Wednesday, October 27, 2010

Halloween Fun

Ok…toying around yesterday looking at all things Halloween I found a really cool app.  It’s a digital face that you can control and by using a little slight of hand, make it look like a talking mirror. You can use a microphone to “throw” your voice and really entertain the kids this year.  The Mirror app can be found here.  Have fun and Happy Halloween!!!

 

image

Wednesday, October 13, 2010

Soluto–Tracking login times

One of the common complaints we get about our customized computer image is the long boot up time.  In an effort to better understand what’s going on, I did some research and found an app called Soluto which does a great job of breaking down the boot time into a graphical representation of the process.  It’s very cool, easy to set up and free.  Running Soluto on our standard Windows 7 image yielded this analysis:

clip_image002

Ok…It’s a little hard to see here but trust me this thing is packed with information about the boot process.  It identifies many (in is in Beta after all) items and provides great detail into how much memory they take, how long they took to run, what exe and dll files were called and much more.  For the applications it knows about you also have the choice to pause or delay the loading of the item so that you can tune your boot process.  This tool is very helpful for us as we are working on a new standard image.  Definitely a tool to keep handy in your IT Toolbox.

Enjoy.

Thursday, September 16, 2010

Regshot – Registry Compare Tool

Been working hard on Windows 7 this week. Specifically group policy stuff.  In the process I’ve been needing to get in and out of the registry comparing keys to see if changes are taking place. I usually use a tool called Prism Deploy (pictaker) to run a check on the registry to look for changes but for simple changes it’s a bit much. Don’t get me wrong, I’m a huge Prism fan.  I’ve been using it for years and it’s our main software deployment tool.  However, for this work it’s a bit overwhelming.  I found a cool little tool called regshot at Sourceforge that does the smaller registry compare jobs really well and it seems to run even quicker than Prism.  The tool looks like this:

image

To make a compare, just run the tool and click on “1st shot”.  Make the registry changes (in my case I do a grpupdate for force group policy changes) and then run “2nd shot”.  When it completes hit the “cOmpare” button and you’ll get a text file or html file of the changes that were made to the registry.  Works well, is stupidly simple and because it’s open source there’s no serial numbers or licensing to worry about.

Enjoy.

Wednesday, September 08, 2010

TOR – Anonymous Web Browsing

TOR is a tool I’ve known about for some time but never really had a chance to check out.  Tonight I sat down and spent a few minutes with it.  It’s very cool.  I downloaded the TOR browser bundle which is basically a minimalist way to check it out.  The bundle includes a TOR client as well as a version of Firefox portable.  By expanding it into a folder or even onto a USB drive you can run TOR and see what it’s like to browse the nimageet anonymously.  So why would you want to browse the web anonymously you ask?  Well I can think of plenty of reasons. I often want to check some of the web sites I run from a remote connection to test firewalls and connectivity.  TOR basically relays your connection out and around the net.  That makes it possible to remotely test websites without having to use a remote tool to connect to a remote computer.  What I found out about this little bundle is quite cool. It has a built in bandwidth monitor, the ability to check out the nodes on the TOR network, the ability to dynamically change your network identity and the ability to make yourself a TOR relay.  Pretty cool stuff. 

I fired up the Firefox portable browser with TOR and went to www.myipaddress.com  to check out what was being reported as my IP. It came back with an IP address in Germany.  When I went to Google sure enough I was sent to the German version of Google.  Very cool.

So I only have you one reason for browsing anonymously but I’m sure you have your own reason. It’s a very cool tool and will now takes it’s place on my USB utility belt.

Friday, September 03, 2010

Monitoring Internet Health

It seems that there was a rather large issue at Level3 today on the Internet. Our provider was down for an hour or so while they rerouted traffic.  We were on it and rerouted our Firm’s traffic through an alternate site within a few minutes of the outage.  I’m always clamoring for more information as to how well things are running and how wide spread an outage is.  Here are a few links that are useful in investigating Internet issues:

http://www.internethealthreport.com/

http://www.internettrafficreport.com/

http://isc.sans.edu/index.html

Do you have any sites you use for this?  If so, hit me up in the comments.

Thursday, August 12, 2010

Interesting Scheduling Tool

I ran into an online tool to help people schedule meetings. It’s called When Is Good.  It’s surprisingly simple and straightforward to use.  When you want to have a meeting with multiple people and are unaware of their schedules When is Good allows you to graphically pick blocks of time when you are free and then let everyone else choose from these times.  You can see from the responses if there are any overlapping times that would work for a meeting.  Not clear enough?!?! 

 

You see this:

image

Highlight the times you are free.  They see this:

image

After everyone chooses a good time you see this:

image

It can all be done through web links anonymously so that’s pretty cool as well.   The technique is a great idea and it stops a lot of the back and forth in group emails to get people on the same page.  Now…if only we could get the big vendors involved to build this into their products…..

Thursday, August 05, 2010

Offline Antivirus Tool

So has this happened to you?  You get a computer from a friend/client that is seriously infected with malware or a virus and it’s actually running up to date antivirus and antimalware tools….and the tools find squat?!  Well it happened to me yesterday. Signs of the virus were internet connection issues and “weird” behavior.  After poking around a bit I rememberedimage a tool I had seen from AVG for offline scanning a computer that was booted from a USB based Linux distro with antivirus tools. So I downloaded it and tried it out. 

I downloaded the zip file for USB creation, popped in a USB drive and took off. After extracting the contents to the freshly FAT32 formatted drive I ran the makeboot tool to make the USB drive bootable.  I rebooted the PC from the USB drive and did a quite Internet update to updated the program and virus definitions. Then I kicked of a scan and walked away for a few hours.

The USB bootable drive found 12 virus infected files including one loaded as isaphp.sys which was loading as a system driver.  When I removed it the box wouldn’t boot because it needed that driver. I went to a known good machine copied the driver onto the rescue USB drive, booted from it and used Midnight Commander which was baked into the rescue distro from the utilities menu to put it in the drivers folder on the box.  Very cool and I didn’t need the Microsoft XP restore disk which is what is usually required.  It also found some infections deep inside some Java Jar class files that the others couldn’t see.  Good stuff to add to the toolbox…

Thursday, July 22, 2010

Checking The Security Of Your Browser

image As we update Windows 7 images at the Firm, I’m always running around trying to verify all the components are up to date.  From a browser perspective, I found a neat on-line site to check all the web components.  The Qualys site does a pretty good job.  Check it out.

Monday, July 19, 2010

MDT 2010 & Office 2007

As this blog is generally a place for me to remember things…I figured I’d add a tidbit about Office 2007 integration with MDT2010.  I’ve set up Office 2007 as a deployable application via MDT for new images and I wanted to figure out how to slip stream Office 2007 SP2 into the Office 2007 install. Turns out it was much easier then I thought.  Simply expand the SP2 files into the folder called “Updates” that already exists in the source folder for Office 2007 and you’re done!  Easy peasy! If only operating system upgrades were this easy!

Thursday, June 10, 2010

Speeding up a MAC

So I bought my wife a MAC a few years ago and she loves it.  She grew up with MAC and she is an educator and artist so it fits like a glove.  However, over time it’s performance has become abysmal.  I’ve done what I could do from an OS perspective cleaning things up but I’ve never been able to put the new imagecomputer smell and performance back into the machine.  A friend of mine gave me a copy of Diskwarrior to try.  Man did it do the trick!  It was painfully slow to load the tools but once it completed it really brought back the “snappiness”.  I wasn’t missing any documents before I ran the tool but it found a number of filesystem issues with the primary disk drive. I wish I could have screen captured the completed summary screen, but as it runs under it’s own OS (It kinda boots like a Knoppix disk) I couldn’t find a way to do that. If you’ve got a MAC and it’s slowing down with old age, give Diskwarrior a shot. I’m off to buy my own copy today.

Tuesday, June 08, 2010

Lansweeper

I’ve discussed Lansweeper before, but we just upgraded to the latest version and man…it’s way cool.  There are a ton of useful features in this package and for the price it can’t be beat.  The feature I like the most are:

  • Consolidated Event Logging
  • Custom actions
  • Licensing compliance monitoring
  • Custom reports
  • Ease of use

I had a high school senior in doing his senior project and I turned him loose on the upgrade.  (Shout out to Ben for a job well done!) So here is a smart kid with a little computer know-how able to install and configure one of the most useful tools we use in the department.  That should say something about how easy this is to set up and use.  No disrespect to Ben… he’s a really smart kid…but he doesn’t really have any system engineering experience. 

Custom actions are really cool. There’s a few written up in the forums so definitely check there to get started. But to just give you a flavor of what you can do, I set up custom actions for the following:

  • Get a resultant set of policies from a client workstation or server
  • Get the IE history of a remote computer
  • Connect to a remote computer with UltraVNC on an encrypted connection
  • Open up a command prompt to a remote computer
  • List the processes on a remote computer
  • List the service and their state on a remote computer

That’s just a few things we did. There are plenty more we plan on adding. It’s a very useful tool and definitely worth a look.

At least a take a look at the demo.

Thursday, May 06, 2010

Blackberry anti-virus, backup and location services

I found a cool little suite of Blackberry apps (all in one) that image handle anti-virus, backup and location services. The app is call Lookout from http://www.mylookout.com.  I loaded it up and it seems to work pretty well.  For the moment it’s a free app, but I’m sure they will begin charging for it at some point.  Here’s a quick list of features:

  • Backup (You can do this remotely in case you lose your device)
  • Anti-virus (can be scheduled)
  • Location (Log into the website and have it find your phone on a map)
  • Scream (Set off an alarm on your device so you can find it by the audible tone)
  • Nuke (Remote wipe your device in case you lose it…might wanna back it up first. :) )

Lot’s of this stuff can already be done with BES but the beauty is this way users can control their own settings.  In our Firm the devices are owned by the users so there’s a fine line of confidentiality that we need to ride.  This app might be a solution for a few of the more….sensitive users.

Enjoy!

image

Thursday, April 29, 2010

Windows 7 Software Deployment Script Tool

As you can see by my infrequent posts…I’ve been busy.  One of my projects is to develop and test out all our software distribution and imaging tools so that we can begin the rollout/upgrade of Windows 7.  To put it bluntly, it’s been painful. Windows 7 is just different enough to be a real pain in the butt.  One of my main concerns is our automated build process. We use Prism Deploy as our software distribution tool.  A clean Windows 7 build is loaded from Windows Deployment Services (a whole lotta setup involved there) and then we run a Prism Deploy script to load all our standard apps.  The problem is UAC gets in the way even as an administrator.  Even though you can turn it off you can’t stop it from prompting for some programs that write to HKEY_LocalMachine or to folders like C:\Program Files.  For example this line of the script to load FireFox works great for XP but now under Windows 7 it isn’t silent anymore:

/Run /Wait %comspec% /c %installdir%\firefox\FirefoxSetup3.6.3.exe -ms

The trick to get it to work involves the Elevation PowerToy…specifically the ElevateCommand PowerToy.  Installing this tool let’s me run the same command but it works with no GUI interruption:

/Run /Wait %comspec% /c elevate %installdir%\firefox\FirefoxSetup3.6.3.exe -ms

(Watch the wrap on that, it wasn’t intentional.)  Now the script works as intended.  There is one thing to note. The elevate command seems to shell out to a separate process so the current command windows closes.  For me this is an issue because my “/wait” directive in the Prism script no longer waits for the install to finish. If you have software dependencies that are written out in your script you’ll need to figure out a way to wait until things finish before moving on to the next install.

Good luck…happy installing.

Wednesday, March 17, 2010

Identify Traffic On Your Wan

We are in the process of looking deeper into our traffic patterns both on the LAN and on the WAN.  We run a number of tools (Nagios, Cacti, WireShark, etc.) to keep an eye on overall traffic and performance but to get beyond this and dig deeper you need tools like NetFlow and NBAR.  I figured I’d start with our smallest office and get a feel for how things are flowing over the WAN.  We’ve got a Cisco 2821 on site connected to a T1 over our MLPS network.  I figured I’d enable NBAR first and do a simple discovery of what traffic is flowing.  Here are the steps I took:

  1. Login to the router.
  2. Verify it isn’t overloaded before doing anything. I ran a “show process cpu” to verify all is well.  My router was running an 1% before I began any NBAR processes and I had plenty of free memory so I figured it was safe to enable.
  3. Perform a “wr” to make sure the current config is written.  You’ll also want to back up the config if you don’t have an automated way of doing this already. (I use CatTools….highly recommend.)
  4. OPTIONAL STEP:  Set your router to reload in 10 minutes. (reload in 10) That way if you enable NBAR and something goes wrong in 10 minutes your router will reboot with the last known good configuration before you enabled NBAR. If everything is ok cancel the reload (reload cancel)
  5. Enable NBAR on your serial interface. 
  6. Router(config)#interface Serial0/0
    Router(config-if)#ip nbar protocol-discovery

  7. Again, check out your router performance with “show process cpu”.  If it’s taking a huge hit use the “no” form of the above statement to disable NBAR.
  8. To see the results use the command “show ip nbar protocol-discover”.  You’ll see something like:

  9. image

  10. If the list is long you can just return the Top 10 with: “show ip nbar protocol-discover top-n 10
  11. To keep an eye on how many resources are used by NBAR use the command “show ip nbar resources

That’s pretty much it. You can get a lot of information about what’s happening this way.  To really roll up the numbers you’ll need netflow tools which I’ll discuss in another post.

Enjoy!

Tuesday, March 16, 2010

LifeSize Videoconference System Troubleshooting

As you can tell by my infrequent posts….I’ve been a little busy. :)  We are nearly done with our videoconferencing system upgrade.  We went from a Tandberg infrastructure to LifeSize HD.  I really like the LifeSize system, but it hasn’t been a smooth road.  We’ve had a number of issues with ISDN, some with the LifeSize Networker and some with our PBX and we still haven’t completely figured them out.  However, I have learnedimage a whole lot about LifeSize and HD Videoconferencing that I didn’t know before.  For one, LifeSize has a few diagnostic screens buried in the interface that do tend to help. The biggest find was https://YourLifeSizeIPAddr/support   This part of the built-in web interface allows you to change a number of settings, pull an IP (tcpdump) trace for analysis and even run some extended logging.  Oh yeah, you’ll be prompted to provide a username and password. The default username is “cli” and password is “lifesize”.  You can change those from default if you ssh into the box and use their command line tools…which unfortunately aren’t regular Linux tools.  They’ve got their own shell running that I haven’t figured my way around yet.   Anyhow, the first tool here on this page is the Coroner page.  That will run the equivalent of a Cisco “show tech support” on a router dumping logs and data to a file you can send to support for analysis.  The file is called coroner.dat and seems to be some type of a tar file but I’ve been unable to unimagecompress it….but then I haven’t tried very hard. :) The second link you see is for the ISDN troubleshooting page.  This page is great for ISDN troubleshooting.  It gives you a much better picture into what is happening on the LifeSize Networker.  Just like the main support page there are a number of knobs and switches to throw here.  I haven’t seen any documentation on what each of the settings and controls do (the tech notes describing them are pretty thin) but if you’ve been around videoconferencing and networking you can figure out most of the stuff without issue. 

All in all I really like the LifeSize gear.  Once we get our new routers in (we’re planning a WAN upgrade as well) I’m going to implement LLQ/CBWFQ for video and voice traffic.  That should help out immensely with the dropped packets we are seeing now.  It won’t help over the Internet of course, but at least site to site calls will be better.

Oh yeah, when you do run a coroner capture it lists out what it’s grabbing as it works and it sure looks like some flavor of Linux under the hood.   Gotta love it!

 

 image

Tuesday, February 16, 2010

Quickest way to setup a test machine

So I set up a lot of test machines.  A lot.  It’s always a pain to load all the basic tools over and over again along with doing all the Microsoft updates and reboots.  I found a cool website that expedites the setup of many of the tools I use.  Take a quick look at Ninite.com and you won’t be sorry.  It basically allows you to select many commonly used applications and download and install them all at once. Very cool and very useful.

Friday, February 05, 2010

iptstate – Who you talkin’ to Willis?!?!

I was playing around with iptables today on some new boxen and found an old tool I had forgotten about.  iptstate is like top for iptables.  It’s a cool tool used to see who is connecting to your linux pc.  Here’s an example of the output (with the ip addresses and ports changed to protect the innocent!):

                          IPTables - State Top
Version: 1.4          Sort: SrcIP           s to change sorting
Source              Destination         Proto   State        TTL   
10.0.10.48:43081    12.18.123.135:7666  tcp    TIME_WAIT    0:01:08
10.4.17.49:59253    92.16.123.155:9666  tcp    TIME_WAIT    0:00:56
10.23.14.147:1900   15.18.61.105:12     tcp    ESTABLISHED  119:59:59
10.6.12.106:1549    213.168.1.105:89    tcp    TIME_WAIT    0:00:00
12.34.34.113:42343  121.138.1.103:87    tcp    ESTABLISHED  72:35:23
21.15.2.26:3404     107.168.1.102:80    tcp    ESTABLISHED  6:56:27
22.16.14.120:3783   145.168.1.120:77    tcp    ESTABLISHED  29:13:09
23.154.11.20:2517   123.18.1.100:8080   tcp    ESTABLISHED  15:41:32
24.184.14.12:1511   155.168.1.100:34    tcp    ESTABLISHED  40:02:34

Enjoy!

Thursday, January 21, 2010

Big A$$ Backups to Removable Media

Ever asked to backup a boatload of files to DVD?  Been stymied time after time adding just one too many files to a folder and it won’t fit on DVD/CD?  Enter Capacity.  A tool to break up that big job into just the right size chunks saving you time and heartache!

Enjoy!

image

Tuesday, January 19, 2010

You are ready for DNSSEC right?!?!?

If you’ve not heard, time is growing short.  A massive rollout of DNSSEC will begin next week.  Learn more about it here.  I’m sure the change won’t be seamless and it will probably slow name resolution for awhile.  Might  be a good time to start reading if you haven’t begun already….

http://www.dnssec.net/

http://www.root-dnssec.org/

http://net.educause.edu/ir/library/pdf/EST1001.pdf

Wednesday, January 13, 2010

SELinux Issues

I had a few issues on a CentOS box today that I upgraded from 4 to 5.  Syslog wouldn’t start if SELinux was in enforcing mode.  I had to do a filesystem-wide relabel to get it all working.  It was pretty straight forward to do but here was the procedure that worked for me.

  1. First make sure SELinux is up to date with a yum update
  2. Put SELinux into Permissive mode (setenforce 0)
  3. Now set it so that it won’t turn on after a reboot by editing /etc/selinux/config and setting the line SELINUX=permissive
  4. reboot (not sure this is required but I did)
  5. set the system to autorelabel (touch /.autorelabel)
  6. now reboot again (this one is required and it may take a little while if you’ve got a big filesystem)
  7. now run setenforce 1 and edit /etc/selinux/config and set it back to SELINUX=enforcing

That was pretty much it. A “service syslog restart” got it all going again. 

I’m still learning about SELinux.  Here is a great PowerPoint on it.

Enjoy.

Monday, January 04, 2010

Windows 7 GodMode Folder

Happy New Year!

As you can tell I’ve been on vaca for a few weeks so I haven’t posted much.  I’ve been reading up on Windows 7 so I’ll be releasing some of what I’ve found over the next few updates. As I this is my first day back to work in two weeks I’ll keep this one simple.  You may have seen this around the net already but I thought it was kinda cool.  In Windows 7, there is the ability to create a “Control Panel-like” folder that has all the admin stuff that seems awfully hard to find in the new “forced” view of control panel. (I say that because the took the damn classic view of control panel completely out of Windows 7.  Damnit.)  Anyhow on any drive create a new folder and call it:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Now when you access that folder the goodies inside let you have a central location to go find a bunch of admin goodies.

Enjoy!