Friday, April 6, 2012

Test VPN Bandwidth and speed with iPerf

This article explains how to use a free utility called iPerf to test the speed of a VPN connection. In this example I am running iPerf on windows but there are other versions available (i.e. Linux).

Download iPerf (here)
Put a copy on 2 computers with 1 either side of the VPN. In this example I have put in the c:\triangle folder
On the “server” PC open a cmd prompt and navigate to the folder containing iperf. Note on computers running Win7 or Win2008 I recommend running the cmd prompt in elevated mode.
Run the command iperf –s
On the “client” PC open a cmd prompt and again navigate to the folder containing iperf.
Run the command iperf –c
After a short while the estimated bandwidth is displayed.

Friday, March 2, 2012

How to setup BGInfo as a GPO

· Download BGInfo: http://technet.microsoft.com/en-us/sysinternals/bb897557

o There will be two files in .zip file (Bginfo.exe and Eula.txt)

o Run Bginfo.exe

o Agree to the BGInfo License Agreement

· Now you need to pick want info you would like to display

o From here you can pick the Fields you want to display.

o What Background image to use. For servers as I like to set the background a solid black page.

o Where to position the information. In this case I’m setting the position in the bottom right. This keeps Icons from over lapping it.

o How to update the wallpaper and desktop. For servers I select to “Update this wallpaper” for all 3 options.

· Now go File > Save As and save the name as default.bgi in the same location as the Bginfo.exe file.

· Now copy “Bgino.exe” and “Default.bgi” to \\{your Domain name here}.local\SYSVOL\{your Domain name here}.local\scripts\

· Now we need to create the script file to run now.

o Open notepad

o Update this for your domain name.

§ Copy this line into notepad into but update ityou’re your domain name: \\{your Domain name here}.local\SYSVOL\{your Domain name here}.local\scripts\Bginfo.exe \\{your Domain name here}.local\SYSVOL\{your Domain name here}.local\scripts\Default.bgi /timer:0 /NoLicPrompt

o Save this file as bginfo.cmd

· Now we can setup of the GPO rule.

o Create or update the GPO you would like to use.

o Go to Computer > Policies > Windows Settings > Scripts (Startup/Shutdown)

§ Double click “Startup”

§ Then Select “Add”

§ For Script name type: \\{your Domain name here}.local\SYSVOL\{your Domain name here}.local\scripts\bginfo.cmd

§ Click OK

o Now Go to User Configuration > Windows Setting > Scripts (Logon/Logoff)

§ Double click “logon”

§ Then Select “Add”

§ For Script name type: \\{your Domain name here}.local\SYSVOL\{your Domain name here}.local\scripts\bginfo.cmd

§ Click OK

Wait 5 to 15 minutes for your domain replication to happen. Now any server that is effected by that GPO will have the BGInfo background.

Folder InetPub LogFiles are filling up the c drive

The C drive of your Server 2008 is filling rapidly and when you look at C:\inetpub\logs\LogFiles\ and its taking up GB of disk space.

Open Administrative Tools – Internet Information Services (IIS) Manager, browse through Sites and select the WSUS Administration site and open Logging.

You have 2 options:

You can set the “maximum file size (in bytes):” option under Log file rollover to limit the maximum log file size.
Completely disable logging, by choosing “Disable” on the Actions menu on the right.

Make sure after you changed anything choose Apply on the upper right and do a iisreset.

Monday, February 27, 2012

HOW TO: Add UPN Suffixes to a Forest

In the case you are Creating a domain Domain.local but you don't want to confuse your user you can add UPN Suffixes to change how the user name looks when a user logs in.

Example:
Your domain is: mydomain.local

You can use the steps below to add a UPN Suffix for mydomain.com. Now your username could be set to user@mydomain.com vs user@mydomain.local. This is great in case were your user population is not as computer savvy and doesn't understand why there email address is user@mydomain.com but their computer log in is user@mydomain.local.

You could also use this to help idenify external user/clients vs your staff, or for managing multiple companies on the same domain controller.

Source

This article describes how to add UPN suffixes to a forest. Adding these suffixes gives you the ability to use a friendly user-logon name that does not match the domain's or parent domains' naming structure.

Adding a UPN Suffix to a Forest

Open Active Directory Domains and Trusts.
Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.
Click Add, and then click OK.

Now when you add users to the forest, you can select the new UPN suffix to complete the user's logon name.

Office 365 - Grant Mailbox Permission's

open PowerShell as admin

Set-ExecutionPolicy Unrestricted

Type the following command, and then press ENTER: “Y” is the default answer, either enter y or press enter.

$Cred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection

Import-PSSession $Session

Add-MailboxPermission -Identity Release@your_domain_Name.com -User user@your_domain_Name.com -AccessRights FullAccess -InheritanceType All

GPO - Deny logon as a batch job

Source

Deny logon as a batch job

This topic has not yet been rated Rate this topic

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Description

Determines which accounts are prevented from being able to log on as a batch job. This policy setting supercedes the Log on as a batch job policy setting if a user account is subject to both policies.

This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.

By default, there are no users denied logon as a batch job.

Thursday, February 23, 2012

Idiot’s Guide for Linux - SugarCRM 4.2.1 Installation

Source

Below is a set-by-set guide I made for installing Sugar CRM on a basic linux install. This guide assumes that you have a working linux install with apache installed. I hope this help eveyone save a little time on their frist install.

Installation
1. Install Apache (httpd), PHP, MySQL (server and client), and the component that allows php to talk to mysql.
yum -y install httpd php mysql mysql-server php-mysql php-imap php-json php-eaccelerator
yum update -y
2. Configure the new services to start automatically
chkconfig httpd on
chkconfig mysqld on
service httpd start
service mysqld start
3. IMPORTANT! Set up the mysql database root password. Without a password, ANY user on the box can login to mysql as database root. The mysql root account is a separate password from the machine root account.
mysqladmin -u root password 'new-password' [quotes are required]
4. Make additional security-related changes to mysql.
mysql -u root -p

mysql> DROP DATABASE test; [removes the test database]
mysql> DELETE FROM mysql.user WHERE user = ''; [Removes anonymous access]
mysql> FLUSH PRIVILEGES;

FireWall
/etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
#-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# SSH
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# HTTP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

# Temporarily allow access to MySQL
# If this machine is in production and the next line is not commented out, someone messed up
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -s 10.0.0.0/22 -j ACCEPT

# DENY EVERYTHING ELSE
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

if you change this file you have to restart the service:
service iptables restart

Installing Sugar Suite
http://www.sugarforge.org/frs/downlo...de_v401a.pdf]]
To install Sugar Suite 4.0, you need to do the following:
1. Download the Sugar files.
2. Copy the Sugar files to your web server.
3. Check and set the dependencies and requirements required by Sugar Suite. See the sub-sections, System Check Acceptance, Database Configuration, and Site Configuration, for more information.
4. Install Sugar with the Sugar Installation Wizard.
5. Log in to Sugar!

Download Sugar Files
To download the latest Sugar Suite files:
1. Go to http://www.sugarforge.org/content/downloads/
2. Click on the “SugarCRM 4.0 Latest Stable Full” link to download.

wget http://www.sugarforge.org/frs/downlo...uite-4.2.1.zip

unzip SugarSuite-4.2.1.zip
cd /SugarSuite-Full-4.2.1
mv *.* /var/www/html/
mv * /var/www/html/
mv htaccess /var/www/html/

Copy Sugar Files to Web Server
Once you’ve downloaded Sugar, you need to unzip the Sugar files and set permissions.
1. Locate your webroot directory on your web server. This is the directory on your web server where publicly accessible files are made available by your web server. Common locations for webroot includes:
* /var/www/html/ (Linux/Apache)
2. Unzip the Sugar Suite zip file into your webroot. A directory is automatically created within webroot.
3. Rename this directory if desired.
4. Set permissions on your Sugar files. The following directories, all subdirectories, and files must be made writable by your web server user:
* cache
* custom
* data
* modules
* config.php

chown -R apache cache/
chgrp -R apache cache/
chown -R apache custom
chgrp -R apache custom
chown -R apache data
chgrp -R apache data
chown -R apache modules
chgrp -R apache modules
chown -R apache config.php
chgrp -R apache config.php

Set PHP Memory Limit >= 32M
vi /etc/php.ini

memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)

Change to:
memory_limit = 64M ; Maximum amount of memory a script may consume (64MB)

Start and stop Apache service

service httpd stop
service httpd start

Warning: Your PHP configuration must be changed to allow files of at least 6MB to be uploaded. Please modify the upload_max_filesize value in your php.ini located at: /etc/php.ini

vi /etc/php.ini

Change to:
upload_max_filesize = 6M

Start and stop Apache service

service httpd stop
service httpd start

.htaccess
BY default .htaccess Sugar CRM can't change this file. And you will see an error in set 6 of the install.

chown -R apache .htaccess
chgrp -R apache .htaccess
chmod 644 .htaccess

Install Sugar with the Sugar Installation Wizard
Once you’ve copied the Sugar files into your webroot, you can now begin to use the Sugar Installation Wizard. The http:/// / directory on your server now corresponds to the Sugar URL that you will use to access the Installation Wizard. You should now be redirected to the Installation Wizard. Click Start to begin.
Note: At any time prior to accepting the Confirm Setting menu, you can modify any of your settings. To modify any
settings, click the Back button.
1. License Acceptance: Review the Sugar Public License and check “I Accept” to continue. Click Next when you are finished.
2. System Check Acceptance: In this step, Sugar checks a number of dependencies and system requirements. If all these checks pass successfully, you will be allowed to click Next and proceed to the next step. See the System Check Acceptance sub-section for more information
3. Database Configuration: In this step, Sugar configures its database information. You may also choose to populate demo data in this step. See the Database Configuration sub-section for more information.
4. Site Configuration: In this step, you set your Sugar URL, admin password, and other miscellaneous options. See the Site Configuration sub-section for more information.
5. Confirm Settings: Review the settings you provided to the Installation Wizard. To change any settings, click the Back button to visit previous steps. Note that you will not be able to modify settings after this point. Click Next to perform the setup.
6. Installation Log: Sugar attempts to install itself with the settings you have provided. The following occurs:
a. The configuration file config.php is created. If the file can’t be created due to a file permissions issue, then the config.php file contents are printed to the screen. Cut and paste these values directly into your config.php file.
b. The primary database tables are created.
c. The relationship tables are added and demo data (if applicable) is installed.
* After you install, the system prevents inadvertent re-installation. To re-install, change the installer_locked setting in the config.php file.
* Click Next to continue.
7. Registration: Registration is optional, but we always appreciate your feedback. Please take the time to fill out the registration form and send it to us. After clicking Send Registration, you should be redirected to the log in screen. If you choose not to register, click Finish to proceed to the log in screen.

Importing Data
Navicat 2004
Navicat 2004 can be used to import information into a MySQL for most files types.

1. By default mysql does not support remote access...
2. you will have to specify this in the server first, (ofcourse you will not be able to do this from a remote machine!!! unless you have remote desktop access)
3. To enable access from a client machine called nile, do the following after starting mysqld (or mysqld_safe) on the server, named delaware:

% mysql -u root -p
mysql> use mysql;
mysql> grant all privileges on *.* to usrname1@'%' identified by 'test' with grant option;
mysql> insert into host values('nile', '%', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
mysql> exit

Hope this helps you!

The user name, usrname1, and the password, test, should be replaced by the real value.
One can then run mysql on nile as follows:

% mysql --host=delaware --user=usrname1 -ptest

To restrict access to a user from a specific host, change '%' in the grant command to a valid hostname or ip address.

Mike's Blog

Eve Online

Shattered Crystal