A cool HTA for Microsoft administrators

This is going to be the first time that I put up some code into my blog that I have written. I am not totally sure how this is going to work because it is for an HTA. For you that are uninitiated to HTAs, basically they are a VBScript that uses a web front end for display. You write the front end interface using HTML code. You can then just double click on the HTA file and the program will run. Because of the HTML code I am not totally sure how well the program will come up in the blog.

Well anyway, what this program does is pretty simple. It will just let you know what servers your 5 FSMOs are on (you know like PDC Emulator). This way you do not have to open up multiple cryptic GUI utilities and remember where they list them at. Here is the program listing.



OK, I did it as a graphic. This works ok I guess. We will have to see how it goes from here. Now this will create a HTA window and then put in the appropriate information. It is pretty cool. Hmmmm, now I just need to figure out how to put in a file that you could download for a sample to run. In the meantime you will just have to hand type in everything (well I had to type it all in so .....).

Novell name resolution setups

Well, I am actually going to knock something about Novell (OK, well I ding on everyone at some time). Where I work currently we have Novell NDS with multiple trees. NetWare 5.x and 6.x in a pure (well we are trying) IP environment. I have been here about 6 months so far. When I got here I found out that it was hard to get from tree to tree (amongst other things).

Well I started to look closer at the way that my workstation connects to the system. I had not spent much time recently with Novell at the higher end so had some additional learning to do to catch up. Well that is where the problem lies. If you are trying to discover the answer to a bug in the system Novell has a fairly large number of resources in the knowledge base. But if you are trying to find a good white paper or manual on the setup of things like SLP or DNS with Novell, good luck. What little is out there is very sparce. It is like putting a puzzle together with the pieces on different tables in the room.

The biggest thing I have found is that it is most important to have DNS setup correctly! You need to have DNS records for all the servers. You also need DNS records for the names of the trees that you have. These DNS records need to point to servers in the tree. I have setup our system so that the records for the treenames point to servers with replicas on them. You will want two or three DNS records for each tree pointing to multiple servers so that there is load balancing and fault tolerance. I am not sure if I got it the best but it is working MUCH better. I can now login to different trees simply by putting the tree name in the login screen. In the past I had to usually put in the IP address of one of the servers in the tree. The lookup and login is also much much faster too.

SLP is a totally different story. I think I am going to have to look at documentation in OpenSLP to try to really learn what is going on with SLP. I have made some adjustments to our system and it seems to be better. Initially we had SLP DA servers for each tree, so we could not get a good list of services available on the network. Even within a couple of trees we had multiple DA servers and different servers registered on different trees. Talk about messed up. Well we decided to go with two SLP DA servers and point all the other servers to those two servers. Low and behold we are now getting a complete list of servers. Works much better. I have the DA servers on NetWare 6 servers. I used the default scope. I should probably have setup a named scope and might have to change that.

Hmmm that worm sucks

Well the new worm that was reported is a nasty one. ZoTob, what kind of name is that for a worm?!?! We had to do some serious patching at work because one of the other parts of the company got hit hard. We got patches in fast enough that we only had a couple of machines that got hit. The big moral of this story is make sure to update any Windows computers right away!!!

On another note, I wrote a script for Active Directory that will go out and scan all the computers (well we were scanning servers) and pull the OS version and Service Pack version on the computer. I need to figure out how to post files on my blog and then I might start putting some of these up there.

While I am on security, if you have wireless in your house or business, make sure it is secure. At the very least you need to turn on WEP. The 64 bit key is a start but if your systems will support a 128 bit key use it. Also, this is a hexadecimal number. What that means is that the letters A through F are considered numbers too. This allows "numbers" like deadbed or deadbead. You can also mix in numbers that look like letters to form other words, like badb0d if you use a zero for the o... or b1d using a 1 for the i to get it to look like bid.. how about b100d... this way you can make a key that is a bit easier to remember. You need to put the key in both the wireless router/access point, and the workstations that are attaching.

If you are in a more populous urban area (out in the country there just are not that many hackers - we have more of a life) you can also restrict the wireless access based on MAC address. This is a hardware address that is set on each network card. To find the MAC address on a Windows 2000 or XP computer, open up a command prompt and type ipconfig /all then look for the wireless adapter. There will be an entry for Physical Address. This is the address (another one of those hex numbers) that you need. Just put it in the wireless router in the MAC address list and then you will be able to get through and those that are not on the list won't.

The first rant

OK, well this is just the start of this blog. This blog is going to be strictly my rants, raves, and general ramblings about anything tech or geek. Most of it will be revolving around computer networking technology since I am a computer network engineer, but you will also see things like the iPod discussed (no I don't have one yet, but if someone wants to send me one I won't say no!).

The biggest things that I am doing currently are, VBScripting for network administration, and getting Novell eDirectory running on Microsoft Windows and then migrating Netware trees and DirXML over to Windows. I will try to put some pretty good stuff on VBScripting on here so that you can learn what I am learning. Well, OK I will do the same thing for eDirectory since there is like a huge void of documentation for most of that.

Well, one of my biggest complaints with Novell (and I have been a CNE since 1991) is the serious lack of documentation on much of their stuff. It has gotten really bad recently. I was out of the Novell loop for several years and now, trying to get back up to speed, I am getting really frustrated figuring out everything they changed.

VBScript is needed to administer Windows!

Yes, if you really want to be a power administrator you need to learn to script! I have been able to do so much with VBScript in administering the system. How about creating 100 new groups on the system in 10 seconds? That is cool. I did a script where I had a list of groups that I had pulled out of Novell and was able to pump them into the new system in 10 seconds. OK, it took me like 15 minutes to write and test the script, but this is one of the first scripts I did.

One that I did recently that was really cool was a script that pulled a list of all the groups and then pull the list of members in the group and, in a new worksheet for each group, listed the membership in an Excel spreadsheet. We needed it for auditing some rights. I wrote the script to look for the 22 groups that we needed the list from and then was able to send the spreadsheet to the appropriate people. I also found four groups that were created but nobody was ever added to the members list. Delete group!

eDirectory tools for Microsoft are cool

One thing on eDirectory on Microsoft, the maintenance tools are like really cool. Much better than on the NetWare server. If you hate GUI interfaces you will not agree but I really liked them. It did take a while to find where they were. You actually have to go to the Control Panel on the server and then there is a control panel for Novel eDirectory. Odd place to put it but no ones perfect....

Well, I will try to post pretty regularly....