This script was written for one of our daily offsite backup. I have used some web help for part of the script.

This script works in following steps:

  • Backup Files.
  • Copy the Files to a temp location.
  • Zip those files into a single zip.
  • Transfer those files to remote off-site location.
  • Notification Email
  • Clean up temp files.

Following paths need to be configured as per requirement:

Location and name of log files
C:\Logs\Filename-Backup-%ds%.log

Location of files to be backed up and transferred
C:\ImportantFiles\

Location of temp files
C:\TempBackup\tmpBck\

Location of temp zipped backup
C:\TempBackup\ImportantFiles\

Location of remote off-site location
\\IP_Address_Remote_Location\ImportantFiles\

Name of the zipped files to be transferred
DailyBackup.zip

Notification script for backup status.
Notifier.vbs

Note 1

I have used a VB script downloaded from web. You can use any notification method you like. My script calls a second script which has to be placed in the same folder as this script

Note 2

I have used 7-zip as compression tool which is a free download

http://www.7-zip.org/download.html

@Echo Off
::  Backup Files. 
::  Copy the Files to a temp location,
::  Zip those files into a single zip,
::  Transfer those files to remote off-site location.  
::  Clean up temp files.

:: Set Date vars
Set mm=%DATE:~4,2%&Set dd=%DATE:~7,2%&Set yyyy=%DATE:~10,4%
Set ds=%yyyy%-%mm%-%dd%

:: Define Log File
Set elf=C:\Logs\Filename-Backup-%ds%.log

:: Create Temp copy of files
echo ###################################################################>>%elf%
echo --- Backup - Start at %date% - %time% -- >>%elf%
echo ###################################################################>>%elf%

echo --- Creating Temp Folder: C:\TempBackup\tmpBck -- >>%elf%
rmdir /S /Q "C:\TempBackup\tmpBck" >>%elf%
mkdir "C:\TempBackup\tmpBck" >>%elf%

echo --- Copying Files... >>%elf%
copy "C:\ImportantFiles\*.*" "C:\TempBackup\tmpBck" >>%elf%
If %errorlevel% NEQ 0 (
  set errCode=Temp_Copy_Of_Files_Failed
  goto errOut
  )

:: Zip files
echo --- Compressing Files... >>%elf%
"C:\Program Files\7-zip\7z.exe" a -tzip "C:\TempBackup\ImportantFiles\DailyBackup.zip" "C:\TempBackup\tmpBck\*.*" >>%elf%
If %errorlevel% NEQ 0 (
  set errCode=zip_process_failed
  goto errOut
  )
echo --- Compress Successful... >>%elf%

:: Delete Yesterday file from remote location
If exist "\\IP_Address_Remote_Location\ImportantFiles\DailyBackup.zip" (
  echo --- Deleting Remote copy of previous backup... >>%elf%
  del "\\IP_Address_Remote_Location\ImportantFiles\DailyBackup.zip" >>%elf%
  )

:: Transfer files
echo --- Transfering new zip file to remote location... >>%elf%
robocopy "C:\TempBackup\ImportantFiles" "\\IP_Address_Remote_Location\ImportantFiles" /E /XO /B /NP /R:0 >>%elf%
echo --- Transfer Return code - %errorlevel% >>%elf%
If %errorlevel% GEQ 8 (
  set errCode=Transfer_to_remote_failed
  goto errOut
  )
echo --- Transfer Successful... >>%elf%

:: Clean up local work files
echo --- Deleting local temporary work files... >>%elf%
if exist "\\IP_Address_Remote_Location\ImportantFiles\DailyBackup.zip" (
  del "C:\TempBackup\ImportantFiles\DailyBackup.zip" >>%elf%
  rmdir /S /Q "C:\TempBackup\tmpBck" >>%elf% 
  )
If %errorlevel% NEQ 0 (
  set errCode=Clean_up_failed
  goto errOut
  )

echo ###################################################################>>%elf%
echo --- Backup - Done at %date% - %time% -- >>%elf%
echo ###################################################################>>%elf%

:: Send Notification Email
call cscript //nologo Notifier.vbs -b%elf% -fDailyBackup.zip -iDaily -rok
GOTO :EOF

:errOut
echo --- Error Processing Backup Files: >>%elf%
echo --- %errCode% >>%elf%

echo ###################################################################>>%elf%
echo --- Backup - INCOMPLETE!!! %date% - %time% -- >>%elf%
echo ###################################################################>>%elf%

:: Send Notification Email
cscript //nologo Notifier.vbs -b%elf% -fDailyBackup.zip -iDaily -rbad
GOTO :EOF
Advertisements

Active Directory

1) Review User Accounts and remove retired accounts.

2) Run Microsoft’s Domain Controller Diagnostics – From a command prompt, run dcdiag.exe (on DC only). If the commands are unrecognized, install Windows Support Tools.

3) Verify that approved password policy is being enforced.

4) Review the domain controller disk space reports.

5) Check your backups – AD backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.

6) Check to make sure that AD replication is working correctly. To check, you can run the following command:
repadmin /showrepl

7) Check event logs for persistent errors.

8) Perform defragmentation to increase performance as large directories running for long time can get large and fragmented.

9) Verify integrity of AD DS database files with respect to AD semantics using NTDSUTIL.

DNS

1) Review DNS Records for obsolete static entries.

2) Ensure DNS Scavenging is configured.

3) Clean up forwarders

4) Remove stale zones

5) Remove WINS dependencies (DNS is fully capable of providing all long and short name resolution services)

6) Security Aspects
– Allow only secure dynamic updates for all DNS zones. This ensures that only authenticated users can submit DNS updates using a secure method, which helps prevent the IP addresses of trusted hosts from being hijacked by an attacker.
– If the server running the DNS Server service is a domain controller, use AD ACLs to secure access control of the DNS Server service.

DHCP

1) As always, check logs for critical DHCP related events. It would be recommended to implement a proactive monitoring solution for real-time data.

2) Frequent maintenance of the DHCP database is needed to keep it functioning properly and to recover whitespace. While DHCP is configured to do online maintenance to the database by default when there are no client requests; for busy DHCP servers, which possibly doesn’t have downtime, it is recommended to run offline maintenance against the dhcp.mdb file on a quarterly or half-yearly basis.
On a DHCP server computer, open a command prompt (Administrative access)
Use the Jetpack.exe tool to perform offline compaction.
Syntax: jetpack database_name temporary_database_name

Example:
cd WINDOWS\system32\dhcp
net stop dhcpserver
jetpack dhcp.mdb tmp.mdb
net start dhcpserver

This should work for both Windows Server 2003 and Windows Server 2008

1) Check server for latest available service packs and updates

2) Confirm file format (NTFS)

3) Check end-user disk quota availability and restrictions

4) Check File/Folder share permissions

5) Check and verify AV signatures. Ensure that AV scans for file server are scheduled for after-hours. Also make sure that AV auto-protection is ON

6) Check and verify that data drive (usually the non-OS) has at least 10% free disk space (may vary depending on your requirements)

7) Use any of the following paid/free tools (to name a few) for directory/folder size reporting so that you are able to determine what is hogging space on your data drive:

8) Perform disk cleanup. Manually delete temporary files or use one the following third party tools

9) Check and confirm that successful backup of the data has been taking place

10) Review security related vulnerabilities; check event logs – security

11) Review data (files/folders) on the server

  • Old and useless data can be purged
  • Old but required data can be moved to portable storage (external HDD, DVDs) and stored in fire-proof cabinet

12) Age of Files for archival purpose can be estimated by using tool like

13) Check if shadow copy feature is enabled and that there enough storage for the shadow copies (preferably on separate volume on another disk)

14) Keep a log/report of tasks perform for comparison for next audit/maintenance

You receive the following error when you click a hyperlink in Outlook (2003, 2007, 2010)

Error: This operation has been cancelled due to restrictions in effect on this computer

This is possibly due – default browser setup, registry corruption or file association

Step 1
Before I start with possible causes and solutions that I have encountered, please do the following:

1) Create a System Restore point
http://support.microsoft.com/kb/322756
2) Backup your registry completely
3) Backup user preferences and data for IE and Chrome/Firefox (if any); plugins or add-ons (if any)

This is for precaution only, I have not encountered any issues.

Step 2
Cause 1 – This issue may come up if the default browser is changed from Internet Explorer to either chrome or firefox.

Solution – This issue is known to Microsoft and so they allow you to fix this issue automatically or manually using this link:

http://support.microsoft.com/kb/310049#fixit4me

Cause 2 – After upgrading to a newer version of Microsoft Internet Explorer the following registry key may either missing or corrupted:

HKEY_Local_Machine\Software\Classes\htmlfile\shell\open\command

Solution – This issue is known to Microsoft and so they allow you to fix this issue automatically or manually using this link:

http://support.microsoft.com/kb/310049#fixit4me

Microsoft suggests that you either reset IE settings and manually set IE as default browser OR import the following registry key from a different computer which is working fine

HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\open\command

Step 3
It is important to verify that “HKEY_CLASSES_ROOT \.html” key is “htmlfile” and not “ChromeHTML” or “FireFoxHTML”

Step 4
If the doing the above still does not help, then uninstall Google Chrome and/or Firefox completely. You can re-install them later.

To remove Chrome or Firefox using “Add/remove Programs” in XP or “Programs and Features” in Vista/7 under control panel is one way to go.

To manually and completely remove Chrome; make sure that you un-hide file extensions. Backup your registry as I am going to suggest editing the registry and incorrect modification to registry can cause system damage.

Download the “chrome_remove.reg” file from here, rename it to “remove.reg” and run it.

Then;
For Windows XP; go to C:\Documents and Settings\USERPROFILE\Local Settings\Application Data\Google
For Windows 7; go to C:\Users\USERPROFILE\AppData\Local\Google

Right-click the Chrome folder and Delete it.

To manually and completely remove Firefox; first using “Add/Remove Programs” in XP or “Programs and Features” in Vista/7 under control panel to uninstall the application.

Then;
Delete Firefox installation folder under C:\Program Files\Mozilla Firefox or C:\Programs Files (x86)\Mozilla Firefox

Then;
For Windows XP; delete C:\Documents and Settings\USERPROFILE\Local Settings\Application Data\Mozilla\Firefox
For Windows 7; delete C:\Users\USERPROFILE\AppData\Local\Mozilla\Firefox

Then;
Download the “firefox_remove.reg” file from here, rename it to “remove.reg”  and run it or simply locate the following entries in registry and delete them:

HKEY_CLASSES_ROOT\FirefoxHTML
HKEY_CURRENT_USER\Software\Mozilla
HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins

Step 5
Rebooting your computer would be a good thing to do after uninstalling the other browsers and registry change. Check if hyperlinks work now.

Step 6a – Windows XP
Finally if there is still an issue, you can download the html association fix registry file here and run it. This is specifically for Windows XP. This will reset all the registry associations for default browser to IE and original state.

This registry fix has been tested by me and I did not find any issues with it.

Step 6b – Windows 7
Finally if there is still an issue, you can download the html association fix registry file from here and run it. This is specifically for Windows 7. This will reset all the registry associations for default browser to IE and original state.

This registry fix has NOT been tested by me.

Step 7
Reboot your computer and test.

Conclusion

I have tested all the steps except for Step 5 (my issue was chrome related) and Step 6b. Please read through completely and most importantly follow Step 1 and backup.

What can be more important than having a secure Network? That’s right – “A Network Security Policy” or simply call it IT policy. Every organization; may it be an Enterprise or SMB; which has an IT infrastructure is bound to have a Network Security Policy which in simple terms describes acceptable computer, network and internet usage as well as steps to protect network resources and organizational assets.

Security policies have to be long, detailed and complex – says who? The point of having policies is to make the target audience aware not only about the rules and regulations that govern your organization but also make sure that end-users know the hierarchy of access permissions. In the end, it is a manual written primarily to address IT needs. I want my end-users to actually read and understand the policy/s. Though we have a fairly compressed version (4 single-sided pages) specifically related to IT/Network, it is a part of larger handbook that has set of regulations for operating policies, general security policies, standard operating procedures, safety policies and so on. I am not referring to documentations which have plans and procedures or further drill down to guidelines or processes. I have specifically mentioned the word policy as against plan or guidelines. This is because when we write network security policy, it is mostly high-level strategy for target audience who don’t need to know the technical details. For example, letting end-users know that their internet usage is controlled and monitored.

When it comes to Network Security policies, can you ever say that you have completed writing the policy? Every day there are new security risks, so as the threats evolve as does your policy over the period of time. I have been working on our policy since I have started work here at my current organization which has been 2 years now.

Coming to the components of a Network Security Policy – let’s see if I have successfully covered the basics. This is what I have as a high-level security policy – acceptable usage, access control, authentication (password), software compliance, monitoring, remote access, incident response, email and web, and last but the most important – end-user awareness. While most of this is what all of you might already have in your policies, I mentioned end-users as most important because these are those users who may or may not be IT literate but either ways, are the most serious threat to your organization’s network security – unintentionally or otherwise. Though the above mentioned components would probably best describe small and medium business, they all would be included in the policy for large businesses as well.

I am not writing this article to teach any one about what needs to be in their security policy, you already know that but I am simply trying to assess the need for one. Before thinking about the fact if your network is secure, please take a minute to evaluate if your network security policy is feasible and how far does it extend. Have you written this policy only for your internal users or have you considered contract-based employees or 3rd party vendors who provide specialized support. We have both and I needed to include them in our policy, to safeguard our data and control their access; but that becomes a part of the larger plan. Who makes decisions when it comes to writing or updating the policy? As an IT person, are you able to involve higher management in policy creation? Are you able to successfully enforce the policy – what is the reaction of the general masses? There has always been an unspoken rule about following the policy but how do we penalize those who rebel against such policies.

As a conclusion, I believe that such a policy must be regularly evaluated so as to achieve a realistic business environment and not just regulate user-driven outcome.

You can find a refined (proof-read by experts) version of this article here. This article was originally written for “Spotlight on IT” series on Spiceworks Community Forum.

1) Make sure that the iLO management processor is installed and running. I won’t go into that but here is a nice article about iLO setup – http://adyamarathon.wordpress.com/ilo-setup/
2) This is a schema-free integration using the iLO Web Interface.
3) For the web interface to be accessible, the iLO software version should be 1.80 and later.
4) To access the Web GUI for iLO, type the DNS name or IP address in the browser URL.

(Note: If the page fails to load, that may be because of SSL certificate not being accepted. In Internet Explorer, go to Tools and then Internet Options and then click Advanced tab. Check the Use SSL 2.0/3/0 and TLS 1.0. Click Apply and then OK. Restart the browser window and try again and you will get the browser page as shown in the above screenshot.)

5) Login using the username given on the iLO tag that is attached to the server. This is usually “Administrator” and the password which is also given on the same tag.
6) After successful login, you will be able to view the following screen.

7) Now, click the Administration tab and the Directory Settings, as shown below.

8) Next, you will see a page that requires choosing Authentication settings and entering Directory Server settings. Choose “Use Directory Default Schema”

(Note: I have entered the Directory Server Address as one of the Domain Controllers. The LDAP port is by default – 636. For Directory User Context, I have entered the user group giving permission for access.)

9) Next after applying the settings, click the “Administer Groups” button which takes you to the page for setting Group Administration. Select one that you want to view/modify.

10) For “Administrator Group Settings”, you would want to grant access as “Yes” to all the options. You can choose according for other types of users and also custom special user groups for iLO.

11) Go back to “Directory Settings” page. Click “Test Settings” button to run Directory Tests.

12) To confirm that iLO is actually functioning after the server is powered down, click the “Virtual Devices” tab. Then click the “Virtual Power” link.

13) In the page that shows setting for Virtual Power, select the method to power on the server. By default the method is “Momentary Press”. Click the “Virtual Power” button. Click the “Submit” button for Power Configuration Settings which is “Yes” by default. This will result in powering on the server (machine).

14) Click the “Remote Console” tab and then the “Remote Console” in the left pane, which results in popup window that lets you access the server (machine) remotely.

It is possible to reset the Administrator password (or even add another user with specific privileges) using Remote Insight Board Command Language (RIBCL). Apparently, to use RIBCL through your OS, you need to have login rights to the server (presumably enough rights to install HP system tools).  Following steps are to be performed:

1. Install SNMP (prerequisite for HP Insight Management Agents)

2. Download and Install HP Insight Management Agents

http://h18013.www1.hp.com/products/servers/management/im-agents/downloads.html

3. Download and Install HP Lights-Out Online Configuration Utility

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=1135772&prodTypeId=15351&prodSeriesId=1146658&swLang=8&taskId=135&swEnvOID=1005

Note 1: If these Agents and Configuration Utility are already installed, upgrade them

Note 2: If you encounter NTVDM error while installing HP Lights-Out Online Configuration Utility, just use a common compression tool like WinZip or WinRAR to extract the contents to C:\Program Files\HP or C:\HP\iLO.

4. Download HP Lights-Out XML Scripting Sample for Windows. Extract its contents to a folder.

Choose the following two XML files and copy them to the folder where you extracted the HP Lights-Out Online Configuration Utility.

- Administrator_reset_pw.xml or Change_Password.xml 
- Add_User.xml

Note 3: If you extracted HP Lights-Out Online Configuration Utility to C:\Program Files\HP or C:\HP\iLO, then there will be a folder named “HPONCFG” which will contain the required utility “hponcfg.exe”

Note 4: Make sure that you copy the above mentioned files within the folder called “HPONCFG”

5. Using notepad (any text editor), open up the Administrator_reset_pw.xml sample file and modified it slightly as per your requirement. The initial LOGIN USER_LOGIN is required for syntax reasons but it is not actually processed. I gave the Administrator a “bogus” password.

Similarly, you can use Change_Password.xml sample to reset Administrator (or even other passwords)

Below shown is the screenshot that shows the modified sample file I made for resetting “Administrator” password.

6. If changing Administrator’s password seems risky, you can also add another user with administrator privileges. You can then login as that user and change the Administrator password via the web console. Below shown is the screenshot that shows the modified sample file to add a user.

7. Finally open command prompt and change directory path to C:\Program Files\HP\hponcfg or C:\hp\ilo\hponcfg and type the following: