Absoblogginlutely

How does green border work?

I downloaded greenborder this evening as it sounds like a good tool - the catchy name is because each browser/directory that is protected by the software has a green border around the window - a nice simple, catchy name. It is worth architecture page gives a little more information on what it does, although I'm not really sure how you can virtualise a web browser. Anyway, the software is incompatible with encryption, Windows One Care, needs a slight hack to work with firefox and needs some funky registry permission changes in some circumstances.
Sorry guys if I sound like I'm bashing the product without trying it, but some of the marketing details need to be ironed out before I'm going to try it out.

ie7 beta 3

I think I only got round to installing beta2 last week, and beta3 is out today - this post has details on what is new. No mention on whether the unsupported hack for running ie7 in parallel is fixed within the application though - it would be nice if all it takes is some registry changes!

Terminal server commands

A useful list of Terminal Server commands - some of which I knew, some I didn't.

June's MS patches

We've had two occurances of Terminal Services and Sql server not responding after the servers had been rebooted after the patches had been applied.
Terminal Services had the service running and using mstsc to the server would result in a message saying the server was not accepting connections. Telnetting to port 3389 would come back with a connection but nothing in the telnet prompt. A reboot of the server cured this problem.

As far as SQL server was concerned, the SQL service had not restarted after the reboot - not sure why as I didn't have time to troubleshoot - I just needed to get the service running, which happened as soon as I launched Enterprise manager and attempted to connect to the server.

Anyone else had similar experiences?

Sysinternals licences

Sysinternals have finally got back to me with details on their consulting licence for their tools - a while back Sysinternals changed their licencing terms for their software which meant that use by a consultant would require payment for a commercial licence. I heard back from them today that $200 per technician per year gives you the right to use the software on any computer - but you do need to remove it when you have finished with it. I don't think that price is unreasonable considering the power of the software, but it remains to be seen whether work will pay for it - or whether we'll have to use alternatives....

River walk.

I went out this morning and walked along the new trail in Dublin alongside (or above) the river. It was nice and peaceful, with one guy even bringing a deckchair and he was sitting there reading the newspaper. I'm not quite sure why he needed a deckchair as there were plenty of benches to sit on instead. There were several people around, but most of them were older couples taking their morning stroll. I took several photo's - playing around with the exposure settings of the camera and have uploaded some of them to flickr - I wish I could have got a clearer photo of the spider though but I didn't have my full size tripod with me and it was too difficult to take a photo on the macro setting, zoomed in without it appearing out of focus. It's a really nice place to go for a stroll or a picnic (with lots of picnic tables along the route). You can either park

Debugging BSOD Dumps

I've only had to do this once, but debugging memory dumps would have been a helpful guide.

Ipig version 2

Iopus now have their Iopus Private Internet Gateway v2 software out now. This worked ok for me in version 1 but the performance overhead was sometimes too great - however it did mean that any traffic that I sent out from my wireless card was routed back to their (or my) ipig server and then out onto the internet so no passing email or web page passwords out on the net. I already have OpenVPN working through the linksys firewall, but that just VPN's me into the home lan - it doesn't set the vpn tunnel as a default gateway, so all other traffic goes out on the wireless - not something I really want to happen at the moment so I'll be downloading the ipig client and server to give a try.

Blogroll is back

The Blogroll is back. Not sure why it got confused but after removing it, copying the code into a test.php which worked fine and then copying the code back into the MT template, it's all worked fine again.
It's great as there are a couple of blogspot blogs that don't seem to have an RSS feed, but I can get notification that they have been updated via this mechanism - it also enables Kristen to read the blogs without an rss reader too.

ImageMagik on my new host

I didn't realise that after I moved servers with my new host, the path to imagemagic changed - this meant I wasn't able to upload any pictures to the gallery. It's fixed now by setting the path to /usr/bin instead of /usr/x11/bin

Avaya IP Office forums

So glad I'm not alone - Avaya: IP Office Forum - Tek-Tips

Cincinnati

Kristen had the day off so I took the day off and we went to Cincinnati. We went to Newport Aquarium in the morning and I tried to do some geocaching.
We also saw Over the Hedge. I was not sure that I wanted to see it as the commercials looked too cheesy and I enjoy the comic online so didn't want to get disappointed by watching the film. The film was very funny but the ironic thing is that the film has been plugged by Walmart and Kroger a lot - yet the film is about the excess purchasing and food eating habits of humans. My favourite character was Hammy - the squirrel (thats squ-ir-rel).
I've loaded some of the pictures we took up to flickr - there are more photo's but these ones will do to start with.

OOO

This is the best feature of Lotus Notes - the Out of Office - not because it is easy to use (or easy to find in the web interface) but rather due to the fact it means I'm having a day off!

Coke rump recipe

Funny flash tutorialon cooking a rump stew with coke with the aid of some felines.....
Thanks to Daisy

Free Fraud Prevention DVD's

The US Post office are doing some free Fraud Prevention DVD's with free shipping. There are 7 titles available covering topics such as work at home fraud and fraud on the internet etc.
I've ordered 2 copies of each - 1 for my own use and one for clients. Thanks to Security Catalyst

blogrolling breaking my links?

Not sure how long it has been going on, but it looks like blogrolling is having some funnies with the links. For some reason blogrolling sends the html with single quotes around the parameters in the a tag. Something is escaping the single quotes with backslashes so the urls get broken. Anyone else noticed this and know when it started happening?

Battery Backup.

Realised after the computer had a hectic few moments tonight when the power surged that the pc was plugged into the surge protection port of the UPS and not the battery backup - oops!

Symantec control centre failing to synchronise with server

I've had an instance with Symantec's system centre not being able to show me the details of the client pc's, complaining that the parent server was down. An initial reboot of the server didn't fix the problem and most of the documents refer to reinstalling or upgrading symantec to fix the problem. However the document at Error: "Event ID 62: Symantec AntiVirus communications layer failed to initialize..." appears in the Windows Event Viewer - Application log asks for a restart of the service and changing the LoginCaCertIssueSerialNum registry entry - that did the trick.

Vista Installation - pt1

Urgh - the installation process has been horrible so far. Makes me want to put the new version of Ubuntu on instead! Incidentally, their timing was awful - everyone has blogged about the Vista upgrade and hardly anyone blogged about their upgrade. Maybe they should have waited a couple of days and then brought it out with the advertising of "Frustrated with waiting for Vista? Can't Install Vista? Try Ubuntu and you won't have to pay for an upgrade in a year!"

Anyway, back on track - I tried to boot from the dvd but the installation hangs after the first swoosh goes across the screen, after the files have been copied, the lights on the keyboard light up briefly and then the whole pc hangs - no more keyboard action and the whole pc needs to be switched off.

So back into Windows I boot and I have to delete a partition on the hard disk as my 10gb xp partition that I was originally going to install over the top of is not big enough. Setup starts and says it can't copy a setup file - I hit ok and it continues anyway. After entering my licence number and not updating the install from the internet I get the message "At least one device driver that might be required to start your system is not available. Devices with missing drivers: A347SCSI Controller and D34PRT SCSI Controller - Do you wish to ignore and continue?

I have no idea what those two devices are - (a quick google search tells me it is my daemon tools drivers - thanks to tech recipes) but the Vista Upgrader Advisor didn't have any problems with them and curiously enough - I've read that a good way to assist in installing Vista is to mount the vista ISO with Daemon tools and run setup.

UpdateWell the install from within XP didn't work either and actually wasted even more of my time - not including the time taken to juggle my partition sizes and create enough space for a clean install. The setup routine within windows asks for my product key, asks which partition I want to install to and starts to copy files to the hard disk. Eventually the pc reboots....and does exactly the same as the install process from dvd - the pc freezes at the swish thing down the bottom of the screen. I've tried to see if I can find any diagnostic logs or debugging process like the safe mode in XP but no joy so far. - Ubuntu is being downloaded right now.

Microsoft Antigen for exchange

I downloaded Microsoft's Antigen for Exchange last night and installed it on a server to remove some old virus's that were stuck in the mail store (there is no scheduled scan of the mailstore as realtime desktop and smtp scanning is now used for virus protection). Although the product did the job of deleting the mail, the whole admin interface is awful to use and the support on the Microsoft website is non existant - there are NO documents in the technet database on Antigen version 9. With the various quirks in the admin interface and no support, this software really should be released as a beta. I'd only say beta due to the fact that it did remove the virus's otherwise I'd recommend alpha status.
The extended entry contains my 22 points that I would provide as bug reports if it was in beta status.

1. Grey colours - yuck
   I was going to mention this as an appalling colour scheme - but there just are no colours in the console at all. It looks ugly. (I admit there are some colours in the scheme but the interface is predominantly grey.)
2. AV software not installed by default.
   The antivirus engines are on the system but they don't have any dat files associated with them - you have to download them before the software has any definitions to work with -surely some definitions with the software would be better than none?
3. Can't do update all NOW.
   There is no option to update all the virus definitions in one go - you have do them one at a time. There is a scheduled task to update them about 10 minutes after installation - but if you want to start scanning NOW and protect your mailserver NOW rather than waiting 10 or more minutes for the definitions to be installed. In a busy environment this could mean a lot of emails getting onto a mail server without any virus protection
4. Gui not mouse friendly
   There were no shortcut keys for any of the dialog buttons so the mouse has to be used for everything. I was doing the installation on the server console in a rack so had the fun of using the nipple on the keyboard which makes long movement around the screen a painful task. The updates for each antivirus definition meant clicking update now on the far right hand side of the screen, waiting for the update to process, Move the mouse over to the left hand side of the screen to select the next agent and then moving the mouse back to the far right hand side of the screen to select update now.
5. Some virus's detected twice when scanning/detect (default action!)
   When running the initial scan (which also has the setting so that the virus is only detected - no cleaning or deletion is set) most of the virus's that were on the server - sober and netsky variants are detected twice. I think this may be due to the different names that the engines to each virus although it did seem to appear that various companies would appear in both occurances of the same virus. However, when you delete the virus you only get one entry - as expected as once it is deleted by one engine it is not going to be detected by any of the other engines.
6. No delete button to delete items in quarantine - no right click menu.
   The quarantine screen has no delete feature visible. There are options to release the items but no delete. Instead you have to press the delete button. This may sound obvious but some sort of visual indication should really be on the screen.
7. Pressing delete changes status to **retrievingdata**
   After pressing the delete key on the quarantine screen, all the virus status lines change to **retrieving data** and the whole screen starts to flicker. It is almost as if the screen is being redrawn each time the virus is being deleted on a very slow terminal. However this is not the case as no lines are deleted - it just continues to flicker. The only way to see that anything has been done is to select another screen in the program and then switch back to the quarantine.
8. Defaults to sending an email to sender of virus laden email
   This is a bad option. It is a very rare occurance that the from address on a virus laden email is a genuine email address. Most email borne virus's are the result of mass mailing infections with spoofed email address's so what is the point on having the default option set to reply to the sender?
9. No facility to see results of scheduled scan job
   You could look in the event log but I would expect the log to say that a scan was run but no virus's were found in the application. This leads me on to the next point -
10. Lots of registry entries to fix various issues that could exist
    Reading the readme (yes I actually did bother to read it) - gave details about a lot of registry settings that should be set depending on the user environment. A lot of these should really be in the UI - remember - we are always told to use the UI whenever possible and stay out of the registry - so why the need to delve into the registry for so many settings? This also means that there are too many undocumented features that are not apparent to the administrator (who doesn't read the readme) This also makes the documenting of the server setup much more complicated. You now have to document each regkey (and the possibility of mistyping in the document) rather than screenshotting the application settings. Having said that, registry settings could be useful as you could export them - but they are in different areas of the registry and you could do this after the UI has made the changes for you.
11. Logs in eventvwr only say "Manual Scan Started"
    If you run two manual scans, one for each store that you have and then look in the event log there is no way of telling which manual scan a log entry refers to - so don't run two scans at the same time (this also goes for ensuring that the scheduled scans run at completely different times of the day
12. No right click anywhere.
    It seems very odd to not have any context sensitive menus in an application nowadays - even notepad has them!
13. Help pages, running on a server give error messages due to active content.
    There is not a lot MS can do about this apart from making the default page explain the settings that need to be done - Dell does this with their server admin tool. I know that an administrator should know this - but not all admin people know what they are doing - especially if the standard admin person is on holiday and someone else is standing in for them.
14. Various logging enabled - but no links to the log files themselves
    I think this is because all the logs files are dumped to the eventlog - which makes it so much harder to parse when looking for an error. I guess you can use more utilities to export the eventlogs to a file/console but this shouldn't really be necessary.
15. Installation doesn't walk through configuration of the server.
    Once the setup program has run I would have expected some sort of wizard to walk through the various configuration settings that need to be done to ensure that various settings are filled in correctly so that everything works. Instead you are left to work it out yourself so it is possible to run a scan, expecting a report but not get one as the administrator email address wasn't filled in on another screen.
16. Runs as system account
    I would have expected the option to either run with the Local System Account or to be given the option to run with a user defined service account
17. The readme refers to kb article 911791 which doesn't exist.
    But then again there are no documents in the technet knowledge base for this product
18. The help file tells you to go to microsoft.com and access support
    Surely they could be more specific - but then again that is unlikely due to the next point.
19. Antigen doesn't even appear in the list of products on support.microsoft.com
    When I went to support.microsft.com there was a drop down list to select a product but it wasn't listed. It was only when you went to the alphabetical list of productsthat Antigen is mentioned. (Strangely I can't find that dropdown list on my pc at home so they may have changed the webpage?)
20. Clicking on the Antigen Support site only has Antigen 7.5 and 8.0
    This is the page you are taken to when you select Antigen from the alphabetical list of products
21. Search for antigen on the Antigen 9.0 page ) returns no data!
    Antigen finally appears under the search a product page but I was unable to return any data for a variety of queries for this product including searching on the word Antigen - I would expect that to come back with all the documents available but NO results are found.
22. AEM (Antigen Enterprise Management) can be installed seperately
    This is a different product that looks like it may give better reporting features for the product - hmmm maybe this is why the reporting features are so useless. I say may give better results as there are no screenshots in the getting started guide - something which might be useful when guiding someone through the initial installation of the product.

All in all - I am disappointed with the product - yes it does the main job of checking and cleaning for virus's. It also has other features such as antispam but I've not looked at those features. But the whole UI needs some serious development work before it could be used in earnest. I only had to install and manage it on one server (but I will probably install on another machine to see if some of the problems were unique to that one machine) but this would be a nightmare to manage on an enterprise scale.

Wordpress upgrade to 2.0.3

I upgraded wordpress on my uniform server to 2.0.3 and got stuck in an endless loop stating that I needed to upgrade. Solved by running the upgrade url in ie instead of firefox.

Get noscript installed in firefox!

There's a new zero day exploit for firefox and internet explorer which involves javascript. So if you are running firefox, then installing NoScript will give you added protection. If you are running IE - then ooooooops :-)

Having said that, it doesn't look that malicious - you would have to be tricked into entering data into one page, which can then be sent to the malicious site at the same time, so you are probably only at risk if you do random surfing or surf in dodgy web site areas in the first place - and if you are doing that then I really hope you are not running internet explorer (or as an admin!)

Vista Download

After attending a Vista Management webcast yesterday I was all fired up to install Vista on one of my older pc's - unfortunately it was only open to msdn subscribers (which my company is) but I didn't have the information to download it. However, thanks to the JCXP I've got my own copy as it was released today. Currently downloading the ISO now. Not sure how long it will take and I hope that the huge thunderstorm we are having right now doesn't take the powerout at 99%

Wordpress admin password reset

Hmmm - if you are like me and forget your admin password, then you can follow the instructions at Tamba to reset the password. Note that this does rely on you remembering your phpadmin password - which shouldn't be the same as the wordpress one!

OpenVPN on dd-wrt

I setup my wrt54g with openvpn support and enabled the OpenVPN server as per the wiki documentation and it works great.
Now I just need to ensure that my web browsing is being tunneled through this interface when connected remotely and I'll be able to surf remotely and securely.

remove intellitext ad's

A script to remove those annoying intellitext ad's - those double underlined in green words that are starting to appear all over the place such as at The Gadgeteer and the once was useful but not anymore expertsexchange. The links will appear briefly but then get removed by the greasemonkey script.

powershell ide's

Looks like there is now some more incentive to start using the powershell that I installed on the notebook as there are two ide's to use - see Scott Hanselman's blog post for more details.

cacls replacement

I discovered that there is a replacement to cacls called xcacls.vbs which can be downloaded from kb article 825751 which has instructions on how to use it. Not sure why there is a new version, but the output from the vbs script does look a lot nicer than cacls. Hopefully it doesn't blow up permissions like cacls did for me once.

Symantec patch lists

I was initially under the impression that only 10.1 was vulnerable to the new exploit that went out, but apparently it's almost every 10. version of the software. The web page at symantec's sym06-010 page is good for providing links on what needs to be upgraded to what version. This is something that symantec is VERY poor at doing - I've never received a new patch level notification or anything, apart from the marketing push to upgrade to the latest version - but even then the latest versions that I've been sent haven't been the latest version and have needed patching!

Spammers adding you to spamtraps?

I got asked a question at work today that had me stumped (although spf might be a solution).
The scenario:- The spammer create a spam email and spoofs the from email address. The From email address is set to be a spamtrap email address - one of the emails that will blacklist your domain if you send email to it.
The email then gets sent out to a million people - several of whom have out of office assistants turned on, and so they reply to say they are out of the office.
The result:- The spamtrap email address gets an email from your domain and your domain gets blacklisted. Your users can't send emails to valid recipients and spamcop takes forever (12-24 hours on the best of days) to get your machine white listed again.

So my question is - how do you solve this problem or work around it? You need to keep out of office on so that genuine users will know if their email is going to get read or not. I was thinking that possibly spf would work. A user who is likely to check spamcop for blacklists is also likely to check spf records. If you have spf records set, then the spoofed email would not be accepted in the first place...... The only flaw with this is that it relies on both the relay machine AND the recipients to do spf checking - and not a lot of people do that.

I contacted 1&1 the other day to see if I could set up spf records for helsby.net but they don't support it on any of their packages - seems a shame, but also seems to be in keeping with their policy of not letting you getting your hands dirty in the real management of the network and making everything gui-ized.

Wsus won't download updates

Had a customer whose wsus box wouldn't download updates from microsoft with event id 364 - Content download failed. Reason: Access is denied. Source File < snip > destination File: d:\wsus\wsuscontent......
It looks like the permissions on the root of d: (in this case) are not correct - Network Service needs read access - unfortunately Network Service does not appear in the list of users to add to the drive (and you can't right click d: to assign permissions).
Fortunately by using cacls you can change permissions - note that cacls is very powerful and you need to understand what you are doing before running this - take it from me, cacls going wrong can really mess with your system and your sanity and your job security!

If you are still with me, you need to do the following:
From a dos prompt:-
d:
cd\
calcs . <--- this provides you with the current state before you change it
cacls . /e /g "NT AUTHORITY\NETWORK SERVICE":r
cacls .

Then in wsus console, double click a client that needs an update, click on the status, click on an update that has failed. Click retry download. Look at the eventvwr and you should see event id 361 - Content synchronization started. A quick glance back at your wsus homepage should show the files being downloaded.

error 0x80096001 when trying to run windows updates.

I had a problem trying to run Windows Updates on a machine, getting an error "Windows Update has encountered an error and cannot display the requested page. You may find the following resources helpful in resolving the problem...'Error Number: 0x80096001"

Several kb articles (ie kb822798) mentioned the need to edit security settings and reregister dll's and/or remove the %windir%softwaredistribution directory but unfortunately this didn't work.
Part of the troubleshooting for this involves going in and looking at the certificate status within internet explorer. When I tried to double click on the certificate it gave me the error message "system-level error occured while verifying trust" on any of the certificates.

A post on the microsoft.public.windowsupdate newsgroup gave me a clue and by logging on as another administrator it all worked - my certificates are ok and windows updates runs through successfully.

Update It turns out that the problem in this case was partially caused by having a readonly profile - for some reason the desktop folders etc were all redirected to a share that didn't exist. By searching for this entry in the registry and editing it to point to a share that did exist I was able to get the profile (and windows update) working again.