misc: snmp device simulator (free, yes free!)

in case you missed it, jalasoft just dropped a new tool called the xian snmp device simulator. going by the details, it might take you longer to type the name than to run the utility -- especially since most of the configuration is all wizard-driven. it supports snmp v1, v2 and v3, and it simulates myriad devices including:

• Cisco Switches
• Cisco Router
• Cisco Firewalls
• Cisco VPN Concentrators
• Cisco Wireless devices
• 3Com Switches
• HP Pro curve Switches
• F5 Big Ip Nortel
• APC UPS

whether you're an operations manager 2007 shop, an operations manager 2012 shop, or don't use operations manager at all, this tool will still be valuable for testing snmp. over the years, simulating snmp has come up many times so it's great to see something this nice -- for free! if you want details, click HERE to check out their blog post.

misc: diffie-helman key exchange

while in a cert authority class, the instructor mentioned the diffie-helman key exchange and showed us this picture using paint colors as a way of expressing how this works. the math just makes me dizzy. anyway, the paint color thing kind of makes sense …

atlanta techstravaganza 2013

greetings. ATLSMUG (atlanta systems management user group) is proud to be one of the co-hosts of the atlanta techstravaganza event once again! we have well over a hundred attendees which makes a great networking opportunity. hope to see you there!

 

here’s a few things of note:

• Keynote speaker Mark Minasi – The New Windows: What to Do and When to Do It
• 16 great sessions in 4 tracks — System Center, Windows Server Infrastructure,
  PowerShell, and Hands-on-Labs for Hyper-V and Azure
• Speakers — Ed Wilson, Greg Cameron, Brian Huneycutt, Butch
  Waller, Tommy Patterson & other Microsoft experts
• Breakfast, lunch, and snacks provided!
• Great prizes to be won — including the grand prize of a Microsoft
  Surface RT!

Friday June 21, 2013 8AM to 4PM
Microsoft Campus, 1125 Sanctuary Pkwy, Alpharetta, GA

 

more information and registration link is available at: http://www.ATLTechStravaganza.com

microsoft desktop optimization pack 2013

i am well aware I should have not missed this but somehow overlooked it. a service pack was released with mdop 2013 that addresses some issues with agpm (advanced group policy management) 4.0. it’s been a long time coming. it looks to be more functional than actually addressing some of the deficiencies in agpm. it’s still good news since i was under the impression ms would scrap agpm at some point since its adoption rate is low.

if you missed it, here are some other products that were updated:

• AGPM 4.0 SP1: Brings powerful change management for Group Policy to Windows 8, making it easier for organizations to keep enterprise-wide desktop configurations up to date, enabling greater control, less downtime, and lowering total cost of ownership (TCO).
• DaRT 8.0 SP1: Accelerates desktop repair by adding support for 10 additional languages. It also includes a new Defender engine to better assist organizations in discovering malware.
• App-V 5.0 SP1: Helps organizations use virtually any application anywhere by adding support for Office 2010. This will give end users a consistent experience with virtualized Office that they saw with previous versions of App-V. SP1 also adds support for the sequencer and client in 24 languages while App-V 5.0 server will be supported in 11 languages.
• UE-V 1.0 SP1: Makes it easier for users to change devices, but keep their experience with support for Office 2007, a heavily requested addition. The product now supports 24 languages, allowing more organizations to use UE-V in their native language.

MBAM 2.0 seems to be the giant frontrunner in this list of applications (not shown above). it looks like the only application that was a version upgrade, not just a service pack. you can read the entire article here: http://blogs.windows.com/windows/b/business/archive/2013/04/10/making-windows-8-even-more-manageable-with-mdop-2013.aspx.

scep: tampering with anti-tampering

i understand both sides of why people believe this needs to be done. this article outlines a measure microsoft implemented to keep service controls outside of administrative fingers for endpoint protection to keep people from messing around with services.

as you might know, this is very silly wall to put around a service. as an administrator, you own the box. if you understand how to read SDDLs and change them to suit your needs, then you can very easily modify it with your administrative credentials to remove that paper wall, -and- coincidentally, you might want to pick up this skill since in some scenarios (read as: mine) the very product that manages endpoint protection (system center configuration manager) fails to update to CU1 because of its inability to stop the microsoft antimalware service. <sigh> i guess you could uninstall the product. that seems safer. :/

this is akin to putting in safeguards such as making sure i am running an installation with my domain admin account! really?! that’s supposed to be safe? even when you have the proper credentials, surgically applied, you fail to meet the minimum requirements of a security group check.

my point is, administrators should not be prevented from managing their services – both from a practical perspective as well as philosophical. from a practical perspective, as an admin, you PWN the box. you can do just about anything you want which means you can take over permissions which gets you around the anti-tampering easily.

philosophically speaking, if you are a designated administrator, it should be with understanding that you know what you’re doing when doing elevated permissions tasks – such as disabling core services. it seems counterintuitive to present this with any seriousness as an anti-tampering method and also makes windows look like a child-safe medicine bottle. windows, for all of it’s massive pretty, “next next finish”, and other enhancements to ease the administrative experience – is still a very serious server operating platform. it’d be nice to get treated like i know how to run it.