Posted by Adam Ruth on Wed, Sep 08, 2010
Photo by Don Hankins
We all know that malware is evil, but like most evil things there are some valid uses for them (that's true, right? Evil things can have uses, even in a Time Bandits sort of way? I thought so.)
Well, in case you don't believe me, here are the top 10 uses for malware that don't require you to be evil.
10. As a little present for the Nigerian 419 scammers when you send them your computer password so they can get your bank account numbers.
9. Any prank involving that guy from sales who keeps making fun of your tradeshow t-shirts.
8. Keyboard logging on your dad's computer so you can see what he typed right before "it broke and I swear I didn't change anything!"
7. Creating an unscheduled downtime emergency to get excused from a boring meeting.
6. Watching for references to computers on Hollywood scriptwriting computers and making the necessary changes so that the plot is somewhat in touch with reality.
5. Infecting the BIOS of your uncle's 12 year old Packard Bell computer so you can finally convince him that it's time to upgrade.
4. Making OS X feel more familiar to Windows users.
3. Showing up that obnoxious jerk at the class reunion by taking over the slide projector and showing Photoshopped pictures of him in his underwear.
2. Shutting down a real estate developer's computers to prevent the destruction of a building housing a rag-tag group of lovable orphans.
1. Defcon groupies.
Follow me on Twitter
Posted by Shane Corellian on Mon, Sep 06, 2010
We were deploying Tivoli Management Agent (TMA) out to about 15,000 computers in 2001. There were about 170 administrators that were responsible for all these systems. There was A LOT of resistence from those administrators about adopting a centralized management system like Tivoli Framework. I will never forget one of the messages we received from an administrator who clearly had no concept of proper troubleshooting. The message, in part, read:
"We cannot install the TMA on our 230 computers because it breaks Oracle".
I replied with a request for her to be MUCH more specific. Her response was priceless:
"We feel that the TMA may be causing the Oracle client to lose connection to the Oracle database." (Italics added to demonstrate stupidity...I mean for emphasis.)
"May be causing ...?!" To paraphrase B.J. Honeycutt: "So far I have a definite possibility of three absolute maybes".
A co-worker of mine responded with the famous flea/cricket story used to demonstrate improper troubleshooting and to call her out on her text book use of the "post hoc ergo proctor hoc" logical fallacy.
A scientist taught a flea to jump on command. Out of curiosity he thought he would do some experiments with his trained flea. "Jump!" he yelled, and the flea jumped six inches into the air. The scientist then pulled off two of the flea's legs and yelled "Jump!". This jump was only four inches high. He ripped off two more legs and the jump was reduced to two inches. After the last two legs came off the flea didn't jump anymore. The scientist then wrote a paper explaining how if you pull all the legs off a flea, the flea goes deaf.
Needless to say, this email didn't go over well but that's a story for another time.
My co-worker and I wrote another email detailing some things we wanted her to document for us.
- Basic info: OS, Oracle client version etc.
- How consistent are the errors? Are these errors present on multiple machines?
- Please duplicate the error and send us the relevant Event Log entries.
- Can you duplicate the error with the TMA service turned off?
- Are there any articles on IBM or Oracle support sites documenting these problems?
There were a few more suggestions but you get the point. We wrapped it up with an invitation to come to their department and perform these tests ourselves.
We never heard back. The TMA was installed as planned.
I know, trust me, how painful it can be to have customers or end-users make blanket accusations or knee-jerk explainations of their problems. The most common is probably "The network is down!" because they can't get to a particular website or a print queue is backed up. The problem is that many of our management tools or configuration settings MAY be causing the problem that a user is experiencing. We have to remember that we have one or more swimmers in the public swimming pool that is a distributed computer environment. Maybe one of our swimmers is peeing in the pool. We can't have a knee-jerk reaction to what is perhaps the user's knee-jerk reaction because we may be at fault.
Keep the emotions in check, work the problem and save your frustrations and ranting for poker night or the occasional blog entry.
Follow me on Twitter @ShaneCorellian
Use PDQ Deploy to deploy software to your computers. It's fully functional, fully free and 99.6% urine free.
Posted by Adam Ruth on Fri, Sep 03, 2010
Photo by heyjoewhere...
Back in July when I wrote about 5 Things This Procrastinating System Administrator has Learned I was pretty skeptical about the dire need to move to IPv6. I still am, but in the mean time I've been seeing stories about how some companies have been moving in pieces over to IPv6 and seeing how the move is going to eventuate. Everything Sysadmin has a good post on Successful IPv6 Projects which I think does a good job of outlining some strategies.
As I said before, I think that IPv6 was designed to avoid backward compatibility in a misguided strategy to get people to move over wholesale from IPv4. Whether this is true, or if there really are insurmountable technical limitations to backward compatibility, it doesn't change the fact that transitioning is difficult. Very difficult. Because of this, you don't see anyone drinking the whole jug of Kool-Aid and ditching v4 altogether. Instead, what you see are projects that transition to v6 with new devices or networks or with pieces that won't impact existing v4 users.
This is a good strategy because in doing so existing networks need to be upgraded to support the new standard in order to access the upgraded pieces. With a business case made, and a well scoped project defined, then an upgrade of a small piece of the network touches everything and gets the whole network ready to move. Since the real issue with v6 comes in interconnectivity outside of your network (read: Internet) being ready to flip the switch to v6 while still running v4 is really all you can, and need, to do for now.
At some point there are going to be two Internets, one that is v6 only and one that is still v4. There will be a lot of the Internet that can handle both but it can safely be considered the v4 'net. Once there is a critical mass on the v6 only side then any network which can't access it will be left in the dark ages. I still think we're very far away from that point, but now's a good time to start working on getting that little piece upgraded. Look for success stories out there, such as those on the Everything Sysadmin blog, to get some ideas of what pieces you can work on.
Posted by Shawn Anderson on Wed, Sep 01, 2010
Prior to remotely installing Office 2010 to your company, you'll want to run the admin tool, also known as the Office Customization Tool.
We have a video which demonstrates using the Office Customization Wizard. We'll also show a step-by-step below.
Copy your Office 2010 setup disc to a folder on your workstation and open a command window. Change directories (cd) to your setup.exe location and run the following:
setup.exe /admin
The customization tool will open up.
Like most customization tools, there is too much to go through here, but we'd like to focus on the customizations that will make it easier for deployment without bothering your users as well as to disable some common "phone-home" features. (While these might be helpful features, some companies have policies against such feedback).
Hit the important areas to you, but be sure to select the "Microsoft Office 2010" selection, which contains some settings that are important.
After you've entered your volume license key, disabled the auto-start wizard, and disabled the phone-home settings, you're ready to make other changes as well.
Take the time to walk around the tool and see if there are other settings that would be helpful to you. If you have a SharePoint server this is a good way to customize the URL for your document library, etc. If you have an Exchange server this is also a fast way to ensure that all installations of Outlook point to the correct server.
A huge thanks out to the developers at Microsoft who continue to make this tool available. It helps those of us who rely on Microsoft Office everyday.
Do you need to deploy Microsoft Office to all your computers? Use PDQ Deploy, a free software deployment tool from Admin Arsenal.
Follow me on Twitter: @ShawnAnderson
Sys Admin? Join our Admin Arsenal Facebook page.
Posted by Adam Ruth on Mon, Aug 30, 2010
Photo by Frankie Roberto
IT Expert Voice has a great article detailing what's coming up with USB 3.0 and what to expect. It's very informative and answered a few questions I had (such as backward compatibility and the nature of the cables and connectors.) A good and quick read if you're interested in what's coming down the pike.
The final section talks about Intel's Light Peak as a competitor and whether USB 3.0 will have the juice to fight against it. It's certainly a compelling discussion and it brings to mind other classic technology battles. It most closely reminds me of USB 2.0 vs FireWire. FireWire had a lot going for it, and I was in its camp thinking that it would win dominance over USB 2.0. But, as things usually seem to go, I was way off. A lot of people were.
Why is it so hard to predict the direction of technology? I think this question is really just a part of the larger questions of trying to predict markets generally. Markets and technology work like evolution, it's the strongest that survive and it's not always clear what attributes make them strongest. USB 2.0 won out over FireWire for a number of reasons, some of which are obvious, and some of which are not quite clear. Even in retrospect it's not always easy to see the factors that lead to one "species" surviving in the great marketplace of ideas while other seemingly stronger contenders fall by the wayside.
The lesson for me is to never be too confident in backing a single horse in the race. It's prudent to hedge those bets a bit. I'd love to just focus on one programming language or platform, but it would be a problem if that platform is pulled out from under me. I've known programmers who put all their eggs in one basket and never spend any time learning anything else. That may work well for them in the present, but the future is too hazy to see how that will continue to work.
In short, I'm scared to stop learning new and different things. I don't want to end up a dinosaur fossil in a programming museum.
Follow me on Twitter @AdamRuth
Posted by Shane Corellian on Fri, Aug 27, 2010
It seems that more and more businesses are relying on OpenOffice.org (OOo) for their word processing, spreadsheet and presentation needs. I have no empirical data to back up this observation its just anecdotal. Anyway...
There are a few ways to perform a remote deployment of OOo with PDQ Deploy. First things first. You need to download the installation files. For this example I downloaded OOo 3.2.1. After downloading the file, Run it to "unpack" the Installation files. You will be asked where you want the files unpacked to. Choose a network share (I used "\\Scranton\Deploy\Open Office". Once the files are unpacked QUIT the installation. Yes, quit it. We just needed the files unpacked. We will get to the installation when we deploy the app.
To use PDQ Deploy to install to your organization you can perform a simple deploy by just passing a few extra parameters into your command line arguments.
As you can see we are just calling the MSI file and selecting the options to Not Reboot and run Quiet. We have passed some additional Windows Installer Properties respective to OpenOffice.org. The additional properties prevent OOo from performing an automatic update and prevents a desktop icon from being created on the target machines.
It is imperative that the "Include entire directory" check box is checked. If it is not checked then the deployment will fail (as the additional OOo deployment files will not be copied down to each target).
Get PDQ Deploy today. It's free and fully functional.
Posted by Shane Corellian on Wed, Aug 25, 2010
We have added some sick features to Admin Arsenal in version 1.5.
My favorite is the ability to extend the Admin Arsenal Tools menu by adding your own Custom Tools. A Custom Tool is a command that exists on the Admin Arsenal console machine. When the Custom tool is selected (either from the Tools menu or a keyboard shortcut that you assign) the command is executed along with any respective command line arguments.
Want to be able to automatically go to the C$ of a target computer? Go to your Admin Arsenal Preferences and, in the Custom Tools pane, add the following line:
Open C$ Share=explorer.exe "\\%TARGET%\C$"
The syntax for a custom tool line is
Name [;keyboard shortcut]=command [ARGS]
Admin Arsenal will contain the computer name in the %TARGET% variable.
If you use DameWare Mini Remote Control, you can have initiate a Remote Control session from within Admin Arsenal by adding a custom tool entry like this:
DameWare Remote Control;CTRL+ALT+Z="C:\Program Files (x86)\DameWare Development\DameWare Mini Remote Control\dwrcc.exe" -m:%TARGET% -a:1
See additonal arguments that can be passed to DameWare Mini Remote Control.
Would you like to automatically connect to a network registry? Feel free to download one of our free utilities called StartReg.exe. Place this file on your Admin Arsenal console machine and add the following line to your custom tools:
Connect Remote Registry;CTRL+SHIFT+E="StartReg.exe" %TARGET%
In the above example I didn't pass the Path for StartReg.exe because I put it in my System32 directory which is, obviously, included in my PATH variable.
See a Video example on Admin Arsenal's YouTube Channel
Note: Any download from our Free Utilities is not supported and is provided without warranty of any kind.
Posted by Adam Ruth on Mon, Aug 23, 2010
Photo by Dave_B_
In two recent posts I went over the PowerShell formatting cmdlets and calculated properties. Today I'm going to cover Views. You'll notice that when you display a normal object (such as the built-in FileInfo objects when you run dir) you don't see all of its properties. This is because PowerShell is using a View, which is selected based on the type of object you're outputting and which type of output is being used (table, list, or wide.)
The views are stored in XML files in the PowerShell directory which you can examine to see how the formatting is being performed. Not only that but you can add your own views and even override the default views used by PowerShell.
The standard views are stored in %systemroot%\System32\WindowsPowerShell\v1.0 in a files with the extension format.ps1xml. There are several files, but the one we'll be looking at is FileSystem.format.ps1xml. This file holds the formatting for the various file system objects, such as FileInfo and DirectoryInfo. The section that defines the normal file system table output is this:
<View>
<Name>children</Name>
<ViewSelectedBy>
<SelectionSetName>FileSystemTypes</SelectionSetName>
</ViewSelectedBy>
<GroupBy>
<PropertyName>PSParentPath</PropertyName>
<CustomControlName>FileSystemTypes-GroupingFormat</CustomControlName>
</GroupBy>
<TableControl>
<TableHeaders>
<TableColumnHeader>
<Label>Mode</Label>
<Width>7</Width>
<Alignment>left</Alignment>
</TableColumnHeader>
<TableColumnHeader>
<Label>LastWriteTime</Label>
<Width>25</Width>
<Alignment>right</Alignment>
</TableColumnHeader>
<TableColumnHeader>
<Label>Length</Label>
<Width>10</Width>
<Alignment>right</Alignment>
</TableColumnHeader>
<TableColumnHeader/>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<Wrap/>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Mode</PropertyName>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>
[String]::Format("{0,10} {1,8}", $_.LastWriteTime.ToString("d"), $_.LastWriteTime.ToString("t"))
</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Length</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Name</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
If you're not used to XML this may appear a bit daunting, but you can get a quick sense of how it works. There are four main sections of the file.
- <ViewSelectedBy> indicates which object types are used by this view. In this case, the name FileSystemTypes refers to another section in the file that lists the types. That section is <SelectionSets>. The individual type names can be listed instead, but this reference makes the code shorter.
- <GroupBy> tells the table of files to be grouped by thier parent path. This also refers to another section of the file called <Controls>.
- <TableHeaders> sets up not only the titles that appear on the table columns, but also their width and alignment.
- <TableRowEntry> the actual values to show in the table. Three of the colums just pull out a property by name, but the LastModifiedTime uses PowerShell code to format the date in a particular way. Any PowerShell code can be used which gives a great deal of flexibility.
There are a lot of possibilities for how to create views and the documentation is a bit limited. To learn about formatting it's best to look at the included format files to see how things are done.
To make a custom view you will need to create your own format.ps1xml files since you can't edit the built in ones. If there is more than one view for an object then the first one found will be used. Otherwise they can be selected by name using the -View parameter of the format cmdlets. Once you have a file created you import the formats using the Format-UpdateData cmdlet. As an example of a new format, I've create a format file that adds a CreationTime column in addition to LastWriteTime. Download the file, save it with the extension .format.ps1xml and run the following command:
Format-UpdateData -PrependPath [filename]
Now when you list the contents of a directory you will see the new column. Alternately you could have used -AppendPath to put the file after the built in formats and then you would need to use the view by name:
dir | Format-Table -View MyFormat
To make the custom format persistent between sessions, add the Format-UpdateData command to your PowerShell profile. One of the principles of PowerShell is the ability for you to configure it to your tastes and Views are a very powerful, if somewhat complex, way to get just want you want.
Need help using formats (or anything else) in PowerShell? Post a question in our
PowerShell forum to ask one of our engineers.
Posted by Shane Corellian on Fri, Aug 20, 2010
Photo by Lingaraj G J
We have a client that uses Microsoft SCCM to manage about 1,700 computers. The problem is that 130 of these computers needed to have the U.S. Government Configuration Baseline (USGCB) - formerly known as FDCC - version 2.4. These 130 computers had the 2.1 version of USGCB which still uses Vista Service Pack 1.
Performing the "USGCB Migration" to version 2.4 is a rather cumbersome exercise considering all of the updated applications and OS configuration changes it needs to make. The process (using SCCM) can take a few days even when the SCCM Service Windows are ignored. Many users were experiencing computers rebooting in the middle of the day as a result of the migration.
In an effort to minimize the reboots during the day (all the Migrations were started in the evening but due to SCCM polling and HW scan intervals the migration process always spilled into the work day) we used the new PDQ Deploy to quickly deploy applications that comprised the various parts of the Migration without having to wait for next Machine Policy or Advertisement. We started with the biggest reboot offender, Windows Vista SP2.
We simply ran a query in Admin Arsenal showing all machines that had Service Pack 1 of Vista and then, in the evening, deployed SP 2 with the following arguments:
/quiet /warnrestart:120
Within 3 hours almost all of the 130 computers had successfully installed Service Pack 2. We then deployed another "package" which was simply a CMD file which forced a hardware scan. (This client is not allowed to modify the set schedules that scans are run with SCCM). Using Roger Zander's suggestions the CMD file ran one command which utilizes WMI to initiate an SCCM hardware scan.
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE
This was, to say the least, very painless.
Use PDQ Deploy. It is free and fully functional only from Admin Arsenal.
Posted by Adam Ruth on Wed, Aug 18, 2010
Photo by teclasong
While reading my daily blog roll I ran across a posting at the always informative Train Signal Training blog about VHDs, or Virtual Hard Disks. This really caught my eye as I hadn't heard of this functionality before. Virtual disks have been a part OS X since the beginning (I believe they go back to the NeXT days) and I find them to be very useful. It's great to see this capability now in Windows 7 and Server 2008 R2. The steps to create and use a VHD are a bit more complicated than creating a DMG on the Mac, but that's a small price to pay for the capability.
As usual, I'm interested in the command line options and here Microsoft doesn't disappoint. The DiskPart.exe utility provides all the necessary functionality to create, partition, format, and use a virtual disk. Here's a session that creates a 32 GB disk and assigns it a drive letter.
PS C:\> diskpart
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation
On computer: AADEV
DISKPART> create vdisk file="c:\test.vhd" maximum=32000 type=expandable
100 percent completed
DiskPart successfully created the virtual disk file.
DISKPART> select vdisk file="c:\test.vhd"
DiskPart successfully selected the virtual disk file.
DISKPART> attach vdisk
100 perent completed
DiskPart successfully attached the virtual disk file.
DISKPART> create partition primary
DiskPart succeeded in creating the specified partition.
DISKPART> list partition
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 31 GB 1024 KB
DISKPART> select partition=1
Partition 1 is now the selected partition.
DISKPART> format quick fs=ntfs
100 percent completed
DiskPart successfully formatted the volume
DISKPART> list volume
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ---- ----------- ------- --------- ------
Volume 0 D CD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 127 GB Healthy Boot
Volume 3 NTFS Partition 31 GB Healthy
DISKPART> select volume=3
Volume 3 is the selected volume.
DISKPART> assign letter=V
DiskPart successfully assigned the drive letter or mount point.
DISKPART> exit
Leaving DiskPart...
PS C:\> copy license.xml v:\
PS C:\> dir v:\
Directory: v:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 9/08/2010 2:41 PM 418 license.xml
As you can see, it's pretty straightforward to create and use a VHD. You can even install Windows on a VHD and boot to it, which can be very useful for troubleshooting. I love finding a new features that I didn't know about and can explore.
Looking for unattended installation software? Download a free copy of PDQ Deploy.