Archive for the ‘Windows’ Category

Managing Windows Processes Through PowerShell

Wednesday, March 26th, 2014

You can use the get-process and stop-process commandlet lets to manage troublesone issues in Windows Server. In the following example, we’ll use the get-process commandlet to obtain some information about the Store.exe process, which is causing our server to run poorly:

get-process Store*

Which returns the following:

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
221 8 -871013 -1941127 -13 43.67 1234 Store

Here, you see the process ID and can kill the process using the stop-process command let:

stop-process -id 1234

You can then start the process back up if needed:

start-process Store.exe -verb open

Switching Tapes with Tandberg and Backup Exec

Saturday, February 15th, 2014

In this example article, we’ll use a standard Tandberg, running Backup Exec. The Library is called “Exabyte 001″ in Backup Exec in this example. To switch tapes:

1. Open Backup Exec
2. Go to Devices
3. Click on Exabyte 001
4. Right click on Exabyte 001 and select ‘Unlock’
5. Physically go to the Tandberg unit
6. There are two buttons on the right. Press the bottom right button.
7. Remove the autoloader on the right.
8. Remove the appropriate number of tapes from the autoloader and place the appropirate number of tapes into the library.
9. Slide the autoloader into the Tandberg Unit
10. The Tandberg Unit will inventory the tapes
11. Re-inventory the tapes in Backup Exec by right clicking on Exabyte 001 and selecting Inventory.

NOTE: If they are all new tapes, the goal is to ensure that they all report as Blank Media instead of Unknown media. The tapes are barcoded.

Should there be a server error (or stuck tape) in the Tandberg, follow these steps:
1. Stop all of the Backup Exec services.
2. Remove the two screws from the Tandberg tape library. Both screws are in the rear of the device, one at the bottom corner of each side (Not the screws that are screwed into the rack holes that are furthest outside).
3. Shutdown Tandberg by switching power switch to 0 on power supply at the rear of the device
4. Go to the front of the Tandberg and gently pull out the whole device about 5 inches.
5. Look at each side of the library. You’ll see a hole centered between the top and bottom of the side that’s stretched out from top to bottom.
6. Get a long tool (flat head scredriver, or small screwdriver) and stick it in the hole, starting from the bottom. Use your tool to pull up, catching the internal lever, that releases the magazine. Do this on each side of the Tandberg.
7. Remove both magazines.
8. Check to see if there are tapes missing in the magazine, if there are, inspect the inside of the Tandberg. If you see tape in the robotic arm, gently see if you can maneuver the arm to a comfortable position close to you. Then attempt to pull the tape out. Set this tape aside, and mark as “bad” with the current date. Use a sticky note.
9. Once the jam is clear, remove all tapes from both magazines. Place both empty magazines back into the Tandberg. Push Tandberg back in place.
10. Screw Tandberg back into rails at the rear of the rack.
11. Power on Tandberg
12. Check for errors. If there are no errors, then start Backup Exec services.
13. Run an inventory following Step 13 from Backup Tape Rotation above, and ensure that it inventories nothing OK.
14. If blank inventory is successful, run an eject following Steps 3 – 8 from Backup Tape Rotation above to eject magazine and place tapes back in – omitting the “bad” one.
15. Re-run the inventory from Backup Exec after the Tandberg runs its own auto-inventory.

Windows 8.1 Now Available

Friday, October 18th, 2013

Windows 8.1 is finally available. And better yet, it’s free if you already have Windows 8. There are a bunch of cool new features, including (drum roll) the return of the infamous Start button (which really just opens the Start screen)! To install, just open up the Store app and click on the first large tile on the left, which should say Windows 8.1. It’s easy to upgrade and if you’re using touch enabled devices (or not), it’s a great upgrade. If you’re not running Windows 8, the upgrade is only $119 (or $199 for Pro).

Other new stuff built into 8.1 includes:

  1. Enhanced multi-monitor support
  2. A customizable Start Screen
  3. A global search (integrated with Bing to make a Hero app that sorts the results nicely for you)
  4. The new Boot to Desktop option
  5. Automatic updating of your apps (similar to how that feature works in iOS 7)
  6. Live tiles
  7. New color/texture themes
  8. Desktop backgrounds on the Start screen
  9. Reading List (similar to the Reading List feature in Safari but extended across all Apps)
  10. A lock screen slide show that can display photos or let you take a Skype call.
  11. Calendar app
  12.  Alarm app
  13. Food & Drink app, which has lots of interesting content linked such as recipes and integration with Microsoft’s Health & Fitness tracker

There are also new options built into existing apps. Downloaded apps don’t pin to the Start screen any more, which should clean up the Start screen. Especially for the the apps you don’t use very often. Also, you can now just swipe up to get an all apps screen, which is a nice new gesture. You can also run two (or more actually) apps on the screen concurrently, with one app taking up a smaller amount of screen real estate on the side (a feature called Snap). Internet Explorer got unlimited tabs, which had never been an issue for me and as with iOS->OS X it can sync tabs across devices and create live tiles based on the content. In fact, you can app sync most apps between devices, so if you buy an app it can appear wherever you’ve opted into app syncing. Photo editing gets better. Tool tips get an upgrade as well.

The SkyDrive integration is only going to continue to increase. In Windows 8.1 SkyDrive uses placeholder files to point to data on your SkyDrive (an option that’s been available for Azure developers for a long time). You can then make any objects offline by mirroring the content to a Windows 8.1 device. This goes for Xbox as well, with that becoming more and more like iTunes on a Mac. You now have music, video, games, etc. Expect Amazon and Apple to be going hrmmm over the increased integration here!

Overall, if you’re a Windows 8 user, run the upgrade. If you’re not running Windows 8 and your hardware can support it, it’s getting closer and closer to that time to do the upgrade. And if you need any help along the way, please feel free to give us a call. We love to help you do more with cool new tech like this!

10 Windows 8 Keyboard Combinations

Tuesday, April 23rd, 2013

Some helpful tips (in the form of keyboard combinations) on getting wizardly fast with navigating around Windows 8:

  • Windows key: Brings up the Start menu. On a touch screen keyboard you can then swipe through the charms in the Start menu.
  • Windows-x: Brings up a menu with many of the systems administration tools you’ll need in Windows 8, including Disk Management, a command prompt, device manager, etc.
  • Windows-r: Brings up a Run dialog
  • Windows-c: Bring up the sidebar that allows you to search, access devices or tap/click on Settings to bring up a Shut-Down menu.
  • Windows-l: Lock the screen
  • Windows-k: Bring up Devices
  • Windows-h: Bring up Sharing
  • Windows-f: Bring up Files in the Start Menu search
  • Windows-i: Bring up Settings (Control panel, personalization, desktop, Power menu, network selection for Wi-Fi, etc)
  • Windows-Q: Brings up the apps screen so you can select a program to open
  • And for your extra credit, most of the alt keys still work, but I find I now use Alt-F4 more than I used to, which closes a window

Windows 7: What a difference time makes!

Wednesday, February 6th, 2013

While visiting our Santa Monica office I called on a client having difficulties connecting his Windows 7 computer to his file server. I expected this to be a pretty straight-forward issue since the environment was pretty simple:

  • Only his PC wouldn’t connect—everyone else was connecting without issue
  • Just a handful of users (about five)
  • All wired connections (no wireless)
  • A Windows Server 2003 file server
  • No domain—just a workgroup
  • A small simple router for DHCP and Internet

I went through basic troubleshooting steps and verified that the client could indeed browse devices on the network (including the server), had no unusual ping times or network settings and that his account password for the server was correct. Every attempt to connect prompted for his name and password but the server wouldn’t accept his credentials. He was repeatedly prompted for his credentials.

Likewise, a new server account that I created myself would work on other PCs but not his. I narrowed my focus to his machine and started asking questions:

Q: Was this a new machine?

A: Yes, pretty new.

Q: Had it ever connected to the server?

A: Yes, it had.

Q: Any recent unusual activity in the office?

A: Yes, the office had to be shut down for some recent power maintenance in the building a week ago. When he restarted the server it wouldn’t power up. Hardware technicians had diagnosed a few failed components. Only yesterday afternoon had the server been back online.

Q: Did he have the only Windows 7 PC in the office?

A: Yes.

The last question led me to believe he was having an issue with security negotiations between his PC and the server because the two OS versions were nearly 10 years apart and Windows 7 has considerably stricter security. Nothing in the PC’s local policy nor the server’s local policy for Microsoft Networking looked unusual. I tested a little registry change that seemed logical:

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

Create Dword LmCompatibilityLevel with a value of 1

Restart computer and try to connect again.

No change.

After more research I found another potential solution on Microsoft Answers but was skeptical it would solve my issue since the computers were in a workgroup and not a domain. Check the time.

Just as soon as I was ready to pursue that idea the office manager asked me to check the backups on the server because they were reporting dates from October 2010. That was a smack to the face!

A quick resync to the time.windows.com NTP server corrected the time and the Windows 7 user logged in immediately.

Create Empty Files Of Arbitrary File Sizes In Windows

Wednesday, November 21st, 2012
The fsutil command in Windows can be used to create empty files of arbitrary sizes. To create a file to a path, use fsutil along with the file option, followed by create new, then the path and then the size. For example, to create a 100MB file called myfile.txt at c:\testfiles:
fsutil file createnew “c:\testfiles myfile.txt” 100000000

TRIPPing On Lync

Saturday, November 10th, 2012

Microsoft Lync can require as much or as little bandwidth as you can give it, according to what you are using Lync for. At its most basic, Lync is a tool for instant messaging. At its most complicated, Lync can plug-in to Microsoft Outlook, schedule a video conference with 10 of your coworkers (without posting the fact that you had said video conference to your Google+ timeline btw), share your screen so you can step your parents through setting up Windows RDP to fix a problem on their computer and pass PBX style traffic to provide voice services; all the while still letting you instant message your wife that you’ll be late coming home because you are stuck on the video conference, a screen share and a phone call also being managed with Lync.

Because you can do so much with Lync, as you start to do some of the more bandwidth intensive tasks, you might notice performance issues. Especially if you have an office of people running Office 365 and Lync Online to communicate with customers and one another. There are two types of performance to be concerned with with regards to any video or VoIP-based teleconference solution. The first is latency and the second is speed. TRIPP stands for the Transport Reliability IP Probe. TRIPP can be used to test your connection and return with information about what kind of performance you can expect to have.

TRIPP is easy to use. Open a browser to http://trippdb3.online.lync.com and click on Start Test.

When prompted, provide a Session ID (if you don’t have one, simply enter 0 and hit the Return key).

The test then runs. The first step is to look at latency. Wait for the rest to complete.

When finished, you’ll see a summary page that outlines the kind of performance you can expect from Lync.

If you have latency issues then it’s often due to too many hops for various sessions. This can be difficult to troubleshoot as it’s often up to an ISP to resolve routing table issues or provide better services. Bandwidth problems can be addressed by reducing the number of services on your network or increasing your throughput. You can also associate a higher priority for this type of traffic. Consistency of Service often comes down to QoS.

So far, I’ve managed to run TRIPP on Windows, Linux and as you can see from these screens, OS X.

Installing Python On Windows

Tuesday, October 9th, 2012

Intro

Python, although a standard language for all Macs and most Unix / Linux distributions, doesn’t come preinstalled on windows machines. Thankfully, getting the python to play nice with Bill Gates is very straightforward and you’ll be done in less time it takes to run a Windows update.

Get Python 2.7.3

First step is to go to the main python website and get the correct python version for your needs. Although python 3.2 is out python 2.7.3 is the most compatible and version 3.2 isn’t 100% backwards compatible so unless you’re writing code from scratch that won’t need any external modules version 2.7.3 is the way to go.

Get the specific python installer for your hardware here: http://www.python.org/getit/

Installing Python

Installing is simple. Open the MSI package like so:

Install Python 2.7.3

Choose the install folder. Default is C:\Python27

Choose folder

Default customizations are fine
Default Customizations
Then watch some progress bars…
Progress Bars
All done!
Finished!

 

Updating Your Path (optional & recommended)

The only other thing you may need to do is update your path to include the python executable. This isn’t necessary since the installer associates all .py files with the python exe but if you ever want to test something or just run python from the shell this update is a handy one.

First, right click the My Computer icon and go to properties.

Properties

Then go to advanced.
Advanced Properties

And then Environment Variables

Environment Variables

Append ;C:\Python27 to the path section like so.

Append Path

All done!

Download Another Copy of Office 2010

Tuesday, July 3rd, 2012

Did your Office 2010 DVD go missing? Let’s see, you open the drawer it’s supposed to be in and an evil Gremlin jumps out at you, using broken pieces of the DVD as shanks flying this way and that, trying to cut your eyes out! Well, we tried to tell you not to feed the cute little guys… Or maybe it got scratched while being prodded by aliens who abducted it to try and steal Microsoft’s source code. Maybe it’s just stuck inside that huge Lego castle that you just can’t bring yourself to tear down to get at it…

Whatever the problem, fret not (once you seek medical attention for the fireball that crashed to Earth, burning just your disk or escape from the black hole that sucked your DVD into a vortex, miraculously leaving that New Kids on the Block CD in the place of your disk)! Microsoft has a solution for you. To download a fresh, new file that you can burn to a DVD, just go to this site and enter your serial number:

http://office.microsoft.com/en-us/products/microsoft-office-2010-backup-FX101853122.aspx

Within minutes (or hours if your bandwidth isn’t so great) you’ll be reunited with your old pal Clippy!

Creating a binding script to join Windows 7 clients to Active Directory

Tuesday, July 3rd, 2012

There are some different ways to join Windows 7 to a domain.  You can do it manually, use djoin.exe to do it offline, use powershell, or use netdom.exe.

  • Doing so manually can get cumbersome when you have a lot of different computers to do it on.
  • With Djoin.exe you will have to run it on a member computer already joined to the domain for EACH computer you want to join since it will create a computer object in AD for each computer before hand.
  • Powershell is OK to use, but you have to set the script to unrestricted before hand on EACH computer.
  • Netdom is the way to go since you prep once for the domain, then run the script with Administrator privledges on whatever computers you want to join on the domain.  Netdom doesn’t come on most versions of Windows 7 by default.  There are two versions of netdom.exe, one for x86 and one for x64.  You can obtain netdom.exe by installing Remote Server Administration Tools (RSAT) for Windows 7, and then copying netdom.exe to a share.

A quick way to deal with both x86 and x64 architectures in the same domain would be to make two scripts.  One for x86 and one for x64 and have the appropriate netdom.exe in two different spots \\server\share\x86\ and \\server\share\x64\.

You’ll need to either grab netdom.exe from a version of windows 7 that already has it, or you’ll need to install RSAT for either x64 or x86 Windows 7 from here: http://www.microsoft.com/en-us/download/details.aspx?id=7887, which ever you will be working with.  Install that on a staging computer.   The following steps are how to get netdom.exe from the RSAT installation.

  1. Download and install RSAT for either x64 or x86.
  2. Follow the help file that opens after install for enabling features.
  3. Enable the following feature: Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools > AD DS Snap-ins and Command-Line Tools

netdom.exe will now be under C:\windows\system32

Create a share readable by everybody on the domain, and drop netdom.exe there.

Create a script with the following (From: http://social.technet.microsoft.com/Forums/en/ITCG/thread/6039153c-d7f1-4011-b9cd-a1f111d099aa):

@echo off
SET netdomPath=c:\windows\system32
SET domain=domain.net
CALL BATCH.BAT %passwd%
CALL BATCH.BAT %adminUser%
SET sourcePath=\\fileshare\folder\

::If necessary, copy netdom to the local machine
IF EXIST c:\windows\system32\netdom.exe goto join
COPY %sourcePath%netdom.exe %netdomPath%
COPY %sourcePath%dsquery.exe %netdomPath%
COPY %sourcePath%dsrm.exe %netdomPath%

:Join
::Join PC to the domain
NETDOM JOIN %computerName% /d:%domain% /UD:%adminUser% /PD:%passwd%

SHUTDOWN -r -t 0

Change domain and sourcepath to their real places.  Remove dsquery.exe and dsrm.exe if not needed.  If you’re just joining a domain, and not running anything after, then you don’t need them.

Create another script called “BATCH.BAT” that will hold your credentials that have access to joining computers to the domain.  Put BATCH.BAT in both places that house your Join-To-Domain script (…/x86 and …/x64)

@echo off
SET passwd=thisismypassword
SET adminuser=thisismyadminusername

  1. Ensure you have the scripts in the same directory.
  2. Open up a command prompt with Administrator privledges and change directory to the location of your scripts.

Runnning the first script will:

  1. Run a check to see if netdom, dsquery, and dsrm are installed under system32, if they are, it will then join the domain, if not it will attempt to download them from your share.
  2. Once it ensures it has the files it needs, it will join the computer to the domain under the “Computers” OU with its current computer name using the credentials set by BATCH.BAT.
  3. It will reboot when done.

This will work on both Server 2003 and Server 2008.

Emailing A File To Box.net

Wednesday, April 18th, 2012

Box.net has a number of features that can be used for workflow automation. One such feature is the ability to have an email address that is tied to a folder. Most services support the ability for that email address to be used to inform users of updates to directories. However, a somewhat unique feature is that Box.net has the ability to assign an email address to the folder so that any time you send mail to the folder, that file is added to the folder. For example, I scan a contract and email it to a vendor, I can also bcc a box.net folder called contracts and the contract will appear in the folder.

To setup an email address for a folder, open Box.net and click on a folder that you’d like to get an email address assigned to. Then click on the disclosure triangle on the right side of the screen for Folder Options and click on Email Options.

At the Email Options tab of the Folder Properties overlay screen, check the box for Allow uploads to this folder via email. Here, you can also use the Only allow uploads from collaborators in this folder checkbox to restrict who is able to email files to the folder.

While emailing files to get them into a folder isn’t for everyone, it is a great new take on a dropbox type of folder. You can also then sync these folders with folders in Mac OS X and Windows. This type of functionality is also a great way to do student submissions of coursework, file-based workflows for iOS and various automated workflows based on emails.

Support for Windows XP and Office 2003 Ending

Monday, April 9th, 2012

Microsoft has announced an official end to support for Windows XP and Office 2003 on April 8, 2014. This means no security updates, fixes or even paid assistance for fleets of XP systems that still dominate enterprise environments. While there have been announcements that XP support is going away, Microsoft has continued to extend it until now. At this point, the products will be over 10 years old. The return on investment of the combination has been as good as any combination throughout the history of large scale IT deployments.

If you are still using Windows XP, 318 can work with you to migrate from Windows XP to Windows 7 or plan a migration to Windows 8 when it is available to the public. For assistance with such migrations, contact your 318 Professional Services Manager, or sales@318.com if you do not yet have one.

Microsoft’s System Center Configuration Manager 2012

Sunday, March 18th, 2012

Microsoft has released the Beta 2 version of System Center Configuration Manager (SCCM) aka System Center 2012. SCCM is a powerful tool that Microsoft has been developing for over a decade. It started as an automation tool and has grown into a full-blown management tool that allows you to manage, update, and distribute software, license, policies and a plethora of other amazing features to users, workstation, servers, and devices including mobile devices and tablets. The new version has been simplified infrastructure-wise, without losing functionality compared to previous versions.

SCCM provides end-users with a easy to use web portal that will allow them to choose what software they want easily, providing an instant response to install the application in a timely manner. For Mobile devices the management console has an exchange connector and will support any device that can use Exchange Active Sync protocol. It will allow you to push policies and settings to your devices (i.e. encryption configurations, security settings, etc…). Windows phone 7 features are also manageable through SCCM.

The Exchange component sits natively with the configuration manager and does not have to interface with Exchange directly to be utilized. You can also define minimal rights for people to just install and/or configure what they need and nothing more. The bandwidth usage can be throttled to govern its impact on the local network.

SCCM will also interface with Unix and Linux devices, allowing multiple platform and device management. At this point, many 3rd party tools such as the Casper Suite and Absolute Manage also plug into SCCM nicely. Overall this is a robust tool for the multi platform networks that have so commonly developed in today’s business needs everywhere.

Microsoft allows you to try the software at http://www.microsoft.com/en-us/server-cloud/system-center/default.aspx. For more information, contact your 318 Professional Services Manager or sales@318.com if you do not yet have one.

Preparing for a Business CrashPlan Deployment

Sunday, March 11th, 2012

Knowing the Software

It is important to remember that of the two aspects to the software, the CrashPlan client does all the heavy lifting. It scans the local file system, filters and applies other rules as set on the server, compresses and encrypts the data, and finally transfers it either to a destination across the network or to a local ‘folder’(attached drive, etc.) The second portion of the software is the server process that accepts data from each of the clients and tracks everything in a database.

Knowing Your Requirements

Scaling an environment that is backing up to near-unlimited, cloud-based storage is just a matter of having sufficient licenses and internet bandwidth to maintain uploads from multiple clients at once. CrashPlan Pro allows for businesses to store smaller sets of data with pricing per computer, as well. Organizationally, however, the Pro version is not meant for environments with over 200 users. It lacks other features, including integration with directory services and backup seeding/guest restoring/and reporting flexibility.

Embrace the Enterprise with PROe

In addition to getting those features which are missing from the ‘Pro’ level, CrashPlan PROe can work well in environments that are concerned about disaster recovery and would like to host secondary destinations. In these situations there are further considerations to take into account:

Data: Even with the compression applied to files, you’ll need to gauge a significantly larger amount of storage for data than will be backed up at the time of deployment, and have an understanding of how your retention policy will affect your storage needs as time goes on and/or clients are added. A great feature of the REST API available only to the PROe version is that usage can be dynamically gauged.

‘User’ Accounts: It is often the case that there is a subset of pre-approved users for inclusion, which can easily be imported into the CrashPlan PROe servers database, or linked from LDAP. For certain computers and situations, however, the software would more appropriately be allocated by the role the computer performs. Alerting and monitoring is one concern when changing how the account is tied to the computer, but more crucial to understand is when customers are allowed to restore their own files; backing up many computers under the same account can become a security liability (this can be administratively locked out.)

Master-Slave Configuration: For multiple locations, a slave server can be allocated within an organization to more flexibly allocate computers. Just like seeding a backup, an entire slave server can be seeded with the contents of any other server under a Master, and clients will pick up right where they left off.

These are just a few examples of the considerations to take into account when deciding if CrashPlan PROe is right for your environment. For more information, please contact your Professional Services Manager or sales@318.com if you do not yet have one.

Must have Windows utilities

Monday, March 5th, 2012

Most of the Mac Techies I know have a boot drive, or set of drives, capable of running a variety of tools. Many of those drives are geared towards repairing problems on file systems, fixing operating systems and installing software. But what many don’t have are boot volumes for Windows, or cross platform tools in a heterogenous environment.

I used to refer to these, in addition to my tools for the Mac to be my Bat-Belt. On the Mac platform, this usually included Disk Warriror, a clean operating system of each revision, a bootable DeployStudio imaging with installers for operating systems, Disk Rescue and a number of other tools. But what kind of other tools should we be looking at for other platforms? Let’s start with SpinRite.

SpinRite is a tool from Steve Gibson, that runs about $80. It’s probably the best disk repair tool I’ve used for the supported file systems and can go as low level as scanning disks at the platter. The sector tests and file system tests thought, are unparalleled for the platform. I’ve seen SpinRite take weeks to run but it always gets the job done (if it’s possible to do so)!

Next, I’d make sure to have a copy of the Ultimate Boot CD. This little bugger is easy to use, has a number of tools included that resolve issues with systems and allows techs to add, remove or alter files on supported file systems. You can resolve a number of malware problems that crop up, fix file systems (a little overlap with SpinRite is a good thing, here), diagnose operating system problems and it all runs from a self-contained optical disk.

Combatting Malware and Spyware is a big part of many of the jobs for a Windows tech. It often requires multiple tools in your Bat-Belt but the first tool in my arsenal is a program called Combofix.  It’s in active development and goes through an exhaustive set of checks and tests to find any malicious files.  Once started, it scans and auto deletes suspicious files and is usually able to fix all but most infected machines.  You can run this tool in safe mode if a machine is too badly infected to boot into windows normally.

The 80′s are “in” again and this is true with malware too as there’s been a resurgence of MBR viruses in the wild.  If you encounter a machine that combofix or other AV tools can’t repair then an MBR issue is a likely cause.  The next tool in the list is called TDSSKiller.  Made by Kapersky labs this free tool is a uni-task program that only repairs infected MBR’s.  It’s quick and can usually repair a bad MBR without needing to boot off another medium.

In the case that a machine is FUBAR’d you may need to boot off another drive and scan for issues.  The two tools I use are the Kaspersky Rescue Disk and the Microsoft Standalone System Sweeper.  Both are free and scan the entire system for MBR issues and infected executables.  These can take a long time to run so unless you’re doing something else it’s best to run these over night or start thinking about doing a system reinstall.

If we’re all doing our jobs and making recommendations we’re going to run into the situation where we need to clone systems from one drive to another.  There are a number of tools to do this both paid for and free that get the job done nicely.  In the paid for dept Acronis True Image Home is a great tool that does just what you’d expect, clone a drive from one to the other.  It automagically resizes the drive to fit the newer larger one too so no need to worry about repartitioning.  On the free side we have linux based Clonezilla.  It does all the same things as Acronis but with a clunkier interface (yay ncurses!).  The only caveat with clonezilla is that is sometimes doesn’t resize the drive to fit the new partition properly and that brings us to our next tool, GParted.  This is another linux boot cd that can resize partitions non destructively.  I use this in combination with clonezilla but it’s still definitely useful as a standalone tool.

It’s a rare day when I encounter a windows user who doesn’t want their machine to run faster.  Thankfully there’s a scientific reason why windows boxes tend to run slower over time and it’s called OS rot.  Unfortunately the best fix for this is also the one that takes the longest and that’s to reinstall windows & every program on the system.  If a client doesn’t want to do this then we can use the following tools to alleviate some of the issues.

Pcdecrapifier is a tool used to automate the uninstallation of unwanted programs.  It’s useful to run on brand new systems (full of preloaded garbage-ware) as well as older machines where you just want to easily get rid of some of the accumulated crapola.

Also in the cleanup category is CCleaner.  This tool can tidy up the registry, remove many different sets of cache files as well as remove a lot of misc. unwanted items on the system.  There are too many options to state so download it and check it out for yourself!

Finally we have our misc list of utilities that pretty much do one thing but do it very well.  Best of all, they’re free.  Most don’t need much of a discussion so I’ll rifle through them real quick in list form:

  • magicdisc mounts iso files easily
  • nt password hack allows you to reset a forgotten admin account
  • putty great ssh client and hyper terminal replacement
  • syncback syncs two folders with the greatest of ease
  • windirstat graphically shows hard drive usage by both file type and folder

This should get your toolkit started and in no time at all you’ll be inundated with accolades from satisfied customers.

Hiding Exchange Mailboxes from the Global Address List

Wednesday, February 29th, 2012

By default, users in Exchange 2010 appear in the Global Address List (aka GAL), or are available for lookup by users within the Exchange organization. You can suppress these so that you create a mailbox that is not seen by any old user. You might want to do this so that a sales, info or other generic externally facing mailboxes aren’t used by your internal users.

In order to hide a user from the Exchange Global Address List, open the Exchange Management Console and click on the Organization Configuration node. Click on Mailbox to bring up a list of mailboxes for the forest and then double-click on a mailbox you’d like to hide from the Global Address List. Next, click on the General tab and you will see a checkbox for Hide from Exchange address lists. Check that box and click on Apply to suppress the account from the Global Address List.

Apple Education Licensing for Microsoft’s Active Directory

Tuesday, October 25th, 2011

We have recently had a number of requests for licensing for Active Directory environments running Apple and Linux client computers. There seems to be a bit of a debate about whether or not you need one CAL (Client Access License) for each user or device in the environment, if the devices are Apple or Linux computers. The cause for the confusion seems to be Microsoft’s External licensing. External licensing only applies to computers that are not part of your network, but instead are outside of the network (e.g. coming in over a WAN). It can be frustrating because I’ve had multiple customers tell me that different resellers and even Microsoft sales reps will give them different answers, and that’s been going on for years. I’ve spent a good amount of time with the Microsoft licensing desks, our Partner reps and a number of others to figure out the correct answer.

Licensing CALs for onsite systems can be done in a couple different ways:

  • Per-Device: Each computer that is bound to Active Directory receives a CAL
  • Per-User: Each user that uses a computer that is bound to Active Directory receives a CAL

In an environment where there are many users per device, then per-device licensing is always going to be cheaper (unless of course there are more devices than users, which wouldn’t make sense in a many to one environment). In a one-to-one environment where users come and go (e.g. by transferring between schools), but the number of computers remains somewhat static, per-device licensing still works out better as it simplifies license allocation.

Per-User CALs for education environments typically run around $1 USD per CAL for students. Per-User CALs for educators that work in the environment and are bound in that same environment typically run around $8 USD per CAL. If the systems aren’t bound, then licensing is only based on users that access file and print services, or other services; however, this becomes a bit of a challenge to calculate unless you reactively look at triggers that can be generated. But because most environments now use Active Directory binding on client systems, the CALs end up becoming one-to-one about as quickly as the computers become one-to-one.

But you should most definitely not take this article as being the rules set in stone. There are a number of scenarios that can change the licensing situation (most of them have to do with not binding clients or running computers that are offsite and/or employee owned). Contact Microsoft’s licensing desk using the contact information here, or contact a reseller like 318 for more more information.

Will the future require CALs? In an increasingly iOS and Android world, there are a few issues to sort out in many environments (e.g. IIS vs. AD licensing). This has so far ended up being in a case-by-case basis. 318 is a Microsoft reseller and can help you through these complex licensing issues, if you need it. Please feel free to contact your 318 Professional Services Manager, or sales@318.com if you would like more information.

Deploying Font Servers

Friday, October 21st, 2011

Mac OS X has come with the ability to activate and deactivate Fonts on the fly since 10.5, when Font Book was introduced. Font Book allows a single user to manage their fonts easily. But many will find that managing fonts on a per-computer basis ends up not being enough. Which begs the question: who needs a font server? A very simplistic answer is any organization with more than 5 users working in a collaborative environment. This could be the creative print shops, editorial, motion graphics, advertising agencies and other creative environments. But corporate environments where font licensing and compliance is important are also great candidates.

Lack of font management is a cost center for many organizations. There is a loss of productivity every time a user has to manually add fonts when opening co-workers documents, or the cost of a job going out with the wrong version of a font. Some of the other benefits of fonts servers are separate font sets for different workgroups and isolating corrupt fonts to clean up large font libraries, along with quick searching and identification of fonts.

Font Management and Best Practices

Anyone who uses fonts for daily workflow needs font management. This could be a standalone product such as Suitcase Fusion or Font Agent Pro. But larger environments invariably need to collaborate and share fonts between users, meaning many environments need font servers. Two such products include Extensis Universal Type Server and Font Agent Pro Server. But before adding font management products, users should clean up and any fonts loaded or installed and added prior to moving to a managed font environment. Places to look for fonts when cleaning them up include the following:

  • ~/Library/Fonts
  • /Library/Fonts
  • /System/Library Fonts

Leaving any necessary system, Microsoft Web Core, and required Adobe fonts.

The best resource for this process can be found at Extensis Font Best Practices in OX v.7, which can be found at: http://www.extensis.com/en/downloads/document_download.jsp?docId=5600039

Types of Font Server Products Available

There are two major font server publishers: Extensis and Font Agent Pro. Both have workgroup and enterprise products. All server products from both products work on a client/server model. Both can sync entire font sets or serve fonts on-demand. The break down for the Extensis Universal Type Sever is at 10 clients. Below 10 clients Universal Type Server Lite is a 10 clients product, which lacks Enterprise features, such as the ability to use a SQL database or integrate in Open Directory or Active Directory. The full Universal Type Server Professional adds Directory integration, external database use, and font compliance features and is sold as 10-user license, with an additional per seat license.

Insider Software offers two levels of font servers. The first is FontAgent Pro Team Server designed for small workgroups and sold in a 5 or 10 client configuration. The next level of product is Font Agent Pro Enterprise server. This adds the same directory services integration as Universal Type Server Professional. This product also has Kerberos single sign on, server replication and fail over. It uses the same per-seat pricing structure as Universal Type Server Professional.

A third tool is also available in Monotype Font Explorer, at http://www.fontexplorerx.com, which we will look at later in this article.

Pre-Deployment Strategies and Projects

Before any font server deployment, there are a few things to take into consideration. First is number of clients. This will guide you to which product will be appropriate for installation. Also note if Directory integration and compliance is needed. Is failover or a robust database important. The most important part of any font server installation is the fonts. How may are there, where are they coming from, are separate workgroups needed? Are all your fonts legal? In my experience probably not. Is legal compliance required for you organization or your clients? What is the preferred font type, PostScript Type 1, Open Type? What version are the fonts? Most fonts have been “acquired” over time, with some Postscript fonts dating back to early to mid nineties. As a font server is just a database, the axiom “garbage in, garbage out” is true here as well. This should lead to a pre-deployment font library consolidation and clean up. This can be either be done by 318 or we can train the you to perform this task. If compliance is an issue this is where we would weed out unlicensed fonts. Which to my experience is about 90% of all fonts. A clean, organized font set is the most important part of pre-deployment.

A major part of any font server roll out should be compliance and licensing. This allows for the tracking and reporting of font licenses and to make sure that stays in licensing and compliance.

Extensis

Universal Type Server includes the ability to generate and export reports to help you determine if you are complying with your font licenses. The font compliance feature only allows you to track your licensing compliance and does not restrict access to noncompliant fonts. To help you understand how the font licensing compliance, let’s look at the following typical example of how to use licenses and the font compliance report in your environment.

Say you are starting up your own design shop and need a good group of licensed fonts for your designers to create projects that will bring you fame and fortune. You know that fonts are valuable, and you want to be sure that you have purchased enough licenses for your requirements. So, you purchase a 10­user license of a sizable font library. Using the Universal Type Client, these fonts are added to a Type Server workgroup as a set. A font license is then created and the Number of Seats field is set to 10. This license is then applied to all fonts in the set.

When you run the font compliance report, Universal Type Server compares the number of seats allowed to the total number of unique users who have access to the workgroup. If more users have access than licenses available, the fonts are listed as “non-­compliant.” You can now either remove users from the workgroup or purchase more font licenses to become compliant.

Universal Type Server is unique amongst other products in that it uses a checksum process to catalog fonts. Others just use file names and paths.

Universal Type Server can limit users to be able to only download fonts installed by administrators. For initial deployment, each user does not need to download all of the fonts, which helps in environments when you have a lot of fonts (e.g. more than 5 GB of fonts) that need to get distributed to several hundreds clients, so if each user had to download all of the fonts (e.g. each time they get imaged), they could loose a production system for some time.

Universal Type Server Deployment

Universal Type Server system requirements include the following:

Macintosh Server

•          Mac OS X v 10.5.7, 10.6 Mac OS X Server 10.5 or 10.6•          1.6 GHz or faster 32-bit (x86) or 64-bit (x64) processor (PowerPC is not supported)
•          1 GB available RAM
•          250 MB of hard disk space + space for fonts
•          Safari 3.0 or Firefox 3.0 or higher*
•          Adobe Flash Player 10 or higher*

Windows Server

•          Windows XP SP3 (32-bit only), Server 2003 SP2, Server 2008 SP2 (32 or 64-bit version**)
•          P4 or faster processor***
•          1 GB available RAM
•          250 MB of hard disk space + space for fonts
•          Internet Explorer 7 or Firefox 3.0 or higher*
•          Adobe Flash Player 10 or higher*
•          Adobe Reader 7 to read PDF documentation*
•          Microsoft .NET 3.5 or higher

Universal Type Server Installation Process:

1.         Verify server system requirements
2.         Run the installer on the target server machine
3.         Login to the Server Administration web interface
4.         Serialize the server
5.         Set the Bonjour Name
6.         Resolve any port conflicts
7.         Set any desired server configuration options, including backup schedule, log file configuration, secure connection options, and any other necessary server settings.
8.         After installing the server, configure workgroups, roles and add users.

The basic user and workgroup configuration steps include:

1.   Plan your configuration
2.   Create workgroups
3.   Create new users
4.   Add users to workgroups
5.   Assign workgroup roles to users
6.   Modify user settings as required

Optional Setup:

  1. Managing System Fonts with System Font Policy The System Font Policy feature allows Universal Type Server administrators to create a list of system fonts that are allowed in a user’s system font folder.
  2. Font Compliance Reporting
    The font compliance feature only allows you to track your licensing
    compliance and does not restrict access to noncompliant fonts.
  3. Directory Integration
    Directory integration allows network administrators to automatically
    synchronize users from an LDAP service
    (Active Directory on Windows or Open Directory on Mac OS X) with Universal Type Server workgroups.

* UTS Documentation:

http://tinyurl.com/4xgn9rr

Both Universal Type Server Professional and Font Agent Pro Enterprise can be configured for Open Directory, Active Directory, and LDAP integration. Both also can utilize Kerberos Single User sign on. Universal Type Sever Professional directory integration instructions can be found in the UTS 2 Users and Workgroups Administration Guide at http://tinyurl.com/4xgn9rr. Some users have reported issues connecting to Open Directory (which happens with all products, not just this one).

Universal Type Server runs in Flash for administrative functions, which many do not like.

Monotype Font Explorer

Monotype Font Explorer is a third tool that can be used to manage fonts. Available at http://www.fontexplorerx.com there are some things that some environments do not like about Universal Type Server or Font Agent Pro. Let’s face it, the reason there are multiple products and multiple workflows is that some work for some environments and others work for other environments/workflows better. For example, Font Agent Pro stores master fonts on one client machine, which is then synchronized to the server, and from there to the rest of the clients; not everyone wants a client system acting as a master to the server. Font Explorer keeps the master is on the server, groups and synchronization works well and the administration is in the same window as font management. And best of all, Font Explorer is also typically cheaper than its server-based competitors in the font management space.

Extensis publishes a guide as to which fonts to include in the system and which to handle in the font management software. According to Apple documentation, and fonts in my ~/Library/Fonts folder take precedence to fonts in /Library/Fonts, which again takes precedence to /System/Library/Fonts. That means that if I install Times in my ~/Library/Fonts folder, it will be used instead of the font with the same name in /Library/Fonts or in /System/Library/Fonts. So how is it that I should care which fonts is installed where, as the font management applocation should simple take precedence to the others? If it does not take precedence, then where in the chain is it actually activating fonts? Maybe fonts are handled in these solution in parallel with the system mechanism? Thats the only explanation I can find to that, but is then only valid for UTS, or is it also valid for the other solutions?

End User Training and Font Czar

No font server installation would be complete without end user training and the appointment of a Font Czar. User training can be a fairly easy endeavor if client systems are using the same publishers stand-alone font client. Other times it could entail discussing licensing and compliance concepts along with adding metadata to fonts. An onsite Font Czar (or more than one) is very important to font server installations. The Font Czar cleans up and ingests new fonts, adds new users to font server, and in general be the Font Admin. This is usually a senior designer or technical point of contact for the creative environment.

Conclusion

Font Book is adequate for most users that don’t need a server. Universal Type Server, Font Agent Pro and FontExplorer are all great products if you need a font server. They all are installed centrally and allow end users to administer fonts, based on the server configuration and group memberships. They all work with directory services (some better than others) and can be mass deployed. In big workgroups or enterprises, where only a few people are handling the administration of fonts for a lot of people, a centralized font management solution is a must. But in much smaller organizations, it requires care and feeding, which represents a soft cost that often rivals a cost to purchase the solution.

Finally, test all of the tools available. Each exists for a reason. Find the one that works with the workflow of your environment before purchasing and installing anything.

Note: Thanks to Søren Theilgaard of Humac for some of the FontExplorer text!

Making snort a Service in Server 2008

Tuesday, April 26th, 2011

Note: For more information about the information contained in this article, contact us for a professional consultation.

Installing Snort in Windows Server 2008 is a fairly straight forward maneuver. Simply install winpcap, then barnyard and then snort itself. You’ll also want to install the snort rules available on the snort downloads page.

Once snort is installed, it’s fairly simple to run it from the Windows Server 2008 command line. To do so, use the snort.exe that was distributed in the installer (by default it would be at c:\snort\bin\snort.exe). You can then run it in a simple form to check that the interfaces are available:

c:\snort\bin\snort.exe -W

And then use one of the listed interfaces, invoke it with a -i option followed by the interface. You can also specify a custom logging location using -l and a custom configuration file using -c. This would result in something similar to the following:

c:\snort\bin\snort.exe -i 1 -l c:\snort\log -c c:\snort\etc\snort.conf

There are a lot more options, but this article is about converting it into a service. Once you’ve found a configuration that works for you manually, you can then take that, throw a /SERVICE /INSTALL after the snort.exe but before the operators and viola you’ve converted snort into a service:

c:\snort\bin\snort.exe /SERVICE /INSTALL -i 1 -l c:\snort\log -c c:\snort\etc\snort.conf

Once snort has become a service, many will want to have it start automatically. This is possible using the sc command to configure the snortsvc to start automatically:

sc config snortsvc start= auto

And then, start her up:

sc start snortsvc

Intrusion Detection (IDS) and Prevention (IPS) solutions can be invaluable to an organization. If you would like to discuss running snort or any other IDS or IPS, please feel free to contact your 318 Professional Services Manager, or sales@318.com if you do not yet have one!

Thinking Outside the Box: CrashPlan Pro

Monday, November 8th, 2010

There are a lot of organizations who are rethinking some basic concepts in Information Technology. One of these concepts is that you need to own, duplicate and even replicate user data between each of your sites so that you can have roaming profiles in Windows and mobile home directories in Mac OS X. For organizations with a large number of labs and users who roam between them, these challenges, which have dominated the infrastructure side of IT have been cumbersome for the past 15 to 20 years. But let’s rethink the “why.”

If you have labs, common in K12 and Higher Education but not so common in the corporate world, you need network home folders on the Mac OS X side, or its sister, portable home directories. On the Windows side, you need folder redirection. But a growing number of education environments are practicing the art of the one-to-one deployment, which strongly resembles what can be seen in the corporate world.

Between the big iron, massive SANs attached to the core switches licensing for DFS heads and the like, it can all get cost prohibitive. But we still do it because we think we need our data replicated. And some of us do. But one thing that we often say is that this data is not a backup. So if it isn’t a backup then how do we back these systems up. And if we do need to back these systems up then why are we also performing a layer of redundant synchronization? Does all of this result in 3 or 4 copies of the data, all in a from that cannot be reduplicated?

The end of the Xserve is nigh, and now for something completely different?

Awhile back, someone told me that you could back an unlimited amount of data up to the cloud for a price that was so cheap that I was stunned. There were a couple of products that I reviewed: CrashPlan and Backblaze. Both are pretty darn awesome. But the bandwidth to back 3,000 users up to someone else’s cloud can become pretty darn cost prohibitive. Enter CrashPlan Pro: you can host that cloud in your own location, or in multiple locations if you have the need to do so, and all on relatively inexpensive hardware, either leveraging the hardware that you already own or even the CrashPlan Pro appliances, rack mountable goodness that scales to store up to 72TB of data per unit, to store data that gets deduplicated before it gets copied to the device over the wire, providing substantial storage savings, not to mention reduced congestion on your wire (or wireless).

And to top it all off, CrashPlan Pro offers extensibility in the form of a REST-based API that allows building that which you may need but which the developers have not yet though (or more likely had time) to build. The API actually makes CrashPlan Pro a possible destination for Final Cut, amongst other things.

Oh, and did we mention the client can run on Mac OS X, Windows, Linux and Solaris?!?!

318 partners with a number of vendors to help you rethink your IT conundrum, leveraging the best advances of today and tomorrow. We are pleased to add CrashPlan as our latest, in a long list of valued partners. Contact your 318 Professional Services Manager, or sales@318.com now for more information.

Configuring PHP in IIS on Windows Server 2003

Thursday, August 19th, 2010

By default, a site configured in IIS 6 will not support PHP. An extension mapping must be created so that IIS will know how to handle php scripts.

This assumes that PHP has been installed on the server in question.

1. Right-click on the site in question and choose Properties.
2. In the Properties box, click on Home Directory, and then Configuration
3. Under Application Extensions, click Add.
4. Either enter or browse to the PHP executable, php5isapi.dll.
5. Under extension, enter “.php”

You have the option to limit the HTML methods that PHP scripts will have access to. The limitations you impose depend on the security requirements of the client, but GET, HEAD, and POST should be enough for most PHP applications. Verbs should be separated by a comma, for example: GET,HEAD,POST

6. Save your changes, and restart IIS.

Changing The Password Policy on Windows Server 2008 Domain Controllers

Wednesday, June 2nd, 2010

There seems to be a bug (maybe feature?) in Windows Server 2008 where you cannot change the default password policies on at least the first Domain Controller in a new Domain via Group Policy Management and editing the Default Domain Controller security policy.

You must make the changes in the Local Policies section of Active Directory on the Windows Server 2008 Domain Controller.
1. Start > All Programs > Administrative Tools > Local Security Policy
2. Security Settings > Password Policy

NOTE: You will see that the Password Policy for the domain controller is populated, unlike in GPMC.MSC where everything is “Not Configured” but has a confusing note about default settings being other than “Not Configured”.

http://www.petri.co.il/three-steps-initial-configuration-windows-2008-server-installation.htm

To further confuse the issue, it seems that in Windows Server 2008 R2, using the Local Security Policy to change the Password policy on the DC will NOT work. It will be grayed out. The Domain Controller policy then seems to default to the Default Domain Security Policy (not Default Domain CONTROLLER Security Policy). After changing the password policies under GMPC.MSC for the Default Domain Policy I was able to successfully get the needed password configuration settings for the Domain Controller. It seems that the Default Domain Controller Security Policy password settings are either no longer separate from the Default Domain Security Policy, or now the Default Domain Security Policy overrides the Default Domain Controller Policy. This happened on a fully patched Windows Server 2008 R2 x64 OS.

CS5 Shipping

Friday, April 30th, 2010

Adobe CS5 is now shipping. To download a demo check out https://www.adobe.com/cfusion/tdrc/index.cfm?product=design_premium. Some new features include perspective drawing, width tool, shape builder, live view, browser lab, multiple page sizes, spanning, splitting and a new gap tool. Lots of new goodness here!

Whether you are installing it for 2 computers or 2,000, 318 can help with all aspects of your upgrade. Contact your account manager today, or sales@318.com for more information.

Bad McAfee Update

Thursday, April 22nd, 2010

Please be aware that there is a bad McAfee Antivirus update that will wrongly quarantine the SVCHOST files on Windows XP.  McAfee is aware of the issue and has pulled the bad update file.  Below is a fix in case you run into a case where the machine has already applied the update:

http://vil.nai.com/vil/5958_false.htm

Evaluating Backup Exec Jobs

Tuesday, April 13th, 2010

[ ] Assess the Job Setup tab and review its listing to determine which jobs are currently configured on the system.
[ ] Review the selection list to ensure that all relevant data and file shares are being backed up and copied
[ ] Assess the Job Monitor tab to confirm that the jobs that are setup and configured are actually running as scheduled.
[ ] Review the job logs (Job History) to ensure that all data is being backed up or if there are minor errors, note what caused those errors to correct later.
[ ] Ensure that there that the job did not fail due to lack of space (or other chronic issues), because if it is then most likely the client needs larger storage or we must set media and jobs to allow for overwrite of data.

Backup Agents are needed for special data such as SQL and Exchange databases, or files located on remote computers. Many open files will not back up unless the Open File Agent is preset, installed and licensed on the data source.

Media Sets (Under the Media tab) are collections of backup media that share common properties. In Backup Exec, media sets can be adjusted under their properties to allow for overwrite and appends infinitely or after a certain period of time. This allows you to manage how media is managed when space begins to come into play. Verify these settings to ensure proper retention.

[ ] Review the Alerts tab and check under Active Alerts sub-tab and ensure that no jobs have been waiting on media or needed human interaction or response.
[ ] Review the Alert History sub-tab and verify that no jobs in the past were waiting for interaction or response.
[ ] Check backup notifications under each job and under the default preferences (Tools >> Recipients… & Tools >> Email and Pager Notification…), to ensure that the proper individuals are being notified about backups and alert items.
[ ] Review the Devices tab and verify that there are no devices/destination that are Offline.
[ ] Ensure that any devices that are currently listed as a backup destination (unless it is the member of a device pool) is online. If the device is a member of a device pool and that the backup job is referencing that pool then the jobs will continue once at least one of the pool’s devices is online).

Typically backup jobs will have destinations as being either tape, local or network storage. Most likely an external backup devices will fall under the tree as a Backup-to-Disk Folder. If the drive/device is not connected it may show up as Offline. If you are sure that the device is connected, right-click on the entry and ensure that devices is both confirmed as Online and also Enabled.

To learn more about Backup Exec – here are some additional links:
Symantec Backup Exec website

http://www.symantec.com/business/products/family.jsp?familyid=backupexec

Datasheets on usage of Backup Exec 2010 (Applications,Features, Agents)

http://www.symantec.com/business/products/datasheets.jsp?pcid=pcat_business_cont&pvid=57_1

Wikipedia on the architecture and history of Backup Exec

http://en.wikipedia.org/wiki/Backup_Exec

Adding a User and Folder to FTP Running Active Directory in Isolation Mode

Thursday, January 21st, 2010

Note: For the purpose of these directions the username is MyUser

First, create a user in Active Directory (assuming, also, that there is an FTP users container in AD)

Next, create a home directory in the FTP share (for MyUser it might be D:\Company Data\FTP\MyUser *naming the home folder the same as the user name*)

Go to the command line use these commands to map the directories to the accounts:

iisftp /SetADProp MyUser FTPRoot “D:\company data\ftp”

*note the use of parenthesis outside the path to specify this directory since there is a space between company and data*

iisftp /SetADProp MyUser FTPDir LaBioMed

You can verify this by using the command line ftp localhost and logging in with the new user credentials

You can also create and delete a file to make sure it correctly edits the folder.

Note: If the password changes for the domain administrator account you must change it in IIS for this.

Changing Administrator Passwords in Windows

Tuesday, December 29th, 2009

When changing Administrator passwords, administrators will often times not be aware of the impact that changing the password will have on the server/network.

When changing the Administrator password on a Windows Server, please be aware of the following.
1. This will effect the login on ALL servers in a Domain.
2. The Administrator account may be used on services. Please check the services to note which are tied to the Administrator account, and change the password tied to the service accordingly:
a. Open up the Services console
b. Find the “Logon As” column, and click on it to begin a sort by Logon name.
c. Find all the services that use Domain\Administrator for their Logon credential and change the password accordingly.
3. Check the backup programs and change the Administrator password within here. Each backup program has a different way of doing this. Here’s a very general how to of what to look for:
a. If you open Backup Exec, you can change the password for all the services at the credential window that pops up.
b. In Backup Exec, click on the property of each job and see if the jobs are using the Administrator account to access servers. If they are, change the password for it on EACH job.
c. If the client is using NTBackup, change the credentials for the Schedule that’s tied to the job in NTBackup if it’s using the Administrator account.
d. If you’re using Retrospect, check to see if it’s using the Administrator account for anything, if it is, change the password accordingly.
4. Check to see if any database application services are tied to the Administrator account. if they are, change the password credentials accordingly and test.
5. Ask the client if they wish to change network passwords as well. Often times the administrator password on network equipment is the same as the Administrator password for the domain.

Upgrading and troubleshooting a “the database is a different version” error with QuickBooks

Wednesday, December 16th, 2009
  1. Check the versions of quickbooks by hitting F2 (fn + F2 on mac) during the opening of quickbooks. You must do this on every workstation and that quickbooks is installed. On the top it should say something like Release R10p. All versions must be the same to work with each other.
  2. Go to quickbooks.com/support click on product updates, select the version of quickbooks and download the latest updated version of quick books for every workstation and server.
  3. Next you must open the quickbooks on the share where the quickbook files exist. From this you must open every quickbook file and update it to the latest version. You will be prompted to back up the files first so make sure you do.
  4. After all the files are updated and the users are updated you will be able to access the files again.

Mail Archival

Saturday, November 7th, 2009

There are a number of messaging solutions that allow for automated message archiving. Message archiving can save space, while freeing up valuable resources and can also help to maintain Sarbanes-Oxley compliance (as well as achieve a number of other objectives). But not all messaging solutions allow for automated archival. Enter Mail Archiva into the picture.

Mail Archiva is an open source project aimed at bringing messaging archival to Microsoft Exchange, Zimbra, Mac OS X Server, Postfix, SendMail, IpSwitch, Axigen and a number of other messaging servers.

If you are in need of mail archival then feel free to reach out to us for more information on Mail Archiva today!

NetBook Upgrades for Windows 7

Monday, October 26th, 2009

Chances are that if you have a NetBook you don’t have a DVD drive. And chances are if that NetBook is running a previous version of Windows that you’re probably thinking about upgrading it to Windows 7. If you are using a NetBook with Vista then you might want to check out the new Windows 7 USB/DVD Download Tool. With the Download Tool you would use a 4GB USB drive to cache the installer files and install Windows 7. Therefore you wouldn’t need an optical drive! But you will need the .NET Framework 2.0 or later and to configure the BIOS to boot off the jump drive.

Happy upgrades and if you need any help, as always, feel free to call 318.