joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

5/20/2007

Good Movie: Man of the Year

by @ 2:04 am. Filed under general

I watched Man of the Year this evening, good movie, I laughed, I thought it made a lot of good political and state of the country points. Had to chuckle when Jeff Goldblum found out Eleanor didn’t lose her access to the systems when she was fired and commented something like, “Wasn’t that a bad idea?”. I have to say, that is more of a real situation than many people who don’t deal with that kind of stuff would like to think it is. 

I also found the fact that the company was willing to bury the problem and set Eleanor up to be the fall guy and then try to kill her to be believable. Some of the stuff I have seen in big business has leaned in that direction of badness, just not quite to that extreme but then, I have never been around the stuff that could embarrass a company out of existence. I have had more than one occurrence that occurred to me though of someone making up things about me or stuff I had done to try and get me and my judgement and character called into question. Both by big companies and small wannabe’s. Hasn’t worked in any case, its tough to bust someone and “turn them out” when they are already willing and in the process of telling the truth. If I screw up, I am one of the first to call attention to it. How can you trust me otherwise?

In general, I think Douglas Adams got it right… the President is the person who distracts you while the real people running the “universe” do so undisturbed. Certainly if Bush were truly running things, I think we would be much worse off (don’t get me wrong, I think there is a lot of screwed up stuff but it could be worse). I wouldn’t trust him to find his way from my house to my mom’s house (about 200 miles away) if he had a map and a GPS.

 

Lots of great one liners in the movie that will make you laugh out loud, here are just a few:

I did inhale because I thought ‘What the hell, it’s lit, it’s in my hand, I’ll inhale it.’

If you’re representing special interest groups, maybe we should be like NASCAR with the little patches on the back: ‘Enron: We take your money and run!’

I did not have sex with that woman. I wanted to…

HMOs will pay for your Viagra, but they won’t pay for your glasses. So you can have a hard-on, but you can’t see where to put it.

 

There was also a great bit about how in customs we interrogate 80 year old women who are citizens of the US but let entire “illegal” families fly across our border to the south with dinette sets. Basically saying it is tougher to get into the US as a legal citizen than otherwise.

Rating 3.00 out of 5

5/19/2007

Annoying…

by @ 8:24 pm. Filed under tech

Since I upgraded to the latest version of WordPress I can’t get LiveWriter to upload images; says the site doesn’t allow it. How annoying. Anyone else seeing that? I will have to get out WireShark and do a network trace when I get a chance.

   joe

Rating 3.00 out of 5

Halo 3 – The countdown begins…

by @ 7:55 pm. Filed under tech

Have you scheduled September 25th (and the week or two after) off from work yet? That is the release date for Halo 3. I will buy my XBOX 360 a month or so before that date so I know I have a good solid machine (yes, I don’t have the XBOX 360 yet and yes I would pay that much for it just to play Halo 3).

http://www.bungie.net/News/content.aspx?type=topnews&cid=12467

Rating 3.00 out of 5

The IT Crowd…. State side.

by @ 7:51 pm. Filed under humour

Hmm, not sure how I feel about this. Those who have read the blog for some time know I love The IT Crowd out of England. I would be perfectly happy for them to broadcast that version here but it looks like, similar to The Office, they are recasting it for the US.

http://www.nbc.com/Fall_Preview/The_IT_Crowd/cast_credits.shtml

Moss is the same actor which is great, but they changed Roy, Roy was absolutely hilarious in the British version. He reminded me of a couple of guys I know in IT right now. Jen looks like a cuter version of Jen and is Blonde which fits the States well. They changed the manager, I thought the last manager was pretty funny. Like Roy, this new guy has some big shoes he has to try and fill.

Rating 3.00 out of 5

5/17/2007

American Idol

by @ 12:57 am. Filed under general

So we are down to the final two… While Melinda was certainly a better singer than Blake, she really had no real personality and the one she had the “Oh who me? I am that good?” was really worn out, I was tired of that after the first 2-3 weeks of her being told she was really good and her responding… “No…. Really??”. It was sort of like when Pickler tried to really push the air-head angle. It seems some of the folks find some personality groove and try to stay in it even if it doesn’t make sense. She is a good singer though, but I expect her doing more studio stuff versus going out in front of people; she just doesn’t seem very comfortable up there.

Anyway, Blake… way better entertainer than Melinda, great personality. He is going to get spanked by Jordin though, she is a much better singer. Don’t get me wrong, I like Blake, I like when he keeps his special “sounds” to a minimum and actually sings. But him and Jordin are in different classes and that whole complaint from Simon of “Old lady in a 17 year old body…” just relax Simon. She isn’t old enough to have her own “feel” yet, IMO. She’ll get it, right now she is just showing off the fact that she has great talent and her singing skills are not necessarily shown off by the latest songs.

Rating 3.00 out of 5

Microsoft Take Heed – Virtual Server Management Through IIS Sucks.

by @ 12:35 am. Filed under tech

For some reason, I don’t care why to be quite honest, my virtual server management website isn’t working now on one of my Virtual Server 2005 R2 hosts. It works if I hit the website from another page but if I am sitting at the console it doesn’t work. I get a completely non-useful message from IE even when I turn off “friendly” messages and I’ll be damned if I can pull together the strength to wade through the IIS logs to try and decode them and figure it out….

Again, this complete and utter failure doesn’t bother me a whole lot other than the fact that it makes me think about how badly this management interface sucks. Who the hell thinks to make the management of their server installed app dependent on IIS working properly? Lazy people, that’s who. Offer a web interface but give an actual interface that doesn’t rely on IIS as well in the off chance that IIS isn’t working properly or some change to IE makes it so it doesn’t want to work either…

Some bright person at MSFT, apparently named Paul took it upon himself to write a tool called VMRCPlus. I got a hold of this quite a long while ago through unnamed sources (names withheld to protect the guilty) and I have to say, it isn’t as pretty as the website, but it sure works well. It even works with IIS completely turned off, imagine that… Oh not hard for me to imagine… Hey Virtual Server Developers, how about you imagine that…

I can honestly say, without VMRCPlus, I would have ripped Virtual Server off of my machines in a heartbeat and replaced with VMware Server. Actually one of two of my machines that has VS 2005 R2 loaded on it is getting some new hard drives this week and being reloaded, guess which virtualization software is going on it? I have had such a great experience with VMWare Server on SuperFastVirtualMofo (SFVM) that I am going to load that instead of reloading VS 2005 R2. I mean I totally hate the fact that they lost the stacking capability but I have so much better luck with the interface, and to me, it just seems so much more responsive that it really isn’t a choice.

I do have to say though that I am looking forward to playing with Viridian on Longhorn. Love the idea, Server Core Windows machine running as the host… Oh yeah. I really really hope that the management interfaces don’t all come down to IIS because I wouldn’t use it then… though I have heard that isn’t the case so phew.

  joe

Rating 3.00 out of 5

Finding protected ACLs just got that much easier…

by @ 12:02 am. Filed under tech

I am working on AdFind again, well, let me say that it is pulled up in the IDE again. I am almost always tweaking it and usually have a special version I run that has more fun stuff in it than the version you all get to run. For example I have been running V01.37.00 now for several months and adding to it right along. This evening I added a new shortcut switch that takes advantage of some other new switches. The new shortcut switch is an attempt to make finding protected ACLs (ACLs that are set not to inherit – you know like what happens to objects that have been dinged by AdminSDHolder…) much easier.

Previously I discussed how to find objects with protected ACLs, I was never satisfied with that solution because, while it was easier, it was a long command to type and it required a second binary. I generally hate that unless I have absolutely no choice. So you will recall previously from http://blog.joeware.net/2007/01/06/756/ that you could use the command

adfind -h 2k3dc02 -gc -null -f * ntsecuritydescriptor -sddl -onlydaclflag -csv |grep “] P”

could be used… well once V01.37.00 goes live, you can run the following command instead (well the search bases are different but you knew that):

F:\Dev\CPP\AdFind>adfind -sc aclnoinherit -default

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) May 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:CN=VolumeTable,CN=FileLinks,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=AdminSDHolder,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=WMIPolicy,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

[SNIP]

dn:CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=HideMe,OU=HideTest,OU=TestOU,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={FDC4F256-F4C3-4251-A439-49C43C5C4D02},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={BC824D7B-4297-4B87-A07D-A4C8EC39E375},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

26 Objects returned

oh, you need that in CSV format… Add -csv

F:\Dev\CPP\AdFind>adfind -sc aclnoinherit -default -csv
“dn”,”ntsecuritydescriptor”
“CN=VolumeTable,CN=FileLinks,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=AdminSDHolder,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=WMIPolicy,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=SOM,CN=WMIPolicy,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Administrator,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Administrators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Print Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Backup Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Replicator,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=krbtgt,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Domain Controllers,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Schema Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Enterprise Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Domain Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Server Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Account Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=$joe,OU=Users,OU=My,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=testadmin,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=TestAdminClone,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=ADMINONLY,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=HideMe,OU=HideTest,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={FDC4F256-F4C3-4251-A439-49C43C5C4D02},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={BC824D7B-4297-4B87-A07D-A4C8EC39E375},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”

Cool eh?

I am not sure when V01.37.00 will be available, I am adding Longhorn stuff to it as I figure out what needs to be added. I am thinking though that I am within a week or three of putting a fork in it unless something else comes up.

     joe

Rating 3.00 out of 5

5/16/2007

Event Tracing for Active Directory

by @ 2:14 am. Filed under tech

Is anyone out there really doing this? I recently started looking at the docs for it and the output from a trace and I can’t say that it is very friendly output nor is the documentation very friendly in general.

Rating 3.00 out of 5

Customer Success Story

by @ 1:50 am. Filed under general

The people who use my free utilities and/or read my posts aren’t truly customers since they don’t pay for the goods I supply but I still consider them customers when I think about them or get pinged by them.

Well one “customer” sent me a nice success email today and I wanted to share it with everyone else. Enjoy:

Just thought I’d let you know that I did a network trace to troubleshoot an AD issue for the first time yesterday.  After contemplating what was going wrong for a few minutes, your repeated requests for a trace echoed in my head.  While I’ve done a few traces for other issues in the past, this was my first for AD.  Sure enough, it revealed that Websense, when building a DN, mistakenly assumed that “folder” was a container, so I got cn=username,cn=staff,dc=domain,dc=edu instead of cn=username,OU=staff,dc=domain,dc=edu…it’s always the little things.

Thanks.

Network traces are a GOOD thing. It is amazing how many problems you can quickly and easily troubleshoot if you just get off the couch and do the trace and look at it. You don’t have to be a network protocol guru in order to get good info from a trace, the parsers built into Wireshark are generally more than enough for at least basic LDAP traffic. RPC traffic, I understand, that stuff is a pain to wade through an LDAP query though… simple stuff.

I responded and congratulated the customer on the successful operation and he further pointed out issues in the WebSense app that others may find beneficial to hear.

Yeah, you’re more than welcome to post this [I requested permission to post the email on the blog to help others – joe].  If you want to turn it into a list of why Websense is the devil, you can add their request to increase the MaxPageSize, the alleged requirement for a domain admin [1], and the clear text transmission of those credentials, as discovered in the aforementioned trace.

[1] I’m not really sure if they’re saying the user needs to be an admin on the Websense box or on the domain, but in any case, it works with a standard user.  Also note that the password listed there [customer included a screen shot of the websense dialog – joe] IS the actual password, replaces by asterisks.  So, for instance if there password was P@$$word1 and I change it in AD to P@$$word2, I can go back into this page, delete the last * and type 2 and the password will be updated.  Not sure that that’s a real big deal, but it just doesn’t sit well with me 🙂

Rating 3.00 out of 5

Blog software updated

by @ 1:37 am. Filed under updates

I have updated the blog server software so if you notice any issues, please let me know!

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]