July, 2008

[TLBAT] Intranet: Enumerate client computer groups and their members

So here we are…on the field

This is just a soft start, in this page we will create a page that shows the groups on the client computer that is surfing the ASP page and their relative members.

First we need to understand that this will work only in an environment where the security has been correctly set and on the IIS server for the directory where we will store the ASP files, the anonymous authentication has been disabled and the Windows authentication enabled. This must be done otherwise the pages will be run with the IUSR_xxxx account that has no privilege on the computers, if we enable the Windows authentication instead, the pages will be run by the logged on User.

Here is our first ASP page, copy the text below and paste it to your local_groups_members.asp page in the folder for the self service portal and run it.

==================================

<%@ language=”VBSCRIPT” %>

<%

Dim ComputerName

ComputerName = Request.ServerVariables(”REMOTE_HOST”)

%>

<html>

<head>

<meta name=”GENERATOR” content=”SAPIEN Technologies PrimalScript 3.1″>

<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″>

<title>[<% Response.Write ComputerName %>] Local Groups and their members</title>

</head>

<body>

<%

Set colGroups = GetObject(”WinNT://” & ComputerName & “”)

colGroups.Filter = Array(”group”)

Response.Write “<font face=tahoma size=3>”

Response.Write “Here is the list of the local Groups and their members for computer:<b>” & ComputerName & “</b><br><br>”

Response.Write “<table border=2 bordercolor=#006699>” & VbCrLf

For Each objGroup In colGroups

Response.Write “<tr><td bgcolor=’#006699′><font face=tahoma size=3 color=’white’> <b>” & objGroup.Name & “ </td></tr>” & VbCrLf

For Each objUser in objGroup.Members

Response.Write “<tr><td bgcolor=white><font face=tahoma size=2 color=’#006699′> ” & objUser.Name & “ </td></tr>” & VbCrLf

Next

Next

Response.Write “</table>” & VbCrLf

%>

</body>

</html>

==================================

[TLBAT] Let’s start our self-service Intranet section

In order to create our intranet section where the users will be able to obtain information about the user account, the groups they belong to and so on we will use ASP (Active Server Pages) and VBScript.

First we need that the Internet Information Server (IIS) is installed on the server that will host the intranet pages, we also need that ASP extension is enabled on the server and, obviously, that the pages will be secured.

Once we have installed the IIS and enabled the ASP extension, open the IIS manager disable the Anonymous access and enable Windows authentication; this must be done because doing so only domain users (or the ones that you will add/remove from the security tab, will be able to read these pages.

In one of my previous jobs where I was asked to manage the licensing for the company software I accomplished to this by managing the licenses only for users in certain groups so in order to do this I suggest you creating security groups for your licensed software (E.g. MSProject, MSAccess etc), by creating these groups it will be easy for you to add/remove the users to the groups and have them download/install the software only if they belong to this groups. So, for example, only if a user is a member of MSAccess will be enabled to access the Microsoft Access download and install page and, in the future, it will be easy for you to create your auditing scripts that will check which software the users have installed on their computer and if they have the right to do that.

In the next article we will start with a simple ASP page that will show which are the groups and their member present on the computer visiting the Intranet page.

[TLBAT] User’s home page

In a previous company I had a project that aimed at improving the relationship between IT and the rest of the world (the Users!) because at the moment when I started the project most of the employees thought that IT was spending too much with no visible benefit for the company.

The project was a complex one but at the end of it the satisfaction level grew up from ~60% to more than 85%!

A lot of actions were made at that moment, such as:

• Implementing costs visibility (and subsequent costs lowering) for telecommunications
• Better management of company’s software licenses
• Self service intranet pages and tools
• Many other stuff

In the next posts I’ll cover the idea and the design of a self service portal that you can build at no costs and that will give the users a feeling of “personalized solutions” and on the other hand will lower the calls load on your helpdesk.

Stay tuned and see how to pump up your environment!

It’s all about methodology

It doesn’t matter if you’re trying to understand why the server has EventID XXXX in the system log, it doesn’t matter if you are trying to identify what process is somesowftware.exe that is crunching your memory, it doesn’t even matter if you’re trying to understand what the user on the phone is trying to say while shouting on the phone “This thing doesn’t work!”. It’s all about methodology, once you have your consolidated path just follow it and this will lead you to the solution.

I’ve just changed job position, before I was an IT overall and I was working on development of vertical solutions for an ERP, design and management of Active Directories, end user support and so on; now I’m a Technical Support Engineer Level 2 and handle specific software’s issues by solving or escalating them. In both cases I do solve problems (Winston Wolfe!!!).

Whenever you have someone or something that shows you a problem always remember:

1. Listen what the problem is
2. Most of the times the user/customer doesn’t even know how to talk about the problem, keep on listening and try to catch the more information possible even if they are said in Aramaic
3. Have every logfile, screenshot or error description that you can from the user/customer
4. Try and reproduce the problem in your labs and try to understand who/what is the culprit
5. Research possible solutions on the internet, knowledge base, co-workers etc
6. Document everything like if you are talking to dummies
7. Solve/escalate the issue

This is my personal path and up to today it took me out of several problems. An example is in this new job position where if I don’t know yet the software I’m providing support for I’m providing support to customers and finding solutions to their problems or simply finding the right person to escalate the problem to.

As I said, it’s all about HOW you do it, sometimes it may be WHEN you do it but remember to seek your personal path and you will have your work done.

[TLBAT] System Information for Windows a.k.a. SIW

Whenever I need a great tool that can display tons of useful information on a Windows based computer this is the tool I use: System Information for Windows!

A lot of information well organized in folders by pertinence and exportable in HTML, CSV, XML, TXT formats…this is what you need!

Thank you Gabriel Topala for providing this great tool!

[TLBAT] Anti-malware tools

Hello folks, continuing on the path to save our low budget a matter that has to be faced is the detection and removal of virus, malware and spyware.

I normally tend to use professional tools for these delicate matters because of several considerations: when you BUY software you also have support, agreements, SLAs and so on; also by using a professional product you can easily centralize the management of your antivirus infrastructure by scheduling corporate scans, virus definitions updates and so on. But we won’t loose the spirit of the TLBAT section and I’ll provide you suggestions on some freeware tools that you can use to protect your network.

The tools are:

1. Grisoft’s AVG antivirus
2. SpyBot Search & Destroy
3. HiJackThis
4. Microsoft malware removal tool

AVG is an antivirus software and here I won’t spent too much words; SpyBot S&D has to be used when you suspect that spyware or malware is installed on your computer, this software has automated removal procedures and is easy to use; HiJackThis is a more pro-skilled software because it searches in several places in your computer looking for BHO (Browser Helper Objects), hijackers (ex. you want to surf to yahoo.com but it redirects you to malware.com) and registry entries. Seen that the informations catched by HiJackThis are sometimes in critical components of your system please be really careful of what you are removing!! For the Microsoft Windows Malicious Software Removal Tool, this is a software that helps for removing most known virii (plural of virus) such as Blaster, Sasser, and Mydoom and so on.
My 2 cents: these tools, the HoneyPot described in a previous article and the patch/update control server (WSUS) can be affordable in protecting your network…but don’t forget this principle “A security-relaxed SysAdmin is the weakest entry point in a structure” so never, I say never, deploy your tools and think “I’m safe now” because it will come the day in which your network is infected by all kind of virii , malware, pornware and whateverware!!!

Stay tuned and keep on reading this blog.

Organize your thoughts!

Projects, ideas, ToDos and so on… lots of stuff to remember and organize in your mind. It may sometimes end that your stuffs mess up and there’s a big chaos…don’t worry there’s a geek solution to this and this is called TheBrain!

I used it in the 90s and then after the nth PC format I lost it but today, while trying to organize my mind, I reminded about this great tool and found it again.

You can create thoughts with sub-thoughts, links, attachments, notes etc. and then save it for later use or share it with your peers in the form of HTML page or ZIP it for email.

Hereafter a screenshot on my Service Requests view

IT Health tips

In the previous entries I’ve talked about how to create a pretty professional IT environment spending the less money possible; in this post I’ll face another issue regarding the IT: safeguard the IT personnel (you, that one is you!!!) health with some suggestions taken from an article on TechRepublic.

Guys always remember these basic things:

1. If you’re healthy, your IT systems will have a chance to be correctly managed;
2. If you’re relaxed your mind will have a better approach to problems.

So always keep yourself healthy and relaxed; we know that sometimes IT projects will keep you up to late night or worst till 4 AM but after finishing the project or reaching a milestone always remember to take some time for you. Relaxing for a day or two won’t affect your project performance but simply give it a boost!!!

Back to the TechRepublic article I strongly suggest you to read it and apply the suggestions.

Take care and stay tuned!