Daily IT Matters, this is the place where I post my daily findings on IT.

Thursday, December 27, 2007

How to make money with blogging.

I've got a quite substantial "extra" income with my Google Adsense ads on my blog.
And I wll try to share the wealth with you, no I will not give you money I will post the most crucial tips into getting that extra bit of money every month.

  1. Write about something you know about don't just post keywords in a blog entry that will not help.
  2. Find a niche ! 
    In what are you good at ?
    What do you do that makes you special ?
  3. Create channels to show relevant ADS for your blog / or do precisely the opposite.
  4. Post regular (bi-weekly seems best for me)
  5. Create a quite a few blogs where you apply all the above.
  6. Do not copy whole articles from other bloggers/sites google can/and will give you a penalty.
  7. Generate Traffic, signup by either feedburner / payperpost



There are quite a few more tricks you can use and I will write about them in the near future, so stay tuned.

Logmein Update

If you followed my last posts about logmein you know that I ran into trouble, with going to fullscreen mode in internet explorer 7.
Those problems seems to be resolved in the newest download of logmein.


download the latest version of logmein here




Above you can see a screenshot of a remote session I did.

Tags van Technorati: ,,

Top 5 of the best freeware / opensource software for network admins of 2007

The end is near (of 2007 that is) so its time for those lists again.
Today I post my top 5 of the best freeware,crippleware,adware and opensource software I have used in 2007.
To start off with this list I must first define a definition of freeware, freeware in my eyes is software that you can use freely.
In that light also crippleware is included in my list. And so if opensource.

This year has been quite a year for freeware. Just take a look at the amounts of money spiceworks and for example crossloop gathered through investors. see the pressreleases here for the spiceworks pressrelease and here for the crossloop press release. It seems that the industry is picking up those marbles out there.

  1. SpiceWorks Desktop
  2. Logmein Free Edition
  3. Comodo Personal Firewall Pro
  4. Nessus Security Scanner
  5. Prtg Traffic Grapher

1. Spiceworks Desktop

This is for me a really handy application, it saves me time everyday I use it.
It keeps tracks of all events in my environment, new software installs it show me if the Antivirus applications are up to date.

2. Logmein Free Edition

If you follow my blog you know I use this program quite a lot.
It enables me to connect to remote location very easily and without any hassle.


3. Comodo Personal firewall pro






Comodo is consitently in the top of Matousec Leak Test therefore it is in my toplist.
If you look at the last screen you can see that you can export your settings, and import them even at another computer.

I hope Comodo will bring out this year a network administration interface to manage multiple clients.

Friday, December 21, 2007

Spiceworks 2.0

Today or Yesterday my favorite network management software went out of beta.
I was using the beta version of 2.0 quite a while now, and didn't had any problem running it. So I followed the instructions to upgrade to the final release and all went smooth!

If you are managing a network / computers this tool is really invaluable!

Thursday, December 13, 2007

How to restore a file in a DFSroot with BackupExec

After my last rant about Backup Exec I'm here to unleash another one.
You can't simply restore a file to a dfsroot!

  • You will have to manually stop the DFS service first before you try to restore something in the dfsroot.


I hope BackupExec will try to resolve this issue right now!



Thursday, November 22, 2007

RAR command line with real world example

Every week I make an ASR backup of my Windows 2003 R2 servers, some of them are physically located at another site.
Due to that fact I had to think of a secure way to get my data over the WAN to my office.
Just plain copying is not an option because we all know if one bit falls over my complete ASR backup is rubbish.
And I would have wasted precious bandwidth.

A solution I could come up with was to use plain old WinRar, I found out that there was a command line version as well.
But the help that comes with that version is kinda cryptic.

Below is my command line that I came up with.
rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

I will explain it in full detail:
rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

a = add files to archive, that really speaks for itself I think.
we are going to add files to an archive.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

d:\asr-bu\done\asr_server.rar = this is the name of the archive we are going to create.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-ri1 = this gives the archive process a priority of 1 which is the lowest, this way archiving will not degrade the performance of the server to much.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-mt2 = Multithreaded: If you have a multithreaded cpu then with this command you give both threads work.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-ag[yyyy-mm-dd] = here you give the archive a name with [2007-11-22] attached to it.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-rv10 = This is for me the most important option: this switch create recovery volumes called REV files the number indicates how many REV will be made.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-v51200 = here we specify the maximum size of a rar archive (we are creating an archive that will span a number of archives. The number 51200 is chose because it will show as 50.000 KB nicely in explorer (1024x50)

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-m5 = This is how you specify the compression level 5 is maximum compression 0 is just store no compression at all.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

d:\asr-bu\*.bkf = here we specify what to store in the Archive we create. My ASR backup is stored at this location, I use also a date in my naming of ASR's so I must use a wildcard here.

All of this results in the following set of rar files

asr_server[2007-11-22].part002.rar etc...


I hope this helps you.



RAR 3.70   Copyright (c) 1993-2007 Alexander Roshal   22 May 2007
Shareware version         Type RAR -? for help

Usage:     rar <command> -<switch 1> -<switch N> <archive> <files...>
               <@listfiles...> <path_to_extract\>

  a             Add files to archive
  c             Add archive comment
  cf            Add files comment
  ch            Change archive parameters
  cw            Write archive comment to file
  d             Delete files from archive
  e             Extract files to current directory
  f             Freshen files in archive
  i[par]=<str>  Find string in archives
  k             Lock archive
  l[t,b]        List archive [technical, bare]
  m[f]          Move to archive [files only]
  p             Print file to stdout
  r             Repair archive
  rc            Reconstruct missing volumes
  rn            Rename archived files
  rr[N]         Add data recovery record
  rv[N]         Create recovery volumes
  s[name|-]     Convert archive to or from SFX
  t             Test archive files
  u             Update files in archive
  v[t,b]        Verbosely list archive [technical,bare]
  x             Extract files with full path

  -             Stop switches scanning
  ac            Clear Archive attribute after compression or extraction
  ad            Append archive name to destination path
  ag[format]    Generate archive name using the current date
  ao            Add files with Archive attribute set
  ap<path>      Set path inside archive
  as            Synchronize archive contents
  av            Put authenticity verification (registered versions only)
  av-           Disable authenticity verification check
  c-            Disable comments show
  cfg-          Disable read configuration
  cl            Convert names to lower case
  cu            Convert names to upper case
  df            Delete files after archiving
  dh            Open shared files
  ds            Disable name sort for solid archive
  e[+]<attr>    Set file exclude and include attributes
  ed            Do not add empty directories
  en            Do not put 'end of archive' block
  ep            Exclude paths from names
  ep1           Exclude base directory from names
  ep2           Expand paths to full
  ep3           Expand paths to full including the drive letter
  f             Freshen files
  hp[password]  Encrypt both file data and headers
  id[c,d,p,q]   Disable messages
  ieml[addr]    Send archive by email
  ierr          Send all messages to stderr
  ilog[name]    Log errors to file (registered versions only)
  inul          Disable all messages
  ioff          Turn PC off after completing an operation
  isnd          Enable sound
  k             Lock archive
  kb            Keep broken extracted files
  m<0..5>       Set compression level (0-store...3-default...5-maximal)
  mc<par>       Set advanced compression parameters
  md<size>      Dictionary size in KB (64,128,256,512,1024,2048,4096 or A-G)
  ms[ext;ext]   Specify file types to store
  mt<threads>   Set the number of threads
  n<file>       Include only specified file
  n@            Read file names to include from stdin
  n@<list>      Include files in specified list file
  o+            Overwrite existing files
  o-            Do not overwrite existing files
  oc            Set NTFS Compressed attribute
  or            Rename files automatically
  os            Save NTFS streams
  ow            Save or restore file owner and group
  p[password]   Set password
  p-            Do not query password
  r             Recurse subdirectories
  r0            Recurse subdirectories for wildcard names only
  ri<P>[:<S>]   Set priority (0-default,1-min..15-max) and sleep time in ms
  rr[N]         Add data recovery record
  rv[N]         Create recovery volumes
  s[<N>,v[-],e] Create solid archive
  s-            Disable solid archiving
  sc<chr>[obj]  Specify the character set
  sfx[name]     Create SFX archive
  si[name]      Read data from standard input (stdin)
  sl<size>      Process files with size less than specified
  sm<size>      Process files with size more than specified
  t             Test files after archiving
  ta<date>      Process files modified after <date> in YYYYMMDDHHMMSS format
  tb<date>      Process files modified before <date> in YYYYMMDDHHMMSS format
  tk            Keep original archive time
  tl            Set archive time to latest file
  tn<time>      Process files newer than <time>
  to<time>      Process files older than <time>
  ts<m,c,a>[N]  Save or restore file time (modification, creation, access)
  u             Update files
  v             Create volumes with size autodetection or list all volumes
  v<size>[k,b]  Create volumes with size=<size>*1000 [*1024, *1]
  vd            Erase disk contents before creating volume
  ver[n]        File version control
  vn            Use the old style volume naming scheme
  vp            Pause before each volume
  w<path>       Assign work directory
  x<file>       Exclude specified file
  x@            Read file names to exclude from stdin
  x@<list>      Exclude files in specified list file
  y             Assume Yes on all queries
  z[file]       Read archive comment from file



Friday, November 09, 2007

Backup Exec 10d [Append Explained]

Well I've found out the hard way how append actually works in Backup Exec.
I thought and I think most of the people that when you create a job and in that job you select "Append to media overwrite when no appendable media is found" that the job would overwrite your media when there is no more room on the tape. This is partially true.

This does NOT work when you have set your Media set to "Infinite - allow append" then it will append until your media becomes full and then asks you for new media, I've found this quite confusing.

The trick is that you have to set the append period for your media set to a period of time otherwise your media will not be able to be overwritten when your tape becomes full.

I've set my media set to an append period of one 1 week after that the media set will be overwritten by the backup job. I have enough space for that make sure when you create your append period that you have enough room on your tape for that period, a long period works best with incremental/differential jobs obviously.

I hope this helps you in creating your backup jobs.


Technorati Tags: , , , ,

Friday, November 02, 2007

Backup Exec: How to backup DFS on windows 2003 R2

After the installation of service pack 4 of Backup Exec 10d.
I noticed that my backup of the DFS was completely empty.

I made a backup of my DFS root as specified in the lengthy manual of backup exec approximate ~1400 pages!
But all of a sudden Backup Exec seemed to have changed the way they make DFS backups.

The way to backup a DFS is now as follows:

When you create your selection list go to the server holding your DFS go to
[Shadow Copy components] ==> [User Data] ==> [Distributed Filesystem Replication] ==> [DfsrReplicatedFolders]
There you will find your Folders which you want to backup.

Wednesday, October 24, 2007

Backup Exec slow Exchange Mailbox Backup [Solved]

I had a problem with a slow backup performance of Backup Exec.
The whole process took around 12 hours for the mailboxes only ~32GB.

The problem was at least in my case that around the same time of the backup, a database maintenance job was running. It was set to start around 4am.

You can change the schedule of the database job in ESM ==> Server ==> <your exchange server> ==> First Storage Group ==> [tab] Database ==> Maintenance Interval ==> [Customize]

Now you can set your own maintenance schedule which off course does not interfere with your backup schedule.
Hope this will help you in solving slow backups of your exchange mailboxes with backup exec.


Wednesday, October 17, 2007

Create an VPN Connection with a Juniper Netscreen 5GT (Part 1)

I created this post because I really hate the juniper site with their links to other documents instead of displaying the whole document all together.

To configure an L2TP over IPSec tunnel, perform the following steps:

clip_image001Configure an L2TP over IPSec user on the Juniper Firewall. For more information on configuring an L2TP over IPSec user, go to Configuring an L2TP over IPSec User on the Juniper Firewall.
clip_image002Configure an L2TP user group on the Juniper Firewall. For more information on configuring an L2TP user group, go to Configuring an L2TP User Group on the Juniper Firewall.
clip_image003Configure an L2TP group gateway on the Juniper Firewall. For more information on configuring an L2TP group gateway, go to Configuring an L2TP Group Gateway and VPN on the Juniper Firewall.
clip_image004Configure an L2TP IP pool on the Juniper Firewall. For more information on configuring an L2TP IP pool, go to Configuring an L2TP IP Pool on the Juniper Firewall.
clip_image005Configure the L2TP VPN default settings on the Juniper Firewall. For more information on configuring the L2TP VPN default settings, go to Configuring the L2TP VPN Default Settings on the Juniper Firewall.
clip_image006Configure an L2TP VPN tunnel on the Juniper Firewall. For more information on configuring the L2TP VPN tunnel, go to Configuring the L2TP VPN Tunnel on the Juniper Firewall.
clip_image007Configure an L2TP VPN policy on the Juniper Firewall. For more information on configuring the L2TP VPN policy, go to Configuring an L2TP VPN Policy on the Juniper Firewall.
clip_image008Configure an L2TP Connection on the Remote Side. For more information on configuring an L2TP connection on the remote side, go to Configuring an L2TP Connection on the Remote Side.
clip_image009Make an L2TP Connection from Windows 2000. For more information on making an L2TP connection from Windows 2000, go to Making an L2TP Connection from Windows 2000.

To make an L2TP connection using Windows 2000, perform the following steps:

clip_image001[1]From the Start menu, select Settings, select Network and Dial-up Connections, and then click Make New Connection.


clip_image002[1]From the Network Connection Wizard, click Next.


clip_image003[1]From Network Connection Type, click to select Connect to a private network through the Internet, and then click Next.


clip_image004[1]From Public Network, click to select the dial-up connection that connects you to your ISP. If your physical connection is an Ethernet connection, select Do not dial initial connection. If the physical connection is through an ISP, select Automatically dial this initial connection. Click Next.


clip_image014For this example, we used Do not dial the initial connection.

clip_image005[1]From Destination Address, in the Host name or IP address box, enter the IP address or hostname of your Juniper Firewall's Untrust interface, and then click Next.


clip_image014[1]For this example, we have used as the Untrust IP address.

clip_image006[1]From Connection Availability, click to select For all users, and then click Next.


clip_image007[1]From the Completing the Network Connection Wizard, enter a connection name, and then click Finish.


clip_image008[1]Click Properties.


clip_image009[1]Click to select the Security tab, click to select Advanced (custom settings), and then click Settings.


clip_image020From Advanced Security Settings, from the Data encryption drop-down menu, click to select Optional encryption (connect even if no encryption).


clip_image022From Logon security, click to select Allow these protocols. Click to select only Unencrypted password (PAP) and Challenge Handshake Authentication Protocol (CHAP). Click to clear any protocols that do not apply.


clip_image024Click OK.

clip_image025Click to select the Networking tab. From the Type of VPN server I am calling drop-down menu, click to select Layer-2 Tunneling Protocol (L2TP).


clip_image027Click OK.

clip_image028From Network and Dial-up Connections, double-click the Dial-up Connection.


clip_image030Enter your User name and Password.

clip_image014[2]The User name and Password matches the username and password of the L2TP user configured on the Firewall.


clip_image032Click Connect

To configure an L2TP user group on the Juniper Firewall, perform the following steps:

clip_image001[2]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[2]From the ScreenOS options menu, click Objects, select User Group, and then click Local.


clip_image003[2]Click New.


clip_image004[2]From the Edits screen, enter a Group Name.
clip_image014[3]For this example, we have entered usergroup1.


clip_image005[2]Click to select an Available Member, and then click the Add Group Members button.
clip_image014[4]For this example, we have selected John Doe.
clip_image014[5]For more information on configuring an L2TP user, go to Configuring an L2TP User on the Juniper Firewall.
clip_image006[2]Click OK.


To configure an L2TP group gateway and VPN on the Juniper Firewall, perform the following steps:

clip_image001[3]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[3]From the ScreenOS options menu, click VPNs, select AutoKey Advanced, and then click Gateway.


clip_image003[3]Click New.


clip_image004[3]From the Edit screen, enter a Gateway Name. From Security Level, click Custom.
clip_image014[6]For this example, we entered JohnDoeGate.


clip_image005[3]From Remote Gateway Type, click to select Dialup User Group. From the Group drop-down menu, click to select your group.
clip_image014[7]For this example, we selected usergroup1.
clip_image006[3]From the Preshared Key text box, enter a Preshared Key.
clip_image014[8]For this example, we have entered Password9.


clip_image007[2]From Outgoing Interface, click to select untrust. Click Advanced.


clip_image008[2]From Phase 1 Proposal drop-down menu, click to choose a proposal.
clip_image014[9]For this example, we chose pre-g2-des-sha. When choosing the Phase 1 Proposal, you must select pre for the proposal.


clip_image009[2]From Mode (Initiator), click to select Aggressive.
clip_image020[1]Click Return.


clip_image022[1]Click OK.


clip_image024[1]From the ScreenOS options menu, click VPNs, select AutoKey IKE.


clip_image025[1]Click New.


clip_image027[1]From VPN Name, enter a VPN Name. Click to select Custom.
clip_image014[10]For this example, we entered JohnDoeIke.


clip_image028[1]From the Remote Gateway drop-down menu, click to select a Remote Gateway.
clip_image014[11]For this example, we chose JohnDoeGate.
clip_image030[1]Click Advanced.


clip_image032[1]From User Defined, click to select Custom. From the Phase 2 Proposal drop-down menus, click to choose the Phase 2 Proposal settings.
clip_image014[12]For this example, we chose nopfs-esp-des-md5, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-3des-sha.


clip_image049From Transport Mode, click (For L2TP-over-IPSec only). From Bind to, click None.
clip_image050Click Return.


clip_image052Click OK.


To configure an L2TP IP pool on the Juniper Firewall, perform the following steps:

clip_image001[4]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[4]From the ScreenOS options menu, click Objects, and then click IP Pools.


clip_image003[4]Click New.


clip_image004[4]From the Edit screen, enter an IP Pool Name, a Start IP, and an End IP.
clip_image014[13]For this example, we have chosen an IP Pool Name of global, a Start IP of, and an End IP of
clip_image055To avoid potential routing problems, make sure the IP Pool is on a different IP Subnet than the Trust Zone.


clip_image005[4]Click OK.

To configure the L2TP VPN default settings on the Juniper Firewall, perform the following steps:

clip_image014[14]If L2TP/Xauth Remote settings are not configured, the L2TP VPN default settings will be used. For more information on configuring an L2TP over IPSec user, go to Configuring an L2TP over IPSec user on the Juniper Firewall.

clip_image001[5]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[5]From the ScreenOS options menu, click VPNs, select L2TP, and then click Default Settings.


clip_image003[5]From the Default Settings screen, from the IP Pool Name drop-down menu, click to select global, and then from the PPP Authentication drop-down menu, click to select CHAP.
clip_image014[15]For more information on configuring an L2TP IP pool, go to Configuring an L2TP IP Pool on the Juniper Firewall.


clip_image014[16]DNS Primary Server IP, and DNS Secondary Server IP values are optional, and are not required for the L2TP tunnel to work. If DNS settings are set, they will be pushed down to the L2TP PC client.
clip_image014[17]For this example, for the DNS Primary Server IP, we have entered, and for the DNS Secondary Server IP, we have entered
clip_image004[5]Click Apply.


Technorati Tags: , , , , , , ,