Skip to main content

Posts

Showing posts from January, 2010

using repeat count to detect a problem in a window of time

i realized when someone asked me how to do this that i was totally remiss about posting it. for the purpose of this exercise, i’m going to walk you through creating an event monitor which will check if a high number (subjective) of bad attempts to logon is detected within a finite period of time.  so follow along… it’s much easier in opsmgr than mom 2005 (as i described in this much earlier blog post .) here are the steps: create a monitor / unit monitor windows events / repeated event detection at this point, you have three choices: manual, timer, and windows event reset.  choose the one most appropriate for the situation.  i chose the timer. name it “OH MY GOD!  SOMEONE IS TRYING TO HACK ME!” or something else equally shocking! ;) target your windows domain controller or whichever group makes sense for you i put the rule under the parent monitor of security set the event log name to “Security” and move along in the following area, i specified these values: Event ID Equa

how to synchronize sticky notes in windows 7

do you like sticky notes?  when i heard about it, the concept seemed pretty hokey to me.  there are an assortment of ways to capture notes on the desktop.  notepad, remember the milk, outlook, etc.  i thought i’d give it a try to see if i could capture random, short-lived things that you tend to quickly forget. as it turns out, it worked – and i’m hooked.  i don’t just like sticky notes, i love sticky notes.  i keep notes for new music i want to explore later, short errands to run, and topics i want to look further into later. the one short coming is that i can’t sync the notes.   i’m sure there are an assortment of ways to making this magic happen, but i decided to use a service i’ve been using for awhile: live mesh . now really, all you have to know is the path where sticky notes keeps all its information: C:\Users\<your user profile name>\AppData\Roaming\Microsoft\Sticky Notes   there’s a file called stickynotes.snt .  when synchronized, this file carries al

list domain controller site information with powershell

just a small follow up to a post i did about listing domain controllers with powershell.   to start, let’s grab the forest. $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()   just for fun, we’ll look at the domains of the forest. $myforest.Domains   let’s look at all the available sites of the forest. $myforest.Sites   this will output the domain controllers and the sites they belong to.  this is akin to using nltest /dclist:mydomain. $myforest.Sites | % { $_.Servers }   might as well know the subnets of those sites, right? $myforest.Sites | % { $_.Subnets }

enabling ntlm authentication with firefox

yet another miscellaneous post.  i had no idea it was even possible until a friend sent me some instructions.  it’s quite simple.  here’s the run down: in the address bar, type about:config .   hit enter and swear your life away that you are legitimately smart enough not to break anything.   in the filter bar, type network.automatic-ntlm-auth.trusted-uris .   double-click the result.  a dialog box will prompt you for a string value. enter your ntlm domain with a preceeding dot.   click ok. you’re done!  no restart required!   thanks for the heads up trent.

using psexec to launch processes that survive logoff/logon …

i was reading russinovich’s blog this morning searching for a particular issue and ran across these two gems on how to run an application to survive the logoff/logon sequence.  keep in mind that later operating systems utilize session 0 isolation and requires specifying the session number.   for windows xp and prior operating systems: psexec –sid <path>\procmon.exe   for later operating systems: psexec –sd –i 0 <path>\procmon.exe       for reference, the switches resolve to the following: s – run the remote process in the system account i – run interactive (console if no session is specified) d – don’t wait for process to terminate (non-interactive)

cumulative update 1 for operations manager 2007 r2 released

this is hot off the presses.  the cumulative update 1 is now out for r2.  get testing – or if you have been testing – get deploying.  though the kb article is not published just yet, it will be shortly. here are the links: download it here kb article holman’s installation experience   here’s a run down from the article of some of the changes: The Product Knowledge tab is displayed as the Company Knowledge tab after you import a language pack for System Center Operations Manager 2007 R2. An agent cannot be removed successfully from a Windows Cluster service node. The Heathservice.exe process on a Windows Cluster service passive node may have excessive CPU utilization. The Healthservice.exe process may crash when it uses the OLE DB module. The workflows that use the OLE DB data source may unload themselves if the underlying provider returns a null string or an empty string. An instance of the MonitoringHost.exe process may cause a memory l

multiple-step ole db operation generated errors

i wrote a script awhile back to gather some metrics for tracking ad objects to softgrid clients.  i kept getting some very strange execution behaviors each time i ran it, generating the following error: Retrieving AD computer objects newer than: 12/6/2009 10:32:55 AM myscript.vbs(149, 2) Microsoft OLE DB Provider for SQL Server: Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.   when looking closely at this problem, it turned out that this execution error was happening at the call for retrieving a sms report.  this is the block of code where it was failing.  i noted in red the line where the execution bombs out. Set oConnection = CreateObject("ADODB. Connection ") Set oRecordSet = CreateObject("ADODB.Recordset") oConnection. Open ("Provider=SQLOLEDB; Data Source=myServer;Trusted_Connection=Yes;Initial Catalog =SMS_XYZ;") oRecordSet. Open "webreport_approle.wrspSM

listing the group membership of a computer in opsmgr [part 2]

yesterday, i posted an entry about retrieving a computer’s membership through a very backwards way that i cobbled together.  after talking to pete zerger for a little while, i started poking into how to make boris’ script work.  it was initially only pulling back two groups for me. well, i managed to increase that count to six.  however, my output and boris’ still doesn’t match up.  it could be an incorrect root class, i’m using.  either way, i wanted to post it to see if you guys could direct me to a better solution.  who knows? since you can’t seem to use an abstract class directly in boris’ script, i modified it a bit to first get the abstract class object using get-monitoringobject and then pull out the objects into an array.  afterwards, that array is fed into the get-monitoringclass cmdlet.  at that point, we should have a pretty good set of objects we can use. those objects are sent back down the pipe to get-monitoringobject using the criteria of $computerFQDN to cre

listing the group membership of a computer in opsmgr

inside of operations manager, groups are utilized in a variety of ways.  at the core of a group, the definition is still the same.  you use it to “group” things together.  you can use groups to define the membership of console scopes, notifications, overrides, views, etc. since it’s heavily utilized in operations manager, sometimes, you’ll want a way to get that information back out.  a friend on twitter asked the question if it was possible to retrieve the membership list of all groups a computer belongs to.  to begin with, the boris yanushpolsky blogged about doing this very thing over 2 years ago. by then, i was well into writing my own little thing.  anyway, it’s a work in progress.  i don’t know if it’s actually working as designed yet but so far it appears to be pulling back the expected groups of the one computer name i have tested it with.  if you’d like to give it a go, here’s the script: param ( [string]$myComputer ) # Function function GetOpsMgrGroups { W