Tiny Deathstars of Foulness

On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest. The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc. Get-EventLog -list You can then take any of the log types and view information about them. To see System information: Get-EventLog System There will be too much information in many of these cases, so use the -newest option to see just the latest: Get-EventLog system -newest 5 The list will have an Index number and an EventID. The EventID can then be used to research information about each error code. For example, at

February 8th, 2014

Posted In: Microsoft Exchange Server, Windows Server, Windows XP

Tags: , , , , , , , , , , ,

Windows Server has a role that it can run in SMTP. Exchange and other services use this role to relay mail. There is a type of attack against a mail server that revolves around effectively performing a Denial of Service (DoS) against Exchange by sending massive quantities of mail to the server and forcing it to send Non Delivery Reports (NDRs) from the mail you’ve sent the server. This is known as an NDR Flood Attack. You can also leverage what’s known as a Directory Harvest Attack to get a server to respond to each possible combination of characters for addresses on domains running on an Exchange server. A Directory Harvest Attack then ends up giving spammers information about what email addresses they can spam on your server. Not to get off the point, but unless you can DoS a box with one or two packets only I don’t consider a DoS attack hacking. Really, it’s just brute force. It’s lame and there’s nothing scientific or interesting about it. Unless of course, you wrote some really cool botnet and it’s your bot farm DoSing some evil something-or-other. But I digress… So one way that Microsoft has come up with to combat these types of automated attacks against their servers is to make SMTP “sticky”. Basically, you put a few seconds worth of delay in your response to a request. At 5 seconds, legitimate mail servers won’t even notice. But if someone is trying to flood you with massive quantities of junk traffic over port 25 they’re going to have a far less interesting time of doing so. To enable the SMTP tar pit feature in Exchange/Windows Server, back up the registry and then locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters subkey. From there, do a new DWORD value and call it TarpitTime. Enter a decimal value of 5 to make the sticky time 5 seconds (time is therefore in seconds). Once done, save and restart SMTP: net stop smtpsvc net start smtpsvc And viola, you’re joining the good fight against evil spammers. Sleep better tonight! Note: You get extra credit if you thought “it is soooooo 90s to allow SMTP traffic on any network you control! Do you worship Jeremy Piven’s character from PCU or what?!?!” Note2: You get double extra credit if you happened to step in tar at the La Brea Tarpits while reading this article as I thought about writing it when almost stepping in some tar at the very same place.

June 27th, 2013

Posted In: Microsoft Exchange Server, Windows Server

Tags: , , , , ,

Exchange is becoming more and more command line oriented. This includes the powershell options for managing Exchange once installed, but can also include the initial installation. To install Exchange from the command line, one must first install Exchange prerequisites, which are broken down per role that is being installed on Exchange. This can be done using the Add-WindowsFeature commandlet. To install the Windows requirements for Exchange for the Client Access, Hub Transport and Mailbox roles, use the following command: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart For the Edge Transport role, use: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart For the Unified Messaging role, use: Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart After the server restarts, also configure NetTcpPortSharing: Set-Service NetTcpPortSharing -StartupType Automatic Once the required features are installed, you can then run the installer and extend the Active Directory schema to prepare for the new attributes required for the version of Exchange you’re installing (2010 for this article btw). To do so, use the setup.exe command. In this example command we’ll use the setup.exe located in c:ExchangeInstallers: c:ExchangeInstallerssetup.exe /prepareschema Once the Schema is ready, then prepare AD: c:ExchangeInstallerssetup.exe /preparead Then, prep the domain: c:ExchangeInstallerssetup.exe /PrepareDomain Note: For a full listing of what happens at the above stages of the installation, see TechNet 125224: Once that’s done, I like to do a quick sync of AD from the control with my schema FSMO role: repadmin /syncall Then, for the easy part: install Exchange (in this case we’re installing Hub, CAS & Mailbox roles): c:ExchangeInstallerssetup.exe /m:install /r:h,c,m And voila, you’ve now got an Exchange Server. Since this is a Mailbox server, an empty information store is created and store.exe should be running. Use Get-Mailboxdatabase to verify: Get-Mailboxdatabase -status You can then move a database (e.g. to your SAN), since the default will be nested in the mdb folders in the Exchsrvr directory by using the move-DatabasePath cmdlet. Or use the move-storagegrouppath cmdlet to move the transaction logs. Once the information store is back online and any logs have been moved, check the connectors in Exchange. Use get-sendconnector to see any outgoing connectors and get-receiveconnector to see any incoming connector information. You can also use get-exchangecertificate to check any certs on the host and get-routinggroupconnector to see any information about routing group connectivity.

June 11th, 2013

Posted In: Mass Deployment, Microsoft Exchange Server, Windows Server

Tags: , , , , , , , , , , , , , , , , ,

The first presentation I’ll be doing at MacSysAdmin today is on Windows Server in Mac OS X and iOS environments, which can be found here: MacSysAdmin_Windows The second presentation I’ll be doing today at MacSysAdmin is on iOS deployment, which can be found here: MacSysAdmin_iOS If you’re not able to attend then I hope you will enjoy. I’ll try and get them to Tycho for uploading to the official site asap.

September 13th, 2012

Posted In: public speaking

Tags: , , , , , , , , , , , ,