Scheduled reboot of Juniper SSG5

To schedule a reboot of a firewall of model Juniper SSG5:

1. 1. Make sure firewall have accurate time
2. 2. Telnet or SSH to firewall
3. 3. /> set timer mm/dd/yyyy hh:mm action reset

References:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB5750&cat=TECHNOLOGY&actp=LIST

Custom Views in Server 2008 R2

Recently I had a request to create a logging system for usage on a server. A way to document how many times a machine is logged onto by a specific subset of users.
I though I would try out the custom views in Server 2008 R2 instead of making the quick and easy script at logon/logoff.
It turned out a bit more complicated than I anticipated so here it is, for documenting purposes.
1. Make sure logon events are audited in local security policy or domain policy.
2. Create a custom view from the Security Log
3. Choose tab XML and ‘Edit query manually’
4. My end result 

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
    *[System[(EventID=4624 or EventID=4647)]]
    and
    *[EventData[Data[@Name='TargetUserName'] and (Data = 'user1' or Data='user2')]]
    </Select>
  </Query>
</QueryList>

The specific properties of the event you want to log can be found by viewing XML view on the relevant event. In my case the TargetUserName was the common unit for the relevant IDs.

The cool thing about custom events is that you can attach a task to the view, allowing a program or email to be sent every time something is logged.
References:
http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx

Unable to load client print control

Firstly! No happy ending to this story.
Issue:
Error is shown when users use print control in an external hosted application.

Still works to print, when first pushing abort and then running anyways.
Symptoms:
Hosted application use a Microsoft SQL Server Report Viewer Control.
Users connect from Remote Desktop Server running Server 2008 R2 using Internet Explorer 9.
UAC is disabled, due to other 3^rd party application that requires this.

Addin is loaded in Internet Explorer. Probable cause is rights issue.
Only reason it works anyways is because I logged in as administrator and ran the installation above. Problem is that this control tries to download every time user access the site, just in case there is a new version.
Actions:
Registered rsclientprint.dll manually on adminlogin, and in user environment. No effect.
Removed files from Windows\Downloaded Program Files > Went back to not working at all. Copied back to allow users to print despite error message.
Registered rsclientprintx64.dll > No effect. Browser is probably running in x32 mode so the right components should be installing.
Tried to run website from Iexplore in 64bits mode > Site didn’t even work.
Set up GPO to allow server-users to autoinstall activex components > No effect.
Tried adding the user to Power Users to do the install > No effect.
Resolution: to be added….
Notes:
Most of information on Internet points to the server hosting the webapplication needing to install Microsoft Report Viewer SP1 - http://www.microsoft.com/downloads/details.aspx?FamilyID=bb196d5d-76c2-4a0e-9458-267d22b6aac6&DisplayLang=en and Report Viewer Redistributable 2008 Service Pack 1 GDIPLUS.DLL Security Update
http://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42&displaylang=en
But since I don’t have control of the server and the company hosting the application isn’t very forthcoming I wanna solve on the clientside. This doesn’t seem to work though. So severals hours of trying to solve it has led me to take a timeout and await the company helpdesk. Annoying.

Update 1.
After calling to the supplier with my grief it turned out that they indeed had recently updated their plattform and were experiencing some issues... Well at least I could turn over my hours of research into the problem to them, hoping this would speed up their own troubleshooting.
Another great link I found : http://social.msdn.microsoft.com/Forums/is/sqlreportingservices/thread/4af03654-31b1-44b3-8514-20a3c25bfd7c
This points toward the issue only happening in environements were the user isn't administrator.

Xbmc + 1channel = score

imagine netflix posibilities with nocost plan. You have xmbc eden? Load up 1channel.bstrdsmkr-0.0.3 library and add the repository in xbmc and you can watch all the tvshows and movies on 1channel, without any commercials and popups. Thats is wicked! At least that what warner bros calls it…

Sharepoint 2010 Editions

Good site for feature comparison: http://sharepoint.microsoft.com/en-us/buy/pages/editions-comparison.aspx

Powershell scripts for AD-deployments

Some usefull scripts for AD-deployment in server 2008 r2 with powershell.

To Create homefolders:

$dataSource=import-csv “users.csv”
Set-Location "d:\data\users"
 

foreach($dataRecord in $datasource) {
$name=$dataRecord.FirstName + ”.” + $dataRecord.LastName
 
New-Item $name -type directory
}

To create the users:

#Change here to correspond to your domainenvironment
$objOU=[ADSI]“LDAP://OU=ClientUsers,DC=contoso,DC=local”

#Set homedir if needed remove if dont
$homedrive="h:"
$homedir="\\fileserver\users\"

$dataSource=import-csv “users.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName

#check if lastname is empty.
if (!$dataRecord.LastName) {
$dataRecord.LastName=" "
$sAMAccountName=$dataRecord.FirstName
}
else {
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName

}

$givenName=$dataRecord.FirstName
write-host "Creating user :"$sAMAccountName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()

$displayName=$sn + “ ” + $givenName

$homediruser=$homedir+""+$sAMAccountName
$userPrincipalName=$sAMAccountName + “@sb.local”
$objUser=$objOU.Create('user','CN='+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
#remove below if homedrive isn't used.
$objUser.Put("HomeDrive",$homedrive)
$objUser.Put("HomeDirectory",$homediruser)
$objUser.SetInfo()
$objUser.SetPassword("P@ssw0rd")
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.SetInfo()
write-host "User :"$sAMAccountName" created"

}
write-host "Users created"

 

Above script imports users from csv file looking like this:

FirstName,LastName
John,Doe

 

Also to set permissions the following might work, i’ve already forgotten. anyways it might almost work with some modifications.

 

#script to give full control NTFS permissions on a directory to the domain user with the same name of that directory

#script settings

$domain = “contoso.local”

$root = “d:\data\users\”

#don’t edit below here
$folders = Get-ChildItem $root

ForEach ($folder in $folders)

{

$username = $domain+“\”+$folder

$permissions = Get-Acl $folder

$userpermissions = New-Object System.Security.AccessControl.FileSystemAccessRule($username,“FullControl”, “ContainerInherit, ObjectInherit”, “None”, “Allow”)
$permissions.AddAccessRule($userpermissions)

Set-Acl $folder $permissions

Write-Host “Set permissions on $folder for $username”

}

I don’t take cred for creating the scripts from scratch. I found them on the net, but was in a rush at the time so i didn’t note the address. They weren’t perfect to begin with, but i’ve modified them so they work for my purposes.

next step would be to add them to groups auto, but this is step is fairly painless in the gui so we’ll hold of on that for the time being.

RDS–Disable Office update settings

When first time users start their Office it’s nice to not have to specify how you want updates to be installed.

Especially on a Remote Desktop Server, where the user don’t have the permissions for it anyways.

To get rid of it

1. Download Office 2010 Administrative Templates

2. Create new GPO>Add Template for Office 2010

3. In Microsoft Office 2010 > Privacy > Trust Center > Enable (Disable Opt-in Wizard on first run)

4. Apply GPO to the user OU.

References:

http://www.microsoft.com/en-us/download/details.aspx?id=18968