Loading...

Exchange ActiveSync Inheritable Permissions not checked

This issue came up the other day when attempting to get Exchange 2010 ActiveSync profile set up with an iPhone. The behavior was the phone would read the account information and act like it was ready for you to start syncing but when you went into the Mail app, it would say cannot get mail. It turns out this is a very simple permissions issue of the user account not inheriting permissions. This article does an amazing job of explaining it.

Exchange ActiveSync and Inheritable Permissions issue

Why Google’s GSuite?

Google has a ginormous pair of pants. No matter how much you tell it to stop eating, it just keeps getting bigger and bigger. When I was maybe 8 years old, I recall signing up for a Gmail account. This was just after you could sign up without having to have an invitation to do so (yeah, it wasn’t public before, it was invitation only). After signing up, I thought it was plain compared to Yahoo! and I didn’t like the interface. It was the most basic HTML you’ve ever seen (and can still see if you click the link in your Gmail while it’s loading). Over time, I saw chat get added, new tools become available. The interface got a serious face-lift (and has since seen yet another face-lift with even more simplicity). It’s an ever evolving product of products.

The most amazing additions in my opinion were some things by the names of Google Docs and Google Sheets. What’s not to love? As an IT guy, I’m absolutely in love with the fact that it’s browser based (less worry of installing apps), it’s feature rich and getting better all the time. It’s affordable with a Gmail address – FREE and even cheaper than Office365 at just $5 for a basic user. Hosted email, free Office Suite, Drive online storage? How can you really go wrong?

Now admittedly for the power Excel users, you may find some limitations. Even some Word features are lacking a bit. Even still, I don’t take back my comments above about the benefits. I’ve seen bugs in Microsoft Office products that I never see in Google’s suite of products. The products continue to grow. For the fact that it’s purely browser based as well blows me away. So I’ll walk away to buy Google another box of Twinkies to help maintain that large pant size because the days of installing Microsoft Office on hundreds of PCs is dwindling away into a browser based world. And for those true Microsoft Die Hards, the free Office online still does a great job and stacks up nicely against the Google “Office Suite”. They’ve done a great job at carrying that same look and feel of their offline product into the web browser.

VMWare – Formatting a drive

So I have a host with ESXI 6.5. I put in a spare laptop hard drive I had laying around just to store some files on. I wouldn’t recommend a laptop drive in a corporate or production environment, but in my personal “home use” case, this will be just fine. I won’t be streaming from this drive either, just data at rest really. So I powered down the host and put in the new hard drive. I turned it back on and the ESXI web GUI kept crashing when I was trying to add the drive. I searched for a bit and tried deleting partitions. Nothing seemed to work. I found a resolution by completely formatting the drive using mklabel. See below for details. Here was the error:

Error: Both the primary and backup GPT tables are corrupt.  Try making a fresh table, and using Parted's rescue feature to recover partitions.

  1. SSH into your ESXI Host.
  2. Type: ls /vmfs/devices/disks/
  3. Find the disk in question. I’ve found that VMWare does a pretty good job of labeling it by the drive tray it is in, but this may not always be the case. There are some VMWare articles you will want to reference to verify you are making changes to the right disk. This is especially true for a production machine that you have live data on. The last thing you want to do is delete production data.
  4. In my case, this was the disk name: mpx.vmhba1:C0:T1:L0 
  5. Now let’s get to the formatting!
  6. Run this: partedUtil mklabel /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0 gpt

Here are some of the articles I used to determine which drives needed to be formatted:

  • https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036609
  • https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008886

WannaCry

Have you ever tried to open a can without a can opener? It’s at that very moment you realize the person that made a device to open metal cans is a genius while the guy that put it in a can in the first place without a pop top should be arrested immediately. WannaCry and it’s variants are very similar in this way. They created a phenomenal product to squeeze money out of people. Viruses, trojans, and other malware are not new to the PC world. They already cause issues for end users on a daily basis. Why not add a payment component to it?

With all that said, being in my position as the IT System Administrator for several companies, I have to ensure machines are protected with anti-malware, and that each workstation is updated. Thankfully, of all the machines we manage, not one device acquired WannaCry. The variations are inevitable and I cannot speak for those since they are likely being developed as I type this. It does feel good knowing we have the multi-layer security set up to prevent such a malicious attack like the one by WannaCry.

While I, as the IT Systems Administrator, feel the creators should be “arrested immediately” like the human who invented cans without pop top lids, I also think it is one of the most creative malware programs I’ve seen so far. This of course is not the first ransomware product to come out, but it is the first one to gain this much publicity.

 

 

Updating InvoiceNinja on Windows Bitnami Install (Also works with Linux)

This guide will show you how to update your Bitnami NinjaInvoice Stack on Windows to the latest. Note: This did work with no issues going from 2.5.2.2 to 2.9.1 which is the current version as of today. For Linux, review steps 6-12.

  1. Navigate to C:\Bitnami\invoiceninja-2.5.2.2-0\apps\invoiceninja\htdocs
  2. Download the latest copy of InvoiceNinja from https://www.invoiceninja.com/self-host/
  3. Extract the contents of the freshly downloaded zip file
  4. I suggest renaming the HTDOCS folder before doing this… it creates an extra step or two but it might be worth it.
  5. Create a new htdocs folder
  6. Paste all of the contents of the downloaded zip file into the folder (or www\ninja folder for Linux).
  7. Go to your OLD install and copy the .env in the root directory to your new folder. This is the file that contains settings such as database connection settings.
  8. Go to your url with /update at the end. IE: www.mywebsite.com/ninja/update
  9. Wait a while for the upgrade.
  10. It should say successful. In a new tab, attempt to browse to the page! Should be updated and good to go.

Note: Bitnami no longer supports InvoiceNinja. You may have a hard time finding a copy. It’s relatively easy to install on Centos with Apache in my experience. The documentation for install is pretty great too.

Swap Domain Controller

I was tasked with moving the domain controller to another server so the license for the Server Essentials 2012 could be re-purposed for a specific software program. This also removed the 25 user restriction limit of Server Essentials. I had to first virtualize the environment which is another story altogether. So here’s what I had to do:

  1. Install the Server 2012 Standard
  2. Install the Active Directory Role — the process is pretty straightforward
  3. Point DHCP server to the new Server Install IP for DNS.
  4. Verify a few clients have picked up the new IP over the next few days. It will take time to renew the IP leases. I didn’t uninstall the DNS role from the Essentials copy anyhow so this wasn’t mandatory for me.
  5. Open Active Directory Users and Computers on the new DC
  6. Right click and choose Operations Masters. Click change on each tab.
  7. Open Active Directory Domains and Trusts, right click the root node and click Operations Master. Click Change.
  8. Open cmd as admin and type regsvr32 schmmgmt.dll and push enter
  9. Type mmc and push enter
  10. File> Add/Remove snapin, Find Active Directory Schema snap-in and open it
  11. Right click the new snapin, click Change Active Directory Domain Controller…
  12. Click on your new DC and click OK. You’ll get a message, don’t worry about it.
  13. Right click again on the snapin and click Operations Master… Click Change
    1. Change grayed out? Make sure you are a schema admin member in AD Users/ Groups. Log off and back on.
  14. Run dcdiag /a to verify everything is ok and proceed to demoting your old DC.

 

This is a great tutorial as well:

Transferring FSMO Roles

VMWare ESXi & VSphere Client

VMWare ESXi is a virtual operating system that, from the server side GUI, doesn’t do much except allow a few configuration changes. But that’s just the body of the beast. You can use VSPhere Client to remotely manage and set up virtual machines by connecting to the ESXi install.

How I got involved?
I’m just starting to learn more about servers and how they work. I just purchased 3 Dell PowerEdge 2850s. Well technically I got a whole bunch of stuff I do not need. 11 servers in total. One of which is a Barracuda Firewall which I guess I need to install Untangled on. I mostly wanted the rack for my existing server. But with all of this being said, I just wanted to point out that they all came with ESXi installed and I’ve never used it before. That will be changing very soon though as you might be able to tell. Though the servers are old, I think it will be great that I can play with them and destruct them however I like whether on accident or on purpose. I have a newer server that I’ve been afraid of messing with. It has a SAS drive, 32GB RAM, and two quad core processors. I don’t know much about RAID or really any of that stuff so I think old servers are a perfect place for me to mess things up beyond repair before I try something that won’t work on my newer faster server.

What is it? How to install it?

Where to download?
http://superuser.com/questions/439356/where-can-i-find-the-vmware-vsphere-client

Skype Logs View

Need to view the logs from your old user account because your computer was removed from the domain? You can open the DB file in a notepad editor, but a better way is to use this Skype Log View. This does also work over a network in case you need to access your computer remotely. It lays everything out a bit nicer than notepad would.

Delete Excess User Profiles

You Will Need:

Mix it all together:

What I like to do is copy delprof2.exe to the Windows folder. Then you can run it directly from command prompt. However, I like to create a scheduled task to run it if any user logs on. You want to set “When running the task, use the following user account:” to Administrators. Run with highest privileges and run with the switch /q which means it will silently delete all profiles according to the criteria you specified. This should actually help out with security because if another user logs into the computer, it will run this utility which will delete your profile when they login. On top of this, you have a scheduled task set to run each day with Ccleaner which wipes free space at the end of your shift. Double bonus if it goes undetected.

Switches

   /l   List only, do not delete (what-if mode)
   /u   Unattended (no confirmation)
   /q   Quiet (no output and no confirmation)
   /p   Prompt for confirmation before deleting each profile
   /r   Delete local caches of roaming profiles only, not local profiles
   /c   Delete on remote computer instead of local machine
   /d   Delete only profiles not used in x days
   /ntuserini
        When determining profile age for /d, use the file NTUSER.INI
        instead of NTUSER.DAT for age calculation
   /ed  Exclude profile directories whose name matches this pattern
        Wildcard characters * and ? can be used in the pattern
        May be used more than once and can be combined with /id
   /id  Include only profile directories whose name matches this pattern
        Wildcard characters * and ? can be used in the pattern
        May be used more than once and can be combined with /ed
   /i   Ignore errors, continue deleting
delprof2.exe -c:192.168.175.129 -p 

enter image description here

Source: http://superuser.com/questions/643417/delete-user-profile-from-command-line-windows-7

Network Topology Map

Some of the best software I have found to create a network “map” is called Yed. You can have a look at that here. It’s simple and easy to use.

I was able to create maps within minutes of using the software.