“ Defines the DNS servers to which a computer sends queries when it attempts to resolve names.

Warning: The list of the DNS servers defined in this setting supersedes DNS servers configured locally and those configured using DHCP. The list of DNS servers is applied to all network connections of multihomed computers to which this setting is applied.

To use this setting, click Enable, and then enter a space-delimited list of IP addresses (in dotted decimal format) in the available field. If you enable this setting, you must enter at least one IP address.

If this setting is not configured, it is not applied to any computers, and computers use their local or DHCP-configured parameters.”

After reading the description I Thanked this is it. So let me show you first the test environment. We got to server and a Client. The server running Windows 2003 and the client runs XP. The two servers (dc01.planetgeek.ch/ 172.16.111.120 and sql.platnetgeek.ch / 172.16.111.124) have installed DNS servers. The Client has only one DNS configured the dc001.

Setting up the new GPO and link it to the client pc.

Now we use the client to review the impact of this GPO setting. First we use the gpresut to look if the GPO was adapted.

After we are sure that the GPO was applied I do an “ipconfig /all” to check the DNS settings.

Okay it looks like the DNS setting is not applied. I checked the result several times, rebooted the PC, used netsh to look on the DNS settings and searched for event log entries. Then I tried nslookup on the console. Look on witch DNS server the request goes.

It looks like the network tools (ipconfig, netsh and the tcp/ip Settings gui) from windows XP did not recognize the GPO Setting. I guess if you use this in large company this will end up in a debugging nightmare. Normally I hate this Microsoft bashing, because the Company make good and stable products. But this time the guys from Redmond did a very lousy job.

First I will make my coming out as an Apple fan boy. So this article reflects my personal meaning and may not be 100% objective. The physical dimensions of the device are 243mm x 190mm x 13mm. The weight of the iPad is 0,68 kg or 0.73 kg for the 3G model. By the way the 3g models have also an compass and a GPS module. The display is 9.7 inch and has a resolution of 1024×768 (132ppi). The battery live is beyond 10 hours witch is very, very, very impressive. There are only three points witch are semi optimal. The reflecting display is not my favorite option. And if you use the iPad in the Sun in became a little bit hot and shuts himself down. The iBook store of Switzerland only host’s only free book from the Gutenberg project. As you can imagine Nathan the wise from Lessing is note my favorite bed lecture.

My top 5 apps for the iPad are:

FunBox: It is an very simple app. There are 60 buttons each of the buttons play’s a funny sound.
fun box

GoodReader is for my case the best eBook reader for the iPad. I assume you don’t need it if you buy books in the Apple Store. At the moment I buy e-books on the Exlibris web store and print the Adobe DRM contaminated files to a pdf printer (Freepdf) and send it to GoodReader.
GoodReader

NewsRack (thx Dani for the hint) is very nice RSS reader. A very nice feature is the sync with the Google reader. The reader can cash posts and pictures.

PocketCAS is a very nice function plotter. Which is very usefully in my studies at the university of Lucerne
PocketCAS

Dropbox the best way to keep your files in sync.
dropbox

After all I like the iPad and give him 4.5 geeks from max 5 geeks

master.mdf, masterlog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

Model.mdf, modellog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

MSDBdata.mdf, MSDBlog.mdf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

Tempdbv.mdf, templog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

planetgeek.mdf, planetgeek_log.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

First thing you notice the filenames are all tuned in the same schema, pls. Microsoft it cannot be so hard. Our mission is to move all log files in the path D:\mssqlserver08 and all data files to E:\mssqlserver08. The first thing we should do is give the sqlserver service account user read and write rights to this two directories. This step is not quiet necessary but the remote db creation and auto grow features will not work. Let’s start with the master db. Start the SQL Server Configuration Manager. Click “start” -> “run” and type “SQLServerManager10.msc” and right click on the properties from the SQL server Service.

In the advanced tab you have to edit the Startup Parameters

The default value is (keep in mind there are no spaces!!!):

-dC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA\master.mdf;

-eC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\Log\ERRORLOG;

-lC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA\mastlog.ldf

-d is the path to the master.mdf

-e path of the “ERRORLOG” File.


-l is path to the ldf File

After change the path to (keep in mind there are no spaces!!!):

-dD:\mssqlserver08\master.mdf;

-eD:\errorlog\ERRORLOG;

-lE:\mssqlserver08\mastlog.ldf

stop the sql server (for cluster use you can use an UNC path and share name. This is useful on relaxed security cluster environments). Copy the master db files to the new path. And start the SQL server Service. One step done four steps are left, so let’s move on with the temporary db. Open the SQL Server Management Studio and open a new query and enter the following lines

After the alter database statement you need to stop the Sql Server move the files in explorer to their new location and start the SQL Server Service. Many of you are maybe wondering why “ … name = tempdev, …” and the “name = templog” in the SQL query. This is the internal database name. A very easy name to get this name is stored procedure sp_help

with this procedure you are able to easily modify the path of all other databases. Normally we would have finished at this point. But after then years of experience as IT guy I know that “developers” often don’t care about path in the file system (developers who write for planetgeek are not this kind of developers . So we should change the default database creation path to ensure it will work even when we are not in the office (Yes the IT Professionals have Holydays;-).

Enjoy the comfort of non direct attached storage, RIDE ON

Konrad

Nice Irony I guess

The question is not so easy as it guess. Because Mac OS X leopard has many of the things I nee built-in. Let us start with some basic tools I Use.

VMware Fusion. is a virtual machine software product developed by VMware for Macintosh computers with Intel processors. Fusion allows Intel-based Macs to run x86 and x86-64 "guest" operating systems, such as Microsoft Windows, Linux, NetWare and Solaris as virtual machines simultaneously with Mac OS X as the "host" operating system using a combination of virtualization, emulation and dynamic recompilation. While similar in most respects to VMware Workstation.

Skype is a software application that allows users to make telephone calls over the Internet. Calls to other users of the service, and in some countries to free-of-charge numbers are free, while calls to other landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing.

Keypass X  is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)

Microsoft Office 2008, Word PowerPoint, Excel and Entourage. More or less the same bugi thing like on Windows.

LaTeX is based on the idea that authors should be able to focus on the content of what they are writing without being distracted by its visual presentation. In preparing a LaTeX document, the author specifies the logical structure using familiar concepts such as chapter, section, table, figure, etc., and lets the LaTeX system worry about the presentation of these structures. It therefore encourages the separation of layout from content while still allowing manual typesetting adjustments where needed.

Cyberduck is an open source FTP, SFTP, WebDAV, Mosso Cloud Files and Amazon S3 browser for the Mac. It features an easy to use interface with quickly accessible bookmarks. The outline view of the browser allows to browse large folder structures efficiently and you can quickly preview files with Quick Look. To edit files, a seamless integration with several external editors makes it easy to change content quickly. Both Amazon CloudFront and Cloud Files from Rackspace can be easily configured to distribute your content in the cloud. Many OS X core system technologies such as Spotlight, Bonjour and the Keychain are supported and a large number of translations makes you feel at home.

Freeciv is a multiplayer, turn-based strategy game for workstations and personal computers inspired by the commercial proprietary Sid Meier’s Civilization series. The game’s default settings are closest to Civilization II, both in gameplay and graphics (including the units and the isometric grid).

These are the Programs that make my 24 iMac to a Powerful blog machine. There is only one thing I am missing. On windows there is a free Software called Live Writer. Live writer make blogging very easy but I don’t find a Sirius alternative for Mac. If you know something pls don’t hesitated post a commend.

Regards Konrad

Normally I’m not a big promoter of software. But this tool is amazing. Every, and I mean every IT Professional are having the same problem. Everybody in the world looks at you and sees the free helpdesk. Ok I must admit most of the time this is not a problem because helping is caring friendship. Helping over the phone is good because you don’t have to travel. But this is not easy for each occasion. There are a lot of good remote software programs for companies. But the use in private environments is not so as easy as it should be because you need port forwarding, special firewall rules etc. Looking around in the Internet I found a very exciting tool for remote support. It’s called TeamViewer.

http://www.teamviewer.com

The benefits of TeamViewer are:

•    It’s free for personal use.
•    No installation needed.
•    No firewall changes are required because remote clients create an outgoing connection to the team server.
•    It works on PC and Mac, even cross-platform, connect from Mac to windows is no problem.
•    It’s Fast and
•    It’s free for noncommercial use.

At least it’s the Holy Grail of remote software

Regards Konrad

The lab hardware is composed of two personal workstations and two 3500 Cisco switches. The Cisco’s are connected together with two Gigabit Ethernet links. Each of the switches has  a PC attached to it.

So let’s start with the basic configuration.

I prefer putty for serial telnet and ssh connection to my network devices. But hyper term will also do a good job.
After the login the switch welcomes us with the shell prompt

Switch>

First thing we are entering is the enable mode, which gives us the opportunity to make basic configurations.

Switch>enable

the shell prompt now enters into the enable mode and the “Switch>” changes to “Switch#” first we are going to change the time of the switch.

Switch# clock set 20:09:01 3 Apr 2006

To test the settings “show clock” will show us the actual time. In the next step we are going to the configure terminal. This allows us to change network and settings on the device.

Switch#configure Terminal

The notice “enter configuration commands, one per Line. End with CNTL/Z and the shell prompt shows “Switch(config)#” to change the DNS Hostname of the switch the command is simple hostname. Just enter it.

Switch(config)#hostname MySwitch1

now the shell prompt changes to “MySwitch1(config)#” and we are able to continue with the setting of a password for the enable mode by entering

MySwitch1(config)#enable secret TopSecretPassword

After setting the password for the enable mode it would be wise to set an password for the Virtual Terminal (Telnet & SSH Access). We need 2 lines to do this, the first line is for setting the password and the second for the rights of the remote console. Some Admin’s think “vty 0 15” is to much rights for a remote console. I think “vty 0 15” is ok if the switch is on a remote location.

MySwitch1 (config)# password MySecretTerminalPassword
MySwitch1 (config)# line vty 0 15

The last thing we need to do is setting up a managed port. This port is only for the management. The port should not be used for clients. In most companies the port is set in the management vlan but we don’t do this in this post. This will be done by entering an Interface, disabling the switching on this port, setting the port state up, setting the IP and subnet mask and leaving the interface config.

MySwitch1(config)#interface fastethernet 1/1
MySwitch1(config-if)#no switchport
MySwitch1(config-if)#no shutdown
MySwitch1(config-if)#ip address 192.168.1.3 255.255.255.0
MySwitch1(config-if)#exit

One nice thing left do at the end of the basic configuration is setting a login banner. The banner is written to the console after the login. If the company has hundreds of devices it helps to keep the overview. And I like asci art.

MySwitch1(config)#banner motd ^
#########################################
#  if you cant make it good, at least make it look good!!!    #
#                                                             #
#            Name:              MySwitch1                     #
#            Location:          HQ, Lucerne                   #
#            Model:             Cisco 3500                    #
#                                                             #
# WARNING, unauthorized access to this network is prohibited. #
#                                                             #
# Unauthorized access will lead to prosecution according to   #
# the law                                                     #
#########################################
^ 

Now the basic configuration of the running configuration is done. The last thing we do is copy the running configuration to the startup configuration by entering

MySwitch1#write

In a second Post we will create the uplink using port channel and vlans. If you are now hot to hack a little bit around. I found an free trial of a simulator on
http://www.certexams.com/buy.htm. It is very limited but it a good starting point.

Cheers Konrad

A good tool to find security issues is the “Microsoft Baseline Security Analyzer” aka. MBSA. Which is released in version 2.1. The MBSA can be obtained for free from the Microsoft homepage. My recommendation is to install the tool on one centrally accessible client or server. Because it need’s full RPC access to all machines that are to be tested. Some heretic may say that a client that needs RPC ports through the whole network is a security problem in high secure environment, and maybe he is right, but this is another topic. After a short installation of the MBSA it’s ready to use. The tool is the solution for scanning whole networks and domain. Please keep in mind that the tool needs some performance on the scanned server or workstation

Let us start with a report for one server. A notice to my chef: “This is not a corporate server, it’s an special virtual machine for this blog, so relax when you see the report at the end J”. One of the nice features is the possibility to set the patch repository to a local WSUS. So if there is a problem with a windows patch you decide to not install it doesn’t show up as an error. I recommend in most cases to use the Microsoft update as repository. Maybe you’ll find out some dark secrets of the WSUS administrator

After a scan that runs approximately for 40 seconds a nice report is created by the tool.

Special remarkable is that Microsoft gives a short description how to correct the problem.

A small summary is that the tool can’t make wonders, but it’s an nice way to ensures that the big risk’s are closed even when you don’t have detail knowledge of the software like SQL Server. The tool is not perfect so checkup the recommended solution. “Some potentially unnecessary services are installed“ means in my test lab the “save service” which is a virus scanner. After all it’s a good tool. Read you soon !!

Cheers Konrad

Lets take a closer look at the server. there are 16 Bays for servers some enterprise servers need two slots, some "low power" dual quad core etch with 32 GB memory need for tow serves an half slot. In my case i am using 16 HP ProLiant BL460c Server Blade. Nice to know is that this slots can be used for Tape (DLT 5), storage (DAS) and PCI-Express Blades. but you lose an slot.

The network slots of the blade can be equipped wit Cisco, hp, Mc Data and Virtual connect bays. cowsing the best for your environment is an very hard and complex dissensions. The Virtual connect is an brand new technology from hp witch is "weder fisch noch Vogel". the best description it is an Virtual Patch panel. it can swishing, some layer 3 thinks like vLan tagging. The most important thin is it is able to du an dynamic LACP port Cannel, with is on HP English an Auto Port .

so stop the geek fan boy stuff and lets talk about benefits / disappointment of Blade. in the most guid’s you find that the c7000 is internal complete redundant. this is simply an lie. The base board is one Part if its fail the hole c7000 goes DOWN !!!. HP say it hase an normal time to fial from 140 years. why i know to blade centers with the second baseboard i am  not so old It has 10 fans slots, but to operate in redundant mode you need only 8. if one fails nothing happened. my guess is you only need in future wit 16 GHZ 12 qore CPU an 200 gb ram the 10 fans. so safe the money while ordering. not every mezziane card that are able to work in the slot make sense.

thake a look to this schematics from hp product bulletin. With an half high blade (16 Blades per enclouser) you only able to use 2 slots. So if you buy an quad port NIC you only able to use 2. HP don’t tell you in the order process.  in Some cases blade are cheeper than normal serves but it depend on the configuration. in most case if you need fiber cannel HBA’s it’s an good chance to be on the cheeper side. Blade are an complex an modern technology witch requires intensive study for the IT professional’s.

at the least some nice videos from HP wit happy people from japan

After applying the policy the TeamSpeak server stop’s working like except. But after editing the policy and again, insert the port 8767 all services works fine.

My conclusion of the Microsoft Security Configuration Wizard is: The tool is very easy to use and brings many good changes in short time. The use of SCW sold be carefully tested. But i’m strongly advise the use on all windows servers.