Saturday, February 20, 2010
Moving servers
It's been a while since I posted. We just got done moving a bunch of servers today to make room for some new SAN hardware. We were using a small metal frame cart to move the servers around. For each move we put the servers on the cart and since they were HP servers we were configuring iLO. Well there were a couple of the servers that had some very erratic behavior. First I couldn't get into iLO then I couldn't get the video to work. As it turns out the servers were grounding to the cart which was interfering with the hardware. As soon as we took the servers off the cart they worked fine (thankfully). Lesson learned, don't sit them on a metal surface like a cart/hand-truck.
Tuesday, December 29, 2009
Getting ready to start new Job and a Hero hack?
Well I'm getting out of higher ed. I've accepted a job at another company in town. I'll keep posting when I can (not that I posted much to begin with).
Found this on the sprint forums. Apparently it will allow you to turn off the sense UI on the hero without rooting it. According to the post it provides a major speed boost. I have not confirmed this, but I may try it when I get a chance. I'm not sure if I would like it without sense UI or not. The sense UI is pretty nice though so I don't know if it would be worth running the default home app.
Original post.
http://community.sprint.com/baw/message/141611#141611
"under Settings, Applications, Manage Applications, HTC Sense, press "Clear Defaults". Then press the home button, tap "use as default", then tap "Home". Then I shut down the Hero and restarted it, just to clear out HTC Sense from memory."
UPDATE:
Well I tried the no sense hack and I'm happy to report that it works! Major props to Daveydave from the sprint forum who found this. Currently when I press the home button the hero will ask me which UI I want to use. Pretty cool. The phone does also feel more responsive. Now on to testing functionality. :)
Found this on the sprint forums. Apparently it will allow you to turn off the sense UI on the hero without rooting it. According to the post it provides a major speed boost. I have not confirmed this, but I may try it when I get a chance. I'm not sure if I would like it without sense UI or not. The sense UI is pretty nice though so I don't know if it would be worth running the default home app.
Original post.
http://community.sprint.com/baw/message/141611#141611
"under Settings, Applications, Manage Applications, HTC Sense, press "Clear Defaults". Then press the home button, tap "use as default", then tap "Home". Then I shut down the Hero and restarted it, just to clear out HTC Sense from memory."
UPDATE:
Well I tried the no sense hack and I'm happy to report that it works! Major props to Daveydave from the sprint forum who found this. Currently when I press the home button the hero will ask me which UI I want to use. Pretty cool. The phone does also feel more responsive. Now on to testing functionality. :)
Monday, December 14, 2009
Free Antivirus - Why pay?
It seems since AVG really started gaining popularity as a realistic AV scanner for everyday use, free AV scanners have been popping up all over the place. I've compiled a list of a few that I know about.
Avast
Avira
Panda Cloud
MS Security Essentials
AVG
I tried Panda Cloud and it works pretty well, however I think I would like to wait for a few more versions before I start trusting it a lot. Personally right now I've been using MS Security Essentials. It uses the same scanning engine that Forefront uses, which I've been pretty happy with. Plus it has relatively low resource utilization, so it doesn't bog down your computer.
All of these are good alternatives for the standard Mcafee or Symantec. However I wouldn't expect a free version from either of those two companies anytime soon. They have a reputation for being the two leading AV vendors out there and I don't think that reputation is in any danger yet.
Avast
Avira
Panda Cloud
MS Security Essentials
AVG
I tried Panda Cloud and it works pretty well, however I think I would like to wait for a few more versions before I start trusting it a lot. Personally right now I've been using MS Security Essentials. It uses the same scanning engine that Forefront uses, which I've been pretty happy with. Plus it has relatively low resource utilization, so it doesn't bog down your computer.
All of these are good alternatives for the standard Mcafee or Symantec. However I wouldn't expect a free version from either of those two companies anytime soon. They have a reputation for being the two leading AV vendors out there and I don't think that reputation is in any danger yet.
Friday, December 11, 2009
VMWare VMFS Block Sizes
Was just getting ready to add some more storage and thought I'd share this little table I found. As many of you know the block size you use when creating the VMFS will determine how big of files you can put in that storage area. This site has a nice little reference table.
• 1MB block size – 256GB maximum file size
• 2MB block size – 512GB maximum file size
• 4MB block size – 1024GB maximum file size
• 8MB block size – 2048GB maximum file size
VMware seems to have a 2TB limit for VMFS which also applies to raw device mappings (outlined here). So unless you want to use extents (god help you) you're stuck with 2TB virtual disks.
• 1MB block size – 256GB maximum file size
• 2MB block size – 512GB maximum file size
• 4MB block size – 1024GB maximum file size
• 8MB block size – 2048GB maximum file size
VMware seems to have a 2TB limit for VMFS which also applies to raw device mappings (outlined here). So unless you want to use extents (god help you) you're stuck with 2TB virtual disks.
Monday, December 7, 2009
Getting bounced meeting requests from a user that doesn't exist
I've had a user telling me that when people send them meeting invites the sender is getting a bounced email saying that some other user can't be reached due to an account not existing. Which it's true the bounce back is for an account that was deleted, but why is there even a bounce back? I've pasted the error below.
Essentially what happened was there was an old user account that the existing user had given delegation rights too in outlook. I removed the delegation rights and it cleared things up.
This issue was especially annoying since there wasn't any real indication of where the issue was really happening. GRRRR! Stupid outlook delegation rights.
Essentially what happened was there was an old user account that the existing user had given delegation rights too in outlook. I removed the delegation rights and it cleared things up.
This issue was especially annoying since there wasn't any real indication of where the issue was really happening. GRRRR! Stupid outlook delegation rights.
Delivery has failed to these recipients or distribution lists:
olduser
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
_____
Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:
Generating server: myexchange.domain.com
IMCEAEX-_O=domain_OU=First+20Administrative+20Group_cn=Recipients_cn=olduser@domain.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
Original message headers:
Received: from myexchange.domain.com ([fe80::654b:8eec:aefd:e342]) by
myexchange.domain.com ([fe80::654b:8eec:aefd:e342%10]) with mapi; Mon, 7
Dec 2009 16:37:34 -0600
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: "Mike" <me@domain.com>
To: user
<IMCEAEX-_O=MTMERCY_OU=First+20Administrative+20Group_cn=Recipients_cn=user@domain.com>
Date: Mon, 7 Dec 2009 16:37:33 -0600
Subject: mike test
Thread-Topic: mike test
Thread-Index: Acp3jd2W5cfdWn9lSn2aE1mg7XxUBwAAAADA
Message-ID: <6F5CE648AAD42E45B48F637C40ACA81343D14A8B7A@myexchange.domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <6F5CE648AAD42E45B48F637C40ACA81343D14A8B7A@myexchange.domain.com>
acceptlanguage: en-US
MIME-Version: 1.0
myexchange.domain.com ([fe80::654b:8eec:aefd:e342%10]) with mapi; Mon, 7
Dec 2009 16:37:34 -0600
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: "Mike" <me@domain.com>
To: user
<IMCEAEX-_O=MTMERCY_OU=First+20Administrative+20Group_cn=Recipients_cn=user@domain.com>
Date: Mon, 7 Dec 2009 16:37:33 -0600
Subject: mike test
Thread-Topic: mike test
Thread-Index: Acp3jd2W5cfdWn9lSn2aE1mg7XxUBwAAAADA
Message-ID: <6F5CE648AAD42E45B48F637C40ACA81343D14A8B7A@myexchange.domain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <6F5CE648AAD42E45B48F637C40ACA81343D14A8B7A@myexchange.domain.com>
acceptlanguage: en-US
MIME-Version: 1.0
Friday, December 4, 2009
Allow local admin rights but still run apps as a standard user
Got this link from a post on the Educause security mailing list.
http://dougzuck.com/decrease-malware-infections-using-software-restriction-policies
Apparently it's a reghack that enables policy settings so that a user can login with local admin rights but still launch apps as a restricted user. I'm not sure what I think about this. This sounds like an intriguing idea, however I'm not sure how effective it would be at stopping malware in practice. It may slow down malware from the web a bit but I'm not sure about other attack vectors.
http://dougzuck.com/decrease-malware-infections-using-software-restriction-policies
Apparently it's a reghack that enables policy settings so that a user can login with local admin rights but still launch apps as a restricted user. I'm not sure what I think about this. This sounds like an intriguing idea, however I'm not sure how effective it would be at stopping malware in practice. It may slow down malware from the web a bit but I'm not sure about other attack vectors.
Thursday, December 3, 2009
Moving Exchange mailboxes based on security group using powershell
Due to annoyances with our remote access system our users accessed OWA differently depending if they are
faculty or staff (identified by active directory security group). So I needed a way to migrate only the staff to the new exchange 2007 server. Well all the staff are members of the sonicwall - staff group. Rather than move each mailbox one at a time to the new server and then redo the group memberships I created a powershell script to do it for me. Here is what it does.
The script uses the Quest AD powershell addon, so that will have to be install before running.
Here is the script:
UPDATE:
There are some problems with this script. While it does work, it doesn't work well. The big problem is memory usage, which I suspect can be fixed. The script also has problems with people who have changed their names, should be easy to fix, or at least work around. Lastly, due to the way I wrote the script it will not move more than one mailbox at a time, which is more of an annoyance than a real problem. I'm open to any ideas on how to improve this script.
faculty or staff (identified by active directory security group). So I needed a way to migrate only the staff to the new exchange 2007 server. Well all the staff are members of the sonicwall - staff group. Rather than move each mailbox one at a time to the new server and then redo the group memberships I created a powershell script to do it for me. Here is what it does.
- uses Get-QADUser to find all users in an OU
- checks each user found to see if it's a member of the Sonicwall - Staff group
- if yes
- then move the mailbox
- remove user from sonicwall - staff group
- add to sonicwall - exchangehub group
The script uses the Quest AD powershell addon, so that will have to be install before running.
Here is the script:
# Instruction to add Snap-ins
set-Location c:\
#add-PSSnapin quest.activeroles.admanagement
#Add-PSSnapin -name Microsoft.Exchange.Management.PowerShell.Admin
$colResults = Get-QADUser -SearchRoot mtmercy.edu/IT/testing
foreach ($i in $colResults)
{
#Check if user is in staff group
if ((Get-QADUser -identity $i).memberof -eq "CN=Sonicwall - Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu")
{
Write-Host "found staff"
Write-Host "Moving" $i
Move-Mailbox -Identity $i.samAccountName -TargetDatabase "exchangehub\First Storage Group\Mailbox Database" -SourceMailboxCleanupOptions DeleteSourceMailbox -confirm:$false
add-QADGroupMember -identity "CN=Sonicwall - Exchangehub,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -member $i.dn
Remove-QADGroupMember -Identity "CN=Sonicwall - Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -Member $i.dn
Remove-QADGroupMember -Identity "CN=Sonicwall - Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -Member $i.dn
}
#Check if user is in faculty group
if ((Get-QADUser $i).memberof -eq "CN=Sonicwall - Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu")
{
Write-Host "found faculty"
# add-QADGroupMember -identity "CN=Sonicwall - Exchangehub,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -member $i.dn
# Remove-QADGroupMember -Identity "CN=Sonicwall - Staff,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -Member $i.dn
# Remove-QADGroupMember -Identity "CN=Sonicwall - Faculty,OU=Sonicwall,OU=Security Groups,DC=mtmercy,DC=edu" -Member $i.dn
}
}
UPDATE:
There are some problems with this script. While it does work, it doesn't work well. The big problem is memory usage, which I suspect can be fixed. The script also has problems with people who have changed their names, should be easy to fix, or at least work around. Lastly, due to the way I wrote the script it will not move more than one mailbox at a time, which is more of an annoyance than a real problem. I'm open to any ideas on how to improve this script.
Subscribe to:
Posts (Atom)
Posts
