Introduction to scripting for systems administrators - Windows Scripting Host, part 1

by Dmitry Kirsanov 20. November 2011 00:42

Some time ago, which seems like yesterday, I made an attempt to introduce Windows Systems Administrators to PowerShell. Even before doing that, I realized that professional Windows scripting is still impossible without using of VBScript, or Visual Basic Scripting Edition. And teaching someone PowerShell without at least showing the main concepts of VBScript is not right.

While I am trying to show the work with VBScript from more like practical point of view, I am also not trying to substitute the training course on the subject, so if VBScript or Windows Scripting in general is about to become your main responsibility at your company, please get yourself a reference on it, preferably something as good as VBScript bible.

However, we’ll get closer to VBScript during later sessions and cover even so exotic topics as using VBScript custom actions in Microsoft Installer packages (MSI).

Introduction to scripting for systems administrators - Windows Scripting Host, part 1

Introduction to scripting for Systems Administrators - PowerShell

by Dmitry Kirsanov 19. November 2011 13:28

There was a time, when IT specialists were mainly either systems administrators or developers. There was a time, when being Database Administrator would also mean having perfect knowledge of SQL. New generation of IT specialists don’t remember that time, and that only because technology evolved so greatly, it is considerably harder to possess the whole range of features offered by a monster product such as SQL Server 2008.

But this post is not about databases at all. It’s about how we can manage the growing complexities of enormous range of technologies that we have to use in business. More...

Changing base currency in Microsoft Dynamics CRM 2011

by Dmitry Kirsanov 17. November 2011 17:18

DynamicsCRM2011_logoAccording to Microsoft, you are not able to change your base currency in Microsoft Dynamics CRM 2011, the same as it wasn’t possible in version CRM 4.

However, that’s not true.

Imagine, that during the installation of Microsoft Dynamics CRM 2011 server, you’ve set your currency to EEK (Estonian Krona). However, then your country adopted Euro and there is no EEK anymore. According to Microsoft, you have to delete your organization and export it’s data to new one.

It is considered a big no-no to hack into the CRM database, yet in order to change the base currency you will have to do it. Here is how:
More...

Windows 8 Classic Start Menu

by Dmitry Kirsanov 14. November 2011 13:35

This one will be quite short.

Windows 8 comes with new tablet-oriented Metro graphical user interface. However, just like in previous versions of Windows, there is the possibility to revert to alternative start menu. In Vista and Windows 7 we had ability to switch back to Windows XP style of menu, now we have ability to switch back to Windows 7 style.

In order to do that, you need to switch one key in Windows registry, which is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RPEnabled . This video shows how to do that:

Windows 8 Classic Start Menu

Previously we’ve discussed how to run Windows 8 on VMWare and what are the most interesting changes in Windows GUI for end-users.

Deploying Windows 7 by Using Windows Deployment Services

by Dmitry Kirsanov 14. November 2011 01:10

In one of the previous topics, I was showing how  to deploy Windows 7 using Automated Installation Kit, or AIK. This time it’s more hardcore, and is about Windows Deployment Services.

Using Windows Deployment Services you can deploy your fine tuned Windows 7 image to hundreds of computers in a matter minutes. It’s not the most hardcore way of doing it, as I will show in SCCM course later, but still mind blowing if you are either haven’t heard about it before.

It’s not a rocket science though, so the whole lab is just 16 minutes. Very short indeed, but it contains even the installation phase.

Enjoy!

Deploying Windows 7 by Using Windows Deployment Services

Network Load Balancing Clusters in Windows 2008 - when one server is not enough

by Dmitry Kirsanov 14. November 2011 00:52

Russians says – “One is not a warrior at the battlefield”, meaning that one is just too small number for a real war. When the time of real battle is coming to your web site, it’s time to become a … farmer. The geeky one.

Web farm, or Network Load Balancing (NLB) cluster is when there are more than one web server behind a single web address. Of course, it’s not only about web – some other stateless resources can be scaled that way as well – DNS server, for example, or SMTP. However, the most popular use of NLB clusters is web, as most requests in the Internet are going through it.

Network load balancing clusters are rather frustrating topic for many systems administrators, as it’s very common for them to know clustering till the time of their exam. MCSEs and MCITPs of all kinds have to know that stuff, but rarely use it. Who might be more interested in clustering – that’s web developers, who’s web applications serve more and more visitors each day and should be infinitely scalable by design.

Developers

But what it takes to build an application, which could be scaled out by simply adding more hardware? If your application is working fine and attracts more customers than it can handle – that’s when you are wondering whether you’re in trouble. The trouble comes when you realize, that the architecture of your project does not support scaling and situation is even worse if your web developer has no clue about how to make it work in the cluster.

For .NET developers, though, the situation is much better than for PHP developers, for example. They can use SQL server to store the state data (and SQL server may reside on failover cluster, which is the second type of windows cluster that we’ll review later), files can be stored at mirrored network area storage (NAS) and that’s it.

Systems Administrators

For administrators, though, the situation is more difficult. First of all, they are the ones who needs to care about installation, maintenance and management of the cluster. They are the ones who migrate old applications to new clustered servers and must ensure they understand why these applications do not work under new conditions. While usually developers have the harder burden, this time it’s not the case, thanks to Visual Studio and .NET.

There is not much we can say about developer’s part of the job, as there is too little and too simple stuff to do, there is pretty much to say and to show to system administrators.

That’s why I had no choice than to prepare my first narrated lab about creating Windows Server 2008 Network Load Balancing cluster. Enjoy!

Implementing Network Load Balancing Clusters in Windows 2008

Perhaps my future labs will become narrated as well, excerpt for the short and simple ones. It takes a bit more work, since I am not preparing the text and have limited time to complete the lab (always do it in one take), but is definitely more fun, as I can tell more than you want / need to know about the subject.

Deploying Windows 7 by Using Windows AIK

by Dmitry Kirsanov 9. November 2011 11:20

Another aspect of corporate systems administration is ability to deploy anything and everything at once without even leaving your chair. In Windows world, we had that ability from Windows 2000 and it evolves with every new version of operating system.

One of the key tools to install the operating system itself is Windows Automated Installation Kit (AIK). Windows is using so called “answer file” to not ask you for things with known answers. And it’s not only serial number, user and computer name, but also partitions, drivers and other things that could take hours to install and configure otherwise.

As a potential scenario of deployment, imagine that you’ve just received a 100 new computers from hardware vendor. 100 brand new machines with no operating system installed, as you will use Windows 7 corporate – version which you can’t buy at local store. Your task is to install it as soon as possible – it’s Friday evening and you don’t want to waste your weekend on it.

So you prepare the image of one machine and deploy it on all other machines using local network. Very simple thing to do when you know what you are doing.

The following walkthrough lab is from the Microsoft Official Curriculum 6294A: Planning and Managing Windows 7 Desktop Deployments and Environments. It shows you how to create bootable media with image of your reference workstation and deploy it on other machines. Enjoy!

Deploying Windows 7 by Using Windows AIK

Microsoft System Center Configuration Manager 2007 LAB 1 / 13

by Dmitry Kirsanov 8. November 2011 15:13

One of the most sophisticated and complicated products made by Microsoft, System Center Configuration Manager (SCCM) is absolutely irreplaceable thing for corporate systems administration. It requires a lot of resources, a lot of knowledge and a lot of care to install and manage, and theory alone is insufficient to become proficient with it.

So here it goes – the first lab in a series. It will show you SCCM in action in controlled set up environment and will explain some of product’s complexities.

Special note for those who wants to study SCCM 2012 – there is no difference between two when you are training. Course on SCCM 2007 perfectly fits and will explain most about 2012 functionality.

Additionally, you may look at TechNet Labs for interactive labs.

As additional material I would recommend a book from Unleashed series which is among the best of a kind.

SCCM 2007 Lab 1 / 13

Security through obscurity

by Dmitry Kirsanov 8. November 2011 11:46

Rather short note for pen-testers.

Sometimes you have software which is contacting some web services – especially interesting when it’s about transferring files.

Sometimes some software packages, especially custom ones, made for a small number of customers, may have web services open for consuming by that software.

Pay attention to it. Sometimes there are exposed functions which could be exploited in a way that developers were not able to imagine.

For example, during my most recent pen-test, I was able to put files, delete and execute on server using only functions of exposed web service. Needless to say, I wouldn’t need any hacking tools or social engineering to penetrate networks of their customers as well.

This topic is rather omitted in CEH and similar courses, but with some base knowledge of programming you could kill the whole family of rabbits with one shot.

Also, as a side note about pen-testing. I noticed that even when you’re using simplest technique, a “no-brainer” one, customer will call you “hacker” or “genius” just to not call their developer or system administrator an idiot.

Password policy of our time?

by Dmitry Kirsanov 3. November 2011 22:18

PasswordWhen I began studying computers in beginning of 90s, I adopted the password policy of that time, which stated that passwords should be at least 8 symbols long and be complex, meaning that there shall be a number, uppercase and lower case symbols, and would be nice if there would also be a special character.

With Windows NT 4 we had addition to that rule, which was rarely used in practice, that the password should be longer than 14 symbols, as otherwise it could be hacked in a matter of seconds.

Windows has additional rules in corporate environment, but all of them are basically about the length, complexity and maximal age of the password. However, while you can enforce that in corporate network, most people are far from understanding the underlying idea of password policy, can’t estimate the cost of weak password, and overall they are ready to adopt the policy only if it will be reasonable enough.

So I decided to create such policy for myself, and take a look what I came up with:

More...