Sunday, November 30, 2008

Sycronize Windows Files to External Drive

Issue:
You want to have the same files at home and at work and keep them in Sync

Quick/Visual/Learning:
I have not been very happy with the speed of the synchronization programs I have tried in the past. There are probably some good ones out there somewhere.

As of right now I am using some free utilities to do the job. Robocopy is a fast command-line copy utility from the Windows Resource Kit that you can download here. There are a lot of options and you can get some instructions for those here.

Typically what I do is copy my work files to an external disk to take home and my home files to an external disk to take to work. (I am sure someone has figured out a secure over the Internet windows to windows sync but I have not taken the time yet to find it).

So I use robocopy in a bat file like this:
robocopy "C:\Sync" F:\Sync /mir /z /R:0 /W:0 /v /np /log:Sync2Home.txt

This is fast and works great. Only newer files get updated. The /mir will remove old things from the F drive that I have deleted from my master file copy on the C drive.

The problem is that if I forget and make a change on my F drive those changes get deleted the next time I run the robocopy command. This happens because the /mir trys to make the target look just like the source and extra stuff on the F drive is deleted.

As a workaround for this I decided to use the /xo /xx switches. The /xo command says to not backup files where the source is older. The /xx says not to delete extra files and directories on the destination.

Now changes on the destination do not get wiped out but I need to reconcile any differences. I need to quickly find the problem areas (these get logged to the log file). I use another tool called baregrep to search for destination files marked as Newer or Extra. This tool can be found at baremetalsoft here.

So what I have now in my bat file is this:

robocopy "C:\Sync" F:\Sync /mir /z /R:0 /W:0 /v /xo /xx /np /log:Sync2Home.txt
baregrep "Newer(vertical bar pipe symbol goes here)EXTRA" robologhmhsync.txt

This shows me a list of things I need to fix. If there were a lot of changes this would be too much work but for now my changes are few.

Extra stuff is easy just copy it over to the source drive.
If the file is newer on the destination drive I could just copy it over as well as long as the source file has not changed too since the last backup. Any file that I might change is either going to be a Word, Excel, or a text file.

For text files I can use the dos FC command to find differences.

> fc C:\Sync\File F:\Sync\File /N

Here is a test I did:

C:\>fc t.txt c:/test/t.txt /n
Both of these files had the letter a through p, on letter to a line.
I added a line of text to the source and another line to the destination file.

Comparing files t.txt and C:/TEST/T.TXT
***** t.txt (YOU SEE TEXT WAS INSERTED ON LINE 3)
2: b
3: Text added to Source File
4: c
***** C:/TEST/T.TXT
2: b
3: c
*****

***** t.txt (YOU SEE THAT TEXT WAS INSERTED ON LINE 9)
9: h
10: i
***** C:/TEST/T.TXT
8: h
9: Text added to Destination File
10: i
*****

For Word and Excel file I can use the merge command to merge any changes.

In Excel
For each workbook, Go to Tools>Share Workbook..
On the Edit tab select the check box that says:
"Allow changes by more than one user at a time to enable workbook merging."
Go to Tools and do Merge command and pick the other file.
Cells get updated with note about changes when done.

Tools / Track Changes / "Accept or Reject Changes"
Lets you approve or reject each change.


In Word (Here is a good page for this)
Open source document
Go to Tools menu / Compare and Merge Documents
Merge (legal blackline unchecked)
Changes are updated and you can accept or reject changes.

Friday, November 28, 2008

Standard Outlook Signature File

Issue:
Implement standard Outlook signature file for all users.

Quick/Visual/Learning:
Open Outlook and create a signature file that you will use as a template.

Note added 4/22/09 Here is a link to a company that sales software that looks like it makes this easy to do and manage. They promote it for email disclaimers but it also does signatures. After watching the demo it looks pretty good.


Enter a name for a blank template file (SigTemplate in this example) and click next

Click on the “Advanced Edit…” Button and click Yes to the warning message.

Enter text in the template as a placeholder. Instead of pressing Enter at the end of each line, use Shift Enter to avoid the blank line problem. Also if you want to specify a color do not leave the font color as auto, change it to what you want (otherwise the color may change on you).

You can insert a logo or picture if needed.

You can right click the logo and select to make it a hyperlink to a web page.
Close and Save the file. Click OK to get out.

You now have the template in your signature file directory. Note: You may need to enable viewing of hidden directories C:\Documents and Setting\UserNameHere\Application Data\Microsoft\Signatures

If you have a logo/picture there will be a directory with the associated picture files. You will need to copy both the .htm file and the directory to each computer where you want to implement the standard signature. Place the files, as indicated before, in the directory

C:\Documents and Setting\UserNameHere\Application Data\Microsoft\Signatures

Be sure to replace UserNameHere with the profile directory name listed in the Documents and Settings folder of the target machine.


Now the new users just needs to open Outlook, select the signature, and edit the signature text.

Here are Example instructions for the workstation users.
--------------------------------------------
New Outlook signatures files have been place on your computer. These files are intended to be a company standard. If you are currently using a different signature file please replace those signature files with these new ones. You will first need to modify the signatures so that they contain your correct job title and name. These are quick changes so please take a couple of minutes and do this now.

Open Outlook and edit the Outlook signature files.

Click on Tools/Options/Mail Format tab/Signatures button.

Edit the SigTemplate file. Do not change the font, just select the text "Name", enter your name, select the text "Title" and enter your title. Enter the correct phone number.Click OK after you making these changes.

Click OK to exit this window and go back to the previous window.

Select the SigTemplate from the "Signature for new messages:" drop down box.
Click OK to finish.

Other links:

http://office.microsoft.com/en-us/outlook/HA011189141033.aspx

http://www.howto-outlook.com/howto/signatures.htm

Wednesday, November 26, 2008

Configuring FTP server

Issue:
References for configuring FTP servers

Quick: Windows components install IIS, Details check box for FTP

Visual/Learning:
Links with information about FTP configuration.

Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/Creating-Configuring-FTP.html
http://msdn.microsoft.com/en-us/library/6ws081sa.aspx
http://www.simongibson.com/intranet/ftp2003/ isolation mode

Monday, November 24, 2008

Exchange - Delete Mailbox

Issue:

Deleting an Exchange mailbox but keeping the network account.

Quick:

Open AD Users and Computers, Select User, Exchange Tasks, Delete Mailbox

Visual/Learning:

Right click on the users and select Exchange Tasks

Wizard opens, click next

Select Delete Mailbox and click Next

Click Next

Click finsihed and your done.

Friday, November 21, 2008

Smoothwall NAT like Modification

Issue:
Need multiple external RED IP addresses on the Smoothwall firewall server.

Quick:
Install Full Firewall Control modification from sourceforge.net site

Visual/Learning:
First you need to download the modification from the souceforge.net site.

http://sourceforge.net/project/showfiles.php?group_id=114890

This is the file we downloaded SW3 Full Firewall Control


You can download and copy it to the firewall or you can download it directly to the firewall with the wget command.

First get the path and the name of the file from you browser.

Right click on the file and get properties on the file



Get path and name from the properties page


Now I connect via SSH to the firewall using PuTTY application (port 222)

Next change directory to root directory – cd /

Then change to the tmp directory – cd tmp

Note: If you download some other way, in the end this is where you need to put the downloaded file.

Type the command wget Path/FileName.

After the file downloads you should be able to do a list command and see the file

ð wget http://sourceforge.net/project/showfiles.php?group_id=114890&package_id=262627&release_id=623482/SW#-Full-Firewall-Control-v1.0.2.tgz

ð ls

Next extract the file using the following tar command.

ð tar zxvf ./Full-Firewall-Control-v1.0.2.tgz -C /

Run this command to install -> sh /tmp/install.sh

That should do it. The firewall will now have controls for doing network address translation.




To uninstall
Login to smoothwall with PuTTY
Go to
/Var/smoothwall/mods/full-firewall directory
Type ./uninstall.pl

Monday, November 17, 2008

Import Exchange GAL To Contacts - 3

Issue:
Import contact data into Outlook from Excel.

Open Outlook to import the data. Select the contacts folder, File menu, select “Import and Export”.

Select “import from another program” and click Next

Select Microsoft Excel

Select the Excel file to import and click next

Select the target contact folder


Click on the button to “Map Custom Fields”

Below is a short movie on how to map your fields from the spreadsheet. You just need to drag and drop them over.



Click OK and Finished and the data get imported.


Now if you have a mobile device that synchronizes with your contacts list it will show up on your phone.

Friday, November 14, 2008

Import Exchange GAL To Contact - 2

Issue:
Need to cleanup the Global Address List data for import to Outlook contacts.


Quick/Visual/Learning:
Open the Excel sheet and delete the unneeded column A with the database ID fields. Sort and clean up the data so you have only the entries you are interested in.


Here I have 5 example users after doing the sorting and deleting



Now I need to fix the email address field. The addresses here are in the format that Exchange server understands, but for my contact list I want the SMTP addresses in the format of User@CompanyName.com. I use a formula in Excel to fix these. I know that all my users email addresses are equal to their alias (first initial and last name) at MyCompanyName.com. I over write the address field with the formula =w2 & “@mycompany.com”. W2 is the field that has the alias and & tacks on the text for the “at company name” part of the address.



Like magic the formula builds my email address for me. Now I can copy this field down the sheet and it will generate the addresses for all my users.




Paste into the cells below




More magic, there they all are.




Delete any unneeded fields like E-Mail type.




Save changes to the spreadsheet.

Next posting will show how to import the data to Outlook

Import Exchange GAL To Contacts - 3


Wednesday, November 12, 2008

Create Email Change Nag Notice

Create a rule
Jpg01
Blank Rule
Jpg02
Click on next
This is the window that check for conditions.
Have rule look at “specific word in the message header”
Look for the old email address @OldAddress.com
Click OK
Jpg03
Click on next
This is the window where you specify actions
Select “have server reply using a specific message”
Clicking on the text “specific message” brings up a message window.
Enter your notice regarding change of address.


Jpg04

Click on next

This is the window for exceptions
Select except if the subject contains specific words
Add SPAM to the list and click OK
Click finished


Jpg05

Monday, November 10, 2008

Import Exchange GAL To Contacts - 1

Issue:
Blackberry import of GAL Contacts. While you can do a lookup on the Exchange server global address list, some users wanted to have GAL directly on a Blackberry phone contact list for convenience.

Quick:
Export using Access, Export to Excel, Fix Fields, Import to Outlook


Visual/Learning:
Open Microsoft Access and create a blank database.
Under File select “Get External Data”Select Import

Select the file Type of Exchange()

In the wizard select “Global Address List”


Select to create a New Table and click Finished

Now you see the Global Address List as a new table.

Click on it to open

Here you see users along with distribution lists. Our distribution lists do not have First and Last names or Titles so you see that these fields are blank This is handy because we can later do a sort to remove these if we want.

On the file menu select Export

Select one of the Excel formats in the drop down file type box and save the file to a Excel sheet.



Posting 2 will show how to clean up the address list in Excel

Friday, November 7, 2008

Blank Or Gap In Add/Remove Programs Window

Issue:
You notice that when you go to the add remove programs window there is a huge gap. Also may have just a blank window.

Quick:
Gap - Autocad issue- Search registry Data only for this acad.exe,-1 or this aclt.exe,-1 and change the negative 1 to just a positive 1
Blank Window - start =>run=> - Regsvr32 appwiz.cpl

Visual:


Learning:

Found link here that has the answer:
---text from link---

The problem, believe it or not, is simply that the entry in the Registry for the AutoCAD uninstaller specifies its icon incorrectly. There's a simple fix. (If there's some other underlying problem such as updates installed in the wrong order, as you've deduced, that won't be corrected; but it will get rid of the huge gap in Add/Remove Programs.)

Using regedit or some other registry editor, search the Data fields for the string aclt.exe . (You do not need to search the Key or Value fields, just Data).

Step through ( in regedit) the entries in which aclt.exe appears watching for one where aclt.exe is followed by a comma and -1 .

When you find such an entry, it should be the data field for a DisplayIcon key. The aclt.exe will be preceded by the full path to that file in your installation, so it will look something like "C:\Program Files\AutoCAD 2002\aclt.exe,-1".

Edit the data string, changing the -1 to 1.

That's it! I've never found more than one of these entries in a registry at one time, but I won't swear that couldn't happen, so you might want to continue searching to make sure.
---end text from link---

Monday, November 3, 2008

Windows - Using Non-Admin Account

Issue:
Avoid some security risk by using windows without adminstrator rights and still get stuff done.

Quick/Visual:/Learning:]
Found this helpful blog posting => site. I add the text below as well

--- Text from David Wang Blog site ---
HOWTO: Run as normal user (non-admin) on Windows
Sometimes, I wonder and worry about the vast majority of Windows users that run with administrative privileges. Most of them probably do this blindly because it is the default auto-login for Windows XP and do not know any better. This tells a lot about the power of having secure defaults...

However, such unnecessary privilege comes at a great price: spyware / malware / virus / trojan / worm freely misuse such privileges to infect and proliferate. And in knee-jerk response, a whole security industry dedicated to corraling these miscreants spring up and some even enter the Microsoft product line and Windows Update.

But, no one seems to be tackling the fundament security problem:

Users running with more privileges than necessary
Social Engineering and poor computing habits
As I had discussed earlier, the effective computer system security is simply the weakest link amongst Software, Configuration, and Policy. Simply focusing on using Software to compensate for a lack of secure computing practices (Policy) does not improve security. I mean, we can come up with perfectly written Software with no bugs nor security vulnerabilities and Configure the system securely yet functionally, but if the user runs as administrator because "things work better" or blindly follow instructions to get themselves rooted, all the effort is for nothing. This is why I think that such actions do wonders for PR and user perspection (and sometimes, changing perceptions is "the goal"), but it really does not raise the bar.

I do not know about you, but I like making real progress, not perceived progress. So, I am going to show one approach that I use to not run as administrator to safely compute on Windows - both at home and work.

I mean, I really hate personal security software from McAfee, Symnatec, etc because they assume how you want to work (so many people fail to install IIS on Windows XP due to these software packages "breaking" IIS in subtle ways to prevent installation/functionality), and they do not do much more than common sense... so I consider them unnecessary bloatware that gets in my way. Yes, I do not run security software on all of my machines; no virus scan, no email scanner, nada. I just run as normal User with Windows Firewall sealing off all ports and common sense against social engineering. :-)

Securing the Computing Environment
No, I am not going to wait for Windows Vista, LUA, and various other security advancements to help run as non-administrator and secure my computing environment... not when I can do it all right now from Windows 2000 on up.

What I do is basically:

Run as the normal User, with no privileges changes from the default
Run a special "root" console window (that is a different color) as a user with administrative privilege
Leave the Firewall on and do my job as the normal User, and on the special occassions where I need elevated privileges, I launch commands out of the special "root" console window
That is it. It is functionally similar to how LUA will work in Windows Vista, except with GUI dialog boxes instead of console commands. And this is how I create the desktop shortcut to launch my special "root" console window (I actually just copy the same shortcut on all my machines to %ALLUSERSPROFILE%\Desktop):

Right Click on the desktop and create a shortcut
Paste in the following as target for the shortcut (in my case, I rename the Administrator to "root"):
%windir% \system32\runas.exe /u:%COMPUTERNAME%\root "cmd /T:3E /k @title root && start /min %windir%\system32\taskmgr.exe"
Choose your shortcut title - I use "root"
Change the icon to something obvious. I use the icon in SHELL32.dll that contains a key with two people.
I change the screen buffer size to 50 Width and 2 Height - so that the shortcut just shows a small window containing:
Enter the password for %COMPUTERNAME%\root:
I also change the shortcut's text and background color to Yellow on Cyan so that it matches the color scheme of the root console window - just so that the window is very obviously different than the white on black of normal console windows.
Now, what are some of the "inconveniences" that I incur by doing this? Well:

I lose the ability to install/uninstall programs as myself. But, I just run "appwiz.cpl" or the program's setup EXE from the root console window and things usually work. If they do not, I consider it a product bug.
I lose the ability to run Windows Update for patches. This is something that I cannot do from the root console window, so I have to login as an administrator and let Windows Update client run every six months or so. Yes, I do this infrequently because I run my computers securely, and I only login once every six months or so, so this is no bother.
I cannot kill any process that I want. But, that is what the TASKMGR.EXE run as root (from my shortcut), or TASKKILL.EXE in the root console window is for.
I cannot Remote Desktop into that machine by default. On Windows XP and later, I just add my User to "Remote Desktop Users" group. On Windows 2000, I have to use the root console window to launch MMC with the "Terminal Services Configuration" snapin, select Properties on the RDP-TCP connection, and add my user to the "Permissions" tab of that connect (Windows XP and later pre-create and populate the "Remote Desktop Users" group into this Permissions list).
I cannot configure networking or Windows Firewall. But, NETSH.EXE on Windows XP/Windows Server 2003 works wonders inside a root console window.
I lose the ability to change the system date/time. But, I just use the DATE or TIME commands in the root console window as necessary.
I can no longer start/stop services. Well, that is what NET START, NET STOP, and SC QUERY commands in the root console window are for...
I cannot change file ACLs to grant myself privileges. But CACLS does that nicely from the root console window.
Overall, I find that the "inconveniences" happen very rarely in my day-to-day activities. You rarely install programs, patch, reconfigure networking, stop/start services, and change system date/time and file ACLs on a daily basis... so it makes sense to not run with administrative privileges

Now, I know that there are cases where you may want to run a program but that program only works when run as administrator... such as games or other older software... but I tend to leave them alone. The way I think about it, until the users revolt with their pocket books, application providers have ZERO incentive to fix/improve their code. So, I do not buy such software and if I do, I bug the heck out of their support staff and complain that their product is insecure because it requires me to run with administrative privileges. Hey, some have listened and changed. :-)

Well, I know that this does not solve all your problems on Windows, but hopefully it can help you solve a good chunk of your security concerns. I am interested in hearing some of your stories regarding this topic...
--- end text from site ---