Increasing the amount of concurrent Vmotions

0
621 days
by in vmware

Here’s a nice little tip which has helped my ESX production deployment no end. By default ESX 3.5 will only vmotion 2 guests at a time which if you have a few on the host can add up a bit of time. It can also cause update manager to fail if the vmotion of the guests takes too long.

Simply change the vpdx.cfg file (normally in c:\docs & settings\all users\app data\vmware\vmware virtualcenter ) file on your vcenter server to the value you desire and restart the virtualcenter service.

The change is required inbetween the <vpdx></vpdx> marker tags and you will need to insert the following:

<ResourceManager>

<MaxCostPerHost>16</MaxCostPerHost>

</ResourceManager>

Now the trick with this is to decide what you want the max cost to be and as usual there is a little light maths involved:

A Hot Migration = 4

A Cold Migration = 1

So if you wanted 4 hot migrations to run concurrently then you would need to add 16 as the max cost. As with all fiddling with production servers you should make a backup of the vpdx.cfg file first before making any changes and then make small changes to the max cost ensuring nothing is honking during the migrations.

Deploying ESX4 VSphere guide

0
621 days
by in vmware

Those lovely people over at Xtravirt have had this guide kicking around for a while now and its a brilliant read to get you up to speed with deploying VSphere whether you are a old hand at previous versions or a total newbie!

Check it out, its always worth saving this doc in your tech docs as you never know when it may come in handy!

LINKY

Control panel as admin under IE7 and above

0
633 days
by in Uncategorized

Hi all,

Here’s a quick little tip for you that hopefully may help you guys a bit. Most of us probably still support XP mainly in our enviroment and since IE7 you probably noticed that you cannot do the old right click runas admin and then entering “Control Panel” into the address bar. This was a nice and quick way to get to make administrative changes within the control panel without logging the user out (because all users only have user rights dont they!)

After a bit of digging I have found a way to get into the control panel as admin under as user account again.

What you need to do is whilst logged in as a normal user navigate your way to the c:\windows folder within that folder will be a hidden folder either called IE7 or IE8 (its hidden so you may have to show hidden files and folders). Within that folder you will find the old IE6 style exe and you can quite happily right click and runas on that. You will then open IE6 and will be able to navigate to the control panel as you used to.

Its really handy to still have that funcionality however I think it might rather be a security risk as Microsoft appear to have swept IE6 to the side of the OS rather than replaced it entirely with IE7 and above.

Windows 7 Applocker and Software Restriction Policies PT1

0
730 days
by in Uncategorized

Thought I’d knock out a quick blog post on my studies of Windows 7′s implimentation of Applocker and SRP’s. Now traditionally SRP’s have been good in theory but if you attempt to use them they will lead to a world of hurt. The same is still true so unless you REALLY REALLY need to lock down your systems that much then leave well alone. Still its covered in the exam objectives so I gotta study it in some form.

Software restriction policies are a way of limiting the applications that can be executed on windows 7. These policies are set in group policy so they can be set on the local workstation or as part of an AD GPO distribution. Applocker does the same thing but in a slightly different way (and it also overides a clashing SRP).

To begin to configure a SRP you will need to get into either the local workstations gpedit.msc tool or AD’s GPO editor and drill down into COMPUTER CONFIGURATION/WINDOWS SETTINGS/SECURITY SETTINGS/SOFTWARE RESTRICTION POLICY. The container starts life empty so you will need to right click on the node and choose “Create software restriction policy”.

You will then be greated with these new options

From within the Security Levels you have 3 available options which are Disallowed, Basic User and Unrestricted. These 3 settings will specify the default options for applications that have no specific rule defined. Disallowed obviously means that software with no specific policy defined will not be allowed to run. Basic User allows software to run that does not have a specific policy defined providing that it requires no administrative access to the file system etc. Unrestricted simply means that any software will be allowed to run that does not have a specific SRP defined. To enable any of these settings you need to open the setting type you want and click the set as default button.

I shall miss out on the Additional Rules section for the moment as this is where you set specific rules for applications. The next option down is Enforcement, this defines how strict the default policies are, configurable options include applying the policies to all software files excluding or including DLL files etc. You can also specify if the SRP’s apply to users or all users including administrators (dangerous) and ignoring or enforcing certificate rules.

The Designated File Types option specifys what is considered to be executable file types (in addition to exe and vbs), from this menu you can remove any of the default types or add your own.

The Trusted Publishers option allows you to specify who is allowed to manage the list of trusted pulishers and you can set either to allow both users and administrators to manage the list, or just administrators or just enterprise administrators. There are also 2 other settings you can change which relate to checking whether the publishers certificate is still valid or not.

Looking at this post I think I will split this into two or three posts, I will go into actually creating a SRP in the next blog but for now heres a video of a basic one in action.

Comptia Lifetime certs now with less lifetime

0
748 days
by in Uncategorized

CompTIA have recently dropped a bombshell (I say dropped I actually mean sneaking it through the backdoor) by changing their policies.

The policy change is to do with how long test takers certifications last (including their A+,N+ and Sec+ certifications). Historically their certifications have been for life but they have now changed it to just 3 years which after such time you will need to take the highest exam again to renew all of your certifications. This you would think would apply only to those who are certified after the date of the policy change but I’m afraid not dear reader, this currently also affects ALL test takers who have EVER passed a CompTIA exam. This is now the case that anyone who certified before december 31st 2010 will retain their lifetime cert status, those certifying after that date will need to re-certify their highest comptia cert every 3 years should they wish to keep their certifications. The below rant is kept for historical reasons only!

So all of a sudden my lifetime A+ certification is now expiring and I will be required to take the test again should I wish to renew it.

CompTIA’s official line is that they are bringing their policies in line with other certification vendors (sources I have read on the internet suggest they have cited the likes of Cisc0 and MS having a renewal policy, Cisco do but MS do not have such a policy). However this smacks a little of a money making scheme to me.

I can understand that thinking recertification is a good thing because technology does move on at a fair rate so my A+ taken back in 2003 talked about 400Mhz cpus etc is vastly outdated, however there is one big glaring problem with the renewal policy. The A+ and similar exams are meant for entry level candidates looking to break into IT, who in their right mind 3 years down the line in their IT career are going to go back are renew that A+ or whatever, when they are more than likely will have higher level certifications or knowledge that renders the A+ obsolete anyway.

So why am I worried about the change then well TBH it does not really bother me were it not for a couple of facts, a couple of years after the millenium I decided I wanted to get into IT, I bought the relevant Mike Meyers book studied lots and lots and took the 2 exams required to become A+ certified. This back then was a lifetime certification no matter what happened I would always be A+ certified and which is also why each exam was extremely expensive to take (from memory it was about £130 back then, considering today MS exams are £88 a pop). Now they have suddenly changed their mind and want to take that certification away from me I dont think its fair. The DVLA wouldn’t say to me that even though I passed my driving test under the understanding that I would not need to take it again until 65 that actually I need to take it again after only 15 years why should CompTIA be allowed to do this!

At the end of the day I have left that certification way behind and can quite happily mark it as expired or strike it off my CV however its the point that I studied and paid for a lifetime cert and now its not!

Their are rumblings on certification forums of class actions etc against CompTIA so we shall have to see how this eventually pans out! I shall be checking out CompTIA’s news pages over the next few weeks with great interest.

http://www.comptia.org/certifications/listed/renewal.aspx

EDIT: Well it looks like they are rightly reversed their decision and are now only imposing their 3 year renewal for people who take their tests after 2011. So thats a good result for us who already have the certification and it may well jolt some into taking the test before the lifetime certification ends.

Windows 7 Minimum Requirements And Features

0
748 days
by in Uncategorized, Windows 7

Hi all,

Im starting to read my win 7 books now so will be putting up a few posts around my studying. The first blog post is about the minimum hardware requirements of windows 7 and also its features.

Firstly Windows 7 has 6 different editions which are: STARTER, HOME BASIC, HOME PREMIUM, PROFESSIONAL, ENTERPRISE, ULTIMATE.

The hardware requirements for 7 Starter and basic are as follows:

1Ghz x86 or x64 CPU

512MB’s of RAM

20GB hard disk (for x64 version) or 16GB hard disk for x86 version both must have 15GB free.

A graphics card that supports DX9 and has at least 32MB of Ram.

Windows 7 Home Premium and upwards requires:

1Ghz x64 or x86 CPU

1GB’s of RAM

40GB hard disk (15GB free)

A graphics card that supports DX9 and has a WDDM driver with pixel shader 2, 32bits per pixel and 128MB or RAM.

As always these minimum requires are of the OS only and you will find that Windows 7 will probably be usable but slow, adding applications will often make these systems too slow to use sensibly so you will need to install win7 in the real world on computers that are far better than the specs above.

Other hardware restrictions in windows 7 editions include support for up to 8GB or RAM in the x64 versions of Starter and Home Basic, whilst Home Premium is up to 16GB or RAM on x64 editions. All higher editions (Pro/Ent/Ult) are only limited by the x64 architecture which limits the RAM to 128GB (still if you get that in a laptop in the next few years your doing well).

The below table shows some of the major features of Windows 7 and which edition supports it.

Starter Home Basic Home Premium Professional Enterprise/Ultimate
Features
Windows Aero N N Y Y Y
DVD Playback N N Y Y Y
Media Center N N Y Y Y
IIS N N Y Y Y
ICS N Y Y Y Y
Join Domain N N N Y Y
EFS N N N Y Y
AppLocker N N N N Y
Direct Access N N N N Y
Bit Locker N N N N Y
RDP N N N Y Y
Branch Cache N N N N Y

Passed VCP 310

0
765 days
by in Uncategorized

Hi all,

Well I passed my VCP exam back on the 11th December. Very pleased with that as it had only been announced a couple of weeks ago that the exam was retiring at the end of the year, So my studying suddenly increased 10 fold.

The exam itself seemed mostly fairly simple and the questions weto the point (not like the MS ones where they tell you about jane and dans breakfast routine before getting onto the NTFS issues).

I understand that the exam has also now been extended  until the end of March 2010.

I think the next exam on my list will be the Windows 7 exam 70-680. After that perhaps a bit of Vsphere.

VirtualCenter 2.5 Min Hardware Requirements

0
790 days
by in vmware

VC 2.5 requires at least:

2Ghz Cpu

2GB ram

560MB hard drive space

Network Card (pref 1Gb)

The OS needs to be Windows 2000 server with sp4 or Windows server 2003 with sp1 or Windows Server 2003 R2 edition.

Supported databases are:

Oracle 9i

Oracle 10g

SQL Express 2005 (ment for non production or low count farms)

SQL 2005 with sp1

SQL 2000 with sp4

Script to remove admin rights pt2

0
800 days
by in administrator, networking, Scripts

Its been a while since I had a play with this script but what I have discovered is the software that I used to find out who has admin rights seems to also detect power users as Administrators. Which I guess is actually a good thing, however I did not suspect to get quite as many hits as I did for power users.

 

I’ll link all my old posts on the subject below so you can compare notes but the script that I have created now needs to include:

 

net localgroup “power users” %username% /delete > “%userprofile%\pwrusr.txt”

 

and

 

Y:\BLAT\BLAT %userprofile%\pwrusr.TXT -to email@address.com -server <smtp server IP> -f mail@address.com

 

Of course if you don’t want to be notified when these scripts run then you wont need the blat portion of the script and if you really don’t care about knowing if the initial check script has run then I guess you could just push out a script in the order of:

 

@echo off

c:

cd “%userprofile%”

If exist delusr1.txt (exit) else goto :Script

:Script

rem for removing admin Privileges

net localgroup administrators %username% /delete > %userprofile%\delusr1.txt

net localgroup “power users” %username% /delete > %userprofile%\pwrusr.txt

exit

 

This would then run regardless and attempt to remove the locally logged in user from power users and administrators groups. This would need to be assigned to just standard users though as you do not want to assign the script to administrators in your directory (be it AD, ED or maybe OpenLDAP).

 

Again this script is just the way I have chosen to do it, I am no expert in script writing (I really do need to figure out Vbscript), so I’m sure there are better ways of doing this.

 

Admin Script pt1

Common ports for the 70-291 exam

0
811 days
by in 291

Hi all though I would do a quick post about common ports for the 291 exams, these ones would be very useful to memorize in case questions come up about them in the exam, (ip filtering etc I suppose may ask about them).

So here’s a small list of ports, I’m sure I will add to them as I read through my books, All ports are TCP unless otherwise specified.

FTP 20 and 21
HTTP 80
HTTPS 443
DNS UDP 53
SMTP 25
POP3 110
PPTP 1723
L2TP UDP 500 + 1701 + 4500

As you can see a lot of these ports you should already know from previous ms exams (client ones) so there’s not much else to memorize. But this may be a good starting point.

I would highly recommend creating your own list and printing them out and sticking them up in your office prior to taking the exam as it’s a great way of memorizing them (I used to do the same with min and recommended sys specs for the client and server exams).

TTFN

« Previous
Next »
Go to Top