Archive for July, 2008
Group Policy Tip Of The Week: NAP the world
Jul 22nd
In my last Group Policy tip of the week for AskTheAdmin.com, I talked about XP/SP3.
And, I just want to put (quickly) to rest that I was trying to suggest that you should positively avoid it.
Au contrare.
I was simply suggesting that if you haven’t done your testing yet, then there IS a possible way to prevent it from being blasted upon your machines without your consent.
Okay, now with that behind us, let’s take a second to examine XP/SP3.
Not all of XP/SP3, just one little piece.
First, remember some years ago, how Microsoft drew a little line in the sand and said “Service packs won’t have new features.” Well, just in case you missed the updated memo — those days are over. As you’ll recall, XP/SP2 was like “XP 2.0.” And, even though XP/SP3 doesn’t bring a zillion things to the table like XP/SP2 did, it does bring one very interesting, and not-all-that-well-known tidbit to the mix.
The tidbit is already built into Vista clients, and is now backwardly-available for XP/SP3. This piece is the NAP client. NAP means Network Access Protection.
What the heck is NAP, anyway? Well, instead of talking about NAP directly, let’s check out an alternate situation that I’m sure a lot of us have had to deal with.
If you’ve ever had to put a child in public school (or a dog in doggy day care), you know that you need to get your kid (or “fur kid”) vaccinated first. Then, you need a certification of health that proves they’ve actually had the necessary vaccinations. Let’s say that when you introduce your kid to this one particular school on the first day, the Principal at the front door of the school looks at the vaccination report, and validates that the kid is really vaccinated (and is likely healthy enough not to infect others), and then permits your kid to come inside the building.
If your kid hasn’t been vaccinated, this school will cheerfully give you two options: walk down a specific hallway that has no kids that your child could possibly infect, and meet with the school nurse at the nurse’s office to get vaccinated immediately. Or stay outside. Your choice.
Why is introducing new creatures into the environment so harsh? Because we want to maintain a healthy environment for the betterment of everyone in the building. Now, it is perfectly true that just because every kid in the school has been vaccinated doesn’t actually guarantee there won’t be an outbreak. It just means that certain criteria have been met which meet the baseline of healthy.
Got the idea?
Well, that’s Network Access Protection, or NAP. NAP’s goal for your client machines is similar to the example with the unvaccinated kids above.
So, to make use of NAP, your XP clients (specifically, XP/SP3) and Vista clients (any flavor) have a little “agent” piece running upon them. Then, when they try to connect to the network, they need to “prove” how healthy they are (you can define the criteria.) Once proven healthy, they’re allowed on the regular network. If they’re NOT healthy enough, they must see the Nurse, er, the Remediation Servers to get updated.
What kinds of things might you want to check for? How about if the Firewall is turned on? Are they running Antivirus software? How about the latest version of the definitions? Do they have a registry key set to a specific value? Is software XYZ currently installed and the service running?
All sorts of stuff. Now, the bad news is that the NAP client that ships with XP/SP3 and Vista can’t do ALL of these things with the bits in the box. For some of these things you’ll need to do some NAP add-ons, so be prepared for that as your starting your exploration.
A quick note if you’re going to try to get smarter on this NAP thing on your own. The user interface for some of the Windows Server 2008 components will just say “Windows XP” when what they really should be saying is “Windows XP/SP3.” Again, that’s because the NAP agent isn’t available for anything LESS than XP/SP3. So, do keep that in mind as you’re reading and checking it all out.
Soooo.. how do I get smarter in this NAP thing?
If you like the idea of NAP, it’s a bit of a mountain to climb to get started.
One of my favorite places to get NAP-tastic is the Microsoft NAP blog here. Updated with NAP-o-rific information.
Also, if you have my new BLUE book, we have a whole chap for NAP. There’s a full end-to-end working example for you to try to get a feel for how it works.
http://www.GPanswers.com/books
This is a weekly spot brought to you by Jeremy M of GPAnswers.com
Can I Open The Task Manager Without A Mouse?
Jul 20th
You sure can! If you find yourself mouse-less You can pull up the task manager in any Windows version 2000 or better with…
Unlimited free tech support for installing Vista SP1!
Jul 18th
Did you have problems installing Vista SP1? Were you able to finally overcome your issues and get it working?
The boys in Redmond are offering up free Phone, Email and live chat support for Vista SP1.
So if you were having issues with getting this SP to install now is your chance to get some help right from the donkeys mouth…
You might even be able to swing a few other questions at the tech before he offers to transfer you to paid support.
All you need is your Product ID number. Just right click on My Computer-> Properties to find it.
Let us know how it goes for ya if you use it. Or maybe you should be submitting those issues to ATA!
FREE Full Hard Drive Encryption
Jul 18th
So there you are at Starbucks sipping on your latte, and surfing on their incredibly high priced wi-fi with your brand new Alienware laptop thinking to yourself, “Self! This is a mighty good latte!”.A few minutes later, you slip into a latte induced coma (Work
with me here.)
After about an hour or two you wake up with foam and cinnamon all over your face, and a splitting headache, but that isn’t the trouble. The trouble is that someone snatched your new Alienware laptop with all of your sensitive personal information (edit: a 24esque – mission impossible attempt in your stories to friends and family. We know how it goes. Que up the theme music).Stuff like bank information, passwords, etc! No biggie right? I mean you have a pretty good password.
Seriously, who is going to guess banana12 right?
WRONG!
With FREE software available on the internet, you can boot up to a CD and browse files, or even change the administrators password on your laptop. Then all of your sensitive information becomes their sensitive information which they will use to take you for everything you are worth (It’s called Identity Theft, look into it).
Well, the bad guys can’t get to your information if you take stronger precautions to secure your data. One of the best ways you can do that is with full hard drive encryption. And lucky for you, I have tested a FREE software that can do it.
CompuSec is a free security suite that among many other things, encrypts your hard drive (including the operating system) using a fast 256bit AES encryption. When the bad guys try to look at your files, all they see is a blank hard drive.
So lets go back to our scenario then, the bad guy got your laptop, but you encrypted it using CompuSec… The joke is on him! Actually, that isn’t true, he now has your $4000 Alienware laptop, but at least he doesn’t have your personal information and you won’t end up on Dateline’s “To Catch an ID Thief.”
Posted By El Di Pablo of Bauer-Power
Amazing Tool: How can I get a dropped screw out of my server case easily? I got the Magic Stick…
Jul 18th
John wrote in that he dropped a screw into his HUGE server case as he was about to seal it up. Now who wants to take it apart again just to get that stupid little screw?
It sure looks like the good fellows over at ThinkGeek Gadgets are in our heads because they have a solution (yet again… these guys rock!)
And its only $4.99!
A magnetic stick with a led light on it! I have dubbed it “The Magic Stick”. It has become an essential part of my admin tool-kit.
AtA also gets a small cut of every Magic Stick sold via these links.
So to those of you in Admin land trying to send some dough our way for our planned upgrades good looking out in advance.
If it fell in there you should be able to get it out with this Magic Stick! (Edit: I got the magic stick…what what…sorry had to do it.)
It has happened even to the best of us. You’re installing that new rack mount server – hovering over a tight space, you’re putting in your last rack screw as it gently slips, falling down into a maze of wires and metal brackets. Doh! Now you’ll have to walk back down to the second floor just to get a single screw to finish the job.
That is, unless you have the LED Magnetized Telescopic Rescue Stick at the ready. It can easily swoop down and rescue your rack screw from its terrible misfortune.
The Rescue Stick is shaped and sized like a standard pen, making it super convenient to carry or toss in your toolkit. A quick pull extends it to over 2 feet, allowing you easily reach whatever needs rescuing. The built-in LED turns on automatically when the stick is extended, perfectly illuminating those dark corners and crevices where small parts love to hide.
The magnet is even strong enough to lift screwdrivers and other metallic objects as seen in the image below…
- 3 x button cell batteries (included)
- Acrylic transparent head complete with magnetic strip and White light LED
- Auto LED ‘on’ when the stick is extended
- Closed length = 6.25″ (extended = 26″)
- Get your magic magnetic led stick here.
GMail says 451 4.5.0 SMTP protocol violation, see RFC 2821. What the hell does that mean?
Jul 17th
My mailserver pretty much told me to go fluck myself this morning when I was trying to send out some email. It looked like emails to any gMail account was returning the following error message:
Delivery failed 5 attempts: MyEmail@gmail.com
Body of message generated response:
451 4.5.0 SMTP protocol violation, see RFC 2821 23si6651713hsd.10
I went and checked out RFC 2821 like a good admin and checked each of the points. I had a abuse account, a postmaster account… But I was not an open relay to begin with. WTF?
This happened shortly after an upgrade from iMail 2006 to iMail 10.01 (2008). I checked my settings and then rechecked my settings. I had enough and called into IPSwitch Support. Strangely I got one of the lead developers on the phone who worked with me. After a few hours of him poking around my production mail server he kinda shrugged his shoulders and gave me a
“Man I have no idea.”
Not so reassuring…
Not at all. I started sending test messages to other accounts on the web and I was not seeing any issues. Again I said
WTF? Why is Google hating on me?
Then I noticed it. There was a footer at the bottom of my email that was in my AskTheAdmin.com account, and I had eliminated that footer almost 3 years ago. I asked the tech support dude about it and he said it would live in a file called trailer.txt in the iMail root folder. I deleted it and WHAMO!
Gmail was listening to me again.
A very grueling few hours with loads of people making up excuses on how they need to email people on gMail for work… YEAH RIGHT! Did you think I wasn’t working on it?
Don’t you have some TPS reports that need to be filed on those new cover sheets?
