Monday, March 30, 2015

Apple Tips and Tricks Vol 3

Continuation of Apple Tips and Tricks.  In this volume will be covering Apple File structure (OS X).  This one is a little more in depth as such only topic for this post.

Apple File structure (OS X)

As we deploy more and more Apple devices in our enviroment understanding the file structure has become a huge need.  Understanding Apple OS X is a necessity when deploying software or troubleshooting user issues.

   Structure

  • Four (4) key areas or domains to remember
    • Per-User (~) / User's home directory: /users
      • Contains folder for each user that has been setup on machine
    • Per-Machine (local/root): / 
      • Top level of hard drive
    • Local Area network: /Network
      • As it states networked devices / drives
    • Apple-provided/managed: /System
      • Should only contain Apple files / folders
      • Similar to Window's System folder


   Per-User (~) / User Domain

  • Location: /users
  • Folder for each setup user on machine
  • Note the use of "~" represents current logged in user
  • User's folders consists of: 
    • Applications, Desktop, Documents, Downloads, Movies, Music, Pictures, Public
    • Similar to Window's Users folders
  • Default location for Apple to store user files
  • Contains hidden folder that contains user's preference folder: /users/[username]/library
    • Two ways to access: 
      1. Go To Folder
        • Open Finder
        • Click "Go" on menu bar
        • Click "Go To Folder"
        • Enter directory path: /users/[username]/library
          • e.g. /users/admin/library
      2. Go + Option
        • Open Finder
        • Click "Go" on menu bar
        • Hold down Option key
        • Click Library
    • Huge thing to remember about User's Preferences (/users/[username]/library/preferences) is it trumps Per-Machine / Network and even System preference lists (plists)
      • Apple start plist search here and stops if match is found
      • Opposite of Window's Group Policy where Domain trumps local
   Per-Machine / Local Domain

  • Location: /
    • Top level of hard drive
    • Displays contents of hard drive
    • Similar to Window's C:\
    • Key folder to remember here is the Library
      • Just like User folder above contains Preferences folder (plists)
      • Remember trumped by user's Preferences but trumps Network and system
      • Sometimes referred to as the "Public" Library

   Local Area Network / Network Domain

  • Location: /Network
    • As it states networked devices / drives
    • If present can contain Library folder
      • Just like User and Machine folder contains Preferences folder (plists)
      • Remember trumped by user's and machine Preferences but trumps system
      • Sometimes referred to as the "Public" Library

   System / System Domain

  • Location: /System
    • Should only contain Apple files / folders
    • Similar to Window's System folder
References:

Thursday, March 26, 2015

Nagios

At current employer we are currently reviewing systems to monitor or enviroment.  We need to monitor network (Cisco), Virtual Enviroment (VMware / EMC), Services (GAFE/O365), and even some websites (Canvas / Infinite Campus).

Up for review first is Nagios.  We downloaded the 60 day trial appliance and even had a 25 min quick start with Nagios support to ensure we can get the most from the tool.

Following series will cover areas we need to monitor and how Nagios was configured to achieve them.

--------------------------------------------Update Feb 16, 2017-----------------------------------------------------

Unfortunately this project was canceled before we even finished the installation of Nagios.

Monday, March 23, 2015

Apple Tips and Tricks Vol 2

Continuation of Apple Tips and Tricks.  In this volume will be covering preferences (plists), display  iPad on Macbook via QuickTime, Hidden User Account


Preferences (plist)
  • plists are basically the configuration for applications
  • Many do not exist until a default value has been changed in the program
  • preferences are cached in a process called "cfprefsd"
    • Recommend to force quit when trying to fine tune preference imports to ensure fresh pull from plist and not cache
  • Exercises
    • Safari - Homepage
      • [Link to Google Doc with steps]
iPad display on Macbook via QuickTime
  • Desire to record or display iPad screen on Macbook to projector or to record video
  1. Cable iPad to Macbook
  2. Ensure both devices are powered on
  3. Open Quicktime on Macbook
  4. Start "New Movie Recording"
    • File > New Movie Recording
  5. Press drop arrow next to record button
  6. Select Camer > iPad
Hidden User Account

  • Hide management / local admin user on Macbooks
    • Prevent confusion and attempts at unauthorized access
  • User accounts below 500 are hidden from Users and Groups
    • Utilize feature to hide managed accounts and test users
  1. System Preferences
  2. Users and Groups
  3. Create new account (+)
  4. Use following settings
    • New Account: Administrator
    • Full Name: [Friendly Account Name]
    • Account Name: [User Name]
    • Password: [Desired Password]
    • Verify: [Desired Password]
    • Password Hint: [Something to remember password by]
  5. Click Create User
  6. Double-Click or Control-Click on new user
  7. Click "Advanced Options"
  8. Change User ID to below 500
  9. Click "OK"

Wednesday, March 18, 2015

Folder Permission Nightmare (CJWDEV's NTFS Permissions Reporter)

This post focuses around a nightmare of a week I had with Technology team and file servers.

The day was Tuesday March 3rd, 2015, the day was seeming to start of slow as we were wrapping up some issues with our aging Exchange server (2007 on 2k8 platform).  We began to get calls that staff could no longer access the StaffShare folders and files.  As we began to receive the calls and research we soon discovered for whatever reason (have not had time to research more) our file server had dropped all but local admin on the staffshare.  

Some background our staffshare consists of 800 GB some 58,000 folders to be shared across 12 buildings with over 1000 users.  You would think something like this would be documented but I soon found out it was not.  For the past week we have been slowly restoring access as users request and are vetted.  We are trying to hold meetings with departments to become proactive and create groups before someone reports the issue but that process is slow.

Out of all this we have learned that NTFS permissions must be documented and audited now and then, we believe a student / teacher may have some how changed the permissions.  To complete this task we thought about using just your standard spreadsheet but realized quickly the hours to complete would a) far out way the benefit b) never be available to complete.  It was only when one of the admins asked me if only there was a software to do this for us do my somewhat mushy brain recall such a program.  This is when we rushed out and purchased CJWDEV's NTFS Permissions Reporter.
CJWDEV's NTFS Permissions Reporter - Full Version
http://cjwdev.com/Software/NtfsReports/Info.html

Installation was quick and easy.  Setting up to scan and report on a drive or even specific folder is simple.  But the greatest power lies in the export ability the reports into multiple formats.  We choose to use the NTPR format native to the program.  This allows for you to compare between either recent scan or other saved reports.  Our plan is to create baselines and audit changes quarterly via comparison.

Going forward in my career I will always purchase a copy of CJWDEV's NTFS Permissions Reporter - Full Version.  It will be the best $150-$600 dollar system software investment.

Monday, March 16, 2015

Apple Tips and Tricks Vol 1

As my current employer moves to a dual platform of Apple and Windows I have found I need to learn Apple shortcuts. Below is list of tips and tricks Vol 1 we use on a regular basis.
  • OS X
    • Quit Apps (Force Close)
      • Option-Command (⌘)-Esc
      • Force close stalled / hanging apps
    • Screen shots
      • MacBooks offer 3 keyboard varieties and a simple program
        • Grab (Windows Snipping Tool)
          • Allows capturing screen via 4 options
          • Allows previewing of capture before saving
          • Selection
            • Click and drag the selection box to form a rectangle around the desired screen area. Release the mouse cursor to capture the image.
          • Window
            • Captures any window that you choose
          • Screen
            • Saves a snapshot of the entire display
          • Timed Screen
            • Set a time delay before the screen shat is captured. Use this option if you wish to perform a task, such as opening a menu, before capturing the screen shot.
        • Keyboard shortcuts
          • Command-Shift-3
            • Capture a screen shot of the entire screen
            • Image is automatically saved to the clipboard
          • Command-Shift-4
            • Capture a specific area of the screen
            • Click and drag the selection box over the desired area, release the mouse cursor to capture the image.
          • Command-Shift-Spacebar
            • Create a screen shot of an entire window
            • Click the window you want to capture

Wednesday, March 11, 2015

Nesting Hyper-V with VMware ESXi 5.5

This weeks posting focuses on the setup of my home virtual lab.  I recently setup my home lab consisting of the following specs:
  • Supermicro X7DAL
    • 2 - Quad Core Intel Xeon E5440 @ 2.83 GHz (8 vCPUs)
    • 2 - NICs
    • 24 GB of RAM
    • 2 - 1 TB Hard drives
  • Evaluation version of ESXi 5.5
Most of my experience has been with VMWare so I choose this as my base system.  Now I wanted to learn more about Hyper-V and have read it could be nested within ESXi.  The following will guide you through configuring a ESXi 5.5 system to allow for nested Hyper-V usage.

In some places there are multiple ways to accomplish the same process through the vSphere client, CLI, or using a tool like WinSCP.  The end result is to modify the config files so how ever you feel comfortable.  I will be utilizing WinSCP to access the files and modify using a Windows text editor.  You can download WinSCP here: http://winscp.net/eng/index.php

  1. To start we need to ensure SSH access is enabled.  I configured mine through vSphere client but you could do this through local access also.
    • Launch vSphere and connect to ESXi system
    • Ensure your system is select in left navigation box
    • Click "Configuration" tab in right navigation box
    • Under software click "Security Profile"
    • Click "Properties" for "Services"
    • Select "SSH" and click "Options"
    • Select desired startup policy
      • I choose to automatically start
    • Click Okay until back at main vSphere page
  2. Now we need to modify our ESXi config file.  This file is located at /etc/vmware/config.
    • Launch WinSCP
    • Connect to your ESXi server through a SFTP connection
    • Navigate to root level and then to /etc/vmware/
    • Select config and Edit
    • Add the following
      • vhv.allow = “TRUE”
    • Save and close the editor
  3. Next we need to create the Hyper-V system profile, we will not be installing yet.
    • Go and create a new VM with specs you desire
      • I configured mine with following:
        • VM Hardware version 8
        • 4 vCPUs
        • 12 GB of RAM
        • 2 NICs
        • 40 GB Thin Hard drive
        • 100 GB Thin Hard drive
  4. Now we need to edit the VM Profile
    • In WinSCP navigate to VM location
      • /vmfs/volumes/[DateStore]/[VM Name]
    • Select [VM].vmx file and Edit
    • Add the following lines:
      • monitor.virtual_exec = "hardware"
      • hypervisor.cpuid.v0 = "FALSE"
    • Save and close the editor
  5. Before we install our OS we still need make some changes to our VM settings
    • Within vSphere access your VM's settings
    • Select "Options"
    • Enable CPU/MMU Virtualization for our VM
      • Under Advanced Select "CPU/MMU Virtualization"
      • Select "Use Intel VT-x/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization"
    • Expose CPUID to guest
      • Under Advanced Select "CPUID Mask"
      • Select "Expose the NX/XD flag to guest"
      • Click "Advanced"
      • Locate line ecx and modify to following:
        • ---- ---- ---- ---- ---- ---- --H- ----
      • Okay back to main vSphere window
  6. Finally we can install our Hyper-V OS
    • Proceed to install as normal and enjoy creating Hyper-V VMs within ESXi environment.

Following resources we used:

Monday, March 9, 2015

Dual Platform Woes - Password Alerts

As my current employer moves to a dual platform of Windows and Mac systems we have ran in to issues with users not being aware of password expiration.  As such the Technology team has had to look for ways to ensure both Windows and Mac users are aware of upcoming password expiration.

To accomplish this we have deployed the following:


  1. PowerShell Script
    • Password Alert
      • Runs daily at 7AM
      • Starts 14 days from expiration and continues until password reset
      • Provides links and directions on how to reset password
    • Password Expiration Report
      • Sends single email with OU Expiration reports attached
    • Use Windows Task Scheduler to execute scripts daily
    • Run on DC

  2. ADPassMon
We have just implemented both of these into our environment.  Will include complete write ups on setup of each option in the near future.



Thursday, March 5, 2015

Office 2016 Beta Release

Well, hello digital world.  Long time now chat.

So much has happened in my life I will have to provide a couple post to catch you all up.  But this post is to focus on Office 2016 for Mac.

Available for download here: http://products.office.com/en-US/mac/mac-preview

From my limited experience with Office 2011 for Mac I have been severally disappointed.  I will be downloading the beta in the morning for review personally.  I am hoping that MS has incorporated more features that are standard to PC version into the Mac version.

Stay tuned for my review within the next week.

In the mean time head over to Spiceworks and join the discussion there:

http://community.spiceworks.com/topic/825685-free-public-beta-preview-of-office-2016-for-mac-is-now-available