Windows Server

Locate the Citrix Datastore

There are times in a Citrix environment where you might have servers pointing to different data stores. You then might get confused about what box is pointing to what datastore location. To find out, open Powershell on the Citrix server and run the following command:

cat "c:\program files\citrix\independent mananagement architecture\nf20.dsn"


Windows Server

Rock the Logging Facilities in Windows Server (aka More Syslog Crap)

The default logs in Windows Server can be tweaked to provide a little better information. This is really helpful, for example, if you’re dumping your logs to a syslog server. Here’s a script that can make it happen with a few little tweaks to how we interpret data (to be run per host, just paste into a Powershell interface as an administrator):

auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable
auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable
auditpol /set /subcategory:"Logon" /success:enable /failure:enable
auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable
auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable
auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable
auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
auditpol /set /subcategory:"File System" /success:enable /failure:enable
auditpol /set /subcategory:"Registry" /success:enable /failure:enable
auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable
auditpol /set /subcategory:"SAM" /success:disable /failure:disable
auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable
auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable
auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable
auditpol /set /subcategory:"File Share" /success:enable /failure:enable
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable
auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable
auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable
auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable
auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable
auditpol /set /subcategory:"Process Termination" /success:enable /failure:enable
auditpol /set /subcategory:"DPAPI Activity" /success:disable /failure:disable
auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable
auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
auditpol /set /subcategory:"Authorization Policy Change" /success:enable /failure:enable
auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable
auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable
auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable
auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable
auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable
auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:disable
auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable
auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable
auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable
auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable


Windows Server

Force Citrix XenApp Uninstalls

At some point in your Citrix experience, you may decide that you need to uninstall and reinstall Xen App or Presentation Server. If and when this happens you will likely need to force the uninstall. Luckily, the mps.msi comes with an operator to CTX_MF_FORCE_SUBSYSTEM_UNINSTALL which can be set to use, rather than hunting through the registry and manually removing entries there. You run the msi through msiexec, as follows:

msiexec /x mps.msi /L*v c:\ctxuninstall.log CTX_MF_FORCE_SUBSYSTEM_UNINSTALL=Yes

Once uninstalled, you can install anew.


Windows Server

Ports to Open When Doing Citrix Deployments

When deploying XenApp, there are a few ports that typically need to be open for the solution to work properly. The most common of these are 1603 and 1604, but you may also need to open 1494 and 2598 as well. And of course, 443 and 80 if you’re doing web stuff. So here’s the list and what they do:

  • Admin: 135
  • Access Gateway Deployment: 443
  • App Streaming: 445
  • Citrix ICA thin client protocol: 1494
  • Citrix ICAbrowser: 1604
  • Independent Management Architecture: 2512
  • Management Console: 2513
  • Citrix Session Reliability Service: 2598

Citrix_SSLVPN_COIL_NetDiagThere are also a number of ports that communicate back into your infrastructure, such as LDAP (can be a RODC), RADIUS and DNS. If you’re blocking internal ports (e.g. if your Citrix infrastructure is in a DMZ) then you’ll also need ports 9001, 9002 and 9005 in order to administer your Citrix environment, but only from hosts that will perform administration tasks. Also, if you use AppController, port 9736 between hosts provides the High Availability service, 4443 is for the admin tool and 3820 and 21 are used for log transfers. If you have a separate license server you’ll need the Citrix servers to communicate with it via 27000, 7279, 8082 and 80. If you use a separate SQL Server for any of this stuff, you’ll also need 1433 and 1434 to it.


The 25 Nerdiest Kid Movies

Movies, movie trailers and TV shows helped to validate that many of us were on the right track (or wrong track) in school. For those that were kinda’ smart (or like me, liked being with the smart ones even if they weren’t smart) there was a whole stream of movies, starting with the advent of computers and moving forward until the cliché was beaten right into the poor dead horse with a party hat. So if you’re raising a kid and you want to start them off right or just validate them that they have started off right, here are some movies to help you along that path. From grade school to high school. Must glorify without making too much fun. Must not be animated (that would be a whole other list). The nerd (or kid who all nerds openly want to be) must be the protagonist.

  • War Games is about Ferris Bueller (or a younger, nerdy whiz kid of a Ferris Bueller) who connects into a top secret military mainframe and ends up with complete control over the United State’s nuclear arsenal. He then has to find the physical mainframe and disable it. What’s so awesome is that it’s InfoSec 101: use a password, put multiple layers of security in place and don’t hook ICBMs up to unsecured systems. Really makes the Wozniak quote “never trust a computer you can’t throw out of a window” make sense. I’ve been waiting for years to hear “shall we play a game?” Just like arguing with some people, “the only winning move is not to play.”
  • Weird Science is a typical 80s flick about two unpopular teenage boys who “create” a woman via their computer. Their living and breathing creation is a gorgeous woman, Lisa (the name of the predecessor to the Macintosh, whose purpose is to boost their confidence level by putting them into situations which require Gary and Wyatt to act like men. On their road to becoming accepted, they encounter many hilarious obstacles, which gives the movie an overall sense of silliness.
  • E.T.: Henry Thomas is a total repeat offender on this list. And E.T. is probably the biggest movie of them all. Don’t get me wrong, some easily eclipsed the box office revenue but if adjusted for inflation I doubt they would have. He’s a little young in this one to be a nerd, but we know it happens and when you have the star wearing a hoodie, Dungeons and Dragons, aliens and Henry Thomas in the same movie, I’m not-so-sure you can really skip it on a list like this. Plus, it’s not like Drew Barrymore has done that much sci-fi, so we’ll take it where we can get it! 
  • The Neverending Story: The kid is a bookworm, reading about magic, lasers, talking heads rock biters and of course Atreyu, a warrior. Our main character Bastian starts feeling what Atreyu does, including the love of Artax the horse. I find a common theme in nerdy movies is looking up to a warrior type and eventually finding your way to be your own person. For me, this was the beginning of a journey that eventually led to the older Doctor Who series, Brazil and a few others of the era. But it started when I was about the age of the kids in the movie (which was no spring chicken the first time I saw it).  
  • Flight of the Navigator: So much of the effects resemble a cross between Fraggle Rock and the original Battlestar Galactica. The most important thing this movie did was to be in the right place at the right time and teach me early on that I needed to get good with a joystick so in case aliens ever needed me, I had their back!
  • The Last Airbender: This movie got shredded by fans of the show. I watched all of the original series and have watched much of the diesel-punk inspired new series with my daughter. And we both loved the movie. Unlike many, I did not find the direction nor editing lazy. I thought the effects were good. I thought Noah Ringer was fine. I thought the creative license with much of the changes were merely trying to condense an entire season of storyline into a couple of hours. But most of all, I thought it was just a fun little movie. I’m still bummed they didn’t continue on with the other elements/movies. Maybe someday…
  • Kick-Ass: They’re a little older, but not too old to move into another category. A really good movie (despite Cage) about nerdy kids striking back. If you haven’t seen it, this is one of my favorites in this sub-genre!
  • Goonies: This movie did so much. I mean, it had pirates, a kid named Data (his Father in the movie was on The Closer), boys get the girls, a monster and a great legacy. I suspect they may wreck the legacy when they make part two. Josh Brolin, Sean Astin, Corey Feldman, Martha Plimpton, etc.
  • Ender’s Game: Harrison Ford returns to science fiction to train Ender to kill aliens. What isn’t better to a tween than killing aliens. Not so sure he killed $110,000,000 worth of aliens but a fun romp nonetheless!
  • D.A.R.Y.L.: After watching D.A.R.Y.L. I think I spent years thinking I was some sort of robot. Probably explains plenty. When I finally got around to reading Isaac Asimov’s Robot Series I guess I didn’t think I might be an android any longer. “It’s only human to make mistakes, but Daryl never does.” In this movie, a kid realizes he’s actually an artificial intelligence. He then gets chased down by the government, looking to reclaim their intellectual property. Classic ET-style the government are the bad guys kinda’ moments ensue.
  • Hugo: A crossover between nerdy kids and fantasy, this movie is boy meets girl, who happens to have the key to his steampunk inspired robot.
  • Real Genius: I know I said up to high school and these guys are in college, but here’s the thing. They started college early, so it wouldn’t go into a college nerd flick, would it?!?! But ya’, lasers, floating Death Star-esque ships, the Ice Man before he got buff for the role,  
  • Super 8: Trying to recapture the Henry Thomas look in the leading actor, this movie features young, middle-school aged budding film makers trying to track down monster aliens, escaped from a train moving it away from Area 51. Trite, yes. But the 70s nerd clothes are awesome! 
  • Back to the Future: “Are you trying to tell me that my mother has got the hots for me?” Freud would have been proud with how in touch a young Marty McFly was with his feelings. The Doc, borrowed from the TV show Taxi, sets a whole time travel scenario in motion that caused generations of chic geek to want nothing more out of life than a DeLorean. There’s a bully, a nerdy father, skateboards, mad scientists, lighting, plutonium powered cars. I mean, really… And in a sign of the times, there’s a lot of sax!
  • Teenage Mutant Ninja Turtles: They’re teenagers, right? Nerdy kids liked them when I was a kid. Not sure if they do now. The franchise has never really gotten a proper crack at a movie (like Punisher). Or maybe it has and it’s not possible for a bunch of turtles yelling cowabunga to actually work out in a live action movie. either way, the next installment will be Michael Bay trying to start anew. Would love it if it finally works out!
  • Attack the Block: Kids killing aliens…
  • Cloak & Dagger: Yet another Henry Thomas flick! Trying to crack the code to a game that contains… Wait for it… Well, I won’t ruin the twist but another “It started as a game” with a boy saving a girl. Classic 80s pre-hacker crackdown flick!
  • Harry Potter: This was such a massive blockbuster I almost left it off the list. But the series occupies 1 slot of the list instead of 8. Harry goes from nerdy little kid to nerdy adult. Being a wizard will do that to ya’! Even if you don’t think they’re nerdy (after all, things are different on the other side of the pond, maybe all Brits are like that) you must admit that all geeky kids have wanted to be a wizard at some point or another. Lucky you, I found one clip that has all 8 trailers. Enjoy and hope the memories work well for you like they did for me!
  • Teenwolf: I almost didn’t put this on the list ’cause Michael J. Fox just wasn’t nerdy enough. But he was small and picked on and tried to play sports poorly before coming a werewolf, so why not… I drew the line at American Pie. They definitely weren’t nerdy enough…
  • Superbad: Written by Seth Rogen and Evan Goldberg when they were nerdy thirteen year old boys, oddly this movie is about a tubby Jonah Hill playing Seth and Michael Cerra playing Evan. Superbad has a young Jonah Hill, lamenting virgin teens and of course, McLovin and the cops. The boys basically get the girls in the end!
  • Can’t Buy Me Love: The nerd pays the girl to go out with him and when he breaks up with her (pre-planned) he becomes the talk of the town, only to realize it was a huge mistake and then he’s a loser again when it comes out he paid her. Yup, pretty much says it all. Nerdy guy gets the girl. Huge theme in the 80s, obviously. 
  • The Secret Lives of Dorks: The name says most of it. It’s nothing new in and could have been called “Love Potion #9″ or Rick Moranis gets Annie Pots. Or American Pie. Or Revenge of the Nerds (they’re in college). Or 10 Things I Hate About You. Heck it could’ve even been the first Transformers movie.   But it isn’t one of those and those will be on other lists upcoming so I feel the need to go ahead and just put this one on this list. 
  • The Computer Wore Tennis Shoes: had Kurt Russell. It was from the 60s. But the time spent on explaining all the computing was awesome! The best part about this movie is that glimpse you get of what computers were like before the advent of the personal computer. Thank you to the Altair, Apple and other machines that helped to get us into a new world order!
  • Time Bandits: Terry Gilliam probably shouldn’t make kids movies. Don’t get me wrong, everything is awesome as far as this movie goes. But I’m not so sure any kids would get it!
  • I Love You, Beth Cooper: His dad is Cameron from Ferris Bueller’s Day Off. There’s a big bully for an ex-boyfriend. Hayden Panettiere doesn’t sing country. Totally cliché but that’s kinda’ ok ’cause so are the rest…

Honorable mention:

  • Antboy: If you’re thinking this would have been way better on the list than I Love You, Beth Cooper then you’re right.
  • Standing Up: Too feel-good. Obviously made for the parents more than the kidos (which is totally fine).
  • Star Wars Episode I: Anakin built robots, was immaculately conceived and raced a mean pod racer. But he was booted off the list because he put on a black suit, choked people and was intimate with Natalie Portman. All the other nerds on the list learned from their time at the bottom of the social ladder and didn’t become the bullies.
  • The Karate Kid: Excluded because of the swan kick.
  • The Lost Boys: It was the comedic sidekick who was nerdy. The main characters weren’t nerdy enough. And while the head vampire was pretty nerdy, he was too old.
  • Can’t Hardly Wait: IMHO there were too many characters that were “cool” kids.
  • American Pie: Just not nerdy enough…
  • The Brat Pack movies: The Breakfast Club, 16 Candles, etc. Yes, there were characters like Ducky, the kid that holds up the underwear and Long Duck Dong. But it just doesn’t fit into the list…
  • Transformers: 2 words: Shia Labeouf.
  • Movies about creepy kids: I hate creepy kid movies.
  • All Superheroes Must Die: I’m pretty sure they were too old, but they don’t really tell us…
  • Bad News Bears: The movie is about sports.
  • Napoleon Dynamite: Exposes the fine line between geek chik and just a plain weird person.
  • It’s Kind of a Funny Story: He’s crazy, not nerdy. But Zach Galifianakis FTW! His mom is in parenthood too.
  • Juno: Kinda’ misses the point of the whole thing…
iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment


DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at

Active Directory Microsoft Exchange Server Windows Server

Grep, Search, Loops and Basename for Powershell Hotness

Simple request: Search for all files in a directory and the child directories for a specific pattern and then return the filename without the path to the file. There are a few commandlets we end up needing to use:

  • Get-ChildItem: Creates a recursive array of filenames and pipes that output into the For loop.
  • ForEach-Object: Starts a for loop, looping through the output of the command that has been piped into the loop (much easier than an IFS array IMHO).
  • If: This starts the if pattern that ends after the select-string in the below command, but only dumps the $_.PSPath if the pattern is true.
  • Select-String: Searches for the content in the file.
  • Split-Path: This is the Powershell equivalent of basename and dirname. You can use this commandlet to extract parts of the path to a file. In this case, we’ll use the -Leaf option which effectively runs the basename, or just the file name in the path to a file.

Get-ChildItem -include * -recurse | ForEach-Object { if( ( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf

You can also search for the files that specifically don’t have that given pattern included in them instead by adding a ! in front of the Get-Content:

Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf

Note: This runs recursively from the existing working directory (and yes, you can use pwd to return a path, just like the bash built-in).

Finally, the > operator can then be placed into the end to dump our data to a file:

Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf > Complete.txt


Mac OS X

Scale Printing in Preview for OS X

Basically, if I’m printing something in OS X from Preview I want it to scale to fit the page. Luckily, I’m not the only one. To enable this option, use defaults to write a boolean key called PVImagePrintingScaleMode as TRUE and viola:

defaults write PVImagePrintingScaleMode -boolean TRUE

To then disable this option, swap PVImagePrintingScaleMode to false:

defaults write PVImagePrintingScaleMode -boolean FALSE

cloud Mac Security Network Infrastructure

Configure Syslog Options on a Meraki

Meraki has a syslog option. To configure a Meraki to push logs to a syslog server, open your Meraki Dashboard and click on a device. From there, click on “Alerts & administration”.

Screen Shot 2014-04-12 at 8.29.16 PM

At the “Alerts & administration” page scroll down to the Logging section. Click on the “Add a syslog server” link and type the IP address of your syslog servers name or IP. Put the port number into the Port field. Choose what types of events to export. This could be Event Log, Flows or URLs, where:

  • Event Log: The messages from the dashboard under Monitor > Event log.
  • Flows: Inbound and outbound traffic flows generate syslog messages that include the source and destination and port numbers.
  • URL: HTTP GET requests generate syslog entries.

Note that you can direct each type of traffic to a different syslog server.


Scrum Master 101