Alternatives to TrueCrypt?

When it comes to security Linux again proves to be much better than proprietary alternatives especially in the time when trust to TrueCrypt has been compromised after recent development suspension.

First of all to work with TrueCrypt volumes you can use
tc-play
cryptsetup

and
zulucrypt as frontend GUI for tc-play and cyptsetup

Alternatively you can move to LUKS encrypted drives that perform better than eCryptfs.
FreeOTFE frontend is available for Windows systems so we can make use of that software on proprietary platform.

However I think TC is fine for now and even if the development has been suspended community is still able to publish information about any new bugs found only then there is a tangible reason to abandon TC.

Simple bash colouring

for root:
PS1=’\[\033[1;36m\][\A]\[\033[0;31m\]\u\[\033[0;32m\]@\[\033[1;34m\]\h\[\033[0m\]:\w \[\033[0;31m\]# \[\033[m\]’

for a regular user:
PS1=’\[\033[1;36m\][\A]\[\033[m\]\u@\[\033[1;34m\]\h\[\033[0m\]:\w \[\033[m\] $ ‘

Don’t ask about the details just use it.
More info here.

Outlook font settings

Outlook stores it’s default font settings in the registry.
Check out HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Common\MailSettings in the registry.
*These instructions are for Outlook 2007, but should be (basically) the same:
Go into Outlook (ensure regedit is closed), Tools -> Options->Mail Format -> Stationary and Fonts. Setup the fonts the way you want them.
Open regedit, go to the key above, which should now be updated with the font information you set, and Export it. Continue reading Outlook font settings

GPO, Administrative Templates and WSUS

I was going to edit the settings for WSUS, but once I opened up the GPO editor the results were showing the desired settings, but when I go to Edit them there was no such options.
You will also see this:
Policy definitions (ADMX files) retrieved from the central store.
In this case you have to open desired GPO for editing and in the GPO go to Computer Configuration -> Policies and click on Administrative Templates -> Add/Remove Templates… then click Add and browse to C:\Windows\sysvol\ (here you have to check all of the folders for Adm subfolder) Adm subfolder should contain some templates. The one responsible for WSUS is wuau.
Add this one and now you should see additional template and setting in the editor.

This is also very useful article about central stores.
Here you can download templates for Windows Server 2008.

And this is how to disable WSUS on the domain so client computers will update directly without communication with a broken WSUS server.
You need to change the following group policy “Update Services Common Settings” – Computer Configuration – Administrative Templates – Windows Components – Windows Updates – Specify intranet Microsoft update service location set it to disabled.

NFS easy way

Server:
yum install nfs-utils nfs-utils-lib

systemctl enable nfs-server.service

/etc/exports
/home/homebkp 192.168.0.20(rw,sync,no_root_squash)

exportfs -av
systemctl restart nfs.service
systemctl status nfs-server.service

iptables -L -n
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
iptables-save > backup.dump
iptables-restore < backup.dump

Client:
yum install nfs-utils nfs-utils-lib

mount -t nfs 192.168.0.10:/home/homebkp /mnt/server

Cryptocurrency

I would never use any vanity generator (it is exactly what it’s called… vanity) or an online brain wallet service… never trust a third party with your money.

Sometimes it feels like Bitcoin is the AOL of banking… all the scammers are having a free ride.

twowordzatwork

Why ITIL in the company?

Because ITIL clearly says that employees are not just employees, but they are also service providers and customers in the same time.
To be only a service providers for external customers or clients is half of the story.
In our case we have to take care of the external ones, but internally it is still messy and people less care about each other. Basically there is no ITIL. Continue reading Why ITIL in the company?

SBS 2003 to 2011 migration

The most humane guide on the Internet is HERE.

Exchange 2010
Recommended to extensively use https://testconnectivity.microsoft.com/ during the process.

If you ping the localhost (e.g. server.domain.local) and you get IPv6 replies that means you should disable it on the network adapter. Some Exchange updates fix weird problems, but sometimes I don’t have time to wait 3 days for Windows to finally become up to date.
Outlook is not connecting and you are under fire.
Moreover add proper entry in the hosts file in C:\Windows\System32\drivers\etc
192.168.0.100 server.domain.local

Someone has messed up the DNS entries. It has to be:
mail.domain.com A 5.10.15.20
autodiscover CNAME mail.domain.com
remote CNAME mail.domain.com

but not CNAME records pointing to the IP address directly.

While doing
the rpc_s_server_unavailable error (0x6ba) was thrown by the rpc runtime process.
Most likely what I have mentioned in my previous post some services are not running or started up in the wrong order.
You want to delay some of them or wait for fixes or just manually start or restart these services Microsoft Exchange RPC Client Access and Microsoft Exchange System Attendant.
However I would suggest restarting

To demote SBS2003 you first need to uninstall Exchange 2003.
Here you can find CDs for SBS2003 and CD2 where Exchange install files are located.
http://iteyebr3.dyndns.org/ui/#/Data/SBS2003
It is not easy.
you cannot remove a server that is a target bridgehead
Follow this guide and delete the connector on the old server.
Anyway most likely the uninstall will fail and you will be forced to do this manually which is quite laborious.
Follow THIS or THIS.
THIS as well

Get-ExchangeServer | Format-List on the target server.

SUMMARY:
So much effort just for a small business?!
If you decide to use Microsoft software in the future please abandon this idea.

Microsoft is shite

You deploy the newest version of their SBS server version (2011) which is already 3 years old then you have to download about 1.5GB of updates and restart the server 15 times to make it the most up to date.
In the meantime you have to update Exchange 2010 from the default version to the latest SP3 which is another 800MB of software to put in, 1h of time and another couple of restarts to settle things down.
How ridiculous and backward it is?
Normally the engineers don’t care too much about the updates and you can see many fresh deployments where the server is still asking for a lot of updates, but most importantly the Exchange is still on SP1 which is unsecure? This upgrade has to be done manually everytime.
The way the software is distributed has drastically improved in the recent years with the advent of Windows 7 and at least we get regular updates once a month, but the rest is shite.
They have noticed that their business cannot stand the competition and that is why same as other proprietary software vendors they encourage or even force their clients to switch to their cloud alternatives which is the same shite, but at least at their end.

By the way I was wrong about 1.5GB of updates. I have just refreshed Windows Updates and it shows another 93 – ~500MB of updates.

Exchange 2010

After the migration Outlook won’t connect to that bloody thing. OWA is fine and you can send and receive emails.
It looks like one of the services is affected and first reboot does not help. You have to do it twice and then it works?!

HP Proliant server

F5 – Array configuration
F9 – BIOS setup
F10 – Intelligent Provisioning

Yes don’t bother with Windows SBS 2011 for Proliant servers as it still fails to detect a network adapter.
Use Intelligent Provisioning instead and choose Manual installation. It will preload the drivers in the memory (it creates some small drive partition) and when you leave Windows SBS 2011 DVD in the drive it will work this time and detect the answer file.

After the system has been installed. You can run HPSUB.bat from SPP DVD in hp\swpackages to installed all the missing drivers. Make sure you run the BAT file as domain administrator (it won’t work on different user).

At the end if you still see “No items” in the HP Management Homepage please install WBEM providers manually. Download from here.

System State

To backup system state on Windows Server 2003 use:
ntbackup
You can setup a backup job from CMD
ntbackup backup systemstate /J "Backup Job 1" /F "f:\sysstate-backup.bkf"

To backup system state on Windows Server 2008 use:
c:\Windows\System32\wbadmin.exe start systemstatebackup -backuptarget:f:

She got married!

Yes, just rename her surname and create new alias to reflect her new surname.
Do not change the username though as this will break her user profiles and it will require you to fiddle with it.

Bootable USB Windows installer

This applies to Windows 7 as well as to Windows Server 2008, SBS 2011 or 2012.
Don’t bother using WUDT.
First format the drive with NTFS using Gparted.
Copy all the files manually from the iso to that drive.
Run on the target drive to install Windows mbr
make
make install
ms-sys -7 /dev/sdX

Then mark that partition as bootable with cfdisk.
Voila!

HP website

Only HP knows how to use their website where many already indexed webpages are broken.
Trying to find the firmware and driver updates for Gen8 server for last the 30 minutes with no avail.
Now search has found HP ProLiant ML350 G4p?!

WUDT

Interesting article HERE

To make proper ISO please use ImgBurn which is free and you won’t end up being asked to buy a full version.
To format the USB stick properly please follow the below instructions:
Start command prompt as Administrator and type diskpart
type list disk
type select disk and number of your USB disk ( like select disk 1 )
type clean
type create partition primary
type select partition 1
type active
type format quick fs=fat32
type assign
type exit to exit the diskpart utility
type exit to close command prompt

But it still does not work for me. I think I spent enough time on this and will try to complete this task from my Linux instead.