Daily IT Matters [DIM]

Daily IT Matters, this is the place where I post my daily findings on IT.

Wednesday, July 30, 2014

Find user accounts who do not require Kerberos PreAuthen

This is just a simple one.

I had to find users who did not had the preauthentication option checked.
Read more here: http://technet.microsoft.com/en-us/library/bb742516.aspx

Get-ADUser -LDAPFilter "(&(objectclass=user)(objectcategory=user)(useraccountcontrol:1.2.840.113556.1.4.803:=4194304))"

Thursday, February 14, 2013

How to stay ahead with your home pc security

This article is about security and how to minimize your exposure to malware / virusses / trojans.
Keep in mind that this article is written for the home user and not for the large companies with for example Checkpoint Firewalls with IPS blades, and with SCCM 2012 with integrated CSI, forefront etc....

This is about the average joe who wants to stay secure while browsing the World Wide (War) Web.

The first thing to achieve the above goal, is to keep you off from malicious sites who deploy trojans, try to run botnets etc etc.... for this I use OpenDNS.

  • Speed up your Internet experience
    OpenDNS’s 12 global data centers are strategically located at the most well-connected intersections of the Internet. Unlike other providers, OpenDNS’s network uses sophisticated Anycast routing technology, which means no matter where you are in the world, your DNS requests are answered by the datacenter closest to you. Combined with the largest DNS caches in the industry, OpenDNS provides you with DNS responses faster than anyone else.
  • Make your Internet more reliable
    With our extensive data center footprint and use of Anycast technology, the OpenDNS network has built-in redundancy ensuring zero downtime. SmartCache technology, an OpenDNS innovation, enables you to access sites that may otherwise be inaccessible due to authoritative DNS outages, providing you with the most reliable Internet possible.
  • Improve your security
    OpenDNS owns and operates PhishTank, the largest clearinghouse of phishing information on the Internet. OpenDNS incorporates PhishTank into its services to protect you from fraudulent websites that attempt to steal your personal information and money. In addition, OpenDNS provides protection against two of the most pervasive Internet security threats that continue to infect millions of users — Conficker, the largest botnet, and Internet Explorer exploits.
  • Gain visibility into your network usage
    OpenDNS’s reports provide you with visibility on your networks' Internet activity, giving you needed insight into how your Internet resources are being used.

RDP Authentication issues Windows 2008 R2

Today we had a nasty encounter with sudden access denied on RDP connection to our Terminal Server Farms.

The day started that users could not connect to our Navision environment, this environment constists of an Terminal Server farm with an SQL 2008 Cluster. After analyzing first symptoms we saw that the SQL Cluster had failed over but that the quorum disk was stil on the Node that had "sudden" issues.

Thus we gracefully brought the faulty node down through Cluster Manager and started it up again.
In the meantime we were notified that there were still issues, then we saw profile redirection errors caused by a faulty location and permissions of the user profile location. We left the profiles at default location and focussed on the permissions we fixed them, and users started to report that they could log in again.

But now problems started to appear out of now where users could not connect to our other Terminal Servers farms for other application, we where now more then 3 hours after the initial problems appeared.
While trying to find several causes for these issues we focused on the first symptoms that were reported, we should not have done that but that is with hindsight.

We focussed on Kerberos issues because we have a mixed 2003 and 2008 forest and 50 domains, we sometimes run into the infamous KDC ticket being to large. We now set it to 48000 as per microsoft recommendation for windows 2012 with its base http encoding that it no longer can be set at its largest dword value it can take.
Read this for Kerberos changes in 2012 it will save you in large environments.

But we came to the conclusion it was not the rootcause, simultaniously we started to suspect group policy changes but checking the change date for all applied policies ruled that out rather quickly.

After pinpointing the problems to a single datacenter we realized what just had happened, it was the BlueCoat that was causing the problems, the day before it was put back in service after former issues.

Bypassing the Bluecoat solved the issues.....

pwhmmmmwwwwweeh.. what a day in the office

How to Upload to multiple stocksites at once for free with Adobe Lightroom [Part 1 of 2]

Ever since I've starting to upload my photo's to some microstock sites I always have been looking for the easiest and fastest way possible to upload them to the microstock sites I'm on.

The reason I upload my photo's to multiple microstock sites lies in the fact that you only can make some money if you upload either a lot photo's or some photo's to a lot of microstock sites. Since I don't have a lot of photo's to upload to microstock sites I choose the latter, I upload to a lot of microstock sites.

When you do the math it becomes obvious. Lets say I have 20 photo's that are good enough to upload to microstock sites and I upload them to 25 microstock sites I have effectively the same exposure as with 500 photo's But do it with 500 photo's and you reach a whopping 12500 photo's online. So in order to put in a year 12500 photo's online you only have to shoot 5 decent pictures in a weekend that you can upload to a microstock site.

I almost forgot to tell you how I came by the number 5, A year has 365 days divide that by 7 weekdays ~ 52 multiply that number by the days of a weekend 2 and you get 104 days. In 104 days you have to shoot 500 pictures to get 12500 pictures online. In fact you have to shoot 5 every weekend. That is more manageable than the sheer amount of 12500.


Photoshop Lightroom
Photoshop Lightroom Development Kit
Export Manager


Tuesday, May 15, 2012

[Solved] Avira keeps it quiete about the mess they made...

Solution below

I was having some problem since yesterday that my DllHost.exe process was blocked by Avira.
I suspected that I was infected with some kind of worm, which is odd since I run several layers of security to prevent this.

Today I had enough and sought after a solution on the internet, I was dumbfounded to find this.

Please Note its in German and it published 10:44 +1 GMT (DST)

Sehr geehrter Avira Nutzer,

nach dem Produktupdate der Avira Software werden diverse Anwendungen als gefaehrlich eingestuft und von der Komponente ProActiv blockiert. Unsere Entwicklung arbeitet derzeit mit Hochdruck an einem automatischen Update zur Beseitigung des Fehlers. Damit Sie Ihren Computer wieder wie gewohnt benutzen koennen haben wir 2 Loesungsvorschlaege die wir Ihnen im Moment anbieten koennen:

Loesung A: ProActiv deaktivieren

1. oeffnen Sie das Avira Control Center
2. druecken Sie die Taste "F8" um die Konfiguration zu oeffnen
3. aktivieren Sie links oben den Expertenmodus falls dieser noch nicht aktiv ist
4. oeffnen Sie die Option "Echtzeit Scanner -> ProActiv
5. entfernen Sie den Haken bei "ProActiv aktivieren"
6. schliessen Sie das Fenster mit dem "OK" Button
7. starten Sie den Computer neu

Loesung B: ProActiv Ausnahmen erstellen

Hierzu haben wir bereits einen Eintrag in unserer Wissensdatenbank der die Vorgehensweise beschreibt:


Wir werden Sie informieren sobald das automatische Update verfügbar ist um die Erkennung zu korrigieren. Danach können Sie ProActiv wieder über den selben Weg wie oben beschrieben aktivieren. Die Ausnahmen sind danach nicht mehr notwendig.
Stefan Berka
Avira Operations GmbH & Co. KG

Es werden keine unangeforderten Supportanfragen per PN beantwortet. Bitte nutzen Sie den ihrem Produkt entsprechenden Bereich im Forum.
There is no support for unsolicited PM requests available. Please use the board section which accords to your product.


Solution is to manually update Avira (via the control center) and then do reboot.
I have no clue why Avira keeps playing the silent game here.

Friday, May 11, 2012

Const ForReading = 1

Dim arrTapes()
Redim arrTapes(1)
strPrevTapeNumber = "xxxx"

Dim objDictionary
Set objDictionary = CreateObject("Scripting.Dictionary")

'Reading Arguments from the commandline
Set args = WScript.Arguments
argTapesExportFile = args.Item(0)
argPoolName = args.Item(1)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(argTapesExportFile, ForReading)

Do While objTextFile.AtEndOfStream <> True
  strLine = objtextFile.ReadLine
  If inStr(strLine, argPoolName) Then
    strTapeNumber = Mid(strLine,InStr(strLine,argPoolName) - 7,7)
      if not inArray(arrTapes,strTapeNumber) then
        redim preserve arrTapes(ubound(arrTapes)+1)
        arrTapes(ubound(arrTapes)) = strTapeNumber
        wscript.echo arrTapes(ubound(arrTapes))
      end if
   End If
   strPrevTapeNumber = strTapeNumber

function inArray(a,value)
  for each v in a
    if v = value then
     inarray = true
     exit function
   end if
end function

Restore Exchange 2003 Database from Dirty Shutdown

Friday, normally a very quiet day, today was going to be different than I had anticipated.

I got in the in office and overheard a collegue, talking with a sysadmin from a subdivision about an exchange server. Damn I knew it immediately it was the one from yesterday that wend down 30 times in 12 hours.
They had replaced the systemboard, and where now knocking on our doors for help because the Mailbox database wouldn't mount, and before I even got a cup of coffee I was on the phone and started the rdp session to the server. Our exchange environment consists of about 135 exchange 2003 servers. But the one I now needed to rdp to I knew the hostname already.

On the phone with the sysadmin I started the needed actions, and I've written them down so it maybe helps someone in the future.

This article explains all the steps you need to take to be a bring a exchange 2003 mailbox store that is in a "Dirty" Shutdown state back to life.

Actions performed for exchange 2003 dirty shutdown restore.

1. Bring the server gracefully down.

This to let exchange try to automatically forward the logs
into the store after the clean reboot.

2. Ran the following command to check the state of both mailbox store database and public folder database.

eseutil /mh "E:\Exchsrvr\FirstStorageGroup\PFStore1\PFStore1.edb"
eseutil /mh "E:\Exchsrvr\FirstStorageGroup\MBStore1\MBStore1.edb"

Output from the MBStore1 was mailbox state was "Dirty Shutdown"

And the Repair Count was 0 and the last fullbackup was from 5/9/2012 21:30:14

3. Ran the following command on the logs, to check if the log files are all ok, this to make sure a soft repair will work.

eseutil /ml "D:\Exchsrvr\FirstStorageGroup\Logs\E00"

Output was ok logs are valid, so we can start with a "soft repair"

4. Eseutil /r E00 /l "D:\Exchsrvr\FirstStorageGroup\Logs" /d "E:\Exchsrvr\FirstStorageGroup\MbxStore1\MbxStore1.edb"

Operation terminated with error -1216 (JET_errAttachedDatabaseMismatch, An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info) after 44.62 seconds

5. Due to the error above I had to ignore streaming errors by adding the /i switch.

Eseutil /r E00 /l "D:\Exchsrvr\FirstStorageGroup\Logs" /d "E:\Exchsrvr\FirstStorageGroup\MbxStore1\MbxStore1.edb" /i

After this I started ESM and mounted both the mailbox store en public folder store without errors.

Wednesday, April 11, 2012

How to save your work from a system drive with Bitlocker

This is real small tip but a very crucial one.
When you have bitlocker on your systemdrive and somehow your windows installation becomes corrupt then this is the procedure on how to access your data still on the systemdrive.

1. Get the system drive physically out of your system.
2. Attach the drive to another system running windows.
3. When you want to access your data browse to the drive and access it like your reguraly do.
4. You will be prompted to type your PIN.

You can see that this only will work when you know your PIN.

Wednesday, January 27, 2010

New Virus causes Havoc!


the reason I show you the below commands is that the remover executes these commands.
However there is an Error it doesn't stop the Service MStart first therefor sc delete will fail.

I hope this will help you

sc stop UnzipService
sc stop Mseu
sc stop MStart
sc delete UnzipService
sc delete Mseu
sc delete MStart
ren C:\Windows\System32\Mseus.exe Mseus.exe.vir
del /Q /F C:\Windows\System32\Drivers\Mseu.sys
del /Q /F C:\Windows\System32\Drivers\Mstart.sys
del /Q /F C:\Windows\System32\ainf.inf
del /Q /F C:\Windows\System32\tokset.dll
del /Q /F "C:\Program Files\Dump\Dump.exe"

Thursday, January 21, 2010

script to export tapes from Eternus i500 Scalar Fujitsu

:: Script om tapes te exporteren vanuit de robot naar de mailsloten
:: Version History
:: 2009/12/11 version 1 Teus
:: 2010/01/11 version 2 Teus

@echo off

:: GENERAL HOUSEKEEPING ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: Set Script Paths

SET scriptpath=E:\centricstor
SET outputpath=E:\centricstor\out
SET cygwinpath=E:\cygwin\bin
SET robotip=root@
SET vmquery_path="e:\program files\veritas\volmgr\bin\vmquery"

:: Set Script Output Files

set logicaltapes=%outputpath%\logical_tapes.txt
set physicaltapes=%outputpath%\Physical_tapes.txt
set ioslots=%outputpath%\io_slots.txt
set physicaltapesout=%outputpath%\physical_tapes_out.txt
set tapestovault=%outputpath%\tapes_to_vault.bat

:: Set Script Files

set volumepools_netbackup=%scriptpath%\volume_pools_netbackup.txt
set volumepools_centricstor=%scriptpath%\volume_pools_centricstor.txt
set dates_script=%scriptpath%\date_today_prev_bprev.vbs
set sortTapes=%scriptpath%\read_tapes.vbs

:: Benodigde Files indien niet aanwezig script niet uitvoeren.

IF NOT EXIST %dates_Script% CALL :FOUTEBOEL %dates_script%
IF NOT EXIST %volumepools_netbackup% CALL :FOUTEBOEL %volumepools_netbackup%
IF NOT EXIST %volumepools_centristor% CALL :FOUTEBOEL %volumepools_centristor%
IF NOT EXIST %sortTapes% CALL :FOUTEBOEL %sortTapes%

:: Als de volgende bestanden bestaan dan deze verwijderen.

IF EXIST %logicaltapes% del /q %logicaltapes% >nul
IF EXIST %physicaltapes% del /q %physicaltapes% >nul
IF EXIST %tapestovault% del /q %tapestovault% >nul
IF EXIST %ioslots% del /q %ioslots% >nul
IF EXIST %physicaltapesout% del /q %physicaltapesout% >nul

:::::::::::::: END HOUSEKEEPING :::::::::::::::::::::::::

:: Actual Script
:: Kijken of er voor de netbackup pools tapes zijn gebruikt in de laatste 3 dagen.

FOR /F %%i in (%volumepools_netbackup%) DO (
FOR /F %%a in ('cscript /nologo %dates_Script%') DO (
FOR /F "delims=, " %%x in ('"%vmquery_path% -pn %%i -bx |findstr /i "%%a""') DO (
echo %%x >> %tapes%

:: Todo bepalen welke pool er geexporteerd moet worden

FOR /F %%x in (%volumepools_centristor%) DO (
FOR /F %%a in (%tapes%) DO (
%cygwinpath%\ssh %robotip% plmcmd query -v %%a | findstr /i "%%x" >> %physicaltapes%

:: Tapes sort script / ontdubbelen

start /wait %sortTapes%

:: commando maken om PV op vault te zetten voor export.

FOR /F "tokens=1,2 delims=, " %%a in (%physicaltapesout%) do echo %cygwinpath%\ssh %robotip% plmcmd conf –E –V %%a -G %%b >> %tapestovault%

:: commando uitvoeren om PV op vault te zetten voor export.

start /wait %tapestovault%

:: Inventory Jukebox

FOR /F %%a in (%physicaltapesout%) do (
%cygwinpath%\ssh %robotip% jukeadm /dev/fsc/CentricStor/c16t000073l1 l s | findstr /i %%a >> %ioslots%

:: Verplaatsen tapes naar I/O slot

SET count=0
FOR /F "delims=:, " %%a in (%ioslots%) do (
Call :s_count %%a
GOTO :eof

%cygwinpath%\ssh %robotip% jukeadm /dev/fsc/CentricStor/c16t000073l1 m s %1 i %count%
set /a count+=1
GOTO :eof



echo %1 niet aanwezig


CentricStor i500 Scalar [Tape handling]

This is script is created to easy the tapehandling of Quantum i500 scalar robot in combination with a centricstor.

All you have to do now is to insert the tapes in IO, then on the screen hit library.
tapes are now available for the library. We now need to assign the tapes in IO to the Library. And then to a Volume Group.

1. jukeadm /dev/fsc/CentricStor/c16t000073l1 l s
this command lists all slots from the library.
2. jukeadm /dev/fsc/CentricStor/c16t000073l1 l i
this command lists all IO slots
3. jukeadm /dev/fsc/CentricStor/c16t000073l1 m i s
this command moves a tape from IO to a Slot in the library
4. plmcmd conf -I -V -G

'Script om tapes te importeren.
'De tapes worden vanuit IO sloten naar sloten in de robot geplaatst.

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Dim oShell
Dim oShell2
Dim bIOSlotFound
Dim inpPoolName

iCounter = 0
inpPoolName = "XXXXXX"
bPoolFound = False

strEmptySlotsPath = "e:\centricstor\out\empty_slots.txt"
strUsedIOPath = "e:\centricstor\out\used_io_slots_tapenumbers.txt"
strPoolsCentricStore = "e:\centricstor\volume_pools_centricstor.txt"

'Lees de file volume_pools_centricstor in 2x 1x in een Array en later in een textObject.
Set objFSO3 = CreateObject("Scripting.FileSystemObject")
Set objTextFile3 = objFSO3.OpenTextFile(strPoolsCentricStore, ForReading)

strPools = objtextFile3.ReadAll
arrPools = Split(strPools, vbNewLine)

'Lees de file voor een 2x in.
Set objTextFile3 = objFSO3.OpenTextFile(strPoolsCentricStore, ForReading)

'Hier vragen we de poolnaam uit.
Do While (objTextFile3.AtEndOfStream <> True) And (bPoolFound = False) Or (Len(inpPoolName) < 6)
strLine3 = objtextFile3.ReadLine
If InStr(strLine3,inpPoolName) Then
bPoolFound = True
WScript.Echo "Beschibare Pools"
WScript.Echo ""
For i = 1 To UBound(arrPools)
WScript.Echo arrPools(i)
inpPoolName = UCase(InputBox("Geef de poolname op waar je de tapes wilt plaatsen:"))
End If

If Not bPoolFound Then 'Pool komt niet voor
WScript.Echo inpPoolName & " komt niet voor, geef juiste poolnaam op"
End If

'' Request Slot list and IO Slots from robot.
'' and create text file containing those lists.
'' Then read the created text files
Set oShell = wscript.createobject("wscript.shell")

oShell.Run "cmd /c E:\cygwin\bin\ssh root@ jukeadm /dev/fsc/CentricStor/c16t000073l1 l s > e:\centricstor\out\empty_slots.txt"
WScript.sleep 20000 'Dit om de robot tijd te geven om de output te maken
oShell.Run "cmd /c E:\cygwin\bin\ssh root@ jukeadm /dev/fsc/CentricStor/c16t000073l1 l i > e:\centricstor\out\used_io_slots_tapenumbers.txt"
WScript.sleep 20000 'Dit om de robot tijd te geven om de output te maken

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strEmptySlotsPath, ForReading)

Set objFSO2 = CreateObject("Scripting.FileSystemObject")
Set objTextFile2 = objFSO2.OpenTextFile(strUsedIOPath, ForReading)

Do While objTextFile.AtEndOfStream <> True
strLine = objtextFile.ReadLine
If InStr(strLine,":") = 5 Then ' Als er op positie 5 een ':' staat dan is het een slot.
'Dit is een slot in de output
iSlotnr = cleanString(Mid(strLine,1,4))
iTapenr = cleanString(Mid(strLine,7,6))
If iTapenr = "" Then 'Destination slot gevonden
bIOSlotFound = False
Do While bIOSlotFound = False And objTextFile2.AtEndOfStream <> True
'Escape from while loop if
If iCounter = 1000 Then
bIOSlotFound = True
End If
strLine2 = objtextFile2.ReadLine
If InStr(strLine2,":") = 5 Then ' Als er op positie 5 een ':' staat dan is het een slot.
iSlotnrIO = cleanString(Mid(strLine2,1,4))
iTapenrIO = cleanString(Mid(strLine2,7,6))
If Not iTapenrIO = "" Then '
bIOSlotFound = True
oShell.Run "cmd /c E:\cygwin\bin\ssh root@ jukeadm /dev/fsc/CentricStor/c16t000073l1 m i " & iSlotnrIO & " s " & iSlotnr & ""
WScript.sleep 20000
oShell.Run "cmd /c E:\cygwin\bin\ssh root@ plmcmd conf -I -V " & iTapenrIO & " -G " & inpPoolName
WScript.sleep 20000
End If
End If
icounter = icounter + 1
End If
End If


Function cleanString(theString)
strAlphaNumeric = "0123456789"'Used to check for numeric characters.
For i = 1 to len(theString)
strChar = mid(theString,i,1)
If instr(strAlphaNumeric,strChar) Then
CleanedString = CleanedString & strChar
End If
CleanTheString = CleanedString
End Function

Set oShell = Nothing
Set objFSO = Nothing
Set objFSO2 = Nothing
Set objFSO3 = Nothing