) your dhcp server explodes magnificently, and you receive a phone call just after you’ve popped the lid on your favourite beer.
So you drag yourself back to work commission another server as a dhcp server reconfigure the scopes and then go home for whats left of your weekend.
Eventually you will notice that all of the win 98 boxes are not getting their records updated because all those records were owned by the DHCP server which is now being used as your deskside cupholder. So you will have to manually delete all those DNS records and get the DHCP server to attempt to re-register the DNS records for the clients. This can be avoided if you use the DNSUpdateProxy group. Because DNS will not know who the owner of the record was only that it was authenticated by Kerberos.
Excellent Open Source Applications
01074 days
Hi all,
Just a real quick post pointing you to two really cool OSS applications.
One is called Spiceworks and it enables you to scan your network and create an inventory of all devices found without days and days of mapping and writing from scratch. Also it has a built in helpdesk system. So for a small company or limited budget you could use this as your helpdesk and basic change management system. At the very least I would advise you lot to download it and get it to scan your network. Its brill!
Also is an opensource email server I have found called hmailserver. Whilst I have not deployed it yet (too busy geeking over my 291 books). I would really like to get this up and running and put it through its paces. It includes a webmail subsystem as well as access from your favourite smtp/pop client. I would love to get this up and running at the same time as my exchange box and compare the two.
Recent Comments