Archive for the ‘Tips & Tricks’ Category
Having a business that expands to multiple markets, also means purchasing domain names, advertising and phone numbers. Having multiple phone numbers and especially international phone numbers, thru the regular phone pusher is something that can quickly become hugely expensive. So when asked by a not for profit organization, how they could have multiple international phone numbers for their customers to contact them, I started looking thru the different SIP providers.
After quite a lot of research and some testing. I found LocalPhone that offers SIP services for international lines and numbers at a low cost. They of course offer all the usual services, such as a SIP connection to receive calls directly, SIP trunks, SIP international calls dirt cheap, redirects, voicemail and so on.
So how do you get more than one number on your regular phone line without the whole SIP thingy ? Read the rest of this entry »
Boost your internal PKI/Microsoft CA security with FREE green Extended Validation SSL in 15 minutes or close your eyes until 2016!
One of the new CAB Forum baseline requirements is that all SSL certificate issuers are to stop issuing SSL certificates with internal host names and IP addresses. Currently it is possible to get internal host names in public certificates until 2016, but after 1. July it will be shortened to 2015. But keep reading and you will remove this threat today, instead of waiting to 2015-2016.
Normal usage of SSL certificates
Most companies with a medium to large infrastructure, use an internal PKI solution like Microsoft Certification Authority for identity and encryption on internal workstations and accounts. They will also use internal CA to issue certificates for server systems that are only accessed by internal computers where Root CA trust can be controlled automatically thru GPO or similar.
But external facing websites and server systems use public external CA issued SSL certificates, to ensure trust by all units including mobile units and external computers.
(did you see the padlock in the above image?)
Example of attack
It makes sense to prevent easy attacks on the identity part of SSL security for internal systems. Any internal website would be easy to replace with a fake site or do a man in the middle attack with a real external publically trusted SSL certificate that includes the internal host names. Example: an internal password management portal on https://mypassword.abc-organization.local. The intruder gets a certificate issued to www.notyours.dk including a SAN name “mypassword.abc-organization.local”. It would be easy for the intruder to setup a fake website to harvest passwords with a real SSL certificate that all clients would trust equally to their internally issued SSL certificate on the existing system. Clients would see the padlock with no visible changes. Read the rest of this entry »
How to get rid of the anoying syntax error popup message when using Internet Explorer with Java so your mother-in-law will stop buggin’ you about it
Quite some time ago I encountered this error the first time, to be honest i can not even remember when it was. But I do know it was Windows 7 and Internet Explorer fully updated, together with the current Java runtime environment that gave me the problem, but I am getting ahead of myself.
- Using Internet Explorer, Windows 7 and Java Runtime Environment – all updated to latest editions on completely clean installations
- On all webpages loading Java the following error message appears twice (x2, two times, 2 times).
Title: “Microsoft JScript compilation er…”.
Error message: “Syntax error”.
Extra bonus information:
- I have experienced this problem on Windows 7 with and without service packs, Internet Explorer 8 and 9
- Usually the problem appears from “birth” with default settings
- Settings in Internet Explorer for showing errors, debugging scripts, etc. are all set to default i.e. not to anoy the user
- The error always comes two times and has absolutely no usefull information
- The Java application works fine without any errors, the only error is the actual message about the error and yes it is realy anoying
So to continue… Read the rest of this entry »
Since TeamViewer can be rolled out in an organization with the MSI package and sample vbs scripts from TeamViewer, I was asked if it would be hard to do a small VBScript to fetch the TeamViewer ID from theese machines and save it somewhere for the support staff to look up in.
This script is a very simple example of how to fetch the ID on a machine from registry and save that together with current logged in user and machine name in text files. To change this to save into another system, database, etc. would be quite simple.
But by creating a share with write permissions from everyone and pointing this script to it and placing it during login for all users in a domain, it would be easy to find a given machine or users TeamViewer ID. Since the TeamViewer ID does not change for a machine, it could be just run on machines when the TeamViewer client is installed, but that is entirely up to you. Read the rest of this entry »
I was looking into Shadow Groups, inspired by a customer migrating from Novell to Active Directory. Apparently in Novell you can use Organizational Units as security groups, and by just moving a user to another OU when they change departments, they will automatically update their security permissions given by their department OU placement.
So what is so great about shadow groups you might ask. Simply put if you have OU’s for departments, where you place users depending on department membership, shadow groups, will shadow the members of the OU in the security group, I assume that is where the name shadow group comes from. This allows you to setup security permissions for a group that is linked to an organizational unit. So when you move user A from department sales, into department accounting, the user A will automatically be removed from the sales security group and added to the accounting security group, effectively updating user A’s permissions automatically. Saves time for large organizations, now a user moving OU does not need to have his groups manually updated.
The first hit on google was a blog post by John Policelli (MVP) explaining shadow groups is not a new type of group in Active Directory, it is rather a concept, when you automatically update the members of a security group from the objects placed in an Organizational Unit. Also he points out that this automatic synchronization is not an existing feature in Windows Server, we need to add it our self. The example he uses with dsquery, dsget and dsmod, works if you manually set it in a script for each OU/Group, I was looking for something easier to manage, that preferably did not require editing of the script that needed to run. I strongly believe scripts that can be maintained from Active Directory will always have a longer life time, since less updates and potential errors happen in the script.
After some more searching I found an article by Jakob H. Heidelberg (MVP and fellow Dane) this one also had a good explanation about what Shadow Groups are and also a download link to a simple VBScript to populate a group with the users in an Organizational Unit. If You are looking for a script to feed the OU and Group and then update the group from the users of the OU, that script will do you just fine and I would recommend you take a look at the article and script he wrote, as it is simpler and less prone to errors by being simple.
My idea of a Shadow Group Script Read the rest of this entry »
VBScript to join computers to domain, with specific user and avoid having to manually place them in AD
The following script was used for automatically joining alot of computers to an Active Directory domain, it was required to place the computer in a specific Organizational Unit and also to run with a specified user with only permissions to add machines in this OU and the default new computers OU (giving it unlimited join domain permissions).
So here is a cleaned up short script to join a machine to a domain, using a script specified user (could be changed easily to current user) and place the machine in a specific OU, great for running for specific departments, so You avoid having to manually sort the machines in the end. Read the rest of this entry »