Category Archives: General IT

LepideAuditor Suite


The Enterprise IT “Swiss army knife”

I’ve recently had the chance to work with the newest version for LepideAuditor Suite which is a comprehensive tool that does more than the name states (auditing). Of course out of all the targeted products I chose to focus on Active Directory, Group Policy and Exchange 2013.

LepideAuditor-Marius-Ene-01

I am not going to go over the installation part because it’s pretty straight forward and Lepide already covers well all the installation steps involved.

Active Directory Auditing

The LepideAuditor for Active Directory comes with a built in Active Directory Health Monitor Dashboard view and integrated Backup and Restore solution. So this is something I really like; having not only audit information but also a view of the overall health and performance history of the AD environment and also the possibility to quickly restore from backup anything related to Active Directory. That is nice!

The first dashboard that opens up shows an overview of the changes in your environment at a glance.

LepideAuditor-Marius-Ene-02

In order to audit logon/logoff events in your environments there are some preliminary steps to configure. For this you can follow the steps described in this article which covers everything very well:

http://www.lepide.com/configurationguide/auditor-suite-enable-logon-logoff-monitoring.pdf

Once you have logon auditing enabled you can see for example when a User has logged on, from where and the type of logon that was performed. See below an example:

LepideAuditor-Marius-Ene-03

Another useful audit report is the Failed Logon report. Here you can see not only the number of failed logon attempts but also the reason why it failed. For Auditors this is the kind of information they are interested in. Below you can see an example:

LepideAuditor-Marius-Ene-04

You can check the uses that were created during a specified period of time. You can see an example below.

LepideAuditor-Marius-Ene-05

One of my favorites when tracking down a “resource access” issue or a “did not receive some email” issue is to see when Group membership was modified. For me this is very useful and I am sure that for some of you as well.

LepideAuditor-Marius-Ene-06

You can even monitor DNS changes and track down what happened to each individual DNS record.

LepideAuditor-Marius-Ene-07

Above you can see the typical STS record created for ADFS. And that is not all;

LepideAuditor-Marius-Ene-08

You can even see tombstoned DNS records! I remember having to remove some lingering objects related to tombstoned DNS records. This tool would have been really useful back then.

GPO Auditing

Looking into the GPO monitoring capabilities and available reports I must say I was impressed with the amount of built in Audit Reports. In a large environment with hundreds of Group Policy Objects where multiple Domain Admins (or delegated GPO admins) manage the settings, it can get hard to keep track of who changed what and when. So a good GPO auditing tool is more than welcomed in this case.

The Lepide GPO Auditor comes with the built in backup feature which can be extremely useful for restoring previous working GPOs to their initial state. By default the backup interval for GPOs is every 1 hour. If your environment doesn’t have a large number of GPOs or a lot of ‘hands’ working with them you can set this interval to something like every 8 hours.

LepideAuditor-Marius-Ene-09

In the restore tab you will be able to restore for example a deleted GPO which is pretty cool and fast.

LepideAuditor-Marius-Ene-10

LepideAuditor-Marius-Ene-11

LepideAuditor-Marius-Ene-12

LepideAuditor-Marius-Ene-13

This will restore the previously backed-up GPO with all settings as expected.

LepideAuditor-Marius-Ene-14

Above is a screenshot with all the available built in audit reports that make auditing GPOs really easy even for someone without a lot of Group Policy management experience.

You can easily setup alerts or scheduled reports whenever an event is recorded.

LepideAuditor-Marius-Ene-15

I like the Set Alert option as it allows to keep track of important GPO changes like the Default Domain Controllers Policy or the Default Domain Policy.

I did a lot of tests with the GPO monitoring part and I have to say that you cannot get any more detailed in terms of Auditing GPOs. I replicated a simple but common issue related to GPOs, when for example someone deletes a GPO link. By doing this, the GPO is not removed but the settings will no longer apply. If you use a complex OU structure and don’t link GPOs to the Domain Root and filter using groups, it can be hard to detect when this has happened.

LepideAuditor-Marius-Ene-16 Sure enough, the change is picked up quite quickly.

LepideAuditor-Marius-Ene-18

Another common one, when the GPO link is disabled (not removed).

LepideAuditor-Marius-Ene-19

Again the change is picked up fast.

LepideAuditor-Marius-Ene-20

I’ve also scheduled a report that sends periodically related to GPO Link changes. This works great as you can see below:

LepideAuditor-Marius-Ene-21

I am not sure about you but for me this is really helpful. Along with the integrated backup/restore feature for the GPOs I believe this is an invaluable tool to have.

Exchange Auditing

Exchange server is the typical enterprise email solution for many companies and sometimes evaluating the health or monitoring the changes can be a difficult task without a specialized software. LepideAuditor for Exchange Server covers all these tasks and more.

When looking at the built in available audit reports you can instantly appreciate the usefulness of this tool.

LepideAuditor-Marius-Ene-22

Keep in mind that these are only the built in ones, you can easily create custom reports and alerts that meet your needs.

You can see for example when a send or receive connector was modified,

LepideAuditor-Marius-Ene-23

You can see when mailbox permissions were modified, database changes were performed, as you can see below

LepideAuditor-Marius-Ene-24

LepideAuditor-Marius-Ene-25

I did a simple test; we get mailbox and grant Full Access permissions to another user. Below are the default permissions.

LepideAuditor-Marius-Ene-26

And we see the change being picked up by Lepide. That is nice!

LepideAuditor-Marius-Ene-27

You can easily schedule an Alert based on this object change which would allow you to be informed in almost real time of the change.

I am not going to continue with all the options and possibilities that this tool can bring to the table, if I had to do that we would need a series of blog posts to show everything.

The conclusion

The LepideAuditor Suite is an invaluable toolset for any System Admin that wants full visibility into his environment in terms of auditing, server health monitoring, alerting, and backup history with fast restore capabilities. LepideAuditor Suite manages to put all these features under a single pane of glass.

 

You can download your trial version here:

http://www.lepide.com/lepideauditor/download.html

More information about LepideAuditor Suite here:

http://www.lepide.com/lepideauditor/

 

Free Mail Server for Windows


HMailServer – Server de mail gratuit pentru Windows OS

HMailServer este un mail server open source, creat pentru platforma Microsoft Windows. Este o alternativa, in special pentru companiile mici pentru care o licenta de Exchange nu si-ar justifica costurile de exemplu.

HMailServer este usor de configurat si are destule functionalitati utile. Cateva caracteristici interesante despre hMailServer:

  • Nu are limita de domenii.
  • Este 100% gratuit.
  • Nu are limita de utilizatori.
  • Interfata grafica intuitiva, foarte usor de utilizat.
  • Se poate integra cu Microsoft SQL Server, PostgreSQL si MySQL. By default el instaleaza o instant de Microsoft SQL Server Compact.
  • Are system de backup integrat.
  • Se integreaza nativ cu ClamAV (free AV for Windows, Linux,…) dar poate folosi scripturi pentru a utiliza si alte sisteme de Antivirus .
  • Server side rules – reguli ce pot fi configurate la nivelul serverului  ceva asemanator Transport rules la Exchange.
  • Poate rula pe o statie cu mai multe NIC-uri (multihomed).
  • Foloseste DNS Blacklist lookup, se integreaza nativ cu SpamAssasin.
  • Utilizeaza functia AutoBan – blocheaza utilizatorul la atingerea numarului de incercari nereusite de autentificare. Se poate configure aceasta optiune sau dezactiva cu totul.
  • Are interfata web hMailServer WebAdmin.
  • Built in diagnostig – foarte usor de identificat posibile probleme de configurare.
  • Ofera support pentru IPv6.

Interfata grafica a serverului de mail arata cam asa:

Iar interfata Web arata cam asa:

Nu am scris despre cum se instaleaza deoarece este destul de usor iar acest proces este foarte bine documentat:

http://www.hmailserver.com/index.php?page=download  –  Descarca HMailServer for Windows.

http://www.hmailserver.com/documentation/v5.3/?page=overview  –  Documentatie HMailServer.

http://www.hmailserver.com/documentation/v5.3/?page=howto_install  – Tutorial de instalare.

http://www.hmailserver.com/documentation/v5.3/?page=basic_configuration  – Tutorial de configurare.

Rezolvarea de nume prin VPN


Rezolvarea de nume prin VPN

Posibil ca acesta sa fie un subiect invechit sau neinteresant pentru multi dintre voi, dar mai sunt si admini carora le-a scapat acest aspect. Despre ce este vorba? Probabil vi s-a intamplat sa incercati sa va conectati prin vpn si odata conectati sa trebuiasca sa scrieti numele complet de domeniu (FQDN) pentru a rezolva corect numele unui host, probabil ceva de genul host.domain.local. Pasii urmatori va vor arata cat de simplu se rezolva aceasta problema. Aici sunt pasii:

1. Navigheaza la Control Panel\Network and Internet\Network Connections.

2. Apasa click-dreapta Properties pe conexiunea VPN.

3. Du-te pe tab-ul de Networking.

4. Apasa dublu-click pe IPv4 (sau IPv6 daca este cazul).

5. Apasa Advanced.

6. Du-te pe tab-ul DNS.

7. In campul DNS suffix for this connection scrie sufixul domeniului la care te conectezi.

8. Apasa OK.

Asta este tot ce trebuie sa faceti. Acum odata conectati pe VPN, puteti sa va conectati de exemplu prin RDP sau sa da-ti un simplu ping folosind doar numele hostului respectiv. Sufixul se va adauga automat formand FQDN.

Orice intrebari sau sugestii sunt binevenite.

Physical Address Extension – PAE


Physical Address Extension – PAE

PAE este reprezinta o solutie oferita de Intel (functioneaza pe platforme Intel) pentru extinderea limitarii de memorie fizica la mai mult de 4GB pentru sisteme de operare cu o arhitectura pe x86.

Sistemele Microsoft care suporta PAE sunt Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008 doar pe x86. PAE nu este suportat pe x64.

Sistemul de operare Memoria maxima suportata cu PAE
Windows 2000 Advanced Server 8 GB of physical RAM
Windows 2000 Datacenter Server 32 GB of physical RAM
Windows XP 4 GB of physical RAM*
Windows Server 2003 Standard Edition 4 GB of physical RAM*
Windows Server 2003, Enterprise Edition 32 GB of physical RAM
Windows Server 2003, Datacenter Edition 64 GB of physical RAM
Windows Server 2003 SP1, Enterprise Edition 64 GB of physical RAM
Windows Server 2003 SP1, Datacenter Edition 128 GB of physical RAM
Windows Server 2008 Standard 32 GB of physical RAM
Windows Server 2008 Enterprise 128 GB of physical RAM
Windows Server 2008 Datacenter 128 GB of physical RAM

Kernelul pentru PAE necesita procesor cu arhitectura Intel, x86, Pentium Pro sau mai nou, mai mult de 4GB de RAM, Windows 2000, XP, Server 2003, Server 2008. Desi PAE este de multe ori asociat cu marirea capacitatii de memorie el mai porneste si hardware enforced Data Execution Prevention (DEP).

Data execution prevention reprezinta un set de tehnologii Hardware si Software pentru a proteja sistemul de exploatari malitioase de coduri. Incepand cu tehnologiile Server 2003 SP1 DEP este activat si hardware si software. Hardware DEP marcheaza locatiile de memorie dintr-un proces ca si non-executabile decat daca locatia respectiva contine un cod de executare specific. Exista atacuri ce incearca sa introduca si sa execute coduri din partea de memorie non-executabila dar DEP previne aceste atacuri, interceptandu-le si ridicand o eventuala exceptie.

Windows activeaza automat PAE daca DEP este pornit pe un computer ce suporta hardware enabled DEP sau daca computerul este configurat sa faca hot-add (Datacenter) la memorie de peste 4GB.

Daca calculatorul nu suporta hardware-enabled DEP sau nu este configurat pentru hot-add, atunci PAE trebuie activat manual.

Pentru a activa PAE se va foosi comanda BCDEdit /set pentru a seta optiunea de boot:

bcdedit /set [{ID}] pae ForceEnable

Daca DEP este activat, PAE nu poate fi dezactivat. Folositi comanda  BCDEdit /set pentru a dezactiva si DEP si PAE:

bcdedit /set [{ID}] nx AlwaysOff
[{ID}] – pentru setari default nu treceti nici un ID.
bcdedit /set [{ID}] pae ForceDisable
Windows Server 2003 and Windows XP:  Pentru a activa PAE, foloseste parametrul /PAE in fisierul boot.ini. Pentru a dezactiva PAE, folositi /NOPAE. Pentru a dezactiva DEP, folositi parametrul /EXECUTE.
Daca aveti comentarii sau sugestii sunt binevenite.

MMC could not create the snap-in


MMC could not create the snap-in.

The snap-in might not have been installed correctly.

CLSID: FX:{f8abd46c-1297-4474-9cdf-831ebb245f49}

Urmatoarea eroare apare pe sisteme Windows Server 2008 si 2008 R2 din cate stiu eu, dar este posibil sa apara si pe sisteme mai vechi cum ar fi 2003. Ceea ce este important este ca aceasta eroare apare din cauza unor update-uri pentru .NET Framework.

Eroare se manifesta de fiecare data cand incercam sa deschidem un modul in consola, un “snap-in” fie din start menu fie din MMC. Mai jos aveti imaginea ce apare in momentul in care vreti sa deschideti o consola.

Solutia este foarte simpla, trebuiesc redenumite 2 fisiere. Navigati la: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

Acolo aveti “machine.config” si “machine.config.default“. Redenumiti din “machine.config” in “machine.config.old” bentru a face backup la configuratia curenta, si apoi faceti o copie a fisierului “machine.config.default” si redenumiti-l in “machine.config“.

Asta a fost. Nici macar nu este nevoie de restart.

Bafta!

Copierea prin RDP


CUM SE POT COPIA SAU MUTA FISIERE PRIN RDP si CUM PUTEM PREVENI ACEST LUCRU

Unii stiu cum sa faca asta altii nu… pentru cei ce nu stiu aici sunt pasii.

1. Apasa Start, apoi Run. Scrie mstsc si apasa OK/Enter.

2. Asigura-te ca este bifata optiune pentru Clipboard. Apasa butonul More…

3. Selecteaza Smart cards si bifeaza Local Disk (C:).

4. Conecteaza-te si acum poti copia si muta documente de pe masina respectiva in computerul tau local.

5. Sistemul la care m-am conectat este un XP dar ar putea fi si Vista sau 7. Este acelasi lucru ca si cum te-ai conecta la un Share doar ca in felul asta maparea se creaza automat. Ceea ce este “nice” este ca in felul asta poti copia sau muta prin drag and drop.

Aceasta metoda nu este recomandata si ar putea fi exploatata in diverse moduri. By default aceaste optiuni sunt “enabled” pe sisteme dar ca si masura de securitate se pot restrictiona prin doua politici simple.

Daca sistemul la care ne conectam nu face parte dintr-un domeniu atunci se vor modifica politicile locale de pe acea masina. Daca face parte dintr-un domeniu se vor aplica prin politici de domeniu me masinile ce se doreste acest lucru. Calea de accesare in ambele cazuri este urmatoarea:

1. Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow clipboard redirection.

Aceasta setare previne copierea prin Clipboard.

2. Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow drive redirection.

Aceasta optiune previne “maparea” drive-ului local pe masina pe care s-a efectuat conectarea.

Orice comentarii sau sugestii sunt binevenite!