Tagged: networking

ESX ports

Well as most exams like you to memorise numbers I thought I’d put together this list of ports that are used within ESX, all of the ports here can be found in the firewall config in the Security Profile Configuration page on the host/virtual center.

Incoming connections

CIM Secure Server 5989 TCP

Outgoing

Licence Server 27000 27010 TCP

CIM SLP 427 UDP TCP Incoming and outgoing

AAM 2050-2250,8042-8045 Incoming and outgoing

Virtual Center Agent 902 UDP

Iscsi Client 3260 TCP

NTP Client 123 UDP

SSH 22 TCP Incoming and outgoing

VCB 443,902 TCP

Alot of these ports I’m sure you’ve all seen before its just really the vmware specific ports that you need to concerntrate on as I’m sure like most other exams I’ve taken they will want to test you on them.

Applications requiring admin rights

As you know I have been tightening up security at work by finding out who has admin rights and removing it. I must say that i am quite shocked at the amount of apps that assume users have local admin rights.

Even things like scanner drivers are affected especially when they are called from other large corporate applications (think of a company who makes pdf reading software and also photo editing software). So the next couple of days will be spent running round figuring out which reg keys and folders users need higher access too. All fun stuff.

I am also working on a post about speed screen and am again thinking about making a few video tutorials.

Remove Admin Rights Scripts

We have been tightening up security at our place recently which has prompted me to do a couple of simple scripts to find out who has local admin rights and another one to take them away. I again have used a couple of tools to get the job done one is isadmin.exe by Bill Stewart which just checks that locally logged on users group access to see if they are members of the administrators group. The other is blat which is a utility for sending smtp emails by command line. I then pipe the output to a text file and get the contents emailed to me and then just use filters to filter the email into either a box for admin users or a box for non admin users.

That script is:

:script for discovering admin privledges

If exist c:\%nwusername%.txt (exit) else goto :check

:check

echo off

(drive letter):\admin\isadmin.exe > c:\%nwusername%.txt

{drive letter):\BLAT\BLAT C:\%nwusername%.txt -TO (emailadress.co.uk) -SERVER (email server) -F (emailaddress.co.uk)

The bits in () you will obviously need to personalise for your environment.

Once that has reported the results to me any users who have admin permissions then also get added to a script that removes them from the Administrators Group. Again its faily simplistic:

If exist c:\delusr.txt(exit) else goto :script for removing admin Privledges

:Script for removing admin Privledges

echo off

net localgroup administrators %username% /delete > c:\delusr.txt

echo %username% has been deleted from %nwusername% admin account >> c:\delusr.txt

(drive letter):\BLAT\BLAT C:\delusr.TXT -TO (emailaddress.co.uk) -SERVER (email server) -F (emailaddress.co.uk)

So hopefully that will complete the removal or admin rights, I shall wait a week or two then change the text file the first script looks for so that it runs again and hopefully will get no reports of people still with admin rights.

Now of course admin rights are generally given to users because of funky old applications that cant handle tightened permissions so I expect that may be a bit of running around trying to find ways of fixing broken apps.

One thing I must say again is how brilliant notepad++ is for creating and editing any kind of script file. If you need to write scripts I would recommend at least trying it out.