Daily IT Matters, this is the place where I post my daily findings on IT.

Thursday, December 27, 2007

How to make money with blogging.

I've got a quite substantial "extra" income with my Google Adsense ads on my blog.
And I wll try to share the wealth with you, no I will not give you money I will post the most crucial tips into getting that extra bit of money every month.

  1. Write about something you know about don't just post keywords in a blog entry that will not help.
  2. Find a niche ! 
    In what are you good at ?
    What do you do that makes you special ?
  3. Create channels to show relevant ADS for your blog / or do precisely the opposite.
  4. Post regular (bi-weekly seems best for me)
  5. Create a quite a few blogs where you apply all the above.
  6. Do not copy whole articles from other bloggers/sites google can/and will give you a penalty.
  7. Generate Traffic, signup by either feedburner / payperpost

 

 

There are quite a few more tricks you can use and I will write about them in the near future, so stay tuned.

Logmein Update

If you followed my last posts about logmein you know that I ran into trouble, with going to fullscreen mode in internet explorer 7.
Those problems seems to be resolved in the newest download of logmein.

 

download the latest version of logmein here

 

image

 

Above you can see a screenshot of a remote session I did.

Tags van Technorati: ,,

Top 5 of the best freeware / opensource software for network admins of 2007

The end is near (of 2007 that is) so its time for those lists again.
Today I post my top 5 of the best freeware,crippleware,adware and opensource software I have used in 2007.
To start off with this list I must first define a definition of freeware, freeware in my eyes is software that you can use freely.
In that light also crippleware is included in my list. And so if opensource.

This year has been quite a year for freeware. Just take a look at the amounts of money spiceworks and for example crossloop gathered through investors. see the pressreleases here for the spiceworks pressrelease and here for the crossloop press release. It seems that the industry is picking up those marbles out there.

  1. SpiceWorks Desktop
  2. Logmein Free Edition
  3. Comodo Personal Firewall Pro
  4. Nessus Security Scanner
  5. Prtg Traffic Grapher

1. Spiceworks Desktop

This is for me a really handy application, it saves me time everyday I use it.
It keeps tracks of all events in my environment, new software installs it show me if the Antivirus applications are up to date.

2. Logmein Free Edition

If you follow my blog you know I use this program quite a lot.
It enables me to connect to remote location very easily and without any hassle.

 

3. Comodo Personal firewall pro

image

image

image

image

 

Comodo is consitently in the top of Matousec Leak Test therefore it is in my toplist.
If you look at the last screen you can see that you can export your settings, and import them even at another computer.

I hope Comodo will bring out this year a network administration interface to manage multiple clients.

Friday, December 21, 2007

Spiceworks 2.0

Today or Yesterday my favorite network management software went out of beta.
I was using the beta version of 2.0 quite a while now, and didn't had any problem running it. So I followed the instructions to upgrade to the final release and all went smooth!

If you are managing a network / computers this tool is really invaluable!

Thursday, December 13, 2007

How to restore a file in a DFSroot with BackupExec

After my last rant about Backup Exec I'm here to unleash another one.
You can't simply restore a file to a dfsroot!

  • You will have to manually stop the DFS service first before you try to restore something in the dfsroot.

 

I hope BackupExec will try to resolve this issue right now!

 

 

Thursday, November 22, 2007

RAR command line with real world example

Every week I make an ASR backup of my Windows 2003 R2 servers, some of them are physically located at another site.
Due to that fact I had to think of a secure way to get my data over the WAN to my office.
Just plain copying is not an option because we all know if one bit falls over my complete ASR backup is rubbish.
And I would have wasted precious bandwidth.

A solution I could come up with was to use plain old WinRar, I found out that there was a command line version as well.
But the help that comes with that version is kinda cryptic.

Below is my command line that I came up with.
rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

I will explain it in full detail:
rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

a = add files to archive, that really speaks for itself I think.
we are going to add files to an archive.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

d:\asr-bu\done\asr_server.rar = this is the name of the archive we are going to create.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-ri1 = this gives the archive process a priority of 1 which is the lowest, this way archiving will not degrade the performance of the server to much.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-mt2 = Multithreaded: If you have a multithreaded cpu then with this command you give both threads work.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-ag[yyyy-mm-dd] = here you give the archive a name with [2007-11-22] attached to it.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-rv10 = This is for me the most important option: this switch create recovery volumes called REV files the number indicates how many REV will be made.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-v51200 = here we specify the maximum size of a rar archive (we are creating an archive that will span a number of archives. The number 51200 is chose because it will show as 50.000 KB nicely in explorer (1024x50)

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

-m5 = This is how you specify the compression level 5 is maximum compression 0 is just store no compression at all.

rar a d:\asr-bu\done\asr_server.rar -ri1 -mt2 -ag[yyyy-mm-dd] -rv10 -v51200 -m5 d:\asr-bu\*.bkf

d:\asr-bu\*.bkf = here we specify what to store in the Archive we create. My ASR backup is stored at this location, I use also a date in my naming of ASR's so I must use a wildcard here.

All of this results in the following set of rar files

asr_server[2007-11-22].part001.rar
asr_server[2007-11-22].part002.rar etc...

 

I hope this helps you.

-------------------------------------------------------------------------

 

RAR 3.70   Copyright (c) 1993-2007 Alexander Roshal   22 May 2007
Shareware version         Type RAR -? for help

Usage:     rar <command> -<switch 1> -<switch N> <archive> <files...>
               <@listfiles...> <path_to_extract\>

<Commands>
  a             Add files to archive
  c             Add archive comment
  cf            Add files comment
  ch            Change archive parameters
  cw            Write archive comment to file
  d             Delete files from archive
  e             Extract files to current directory
  f             Freshen files in archive
  i[par]=<str>  Find string in archives
  k             Lock archive
  l[t,b]        List archive [technical, bare]
  m[f]          Move to archive [files only]
  p             Print file to stdout
  r             Repair archive
  rc            Reconstruct missing volumes
  rn            Rename archived files
  rr[N]         Add data recovery record
  rv[N]         Create recovery volumes
  s[name|-]     Convert archive to or from SFX
  t             Test archive files
  u             Update files in archive
  v[t,b]        Verbosely list archive [technical,bare]
  x             Extract files with full path

<Switches>
  -             Stop switches scanning
  ac            Clear Archive attribute after compression or extraction
  ad            Append archive name to destination path
  ag[format]    Generate archive name using the current date
  ao            Add files with Archive attribute set
  ap<path>      Set path inside archive
  as            Synchronize archive contents
  av            Put authenticity verification (registered versions only)
  av-           Disable authenticity verification check
  c-            Disable comments show
  cfg-          Disable read configuration
  cl            Convert names to lower case
  cu            Convert names to upper case
  df            Delete files after archiving
  dh            Open shared files
  ds            Disable name sort for solid archive
  e[+]<attr>    Set file exclude and include attributes
  ed            Do not add empty directories
  en            Do not put 'end of archive' block
  ep            Exclude paths from names
  ep1           Exclude base directory from names
  ep2           Expand paths to full
  ep3           Expand paths to full including the drive letter
  f             Freshen files
  hp[password]  Encrypt both file data and headers
  id[c,d,p,q]   Disable messages
  ieml[addr]    Send archive by email
  ierr          Send all messages to stderr
  ilog[name]    Log errors to file (registered versions only)
  inul          Disable all messages
  ioff          Turn PC off after completing an operation
  isnd          Enable sound
  k             Lock archive
  kb            Keep broken extracted files
  m<0..5>       Set compression level (0-store...3-default...5-maximal)
  mc<par>       Set advanced compression parameters
  md<size>      Dictionary size in KB (64,128,256,512,1024,2048,4096 or A-G)
  ms[ext;ext]   Specify file types to store
  mt<threads>   Set the number of threads
  n<file>       Include only specified file
  n@            Read file names to include from stdin
  n@<list>      Include files in specified list file
  o+            Overwrite existing files
  o-            Do not overwrite existing files
  oc            Set NTFS Compressed attribute
  or            Rename files automatically
  os            Save NTFS streams
  ow            Save or restore file owner and group
  p[password]   Set password
  p-            Do not query password
  r             Recurse subdirectories
  r0            Recurse subdirectories for wildcard names only
  ri<P>[:<S>]   Set priority (0-default,1-min..15-max) and sleep time in ms
  rr[N]         Add data recovery record
  rv[N]         Create recovery volumes
  s[<N>,v[-],e] Create solid archive
  s-            Disable solid archiving
  sc<chr>[obj]  Specify the character set
  sfx[name]     Create SFX archive
  si[name]      Read data from standard input (stdin)
  sl<size>      Process files with size less than specified
  sm<size>      Process files with size more than specified
  t             Test files after archiving
  ta<date>      Process files modified after <date> in YYYYMMDDHHMMSS format
  tb<date>      Process files modified before <date> in YYYYMMDDHHMMSS format
  tk            Keep original archive time
  tl            Set archive time to latest file
  tn<time>      Process files newer than <time>
  to<time>      Process files older than <time>
  ts<m,c,a>[N]  Save or restore file time (modification, creation, access)
  u             Update files
  v             Create volumes with size autodetection or list all volumes
  v<size>[k,b]  Create volumes with size=<size>*1000 [*1024, *1]
  vd            Erase disk contents before creating volume
  ver[n]        File version control
  vn            Use the old style volume naming scheme
  vp            Pause before each volume
  w<path>       Assign work directory
  x<file>       Exclude specified file
  x@            Read file names to exclude from stdin
  x@<list>      Exclude files in specified list file
  y             Assume Yes on all queries
  z[file]       Read archive comment from file

 

 

Friday, November 09, 2007

Backup Exec 10d [Append Explained]

Well I've found out the hard way how append actually works in Backup Exec.
I thought and I think most of the people that when you create a job and in that job you select "Append to media overwrite when no appendable media is found" that the job would overwrite your media when there is no more room on the tape. This is partially true.

This does NOT work when you have set your Media set to "Infinite - allow append" then it will append until your media becomes full and then asks you for new media, I've found this quite confusing.

The trick is that you have to set the append period for your media set to a period of time otherwise your media will not be able to be overwritten when your tape becomes full.

I've set my media set to an append period of one 1 week after that the media set will be overwritten by the backup job. I have enough space for that make sure when you create your append period that you have enough room on your tape for that period, a long period works best with incremental/differential jobs obviously.

I hope this helps you in creating your backup jobs.

 

Technorati Tags: , , , ,

Friday, November 02, 2007

Backup Exec: How to backup DFS on windows 2003 R2

After the installation of service pack 4 of Backup Exec 10d.
I noticed that my backup of the DFS was completely empty.

I made a backup of my DFS root as specified in the lengthy manual of backup exec approximate ~1400 pages!
But all of a sudden Backup Exec seemed to have changed the way they make DFS backups.

The way to backup a DFS is now as follows:

When you create your selection list go to the server holding your DFS go to
[Shadow Copy components] ==> [User Data] ==> [Distributed Filesystem Replication] ==> [DfsrReplicatedFolders]
There you will find your Folders which you want to backup.

Wednesday, October 24, 2007

Backup Exec slow Exchange Mailbox Backup [Solved]

I had a problem with a slow backup performance of Backup Exec.
The whole process took around 12 hours for the mailboxes only ~32GB.

The problem was at least in my case that around the same time of the backup, a database maintenance job was running. It was set to start around 4am.

You can change the schedule of the database job in ESM ==> Server ==> <your exchange server> ==> First Storage Group ==> [tab] Database ==> Maintenance Interval ==> [Customize]

Now you can set your own maintenance schedule which off course does not interfere with your backup schedule.
Hope this will help you in solving slow backups of your exchange mailboxes with backup exec.

 

Wednesday, October 17, 2007

Create an VPN Connection with a Juniper Netscreen 5GT (Part 1)

I created this post because I really hate the juniper site with their links to other documents instead of displaying the whole document all together.

To configure an L2TP over IPSec tunnel, perform the following steps:

clip_image001Configure an L2TP over IPSec user on the Juniper Firewall. For more information on configuring an L2TP over IPSec user, go to Configuring an L2TP over IPSec User on the Juniper Firewall.
clip_image002Configure an L2TP user group on the Juniper Firewall. For more information on configuring an L2TP user group, go to Configuring an L2TP User Group on the Juniper Firewall.
clip_image003Configure an L2TP group gateway on the Juniper Firewall. For more information on configuring an L2TP group gateway, go to Configuring an L2TP Group Gateway and VPN on the Juniper Firewall.
clip_image004Configure an L2TP IP pool on the Juniper Firewall. For more information on configuring an L2TP IP pool, go to Configuring an L2TP IP Pool on the Juniper Firewall.
clip_image005Configure the L2TP VPN default settings on the Juniper Firewall. For more information on configuring the L2TP VPN default settings, go to Configuring the L2TP VPN Default Settings on the Juniper Firewall.
clip_image006Configure an L2TP VPN tunnel on the Juniper Firewall. For more information on configuring the L2TP VPN tunnel, go to Configuring the L2TP VPN Tunnel on the Juniper Firewall.
clip_image007Configure an L2TP VPN policy on the Juniper Firewall. For more information on configuring the L2TP VPN policy, go to Configuring an L2TP VPN Policy on the Juniper Firewall.
clip_image008Configure an L2TP Connection on the Remote Side. For more information on configuring an L2TP connection on the remote side, go to Configuring an L2TP Connection on the Remote Side.
clip_image009Make an L2TP Connection from Windows 2000. For more information on making an L2TP connection from Windows 2000, go to Making an L2TP Connection from Windows 2000.


To make an L2TP connection using Windows 2000, perform the following steps:

clip_image001[1]From the Start menu, select Settings, select Network and Dial-up Connections, and then click Make New Connection.

clip_image010

clip_image002[1]From the Network Connection Wizard, click Next.

clip_image011

clip_image003[1]From Network Connection Type, click to select Connect to a private network through the Internet, and then click Next.

clip_image012

clip_image004[1]From Public Network, click to select the dial-up connection that connects you to your ISP. If your physical connection is an Ethernet connection, select Do not dial initial connection. If the physical connection is through an ISP, select Automatically dial this initial connection. Click Next.

clip_image013

clip_image014For this example, we used Do not dial the initial connection.

clip_image005[1]From Destination Address, in the Host name or IP address box, enter the IP address or hostname of your Juniper Firewall's Untrust interface, and then click Next.

clip_image015

clip_image014[1]For this example, we have used 1.1.1.1 as the Untrust IP address.

clip_image006[1]From Connection Availability, click to select For all users, and then click Next.

clip_image016

clip_image007[1]From the Completing the Network Connection Wizard, enter a connection name, and then click Finish.

clip_image017

clip_image008[1]Click Properties.

clip_image018

clip_image009[1]Click to select the Security tab, click to select Advanced (custom settings), and then click Settings.

clip_image019

clip_image020From Advanced Security Settings, from the Data encryption drop-down menu, click to select Optional encryption (connect even if no encryption).

clip_image021

clip_image022From Logon security, click to select Allow these protocols. Click to select only Unencrypted password (PAP) and Challenge Handshake Authentication Protocol (CHAP). Click to clear any protocols that do not apply.

clip_image023

clip_image024Click OK.

clip_image025Click to select the Networking tab. From the Type of VPN server I am calling drop-down menu, click to select Layer-2 Tunneling Protocol (L2TP).

clip_image026

clip_image027Click OK.

clip_image028From Network and Dial-up Connections, double-click the Dial-up Connection.

clip_image029

clip_image030Enter your User name and Password.

clip_image014[2]The User name and Password matches the username and password of the L2TP user configured on the Firewall.

clip_image031

clip_image032Click Connect


To configure an L2TP user group on the Juniper Firewall, perform the following steps:

clip_image001[2]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[2]From the ScreenOS options menu, click Objects, select User Group, and then click Local.

clip_image033

clip_image003[2]Click New.

clip_image034

clip_image004[2]From the Edits screen, enter a Group Name.
clip_image014[3]For this example, we have entered usergroup1.

clip_image035

clip_image005[2]Click to select an Available Member, and then click the Add Group Members button.
clip_image014[4]For this example, we have selected John Doe.
clip_image014[5]For more information on configuring an L2TP user, go to Configuring an L2TP User on the Juniper Firewall.
clip_image006[2]Click OK.

clip_image036


To configure an L2TP group gateway and VPN on the Juniper Firewall, perform the following steps:

clip_image001[3]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[3]From the ScreenOS options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

clip_image037

clip_image003[3]Click New.

clip_image034[1]

clip_image004[3]From the Edit screen, enter a Gateway Name. From Security Level, click Custom.
clip_image014[6]For this example, we entered JohnDoeGate.

clip_image038

clip_image005[3]From Remote Gateway Type, click to select Dialup User Group. From the Group drop-down menu, click to select your group.
clip_image014[7]For this example, we selected usergroup1.
clip_image006[3]From the Preshared Key text box, enter a Preshared Key.
clip_image014[8]For this example, we have entered Password9.

clip_image039

clip_image007[2]From Outgoing Interface, click to select untrust. Click Advanced.

clip_image040

clip_image008[2]From Phase 1 Proposal drop-down menu, click to choose a proposal.
clip_image014[9]For this example, we chose pre-g2-des-sha. When choosing the Phase 1 Proposal, you must select pre for the proposal.

clip_image041

clip_image009[2]From Mode (Initiator), click to select Aggressive.
clip_image020[1]Click Return.

clip_image042

clip_image022[1]Click OK.

clip_image043

clip_image024[1]From the ScreenOS options menu, click VPNs, select AutoKey IKE.

clip_image044

clip_image025[1]Click New.

clip_image045

clip_image027[1]From VPN Name, enter a VPN Name. Click to select Custom.
clip_image014[10]For this example, we entered JohnDoeIke.

clip_image046

clip_image028[1]From the Remote Gateway drop-down menu, click to select a Remote Gateway.
clip_image014[11]For this example, we chose JohnDoeGate.
clip_image030[1]Click Advanced.

clip_image047

clip_image032[1]From User Defined, click to select Custom. From the Phase 2 Proposal drop-down menus, click to choose the Phase 2 Proposal settings.
clip_image014[12]For this example, we chose nopfs-esp-des-md5, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-3des-sha.

clip_image048

clip_image049From Transport Mode, click (For L2TP-over-IPSec only). From Bind to, click None.
clip_image050Click Return.

clip_image051

clip_image052Click OK.

clip_image053


To configure an L2TP IP pool on the Juniper Firewall, perform the following steps:

clip_image001[4]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[4]From the ScreenOS options menu, click Objects, and then click IP Pools.

clip_image054

clip_image003[4]Click New.

clip_image034[2]

clip_image004[4]From the Edit screen, enter an IP Pool Name, a Start IP, and an End IP.
clip_image014[13]For this example, we have chosen an IP Pool Name of global, a Start IP of 10.10.2.100, and an End IP of 10.10.2.180.
clip_image055To avoid potential routing problems, make sure the IP Pool is on a different IP Subnet than the Trust Zone.

clip_image056

clip_image005[4]Click OK.

To configure the L2TP VPN default settings on the Juniper Firewall, perform the following steps:

clip_image014[14]If L2TP/Xauth Remote settings are not configured, the L2TP VPN default settings will be used. For more information on configuring an L2TP over IPSec user, go to Configuring an L2TP over IPSec user on the Juniper Firewall.

clip_image001[5]Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
clip_image002[5]From the ScreenOS options menu, click VPNs, select L2TP, and then click Default Settings.

clip_image057

clip_image003[5]From the Default Settings screen, from the IP Pool Name drop-down menu, click to select global, and then from the PPP Authentication drop-down menu, click to select CHAP.
clip_image014[15]For more information on configuring an L2TP IP pool, go to Configuring an L2TP IP Pool on the Juniper Firewall.

clip_image058

clip_image014[16]DNS Primary Server IP, and DNS Secondary Server IP values are optional, and are not required for the L2TP tunnel to work. If DNS settings are set, they will be pushed down to the L2TP PC client.
clip_image014[17]For this example, for the DNS Primary Server IP, we have entered 210.11.40.3, and for the DNS Secondary Server IP, we have entered 210.11.50.2.
clip_image004[5]Click Apply.

clip_image059


Technorati Tags: , , , , , , ,
Google