Thursday, February 24, 2011

How to set up Remote Desktop Services on Windows 2008 R2

Ok...Microsoft threw Terminal Server under the bus and named it Remote Desktop Services and completely changed how your register the licenses! Here is the How-To so that it doesn't get on other people's nerves as much as it did me when trying to activate the licensing with Microsoft's Technical Support. Which was absolutely no help at all. Yes, after 4 transfers, I just went ahead and figured it out myself:

1. Open Server Manager. Install the Remote Desktop Services Role
2. Listen...Just follow the pictures below! It is 22 Steps!
3. Next are all of the steps...I am going to save you some Money $$$ on a support call! =)

























Configure rsyslog on Red Hat Enterprise Linux 6 (RHEL6) for Cisco Switches

One of the problems that you can face during configuration of cisco switches for Red Hat Enterprise Linux 6 is the correct formatting. I had to go through this and make sure it is working for Sonicwall and Cisco Switches so here you go! Also, if I were you, I would add a disclaimer to let someone else know about or not to change the configurations.

1. create your file under /var/log/
2. [username@servername log] touch cisco-example
3. Next you have to Edit rsyslog
4. [username@servername log] vi /etc/rsyslog.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example1
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example2
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"    /var/log/cisco-example3
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"   /var/log/cisco-example4
& ~
# Sonicwall Firewall Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"      /var/log/sonicwall
& ~

5. Make sure your UDP Port is open in /etc/sysconfig/iptables
6. Add the following lines to your /etc/sysconfig/iptables
7. [username@servername log] vi /etc/sysconfig/iptables
# Port for Syslog Communciations on UDP Port 514
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

8. service iptables restart
9. service rsyslog restart
10. tail -f /var/log/cisco-example or whatever you are logging to make sure it is writing to your logs.
11. Install Splunk on a VM or another server and start generating some super reports from the logs for your management so that they will love you!

NOTE: If you can't tell what "&" is, it is the ampersan symbol above #7 on the keyboard. =)

Red Hat Reference Article: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html

Wednesday, February 23, 2011

Configure Debian Rsyslog for Cisco Switches and Routers


Quite often Network Administrators are obligated to keep logs from their cisco devices, either for troubleshooting or due to be compliant with IT Security Policy. In this article I will describe fast and easy way to setup saving logs from your Cisco devices to rsyslog server on Debian Linux.

The first step is to edit rsyslog configuration file. Open /etc/rsyslogd.conf and add following line
# # Logging for Cisco router 192.168.1.1 # local7.* /var/log/cisco
local7 is the default name under which cisco devices logs their messages. /var/log/cisco specifies the file to which messages will be written. You also have to uncomment / add below lines which will enable rsyslogd to listen on UDP port 514.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
The last change you have to make to rsyslog.conf is to allow your cisco device to write to it, that is done using below entry in rsyslog.conf
$AllowedSender UDP, 127.0.0.1, 192.168.1.1
Then we create the log file by utilizing the touch command
linq:/etc# cd /var/log linq:/var/log# touch cisco
After we made all changes we just have to restart rsyslogd service to implement them.
linq:/var/log# /etc/init.d/rsyslog restart Stopping enhanced syslogd: rsyslogd. Starting enhanced syslogd: rsyslogd.
To start writing messages from our router to syslog server we need to configure logging. First we configure our syslog server ip by using logging host command. We can filter the number of messages being logged by using logging trap command. All available options are summarized in the table below.
Login to the router: z-acte#conf t Enter configuration commands, one per line. End with CNTL/Z. z-acte(config)#logging host 192.168.1.19 sequence-num-session z-acte(config)#logging trap 7
logging trap 7 will set logging to debug level
Sometimes we may additionally need to log all nat translations, which can be enabled by using the ip nat log translations command.
z-acte(config)#ip nat log translations syslog
Table with logging levels
LevelKeywordDescription
0emergenciesSystem is unusable.
1alertsImmediate action is needed.
2criticalCritical conditions exist.
3errorsError conditions exist.
4warningsWarning conditions exist.
5notificationNormal, but significant, conditions exist.
6informationalInformational messages.
7debuggingDebugging messages.
To check that everything works correctly issue below commands
z-acte#debug ip packet
In your log on Linux you should see entry similar to the below one:
Feb 24 03:40:45 192.168.1.1 187368786: [syslog@9 s_sn="186126345"]: 188251944: *Feb 24 03:34:30.023 PCTime: IP: tableid=0, s=192.168.1.1 (local), d=192.168.1.19 (Vlan1), routed via FIB
To disable packet debugging use below commad
z-acte#no debug ip packet
To check that NAT translations are being logged correctly issue ping command from any host on your network to a remote host, which should generate entry similar to below
Feb 24 03:43:16 192.168.1.1 187368860: [syslog@9 s_sn="186126419"]: 188252014: *Feb 24 03:36:59.631 PCTime: %IPNAT-6-CREATED: icmp 192.168.1.2:4 62.89.67.179:4 212.77.100.101:4 212.77.100.101:4
The last step is to save our router configuration.
z-acte#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]

Thursday, February 10, 2011

CLI (CMD) - Command prompts for Windows

Command prompts for Windows



Some are for XP Only, Some are for Vista, Windows 7, Windows Servers, etc. Give them a try! A more structured list with examples are coming soon.

Control Panel
  • CONTROL: opens the control panel window
  • CONTROL ADMINTOOLS: opens the administrative tools
  • CONTROL KEYBOARD: opens keyboard properties
  • CONTROL COLOUR: opens display properties.Appearance tab
  • CONTROL FOLDERS: opens folder options
  • CONTROL FONTS: opens font policy management
  • CONTROL INTERNATIONAL or INTL.CPL: opens Regional and Language option
  • CONTROL MOUSE or MAIN.CPL: opens mouse properties
  • CONTROL USERPASSWORDS: opens User Accounts editor
  • CONTROL USERPASSWORDS2 or NETPLWIZ: User account access restrictions
  • CONTROL PRINTERS: opens faxes and printers available
  • APPWIZ.CPL: opens Add or Remove programs utility tool
  • OPTIONALFEATURES: opens Add or Remove Windows component utility
  • DESK.CPL: opens display properties. Themes tab
  • HDWWIZ.CPL: opens add hardware wizard
  • IRPROPS.CPL: infrared utility tool
  • JOY.CP: opens game controllers settings
  • MMSYS.CPL: opens Sound and Audio device Properties. Volume tab
  • SYSDM.CPL: opens System properties
  • TELEPHON.CPL: Opens phone and Modem options
  • TIMEDATE.CPL: Date and Time properties
  • WSCUI.CPL: opens Windows Security Center
  • ACCESS.CPL: opens Accessibility Options
  • WUAUCPL.CPL: opens Automatic Updates
  • POWERCFG.CPL: opens Power Options Properties
  • AZMAN.MSC: opens authorisation management utility tool
  • CERTMGR.MSC: opens certificate management tool
  • COMPMGMT.MSC: opens the Computer management tool
  • COMEXP.MSC or DCOMCNFG: opens the Computer Services management tool
  • DEVMGMT.MSC: opens Device Manager
  • EVENTVWR or EVENTVWR.MSC: opens Event Viewer
  • FSMGMT.MSC: opens Shared Folders
  • NAPCLCFG.MSC: NAP Client configuration utility tool
  • SERVICES.MSC: opens Service manager
  • TASKSCHD.MSC or CONTROL SCHEDTASKS: opens Schedule Tasks manager
  • GPEDIT.MSC: opens Group Policy utility tool
  • LUSRMGR.MSC: opens Local Users and Groups
  • SECPOL.MSC: opens local security settings
  • CIADV.MSC: opens indexing service
  • NTMSMGR.MSC: removable storage manager
  • NTMSOPRQ.MSC: removable storage operator requests
  • WMIMGMT.MSC: opens (WMI) Window Management Instrumentation
  • PERFMON or PERFMON.MSC: opens the Performance monitor
  • MMC: opens empty Console
  • MDSCHED: opens memory diagnostics tools
  • DXDIAG: opens DirectX diagnostics tools
  • ODBCAD32: opens ODBC Data source Administrator
  • REGEDIT or REGEDT32: opens Registry Editor
  • DRWTSN32: opens Dr. Watson
  • VERIFIER: opens Driver Verifier Manager
  • CLICONFG: opens SQL Server Client Network Utility
  • UTILMAN: opens Utility Manager
  • COLORCPL: opens color management
  • CREDWIZ: back up and recovery tool for user passwords
  • MOBSYNC: opens Synchronization center
  • MSCONFIG: opens System Configuration Utility
  • MSTSC: Remote Desktop Automatic Login - (e.g mstsc /v:hostname) (e.g. mstsc /v:192.168.50.5)
  • SYSEDIT: opens System Configuration Editor (careful while using this command)
  • SYSKEY: Windows Account Database Security management (careful while using this command)

Windows utility and applications

  • EPLORER: Opens windows Explorer
  • IEXPLORER: Opens Internet explorer
  • WAB: opens Contacts
  • CHARMAP: opens Character Map
  • WRITE: opens WordPad
  • NOTEPAD: opens Notepad
  • CALC: opens Calculator
  • CLIPBRD: opens Clipbook Viewer
  • WINCHAT: opens Microsoft Chat Interface
  • SOUNDRECORDER: opens sound recording tool
  • DVDPLAY: run CD or DVD
  • WMPLAYER: opens Windows Media Player
  • MOVIEMK: Opens untitled Windows Movie Maker
  • OSK: opens on-screen Keyboard
  • MAGNIFY: opens Magnifier
  • WINCAL: opens Calendar
  • DIALER: opens phone Dialer
  • EUDCEDIT: opens Private Character Editor
  • NDVOL: opens the mixer volume
  • RSTRUI : opens Tool System Restore (For Vista only)
  • %WINDIR%\SYSTEM32\RESTORE\rstrui.exe: opens Tool System Restore (for XP only).
  • MSINFO32: Opens the System Information
  • MRT : launches the utility removal of malware.
  • Taskmgr : Opens the Windows Task Manager
  • CMD: opens a command prompt
  • MIGWIZ: Opens the tool for transferring files and settings from Windows (Vista only)
  • Migwiz.exe: Opens the tool for transferring files and settings from Windows (for XP only)
  • SIDEBAR: Open the Windows (Vista only)
  • Sigverif : Opens the tool for verification of signatures of files
  • Winver : Opens the window for your Windows version
  • FSQUIRT: Bluetooth Transfer Wizard
  • IExpress opens the wizard for creating self-extracting archives. Tutorial HERE
  • MBLCTR: opens the mobility center (Windows Vista only)
  • MSRA : Opens the Windows Remote Assistance
  • Mstsc : opens the tool connection Remote Desktop
  • MSDT: opens the diagnostic tools and support Microsoft
  • WERCON: opens the reporting tool and solutions to problems (for Vista only)
  • WINDOWSANYTIMEUPGRADE: Enables the upgrade of Windows Vista
  • WINWORD : opens Word (if installed)
  • PRINTBRMUI : Opens migration wizard printer (Vista only)

Disk management

  • DISKMGMT.MSC: opens disk management utility
  • CLEANMGR: opens disk drive clean up utility
  • DFRG.MSC: opens disk defragmenter
  • CHKDSK: complete analysis of disk partition
  • DISKPART: disk partitioning tool

Connection management

  • IPCONFIG: list the configuration of IP addresses on your PC (for more information type IPCONFIG/? in the CMD menu)
  • INETCPL.CPL: opens internet properties
  • FIREWALL.CPL: opens windows firewall
  • NETSETUP.CPL: opens network setup wizard

Miscellaneous commands

  • JAVAWS: View the cover of JAVA software (if installed)
  • AC3FILTER.CPL: Opens the properties AC3 Filter (if installed)
  • FIREFOX: Mozilla launches Firefox (if installed)
  • NETPROJ: allow or not connecting to a network projector (For Vista only)
  • LOGOFF: closes the current session
  • SHUTDOWN: shut down Windows
  • SHUTDOWN-A: to interrupt Windows shutdown
  • %WINDIR% or %SYSTEMROOT%: opens the Windows installation
  • %PROGRAMFILES%: Opens the folder where you installed other programs (Program Files)
  • %USERPROFILE%: opens the profile of the user currently logged
  • %HOMEDRIVE%: opens the browser on the partition or the operating system is installed
  • %HOMEPATH%: opens the currently logged user C: \ Documents and Settings \ [username]
  • %TEMP%: opens the temporary folder
  • VSP1CLN: deletes the cache for installation of the service pack 1 for Vista
  • System File Checker (Requires Windows CD if the cache is not available):
    • SFC / scannow: immediately scans all system files and repairs damaged files
    • SFC / VERIFYONLY: scans only those files system
    • SFC / Scanfil = "name and file path": scans the specified file, and repaired if damaged
    • SFC / VERIFYFILE = "name and file path": Scans only the file specified
    • SFC / scanonce: scans the system files on the next restart
    • SFC / REVERT: return the initial configuration (For more information, type SFC /? In the command prompt CMD.
(Excerpted from http://en.kioskea.net/faq/403-command-prompts-for-windows)