Thursday, December 23, 2010

Netscaler and Citrix Web Interface Setup

This guide assumes you have setup a basic Netscaler (e.g. DNS, NTP, IP) and Citrix Web Interface

Netscaler

Enable Access Gateway features
Access Gateway - Policies - Authentication - Servers (tab)
Add the domain controller

1

Access Gateway - Policies - Authentication - Policies (tab)
Add a new policy

2

Select the Server created earlier and add ns_true as expression

Access Gateway - Policies - Session - Profiles (tab)
Add a new profile

3

4

5

6

Change the Web Interface Address to your local web interface server path
Change the Single Sign-On Domain to your Active Directory domain

Access Gateway - Policies - Session - Policies (tab)
Add a new Policy

7

Add the ns_true expression
Change the Request Profile to the profile created earlier

Access Gateway - Virtual Servers
Add a new virtual server

8

Give an IP address
Select the SSL certificate (click here how to add SSL certificate to NetScaler)

9

10

11

Insert the policy created earlier

12

13

14

Add the URL to the STA

15

Citrix Web Interface

Create a new XenApp Web Sites
Authentication Point: At Access Gateway
Available Method: Explicit
Authentication Method:

16

Add the URL (https) that is publicly available for the user

Secure Access: Gateway Direct

17

Enter the publicly available URL to the address

18

19

Add the STA URL exactly the same with the STA servers you added to the Netscaler

Friday, November 12, 2010

Office 2010 Activation with KMS

To activate Office Suite and Standalone application 2010 using KMS, you can do the following:

Install Microsoft Office 2010 KMS Host License Pack to your KMS Host:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=97b7b710-6831-4ce5-9ff5-fdc21fe8d965&displaylang=en

It will ask you to enter your Office 2010 KMS Volume License Key

Once entered you are ready to go - note, you need as least 5 clients try to activate Office 2010 before those clients are able to activate via KMS

From the client, you can either wait for Office 2010 to activate itself via KMS or you can force it using:

cscript ospp.vbs /act

note: ospp.vbs is located in your office14 installation folder

If you have already activated your Office using the MAK key, you can change that activation to KMS by entering KMS Client key:

cscript ospp.vbs /inpkey:

The KMS Client key can be found from:

http://technet.microsoft.com/en-us/library/ee624355.aspx

Once you have entered the KMS Client Key, you can either wait or force the activation using ospp.vbs /act

Friday, October 29, 2010

App-V Register and Refresh Server

App-V client needs to be configured to use a specific App-V Server to be able to see all the published application of the user logged in. To do this, you can either specify the server during the App-V client installation or using command line.

To use command line, I used the following method:

Enable user to manage server
Create a GPP for a computer that modifies the following registry entry:

HKLM\SOFTWARE\Microsoft\SoftGrid\4.5\Client\Permissions\ManageServers
set the value to 1

Add the server
Create a GPP for a user that executes the following command:

"%ProgramFiles%\Microsoft Application Virtualization Client\sftmime.com" ADD SERVER: /HOST: /TYPE:rstp

Refresh Application
Create a GPP for a user that executes the following command:

"%ProgramFiles%\Microsoft Application Virtualization Client\sftmime.com" REFRESH SERVER:

Monday, September 20, 2010

Import SSL Certificate to Citrix Netscaler

I use the following method to import SSL Certificate to Citrix Netscaler:
  • Find any Windows 2003 with IIS installed. Generate a CSR from this machine
  • Submit this CSR to your CA to get the private key of it
  • Import this private key to your IIS again
  • Export the certificate both public and private keys as a pfx file
  • Import this .pfx file to the Netscaler, it will generate a new file
  • Open this new file, it should have 2 sections, public and private sections
  • Create 2 new files, one for the public and one for the private section
  • Upload these 2 new files to the Netscaler (you can delete the .pfx and the generated file from Netscaler if you want to)
  • From Netscaler, add a new SSL certificate
  • Give a name to the new Certificate
  • Select the public certificate for the Certificate File Name
  • Select the private certificate for the Private File Name
  • You can use the SSL certificate now with CAG

Sunday, September 19, 2010

Linux History Bash

To check the login history:
# last

To clear out the login history:
# > /var/log/wtmp

To check the last command run:
# history

To clear out the command history:
# history -c

Sunday, August 08, 2010

Netbackup 7 Disk Staging Cleanup

Using the Netbackup 7 Disk Staging feature is great! Clients are backed up to the staging area (e.g. Disks) and then the backup images from the staging disk are duplicated to the tapes.

Once the backup images are duplicated to the tapes, the images on disk are deleted from the clean-up process. The clean-up process chooses the oldest/expired images within the disk which have been duplicated and delete them.

For unknown reasons (based on my experience) the backup images were stuck on the staging disk. This causes a big problem because the running backup will have no enough space to store the backup image from the client, hence will fail.

To clean them do the following:
  • Make sure the backup images have been duplicated to the tapes (e.g. have second copy), t0 d0 this, from the Netbackup Administration Console, select Netbackup Management - Reports - Images on Media. Select the client and click Run Report. Check the backup that has Media Type: Disk and find the corresponding backup that has the Media Type: Removable Media with the Copy Number: 2. If you have this, this means you are safe to delete the backup images on Disk
  • From Netbackup Administration Console, select Catalog. Change the Action: Verify. Change Disk types: Basic Disk. Change the Date/Time range. Change Copies: Copy 2. Change Policy to the policy that backups the image and click Search Now.
  • Select the backup image on tapes that is the duplicate of the backup images on disk that you want to clean up. Right click on it and select Set Primary Copy. This will make the backup image on tape as the primary copy for restore
  • Change the Copies: Copy 1 and click Search Now
  • Select the backup image on disk that you want to clean up. Right click on it and select Expire
  • Open command prompt and run: bpimage -cleanup -allclients
That should delete the stuck backup images on disk that has just been expired.

Thursday, July 01, 2010

Microsoft KMS Host

Recently I have to setup KMS server to activate Windows 2008/R2 and Windows 7 on our network.

Here are some necessary steps/tricks:


  • If a Windows was activated with KMS key, it will automatically become a KMS host
  • Depending on the KMS host OS and the KMS group key entered, different KMS clients can be activated through this KMS host
  • KMS group key C is the highest you can enter which basically can activate all Windows 2008/R2, Vista, and Windows 7 with any edition
  • To enter KMS key, run cmd prompt in escalated mode and do:
slmgr.vbs /ipk

  • To activate KMS host, do:
slmgr.vbs /ato

  • Once KMS host has been activated, check DNS entry for _VLMCS SRV record that points to this KMS host
  • To check how many KMS client has been trying to activate themselves through KMS host, do:
slmgr.vbs /dli

  • Now all the KMS clients (Volume License Key) should by default try to activate through KMS host
  • If you accidentally entered a KMS key to a KMS client, you can de-activate the KMS client by entering the "client type" key. Client type key depends on the Windows version, check on the following link
http://technet.microsoft.com/en-us/library/cc303280.aspx
  • Once you have the client type key, enter it and activate it:
slmgr.vbs /ipk
slmgr.vbs /ato

Tuesday, June 29, 2010

Script to do file cleanup

The following VBScript can be used to clean files of certain age:


-----------------------------

'* Specify the folder Name & Location here

Foldername="D:\DB Backup"

'* Specify how many days worth of Backup files you wanted to keep on the drive
Days = 7

'* Specify the Output fiel Name & location
LogFileName= "D:\CleanUp.txt"

Counter = 0

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set LogFile=objFSO.OpenTextFile(LogFileName,2,true)

LogFile.WriteBlankLines 1
LogFile.Writeline " **************************************************"
LogFile.Writeline " * Delete Backup files Older than 7 Days *"
LogFile.Writeline " **************************************************"
LogFile.WriteBlankLines 1
LogFile.Writeline " Backup Folder Name .........: " & Foldername
LogFile.Writeline " Deleting files older then...: " & Days & " days"
LogFile.Writeline " Output File ................: " & LogFileName
LogFile.Writeline " Date Deleted ...............: " & Date
LogFile.WriteBlankLines 2

Counter = ViewSubFolders(Foldername, LogFile)

LogFile.WriteBlankLines 3
LogFile.Writeline "Total Old file(s) Deleted.....: " & Counter
LogFile.WriteBlankLines 3

LogFile.Close


Function checkFolder(Foldername, LogFile)
Set objFolder = objFSO.GetFolder(Foldername)
Counter = 0
For Each file in objFolder.Files
FileName=file.name
FileFullName=Foldername & "\" & filename
Set objFile = objFSO.GetFile(FileFullName)

LastModifiedDate=objFile.DateLastModified

LogFile.Writeline "Checking: " & FileName & "," & LastModifiedDate

IsOld=DateCheck(LastModifiedDate)

If IsOld="old" then
objFSO.DeleteFile(FileFullName)
Counter = Counter + 1
LogFile.Writeline "Deleting: " & FileName & "," & LastModifiedDate
end if

FileName=null
FileFullName= null
LastModifiedDate= null
IsOld= null
Set objFile = Nothing
Next

checkFolder = Counter
End Function

Function ViewSubFolders(strFolder, LogFile)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.GetFolder(strFolder)

Counter = 0

CounterX = checkFolder(strFolder, LogFile)
Counter = Counter + CounterX

For Each SubFolder in objFolder.SubFolders
CounterY = ViewSubFolders(SubFolder,LogFile)
Counter = Counter + CounterY
Next

Set objFolder = Nothing
Set objFSO = Nothing

ViewSubFolders = Counter
End Function

Function DateCheck(Lastmodified)
If DateDiff("d", lastmodified,date) > Days Then
DateCheck="old"
else
DateCheck="new"
end if
end Function



---------------------------

Thursday, April 29, 2010

Cisco IP Phone TFTP Server

If you need to create your own TFTP server for the Cisco IP Phones so that they can get any image we want them to have - instead of getting the image from the CUCM, we can create the TFTP server, dump the image from Cisco.com website (.zip) and create XMLDefault.cnf.xml file.

The content of the XMLDefault.cnf.xml file is:

<Default>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<mgcpPorts>
<listen>2427</listen>
<keepAlive>2428</keepAlive>
</mgcpPorts>
</ports>
<processNodeName></processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
<loadInformation30007 model="CP-7912">CP7912080000SIP060111A</loadInformation30007>
<loadInformation8 model="CP-7940">P003-08-8-00</loadInformation8>
<loadInformation115 model="CP-7941">TERM41.7-0-2-0S</loadInformation115>
<loadInformation434 model="Cisco 7942"></loadInformation434>
<loadInformation309 model="Cisco 7941G-GE">TERM41.7-0-2-0S</loadInformation309>
<loadInformation435 model="Cisco 7945"></loadInformation435>
<loadInformation7 model="CP-7960">P003-08-8-00</loadInformation7>
<loadInformation30018 model="CP-7961">SIP41.8-5-2S</loadInformation30018>
<loadInformation308 model="Cisco 7961G-GE">SIP41.8-5-2S</loadInformation308>
<loadInformation404 model="Cisco 7962"></loadInformation404>
<loadInformation436 model="Cisco 7965"></loadInformation436>
<loadInformation6 model="CP-7970">SIP70.8-4-2S</loadInformation6>
<loadInformation30006 model="CP-7970">SIP70.8-4-2S</loadInformation30006>
<loadInformation119 model="Cisco 7971">TERM70.7-0-2-0S</loadInformation119>
<loadInformation118 model="Cisco 7971G-GE">TERM70.7-0-2-0S</loadInformation118>
<loadInformation437 model="Cisco 7975"></loadInformation437>
<loadInformation302 model="Cisco 7985">cmterm_7985.4-1-4-0</loadInformation302>
<authenticationURL></authenticationURL>
<directoryURL></directoryURL>
<idleURL></idleURL>
<informationURL></informationURL>
<messagesURL></messagesURL>
<servicesURL></servicesURL>
</Default>


Edit the loadInformation tag with the image version you want that particular phone to load with.

Friday, April 23, 2010

Symantec Enterprise Vault

The following is a modified PowerShell script from Symantec to recall all the files from Vault if the file placeholder exist in the file server

## script attempt - comprehensive FSA script to analyze target locations and evaluate file within it
##
## First we check the registry to see if the bypassrecallimitsforadmins key (8.0) or bypassrecalllimitsforadmins (7.5 something where it was spelt right)
## We also check recalllimitmaxrecalls and recalllimittimeinterval to see if they are set to 99 and 1 respectively to give the best chance to recall all files if needed
## Note: while they may not choose to copy we will still get these values for later processing in case they do
##
## We will prompt for 2 locations: 1) the location of the fatr.exe executable & batch.cmd, and 2) the desired target path
## We will prompt for a decision if the user wants the placeholders that are verified as proper placeholders would also like them recalled (by copy to nul process)
## If they choose the copy option, we will report on the registry settings and recommend changes (and do them if they choose).
## Using these paths we will do the following
## 1) get a directory output of the target path and save that to a file named dirout.txt
## 2) using the dirout.txt file we will process each file in that list in the following manner
## 3) we will run fsutil (windows application) to confirm if the file has reparsepoint (placeholder) information, and if so, if the GUID matches the EV one (because of some issues found on 64 bit, this string has had the spaces removed to ensure matches on 64 and non-64 bit systems)
## *4) we will test the file as well with the fatr.exe application (in report mode) which will detail to us if the offline file bit is set or not
## 5) if the above tests result in finding a file which has the offline bit set, and NO reparse information, we will set the offline bit OFF (this will resolve the 'element not found errors' on archive attempts)
## 6) if the above tests result in finding a file which has the offline bit set, and EV reparse information, we will leave the file alone if copy choice is 'n' or copy the item to nul if 'y'
## 7) if the above tests result in finding a file which has the offline bit set, and reparse information (but not EV info), we will leave the file alone
## 8) if the above tests result in finding a file which has the offline bit unset, and NO reparse information, we will leave the file alone
## 9) if the above tests result in finding a file which has the offline bit unset, and EV reparse information, we will set the offline bit (this situation should not be found)
## 10) if the above tests result in finding a file which has the offline bit unset, and reparse information (but not EV info), we will leave the file alone
## 11) if the above tests result in finding not covered by the above we will report the results found and do nothing

##param

## ver.bat ($exepath = "$(read-host "Please enter the path to the fatr.exe & batch.cmd files. Use the format, :\, e.g. c:\testfolder ")",$tarpath = "$(read-host "Please enter the path to the desired target folder to analyze. Use the format, :\, e.g. c:\testfolder ")",$copyquestion = "$(read-host "If proper placeholders are found, would you like them recalled? Use the format y or n")")
$tarpath = $(read-host "Please enter the path to the desired target folder to analyze. Use the format, :\, e.g. c:\testfolder ")
$copyquestion = $(read-host "If proper placeholders are found, would you like them recalled? Use the format y or n")

## ------------------------------------------------
## Edited by Me (u know)
## ------------------------------------------------

$txtfile = $(read-host "Please enter the path to the file to search target. Use the format, :\\filename, e.g. c:\testfolder\file.txt")

## ------------------------------------------------

## $outpath = "$(read-host "Please enter the path for the output file. Use the format, :\, e.g. c:\testfolder ")" ## we should not need this line as output will be specified at run time.

$restart = 0
$script = $myinvocation.mycommand.definition
$exepath = split-path "$script"

##debug ##write-host $exepath
##debug ##write-host $tarpath
##debug ## write-host $tarpath

Write-Output "++++++++++++++++++++++++++++++++++" > $exepath\test1.txt
Write-Output "" >> $exepath\test1.txt
get-date out-file -filepath $exepath\test1.txt -append
Write-Output "Processing Started" >> $exepath\test1.txt
Write-Output "" >> $exepath\test1.txt


If ($copyquestion -eq 'y'){
Write-Output "Copy operation selected checking registry" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
$bol = test-path -path "HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService"
$bol2 = test-path -path "HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService"

If ($bol){
## 64 bit PHS
$testreg = get-itemproperty "HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService"

If ($testreg.BypassRecalLimitsForAdmins -eq 1){
write-host "BypassRecalLimitsForAdmins is set (64 bit)"
write-output "BypassRecalLimitsForAdmins is set (64 bit)" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
$bypassnotset =$(read-host "The registry setting, BypassRecalLimitsForAdmins is not set, would you like to set it? Use the format y or n ")

If ($bypassnoteset = 'y'){
write-host "Setting BypassRecalLimitsForAdmins to 1"
write-output "Setting BypassRecalLimitsForAdmins to 1"
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService" -name "BypassRecalLimitsForAdmins" -value 1
$restart = 1
}
Else{
write-host "Not setting BypassRecalLimitsForAdmins can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}

If ($testreg.RecallLimitMaxRecalls -eq 99){
write-host "RecallLimitMaxrecalls is set to the highest accepted value (99) "
write-output "RecallLimitMaxrecalls is set to the highest accepted value (99) " >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
write-host "RecallLimitMaxrecalls is NOT set to the highest accepted value (99) "
$recalllimitnotset =$(read-host "The registry setting, RecallLimitMaxrecalls is not set to the highest acceptable value, would you like to set it? Use the format y or n ")

If ($recalllimitnotset = 'y'){
write-host "Setting RecallLimitMaxrecalls to 99"
write-output "Setting RecallLimitMaxrecalls to 99" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService" -name "RecallLimitMaxrecalls" -value 99
$restart = 1
}
Else{
write-host "Not setting RecallLimitMaxrecalls can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}

If ($testreg.RecallLimitTimeInterval -eq 1){
write-host "RecallLimitTimeInterval is set to the lowest accepted value (1) "
write-output "RecallLimitTimeInterval is set to the lowest accepted value (1) " >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
$recalllimitTnotset =$(read-host "The registry setting, RecallLimitTimeInterval is not set to the lowest acceptable value, would you like to set it? Use the format y or n ")

If ($recalllimitTnotset = 'y'){
write-host "Setting RecallLimitTimeInterval to 1"
write-output "Setting RecallLimitTimeInterval to 1" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService" -name "RecallLimitTimeInterval" -value 1
$restart = 1
}
Else{
write-host "Not setting RecallLimitTimeInterval can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}
}
ElseIf ($bol2){
## 32 bit PHS
$testreg = get-itemproperty "HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService"
$eval1 = $testreg.BypassRecalLimitsForAdmins

## debug ##
write-host $eval1
If ($eval1 -eq 1){
write-host "BypassRecalLimitsForAdmins is set"
write-output "BypassRecalLimitsForAdmins is set" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
$bypassnotset =$(read-host "The registry setting, BypassRecalLimitsForAdmins is not set, would you like to set it? Use the format y or n ")

If ($bypassnoteset = 'y'){
write-host "Setting BypassRecalLimitsForAdmins to 1"
write-output "Setting BypassRecalLimitsForAdmins to 1" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService" -name "BypassRecalLimitsForAdmins" -value 1
$restart = 1
}
Else{
write-host "Not setting BypassRecalLimitsForAdmins can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}

If ($testreg.RecallLimitMaxRecalls -eq 99){
write-host "RecallLimitMaxrecalls is set to the highest accepted value (99) "
write-output "RecallLimitMaxrecalls is set to the highest accepted value (99) " >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
#write-host "RecallLimitMaxrecalls is NOT set to the highest accepted value (99) "
write-output "RecallLimitMaxrecalls is NOT set to the highest accepted value (99) " >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
$recalllimitnotset =$(read-host "The registry setting, RecallLimitMaxrecalls is not set to the highest acceptable value, would you like to set it? Use the format y or n ")

If ($recalllimitnotset -eq 'y'){
write-host "Setting RecallLimitMaxrecalls to 99"
write-output "Setting RecallLimitMaxrecalls to 99" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService" -name "RecallLimitMaxrecalls" -value 99
$restart = 1
}
Else{
write-host "Not setting RecallLimitMaxrecalls can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}

If ($testreg.RecallLimitTimeInterval -eq 1){
write-host "RecallLimitTimeInterval is set to the lowest accepted value (1) "
write-output "RecallLimitTimeInterval is set to the lowest accepted value (1) " >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}
Else{
$recalllimitTnotset =$(read-host "The registry setting, RecallLimitTimeInterval is not set to the lowest acceptable value, would you like to set it? Use the format y or n ")

If ($recalllimitTnotset -eq 'y'){
write-host "Setting RecallLimitTimeInterval to 1"
write-output "Setting RecallLimitTimeInterval to 1" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
set-itemproperty -path "HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService" -name "RecallLimitTimeInterval" -value 1
$restart = 1
}
Else{
write-host "Not setting RecallLimitTimeInterval can cause recall processing to fail if recall limits are encountered. Will exit. "
Break
}
}
}
Else{
write-output "Registry Read failed for path HKLM:\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\FSA\PlaceholderService and HKLM:\SOFTWARE\KVS\Enterprise Vault\FSA\PlaceholderService Copy operations may be limited by recall limits "
}
}
Else{
write-host "Copy not selected "
write-output "Copy not selected " >> $exepath\test1.txt
}

if ($restart -gt 0){
restart-service "Enterprise Vault File Placeholder Service"
write-host "Restarting EV File Placeholder Service"
write-output "Restarting EV File Placeholder Service" >> $exepath\test1.txt
write-output "" >> $exepath\test1.txt
}

## ver.bat & $exepath"\batch.cmd" $tarpath > $exepath"\dirout.txt"

## & $exepath"\batch.cmd" $tarpath > $exepath"\dirout.txt"
## above worked at the command line in PS

## ver.bat $readlines = get-content $exepath\dirout.txt
##$readlines = get-childitem $tarpath -force -recurse where-object {$_.mode -notlike "d*"}

## ------------------------------------------------
## Edited by Me (u know)
## ------------------------------------------------

Get-Content $txtfile Foreach-Object {
$searchstring = $_
$searchbase = "$tarpath\$searchstring*"

write-host $searchbase
write-output "Searching folder beginning with $searchstring ..." >> "$exepath\$searchstring.txt"

## $readlines = get-childitem $searchbase -force -recurse where-object {$_.mode -notlike "d*" -and $_.length -lt 10000}

$readlines = get-childitem $searchbase -force -recurse -exclude *.ldb where-object {$_.mode -notlike "d*"}
#$readlines = get-childitem -LiteralPath "F:\Groups\Development\Developments - Commercial\Administration Stationary\VIC\GeneralAdmin\Expenses_04_05\051209memo[Expenses-Richard].doc"


## ------------------------------------------------

##
##
## $count = 0
foreach($readline in $readlines){
$fullname = $readline.fullname
$fsutilout = fsutil reparsepoint query "$fullname"
## pass fsutilout to new variable to ensure string
$fsutiloutst = "$fsutilout"
## debug ## write-host "running fsutil on file " $fullname " returned " $fsutiloutst

$filetest = Get-ChildItem -LiteralPath "$fullname" -Force

#trap{
# $filetest = Get-ChildItem -LiteralPath "$fullname" -Force
# "ERROR Filetest: file $filetest :: "+ $_ out-file "$exepath\$searchstring error.txt" -append
# write-host $_
# continue
#}

#$filetest = $fullname

$offline = $filetest.Attributes -band [System.IO.FileAttributes]::Offline

trap{
"ERROR->file $filetest :: "+ $_ out-file "$exepath\$searchstring error.txt" -append
write-host $_
continue
}

###$fatrout = & $exepath"\fatr.exe" -r "$fullname"
## next pass $fatrout to another variable to properly get it in a string
###$fatroutst = "$fatrout"
## debug ## write-host "running fatr in report mode on file " $fullname " returned " $fatroutst

## Logic for evaluation of the strings

## new test for offline - Determining if an attribute is set
## $File = Get-ChildItem .\test.txt -Force
## $File.Attributes
## if ( $File.Attributes -band [System.IO.FileAttributes]::Hidden )
## { Write-Host "Hidden Attribute Set" }

## Setting an attribute

## $File = Get-ChildItem .\test.txt -Force
## $File.Attributes
## $File.Attributes = ( $File.Attributes -bor [System.IO.FileAttributes]::System )
## $File.Attributes

## Removing an attribute
## $File = Get-ChildItem .\test.txt -Force
## $File.Attributes
## $File.Attributes = ( $File.Attributes -bxor [System.IO.FileAttributes]::System )
## $File.Attributes


If ($fsutiloutst -match'(?m:^Error)' -and $offline -eq 0){
$out1 = "The file "+$fullname+" has no EV reparse information and does not have the offline bit set, no action needed"
out-file -filepath "$exepath\$searchstring.txt" -inputobject $out1 -append

}
elseif ($fsutiloutst -replace ' ', '' -match '(^ReparseTagValue:0x00000010GUID:{9DD58ACD-4BE7-4F36-9CE3-B7738EE3C702})' -and $offline -eq 0){
$out2 = "The file "+$fullname+" has EV reparse information and does not have the offline bit set, will set offline bit"
out-file -filepath "$exepath\$searchstring.txt" -inputobject $out2 -append
$filetest.Attributes = $filetest.Attributes -bor [System.IO.FileAttributes]::Offline
# & $exepath"\fatr.exe" $fullname >> $exepath\test1.txt
}
elseif ($fsutiloutst -match'(?m:^Error)' -and $offline -eq 4096){
$out3 = "The file "+$fullname+" has no EV reparse information and does have the offline bit set, will clear offline bit"
out-file -filepath "$exepath\$searchstring.txt" -inputobject $out3 -append
$filetest.Attributes = $filetest.Attributes -bxor [System.IO.FileAttributes]::Offline
# & $exepath"\fatr.exe" $fullname >> $exepath\test1.txt
}
else{
## only case left should be has reparse, and has offline bit set
# $fullname
If ($copyquestion -match 'y'){
$out4 = "The file "+$fullname+" has EV reparse information, and is offline, will attempt to copy to nul device as copy selection set to 'y'"
out-file -filepath "$exepath\$searchstring.txt" -inputobject $out4 -append

#trap{
# "The File: "+ $fullname out-file "$exepath\$searchstring error.txt" -append
# "ERROR: "+ $_ out-file "$exepath\$searchstring error.txt" -append
# write-host $_
# continue
#}

## copy-item $fullname \\.\nul\ -verbose -force out-file -file path $exepath\test1.txt -append
copy-item -LiteralPath $fullname \\.\nul\
$copyresult = $?

write-output "Copy of $fullname to nul returned $copyresult " >> "$exepath\$searchstring.txt"
}
Else{
$out5 = "The file "+$fullname+" has EV reparse information, and is offline, will not attempt to copy to nul device as copy selection not set to 'y'"
out-file -filepath "$exepath\$searchstring.txt" -inputobject $out5 -append

## copy functionality ## write-host "file " $fullname " has reparse information and is offline, will attempt to copy to nul device"
##
## copy $fullname \\.\nul\
}
}
}


## ------------------------------------------------
## Edited by Me (u know)
## ------------------------------------------------
}
## ------------------------------------------------

Write-Output "" >> $exepath\test1.txt
Write-Output "Processing Completed" >> $exepath\test1.txt
get-date out-file -filepath $exepath\test1.txt -append

Sunday, March 28, 2010

This blog has moved


This blog is now located at http://blog.laurence.id.au/.
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to
http://blog.laurence.id.au/rss.xml.

Monday, March 22, 2010

Running PEAP with Cisco Aeronet 1231G and Cisco Wireless IP Phone 7925G

To run WiFi with WPA and PEAP using Cisco Aeronet and Windows IAS/NPS, you need the following:
  • Cisco Aeronet Access Point
  • Windows Server (2003/2008) running IAS/NPS as the Radius server
  • Server authentication certificate (commercial or self-signed)

Setting the Access Point

Login to the access point using HTTP/HTTPS, navigate to Security - Server Manager

1

Create a new radius server, point it to the Windows IAS/NPS (installed later). Speficy the shared secret and port for authentication and accounting

2

Set the default server priorities to or the new Radius server's IP address you just added

3

Navigate to Security - SSID Manager

4

Create a new SSID, attach it to the VLAN and tick the Radio checkbox

5

For Client Authentication Settings, tick Open Authentication with EAP and Network EAP. Change the Server Priorities to Customize or use defaults

6

For Client Authentication Key Management, select Mandatory for Key Management and tick WPA

7

SSID Settings. (optional) select Multiple SSID if you are running this SSID as multiple SSID

8

Navigate to Security - Encryption Manager

9

Select Encryption Modes to Chipher with AES CCMP + TKIP

10

Select Encryption Keys to Key 2 and let the value blank

11

Setting IAS/NPS

Once the NPS installed, run the wizard to setup the Wireless network.
We need to add a radius client which is the IP address of the Cisco Access Point

12

Navigate to Advancced tab, select the vendor name to Cisco

13

Navigate to Policies and select Connection Request Policies. Select the Secure Wireless Policy

14

Most of the following settings are the default value

15

16

17

18

19

20

21

22

Navigate to Use Windows authentication for all users. The following settings are having the default value

23

24

Navigate to Secure Wireless Connections. The following settings are having the default value

25

We specify which AD Security Group has access to this policy

26

27

Up to this stage, you need to import a server authentication certificate. This can be a commercial certificate or self-signed certificate. If you use self-signed certificate, you need to make sure the clients machine that is going to connect to this WiFi must trust the Root CA who generate this certificate

Select Microsoft Protected EAP (PEAP) and select Edit

28

If you have the certificate installed correctly, you should see the option which certificate you want to use

29

On the Settings tab

30

31

32

33

34

35

36