tech blog

1. Getting new popups every 5 seconds
2. Internet homepage is now something similar http://www.nigerianscampharmacia.co.za
3. After typing google.ca into your webbrowser you go somewhere other than google.
4. Workstation is REALLY slow. Attempts to kill the processes that are using up all the memory and processing power fail
5. If there are new programs installed on your workstation like “Antivirus 2010” that you did not install.
6. Your antivirus software is disabled
7. Applications lock up or crash for no apparent reason
8. You cannot access certain drives
9. You cannot print

//taken from mobydisk.com

Remote Desktop, Unsafely

Many people use the Windows XP Professional remote desktop feature to gain easy access to their home PCs. But opening up a connection to an administrator account on your system is very dangerous. Just by opening the port on my firewall I received several logon attempts, from various countries, within a week. Free tools exist that assist hackers with breaking into Windows Remote Desktop connections. Fortunately there are a few simple steps you can take to protect yourself:

Remote Desktop, Safely

Limit users who can log on remotely

First, only allow certain users remote desktop access. Go to the Control Panel, then system, then the Remote tab.

From there, enable “Allow users to connect remotely to this computer.” Then, click “Select Remote Users.”

Here, add only the users who you want to be able to log in remotely. If you are super-secure, you can set this to a standard user account, and force yourself to run as a normal user. This is a very difficult way to run Windows since many applications assume the user has Administrator rights, so I leave that decision up to you.

Unfortunately for you, that setting didn’t do a thing! You will find that you can still log on as any administrator account. To make things complicated, Microsoft defaults to the least secure setting possible while hiding this fact from the user. You will need to go to another location to change the real list. Click Start – Programs – Administrative Tools – Local Security Policy. If you can’t find it, you can also do Start – Run – enter “%SystemRoot%\system32\secpol.msc /s” – Ok.

Under Local Policies – User Rights Assignment, there is a line that says “Allow logon through Terminal Services.” And just next to it is “Administrators, Remote Desktop Users.” Aha! Too bad it didn’t show “Administrators” in the other screen. Double-click this setting and remove “Administrators.” If you want an administrator to have access, just add them explicitly through the other screen.

Set an account lockout policy

There are already tools that will use brute-force to guess passwords and log-on remotely. You cannot stop this, but it can be minimized by setting an account lockout policy. If someone tries to guess the password, then after a few guesses they will be locked out for a period of time. This can make hours or days of guessing become centuries. That makes it infeasable to brute-force into your system.

From the same Local Security Policy screen from before, go to Account Policies – Account Lockout Policy.

Account lockout threshhold: This is the number of failed logon attempts before the user is locked-out. Three is usually sufficient to indicate someone is trying to break in.

Reset account lockout counter after: For a typical home system, set this setting to be the same as the Account Lockout Duration below.

Account lockout duration: This is how long the user will be unable to logon after several failed attempts. Even a few minutes will significantly reduce the possibility of a remote brute-force attack. For a home system, any more than a few minutes can be frustrating. You may come home to find your account is locked-out because of some joker guessing passwords. Adjust the setting to your own tolerance. Setting this value to zero means to lock the account until it is manually unlocked.

To manually unlock an account you must logon as another administrator user (preferably one without remote desktop access). Then go to Start – Programs – Administrative Tools – Computer Management – Local Users and Groups. Click on the individual user and uncheck the “account is disabled” check box. You may then log on as that user.

Require Passwords and 128-Bit Encryption

For compatibility with older, weaker, less-secure clients, Windows XP defaults to allowing minimal or no encryption on remote desktop connections. If you are connecting with older software, upgrade it. If you are connecting with the PocketPC Terminal Services Client, then this setting won’t work for you since that client does not support high encryption.

Click Start – Run – “%SystemRoot%\system32\gpedit.msc /s” to get to the Group Policy Editor. I don’t know how to get there any easier than that, so you might want to add an icon for it to your Administrative Tools.

From here, go to Computer Configuration – Administrative Templates – Windows Components – Terminal Services – Encryption and Security.

You can change the “Set client connection encryption level” from “Not Configured” to “Enabled” and “High Level” to force the client to use 128-bit security. This protects your passwords as well as anything transmitted during your terminal service session.

Enabling “Always prompt client for password upon connection” prevents the remote user from saving the password on the client computer and avoiding the password prompt. Saving passwords is generally a dangerous setting since the password is now on another computer, and because it allows the user to forget it.

Change the TCP Port

You can move the terminal services port from 3389 to another port by changing the registry key at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber

You will then need to specify the port when you connect to your system. Connect with something like “my.computerathome.com:1234″ instead of “my.computerathome.com”

IP Address White List

Windows Firewall allows you to limit which IP addresses have access to remote desktop. To do this, open the Control Panel and run Windows Firewall. Select the Exceptions tab and make sure “Remote Desktop” is checked.

Click the “Edit” button and you will see a list of TCP ports. Windows Firewall assumes that Remote Desktop lies on port 3389. If you changed the port number, you will need cancel this screen and instead click “Add Port” and create a entry with the port number you used.

Click the “Change Scope” button. From this screen, you can limit to the local network, or to a specific set of IP addresses.

Thanks to Nick for this tip!

Prevent a MITM Attack

Remote desktop is encrypted, which makes it more secure than many simplistic VNC implementations. However, without additional security Remote Desktop is vulnerable to a man-in-the-middle attack because it does not use a certificate to authenticate the server like SSL/SSH does. That means that if you connect to a your system via remote desktop, there is no guarantee that the conversation is not recorded and your passwords are not guaranteed to be safe, even though the session is encrypted.

On Windows XP, there is no built-in support for secure certificates in remote desktop. Therefore, to close this security hole you must use SSH tunneling over a VNC connection. However, Windows Server 2003 provides an enhanced version of terminal services that supports security authentication via TLS. For this to work, you must be using an updated version of the Remote Desktop Client software. You must also configure Windows Server 2003 to use a certificate as described in the Microsoft Knowledge Base article.

Monitor Log Files

The Event Viewer logs failed login attempts and account lockouts. You can periodically check this to see if anyone is trying to get in. If your firewall keeps logs (Windows Firewall does) then you can use these to see when someone tries to connect.

So after much waiting RIM finally updated the client for Facebook. The update includes a greater integration with the Inbox on the Blackberry Device as well as an integration with the Contacts. The facebook application even updates your contact photos.

Users can download the new version here

You can also go to mobile.blackberry.com on your blackberry device to download the new version

Last week Microsoft released the new beta for the new version of Exchange….

Among the new features:

-MailTips. Warn users before they commit an e-mail faux pas such as sending mail to large distribution groups, to recipients who are out of the office or to recipients outside the organization, helping protect against information leaks and reduce unnecessary e-mail messages.

-Voice Mail Preview. See text previews of voice mail directly in Outlook.

-Ignore Conversation. This e-mail “mute button” allows people to remove themselves from an irrelevant e-mail string, reducing unwanted e-mail and runaway reply-all threads.

-Conversation View. Combine related e-mail messages in a single conversation to reduce inbox clutter.

-Call Answering Rules. Create customized “Press 1 for …” call-routing menus with Exchange voice mail.

-Consistent Experience. Use Outlook on the PC, a mobile phone or a browser for the same experience with enhancements in Outlook Mobile and Outlook Web Access.

A itworld canada site gives average income of similar positions in your geographical area..

http://www.itworldcanada.com/salarycalculator/calculator.aspx

After months and months of waiting the Blackberry App World finally opened. I will admit I had low expectations of the Blackberry version of the Apple App Store.  However, when the store opened last night at 9pm PST. I admit I was quite impressed. Lots of new applications including several free offerings , including the Poynt application and the Shazam Application  which was the focus of an Apple commericial for the iPhone. I’m excited to see what new applications come to the store in the next few months and today i’m really glad I own a blackberry…

Blackberry App World

So I realize I have spend the last 6 months without an update. This is not to say that I haven’t learned anything or nothing new has happened in the technological world. It’s well I just got busy… Look forward to more regular updating from now on.

So there is a time in every organization where an employee who was involved in everything leaves. He/She was an integral part of many different projects and it comes time to remove them from the Exchange Organization.

You done all the standard stuff that you have been required to by various laws and regulations. You have archived the users mail. You have made sure that all of their files are backed up and stored safely. Before you hit Remove Mailbox in the Exchange Management Console let me tell you a little story about disconnected mailboxes.

Disconnected Mailbox Storage is the Recycle Bin for Exchange Organizations. It allows the Exchange System Administrator to go “Oh Crap we still needed that”. When you click remove mailbox it doesn’t actually remove the mailbox. It just moves the mailbox to the ‘Disconnected Mailboxes Grouping’ the time that Exchange holds the mailbox before permanently deleting the mailbox is 30 days. For most users this works out perfectly.

There is however a time and a place where you will want to remove all instances of that user from your Exchange organization. This scenario would be like the one I described above. Where the user who is being removed was receiving meeting requests for the Project Manager and answering vacation emails for the Vice President but never removed the delegation. If you simply remove the mailbox the delegations will remain and cause bounced email for every meeting request. To solve this problem there is a very simple Exchange Powershell Command that goes like this:

Remove-Mailbox -Identity contoso\john -Permanent $true

Exchange Shell will then ask if you want to remove associations. The answer to that question is Yes to all.

The powershell command will complete and it will be like the mailbox was never in the Exchange Organization.

Thanks to Richard Casselberry for this article 

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/06/02/23FE-how-to-fire-IT-staff-skills-list_1.html

1. Be able to fix basic PC issues. These can be how to map a printer, back up files, or add a network card. You don’t need to be an expert and understand how to overclock a CPU or hack the registry, but if you work in IT, people expect you to be able to do some things.

[ If you have IT staffers who aren't up to snuff, fire them. Learn how to do it right. ]

2. Work the help desk. Everyone, from the CIO to the senior architect, should be able to sit down at the help desk and answer the phones. Not only will you gain a new appreciation for the folks on the phones, but you will also teach them more about your process and avoid escalations in the future.

3. Do public speaking. At least once, you should present a topic to your peers. It can be as simple as a five-minute tutorial on how IM works, but being able to explain something and being comfortable enough to talk in front of a crowd is a skill you need to have. If you are nervous, partner with someone who is good at it, or do a roundtable. This way, if you get flustered, someone is there to cover for you.

4. Train someone. The best way to learn is to teach.

5. Listen more than you speak. I very rarely say something I didn’t already know, but I often hear other people say things and think, “Darn, I wish I knew that last week.”

6. Know basic networking. Whether you are a network engineer, a help desk technician, a business analyst, or a system administrator, you need to understand how networks work and simple troubleshooting. You should understand DNS and how to check it, as well as how to ping and trace-route machines.

7. Know basic system administration. Understand file permissions, access levels, and why machines talk to the domain controllers. You don’t need to be an expert, but knowing the basics will avoid many headaches down the road.

8. Know how to take a network trace. Everyone in IT should be able to fire up wireshark, netmon, snoop, or some basic network capturing tool. You don’t need to understand everything in it, but you should be able to capture it to send to a network engineer to examine.

9. Know the difference between latency and bandwidth. Latency is the amount of time to get a packet back and forth; bandwidth is the maximum amount of data a link can carry. They are related, but different. A link with high-bandwidth utilization can cause latency to go higher, but if the link isn’t full, adding more bandwidth can’t reduce latency.

10. Script. Everyone should be able to throw a script together to get quick results. That doesn’t mean you’re a programmer. Real programmers put in error messages, look for abnormal behavior, and document. You don’t need to do that, but you should be able to put something together to remove lines, send e-mail, or copy files.

11. Back up. Before you do anything, for your own sake, back it up.

12. Test backups. If you haven’t tested restoring it, it isn’t really there. Trust me.

13. Document. None of the rest of us wants to have to figure out what you did. Write it down and put it in a location everyone can find. Even if it’s obvious what you did or why you did it, write it down.

14. Read “The Cuckoo’s Egg.” I don’t get a cut from Cliff Stoll (the author), but this is probably the best security book there is — not because it is so technical, but because it isn’t.

15. Work all night on a team project. No one likes to do this, but it’s part of IT. Working through a hell project that requires an all-nighter to resolve stinks, but it builds very useful camaraderie by the time it is done.

16. Run cable. It looks easy, but it isn’t. Plus, you will understand why installing a new server doesn’t really take five minutes — unless, of course, you just plug in both ends and let the cable fall all over the place. Don’t do that — do it right. Label all the cables (yes, both ends), and dress them nice and neat. This will save time when there’s a problem because you’ll be able to see what goes where.

17. You should know some energy rules of thumb. For example: A device consuming 3.5kW of electricity requires a ton of cooling to compensate for the heat. And I really do mean a ton, not merely “a lot.” Note that 3.5kW is roughly what 15 to 20 fairly new 1U and 2U servers consume. One ton of cooling requires three 10-inch-round ducts to handle the air; 30 tons of air requires a duct measuring 80 by 20 inches. Thirty tons of air is a considerable amount.

18. Manage at least one project. This way, the next time the project manager asks you for a status, you’ll understand why. Ideally, you will have already sent the status report because you knew it would be asked for.

19. Understand operating costs versus capital projects. Operating costs are the costs to run the business. Capital equipment is made of assets that can have their cost spread over a time period — say, 36 months. Operating costs are sometimes better, sometimes worse. Know which one is better — it can make a difference between a yes and no.

20. Learn the business processes. Being able to spot improvements in the way the business is run is a great technique for gaining points. You don’t need to use fancy tools; just asking a few questions and using common sense will serve you well.

21. Don’t be afraid to debate something you know is wrong. But also know when to stop arguing. It’s a fine line between having a good idea and being a pain in the ass.

22. If you have to go to your boss with a problem, make sure you have at least one solution.

23. There is no such thing as a dumb question, so ask it … once. Then write down the answer so that you don’t have to ask it again. If you ask the same person the same question more than twice, you’re an idiot (in their eyes).

24. Even if it takes you twice as long to figure something out on your own versus asking someone else, take the time to do it yourself. You’ll remember it longer. If it takes more than twice as long, ask.

25. Learn how to speak without using acronyms.

26. IT managers: Listen to your people. They know more than you. If not, get rid of them and hire smarter people. If you think you are the smartest one, resign.

27. IT managers: If you know the answer, ask the right questions for someone else to get the solution; don’t just give the answer. This is hard when you know what will bring the system back up quickly and everyone in the company is waiting for it, but it will pay off in the long run. After all, you won’t always be available.

28. IT managers: The first time someone does something wrong, it’s not a mistake — it’s a learning experience. The next time, though, give them hell. And remember: Every day is a chance for an employee to learn something else. Make sure they learn something valuable versus learning there’s a better job out there.

29. IT managers: Always give people more work than you think they can handle. People will say you are unrealistic, but everyone needs something to complain about anyway, so make it easy. Plus, there’s nothing worse than looking at the clock at 2 p.m. and thinking, “I’ve got nothing to do, but can’t leave.” This way, your employees won’t have that dilemma.

30. IT managers: Square pegs go in square holes. If someone works well in a team but not so effectively on their own, keep them as part of a team.

-Chris Madge, MCP

There comes a time in every system administrator’s life when a domain controller dies unexpectedly or perhaps brute force removed from the domain this leaves a lot of orphans in the Active Directory Schema. It is now up to you to remove the printers and element manually. Microsoft has developed a group policy process to “autoprune” the printers. This is detailed here (http://www.microsoft.com/kb/234270). While this is a Microsoft Best Practice, it does take time to take effect and can be done a lot quicker. This article will simply outline the steps needed to remove specifically the printers.
Remove the Printers
4. To remove the printers
5. Start -> Run -> adsiedit.msc -> OK
6. Locate the CN=Computers item in the left hand window
7. Expand the CN=Computers Unit by clicking the plus sign
8. Locate the demoted domain controller and select it.
9. The right hand window should contain the printer queues
10. Select all the printer queues and delete the printers
11. Once the printer queues are deleted you need to make sure they are gone from Active Directory
12. Click Start -> Printers and Faxes
13. Add a printer
14. A network printer – > Next
15. Find a printer in the directory
16. Do not enter anything in the fields and click Find Now
17. Maximize the screen
18. Look in the Server Name Column to ensure that all printer queues from the demoted server are gone
19. Celebrate your successes by grabbing a brew at your local watering hole