Spencer's IT Tips & Tidbits: 2012

Monday, November 26, 2012

PacketFence 4.0 Setup (VLAN)

If you are looking for a walk through on to install PacketFence, this is not the best place to start. I have another post Here with directions on how to install PacketFence on CentOS 6.3.

-------------------------------------------------

*I am in the process of updating this post for PacketFence 4.0

-------------------------------------------------

Let me start off with this, I am fairly new to PacketFence. I have known about it for several years and I even tried installing it on a server once or twice, but I have never been able to get it to a point where it was something usable. It always seemed I would ran into a hiccup and put it on the back burner. Anyway, on to my guide.

Assumptions:

Your network uses VLANs
Your network is using HP Procurve 2500 & 2600 series switches
Your network already has a DHCP server in it

After you install PacketFence and log in to the administration interface and click through some of the tabs, you will notice that it is pretty empty. To start making information appear, there are some steps we need to take.

In order for PacketFence to do it's job, it needs to know MAC addresses. All of them on your network, in fact. If you followed my instructions from an earlier post, you had PacketFence do a complete install and a DHCP server was installed.

1. For PacketFence to start seeing devices on the network, we need to add an ip helper address to the switch that does all of the VLAN routing for your network. In my case, I have an HP Procurve 5300 switch doing that for me. In each VLAN, I added the line "ip helper-address X.X.X.X" where X.X.X.X is the ip address of my PacketFence server. Make sure that that your PacketFence server is the last one in the list, otherwise PacketFence may start handing out addresses and cause problems that you do not want.

Now, it may take a few minutes for devices to start showing up in Node section of the PacketFence Administration Console, but they will start showing up

2. For PacketFence to "talk" with the switches in your network, you will need to add the switches in PacketFence and you will need to add some commands to your switches. Where I work we do not use the standard "public" and "private" snmp communities.
- PacketFence Config:
Step 1. Click on "Configuration". On the left hand side click on "Switches". At the bottom, click on "Add Switch". A window will popup.
Step 2.

In "IP Address:" type in the ip address of your switch.
Under "Type", select the type of switch you have. (In my setting, HP ProCurve 2600).
Under "Mode:" select "Production"
Under "Deauthentication Method" select Telnet. (This is the default)
Under "Uplinks:" type in the port numbers that you use to connect to other switches. (In my setting, 25,26)
Click on the "Roles" tab at the top
Under "Registration" type in the VLAN that the device is put into when it needs to register with the PacketFence server. Repeat this step for "Isolation", "MAC Detection", "Inline", "Voice", and "Default".
Click on the "SNMP" tab at the top
For "Version:" select "2c" (This is the default.)
For "Community Read" enter your SNMP community read name. If you are using the standard "public" and "private" communities, "public" goes here.
For "Community Write" enter your SNMP community write name. If you are using the standard "public" and "private" communities, "private" goes here.
For "Auth Password Write" enter your password for the switch.
For "Priv Password Write" enter your password for the switch.
For "Trap Version:" select "2c" (This is the default.)
For "Community Trap" enter your SNMP community write name. If you are using the standard "public" and "private" communities, "private" goes here.
Click on the "CLI" tab at the top
For "Transport" select Telnet (This is the default)
For "Password" and "Enable Password" enter your password for the switch.
Click on "Save" at the bottom.

- Switch Config: (This info is also available in the PacketFence Network Devices Configuration Guide on the PacketFence website under Documentation.

Log into your switch. Make sure to do this using the command line and not the web interface. Enter the configuration mode on your switch. To do this on HP ProCurve switches, normally you can type "config" and then press enter. Now type the commands below:

snmp-server community public manager unrestricted
snmp-server host XXX.XXX.XXX.XXX "public" Not-INFO
no snmp-server enable traps link-change 1-24

port-security 1-24 learn-mode configured action send-alarm

--- Notes ---

* If you are not using the standard public/private snmp communities, make your changes as needed
* Change the XXX.XXX.XXX.XXX to the IP address of your PacketFence server
* I am using a 26 port switch and ports 25 and 26 are my uplink port, so adjust your numbers as needed.

* Now is a good time to add the VLANs you specified for Registeration, Isolation, MAC Detection, and Guest.
* On the switches, I found that if you do not have the PacketFence server first in the list of snmp-server host XXX.XXX.XXX.XXX, it causes problems

Now, your switches and your PacketFence server should be communicating with one another.

Tuesday, November 13, 2012

PHP Notes

I am trying to teach myself PHP and this post is just of my notes for PHP. I know a lot of this information is already out there on the web, but it helps me remember and learn when I write things down.

So, needless to say, this post will continue to grow over time.

Beginning and Ending Blocks

Standard Tag	<?php	?>
Short Tag	<?	?>
Script Tag	<script language="php">	</script>

Variables

Variables in PHP begin with a dollar ($) sign and either a letter or an _ (underscore).

Example:
$test
$_1234

Variables do not need to be declared as a type, the PHP engine decides the variable type based on type of data the variable holds.

Types of Variable:

Integer	Whole number
Double	Floating point number (Decimal Point)
String	Collection of characters
Boolean	True or false

Difference Between =, = =, and = = =

= : Sets the value of a variable
= = : Comparative operator; Means equivalent (Are variables X and Y apples?)
= = = : Comparative operator; Means exactly the same (Are these apples exactly the same? Both have that green and dark red spot?)

Monday, October 22, 2012

Migrate Physical Linux to Hyper-V

This past weekend, I had successfully moved a physical Linux box to a Windows Server 2008 R2 Hyper-V.

I thought this might have been a long and very difficult process, but is wasn't with the help of Clonezilla. I will walk you through the process that I did below.

Items Needed:
Portable USB Hard Drive (I used a 1TB Drive)
CloneZilla ISO/CD

The first step in the process was to make sure that no one was using the server and then to shut the server down.

I then booted up the computer with CloneZilla and followed the on-screen instruction under "Beginner". (I have a bootable flash with CloneZilla, if any one would like directions on how to do that, please let me know and I will post some.)

While Clonezilla was working on backing up the server, I created a Hyper-V virtual server.

Once I had an image file of the physical machine from CloneZilla, I plugged it in to the Server 2008 box.

Now, this was a tricky part for me: How do I get a Hyper-V guest to "see" a physical usb drive. This turned out to be simpler than I thought. If you go into "Disk Management" and right click on the usb drive and select "Offline", you can add it to a Hyper-V guest.

Once I added the usb drive to the guest, I booted the guest using Clonezilla ISO. From here, I followed the directions to restore the image. Once it finished, I ejected the ISO from the guest and booted the server.

Once the server finished booting, I made sure that the users could access it. The users have not noticed any difference.

I repeated this process on another server that had a raid card in it and CloneZilla had no problem with it.

Tuesday, October 16, 2012

How To Setup Wake On LAN With VLANs and HP ProCurve Switches

If you are in a VLAN environment where you have HP ProCurve switches and want to Wake-On-LAN or WOL packets to be forwarded to different VLANs

On the switch that is doing your routing, in my case, a ProCurve 5300 series switch, I typed the commands below.

ip directed-broadcast
ip udp-bcast-forward
vlan 2
ip address 10.0.2.2 255.255.255.0
ip forward-protocol udp 10.0.5.255 9
vlan 5
ip address 10.0.5.2 255.255.255.0

VLAN 2 is where my FOG server sits and the WOL packets it sends out are forwarded to VLAN 5.

------------------------------------------------------
I was recently asked to give a little more detail on this post. (I also found a typo I made and fixed it too. I changed 10.0.16.255 to 10.0.5.255)

This post assumes that you are using virtual LANs or VLANs. If you are not using VLANs, you don't have to do this.

Here is the quick and dirty of VLANs.
- VLANs take your one physical network and breaks it up into multiple logical networks. The closest example I can give is a hard drive. You can have one physical hard drive but multiple partitions.
Please keep in mind that this is an over simplification VLANs and what they can do.

On to the questions.

To expand on this example

Lets say that the IP address of my FOG server is 10.0.2.50 and with a subnet mask of 255.255.255.0.
The server is sits in VLAN 2.
VLAN 2 gateway address is 10.0.2.2
VLAN 5 gateway address is 10.0.5.2
The desktop computer that I want to image using FOG is in VLAN 5 and is setup to get an IP address from the DHCP server.
The desktop computer is set up to boot from the network (PXE) first and has Wake-On-LAN (WOL) enabled

Wake-On-LAN (WOL) or "magic" packets send out a broadcast to wake up a computer. By design, VLANs keep any kind of broadcasts within it's own VLAN. (Back to the hard drive example, you can't save a 500mb file across two partitions of flash drives.) This prevents a user or someone else from taking down your entire network when they plug both ends of a network cable into the wall or switch, it will only take down that VLAN.

On HP switches (and I assume other manufactures as well), you can allow broadcasts to be passed on from one VLAN to another based on IP address and port number. This is where the command "ip forward-protocol udp 10.0.5.255 9" comes into play.

The WOL packet uses UDP port 9. The 10.0.5.255 is the broadcast address for VLAN 5.

When my FOG server sends out a wake up broadcast (packet) using UDP port 9 in VLAN 2, my HP switch will forward that wake up broadcast (packet) on to VLAN 5.

I hope this clears up any confusion that you may have.

--Updated 3/18/13 9:20am

"The Windows Installer Service Could Not Be Accessed"

If you are getting the following message on a Windows XP machine:

The Windows Installer Service could not be accessed.
This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.

To resolve this issue, follow these steps:

Log on to your computer as an administrator.
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type msiexec.exe /unregister, and then press ENTER.
Type msiexec /regserver, and then press ENTER.

If you are continuing to have problems, click on the Original Source Link below.

Original Source

http://support.microsoft.com/kb/315353

Tuesday, October 2, 2012

New Wireless Technology

Check out this new wireless technology that I found on one of our HP ProCurve PoE switches.

Do you need a hint? Look at ports 10 and 11. There is nothing plugged into them but the switch says they are active.

Needless to say, the fault light was lit on this switch and it got replaced.

Wednesday, September 5, 2012

PacketFence 3.5.1 / 3.6.0 / 4.0.1 Install

*If you have been following this post since the beginning, because I have been having so many problems with PacketFence and CentOS 5.8, I have decided to scrap what I have done so far CentOS 5.8 and go with CentOS 6.3. I have already made the changes below to reflect the 6.3 install.*

I have decided to write up some instructions on how to install PacketFence. If you don't know what PacketFence is, it provides Network Access Control or NAC. A NAC helps you control who can and can't have access your network.

You can go Here for more information on PacketFence.

The PacketFence Network Administration Guide, in my opinion, is really not laid out well. You have to jump around the guide to find what you are looking for.

PacketFence uses/requires:

- Web server (httpd)

- DHCP server (dhcpd)

- DNS server (named)

- FreeRADIUS server (radiusd)

- Snort/Suricata Network IDS (snort/suricata)

- Firewall (iptables)

-------------

Okay, on to the installation.
1. Install CentOS. I have installed the bare minimum for CentOS 6.3 32-Bit.
2. After install has completed, login and update the system with the command "yum update".

*At this point I started following PacketFence Administration Guide
3. Disable SELinux.

- At the command line type "vi /etc/sysconfig/selinux" and press enter

- Change SELINUX from enforced to disabled.

- Reboot the computer by typing "reboot"

4. There are some third party repositories (repo for short) that are required to get all the proper PacketFence dependencies; Repoforge (previously known as rpmforge), EPEL (Extra Packages for Enterprise Linux), OpenFusion

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.`uname -m`.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm
rpm -Uvh http://www.openfusion.com.au/mrepo/centos6-`uname -i`/RPMS.of/openfusion-release-0.5-1.of.el6.noarch.rpm

* If you are following along in the guide, you might miss a step or two like I did. There are some things that we need to do the repos like disabling them by default and excluding some packages.

5. At the command line type:

vi /etc/yum.repos.d/rpmforge.repo

Change Enabled in each section to 0.
Add the line exclude = perl-Apache-Test* to the [rpmforge] section.

vi /etc/yum.repos.d/epel.repo
- Change Enabled in each section to 0.
vi /etc/yum.repos.d/openfusion.repo

Change Enabled in each section to 0.
Add the line exclude = perl-Apache-Test* to the [of] section.

6. Since we have installed CentOS 6 as our OS, we need to take an extra step. RedHat doesn’t seem to provide perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite packages and PacketFence needs them to run properly.
Type: yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite --enablerepo=rpmforge-extras,rpmforge

7. Now we need to add the PacketFence repo. Type vi /etc/yum.repos.d/PacketFence.repo and add the text below.

[PacketFence]

name=PacketFence Repository

baseurl=http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearch

gpgcheck=0

enabled=0

8. To install PacketFence, type yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete
This will install all the services PacketFence needs to work properly.

9. Now we need to setup PacketFence for our network. On a different computer, open a web browser and go to http://x.x.x.x:3000/configurator.
*For Version 3.6.0, the address is http://x.x.x.x:1444/configurator
*For Version 4.0.1, the address is http://x.x.x.x:1443/configurator

If you can not get to the webpage, you will need to turn off the firewall on the server. To do this, type the following: service iptables stop

Step 1: Choose the type of Enforcement that you want. Either Inline Enforcement or VLAN Enforcement. For my situation, I have selected both.
- Inline Enforcement means that the PacketFence server will sit between the computer and the network/internet.
- VLAN Enforcement means that the PacketFence server does not sit between the computer and the network/internet. It will change the config on the managed switch for each individual port on the switch.
Step 2: Networks. Add your networks.
If you are using VLAN Enforcement, make sure you specify your Management VLAN, Registration VLAN, and Isolation VLAN.
- To add a VLAN, click on "Add VLAN" under Actions.
Step 3: Database Configuration
- Click on Test. You will be asked to set the MySQL admin password.
*Note: If you receive an error message when you click on test, make sure MySQL is running on the server.
- Click on "Create the database".
- Under "Create a PacketFence account" type in a password and then type it again to confirm it. Now click on "Create User".
Step 4: PacketFence Configuration
Type in your domain, the hostname of the server, any DHCP servers on your network under General.
Type in an email address under Alerting.
Step 5: Administration
Create a username and password for the administration interface.
Step 6: Start PacketFence
Click on "Start PacketFence"

Once PacketFence is started, you will be asked if you want to go to the Administration Interface, I clicked yes and then was taken to the admin page.

This concluded how you setup a PacketFence Server. I will post more on how to do other things in PacketFence once I have a chance to fully set it up at my workplace.

*Update: EPEL has been updated from 6.7 to 6.8. I have changed it in the directions above.

Monday, August 20, 2012

BrightHouse TDX or SIP Trunk Settings

I know this is not out there on Google any where or if it is, I have not found it (yet).

Below is how to setup a Trixbox PBX server to work with a BrightHouse TDX or SIP trunk.

In this case, I am setting this up for my mother's business.

BrightHouse came in and setup a second cable modem that is strictly for VoIP traffic. It is a 50 by 10 (50MB download, 10MB upload) and comes free with the TDX service. I would love to put the internet this pipe, but if I do, BrightHouse will start charging $250+ a month. In other words, DON'T DO IT.

Anyway, back to the setup. BrightHouse will need an IP address from your internal network. You will also receive a proxy IP address from BrightHouse.
After all the new equipment has been setup, you will need to change the default gateway on your Asterisk (TrixBox in my case) to the internal IP address that you gave BrightHouse.

Now to the fun stuff. Create a new trunk with the below settings. Change the text that is in RED for your setup.

SIP Trunk Settings:

General Settings:
Outbound Caller ID: Your Phone Number or the number you want displayed on the caller ID
Never Override CallerID: Leave Unchecked
Maximum channels: Leave Blank
Dial Rules: Leave Blank
Outbound Dial Prefix: Leave Blank

Outgoing Settings:
Trunk Name: BH9999 or something that makes it easy for you to identify the phone number
PEER Details:

host=BrightHouse Proxy Address
insecure=port,invite
type=friend
context=from-trunk
disallow=all
allow=ulaw

Incoming Settings:
USER Context: Leave Blank
USER Details: Leave Blank

Register String: YOURNUMBER@ BrightHouse Proxy Address /YOURNUMBER

And that is it. All you have to do now is how you want inbound and outbound calls handled.

Thursday, August 9, 2012

CentOS Set Time By Command Line

Use the commands below to set the date and time on CentOS.

Set date from the command line

date +%Y%m%d -s "20120418"

Set time from the command line

date +%T -s "11:14:00"

Let’s set the hardware clock to local time:
hwclock --set --date="2012-04-19 16:45:05" --localtime

http://www.garron.me/linux/set-time-date-timezone-ntp-linux-shell-gnome-command-line.html

10 Things Your IT Guy Wants You to Know

I though I would share this. I came across this while on my travels on the Internet. I have to say that I agree with it, especially the P.S. at the end.

If you come to me to ask technical questions, please don’t argue when you don’t like my answer. If you think you know more about what you’re asking than I do, then why even ask? On that same note, if I am arguing with you, it’s because I’m certain that I am correct; otherwise I’d just tell you “I don’t know” or perhaps point you somewhere that you could look it up. We don’t argue just for the sake of arguing.
When you start a conversation by insulting yourself (e.g. “I’m such an idiot”), you will not make me laugh or feel sorry for you; all you will succeed in doing is reminding me that yes, you are, indeed, an idiot, and that I’m going to hate having to talk to you. Trust me, you don’t want to start out this way.
We’re okay with you making mistakes; fixing them is part of our job. We are NOT, however, okay with you lying to us about a mistake that you made. It just makes it that much harder to resolve and thus makes our job more difficult. Be honest and we’ll get the problem fixed and both of us can continue on with our business. Lying to us and, therefore, costing us twice as much of our time will not win you any brownie points with IT.
There is no magic “Fix it” button. Everything takes some amount of work to fix, and not everything is worth fixing or — gasp! — even possible to fix. If I tell you that you’re going to have to re-do a document that you accidentally deleted two months ago, please don’t get mad at ME. I’m not ignoring your problem and it’s not that I don’t like you, we just can’t always fix everything.
Not everything you ask us to do is “urgent”. In fact, by marking things as “urgent” every time, you’ll almost certainly ensure that we treat none of it as a priority.
You are not the only one who needs help, and you usually don’t have the most urgent issue. Give us some time to get to your problem; it will get fixed.
E-mailing us several times about the same issue is not only unnecessary, it’s highly annoying as well. We record issues in a database so that we don’t lose track of them (remember how we ask that you create a ticket? That’s why.) We will typically respond as soon as we have a useful update to make. If your problem is urgent, please do let us know (but see number five).
Yes, we prefer e-mail over phone calls. It has nothing to do with being friendly or anti-social, it’s about efficiency. It is much faster and easier for us to list out a set of questions that we need answers to than it is for us to call and ask you them one by one. You can find the answers at your leisure and, while we’re waiting, we can work on other problems.
We may, at times, seem blunt and rude. It’s not that we mean to, we just don’t have the time to sugar coat things for you. We assume that we are both adults and can handle the reality of a problem. If you did something wrong, don’t be surprised when we tell you. We don’t care that it was a mistake because, honestly, it makes no difference to us. Please don’t take it personal, we just don’t want it to happen again.
Finally, yes, I can read your e-mail, yes, I can see what web pages you look at while you’re at work, yes, I can access every file on your work computer, and yes, I can tell if you are chatting with people on instant messenger (and can read what you’re typing, as well). But no, we don’t do it. It’s highly unethical and, perhaps more importantly, you really aren’t that interesting. Unless I am instructed to specifically monitor or investigate your actions, I don’t do it. There really are much more interesting things on the Internet than you.

I hope this didn’t come off the wrong way because, even as much as us IT guys refer to “users” as “lusers”, we do like (most of) you. Just like you, we’re here to do a job and we try to do it the best that we can. It’s easiest to do that if we all work together, stop pointing fingers, and give other people the space that we would like to get as well. If we can do that more often than not, things will go well and work out for all of us.

P.S. IT guys are easily bribed with food and/or beer (personally, I prefer the latter). That’s a sure way to get your problems moved to the top of the list. *grin*

Original Post:
http://evilrouters.net/2009/05/31/10-things-your-it-guy-wants-you-to-know/

Wednesday, May 23, 2012

Automate HP Switch Config Backup

Below is a VB Script that I wrote that will open a command prompt, telnet into an HP Procurve switch and copy its runnung config to a TFTP server.

In order for this script to work, you will need a text file will the IP addresses of your switches on a seperate line. You will also need to edit the lines that I have maked in RED.

*Note: Do not click off of the command prompt window while this script is running or you are going to get alot of text where you don't want it and you will not get your switch configs.

'--------Start Of Script--------
Option Explicit
On Error Resume Next
Dim WshShell, strIP, strTFTP, strFile, strPassHP
Dim filesys, filetxt

strFile = "File Name"
strTFTP = "Your TFTP Server Address"
strPassHP = "Your HP Procurve Password"

'Opens IP address file for reading
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set filesys = CreateObject("Scripting.FileSystemObject")
Set filetxt = filesys.OpenTextFile(strFile, ForReading, True)

'Opens the command prompt
set WshShell = CreateObject("WScript.Shell")
WshShell.run "cmd.exe"
WScript.Sleep 1000

Do While Not filetxt.AtEndOfStream

strIP = filetxt.ReadLine
Copy(strIP)

Loop

filetxt.Close
set WshShell = Nothing
set filesys = Nothing
WScript.Quit

Function Copy(strIP)

WshShell.SendKeys "telnet "& strIP
WshShell.SendKeys ("{Enter}")
WScript.Sleep 1000
WshShell.SendKeys "p"
WshShell.SendKeys strPassHP
WshShell.SendKeys ("{Enter}")
WshShell.SendKeys "copy running-config tftp " & strTFTP & " " & strIP & ".txt"
WshShell.SendKeys ("{Enter}")
WshShell.SendKeys "^z"
WshShell.SendKeys "^z"
WshShell.SendKeys "y"
WScript.Sleep 2000
WshShell.SendKeys ("{Enter}")

End Function
'--------End Of Script--------

Tuesday, May 22, 2012

Automate Wireless Deployment

Configuring WLAN Settings Backup
This has been tested on XP SP3, Vista SP1 and Windows 7. There is a note for XP SP2 on the site that indicates something needs to be installed.

Download the wlan.exe file
Download:
http://www.symantec.com/connect/sites/default/files/WLAN.zip
Command Switches Info:
http://www.symantec.com/connect/articles/how-capture-and-deploy-wlan-profiles
Unzip the file into a directory that you can easily type from a command prompt.
Configure your wireless card to the SSID you want to connect to with all the settings you want. (You can configure multiple SSIDs here, but I did 1 at a time, a more individualized controlled approach)
CAPTURE THE GUID:
Run Command (wlan.exe ei)
With Wireless configured, open a command prompt and got to the directory where you unzipped the wlan.exe file, run this command and this will give you the GUID for the wireless card. Copy the GUID (Only the Hex part) from the command prompt as you will use it for the next steps. The GUID will be unique to each computer. Most computers will have 1 wireless interface detected in the system. If you have more than 1, this may not work as well.
LIST the Currently Configured Profiles:
Run Command (wlan.exe gpl {guid of interface})
This will list the currently configured wireless profiles, the profle name is used for the next part and is case sensitive.
CAPTURE the CONFIG:
Run Command (wlan.exe gp {guid of interface} YourSSID > profile.xml)
This will capture the configuration of the wireless info and copy into an xml file that will be used for the deploy/restore. You can name the file anything you want. I used the SSID as the name for easier identification.
EDIT the CONFIG:
Open the profile.xml file with notepad and remove the first and last lines and then save the file. I named the xml files the name of the SSID for easier identification.
1st line will be “The return profile xml is: “Last Line will be “Command "gp" completed successfully.”
SCRIPT the DELPOYMENT:

RUN the SCRIPT
Now you should have 3 files in your folder: WLAN.exe, profile.xml (or what ever you named the file in step 6), and the matching batch file. When the script runs, it will get its file name and add the wireless network to the computer.

If you want to add multiple wireless networks, create a new batch file and add the follow commands into it:

start /w SSID3.bat
start /w SSID2.bat
start /w SSID1.bat

This will run each of the batch file you created in step 8. Order the SSIDs from least preferred to most preferred. The last SSID will be the one that connects first.

Original Source:
http://www.symantec.com/connect/articles/how-capture-and-deploy-wlan-profiles

Friday, May 18, 2012

Install Windows 7 From A Flash Drive

Install Windows 7 From a Flash

This is a short guide on how to install Windows 7 onto a computer from a USB Flash Drive / USB Stick or Portable Hard Drive. Since read speeds are faster from USB drive than your CD-ROM drive, this actually decreases the install time for Windows 7.

Step 1

The first thing you will need to do is format your USB Flash Drive or Portable Hard Drive so that your computer will read it as a bootable drive. So plug your flash drive into a workstation.

Step 2

Open up Command Prompt / CMD (located in Program Files->Accessories) and type the following commands:

DiskPart

List Disk (this will list the disks currently plugged into your computer. Most likely, the C: drive on that computer will be listed as disk 0, and you will have to look down the list to see which disk your flash drive is. Look at the corresponding disk sizes to easily figure it out.)

Select Disk 3 (I am using 3 as example for assigned flash drive)

Clean

Create Partition Primary

Select Partition 1

Active

Format FS=NTFS Quick

Assign (you can assign a particular drive letter if you want, example: assign=E:)

Exit (this will exit DiskPart)

Exit (this will exit CMD)

Step 3

Next you will need to either insert your Windows 7 CD and browse to the CD or open up your Windows 7 ISO and browse to the folders within it. (If you are using ISO, I would suggest extracting the contents to a new folder)

Step 4

Next you will need to spoof your flash stick so that the computer will think it is an install CD. From within the root of the Windows 7 CD or ISO contents, right click while holding shift key and select “Open Command Windows Here”. This will open up a Command Prompt window within that directory. Then input the following commands:

cd Boot

bootsect /nt60 E: (I am using drive letter E: as my flash drive)

exit (exits command prompt)

Step 5

Next simply copy over the entire contents of your windows 7 CD or ISO to your flash drive.

Step 6

Reboot the computer your are wanting to install Windows 7 on with the flash drive plugged in, hit the boot key (normally F12, DEL, or ESC) to select the boot device, boot to your flash drive, and it will go immediately to the Windows 7 Setup screen.

Original Source:
http://theitbros.com/install-windows-7-from-a-flash-drive

Automate Wireless Key Deployment (Dell)

If you have a Dell laptop with the Dell Wireless WLAN Card Utility and you want copy the wireless profile settings to another laptop (or in my case, 300+ laptops) that the same program, it is as simple as drag and drop.

On the with the wireless profile you want to copy, export the profile to a WPN file. I have posted previously on how to do this.
Next, on the laptop you want to add the wireless profile, copy the WPN file to the C:\Windows\System32 folder then either reboot the computer or restart the Dell Wireless WLAN Service.

You can use a simple batch file to copy WPN file for you when the computer starts up. Or if you have Kaspersky, WPKG, or a similar push program, you can use that also.

I will be posting directions on how to deploy wireless for Windows machines that do not have the Dell Wireless Utility shortly (In the next day or two).

Export Dell Wireless Profile Settings

How To Export Wireless Settings

Open the Dell Wireless WLAN Card Utility and click on the “Wireless Networks” tab.
Click on the down arrow on “Options”, then click on “Export”.
On “Export Options” window, select the option that you want and click OK.
Enter a name and the location that you want to save the export file. Now click Save.

Delete or Reinitialize offline files cache in Windows XP

If you have your user's My Documents redirected to a server and you are running out of space and not sure where it went, check the C:\Windows\CSC folder. This is a hidden folder. The CSC folder is where all the Offline Files are kept on Windows XP/2003.

To free up space from the Offline files, follow the directions below.

On Windows XP/2003 machines we can delete or reinitialize offline files/CSC cache in any of the following ways.

Open My computer from start menu
Click on Tools
Click on Folder Options
Select Offline Files tab
Press CTRL+Shift and click on Delete Files.

Original Source:

http://offlinefiles.blogspot.com/2010/09/delete-offline-files-cache-windows-xp.html

Monday, May 14, 2012

Make a Bootable WinPE 2.0 USB Flash Drive

Windows Preinstallation Environment (PE) 2.0 is a slimed down version of Windows (hence all the MiniNT references) that used to be the exclusive domain of OEM's providers. Microsoft has wisely chosen to offer this to the masses as part of the Windows AIK. USB keys can be found just about anywhere these days for next to nothing. Combine the capabilities of WinPE with the portability of a USB key and you just made a very powerful troubleshooting, imaging, and data recovery tool. Here is a quick step by step on how to do just that:

Step 1. ) Get USB Key

You probably already have a few and if not you can purchase these just about anywhere, so I won't tell you where to get one. You should get a USB 2.0 device of at least 512mb in size, but if you plan on putting a lot into a custom PE install or plan on using it to transfer data too then you are better served getting a larger size (2.0-4.0GB)

Step 2.) Download and Install the Windows Automated Installation Kit (Windows AIK)

This deployment oriented tool set contains Windows PE 2.0.

Step 3.) Format the USB key

Note: This must be done from Windows Vista or later.

Start a command prompt and run the following. This set of commands assumes your USB key is detected as disk 1, you should double check that by doing a list of the disks before cleaning it. If you have multiple hard drives you could end up wiping your second drive using this command. You have been warned.

Diskpart
select disk 1
clean
create partition primary
select partition 1
active
format fs=fat32
assign
exit

Step 4.) Setup Windows PE

In this step you will create and customize WinPE for your disk. From the machine that you installed the Windows AIK go to the start menu and select "Windows PE Tools Command Prompt" from under the Windows AIK program folder.
Run Copype.cmd x86 c:\winpe_x86

you can create an 64-bit version by changing the architecture from x86 to amd64

Add customizations to WinPE

copy any tools you want available to the C:\winpe_x86\iso folder such as imaging tools if you want to use this for capturing images (imagex, wimscript.ini)

Step 5 .) Copy Windows PE to USB Key

Insert the USB key into the machine that you have WinPE on and run the following command to copy the contents to the USB Key

xcopy c:\winpe_x86\iso\*.* /s /e /f e:\
change c: to reflect the drive your files on and e: to be your USB key.

There you have it...a quick way to make a handy USB version of WinPE that you can take with you anywhere. These can be used in almost any modern computer that supports USB booting. More information on this and other great things you can do with Windows PE are located in the Windows AIK .

Free Hot Spot App for Android

If you are like me, you probably have an Android phone. If so, you might be in the same boat as I am with the phone service provider wanting to charge you extra money so you can make your phone a mobile hotspot. Who wants to pay for that? This is where FoxFi comes in.

FoxFi was shared with me by a co-worker.

FoxFi is available in Google Play (Market) and it is free. It is simple to use. All you have to do is setup the SSID you want to broadcast, the encryption you want to use, and the password. After you set all of those, just press turn on HotSpot.

Free Applications From SolarWinds

Bulk User Import
TFTP Server
VM Monitor

Software I Use On a Regular Basis

CentOS 6.2 NTFS Support

From the terminal, run the command below. This will give you access to NTFS (Windows) formatted drives.

yum install ntfs-3g

*Note: You need to have RPM Forge installed for the above command to work.

Friday, May 11, 2012

Kaspersky KLMover

If you have Kaspersky Anti-Virus in your organization, here are the switches you can use with the klmover.exe to control the Network Agent.

The utility is started via command prompt and has the following switches:

klmover [-logfile LOGFILE] [-address SERVER_ADDRESS] [-pn NON_SSL_PORT] [-ps SSL_PORT] [-nossl] [-cert CERTIFICATE] [-silent] [- dupfix]

-logfile LOGFILE - create a utility run log. By default, the information will be stored in the stdout.tx file; if run without this switch, error messages will be displayed on the screen;

-address SERVER_ADDRESS - new Administration server name. Can contain IP address, NetBIOS or DNS name;

-pn NON_SSL_PORT - indicates to Network agent an Administration server port for establishing a non-secure connection. This switch is optional; the default port is 14000;

-ps SSL_PORT - indicates to Network agent an Administration server port for establishing a secure connection. This switch is optional; the default port is 13000;

-nossl - connect to Administration server using a non-secure connection, Without this switch, Network agent will connect to Administration server using the secure SSL protocol.

-cert CERTIFICATE - new Administration server certificate file path. This switch is optional;

-silent - silent mode.

-dupfix - this switch is obligatory if you installed Network agent by some alternative method (e.g. restore from a system image) instead of using a distribution package.

For example:
klmover -address admsrv -logfile klmover.log

The utility should be run on a problematic host just once. Multiple execution of the utility on a host will result in appearance of duplicate file names in Kaspersky Administration Kit console.

Original Website: http://support.kaspersky.com/faq/?qid=208280773

Thursday, May 10, 2012

Dell Computer Tips

Optiplex 740

Flashing amber power light - Bad power supply
Solid amber power light - Bad motherboard

Latitude D531

Flashing caps light at boot - Bad stick of memory

Wednesday, May 9, 2012

Install FOG on CentOS

Log in as root
On the Desktop loads, open a Terminal (command prompt) by clicking on Application > Accessories > Terminal.
At the prompt, type “yum update”. This will update and patch the system (similar to Windows Update).
You will see output similar to the screen below. Type “y” then press enter. Updating the system may take some time, so be patient.
You should see output similar to the screen below.
If you receive a message about importing a GPG key, type “y” and press enter.
You should see output similar to the screen below.
Once the system has finished updating, open a web browser. Applications > Internet > Firefox Web Browser.
Go to http://pkgs.repoforge.org/rpmforge-release/ and download the latest version of rpmforge for your OS.
At the time of this writing (May 8th,2012), the current release for 32-bit CentOS is rpmforge-release-0.5.2-2.el5.rf.i386.rpm
Once you click on the appropriate file, a download options window will appear. Make sure Open with Software Installer (default) is selected and click “OK”.
Once the download has finished, the software will start to install. Click “Apply” on the window that appears.
Click “Install anyway” to install the software.
Click “OK”.
Go back to the web browser and go to http://www.fogproject.org.
On the left hand side of the screen, click Download.
Download the latest version of FOG. The current version is fog_0.32.tar.gz
Save the file to the Root folder
On the Desktop, open root’s Home
Double click on fog_0.32.tar.gz
On the window that opens, click on “Extract”
Under Extract in folder: make sure root is selected. Click “Extract” and then close the window once it has finished.
You should now have a folder label fog_0.32. Open it.
Open the folder labeled lib.
Open the folder labeled redhat.
Double click on the file labeled config.sh.
Select Display.
You will need to make the following changes:

- Line 22: Remove 'php-gettext' and change 'clamav-update' to 'clamav'
- Line 63: Edit to read: 'freshDB="/var/clamav/";
- Line 66: Edit to read: 'freshcron="/usr/sbin/freshclam"
- Change any reference of "php" to "php53"

Save and close the config.sh file.
Close all open folders
Open a Terminal and type “cd fog_0.32/bin/” and press enter.
Type “./installfog.sh” and press enter.
Type 1 for Redhat Based Linux, press enter.
Type N for Normal Server installation, press enter.
Type the IP address for your FOG Server, press enter.
Type N to skip entering a router address for a DHCP server, press enter.
Type N to skip entering a DNS address for a DHCP server, press enter.
Type N to changing the default network interface, press enter.
Type N to skip setting up DHCP service, press enter.
Type N to skip installing internationalization support, press enter.
Type Y to install FOG.
Once the install is finished, close all open windows and log off as root.

Tuesday, May 8, 2012

CentOS 5.7 Install Instructions (Hyper-V) For FOG

CentOS 5.7 Install Instructions (Hyper-V)

Download the ISO of CentOS 5.7 to your Hyper-V server.
Create a virtual server. *Remember, this VM is going to have all your computer images on them so plan hard drive size accordingly. I suggest at least 250GB or more.
Before you boot the server, go into the VM settings. Remove the existing Network Adapter and add a Legacy Network Adapter. Adjust other VM settings as needed and then click OK.
Boot the VM.
Press Enter on the keyboard to install CentOS in a Graphical Interface.
Skip the CD/DVD media test.
Click Next or Alt + N if you are using a keyboard.
Select the Language. English is the default. Click Next.
Select the Keyboard Layout. US English is the default. Click Next.
A warning will appear about the hard drive (hda) is unreadable and will be initialized. Click Yes (Alt + Y on keyboard).
Click Next.
Click Yes on the warning to remove all data.
Network Settings. Click on Edit (Alt + E)
Select Manual configuration and enter an IP address for the server. *Note: Prefix is the Subnet Mask. Clear the Check from Enable IPv6. Click OK
Under Hostname, enter the name of the server. I suggest the school initials followed by “-FOG”. Then under Miscellaneous Settings, enter the Gateway and at least the Primary DNS. Click Next
Select the Time Zone. America/New_York is the default.
Enter a password for the root (administrator) user. Click Next.
Select the additional software packages you would like to install. I suggest to not add or remove any additional software. Click Next.
Click Next to begin the installation of the CentOS operating system.
You will see screens similar to this one.
Once the installation is finished, the system will eject the CD/DVD. (If you are installing CentOS on a physical machine, remove the CD/DVD.) Click Reboot.
After the system reboots, some additional additional settings need to be configured. Click Forward (Alt + N on keyboard)
Set the Firewall to Disabled. Click Forward.
Click Yes on the warning that appears.
Set SELinux to Disabled. Click Forward.
Click Yes on the warning that appears.
Set the Date and Time and Click Forward.
Create a user. I suggest the username admin with the same password the root (administrator) user. Click Forward.
Sound Card. Not Needed for a server. Click Forward.
Configuration Complete. Click Finished.

VLAN Setup On HP Procurve Switch and Cisco Router

If you have a network with a Cisco router and HP Procurve switches and you want to setup VLANs, here is how to do it

Setup for this example:

HP Procurve 4200 series switch
Cisco Router
IP Address Range: 10.100.xxx.xxx
VLANs: 200, 20, 21, 22, and 23
DHCP Server Address: 10.100.20.10 Subnet Mask: 255.255.255.0

On the HP Procurve 4200 switch, log on to the command line. Enter the configuration mode by typing "config" and type the following commands:

ip routing
ip route 0.0.0.0 0.0.0.0 10.100.1.1

vlan 200
ip address 10.100.1.2 255.255.255.0
untagged tagged E1

vlan 20
     ip address 10.100.20.1 255.255.255.0
   ip helper-address 10.100.20.10
     tagged A1-A4,B1-B4,C1-C4,D1-D4
   exit
vlan 21
     ip address 10.100.21.1 255.255.255.0
   ip helper-address 10.100.20.10
     tagged A1-A4,B1-B4,C1-C4,D1-D4
   exit
vlan 22
     ip address 10.100.22.1 255.255.255.0
   ip helper-address 10.100.20.10
     tagged A1-A4,B1-B4,C1-C4,D1-D4
   exit
vlan 23
     ip address 10.100.23.1 255.255.255.0
   ip helper-address 10.100.20.10
     tagged A1-A4,B1-B4,C1-C4,D1-D4
   exit
write memory

These commands tell the Procurve switch that you want to use VLANs on switch ports A1 through D4. Switch port E1 is setup for the connection between the 4200 switch and the Cisco router. If you want to create more than 8 VLANs, you will need to run the below commands first in the configuration mode and then reboot the switch.

max-vlans 30
write memory
reload

On the Cisco router, enter privileged mode and then type "config terminal" to enter the configuration mode. Type the commands below.

int f0/0
ip address 10.100.1.1 255.255.0.0
exit

ip route 10.100.20.0 255.255.255.0 10.100.1.2
ip route 10.100.21.0 255.255.255.0 10.100.1.2
ip route 10.100.22.0 255.255.255.0 10.100.1.2
ip route 10.100.23.0 255.255.255.0 10.100.1.2
exit
copy running-config startup-config

You will need an ip route for every VLAN you want to create.

Remember, if you get stuck and need help remembering a command, type "?" and you will get a list of commands that you can run.

MAC Address Convert (Excel)

If you have a list of MAC addresses and you need to add colons to it, open Microsoft Excel and paste the MAC addresses in the first column. In the second column, paste the formula below.

=LEFT(A1,2)&":"&MID(A1,3,2)&":"&MID(A1,5,2)&":"&MID(A1,7,2)&":"&MID(A1,9,2)&":"&RIGHT(A1,2)

This is very helpful when you are trying to do an import into a program such as FOG.

Password Management

Do you have a note book filled with usernames and passwords? Maybe you have a monitor surrounded with Post-It notes that have passwords written on them?

There is a better and much more secure way of storing usernames and passwords. That better way is using a password safe such as KeePass.

KeePass allows you to store all your usernames and passwords in one secure, encrypted, password protected file. Other KeePass features include storing website addresses for all your usernames and passwords, password expiration date reminders, a password generator, the ability to touch one button and have your username and password entered for you, and many more.

KeePass is 100% free and can be downloaded from http://www.keepass.info/.

KeePass works on Windows, Linux, and Mac OS X computers. There is even a version of the software for the iPhone and Android smart phones.

Monday, February 13, 2012

PacketTrap pt360 Tool Suite

PacketTrap pt360 Tool Suite is a free and very helpful piece network diagnostic software.

It has all sorts of tools. These tools include a switch port mapper, a MAC scanner, an SNMP scanner, and even a TFTP server.

The easiest way to get the software is to do a Google search for PacketTrap pt360 ToolSuite Pro. Once you install it it will ask you for a username/password or to create an account for the license. Don't worry, it is free and once you get signed up, they will give a license that is good for about 30 years.

Unable to install printer. The print processor does not exist.

I had a Windows Server 2008 print server lose about half of its shared printers. When I tried to reinstall a missing printer, I got an error message stating "Unable to install printer. The print processor does not exist."

I did a quick search and found that this is caused by a corrupted printer driver. I uninstalled the printer driver and installed a freshly downloaded one. I reinstalled the printer and selected Install New Printer Driver. I named the printer the same thing as it was before and all the users were able to print again.

To recap go to:

Start
Control Panel
Printer & Faxes
Add a New Printer
Start Hardware Wizard
Reinstall the Printer Driver (do not use existing)
Finish the Hardware Wizard
Test Print (if you like)

List Printers Installed in the User Profile on a Remote Machine

I came across the vbscript below when I was working on an issue with a print server. Came in handy when it came time to reinstall missing printers on the server. The script works for Windows XP, I have not tested it with Windows Vista or 7.

'Script By Tommriddle 2010 - List All Network printers installed in the profile of a user on a remote machine.
forceUseCScript
Sub forceUseCScript()

Set oShell = CreateObject("Wscript.Shell")
If Not WScript.FullName = WScript.Path & "\cscript.exe" Then
oShell.Run "cmd.exe /k " & WScript.Path & "\cscript.exe //NOLOGO " & Chr(34) & WScript.scriptFullName & Chr(34),1,False
WScript.Quit 0
End If
End Sub
strComputer=inputbox("Enter PC Name")
CU=GetCurrentUser(strComputer)
CUSID = GetSIDFromUser(CU)
strKeyPath = CUSID & "\Printers\settings"

'Enumerate Registry Values
'http://www.activexperts.c...istry/#EnumRegVals.htm
Const HKEY_USERS = &H80000003
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7

Set StdOut = WScript.StdOut

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

oReg.EnumValues HKEY_USERS, strKeyPath, arrValueNames, arrValueTypes

For i=0 To UBound(arrValueNames)
StdOut.WriteLine "Printer: " & arrValueNames(i)
StdOut.Writeline "User: " & CU
StdOut.WriteBlankLines(1)
Next

'-----------------------------------------------------------------------

Function GetCurrentUser(strComputer)
'Input: strComputer = machine to query
'Output: Current User as domain\logon
'Only works on XP/W2003
on error resume next
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'explorer.exe'")
For Each objProcess in colProcessList
objProcess.GetOwner strUserName, strUserDomain
Next
GetCurrentUser = strUserDomain & "\" & strUserName
if err<> 0 then
Msgbox " Error accessing remote machine"
wscript.quit
end if
on error goto 0
End Function

'-----------------------------------------------------------------------

Function GetSIDFromUser(UserName)
'Input: UserName as domain\logon
'Output: SID
'http://groups.google.com/...t/msg/1bd0d208ef41dda7
Dim DomainName, Result, WMIUser
If InStr(UserName, "\") > 0 Then
DomainName = Mid(UserName, 1, InStr(UserName, "\") - 1)
UserName = Mid(UserName, InStr(UserName, "\") + 1)
Else
DomainName = CreateObject("WScript.Network").UserDomain
End If
On Error Resume Next
Set WMIUser = GetObject("winmgmts:{impersonationlevel=impersonate}!" _
& "/root/cimv2:Win32_UserAccount.Domain='" & DomainName & "'" _
& ",Name='" & UserName & "'")
If Err = 0 Then Result = WMIUser.SID Else Result = ""
On Error GoTo 0
GetSIDFromUser = Result
End Function

'-----------------------------------------------------------------------

Wednesday, February 1, 2012

Limit What Computers That A User Can Login To

To limit/restrict what computers a user is allows to login on a Active Directory domain, you first need to open Active Directory Users and Computers.

Next, find the user that you want to limit/restrict and open the Users Properties. Click on the Account tab and then click the "Log On To..." button.

A "Logon Workstations" window will appear. Under "This user can log on to:", select the option "The following computers". Type in the computer name and then click on "Add". Click OK twice and you should be all set.

Pages