By computer management, I mean it’s sort of in the same category of Microsoft System Center Configuration Manager, but way easier to setup. Plus since it’s open source, there are no licensing costs. It’s called FOG.

FOG can clone hard drives, and deploy the disk images in a multicast. Not only that, but you can deploy software with it, map printers and join computers to Active Directory.

Check out the video:

If you have any questions about FOG that I didn’t cover in the video. Capabilities, installation questions, etc. Let me know in the comments!

By -=El Di Pablo=-

Image via Wikipedia

I have been trying to track down a network issue I’ve been having at work for the last month and a half. It’s a real pain because it only happens once a week randomly, and it only lasts for 2 to 5 minutes. Since it’s so unpredictable, it’s nearly impossible to track down how, or why it’s happening.

Anyway, I decided to setup Wireshark on a laptop, plug it into a port on my switch with mirroring enabled, and collect some network traffic. The problem I have with Wireshark is that it doesn’t display information is a way that is easy for me to read.

A buddy of mine recommended uploading my capture files to an online analyzer called CloudShark. This thing is actually pretty cool, and really easy to use. Plus it has easy graphing options so you can get a better visual idea of all the 1’s and 0’s you’re looking at.

Another cool thing about CloudShark is that once you’re capture is uploaded, you can forward the URL of your capture files to some of your Network Engineer buddies to get their take on what’s going on in your network, and they don’t need to break out any analyzers of their own. Everything is displayed right in their browser!

Here is a link to an example capture file: http://www.cloudshark.org/captures/f62e1db77ba0

One thing I did notice is that you need to use CloudShark in Internet Explorer or Firefox. It doesn’t work so well in Chrome.

Know of any other good, free and easy to use packet analyzer tools? Are they cloud based like this one? Let us know what you like to use in the comments.

-=El Di Pablo=-

After setting up Zenoss, I learned about a really cool application for Windows servers that lets you get more our of monitoring using SNMP. With this applications, it means less to configure, and you can simply add servers to your monitoring solution with SNMP, and pretty much get everything you need to keep your network in top top shape!

It’s called SNMP Informant. Here are some of it’s features from their website:

• Full 64 bit support – Our "all-in-one" installer automatically detects the operating system version and installs the correct components
• Access Windows Performance data – Our Performance providers allow you to connect to any "out of the box" Windows Performance counter object using industry standard SNMP Object IDs (OIDs)!
• Access Custom Performance data – Our new "Custom" provider (part of SNMP Informant-Premium) allows you to collect data from any valid Windows performance counter.  If you’ve got a performance counter instrumented application, and you can see the performance counters in PerfMon, then you can monitor it using SNMP Informant Premium!
• Run Remote scripts and collect data – If you’re using custom scripts to monitor something on a remote Windows server, you can now execute that script remotely using SNMP Informant, and collect the results of that script into an OID that YOU specify!
• Use your OWN Private Enterprise ID – You can customize SNMP Informant to respond to queries made against your OWN IANA Private Enterprise number!
• Read Remote Registry information – The new "Custom" provider also lets you specify what registry value to read!
• Collect WMI information – Our WMI providers allow you to connect to the Windows Management Instrumentation sub-system using SNMP!  Stop/Start/Restart services!  Reboot servers!  Execute programs remotely!
• Monitor Exchange, SQL, Cluster, BizTalk, ISA and more, including Forefront, WSUS, Virtual Server, Citrix, the OS, and system hardware.  Supported Operating Systems include Windows XP/Vista/Windows 7, Server 2000, Server 2003 (incl. R2), AND Server 2008 (incl. R2).
• Extend your monitoring system’s ROI – If you use products like HP Network Node Manager, IpSwitch Whatsup, OpenNMS, Nagios/Cacti/MRTG/RRDttool, Zenosss, or other SNMP compliant management platforms, find out how SNMP Informant can add significant value to them in minimal time and with minimal effort!
• Stop/Start/Restart Services and Windows Server – Using SNMP, you can control your Windows server like never before!
• Can be used with SNMPv1, SNMPv2 and SNMPv3 – Many companies are starting to to take advantage of enhanced SNMPv3 security.  SNMP Informant supports all 3 versions.  Find out more here!
• SNMP Informant is priced attractively – We recognize that while functionality is important, value cannot be overlooked. That’s why we have priced SNMP Informant to help maximize your IT budget spending.

Their standard version is absolutely free, so you can start adding it to all of your Windows servers today, and start seeing better results with your monitoring solution.

What are you guys using for monitoring these days? Solarwinds? What’s Up? Microsoft Systems Center? OpManager? What’s your favorite and why? Let us know in the comments.

-=El Di Pablo=-

These are some typical sounds we hear in our data recovery lab. If your hard drive makes noises like these and you are still able to access your files – backup immediately…

To listen to the sound simply click on the play button. Click on the drive manufacturer next to the sound button to learn more about common problems these drives experience.

Click here to jump to Data Cent’s website (looks like they do data recovery) and listen to/download sounds of failing drives. There just might be an awesome practical joke in this for me…

[Via BoingBoing]

One of the first things my boss has asked me to do is to create a map of our network topology so he can get an idea of how things are setup in the various domains we manage. That got me thinking of ways to automate the process, and lucky for me I found a nice little tool that does the trick. The tool is called the Microsoft Active Directory Topology Diagrammer, or ADDT for short.

What this tool does is, using either Visio 2003, 2007 or 2010, it scours Active Directory and spits out a fairly detailed topology of your domain, sites, trusts, Exchange, etc. All in a pretty, easy to understand Visio diagram.

Here is an Overview from Microsoft:

With the Active Directory Topology Diagrammer tool, you can read your Active Directory structure through Microsoft ActiveX® Data Objects (ADO). The Active Directory Topology Diagrammer tool automates Microft Office Visio to draw a diagram of the Active Directory Domain topology, your Active Directory Site topology, your OU structure or your current Exchange 200X Server Organization. With the Active Directory Topology Diagrammer tool, you can also draw partial Information from your Active Directory, like only one Domain or one site. The objects are linked together, and arranged in a reasonable layout that you can later interactively work with the objects in Microsoft Office Visio.

Pretty cool right? Know of any other free tools that can easily, and automatically create detailed network maps of your environment? Let us know your favorite tools in the comments!

This post was written by El Di Pablo of the wildly famous Bauer-Power.Net Website!

It is called RRT and can be downloaded from here. Once you run it you will see a screen that looks like this:

Simply check Task Manager and hit Remove. That’s it! Happy Hunting Guys!

_TheTaskManagingAdmiN_

It is as simple as booting to the CD, choosing the account and doing the deed. You write your changes back to the drive and reboot.

When you are back at the Windows login screen you will now be able to use the password you enetered or a blank password (just hit enter)

Here are the links to download the image:

• cd100627.zip (~4MB) – Bootable CD image. (md5sum: 6d80cdfbba97457e413f95a3554d9524 cd100627.zip)
• cd080802.zip (~3MB) – Previous version CD image. (md5sum: 33ecd38263f935b82e7b2e3e9f5de563)

and there is even a Floppy Disk release that is no longer updated:

Floppy release (not updated anymore), see below on how to use them

• bd080526.zip (~1.4M) – Bootdisk image (md5sum: 37889e4c540504e59132bdcdfe7f9bb7)
• drivers1-080526.zip (~310K) – Disk drivers (mostly PATA/SATA) (md5sum: 72ac1731c6ba735d0ac2746a30dbc3ee)
• drivers2-080526.zip (~1.2M) – Disk drivers (mostly SCSI) (md5sum: 30172bec657c85a5f1a0b43601452fb7)

This CD has saved my ass a number of times! Do you have another method of recovering lost passwords? We would love to hear about them in the comments! You can also check out their website for FAQ’s and other helpful hints here.

Have you seen this post on opening a command prompt during a windows install? Using this you can start a recovery install jump to a command prompt and run:

control userpasswords2

and bingo bango you can change your passwords!

_TheUnlockedAdmiN_

Check out the post below:

So I get an email from Disqus the other day like I always do when someone comments on a blog post. Often times if someone posts a link in the comment I get an approval email from Disqus. Most of the time if there is a link it is spam and I mark it as spam via email and I’m on my way, but occasionally someone will post a comment to something very useful, and that is how this article begins!

I received a comment from a reader by the name of Tony Jobson on my article on how to setup SSTP VPN in Windows server 2008. In that article I mentioned how you can get an SSL certificate from GoDaddy for $12.99. I thought that was the best deal in town, but I was wrong!

You can get a FREE, fully functional SSL certificate from StartSSL! Yes, I said free, and it works with most browsers and services! I signed up for a free account, and tested it on my home SSTP VPN, and it worked without issue! I even setup a StartSSL cert on my personal start page for the hell of it! It’s free, why not?

From their page:

What?

Security and encryption is getting ever more important in today’s computer networks, being it SSL secured web sites, encryption of data or mail, secure logon to mention just a few. But security is expensive, right? Not anymore….

StartCom, the vendor and distributor of StartCom Linux Operating Systems, also operates MediaHost™, a hosting company, which offered its clients, SSL secured web sites with certificates signed by StartCom for many years. That’s where the idea originated: Free SSL certificates!

How?

Most web servers, such as Apache and IIS are capable of running the 128/256-bit secured and encrypted SSL protocol. Most mail clients can encrypt and sign your electronic mail messages. All you need, in most cases, is a SSL or S/MIME certificate to make it work. StartCom provides certificates through an easy web based interface wizard and sign up process – free of charge. With our installation instructions, you’ll have your secured web site running or your email exchange secured within minutes.

Why?

Because we believe in the right to protect and secure information between two entities without discrimination of race, origin and financial capabilities. By applying a completely different and new business model compared to traditional certification authorities, we are able to prove here, that digital certificates can cost much less or may be even free of charge! Instantly! Furthermore, every certificate from StartCom is insured up to US$ 10,000 if your customers were to suffer financial loss as a direct result of relying on a certificate that was issued through our negligence! This and other measures permits the visitors and customers of your site to fully rely and trust in StartCom.

Where, when?

The StartCom Certification Authority is today supported by most important platforms like Microsoft Windows, Apple Macintosh OS X and many Linux operating systems and browsers like Internet Explorer, Mozilla Firefox, Safari and Google’s Chrome provide built-in support. Should you be using an older or unsupported browser you may import our CA certificate.

The next time you or your company are looking to secure a website, create an SSL VPN, setup a simple secure mail server, etc. You don’t have to waste gobs of money when you can get it for free!

Do you or your company use StartSSL? How do you like it so far? Any reason why you wouldn’t want to use them? Let me know in the comments!

Microsoft describes the tools as follows:

PsLoggedOn is part of a growing kit of Sysinternals command-line tools that aid in the administration of local and remote systems named PsTools.

Runs on:

• Client: Windows XP and higher.
• Server: Windows Server 2003 and higher.

We have covered the PSTools Toolkit before here as well. To use it simply run it from the command line with the syntax psloggedon.exe username or computername

So in this instance I ran psloggedon joes to query all my network machines to see which one joes is logged into like so:

This is what I returned:

I saw all the machine the user in question is logged on to and the machines I was unable to query. Now I can run scripts using the machine name and not have to set login scripts for the user. Good luck! And we would love to hear what you are doing on your AD network!

What kind of network magic do you have going on?

_ThePSToolingAdmiN_

_TheXferingAdmiN_

HostGator!

If you’ve been following us throughout the years, you’ve probably experienced the growing pains we’ve had moving from platform to platform, host to host. Our humble beginnings on Blogger dealing with all the limitations and WYSIWYG inconsistencies, then our HUGE fiasco getting our posts, media, and comments migrated, exported, and sometimes even re-written from scratch and re-imported one by tedious one.

Following the imports to our now defunct web host, Bansal-Inc, we were plagued with outages, server errors, php errors, unexpected reboots, files disappearing (wtf?) and older versions re-appearing (seriously now, WTFluck). It was like something out of The Twilight Zone with the title of  “Ghost in the Machine.” It was utter chaos.

On top of all the server-side issues, I’d like to spend a minute to mention how far WordPress has come as a platform as well as an all around user experience from front to back.

Back then, around version 2.5 or 2.6, the WYSIWYG was HORRIBLE. Having already spent many years in the field of front-end web development, the amount of “code rewriting” and “automatic formatting” that went on was horrible. Mixed into that was the advent of Windows Livewriter, which in my opinion, was too good of an editing tool to be justifiably paired with a crappy, built-in, wordpress wysiwyg from back then.

Essentially what would end up happening is that in a writers role, it wasn’t half bad. You said your peace, did a little formatting and published. But from an editor’s perspective – re-opening a post and simply switching from HTML view to Visual view would change the code drastically: replacing massive amounts of tags and flucking up all bullet points and various other elements. Aside from editing issues, plugins we were utilizing were crashing the site here and there. I remember there being a lot of fear associated with running a well-trafficked site in our situation, as it was.

Reaching out to tech support, especially when it’s overseas, was painful at best. Response times, even when they were responding, took days sometimes. We ended having to fish through our emails and find the email address of the company owner. It was only then we could get something done.

Just when we thought our problems were over… the company got sold to a web hosting service then called Inspirit Networks. We had a decent run with Inspirit. At first they were eager to please. But as time went on (we’re talking months, not years) the servers and support’s response times were getting worse and more unresponsive with each passing week. Ultimately we suffered major outages for days at a time which also seemed to strangely roll back our files to older versions. This was the last straw.

After major shopping around and considerations we decided on HostGator. The reviews were all good, and after testing their US based voice support lines, as well as chat lines we were thoroughly impressed.

Enter HostGator…

So far I’ve been personally using them for about a year now with no issues, and so far %100 uptime. Utilizing a free service called aremysitesup.com, I’ve been able to see that we have had NO DOWNTIME. The cpanel has all the options I’ve ever needed or wanted in a LAMP hosting account. We are currently running 8 different well trafficked blogs on one hosting account and see no slowdown and no issues. Truthfully, I’ve never been accustomed to being this fear-free and comfortable with my web server.

These days we can spend our time concentrating on publishing quality content rather than keeping our sites running and healthy.

Edit: We now have our own coupon discount code at Gator, which means we can pass along a savings of $9.94 off of your initial purchase with Gatorhost.
Use discount code “asktheadmin” to get your discount today!

This is commodore64 signing off.

Let us know what your web hosting experiences were in the comments below…

Or subscribe to our RSS FEED here

El Di Pablo tell us of his experiences… And is culminated by using a Great tool that AtA LOVES! Check it out…

I had a bit of a scare the other day. I get a call from a user in the field.

She is traveling with her laptop and she was calling from her hotel. she was complaining that she couldn’t log into her laptop using her normal log in credentials, and that the only way she could log in was using the local administrators account.

“Local Admin what?!?!”

I exclaimed then started hyperventilating. I asked her how she came across the local administrator password, and she told me that one of the techs at the company that is no longer with us gave it to her a long time ago.

I asked her to spell out the password for me, and low and behold it was the corporate standard.

I ran to my bosses office and reported the compromise, and recommended changing the local passwords. He agreed and called a meeting with me, our head desktop technician and one of the senior systems administrators to come up with a plan of attack. I told them that I can easily change these passwords using a script and pspasswd.exe that comes with Sysinternals PSTools.

I told them that I can export a list of all of the workstations on the network from Active directory, and put them in a text file. pspasswd will read directly from the list in the text file and change the password of the specified account on each computer in the list. I showed each of the guys in the meeting how it works, and they agreed that my script would be the best way to go with this.

Here is an example of the syntax used in my script. Keep in mind that this script must be ran from within the directory containing the pspasswd.exe program or else you have to modify the script to change into it’s directory. Of course, if you know batch scripting well, you can add all sorts of stuff to the script, but the basic run command looks like this:

>set /p filename=”Please enter name of computer list (ie: computers): “

>pspasswd @%filename%.txt -u administrator@domain.com -p password

administrator newpassword >> %filename%-results.txt

You’ll notice that I added an output to a text file so I could create a log of which workstations the password was changed on, and which ones it wasn’t. That is a good idea so you can keep whittling away at it until the change has been completed on all workstations. Also, you’ll notice that I added the -u and -p switches. You don’t need that if you are already running the script from an account that has permissions to change local passwords.

There are many other little changes you can do as well. I used the set command because I had different lists for different offices. You could just put the computer names in one list and not use the set command.

Let me know if you have used this or a similar product, and perhaps some other scripting ideas for this.

This article was written by El Di Pablo a guest contributor on AskTheAdmin.com. You can keep up with his high tech antics at his blog http://www.Bauer-Power.net!

This is one of those articles where you HAVE to read the comments. You guys have some great insights and ideas! Keep on Commenting, that is what makes this site great. Go ahead pat your self on the back!

See that picture? When it happens to you, it may not look quite that bad (or be quite that obvious), but data loss sucks. And it does happen. I’ve been working with computers for 10+ years, and I’ve had it happen a couple times myself. Did I mention how much it sucks?

I’m not going to spend a couple pages telling you why you should backup, I’m just going to be straight about it, unless you really couldn’t care less if that happened to your computer, you are flat out stupid if you are not backing up your data on a regular basis.

Instead of telling you why to backup, I’m going to tell you how to ensure that you are not going to get your data back, even if you think you are backing it up.

Method 1: I’ll just back the data up to CD/DVD.

Well sure, this will work for a bit, but:

1. Ever try to save 20GB to CD? Or 250GB to DVD? Ugh.
2. How long do you think that optical desk is going to be readable?

Going this route, you can quickly end up trapped behind a small mountain of plastic. Or lets say you manage to somehow keep the optical disks to a manageable quantity, will the marker you labeled it with make the disk unreadable in a year, or is the dye layer unstable, rendering your disk unreadable in six months, or will the glue on the label you made for the disk make it worthless in a year or two? These are just a couple of examples of why optical media should not be considered an archive grade solution.

Method 2: ok then, I’ll just copy the data to a USB hard drive.

Sure it’s better than nothing, but single HDD solutions are not going to keep your data safe. Hard drives fail. In fact it will happen to every single hard disk you will ever come across. The only question is; when? It’s not a matter of if, or of MTBF (mean time between failure), it is more a matter of “you never know, it could fail in ten years, or in ten seconds”.

Don’t get me wrong, if this is the only way you can back the data up, then it is your only choice, and it’s better than nothing. Just be aware, as soon as you copy the data to that USB HDD, the “Clock of Death” is ticking.

Much better would be to copy the data over to a machine with a RAID storage system (preferably RAID5).

Method 3: I bought actual Backup Software (or use a vetted Open Source solution), and run Incremental Backups (to tape!) every single day!

Ok, so you spent some money on a tape backup solution, spent hours reading the manual and configuring your backup. Congratulations, I bet you think your data is safe! Until you find out how Incremental Backups really work (this usually happens after a disaster, and the tapes is all you have left of your pr0n, illegal mp3’s downloaded movies warez mission critical data).

Let’s pretend for a minute that your backup tapes look something like this:

Full_backup_tape (tape 1 – doesn’t matter what you tell it to be, the first backup is always and without exception, a full backup)

Incremental_backup_1 (tape 2)

Incremental_backup_2 (tape 3)

Incremental_backup_3 (tape 4)

Incremental_backup_4 (tape 5)

Incremental_backup_5 (tape 6)

And then you have a catastrophic failure. So you’re sitting there at 2am merrily running the restore, and you hit a snag: tape 2 won’t read. Doesn’t matter why, the tape could be bad, maybe you left it out of the tape safe overnight, and the radio station next door managed to erase it with the magnetic waves they transmit (this actually happened), the data is gone. So is all data after it. See Incremental backups require that all tapes since the last full backup be present and working. So tapes 3-6 may as well be empty, because you are never getting the data off of them. Ever.

If you can’t run full backups every day, use Differential backups instead of Incrementals. Let’s say that in the scenario the user had been running differentials rather than incrementals. They could then restore to current using just the original full backup, and the last differential.

Method 4: Now I’m running differential backups to tape every single day!

But you fail to check the backup logs every day, and the backup job you though had been running for the last year actually failed 273 days ago, and has been requesting the “correct” tape since then. I’ve seen this one a lot (in fact, I think this would be the most popular reason for data loss if you have backup software running).

You’ve got to check your backup logs. It sucks, and it’s boring, but it’s one of those things you just have to do.

Method 5: Alright, I’m running differentials to tape, and have been checking my logs for the last 2 years every single day!

But you’ve never run a test restore. If you haven’t restored data from the tape successfully, there is no data on the tape. The tape was bad, the backup software failed (silently of course), the gremlins ate it.

Method 6: Ok, now I spend two hours reading the log and then randomly restoring files from my backups (before putting the tapes in the tape safe) every single day!

And then your server room catches fire. All machines, and the safe holding the backup tapes are destroyed. You never took any offsite, because you have a tape safe. It happens. It’s unfortunate.

Method 7: Enough, I give up on tape! Now I run a full backup to a RAID5 NAS every single day!

But you ordered your NAS with the drives form the manufacturer, and they used 4 HDD’s from the same batch, and two failed. This is the one that always gets them! The strength of RAID5 is that more than one drive has to fail before the RAID is unrecoverable. The weakness is that hard drives from the same batch tend to fail at the same time (or thereabouts).

To strengthen your RAID system, always make sure that you have drives from different batches, if not from different manufacturers (this is not always the best idea, but that is an argument for another time). For instance: to take care of my backup needs at home, I bought a Buffalo Terastation. Unfortunately, Buffalo sent me a Terastation with 4 drives from the same batch (you can usually tell if they all have the same date on them, sometimes there will be a batch code on the drive). I bought 3 more of the same model drive from 3 different manufacturers, and now have the most healthy RAID I can.

These are not the only ways to lose data, but they are by far the most common. How would I know? I was the Worldwide Manager of Technical Support for a backup software company for several years. And I always got to be the one to explain to the customers why their data is gone.

So what do I do?

There are as many answers to that question as there are IT shops with backup systems. Here is how I protect data at my office:

I backup all data every day (full backup) to a NAS configured in RAID5, with a hot spare. I check the health of the RAID every day (it takes about two minutes). Once a week I backup the entire RAID to LTO3 tape, and take the tapes offsite (currently I am taking them home, where they go into a DATA rated fire safe (there is a difference, do your homework), and then into my large safe where I keep all my other valuables. My ideal would be to have them delivered to a bank safety deposit box, but that costs money.

At home, I back up all my data to the aforementioned Terastation. Once per month, I copy all the data off to a USB HDD (actually two of them), and take one to work where it goes into the tape safe.

Is it perfect? No. Does it stand a much better chance of keeping that data alive through a catastrophic event? Absolutely. You don’t have to go to these lengths to protect your data, but you should be aware of the risks.

I decided to start my investigation by running WinDirStat and looking for any oddly large files. The largest portion of the System disk is consumed by the Program Files directory (no big surprise there), and aside from a couple slightly disturbing large files from my backup software there is only one group of large files on the drive – hovering in at about 12GB for the 8 or so files. And they all have the same path and are similarly named: C:\System Volume Information\{914b4760-84b2-11dd-bca9-000e0cb2b564}{3808876b-c176-4e28-b7ae-04046e6cc752}

Hmmm, interesting. A quick Google search turns up some results linking this directory (more specifically files with CSLID names in this directory) to two things: System Restore points, and virus files.

Well I’m pretty sure it’s not virus files (no other odd behavior or weird network activity), and if I’m not mistaken to enable System Restore on WS2003 you have to manually copy over some files from an XP CD (which is a pretty cool hack, but not something I’ve done on any corporate network I’ve ever worked on).

At this point I start hearing dramatic music in the back of my mind, I’ve got a bonafied mystery! Or at least initial facts would indicate so.

Well a bit more in depth investigation turns up what some of you already knew at this point, the culprit is VSS. But I never configured VSS! (queue swelling of dramatic music in the background)

Ok so this is something of a mystery after all. So I go digging around in the event logs for the last 3 years looking for the initial VSS snapshot message. It sounds like a lot of work, but Microsoft Log Parser actually makes things like this pretty trivial.

Turns out that the VSS snapshots started on the same day that I installed our current Backup software (Yosemite Backup 8.5 sp2) which cooincidentally has the ability to make use of VSS snapshots!

Now this is not a huge issue, as VSS will delete old snapshots when space is needed, however I tend to take exception to software doing things like this without my permission.

Well luckily for me, I used to be a manager at the company that makes our backup software, so I fire up my trusty IM client, and start poking at the engineering department.

Twenty minutes later I have my trusty pipe and smoking jacket firmly in place, as I am feeling quite like Sherlock Holmes. It seems that in fact it was the backup software which enabled VSS for all volumes on my server, and (because it uses the defaults when enabling VSS) had set VSS to not limit the space consumed by snapshots!

A simple trip into Disk Management, and a quick change to the drive’s Property page, and VSS is now limited to 4GB for the system partition (which is far more than I’ll ever need). Interestingly enough had I disabled the VSS service on this machine before installing the backup software, it would not have enabled VSS. I’ve asked that they include a note about VSS being automatically configured to the Yosemite Backup installer (it may exist now, I’m not sure as I haven’t actually read any of the installer screens in years), but who knows when that will make it into the software.

As a side note, I’ve spoken to the Tech Support Manager at Yosemite Technologies (they make Yosemite Backup), and they are currently writing a knowledge base article about this, and how to change the VSS settings from the defaults that Yosemite Backup enables.

Ever buy a used Hard Drive on Ebay or Craigslist? Ever look to see if there was any data on it? I have, and let me tell you, it is downright scary what people will leave on HDD’s when they sell them as used. I recently purchased 12 used 250 GB SATA HDD’s from Ebay for a NAS project I was working on, and of those 12, 9 of them had not been so much as formatted.

Of those 9, all but one had data that would have been usable for identity theft: files with credit card information, copies of bills, saved email that had account information, not to mention the astounding number of ummm, not safe for work pictures taken by (or of) the former owners. In all cases I could have contacted the former owner, as on all 9 drives I found current addresses and phone numbers for the former owners.

This is 2009, I would have thought that by now better than 25% of people selling used hard drives would know better.

As an IT Professional, I get used computers all the time (for some reason everyone I work with thinks I need every used machine I can get my hands on, especially if it has a “Designed for Windows 95!” sticker on it!). The ratio of these HDD’s that I get with data still on them is more like 95%. It’s easy to format a HDD, until you get one that just won’t format. Mostly the ones I’ve seen this on were disks that I installed an obscure linux distro on, and then for whatever reason decided to install Windows on. The Microsoft format tools are not always capable of handling partitions like this, which is where DBAN comes in.

Darik’s Boot And Nuke (or DBAN) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

One of the really great things about DBAN is that it can run from a floppy, or be burned to a bootable CD, which means it can be used on almost any computer. Better than that, DBAN has many options for how it wipes the disk, ranging from the single pass “autonuke”, to the 35 pass random data Gutmann method, and of course DBAN also offers users a method for definable number of passes.

In short, DBAN excels at destroying all data on a Hard Disk. You can find more information on DBAN here.

I don’t know how I never found this one before… Check it out you have your quick launch buttons displayed next to your start menu for easy access.

By default you have Show Desktop, IE and whatever other applications you installed. Now you obviously know that if you single click on any of these icons the appropriate app launches.

Common knowledge right?

So instead of installing launcher programs if you just need easy access to a few apps put them in your quick launch menu and make sure it is being displayed because if you can’t see it you sure can’t launch it!

UPDATE: It works even when the toolbar is hidden!

Well if you can get to your desktop you should be able to run Double Driver and copy your drivers off your machine to a USB stick and then restore them right back into your fresh clean formatted system! We covered something a little while ago for backing up and restoring printers/print drivers.

Combine these two small apps with the Windows Files and Settings Transfer Wizard and you have yourself a powerful tool kit.

With Double Driver you can view which drivers are installed in your system and you can backup the drivers you choose, save and print the drivers list, and more.

Double Driver is freeware. Feel free to use and give this program to anyone you know. Your donation or feedback would be greatly appreciated.

_TheBackUpAdmiN_

I am duty bound to tell you that if you are doing much of anything involving code, you need to be using some sort of Version Control, however I am not going to ram Subversion or Tortoise SVN down your throat. I understand why programmers use them, and I have used them myself in the past. Since I try to live the whole “Least Amount Of Administrative Effort” thing, I just really don’t like them. Let me explain.

Ok, setting up full on Version Control makes sense if any of the following are true:

• You spend a large portion of your day writing code (like your job title is “programmer” or something similar)
• You spend more time fixing things you break while writing code, than writing code
• Anyone else is going to suffer consequences if you totally wreck some code
• Someone else is going to maintain and administer the Version Control System
• You work on files that multiple other people also edit

However it does not make sense if any of the following is true:

• You write code for your own use only
• You could care less if it gets broken or accidentally deleted
• You don’t have time to administer or maintain a Version Control System

Even if all of the last bit are true for you, it is still a good idea to use Version Control. Wait, what?

Version Control is a process, and if done correctly it works very well. If done poorly it gives you a false sense of security. Version Control is not necessarily a software package or commercial system.

If working with end users for all these years has taught me anything it is this; if a system is easy to use (especially if you don’t have to actually do anything) it will get used, if it is complicated (or time consuming) it will not get used. This also holds true (even more so in most cases) for the IT professionals I know.

Since don’t write enough code to make Visual Studio a wise investment, I use Notepad++, and unlike Visual Studio, I can take my IDE with me on a USB drive (Notepad++ Portable!). In the same vein, I don’t really write enough code to really justify setting up and maintaining a Version Control System, so I do it with Notepad++. Least Amount Of Administrative Effort.

So here is my solution:

I use the Backup settings built into Notepad++ to take care of my Version Control. To set this up:

1. Install notepad++
2. Open Notepad++
3. Select Settings > Preferences
4. On the Backup/Auto-completion tab, change the backup setting from None to Verbose

If you change nothing else there, now when you save your file, Notepad++ will automatically create a copy of the file without the changes since the last time you saved it. The copy will also be saved in a subfolder (named nppBackup) in the same folder where the document is saved. The copy will be named FileName.Extension.Date_Timestamp.bak by default. So a file named “test.vbs”, saved today would have a name similar to “test.vbs.2009-06-29_151927.bak”.

Cumbersome to be sure, but I am guaranteed to use it every time I work with a document.

Please don’t mistake this for something it is not. This is not a Version Control System. You do not check files in or out, and it doesn’t differentiate who made what changes, all it does is save every iteration of your document. It is Version Control in the truest sense of the term.

The new “Disk I/O” chart allows you to monitor which applications utilize most of your disk at the moment:

Features:

* Displays disk input/output activity with information about related applications
* Displays network port activity with IP addresses of external computers
* Displays information about applications that utilized most of the CPU or memory at any time presented on the charts
* Displays all files locked by a select process.
* Finds all processes locking a specified file.
* Includes “Summary” tab for quickly assessing the overall state of the Windows system
* Allows freezing individual Windows processes
* Offer various visual and functional improvements over the standard Windows Task Manager

http://www.extensoft.com/?p=free_task_manager

[Molly via EeeUserForums]

We just couldn’t have that now, could we?

Oh, how well we know you.

Wayne from Florida wants AtA’s help to create a script that will batch rename his purty pictures. Instead we are going to point him to some FREE software our friend Daniel at HackYourDay blogged about.

The software is called Batch File Renamer (clever eh?) from Cerebral Synergy.

Daniel says:

Here’s one software that productivity nuts will love. If you’ve ever needed to catalog files, change extensions, add something to a filename in large batches you know the suffering that is “right click, select, type, enter” done over and over and over again. If you need a tool that can simply edit filenames, rename extensions and so on in a very powerful, customizable way, read on!…

I set out to find some sort of tool because I need to catalog files in batches of 100 about every two days. I get a batch of stuff in txt format and I need to do the following operations.

• I need the files to be in the following format [ID - Number.txt]
• I also need them in this format [ID - Number.html]

Practically this means that I need “032 – 001.txt”, “032 – 002.txt” and so on (all the way to 100), also in .html format and I need to be able to customize all of this because for the next batch I will need “033? at the beginning.

Doing a Google search and trying a lot of free software that popped up I finally found Batch File Renamer. Not a fancy name, not a fancy program, but it gets the job done better than I’ve seen with other apps. First, head over to the Cerebral Synergy download page, scroll down and download Batch File Renamer.

He was able to change file extensions, mass change file names and it comes with all sorts of other free geeky options! Check out Daniel’s article at HackYourDay here and the Free Cerebral Synergy download is here.

_TheRenameThisAdmiN_

Then there are the times where I find myself five minutes into the conversation going “uhhhh, yeah that’s not good, I wonder what could cause that?” (believe it or not, us IT people don’t in fact know immediately exactly what is wrong with your computer, and we’re even wrong once in a third Tuesday of the week).

When I need to get a crystal clear picture of what is happening on a system, I turn to Process Explorer from Sysinternals (now brought to you by Microsoft!). Process Explorer is everything that Windows’ Task Manager wishes it was:

Overview

Process Explorer is an advanced process management utility that picks up where Task Manager leaves off. It will show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more. When you zoom in on a particular process you can list the DLLs it has loaded or the operating system resource handles it has open. A search capability enables you to track down a process that has a resource opened, such as a file, directory or Registry key, or to view the list of processes that have a DLL loaded.

The Process Explorer display consists of two sub-windows. The top always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window, which you can close, depends on the mode that Process Explorer is in: if it is in handle mode you will see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you will see the DLLs and memory-mapped files that the process has loaded.

Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

You can obtain equivalent command-line tools, Handle and ListDLLs, at the Sysinternals Web site.

Process Explorer does not require administrative privileges to run and works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, Windows Vista, Windows Server 2008 and on the x64 version of 64-bit Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008.

So, why use this rather than any of the dozens of other Task Manager replacements you can find on the internet? Well for starters, Process Explorer was written by Mark Russinovich. Mr. Russinovich is acknowledged as one of the foremost experts on Microsoft Windows in general, and the NTFS  file system in particular. The man is incredibly knowledgeable about the internal workings of Microsoft Operating Systems, and has authored several books on Microsoft Technologies.

Beyond that, the sheer depth of functionality in this product makes it a hands down winner in my book. Oh and did I mention that you can run it from a USB drive?

You can get more information on Process Explorer (and download it) here.

Initially I had some trepidation about doing an AA on Evernote, because as of v3, it is web centric, and some of the great features of the old v2.2 have been removed. But man is it useful!

ok, so what is Evernote? It’s difficult to explain correctly. Basically it is a note taking application on the order of Microsoft’s OneNote (which I like, but can’t justify buying a copy of for every system I work on, so it’s kind of limited in its use for me), but taken to a whole different level, oh, and it’s free (sort of).

Here is the description from the Evernote site:

Remember everything.

Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere. Did we mention that it’s free?

Yeah, that’s about accurate. Currently there is a free Evernote app for Windows, and Mac OS X (Leopard), a bookmarklet that will work on just about any browser, a Firefox extension, and apps for the iPhone, Palm Pre, Windows mobile phones, and limited Blackberry models .

It requires Blackberry OS4.6 or above so at the moment it is limited to the Bold (and since I just got one, this is a good thing), Curve (the new one), and Storm, however I have no doubt that RIM will update all others to 4.6 soon.

The thing that makes this a killer app for me is that Evernote can make text in images searchable. So if I take a picture with my Blackberry of say, a BSoD error message, and save it to Evernote, I can then access it on my desktop (or another machine connected to the internet), and figure out what that error message is telling me.

All in all, the ability to clip portions of websites, entire web pages, text from documents, and email from Outlook (yeah it integrates with Outlook), makes this a really really handy tool for IT work (not to mention blogging).

The free accounts are limited to 40MB of Monthly upload data (text, images, audio, and .pdf files only), whereas the premium version gets you 500MB per moth, removes the small advertising window in the desktop app, and can sync any kind of file.

While 40MB may not seem like much, it is roughly 20,000 text notes, or 400 mobile snapshots, or 270 web clips, or 40 audio notes, or 11 high resolution photos. 500MB is roughly 12.5 times that amount of data.

The cost of the premium account is $5/mo. or $45/year.

If you’d like to try Evernote out, you can sign up and download it here: http://www.evernote.com/

I am quite positive that there are as many solutions (both paid and unpaid) for handling Win32 Syslogs as there are SysAdmins out there. On my *NIX machines syslogs are a simple thing, configure Syslog-ng and move on. My Windows Syslogs are a whole different story.

First off, shame on you Microsoft for not providing built in syslogd integration capabilities. With the volume of BSD code in Windows there is just no acceptable reason for this.

But that doesn’t help me. The long term goal is of course to get a central Syslog server set up that will handle and archive log entries from all of my machines (*NIX and Win32), but that is going to take two things:

1. Time I don’t have.
2. Money I don’t have.

I need a solution for archiving my Windows event logs right now, in a central location, until I can get the central Syslog server set up. As I mentioned, most of the solutions for doing this on Windows machines (the ones I feel comfortable entrusting my event logs to anyway) cost somewhere in the neighborhood of an arm, a leg, and most of an ear, so those are not viable options. Now what do you do?

Well if you’re me, you roll your own solution. I’ve got several WS2003 servers that I need to log the event data from, because, well to be quite honest, because this network was built by someone that is more of a *NIX SysAdmin, and didn’t set up the Windows side correctly, so there are quite a few odd bugs in this network that will take quite a while to work out.

Now I could go through and manually export the event logs to a file once a month, but that is way too much work. I decided to script the solution to this problem using VBScript (as it is available on all of the Servers I need event log info from).

I give you logArchive.vbs:

If you are having issues copy & pasting this script from Fire Fox you can grab it from here.

'#==============================================================================
'#==============================================================================
'#  SCRIPT.........:  logArchive.vbs
'#  AUTHOR.........:  Joe Glessner
'#  EMAIL..........:  jglessner@gmail.com
'#  VERSION........:  1.0
'#  DATE...........:  30JUL07
'#  COPYRIGHT......:  2008, Joe-IT.com
'#  LICENSE........:  Freeware
'#  REQUIREMENTS...:
'#
'#  DESCRIPTION....:  This script backs up all of the event logs on the
'#                    designated computer, to the specified file server.
'#                    Optionally this script can also clear the event logs once
'#                    they are archived.
'#
'#  NOTES..........:
'#
'#  CUSTOMIZE......:
'#==============================================================================
'#  REVISED BY.....:
'#  EMAIL..........:
'#  REVISION DATE..:
'#  REVISION NOTES.:
'#
'#==============================================================================
'#==============================================================================
'**Start Encode**

'#==============================================================================
'#  START OF SCRIPT
'#==============================================================================
'Option Explicit
'On Error Resume Next

    '#--------------------------------------------------------------------------
    '#  SCRIPT CONFIGURATION SECTION
    '#--------------------------------------------------------------------------
    '#  OPTIONS:
    '#              strComputer = The name of the computer that generated the
    '#                            event logs (e.g. fs01 - use "." for the local
    '#                            machine.
    '#              objDir2 =      The destination directory on the file server.
    '#              clearEVTLogs   "No" does not clear the event logs. "Yes"
    '#                             will clear the event logs once the current
    '#                             logs are archived.
    '#--------------------------------------------------------------------------
    DIM strComputer, objDir2
    strComputer = "dc1"
    objDir2 = "\\SyslogServer\EventLogs$\" & strComputer
    clearEVTLogs = "Yes"

    '#--------------------------------------------------------------------------
    '#  Declare Remaining Variables
    '#--------------------------------------------------------------------------
    Dim current: current = Now
    Dim strDateStamp: strDateStamp = dateStamp(current)
    DIM objDir1: objDir1 = "\\" & strComputer & "\c$\EVT"

    '#--------------------------------------------------------------------------
    '#  Ensure that the Scratch directory exists on the source computer.
    '#--------------------------------------------------------------------------
    Set filesys=CreateObject("Scripting.FileSystemObject")
    If Not filesys.FolderExists(objDir1) Then
        createDir(objDir1)
    End If

    '#--------------------------------------------------------------------------
    '#  Ensure that the destination directory exists on the file server.
    '#--------------------------------------------------------------------------
    If Not filesys.FolderExists(objDir2) Then
        createDir(objDir2)
    End If

    '#--------------------------------------------------------------------------
    '#  Make create backups of the event logs to the Scratch directory.
    '#--------------------------------------------------------------------------
    strPath = objDir2 & "\"
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
            & strComputer & "\root\cimv2")
    Set colLogFiles = objWMIService.ExecQuery _
        ("Select * from Win32_NTEventLogFile")
    For Each objLogfile in colLogFiles
        strCopyFile = strDateStamp & "_" & strComputer & "_" _
        & objLogFile.LogFileName & ".evt&"
        strBackupFile = "c:\EVT\" & strDateStamp & "_" _
            & strComputer & "_" & objLogFile.LogFileName & ".evt"
        strBackupLog = objLogFile.BackupEventLog _
            (strBackupFile)
        'WScript.Echo objLogFile.LogFileName & " backed up to " _
        '    & strBackupFile

        '#----------------------------------------------------------------------
        '#  Copy the event logs to the file server.
        '#----------------------------------------------------------------------
        call copyAFile(objDir1, strPath, strCopyFile)

        '#----------------------------------------------------------------------
        '#  Clear the event logs, or not.
        '#----------------------------------------------------------------------
        If clearEVTLogs = "Yes" then
            objLogFile.ClearEventLog()
        End If
    Next

'#==============================================================================
'#  SUBROUTINES/FUNCTIONS/CLASSES
'#==============================================================================
    '#--------------------------------------------------------------------------
    '#  FUNCTION.........:  dateStamp(ByVal dt)
    '#  PURPOSE..........:  Generate an 8-character date stamp from the current
    '#                      VBScript date.
    '#  ARGUMENTS........:  dt = The date stamp to convert.
    '#  EXAMPLE..........:  Dim current: current = Now
    '#                      WScript.Echo dateStamp(current)
    '#  REQUIREMENTS.....:
    '#  NOTES............:  The above example will produce output of 20080730 if
    '#                      run on 07/30/08.
    '#--------------------------------------------------------------------------
    Function dateStamp(ByVal dt)
        Dim y, m, d
        y = Year(dt)
        m = Month(dt)
        If Len(m) = 1 Then m = "0" & m
        d = Day(dt)
        If Len(d) = 1 Then d = "0" & d
        dateStamp = y & m & d
    End Function

    '#--------------------------------------------------------------------------
    '#  FUNCTION........:  copyAFile()
    '#  ARGUMENTS.......:  strScourceFolder = The folder containing the files to
    '#                                        be copied.
    '#                     strTargetFolder = The Destination Folder
    '#                     strFileName = The name and file extension of the file
    '#                                   to be copied.
    '#  PURPOSE.........:  General purpose file copying function.
    '#  EXAMPLE.........:  Wscript.Echo copyAFile("C:\", "\\Server\Share", _
    '#                     & "fileName.txt")
    '#  NOTES...........:  strSourceFolder folder must exist
    '#                     strTargetFolder folder must exist
    '#                     strFileName file must exist in strSourceFolder folder
    '#--------------------------------------------------------------------------
    Function copyAFile( Byval strSourceFolder, Byval strTargetFolder, _
        Byval strFileName)
        Dim objFSO, booOverWrite, strResult
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        If objFSO.FileExists( strSourceFolder & "\" & strFileName) _
            And UCase( strSourceFolder)  UCase( strTargetFolder) Then
            If objFSO.FolderExists( strTargetFolder) Then
                Else
                strResult = "The destination folder does not exist!"
                'copyAFile = strResult
                Exit Function
            End If
            If objFSO.FileExists( strTargetFolder & "\" & strFileName) Then
                strResult = "The file exists, overwritten"
                booOverWrite = vbTrue
            Else
                strResult = "The file does not exist, created"
                booOverWrite = vbFalse
            End If
            objFSO.CopyFile strSourceFolder & "\" _
                & strFileName, strTargetFolder & "\", booOverWrite
        Else
            strResult = "The source file does not exist, or " _
                & "identical Source and Target folders!"
        End If
        'copyAFile = strResult
    End Function

    '#--------------------------------------------------------------------------
    '#  FUNCTION.......:  createDir(strDir)
    '#  ARGUMENTS......:  strDir = UNC path of the directory to create.
    '#  PURPOSE........:  Creates directories.
    '#  EXAMPLE........:  createDir("c:\WSH_TEST\")
    '#                    createDir("c:\WSH_TEST\" & "Files\")
    '#  NOTES..........:  If creating a subdirectory of a directory that does
    '#                    not exist, the parent directory must be created
    '#                    first, as shown in the example.
    '#--------------------------------------------------------------------------
    Function createDir(strDir)
        set filesys=CreateObject("Scripting.FileSystemObject")
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        If Not filesys.FolderExists(strDir) Then
            Set objFolder = objFSO.CreateFolder(strDir)
        End If
    End Function

'#==============================================================================
'#  END OF FILE
'#==============================================================================

So, What does it do? This script will copy the event logs (well technically it creates a backup it doesn’t actually copy the data per se) from the target system to a directory defined by the user, and optionally clear the logs.

You can then use the built in Windows Event Log viewer to open the resulting file and search the event logs for the time period in the file.

How I use this:

I have several copies of this script set up in Windows’ Task Scheduler to run on the first of every month at exactly midnight, with the option to clear the event logs turned on. This allows me to create a Monthly archive of event logs for each Server that it is run against, and when I get a cryptic event log message like “Windows has previously logged the source of this error”, I can go back and search for the referenced previous entry.

Like I said before, this is a temporary system designed to do one thing: archive all of the Event logs from all of my Windows servers to a central location until I can get a proper central Syslog server in place. It works flawlessly for the task it was designed to do.

Upon running the application a window will come up. Don’t be alarmed that it says No devices found…. Check for administrative privileges first. This is normal as it starts querying your machine. You can see at the bottom of the window it is already searching and getting to know your system’s devices.

You can select which items you want to backup or select everything and do a full backup. After clicking the Start Backup button you will see this screen.

Hit the browse button to select your path to backup to. For this instance I am putting it on my external second hard drive. I choose Make New Folder and continued.

I hit OK and then Start Backup…

And then it was done… Almost instantly!

I hit OK and then attempted to restore my drivers…

I hit restore from the main menu and got this window:

I opened the file and hit blamo all my drivers were listed. And restoring was as easy as clicking Restore!

Do you have a tool you use or another method of backing up your drivers? If you do – please share them with us in the comments!

The Olympus FE-3010 is a sleek little camera. This sexy little beast is easy on the eye, easy on the pocket and best of all, easy for mom to use. The FE-310 is the easy choice for everyone looking for an eye-catching, high-performance camera at an exceedingly attractive price for mom. Incorporating a 5x zoom, 8.0 Megapixels and plenty of other advanced features, it has all bases covered. For a limited time get over 25% off the list price of $199 plus FREE SHIPPING using our special AskTheAdmin link below.
Click here to get this Metallic Magenta camera and over 25% off

The Kodak Easyshare P820 Digital Photo Frame is the best bang for the buck due solely to our special AskTheAdmin deals. This sleek digital picture frame features an 8″ HQ LCD screen, 2 SD slots, and comes complete with 2 decorative mattes that will help your Easyshare Photo Frame complement any decor, which mom is sure to love. And now, thanks to our Admin connection, we can get you a 49% off discount off the regular retail price of $149 plus FREE SHIPPING. And the only way you can get this deal is to follow this link:
click to get 49% off the Kodak P820 Easyshare Frame courtesy of AskTheAdmin.
 

This whopping 14.1-Inch Digital Picture Frame is a brilliant way for mom to display her favorite pics. Bluetooth function allows wireless photo downloads from her phone or computer. 512MB included memory can be expanded to 1GB. Built in speakers, a bright huge screen and a bunch of more features make this photo frame a great value. But as usual, AskTheAdmin doesn’t let our users pay retail (blech). So now, you get 48% off the regular retail price! Just in time to grab for mom.
Click here to get our special discount of 48% off the regular retail price of $279!
Grab it here for $144.99
 

Introducing the Flip Video Mino which puts the power of video in your pocket. The super-portable, super-simple Mino makes it easy for mom to capture and share high-quality video anywhere and everywhere. At 40% smaller than its already pocket-sized brother the Flip Ultra, the Flip Mino barely makes a dent in even the tightest of jeans. Mom will love this perfect little gift, and AskTheAdmin loves bringing you tech deals so a $21 discount plus free shipping on this handy little cam will make you AND mom happy. Click here to get this awesome deal.
 

You can leave your thanks in the comments…
Commodore64 (The one you used to play Bruce Lee on ,8,1)
 

The PSTools suite is comprised of the following utilities:

• PsExec – execute processes remotely
• PsFile – shows files opened remotely
• PsGetSid – display the SID of a computer or a user
• PsInfo – list information about a system
• PsKill – kill processes by name or process ID
• PsList – list detailed information about processes
• PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
• PsLogList – dump event log records
• PsPasswd – changes account passwords
• PsService – view and control services
• PsShutdown – shuts down and optionally reboots a computer
• PsSuspend – suspends processes
• PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo)

While these tools work locally (and in most cases work better than the native Windows utilities, or provide functionality that is not available natively), they really shine when it comes to working with remote machines. If I had nothing else but a fresh (default) Windows install, I could probably continue to administer my network using the PSTools.

Notice I said nothing but a default windows install. Microsoft has done something rather unique with the PSTools suite (in fact with the entire Sysinternals utilities collection), and made them usable from a “live” website (to get an overview of what is available, just type live.sysinternals.com\tools into your browser’s address bar).

Now all these tools are stand alone executables (no need to install), so they can be run from a USB drive (SWEET!!!), however being able to run them without even having the executables on the machine is just awesome!

Around my network we don’t have ANY user accounts called Administrator or Admin – Period.

Why you might ask?

Well for starters it’s a HUGE security risk!  Let’s look at it like this. If a hacker wants to try and gain access to your machine the first thing they will do after a port scan is try and find your administrator password.

Most of the time automated scans search for weak passwords on commonly named administrator accounts including: Root, Administrator, Admin and foreign variations on them. If the potential attacker does not know what the account is called then they will have a MUCH harder time gaining admin access.

I learned way back when in school to not only rename my real administrator account but to create another account called Administrator with limited access.

This creates Honeypot of sorts. For a great example of Honeypot’s and snooping on the snoops check out this article on using Spector.

Why is it called a honey pot? Good question read this answer below:

Winnie the Pooh is a big fan of honey. In fact, he loves it so much that he will often get his paws and even his face stuck in the honey pot! In the computer world, a Honey Pot is a computer (or network of computers) designed to detect and monitor hackers. The idea is that the hacker will be lured in and trapped by the honey pot.

Now I don’t go crazy and give this sudo admin account  an easy password either, after all the unauthorized user gains a small bit of access to your network that they did not have before. This is not what want. We want them to spend their time and resources looking for information that really doesn’t help them. And in the process your intrusion prevention services should catch them in the act.

So really password protect your fake administrator account. Let them spin their gears getting something that is no where near as critical as if they got your real account – you know the one you just renamed honeyp0t :)

This works on any operating system where you can rename your administrator account. Do you have other tips or tricks for securing your servers? Let us know in the comments! Put your fellow admin’s on!

_TheHoneyLovingAdmiN_

I quickly found out that Microsoft provide a tool to back up and restore your printers. Score!

It said it will back up all your printers, settings, and drivers into a .cab archive, and then it allows you to restore the cab file on a different machine.

This small app grabbed ALL my printers including the local ones, copied all their drivers and crap to a single cab file. I was able to run the PrintMig on the new server and import the printers.

In 15 minutes or so all my printers were installed and working properly except one USB guy that needed to have its port switched. All in all it went very well. And I discovered another thing while testing:

So you can copy printers from one machine to another, create cab files for different off domain laptop configurations. Or this is great if you don’t do the Active Directory thing and want to semi-automate printer installation.

The latest version of Printmig is 3.1 and is available for downaload here.

more details available from:
http://www.microsoft.com/printserver

A special thanks goes out to the internet on this one. Thanks for always being there for me man!

You need a Windows 2003 Server Service Pack 2 CD and you only have SP1?

Have you ever wanted to upgrade your original Windows XP CD to SP3?

That is where slipstreaming comes into play. Slipstreaming a service pack saves time, disk space and makes future installs easier.

When you slipstream a service pack into an OS the finished install already has the service pack included so you don’t need to install it as a separate step.

All you need to do is install the 87 #%^@* updates and patches Microsoft has released since the service pack. :)

You will need a few things to create a slipstreamed OS disc:

1 – The original bootable OS CD.
2 – The full version of the service pack you want to slipstream. Microsoft refers to this as the “network install” version. It is used by admins to install the service pack on multiple machines. It is much larger than the other SP versions you might come across and cannot be obtained from Windows Update. You can find the network install version of Windows XP SP2 here. Windows 2003 Server SP2 is available here.
3 – A copy of nLite.
4 – Software to burn the slipstreamed ISO image to disc (like Roxio).

I won’t go into all the step-by-step details here because there is already a great set of instructions on the MSFN site.

When you are done, you will have an OS installation disc that functions exactly like your original OS disc, but contains all the updates included in the service pack.

You can also use nLite to add additional patches and updates as well as additional drivers. There is a guide on the nLite site that goes into more detail about how to do this.

Slipstreaming a Windows service pack works the same way for both server and desktop operating systems.

That is, until Vista…

Yes, that is right. Among the many other changes Vista brings, you cannot slipstream SP1 into your original Vista RTM DVD.

Microsoft’s official stance is that you should install Vista, install SP1 either through Windows Update or a network install and then use the WAIK to capture the image that includes SP1. This is presumably going to be the same for Server 2008 since it has the same code base as Vista.

The same group that created the nLite tool has created vLite which will allow for slipstreaming Vista SP1, but it is still in beta and has some caveats. There are some other tools out there to create Vista SP1 slipstream discs, but my guess (and this is purely my opinion) is that Microsoft will not support any installation that is created this way. If you run into problems with a slipstreamed Vista install, I expect they will say reinstall from RTM media, apply the SP from Windows Update and if you’re still having the problem then we’ll talk.

_TheSlippinAdmiN_

You can use it to display a message in your absence to remind your buddies you are an all knowing Admin. You can do it pretty easily by displaying what Microsoft refers to as a legal notice at system start up.

• GO TO RUN
• REGEDIT
• Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
• Change legalnoticecaption”=”Legal Notice“
• legalnoticetext=”AskTheAdmin is watching you.”

obviously you can replace Legal notice or AskTheAdmin is watching you with any text you want. The editors over here are pretty sure you can find some Funny Practical uses for this on your, or a public, PC…

_TheAlwaysWatchingAdmiN_