ISM Cyber Security Terms

ISM Cyber Security Terms

Asterisk/FreePBX/Elastix add Listen/Whisper/Barge facilities to your PABX

If you have PABX server like Asterisk / Free PBX / Elastix and want to  feature to listen / whisper / barge to other calls.

ChanSpy can give you ability to achieve this feature.

So here’s what you can do. If you’re using this as it is, make sure that there are no feature codes using *331 & *332 & *333.

Add below code to extensions_custom.conf. Reload asterisk and you should be able to listen on extension 1001, simply dial *3311001.

[ext-local-custom]

;listen
exten => _*331x.#,1,Macro(user-callerid,)
exten => _*331x.#,n,Answer
exten => _*331x.#,n,NoCDR
exten => _*331x.#,n,Wait(1)
exten => _*331x.#,n,ChanSpy(sip/${EXTEN:4},q)
exten => _*331x.#,n,Hangup

;whisper
exten => _*332x.#,1,Macro(user-callerid,)
exten => _*332x.#,n,Answer
exten => _*332x.#,n,NoCDR
exten => _*332x.#,n,Wait(1)
exten => _*332x.#,n,ChanSpy(sip/${EXTEN:4},qw)
exten => _*332x.#,n,Hangup

;barge
exten => _*333x.#,1,Macro(user-callerid,)
exten => _*333x.#,n,Answer
exten => _*333x.#,n,NoCDR
exten => _*333x.#,n,Wait(1)
exten => _*333x.#,n,ChanSpy(SIP/${EXTEN:4},qB)
exten => _*333x.#,n,Hangup



Now, say there are some extensions like managers, CEO, CIO that you don’t want to be listened on, there are many ways to do it. Easy way to do this, add following code the above set.

Here, no one should be able to listen/whisper/barge on extension 1007’s calls. What this code does is if someone tries to do be naughty, it will simply hangup the call.

;blockaccess
exten => _*3311007,1,Macro(user-callerid,)
exten => _*3311007,n,Hangup
exten => _*3321007,1,Macro(user-callerid,)
exten => _*3321007,n,Hangup
exten => _*3331007,1,Macro(user-callerid,)
exten => _*3331007,n,Hangup


If you are using PJSIP then
change

,n,ChanSpy(sip/${EXTEN:4},qw) 
to
,n,ChanSpy(pjsip/${EXTEN:4},qw)


Also you may want to try with password

[from-internal-custom]
exten => 5555,1,Macro(user-callerid)
exten => 5555,2,Authenticate(YOUR PIN like 12345)
exten => 5555,3,Read(SPYNUM,agent-newlocation)
exten => 5555,4,ChanSpy(SIP/${SPYNUM))

how to remove IMAP Property from Outlook folder

• Get MFCMAPI . If you have 64 bit office, you need 64 bit MFCMAPI. 

• Open MFCMAPI, go to Session, Logon

• Select your profile

• Double-click on the affected data store. This should open another windows.

• Expand Root - Mailbox

• Expand Top of Information Store or IPM_Subtree

• Select Inbox

• Look for PR_CONTAINER_CLASS in the right pane, double-click on it.

• Change IPF.IMAP to IPF.Note then click OK to close the dialog.

• Repeat for each folder that was exported from an IMAP data file.
• When you are finished, close the MFCMAPI window, click Session, Logoff on the last MFCMAPI window.

How to convert a PFX to a seperate .key/.crt file

In this article I’m going to show you the commands you need to convert your .PFX Certificate file to a seperate certificate and keyfile. This article can come in handy when you need to import your certificates on devices like Cisco routers/loadbalancers etc. where you probably need to import the certificates and keyfiles in plain text (unencrypted). My tool of choice (but there might be others) is OpenSSL for Windows, which can be downloaded here


So after you installed OpenSSL you can start it from it’s Bin folder. I’d like to put OpenSSL\Bin in my path so I can start it from any folder. Fire up a command prompt and cd to the folder that contains your .pfx file.

First type the first command to extract the private key:

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

What this command does is extract the private key from the .pfx file. Once entered you need to type in the importpassword of the .pfx file.  This is the password that you used to protect your keypair when you created your .pfx file.  If you cannot remember it anymore you can just throw your .pfx file away, cause you won’t be able to import it again, anywhere!.  Once you entered the import password OpenSSL requests you to type in another password, twice!. This new password will protect your .key file.

Now let’s extract the certificate:

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

Just press enter and your certificate appears.

Now as I mentioned in the intro of this article you sometimes need to have an unencrypted .key file to import on some devices.  I probably don’t need to mention that you should be carefully. If you store your unencrypted keypair somewhere on an unsafe location anyone can have a go with it and impersonate for instance a website or a person of your company.  So always be extra careful when it comes to private keys! Just throw the unencrypted keyfile away when you’re done with it, saving just the encrypted one.

The command:

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Again you need to enter an import password. This time you need to enter the new password that you created in step 1.  After that you’re done. You decrypted your private key. In the folder you ran OpenSSL from you’ll find the certifcate (.crt) and the two private keys (encrypted and unencrypted).


In some cases you might be forced to convert your private key to PEM format. You can do so with the following command:

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Disable Sync Center VIA GPO

An easy way of preventing mobsync.exe from running on system startup.

1) Within your group policy, expand User Configuration 2) Expand Window Settings 3) Expand Security Settings 4) Expand Software Restrictions 5) Double click Additional Rules 6) Right click and click new path rule 7) Add %windir%\system32\mobsync.exe 8.) Follow step 6 again and add %windir%\system32\mobsync.exe

Wordpress installation 5 Minute Super Guide

5 Minute Super Guide:

Main Install

Make sure CentoOS is upto date:

yum update

Install Apache/Mysql/PHP/Unzip/Wget:

yum -y install mysql-server httpd php php-mysql unzip wget

Enable Apache and MySQL

chkconfig httpd on
chkconfig mysqld on

Start Apache and MySQL

/etc/init.d/mysqld start
/etc/init.d/httpd start


Set root password for MySQL (IMPORTANT!)

mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD("NEWPASSWORD") where User='root';
mysql> flush privileges;


Setup WordPress Database

mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'YOURPASSWORD';
mysql> FLUSH PRIVILEGES;
mysql> quit;

Download WordPress

cd /var/www/html
wget http://wordpress.org/latest.zip

Extract WordPress

unzip latest.zip
rm latest.zip

Move WordPress to Root Directory

mv wordpress/* ./
rmdir wordpress/

Give WordPress permissions to write

mkdir wp-content/uploads wp-content/cache
chown apache:apache wp-content/uploads wp-content/cache ./

Open and configure WordPress

http://your-server-ip-or-hostname/

In the Config enter your SQL Username ‘wordpress’ and the password you set earlier.

Click Save and your all done!

Fixes permissions for Permalinks:

chown apache:apache /var/www/html/.htaccess

Let Appache Edit .htaccess for Permalinks:

nano /etc/httpd/conf/httpd.conf

And edit the Section:

<Directory "/var/www/html">

And Change Allow ovride to:

AllowOverride ALL

Enable Multiple Sites:

define('WP_ALLOW_MULTISITE', true);

Automated email notification for Windows server 2008 backup

Hello All,

Please download attached zip file and extract it to c: drive and follow instrustions from folder script\HowtouseWindowsServerBackupAlerts

emailnotificationforWindowsserver2008backup

Hide Local computer drives

You can instruct Explorer to not display a drive(s) in the My Computer display. When enabled, this policy removes the icons representing the selected disk drives from My Computer, Windows Explorer, and My Network Places and from Common Dialogs. Note that the registry key is Policies\Explorer.

For example, you create partition E: and use it exclusively for NT's pagefile. To prevent a (possibly ignorant) user from browsing to that partition and deleting files that should not be deleted, apply the following Windows NT / Windows 2000 Registry hack :

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersio…
Name: NoDrives
Type: REG_DWORD
Value: To calculate the value, add together the numbers for the drives you want to hide, using the formula: A=1, B=2, C=4, D=8, E=16, F=32, G=64, and so forth. To hide D: & E:, the value would be 8+16=24.

To use system policies to hide drives:
http://support.microsoft.com/support/kb/…

Online tool for calculating the Mask for the NoDrives Registry key, it calculates the mask for any drive combination:
http://www.wisdombay.com/hidedrive/

Automated email notification for Windows backup

The native backup utility found on Windows servers is one cool application that has saved many SMBs real cash! Apart from fulfilling its main functionality, it is found to be very reliable and effective. Problems arise when extra features are required such as, backing up to external storage devices and/or utilizing advanced backup features! One useful feature that is standard in purchasable applications is email notification of backup jobs. The script below gives you that functionality!!!! It’s free and simple to implement!!!!

The implementation steps of the script are as follows:

1. Create a backup job using Windows backup – Start/All Programs/Accessories/System Tools/Backup and set a job schedule
2. Open the window Scheduled Tasks – Start/Control Panel/Scheduled Tasks and find the newly created scheduled job.
3. From the properties window of this job copy the highlighted text from the Run text field
4. Copy this text in a new batch file called ‘mybackup.bat’ (any name you like without quotes)
5. Take a note of the batch file location and enter the full path in the Run text field of step 3 ex: c:\documents\mybackup.bat
6. Close the properties window by clicking OK and enter an admin password if prompted
7. Add the sample script shown below in the batch file after the text entered in step 4
8. Edit the script text to reflect your email & path settings

Sample script

Copied text from step 3 goes here

@echo off
set Sender=”source email addess”
set Receiver=”your email address”
set Host=”IP address of source email server”
set Subject=”Backup name/title”

set logdir=”%USERPROFILE%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data”
REM ex – C:\Documents and Settings\administrator\ for %USERPROFILE%
set result=”%temp%\latestlog.txt”

pushd %logdir%
for /f “tokens=1 delims=” %%I in (‘dir /B /O-D’) do (
if “%%~xI”==”.log” (
type “%%~fI” > %result%
goto :end
)
)
:end
popd

c:\windows\system32\blat.exe %result% -f %Sender% -to %Receiver% -server %Host% -subject %Subject%
del /q /f “%result%”

configure Catch All Mailbox on Exchange server

http://support.microsoft.com/kb/324021


This article describes how to create an event sink to capture all e-mail messages that are sent to a particular domain, and then direct them to a single mailbox.

Note The sample event sink described in this article redirects all e-mail messages that are sent to a domain. For information about how to create more complex event sinks, see the Exchange Software Development Kit (SDK).
Back to the top
Create the script files
Create the following five scripts, and then store them in a folder on the Exchange computer.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
Catchall.cmd
The Catchall.cmd file calls the SMTPReg.vbs script and registers the Catchall event sink. To create this .cmd file, follow these steps:
Type or paste the following code into a text editor, such as Notepad:
cscript smtpreg.vbs /add 1 onarrival SMTPScriptingCatchAll CDO.SS_SMTPOnArrivalSink "mail from=*"

cscript smtpreg.vbs /setprop 1 onarrival SMTPScriptingCatchAll Sink ScriptName d:\mec\catchall\catchall.vbs

cscript smtpreg.vbs /delprop 1 onarrival SMTPScriptingCatchAll Source Rule

Note Modify the path to the Catchall.vbs file to reflect the folder location of the Catchall files.
Save the file as Catchall.cmd.
Enum.cmd
Run Enum.cmd to list event sinks that are registered on the server. To create this file, follow these steps:
Type or paste the following code into a text editor, such as Notepad:
cscript smtpreg.vbs /enum |more

Save the file as Enum.cmd.
Catchall.vbs
The Catchall.vbs script is used to create the Catchall account. Customize this file for your Exchange Server environment.
Type or paste the following code into a text editor, such as Notepad. Save this file as Catchall.vbs.


Edit the Catchall.vbs file to replace occurrences of @example.com with @yourdomain.com, where yourdomain.com is the domain from which you want to redirect the e-mail messages.
Replace all occurrences of bob@company.com with the SMTP address of the mailbox to which you want to redirect all e-mail messages for the domain that you specified in step 2.

Note The e-mail address to which you want to redirect all mail must be from a different domain than the domain from which you want to redirect the e-mail messages. For example, if the domain that you specify in step 2 is @company.com, the e-mail address that you specify in step 3 cannot be bob@company.com. If the domains are the same, the message will continuously loop and will eventually be returned to the sender as undeliverable.

If the recipient must have an e-mail address in the catchall domain (the domain from which you want to redirect the e-mail messages), such as bob@company.com, add an additional domain such as @company.local to the recipient policy for the user, and then add a SMTP address of bob@company.local to the user's e-mail addresses. The address of bob@company.local can then be used as the e-mail address to specify in step 3.
SMTPReg.vbs
Create a script to register the Catchall event sink. To do this, follow these steps:
Type or paste the following code into a text editor, such as Notepad:
'THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT
'WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
'INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES
'OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
'PURPOSE

'------------------------------------------------------------------------------
'FILE DESCRIPTION: Script for registering for SMTP Protocol sinks.
'
'File Name: smtpreg.vbs
'
'
' Copyright (c) Microsoft Corporation 1993-1998. All rights reserved.
'------------------------------------------------------------------------------
Option Explicit

'
'
' the OnArrival event GUID
Const GUIDComCatOnArrival = "{ff3caa23-00b9-11d2-9dfb-00C04FA322BA}"
' the SMTP source type
Const GUIDSourceType = "{FB65C4DC-E468-11D1-AA67-00C04FA345F6}"
'
Const GUIDCat = "{871736c0-fd85-11d0-869a-00c04fd65616}"
Const GUIDSources = "{DBC71A31-1F4B-11d0-869D-80C04FD65616}"

' the SMTP service display name. This is used to key which service to
' edit
Const szService = "smtpsvc"

' the event manager object. This is used to communicate with the
' event binding database.
Dim EventManager
Set EventManager = WScript.CreateObject("Event.Manager")

'
' register a new sink with event manager
'
' iInstance - the instance to work against
' szEvent - OnArrival
' szDisplayName - the display name for this new sink
' szProgID - the progid to call for this event
' szRule - the rule to set for this event
'
public sub RegisterSink(iInstance, szEvent, szDisplayName, szProgID, szRule)
Dim SourceType
Dim szSourceDisplayName
Dim Source
Dim Binding
Dim GUIDComCat
Dim PrioVal

' figure out which event they are trying to register with and set
' the comcat for this event in GUIDComCat
select case LCase(szEvent)
case "onarrival"
GUIDComCat = GUIDComCatOnArrival
case else
WScript.echo "invalid event: " & szEvent
exit sub
end select
' enumerate through each of the registered instances for the SMTP source
' type and look for the display name that matches the instance display
' name
set SourceType = EventManager.SourceTypes(GUIDSourceType)
szSourceDisplayName = szService & " " & iInstance
for each Source in SourceType.Sources
if Source.DisplayName = szSourceDisplayName then
' You have found the instance that you want. Now add a new binding
' with the right event GUID. by not specifying a GUID to the
' Add method you get server events to create a new ID for this
' event
set Binding = Source.GetBindingManager.Bindings(GUIDComCat).Add("")
' set the binding properties
Binding.DisplayName = szDisplayName
Binding.SinkClass = szProgID
' register a rule with the binding
Binding.SourceProperties.Add "Rule", szRule
' register a priority with the binding
PrioVal = GetNextPrio(Source, GUIDComCat)
If PrioVal < 0 then
WScript.Echo "assigning priority to default value (24575)"
Binding.SourceProperties.Add "Priority", 24575
else
WScript.Echo "assigning priority (" & PrioVal & " of 32767)"
Binding.SourceProperties.Add "Priority", PrioVal
end if
' save the binding
Binding.Save
WScript.Echo "registered " & szDisplayName
exit sub
end if
next
end sub

'
' iterate through the bindings in a source, find the binding
' with the lowest priority, and return the next priority value.
' If the next value exceeds the range, return -1.
'
public function GetNextPrio(oSource, GUIDComCat)
' it's possible that priority values will not be
' numbers, so you add error handling for this case
on error resume next

Dim Bindings
Dim Binding
Dim nLowestPrio
Dim nPrioVal
nLowestPrio = 0
set Bindings = oSource.GetBindingManager.Bindings(GUIDComCat)
' if the bindings collection is empty, then this is the first
' sink. It receives the highest priority (0).
if Bindings.Count = 0 then
GetNextPrio = 0
else
' get the lowest existing priority value
for each Binding in Bindings
nPrioVal = Binding.SourceProperties.Item("Priority")
if CInt(nPrioVal) > nLowestPrio then
if err.number = 13 then
err.clear
else
nLowestPrio = CInt(nPrioVal)
end if
end if
next
' assign priority values in increments of 10 so priorities
' can be shuffled later without the need to reorder all
' binding priorities. Valid priority values are 0 - 32767
if nLowestPrio + 10 > 32767 then
GetNextPrio = -1
else
GetNextPrio = nLowestPrio + 10
end if
end if
end function

'
' Search for a previously registered sink with the passed in name
'
' iInstance - the instance to work against
' szEvent - OnArrival
' szDisplayName - the display name of the event to check
' bCheckError - Any errors returned
public sub CheckSink(iInstance, szEvent, szDisplayName, bCheckError)
Dim SourceType
Dim GUIDComCat
Dim szSourceDisplayName
Dim Source
Dim Bindings
Dim Binding

bCheckError = FALSE
select case LCase(szEvent)
case "onarrival"
GUIDComCat = GUIDComCatOnArrival
case else
WScript.echo "invalid event: " & szEvent
exit sub
end select

' find the source for this instance
set SourceType = EventManager.SourceTypes(GUIDSourceType)
szSourceDisplayName = szService & " " & iInstance
for each Source in SourceType.Sources
if Source.DisplayName = szSourceDisplayName then
' find the binding by display name. to do this, enumerate
' all of the bindings and try to match on the display name
set Bindings = Source.GetBindingManager.Bindings(GUIDComCat)
for each Binding in Bindings
if Binding.DisplayName = szDisplayName then
' you have found the binding, now log an error
WScript.Echo "Binding with the name " & szDisplayName & " already exists"
exit sub
end if
next
end if
next
bCheckError = TRUE
end sub

'
' unregister a previously registered sink
'
' iInstance - the instance to work against
' szEvent - OnArrival
' szDisplayName - the display name of the event to remove
'
public sub UnregisterSink(iInstance, szEvent, szDisplayName)
Dim SourceType
Dim GUIDComCat
Dim szSourceDisplayName
Dim Source
Dim Bindings
Dim Binding

select case LCase(szEvent)
case "onarrival"
GUIDComCat = GUIDComCatOnArrival
case else
WScript.echo "invalid event: " & szEvent
exit sub
end select

' find the source for this instance
set SourceType = EventManager.SourceTypes(GUIDSourceType)
szSourceDisplayName = szService & " " & iInstance
for each Source in SourceType.Sources
if Source.DisplayName = szSourceDisplayName then
' find the binding by display name. to do this, enumerate
' all of the bindings and try to match on the display name
set Bindings = Source.GetBindingManager.Bindings(GUIDComCat)
for each Binding in Bindings
if Binding.DisplayName = szDisplayName then
' you have found the binding, now remove it
Bindings.Remove(Binding.ID)
WScript.Echo "removed " & szDisplayName & " " & Binding.ID
end if
next
end if
next
end sub

'
' add or remove a property from the source or sink propertybag for an event
'
' iInstance - the SMTP instance to edit
' szEvent - the event type (OnArrival)
' szDisplayName - the display name of the event
' szPropertyBag - the property bag to edit ("source" or "sink")
' szOperation - "add" or "remove"
' szPropertyName - the name to edit in the property bag
' szPropertyValue - the value to assign to the name (ignored for remove)
'
public sub EditProperty(iInstance, szEvent, szDisplayName, szPropertyBag, szOperation, szPropertyName, szPropertyValue)
Dim SourceType
Dim GUIDComCat
Dim szSourceDisplayName
Dim Source
Dim Bindings
Dim Binding
Dim PropertyBag

select case LCase(szEvent)
case "onarrival"
GUIDComCat = GUIDComCatOnArrival
case else
WScript.echo "invalid event: " & szEvent
exit sub
end select

' find the source for this instance
set SourceType = EventManager.SourceTypes(GUIDSourceType)
szSourceDisplayName = szService & " " & iInstance
for each Source in SourceType.Sources
if Source.DisplayName = szSourceDisplayName then
set Bindings = Source.GetBindingManager.Bindings(GUIDComCat)
' find the binding by display name. to do this, enumerate
' all of the bindings and try to match on the display name
for each Binding in Bindings
if Binding.DisplayName = szDisplayName then
' figure out which set of properties you want to modify
' based on the szPropertyBag parameter
select case LCase(szPropertyBag)
case "source"
set PropertyBag = Binding.SourceProperties
case "sink"
set PropertyBag = Binding.SinkProperties
case else
WScript.echo "invalid propertybag: " & szPropertyBag
exit sub
end select
' figure out what operation you want to perform
select case LCase(szOperation)
case "remove"
' they want to remove szPropertyName from the
' property bag
PropertyBag.Remove szPropertyName
WScript.echo "removed property " & szPropertyName
case "add"
' add szPropertyName to the property bag and
' set its value to szValue. if this value
' already exists then this will change the value
' it to szValue.
PropertyBag.Add szPropertyName, szPropertyValue
WScript.echo "set property " & szPropertyName & " to " & szPropertyValue
case else
WScript.echo "invalid operation: " & szOperation
exit sub
end select
' save the binding
Binding.Save
end if
next
end if
next
end sub

'
' this helper function takes an IEventSource object and a event category
' and dumps all of the bindings for this category under the source
'
' Source - the IEventSource object to display the bindings for
' GUIDComCat - the event category to display the bindings for
'
public sub DisplaySinksHelper(Source, GUIDComCat)
Dim Binding
Dim propval
' walk each of the registered bindings for this component category
for each Binding in Source.GetBindingManager.Bindings(GUIDComCat)
' display the binding properties
WScript.echo " Binding " & Binding.ID & " {"
WScript.echo " DisplayName = " & Binding.DisplayName
WScript.echo " SinkClass = " & Binding.SinkClass
if Binding.Enabled = True then
WScript.echo " Status = Enabled"
else
WScript.echo " Status = Disabled"
end if

' walk each of the source properties and display them
WScript.echo " SourceProperties {"
for each propval in Binding.SourceProperties
WScript.echo " " & propval & " = " & Binding.SourceProperties.Item(propval)
next
WScript.echo " }"

' walk each of the sink properties and display them
WScript.echo " SinkProperties {"
for each Propval in Binding.SinkProperties
WScript.echo " " & propval & " = " & Binding.SinkProperties.Item(Propval)
next
WScript.echo " }"
WScript.echo " }"
next
end sub

'
' dumps all of the information in the binding database related to SMTP
'
public sub DisplaySinks
Dim SourceType
Dim Source

' look for each of the sources registered for the SMTP source type
set SourceType = EventManager.SourceTypes(GUIDSourceType)
for each Source in SourceType.Sources
' display the source properties
WScript.echo "Source " & Source.ID & " {"
WScript.echo " DisplayName = " & Source.DisplayName
' display all of the sinks registered for the OnArrival event
WScript.echo " OnArrival Sinks {"
call DisplaySinksHelper(Source, GUIDComCatOnArrival)
WScript.echo " }"
next
end sub

'
' enable/disable a registered sink
'
' iInstance - the instance to work against
' szEvent - OnArrival
' szDisplayName - the display name for this new sink
'
public sub SetSinkEnabled(iInstance, szEvent, szDisplayName, szEnable)
Dim SourceType
Dim GUIDComCat
Dim szSourceDisplayName
Dim Source
Dim Bindings
Dim Binding

select case LCase(szEvent)
case "onarrival"
GUIDComCat = GUIDComCatOnArrival
case else
WScript.echo "invalid event: " + szEvent
exit sub
end select

' find the source for this instance
set SourceType = EventManager.SourceTypes(GUIDSourceType)
szSourceDisplayName = szService + " " + iInstance
for each Source in SourceType.Sources
if Source.DisplayName = szSourceDisplayName then
' find the binding by display name. to do this, enumerate
' all of the bindings and try to match on the display name
set Bindings = Source.GetBindingManager.Bindings(GUIDComCat)
for each Binding in Bindings
if Binding.DisplayName = szDisplayName then
' You have found the binding, now enable/disable it
' You do not need "case else' because szEnable's value
' is set internally, not by users
select case LCase(szEnable)
case "true"
Binding.Enabled = True
Binding.Save
WScript.Echo "enabled " + szDisplayName + " " + Binding.ID
case "false"
Binding.Enabled = False
Binding.Save
WScript.Echo "disabled " + szDisplayName + " " + Binding.ID
end select
end if
next
end if
next
end sub

'
' display usage information for this script
'
public sub DisplayUsage
WScript.echo "usage: cscript smtpreg.vbs "
WScript.echo " commands:"
WScript.echo " /add "
WScript.echo " /remove "
WScript.echo " /setprop "
WScript.echo " "
WScript.echo " /delprop "
WScript.echo " /enable "
WScript.echo " /disable "
WScript.echo " /enum"
WScript.echo " arguments:"
WScript.echo " is the SMTP instance to work against"
WScript.echo " can be OnArrival"
WScript.echo " is the display name of the event to edit"
WScript.echo " is the sink class for the event"
WScript.echo " is the rule to use for the event"
WScript.echo " can be Source or Sink"
WScript.echo " is the name of the property to edit"
WScript.echo " is the value to assign to the property"
end sub


Dim iInstance
Dim szEvent
Dim szDisplayName
Dim szSinkClass
Dim szRule
Dim szPropertyBag
Dim szPropertyName
Dim szPropertyValue
dim bCheck

'
' this is the main body of our script. it reads the command line parameters
' specified and then calls the appropriate function to perform the operation
'
if WScript.Arguments.Count = 0 then
call DisplayUsage
else
Select Case LCase(WScript.Arguments(0))
Case "/add"
if not WScript.Arguments.Count = 6 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
szSinkClass = WScript.Arguments(4)
szRule = WScript.Arguments(5)
call CheckSink(iInstance, szEvent, szDisplayName, bCheck)
if bCheck = TRUE then
call RegisterSink(iInstance, szEvent, szDisplayName, szSinkClass, szRule)
End if
end if
Case "/remove"
if not WScript.Arguments.Count = 4 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
call UnregisterSink(iInstance, szEvent, szDisplayName)
end if
Case "/setprop"
if not WScript.Arguments.Count = 7 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
szPropertyBag = WScript.Arguments(4)
szPropertyName = WScript.Arguments(5)
szPropertyValue = WScript.Arguments(6)
call EditProperty(iInstance, szEvent, szDisplayName, szPropertyBag, "add", szPropertyName, szPropertyValue)
end if
Case "/delprop"
if not WScript.Arguments.Count = 6 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
szPropertyBag = WScript.Arguments(4)
szPropertyName = WScript.Arguments(5)
call EditProperty(iInstance, szEvent, szDisplayName, szPropertyBag, "remove", szPropertyName, "")
end if
Case "/enable"
if not WScript.Arguments.Count = 4 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
call SetSinkEnabled(iInstance, szEvent, szDisplayName, "True")
end if
Case "/disable"
if not WScript.Arguments.Count = 4 then
call DisplayUsage
else
iInstance = WScript.Arguments(1)
szEvent = WScript.Arguments(2)
szDisplayName = WScript.Arguments(3)
call SetSinkEnabled(iInstance, szEvent, szDisplayName, "False")
end if
Case "/enum"
if not WScript.Arguments.Count = 1 then
call DisplayUsage
else
call DisplaySinks
end if
Case Else
call DisplayUsage
End Select
end if


Save the file as Smtpreg.vbs.
Removecatchall.cmd
Create a .cmd file to remove (uninstall) the Catchall event sink if you think that you may want to remove it later. To do this, follow these steps:
Type or paste the following code into a text editor, such as Notepad:
cscript smtpreg.vbs /remove 1 onarrival SMTPScriptingCatchAll

Save this file as Removecatchall.cmd.

Note If you want to remove the Catchall event sink, you can do so by running Removecatchall.cmd from a command prompt.
Back to the top
Register the catchall event sink
Verify that you have created a valid e-mail account with which to collect the redirected e-mail messages.
Run the Catchall.cmd from the directory that contains the .vbs files that you created.
Restart the SMTP service in the Exchange System Manager.
Test the event sink by sending an e-mail message to an e-mail address in the catchall domain that you specified in step 2 of the "Catchall.vbs" section of this article. The message is delivered to the recipient mailbox with the address that you specified in step 3 of that same article section.

Microsoft Licensing Advisor

http://www.microsoft.com/licensing/mla/

Intel Vpro

Intel® Management Engine BIOS Extension (MEBx)

Dell™ Systems Management Administrator's Guide

Intel MEBx Overview

Configuring the Intel Management Engine (ME)

Configuring Your Computer to Support Intel AMT Features

MEBx Default Settings
MEBx Overview

The Intel® Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure the behavior of Management Engine (ME) platform. Options include enabling and disabling individual features and setting power configurations.

This section provides details about MEBx configuration options and constraints, if any.
All the ME Configuration setting changes are not cached in MEBx. They are note committed to ME nonvolatile memory (NVM) until you exit MEBx. Hence, if MEBx crashes, the changes made until that point are NOT going to be committed to ME NVM.

NOTE: Briscoe AMT is shipped in enterprise mode as default.
Accessing MEBx Configuration User Interface

The MEBx configuration user interface can be accessed on a computer through the following steps:

Turn on (or restart) your computer.

When the blue DELL™ logo appears, press

immediately.

If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft® Windows® operating system desktop. Then shut down your computer and try again.
Type the ME password. Press .

The MEBx screen appears as shown below.

The main menu presents three function selections:

Intel ME Configuration
Intel AMT Configuration
Change Intel ME Password

The Intel ME Configuration and Intel AMT Configuration menus are discussed in the following sections. First, you must change the password before you can proceed through these menus.
Changing the Intel ME Password

The default password is admin and is the same on all newly deployed platforms. You must change the default password before changing any feature configuration options.

The new password must include the following elements:

Eight characters
One uppercase letter
One lowercase letter
A number
A special (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.)

The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity.


Configuring the Intel® Management Engine (ME)

To reach the Intel® Management Engine (ME) Platform Configuration page, follow these steps:

Under the Management Engine BIOS Extension (MEBx) main menu, select ME Configuration. Press .
The following message appears:
System resets after configuration changes. Continue: (Y/N)
Press .

The ME Platform Configuration page opens. This page allows you to configure the specific functions of the ME such as features, power options, and so on. Below are quick links to the various sections.

Intel ME State Control
Intel ME Firmware Local Update
Intel ME Features Control
Manageability Feature Selection
LAN Controller
Intel ME Power Control
Intel ME ON in Host Sleep States

Intel ME State Control

When the ME State Control option is selected on the ME Platform Configuration menu, the ME State Control menu appears. You can disable ME to isolate the ME computer from main platform until the end of the debugging process.

When enabled, the ME State Control option lets you disable ME to isolate the ME computer from the main platform while debugging a field malfunction. The table below illustrates the details of the options.
ME Platform State Control
Option Description
Enabled Enable the Management Engine on the platform
Disabled Disable the Management Engine on the platform

In fact, the ME is not really disabled with the Disabled option. Instead, it is paused at the very early stage of its booting so the computer has no traffic originating from the ME on any of its busses, ensuring that an you can debug a computer problem without worrying about any role the ME might have played in it.
Intel ME Firmware Local Update

This option on the ME Platform Configuration menu sets the policy for allowing the MEBx to be updated locally. The default setting is Always Open. The other settings available are Never Open and Restricted.

To assist with the manufacturing process as well as OEM-specific in-field firmware update processes, ME firmware provides an OEM- configurable capability that leaves the local firmware update channel always open no matter what value you select for the ME Firmware Local Update option.

The Always Open option allows OEMs to use the ME firmware local update channel to update the ME firmware without going through MEBx every time. If you select Always Open, the ME FW Local Update option does not appear under the ME configuration menu. The table below illustrates the detail of the options.
ME Firmware Local Update Option
Option Description
Always Open The ME firmware local update channel is always enabled. A boot cycle does not change enabled to disabled. The ME FW Local Update option can be ignored.
Never The ME firmware local update channel is controlled by the ME FW Local Update option, which can be enabled or disabled. A boot cycle changes enabled to disabled.
Restricted The ME firmware local update channel is always enabled only if Intel AMT is in un-provision state. A boot cycle does not change enabled to disabled.

Always Open qualifies the override counter and allows local ME firmware updates. The override counter is a value set in the factory that, by default, allows local ME firmware updates. The Never Open and Restricted options disqualify the override counter and do not allow local ME firmware updates unless explicitly permitted with the Intel ME Firmware Local Update option. Selecting Never Open or Restricted adds the Intel ME Firmware Local Update option, which can be set to Enable or Disable. By default it is disabled.
LAN Controller

Many OEMs' platforms supply a BIOS setup option to enable or disable the integrated LAN controller. In an ME operating system with AMT or ASF (Alert Standard Format) capabilities, the LAN controller is shared between the ME and host and must be enabled for AMT to work correctly. Disabling the controller may unintentionally affect the ME subsystem functionality. Therefore, you should not disable the LAN controller as long as the ME uses it to provide AMT or ASF. However, if the platform's integrated LAN controller BIOS option is set to None, then the LAN Controller option on the ME Platform Configuration menu has Enabled and Disabled options.

When you select the LAN Controller option on the ME Platform Configuration menu when the ME feature (Intel AMT or Intel QST) is selected, the following message displays: Please set Manageability Feature to None before changing this option. For the ME platform client, the default LAN Controller setting is Enabled.
Intel ME Features Control

The ME Features Control menu contains the following configuration selection.
Manageability Feature Selection

When you select the Manageability Feature Selection option on the ME Features Control menu, the ME Manageability Feature menu appears.

You can use this option to determine which manageability feature is enabled.

ASF — Alert Standard Format. ASF is a standardized corporate assets management technology. The Intel ICH9 platform supports ASF specification 2.0.
Intel AMT — Intel Active Management Technology. Intel AMT is an improved corporate assets management technology. Intel ICH9 platform supports Intel AMT 2.6.

The table below explains these options.
Management Feature Select Option
Option Description
None Manageability Feature is not selected
Intel AMT Intel AMT manageability feature is selected
ASF ASF manageability feature is selected

When you change the option from Intel AMT to None, a warning that Intel AMT un-provisions automatically if you accept the change appears.

The None option has no manageability feature provided by the ME computer. In this case, the firmware is loaded (that is, ME is still enabled) but the management applications remain disabled.
Intel ME Power Control

The ME Power Control menu configures the ME platform power-related options. It contains the following configuration selection.
ME On in Host Sleep States

When the ME ON in Host Sleep States option is selected on the ME Power Control menu, the ME in Host Sleep States menu loads.

The power package selected determines when the ME is turned ON. The default power package turns off the ME in all Sx (S3/S4/S5) states.

The end user administrator can choose which power package is used depending on computer usage. The power package selection page can be seen above.
Supported Power Packages
Power Package
1 2 3 4 5 6 7
S0 (Computer On) ON ON ON ON ON ON ON
S3 (Suspend to RAM) OFF ON ON ME
WoL ME
WoL ON ON
S4/S5 (Suspend to disk/Soft off) OFF OFF ON ON ME
WoL ON ME
WoL
ME OFF After Power Loss No No No No No Yes Yes

* WoL – Wake on LAN

If the power package selected indicates OFF After Power Loss, Intel ME remains off after returning from a mechanical off (G3) state. If the power package selected does NOT indicate OFF After Power Loss Intel ME powers the computer on (S0) briefly, then turn the computer off (S5).
Configuring Your Computer to Support Intel AMT Management Features
After you completely configure the Intel® Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean boot. The image below shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension (MEBx) main menu. This feature allows you to configure an Intel AMT capable computer to support the Intel AMT management features.

You need to have a basic understanding of networking and computer technology terms, such as TCP/IP, DHCP, VLAN, IDE, DNS, subnet mask, default gateway, and domain name. Explaining these terms is beyond the scope of this document.

The Intel AMT Configuration page contains the user-configurable options listed below.
For images of these menu options, see Enterprise Mode and SMB Mode.
Menu Options

Host Name
TCP/IP
Provisioning Server
Provision Model
Set PID and PPS



Un-Provision
SOL/IDE-R
Secure Firmware Update
Set PRTC
Idle Timeout

Host Name

A hostname can be assigned to the Intel AMT capable computer. This is the host name of the Intel AMT-enabled computer. If Intel AMT is set to DHCP, the host name MUST be identical to the operating system machine name.
TCP/IP

Allows you to change the following TCP/IP configuration of Intel AMT.

Network interface – ENABLE** / DISABLED
If the network interface is disabled, all the TCP/IP settings are no longer needed.
DHCP Mode – ENABLE** / DISABLED
If DHCP Mode is enabled, TCP/IP settings are configured by a DHCP server.

If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a computer is in static mode it needs a separate MAC address for the Intel Management Engine. This extra MAC address is often called the Manageability MAC (MNGMAC) address. Without a separate Manageability MAC address, the computer can NOT be set to static mode.

IP address – Internet address of the Intel Management Engine.
Subnet mask – The subnet mask used to determine what subnet IP address belongs to.
Default Gateway address – The default gateway of the Intel Management Engine.
Preferred DNS address – Preferred domain name server address.
Alternate DNS address – Alternate domain name server address.
Domain name – Domain name of the Intel Management Engine.

Provisioning Server

Sets the IP address and port number (0–65535) for an Intel AMT provisioning server. This configuration only appears for Enterprise Provision Model.
Provision Model

The following provisioning models are available:

Compatibility Mode – Intel AMT 2.6** / Intel AMT 1.0
Compatibility mode allows user to switch between Intel AMT 2.6 and Intel AMT 1.0.
Provisioning Mode – Enterprise** / Small Business
This allows you to select between small business and enterprise mode. Enterprise mode may have different security settings than small business mode. Because of the different security settings, each of these modes requires a different process to complete the setup and configuration process.

Set PID and PPS

Setting or deleting the PID/PPS causes a partial un-provision if the setup and configuration is "In-process".

Set PID and PPS – Sets the PID and PPS. Enter the PID and PPS in the dash format. (Ex. PID: 1234-ABCD ; PPS: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD) Note - A PPS value of '0000-0000-0000-0000-0000-0000-0000-0000' does not change the setup configuration state. If this value is used the setup and configuration state stays as "Not-started."

Un-Provision

The Un-Provision option allows you to reset the Intel AMT configuration to factory defaults. There are three types of un-provision:

Partial Un-provision – This option resets all of the Intel AMT settings to their default values but leaves the PID/PPS. The MEBx password remains untouched.
Full Un-provision – This option resets all of the Intel AMT settings to their default values. If a PID/PPS value is present, both values are lost. The MEBx password remains untouched.
CMOS clear – This un-provision option is not available in the MEBx. This option clears all values to their default values. If a PID/PPS is present, both values are lost. The MEBx password resets to the default value (admin). To invoke this option, you need to clear the CMOS (i.e. system board jumper).

SOL/IDE-R

Username and Password – DISABLED** / ENABLED
This option provides the user authentication for SOL/IDER session. If the Kerberos protocol is used, set this option to Disabled and set the user authentication through Kerberos. If Kerberos is not used, you have the choice to enable or disable user authentication on the SOL/IDER session.
Serial-Over-LAN (SOL) – DISABLED** / ENABLED
SOL allows the Intel AMT managed client console input/output to be redirected to the management server console.
IDE Redirection (IDE-R) – DISABLED** / ENABLED
IDE-R allows the Intel AMT managed client to be booted from remote disk images at the management console.

Secure Firmware Update

This option allows you to enable/disable secure firmware updates. Secure firmware update requires an administrator user name and password. If the administrator user name and password are not supplied, the firmware cannot be updated.

When the secure firmware update feature is enabled, you are able to update the firmware using the secure method. Secure firmware updates pass through the LMS driver.
Set PRTC

Enter PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS). Valid date range is 1/1/2004 – 1/4/2021. Setting PRTC value is used for virtually maintaining PRTC during power off (G3) state. This configuration is only displayed for the Enterprise Provision Model.
Idle Timeout

Use this setting to define the ME WoL idle timeout. When this timer expires, the ME enters a low-power state. This timeout takes effect only when one of the ME WoL power policies is selected. Enter the value in minutes.
Intel AMT in DHCP Mode Settings Example

The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in DHCP mode.
Intel AMT Configurations Example in DHCP Mode
Intel AMT Configuration Parameters Values
Intel AMT Configuration Select and press .
Host Name Example: IntelAMT
This is the same as the operating system machine name.
TCP/IP Set the parameters as follows:

Enable Network interface
Enable DHCP Mode
Set a domain name (e.g., amt.intel.com)

Provision Model

Intel AMT 2.6 Mode
Small Business

SOL/IDE-R

Enable SOL
Enable IDE-R

Remote FW Update Enabled

Save and exit MEBx and then boot the computer to the Microsoft® Windows® operating system.
Intel AMT in Static Mode Settings Example

The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in static mode. The computer requires two MAC addresses (GBE MAC address and Manageability MAC Address) to operate in static mode. If there is no Manageability MAC address, Intel AMT cannot be set in static mode.
Intel AMT Configurations Example in Static Mode
Intel AMT Configuration Parameters Values
Intel AMT Configuration Select and press
Host Name Example: IntelAMT
TCP/IP Set the parameters as follows:

Enable Network interface
Disable DHCP Mode
Set an IP address (e.g., 192.168.0.15)
Set a subnet mask (e.g., 255.255.255.0)
The default gateway address is optional
The preferred DNS address is optional
The Alternate DNS address is optional
Set the domain name (for example., amt.intel.com)

Provision Model

Intel AMT 2.6 Mode
Small Business

SOL/IDE-R

Enable SOL
Enable IDE-R

Remote FW Update Enabled

Save and exit MEBx and then boot computer to the Microsoft® Windows® operating system.


MEBx Default Settings

The table below lists all the default settings for the Intel® Management Engine BIOS Extension (MEBx).


Password admin

Intel ME Platform Configuration Default Settings
Intel ME Platform State Control1 Enabled *
Disabled
Intel ME Firmware Local Update Enabled
Disabled*
Intel ME Features Control
Manageability Feature Selection None
Intel AMT *
ASF
Intel ME Power Control
Intel ME ON in Host Sleep States Mobile: ON in S0*
Mobile: ON in S0, S3/AC
Mobile: ON in S0, S3/AC, S4-5/AC
Mobile: ON in S0;ME WoL in S3/AC
Mobile: ON in S0; ME WoL in S3/AC, S4-5/AC

Intel AMT Configuration Default Settings
Host Name
TCP/IP
Disable Network Interface? N
DHCP Enabled. Disable? N
Domain Name blank2
Provisioning Server
Provisioning Server Address 0.0.0.0
Port Number (0-65535) 0
Provision Model
AMT 2.6 Mode N
Set PID and PPS **
Set PID and PPS ** PPS Format: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD
Un-Provision3
SOL/IDE-R
Username & Password Disabled
Enabled *
Serial Over LAN Disabled
Enabled *
IDE Redirection Disabled
Enabled *
Secure Firmware Update Disabled
Enabled *
Set PRTC blank
Idle Timeout
Timeout Value (0x0-0xFFFF) 1

*Default setting
**May cause Intel AMT partial unprovision
1 Intel ME Platform State Control is only changed for Management Engine (ME) troubleshooting.
2 In Enterprise mode, DHCP automatically loads the domain name.
3 Un-provision setting only seen if the box is provisioned.

Setup NTP Server and Service on Windows Server 2008

Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your firewall.
1.First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
2.Log in to your PDC Server and open the command prompt.
3.Stop the W32Time service: C:\>net stop w32time
4.Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
5.Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
6.Start the w32time service: C:\>net start w32time
7.The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
8.Check the Event Viewer for any errors.

Tested on Windows Server 2008 R2 (Build 7600).

How to enable AD integration on Cyberoam

Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Applicable to Version: 10.00 onwards

Note: Check OS Compatibility Matrix before following this document. Refer the attached PDF for the link of OS Compatibility Matrix.

This article describes how to implement Clientless single sign on authentication with Active Directory integration.

Cyberoam – ADS integration feature allows Cyberoam to map the users and groups from Active Directory for the purpose of authentication.

Prerequisites:
NetBIOS Domain name
FQDN Domain name
Search DN
Active Directory Server IP address
Administrator Username and Password (Active Directory Domain)
IP address of Cyberoam Interface connected to Active Directory server
Import AD groups
Configure Clientless SSO
Configuring ADS authentication

Logon to Cyberoam Web Admin Console and follow the below given steps:

Step 1. Create ADS User Groups
Instead of creating AD groups again in Cyberoam, you can import AD groups into Cyberoam using Import Wizard.

One can import groups only after integrating and defining AD parameters into Cyberoam.

Step 2: Configure Cyberoam to use Active Directory

Go to Identity à Authentication à Authentication Server and click “Add” to configure Active Directory parameters

Cyberoam allows implementing AD integration in two ways:
Tight Integration – With tight integration, Cyberoam synchronizes groups with AD every time the user tries to logon. Hence, even if the group of a user is changed in Cyberoam, on subsequent log in attempt, user logs on as the member of the same group as configured in Active Directory. In this case group membership of each user is as defined in the Active Directory.
Loose Integration – With loose integration, Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon. By default, users will be the member of Cyberoam default group irrespective of Active Directory group, administrator can change the group membership. Cyberoam will use authentication attribute for authenticating users with Active Directory.
Parameters
Values

Server Type
Active Directory

Server Name
AD_Server

Server IP
192.168.1.1

Port
389

It is the port on which ADS server listens for the authentication requests.

If your AD server is using another port, specify port number in Port field.

NetBios Domain
elitecore

If you do not know NetBIOS name, refer to section ‘Determine NetBIOS Name, FQDN and Search DN’.

ADS Username
administrator

Active Directory Administrator Username

Password
As per your requirement

Active Directory Administrator password

Integration Type
Loose Integration with Cyberoam

Domain Name
elitecore.com

Search Queries
DC=elitecore, DC=com


Click “Test Connection” to check whether Cyberoam is able to connect to the Active Directory or not. If Cyberoam is able to connect to the Active Directory, click OK to save the configuration.



Step 3: Select Active Directory as Authentication Server
Go to Identity à Authentication à Firewall and select Active Directory as preferred authentication server.

Authentication Server List displays all the configured servers while Selected Authentication server List displays servers that will be used for authentication when user tries to login.

In case of multiple servers, authentication request will be forwarded as per the order configured in the Selected Authentication server List

Note:

By default, local database is selected. Make sure that the Active Directory server is selected and it is configured on top in the Selected Authentication server List.

You can select 2 authentication mechanisms: The one on top will be primary and the other one will be the secondary. In case primary server is not responding, Cyberoam will attempt to check in the secondary server.



Step 4: Test Active Directory integration
Go to http://:8090 to open the Captive Portal (HTTP client) login page.

Specify username and password.


Username will be displayed on Identity > Live Users page if user is able to log on to Cyberoam successfully.

This completes the AD configuration.


Import AD Groups


To import AD groups into Cyberoam use Import Wizard before configuring for single sign on.


Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)

Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS).

With Single Sign On authentication, user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords.

But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation.

Cyberoam Transparent Authentication Suite (CTAS)

CTA Suite consists of

CTA Agent – It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication.

CTA Collector – It collects the user authentication request from multiple agents, processes the request and sends to Cyberoam for authentication.

How does Cyberoam CTA Agent work?

User Authentication Information Collection Process

1. User tries to log on to the Active Directory Domain Controller from any workstation in LAN. Domain Controller tries to authenticate user credentials.

2. This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time.

3. CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060

4. Cyberoam queries Active Directory to determine user’s group membership and registers user in Cyberoam database

Based on data from CTA Agent, Cyberoam queries AD server to determine group membership and based on which access is granted or denied. Users logged into a workstation directly i.e. locally but not logged into the domain will not be authenticated and are considered as “Unauthenticated” or “Guest” user. For users that are not logged into the domain, the HTTP Login screen prompting for a manual login will be displayed for further authentication.


Step 5: Installing CTA Suite
Download CTA Suite from www.cyberoam.com/cyberoamclients.html

Extract ctas.rar and install CTA Suite on Domain controller by following the on-screen instructions. Administrative right is required to install CTA Suite.



Check for “Cyberoam Transparent Authentication Suite” tab from “Start” --> “All Programs”.
If installed successfully, “Cyberoam Transparent Authentication Suite” tab will be added.

Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication:





Step 6: Configure CTA Collector from CTA Collector Tab on Primary Domain Controller



If “logoff detection settings” is enabled and firewall is configured on the Workstation, please allow the traffic to and from Domain controller.

For E.g. If ping is selected in log off detection and workstation firewall does not allow ping, Cyberoam will always detect user as logged
out. If ping is blocked, Cyberoam will always detect user as logged out.

Step 7. Configure Agent from CTA Agent Tab on Primary Domain Controller







Step 8. Configure Cyberoam
Logon to CLI Console with default password, go to Option 4 Cyberoam Console and execute following command at the prompt:

corporate>cyberoam auth cta enable

corporate>cyberoam auth cta collector add collector-ip collector-port



Step 9. Enable Security Event logging on Active Directory



This completes the configuration.


Determine NetBIOS Name, FQDN and Search DN

On the ADS server:
· Go to Start-->Programs-->Administrative Tools-->Active Directory Users and Computers

· Right Click the required domain and go to Properties tab

· Search DN will be based on the FQDN. In the given example FQDN is elitecore.com and Search DN will be DC=elitecore, DC=com



Document Version: 3.0-15/07/2011

Automate Network Printers Installation with con2prt

As the network grows larger the management of network printers becomes more cumbersome, or that’s the case in the company I’m working for. for that reason I took on the project to find a way to manage our network printers easier, and more efficient. what else can be more easier and efficient than a script? and for network printers installation, con2port is the guy for the job.

the first thing you need to do is to download the con2rpt.exe software from Microsoft “http://download.microsoft.com/download/2/6/0/260afc88-2253-45f8-9781-546cff07edd9/zak.exe” that includes a whole set of tools, but the file you need is in the t\i386\tools directory. copy the con2prt.exe program to your computer C:\ root, that will make the command line typing easier.



as you can see, I copied the con2prt.exe program to c:\tools directory. once you have done that, go to Start then RUN and type CMD and hit Enter. once at the command prompt, type the CD command and the name of the directory to switch to:



that command above, will switch from the C:\ directory to Tools directory where cont2prt program resides.

con2prt.exe is a very simple program with a few commands just enough to do the job we are looking for.

to delete all existing printer connections use the command Con2prt /F or to connect to a printer use the command con2prt \C and then the name of the printer you want to connect to. to make the printer the default use the command con2prt \CD and then the name of the printer you want to connect to.

for example to map a network printer name HRprinter on the print server named printserv, you will type the command: “con2prt \C \\printserv\HRprinter” to make the printer the default printer type the command: “con2prt \CD \\printserv\HRprinter”

as you can see, the use of con2prt is very useful but simple at the same time.

now to put the program in production, copy the con2prt program from your local computer to a network shared drive,and execute the commands using a batch file. for example, if the con2prt program is on a shared folder on the server called printserv\scripts the command you need to enter on the batch file will look like: “\\printserv\scripts\con2prt \C \\printserv\HRprinter”

then after you finish including all the printers on the batch file, set it up as a logon script to load printers automatically on all the computers on the network. by now you should have completed the automation of the network printers installation
Files to Download
zak

how to check Exchange 2007 version

It’s usually fairly easy to find out the current service pack level of a Microsoft Product. Normally, the product’s version information includes the information “Service Pack: #” or something similar. Not so with Exchange 2007. To find out an Exchange 2007′s service pack level, you must first find the build number and then compare the build number to this Microsoft KB article.

To find your build number from the Management Console select “Server Configuration”, right-click your server and select “Properties” and look on the “General” tab.

To find your build number from the Management Shell, run get-exchangeserver against the Exchange server in question. You will want to pipe the output into a different view to be able to see the full version number; for example get-exchangeserver | list. Look for the “AdminDisplayVersion:” line. The “Exchange Version” line, according to this article, refers to “the minimum version of the product that can read the object” and is not the number you need.

Then, compare the build number to Microsoft KB158530. As an example, I am running build 240.6 which equates to Exchange 2007 SP1.

For further reference, check out KB152439 “How to determine the version number, the build number, and the service pack level of Exchange Server”

some important links

http://support.microsoft.com/kb/158530
http://blogs.technet.com/b/scottschnoll/archive/2006/12/31/exchange-2007-platforms-and-product-keys.aspx
http://support.microsoft.com/kb/152439

Norton Recovery Tool for Norton AntiVirus Rescue BootCD

Norton Recovery Tool for Norton AntiVirus Recue Bootable CD

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20090130172953EN&ln=en_US

Windows Systems State Backup

http://blog.augustoalvarez.com.ar/2008/12/12/windows-server-2008-creating-and-maintaining-system-state-backups-on-your-domain-controller/

x11vnc on Ubuntu

X11vnc is a VNC server that doesn't depend on GNOME or KDE, and is recommended for use by Xubuntu users. It's designed to be run from the command-line, which makes it flexible but difficult to learn. The few graphical parts of the interface are quite unattractive, because they're designed to work even on a very minimal installation. X11vnc is available in the x11vnc package in the Universe repository.

Although x11vnc does have a simple configuration file, it's generally easier to specify options on the command-line. To start x11vnc, type:


x11vnc -safer
is a series of commands separated by spaces. X11vnc has a lot of options, which are discussed fully in the x11vnc man page. Common options include:

To set x11vnc to request access each time, include the -nopw -accept popup:0 options
To set x11vnc to only listen for the next connection, include the -once option
To set x11vnc to continually listen for connections, include the -forever option
To set a password, include the -usepw option (and remove the -nopw option above)
To put x11vnc in view-only mode, include the -viewonly option
To set x11vnc to only allow local connections, include the -localhost option
For example, if you want x11vnc to grant view-only access to the next local connection after asking your permission, type this on the command-line:


x11vnc -safer -localhost -nopw -accept popup:0 -once -viewonly -display :0
If you use a password, you will first need to create a password file by doing:


x11vnc -storepasswd
Make sure to use a hard-to-guess password


Connecting to your login screen
Because X11vnc is run from the command-line, it can be started while your computer is still showing a login screen. Exactly how to do this depends on which derivative of Ubuntu you use. In Ubuntu (but not Kubuntu or Xubuntu), x11vnc needs superuser access, and needs the -auth /var/lib/gdm/:0.Xauth -display :0 options to be specified on the command-line.

You can run x11vnc before you've logged in by typing something like this:


sudo x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0
Or you can add the following lines to the bottom of your /etc/gdm/Init/Default to have x11vnc start after your gnome login does:


# Start the x11vnc Server
/usr/bin/x11vnc
(Thanks to the x11vnc FAQ for this tip)

# = vnc4server = # # RealVNC server # # This has been commented out, because it's not obvious what benefits Xvnc provides over x11vnc

How to Easily Evaluate Intel vPro Technology Features on Dell Optiplex Systems

Intel vPro technology provides the enhanced ability to maintain, manage and protect PCs. However, since vPro is based on hardware technology, you need to understand and set up hardware before using it. Let’s focus on Active Management Technology (AMT), one of the vPro features, and use vPro on a Dell Optiplex Desktop PC.

Preparing Dell Optiplex by Setting up MEBx BIOS

Before using a Dell Optiplex PC managed with Intel AMT technology, you need to first set up the AMT configuration. The AMT can be set up using BIOS Extensions called MEBx BIOS configuration. During the power up process (Picture 1), you can press to enter the MEBx BIOS setup screen. (Picture 2)





MEBx Configuration Screen Setup. (This is dependent on an IP address provided by another DHCP server)

1.Enter the MEBx default password ("admin")
2.Change the default password to a new value (this is required.)
3.Select Intel AMT Configuration.
4.Select the Manageability Feature Selection. And select “Enable”.
5.Select SOL/IDE-R, select Legacy Redirection Mode and select Enable
◦Exit to Main Menu and then Select "Intel ME General Settings"
6.Select Activate Network Access. Press in response to the confirmation message.
7.The platform is now configured.


Setup and Configure Tools on PC to Manage the Dell Optiplex

This time, let’s use the Intel Manageability Developer Tool kit on another PC to manage our Dell Optiplex PC. This tool kit runs in Microsoft Windows .NET 2.0 environments and you can download it from the Intel website here: http://software.intel.com/en-us/articles/download-the-latest-version-of-manageability-developer-tool-kit/

Installation is very simple by and done by double clicking the downloaded file. After installation, you can start by launching the Manageability Commander Tools. Then by clicking “Start” on the main menu, you can find your Optiplex PC with vPro technology on the network.

After that, you can manage the system and will have the ability to perform remote Power on/off, BIOS setup, KVM setup, and you can also take control of the managed PC (even if the OS on managed system is on a blue screen).