Create a New Virtual with Hyper-V

The simplest way to create a virtual using Hyper-V and Windows 2008r2 SP1 and its Dynamic Memory feature.

image

image

image

image

image

image

image

image

image

 

Now let’s modify the dynamic memory features to allow the virtual to take advantage of the new Dynamic Memory allowed by 2008r2 SP1.

image

image

 

Something else important when it comes to BigFix, is the number of cores utilized when working with virtuals.  In my test lab, I don’t expect to have any more than 100 endpoints, with the typical average hovering around 60-75.  With this in mind a simple setting of 4 cores is probably overkill however I don’t like to limit my virtuals and end up waiting.

image

 

That’s it, glad you dropped by… leave your comments and questions in the comments section below!

Installing Microsoft SQL Server 2008r2

I often find myself having to reinstall software.  I liked the way I installed it last time, but over time something occurred that required a reinstallation.  I don’t have instant recall on a lot of things… thus like much of my blog, I generate articles which assist me in the future.   This article relates to the installation of Microsoft SQL Server 2008r2. 

This outlines how I install this application within my personal test environment.  If you have alternative ways I would love to hear about them in the comments section of this post. 

Not all screen shots have comments, but a few do that require additional explanations.

12-2-2011 1-39-02 PM

12-2-2011 1-39-42 PM

12-2-2011 1-40-06 PM

12-2-2011 1-44-22 PM

12-2-2011 1-45-24 PM

12-2-2011 1-45-41 PM

12-2-2011 1-46-44 PM

12-2-2011 1-47-02 PM

12-2-2011 1-47-16 PM

12-2-2011 1-47-28 PM

12-2-2011 1-47-50 PM

12-2-2011 1-48-04 PM

I try to leave the firewalls on within my environment in order to promote good security practices.  MS SQL warns me whenever the firewall is on and directs me to a website with details on SQL’s firewall requirements when accessing the server from other systems.  (http://go.microsoft.com/fwlink/?LinkId=94001)

12-2-2011 1-48-39 PM

When I visit the link, I find I will need to configure the windows firewall to poke a hole for SQL.  Read my SQL Firewall article for details on doing this.

 

12-2-2011 1-50-32 PM

12-2-2011 1-54-16 PM

12-2-2011 1-54-52 PM

12-2-2011 1-55-08 PM

12-2-2011 1-55-59 PM

12-2-2011 1-57-03 PM

All of my special services are configured with extremely limited domain accounts.  Thus I needed to specify which account the SQL instances will run as.  They are specified here.

 

12-2-2011 1-58-02 PM

I wanted to allow both Domain and Local logins for my SQL server.  Thus I set it up with Mixed mode, configured an “SA” account password and added my domain account to the list of administrators of the DB server.

 

12-2-2011 1-59-55 PM

In the future I want to create a virtual SQL cluster.  In order to pre-plan for that I needed to put the database onto a separate vhd drive.  Thus I setup a separate vhd, mounted it via vSCSI and mounted it as the E:\ Drive.  Now This step shows pointing the database’s “data” drive at this new E:\ drive location.

 

12-2-2011 2-00-33 PM

12-2-2011 2-00-59 PM

12-2-2011 2-01-15 PM

12-2-2011 2-01-50 PM

12-2-2011 2-02-22 PM

12-2-2011 2-12-38 PM

 

Now that the base installation is complete, I need to patch-the-hell out of it.  A quick browse of Google and I find that SQL 2008r2 has a published Service PackI wrote a step-by-step guide for installing SP1 here

Leave your comments or suggestions below!

Allow Windows Update to do more than just Windows

I like to have updated software on all of my computers.  Everything from patches to bug fixes are very important to my security profile.  Thus I allow Microsoft to update more than just Windows when I activate the Windows Update feature.  Here is a quick and easy way to activate that additional functionality.

image

image

image

image

Since I’ve never before given Internet Explorer to make changes to my system, a security popup has activated asking if it is ok… just hit yes.

image

Windows Update now starts it’s scan of additional software it has updates for…

Now wasn’t that easy…  Leave your comments and suggestions below!

Accessing SQL through the Windows Firewall

Recently I installed a new instance of SQL 2008r2.  (Get more details on installing Microsoft SQL Server 2008r2 here…)

Upon my arrival I quickly learned in order to allow applications to access the SQL server instance I needed to open up the following port on my windows firewall:  1433

So here goes…

 

image

image

image

image

image

image

image

image

image

image

image

The Microsoft article described a way to do this via an admin command prompt. I chose the graphical process.

If you have your firewall configured for outbound filtering as well, you may need to follow this process for under outbound filters as well.

Do you have an alternative way of configuring SQL for firewall access?  I’d love to hear from you… leave your comments below with your process or comments/suggestions on my process.

How to Produce a Webcast… part 1

imageI’ve gotten back into the video game.  Years ago I had a web show called RootSync which I produced on a shoestring budget.  It worked well and had nearly 24 episodes (full season in TV terms).  Since then several things happened, I got a “real job”, divorced my Ex, closed my business, found a wonderful new wife, upgraded my job, upgraded my house, now I’m upgrading my broadcasting capabilities.Avatar

My latest venture into webcasting is a News Review called Week In Review.  I’ve worked hard on this show technically and have added so many new technically interesting features to make it happen.  Below is a short list of technical things that need to be learned and sorted out:

  1. Our Host and general theme of the show.
  2. Microsoft Cinema HD USB cameras for capturing high quality video.
  3. Wireless Label Microphones from RadioShack for capturing our hosts audio.
  4. Using a Xenyx1002B audio mixer to bring together both label microphones, Skype audio, and my computer’s audio then feeding them into VidBlaster for broadcasting.
  5. Utilizing VidBlaster for mixing multiple video sources together, broadcasting it over to uStream, and recording it for later post-production.
  6. uStream for the LIVE aspect of our show.  Broadcasting occurs every Friday at 7pm CST and uStream helps us broadcast LIVE.
  7. YouTube for the hosting of our episodes that have been post-produced.
  8. Using Windows Live Movie Maker for Post Production.
  9. iStockPhoto for royalty free videos, pictures and images.
  10. WordPress for hosting the main website which ties it all together.
  11. Publicizing our show by utilizing social networking like Twitter, Facebook, IMAutomator, etc…

I will be going into depth on each of the above technical aspects of the show and hopefully by the end of my Webcasting series you’ll have the knowledge needed to produce your own Webcast.

Our Host

A very important part of any new Webcast web show is your host.  The host must be interesting, insightful, and knowledgeable on the topics to be covered.  It helps if your host has the time to research and find the stories or topics that they would like to talk about in a way that would interest an audience.

David Smith3For my latest Webcast, my friend David will be hosting the show while I get to focus on the technical stuff.  David is a long time friend and has tons to talk about.  He has an actual PHD, he has lived and worked in L.A. during the riots, San Francisco, Las Vegas, Rome, and has ended up in Northwest Arkansas.  His extensive knowledge about a wide array of subjects makes him a very interesting listen and I believe the world would be better with his views shared.

David and I have been meeting every Friday for dinner ever since I can remember.  During our Friday dinners we’d talk about how our weeks have gone and what has happened in the world during the week as well as how those events would effect our lives here in Northwest Arkansas.  A few months ago we decided to record our discussions and share them with everyone and a new show was born.

Now that we have our host and the general theme of the show, it’s time to focus in on the technical aspects.  In part 2, I’ll discuss the video hardware used during our show.

Compiling an Application to require UAC Rights Elevation

Recently I was developing an application that played around with my services.  I kept running into the access denied message.  After some research I found out it was related to UAC.

After compiling the application and right-clicking to run as administrator, I wanted something that would force my app to be run as administrator automatically…. thus my search began:

The solution came from Judah Himango on the following post:  http://stackoverflow.com/questions/227187/uac-need-for-console-application

To implement what he’s talking about do the following:

1. Download and install the Windows SDK from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11310

This SDK contains the MT command referenced in Judah’s response.

 

2. Add a program manifest to your application:

image

 

3. Modify the manifest to reflect the new “requireAdministrator” status as below:

image

 

2. Paste in the following line in your projects post-build step under Visual Studio:

(for 64-bit systems)

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\mt.exe" -manifest "$(ProjectDir)$(TargetName).exe.manifest" -updateresource:"$(TargetDir)$(TargetName).exe;#1"

 

(for 32-bit systems)

"C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bin\mt.exe" -manifest "$(ProjectDir)$(TargetName).exe.manifest" -updateresource:"$(TargetDir)$(TargetName).exe;#1"

 

image

 

Compile and you’re done.  On Windows 7, vista and 2008 (r2), you should see a little shield next to your icon indicating that administrator privileges are required to run your app.

image

 

Hope this helps others out there!   Let me know by posting your comment below.

TMG and BigFix BESClient

No series of posts would be complete if I didn’t relate it back to my new fabulous job some how…

The Microsoft Threat Management Gateway is secure by default.  This means everything you want to do or rather connect to online must be configured properly within the TMG console.  The BigFix Enterprise Client is no different.

By default the BigFix infrastructure communicates on port 52311.  Therefore we must let TMG know that we’d like our clients to talk over this port.

Below is a graphical step by step on how this is done:

1. Lets start by creating a new row…

ForeFront TMG->Firewall Policy->Tasks (tab)->Create Access Rule

1

2. Of course we’ll be Allowing this port to communicate

2

3. We’ll be creating a brand new protocol… so hit Add then in the Add Protocols window click New->Protocol

3    4

4. Name your protocol…

5

5. We’ll be adding the BigFix TCP port 52311 here… (You may have deployed via a different port… specify your custom BigFix port here…)

6  7   8

6. We have no secondary connections that are needed… so click next and hit finish

9   10

7. Next we will expand the “User-Defined” branch and choose our “BigFix Communication Protocol” we just defined and hit Add->Close->Next

11  12

8. Specify who is allowed to communicate… Source which should be your internal network.

13

9. And specify our destination which in my case I am setting up a secondary site and all these clients will communicate with my BigFix Root server somewhere else on the internet.  (later on I’ll setup a relay on one of the computers at this location and adjust TMG firewall rules.)

14

10.  Because BigFix is my main management for all my computers, I want every computer to have permissions to communicate via this port… so I’ll leave the default “All Users” here… Next->Finish

15   16

 

We’ll probably want to make sure this is our first firewall rule so it is not interfered with by some other rule.  After hitting finish it should look like this:

17

Lastly we’ll need to “Apply” this new rule set in order to get things working.

18

TMG and AT&T Global Network Client

Since setting up my Microsoft Threat Management Gateway, I’ve come to realize how restrictive it is… The default installation setups both an in-coming and out-going firewall.  This can be rather frustrating if you don’t know how to configure things correctly.
In this post I’ll show you how to configure an Access Rule to allow the AT&T Global Network Client thru to wherever your going…

01. Open up your Forefront TMG Management console and find the "Firewall Policy" link within the left side tree.

2. Under the Tasks tab on the right side, find the “Create Access Rule” and left click it.

3. Call the Rule name:  AT&T Global Network Client
and hit next

4. We’ll want to “Allow” it…

45. This rule applies to “Selected protocols” and click the “Add” button

6. Under the “Add Protocols” window, click New->Protocol

7. Name it the “AT&T Network Client” then add the following ports to the list:

a. TCP, Outbound, From 50 To 50

b. TCP, Outbound, From 389 To 389

c. UDP, Send, From 500 To 500

d. TCP, Outbound, From 709 To 709

e. UDP, Send, From 4500 To 4500

f. TCP, Outbound, From 5080 To 5080

8. Our rule now needs to specify the “From” network of Internal, and the “To” network as External

Finish and Apply the changes… This should allow your VPN Client to connect and work properly.

Port Scanning?!? oh and Microsoft Threat Management Gateway (TMG)

I am working on learning network security… so I went and picked up the NMAP Network Scanning book (ISBN: 978-0-9799587-1-7) from Gordon Lyon and Insecure.org.
During my reading he talks alot about an Intrusion Detection System (IDS). Apparently IDS’s are used to detect attacks on their networks including something benign as a port scan. This got me thinking… doesn’t my MS Action Pack include something like that… indeed it does… two in fact. The ISA 2006 and it’s newer replacement Threat Management Gateway (TMG 2010).
Any respectable hacker would jump at the chance to set it up and “hack” yourself to see what happens right? OF COURSE!!!

I’ve setup the new system and placed it on the “edge” of my network. This puts it in exactly the right spot to have the largest exposure… right…