Enable Role Remote Desktop Web Access

This provides clients an interface to access their virtual desktop. Let's see how to set up Remote Desktop Services on Windows 2008 R2 by enabling Remote Desktop Web Access Role Service.

Use the following steps to install the RD Web Access role service:

1. Log on to the desired server with local administrator privileges.
2. Click Start, and then click Run.
3. In the Run dialog box, type in ServerManager.msc and click OK.
4. In the Roles Summary section, click the Add Roles task.
5. After the Add Roles Wizard loads, click Next.
6. On the Select Server Roles page, select the Remote Desktop Services role, and click Next.
7. On the Remote Desktop Services page, click Next.
8. On the Select Role Services page, only select the Remote Desktop Web Access role service. This is the only role service that is being installed at this time.
9. When prompted with the Add Roles Wizard dialog box, click the Add Required Role Services button (any missing required role services or features for RD Web Access role service will now be added).
10. On the Select Role Services page, click Next.
11. On the Web Server (IIS) page, click Next.
12. On the Select Role Services page, click Next (do not change the defaults).
13. On the Confirm Installation Selections page, review the selections made, and then click Install.
14. On the Installation Results page, review the results, and click Close. 

Connect to the RD Web Access Web site using either of the following methods:

• On the RD Web Access server, click Start, Administrative Tools, Remote Desktop Services, Remote Desktop Web Access Configuration.
• Using Internet Explorer, connect to the RD Web Access website using the following URL: https://<server_fqdn>/RDweb as shown in picture below

That is one way to do it, but if you want security in your terminal server implementation, you'd need to install a TS gateway somewhere (preferably on the edge of the network), and then have your clients connect through that so that CAPs and RAPs can be kept in check. The TS gateway service allows for RDP over HTTPS.

Read More

DHCP design guidance for Small Sites (Less than 300 Users)

This article explains the DHCP Server recommendations especially for Small Site (Less than 300 Users). This guidance can be applied to your system.

A small site is described as a site with less than 300 users in their facility. Your Management team could the following recommendation design for DHCP. 

• Option 1 - DHCP on the next uplink site
    In most cases, the scopes configured to cover the mobile sites would include lease times longer than the typical configuration of other DHCP scopes.  This will allow any clients in the remote site to keep their IP address leases active for a longer period of time in the event of poor network connectivity back to the DHCP server.  Any administrative access and management of the actual scopes would need to be addressed with the local site administrators where the NS server is located.
• Option 2 - DHCP on a local Network Router
    - Network routers are capable of providing DHCP services. This recommends having the local scopes configured on the router.
    - The Network Team manages and creates the DHCP scopes, and any additional required scope\server options.
• Option 3 - DHCP on a local File/Multifunction server
    The remote site will need to have a local server to host the DHCP scopes.  The local IT administrators would be responsible for IT Compliance of the server, and would need to abide by all rules and regulations put in place by the IT team.

For large sites (Greater than 300 users) Sites with more than 300 users are usually recommended to purchase and maintain a local NS server in their facility. You can follow recommendation designs for DHCP as

• Option 1 - DHCP on a local NS Server  An NS Server is a server which hosts DNS, DHCP, and WINS only.  The dedicated NS box will provide the best performance for most sites with a larger user base.  This will allow for your site to still locally obtain a dynamic IP address, be able to perform administration of DHCP as you currently have rights to do, and provide local caching DNS service to your users, thus reducing the traffic generated by DNS to your local Domain Controller.
• Option 2 - DHCP on the next uplink site  The recommendation would be to host the local DHCP scopes on the next upstream DHCP server, which in most cases would be the Ehub.
  Any administrative access and management of the actual scopes would need to be addressed with the local site administrators where the NS server is located.

DHCP Messages

DHCP Lease Renewal

DHCP Relay Agent

Read More

How to Disable USB Storage Devices ports in Windows 7

      USB storage devices are so common these days almost everyone owns USB storage device in shape of small flash drives, external hard disks, mobile phones, cameras, and lots of other portable devices. So if you want to secure your computer from stealing data, viruses or any other risks then simply disable the USB ports for USB storage devices / disk drives. To block the USB storage devices just follow the given steps below.

Note: this method just block the USB drives (Flash drives, External HDD, Mobile Phones, etc.) not the USB mouse, Keyboard, etc.

How to Disable USB ports
Press Windows + R from keyboard, type “regedit” in the “Run” window and hit Enter.

Explore the registry editor folders
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
in the right pane double click to open “Start” DWORD value as shown below.

Change its value to 4 and click “OK” button to save changes. Close the registry editor and plug in any USB storage device to check.

Read More

Data Center Rack Install

       I worte this to provides guidelines for the process of data center rack installations at your company(s). Server installation is addressed specifically in the Server Installation standard. This will be achieved by a workforce including, but not limited to, contractors, vendor partners and employees who consistently apply safe work practices. Safe work practices, including emergency procedures in the event of disasters. A safe and secure environment helps ensure the health and well being of all individuals (including workforce and visitors) as well as minimizes the impact of incidents that could affect business operations.

       To mitigate potential and preventable impacts to facilities IT equipment caused by the incorrect installation of equipment racks and through the application of industry standards, governmental regulations and current best practices with the goal of ensuring 100% operability and reliability when called upon for service.

Workforce members should assist each other in following the guidelines.

       Rack standards are necessary to ensure the maximum levels of safety, reliability and compliance in the data center. Racks form an important part of the IT and telecom infrastructure as they house valuable equipment. Nineteen-inch NEMA rack cabinets are used for a myriad of applications, including mounting IT (servers and data storage products) and telecommunications products (switches and networking equipment).  Rack cabinets are available for variable height and depth requirements, but the standard height is 42 Units (1 U = 1.75 inches).

Data Center Rack Install Procedure
       The data center manager is responsible for ensuring that all racks meet the standards and are installed properly.

Rack General Requirements

• Place the leveling feet down on each rack so that it does not sit on the casters and is secure and level.
• Do not mix power and data cables in the same cable tray.
• Do not install cable management arms on the servers as they block air flow.
• Insure that both signal and power cables are segregated in the rear of the racks, appropriately tie wrapped with service loops in the cabling so that the servers can be extended and maintained without having to disconnect the cabling.
• Fill the open space in the racks with both horizontal and vertical blanking plates. This reduces the amount of bypass air in the data center. Bypass air is the unintended movement of hot or cold air into areas where the two mix and reduce overall cooling efficiency.
• Ground every rack in the data center per the Grounding SOP and Chevron Data Center Design Standards. 
• Use plastic covers over the front cable trays.
• Install all racks with the front of the rack on the seam between floor tiles when installed on raised floor.
• All racks are to be installed with side panels and fully perforated front and rear doors. 
• Leave two full floor tiles or approximately 4 feet in all cold rows.
• All equipment in the rack should be installed so that the cold air intake is from the cold row and discharges hot air into the hot row (front to rear airflow).
• Ensure that all cable hole openings in the racks are protected with a grommet.
• Installing a folding monitor and KVM as the server density requires is a good practice.
• Seismic bracing of racks is required for equipment in active earthquake zones.
• Ensure that racks are labeled per the DCOE Labeling.
• Ensure that racks are installed in a manner to comply with the DCOE Raised Floor.
• Ensure that racks are installed in a manner to comply with the DCOE Airflow.
• Internal cage of the rack is a standard 19 inches.
• External rack is 30 inches wide instead of the standard 24 inches (800MM instead of traditional 600MM). (HP rack is for server and storage use).
• (4) 4 inch by 4 inch cable trays installed in the corners of the rack to house the cables.
• 40 amp Hewlett Packard Power Distribution Unit (PDU)or similar power strip installed in the back of the rack. This PDU provides power from two different sources.

Installation of a Vendor Rack (rack which server equipment was loaded by a vendor) 
Example – HDS storage rack, ETC PC cluster rack loaded offsite

1. _ Verify power configuration in rack matches power installed at rack location exactly            a._ if not, recycle to data center power installation procedures
2. _ Verify power inside the rack is actually dual power corded or attached via a static switch
3. _ Label the power cords with UPS information and rack location which plug into the DC Branch circuits 
4. _ Grommet installed under the rack for cable pass thru – where required
5. _ Install rack with the front of the rack on the seam between the floor tiles – leaving the required 2 solid floor tiles in the cold row in front of the rack.
6. _ Ground the rack to under floor ground cable or bolt to the row of racks
7. _ Seismic brace the rack / bolt to the floor where required (active earthquake zones)  
8. _ Label the rack with the grid location
9. _ Add the rack to inventory and turn on data center billing

Installation of a New Empty Rack 

1. _ Verify power configuration in rack matches power installed at rack location exactly     a._if not, recycle to data center power installation procedures
2. _ Label the power cords with UPS information and rack location which plug into the DC Branch circuits 
3. _ Grommet installed under the rack for cable pass thru – where required
4. _ Install rack with the front of the rack on the seam between the floor tiles – leaving the required 2 solid floor tiles in the cold row in front of the rack.
5. _ Ground the rack to under floor ground cable or bolt to the row of racks
6. _ Seismic brace the rack / bolt to the floor where required (active earthquake zones) 
7. _ Label the rack with the grid location

Instructions
When to use it:
During the development of site-specific standard operating procedures (SOPs)

Why is it important? 
This template helps standardize procedure writing. This template complies with the requirements of the OEMS.

Sample Visio Diagram: Typical Telecommunications Room Design.vsd

Read More

Server Room Temperature Recommendation

       Server Room Temperature: Computer and networking equipment is designed to operate within a fairly narrow temperature range. To ensure reliable operation and the longest possible life from components you need to ensure that the temperature stays within that band.


       Even a few degrees too hot can blow a server chip.
       The cost of a catastrophic server failure can be considerable. Think how much money you would lose if your servers went down. There is the cost of replacement, but think also of lost e-commerce business, lost customer details, wasted staff time, and all the other associated costs.

What temperature is right?
       General recommendations suggest that you should not go below 10°C (50°F) or above

28°C (82°F). Although this seems a wide range these are the extremes and it is far more common to keep the ambient temperature around 20-21°C (68-71°F). For a variety of reasons this can sometimes be a tall order.
How do you maintain the right temperature?
       Purpose built server rooms are well insulated for fire precaution reasons and air conditioning is essential. In many companies however the maintenance of the air conditioning is separate from the running of the servers. If the air conditioning fails you might not be the first to know. You may even be the last.

       Even if everything is working the temperature may fluctuate during the day, from season to season, and there is always the possibility of localized hot-spots around equipment giving off lots of heat.

       Don’t be tempted to think that just because you have an air conditioning unit that is up to the job that you are safe. People working in the server room sometimes switch the air conditioning off and forget to turn it on again. Sometimes they leave doors open. Servers run hotter at some times of the day than at others, air conditioning systems sometimes run at lower power at night etc.

       What if it’s night time, your air conditioning is running at low power, and your webserver suddenly starts to work hard because the west coast has woken up? Now your machine heats up and your air conditioning can’t cool it enough. Exactly this scenario has been know to happen. Many intermittent faults and slow downs can be traced to overheating.

        Replacing old equipment can introduce a new set of problems. Newer machines run faster and often run hotter as well, increasing the burden on the air conditioning systems even more. If you’ve recently introduced new servers or modern switches, it might be time to examining your air conditioning unit to make sure it can still keep up.

       Another thing to look out for is the scenario where you turn up the air conditioning unit during the day, in order to ensure the right environment in your server room, but then don’t switch it down during the night or weekends. During the day there might be a lot of activity into and out of the server room. The server room door being opened all of the time lets warmer air into the server room thus necessitating the air conditioning system to be turned up high. At night and at the weekend, without the same level of activity, you may be running up large energy bills for no reason.

How are you going to monitor the temperature?
       You need to monitor the temperature in your server room all of the time, especially at night and weekends when nobody is around. A number of systems are available for this purpose, the Temperature Monitor range from OPENXTRA offer good products at reasonable prices. You need to measure temperatures at different points in the room to get an idea of where the hot spots might be. You need temperature measurement to be automated and reliable, so a network attached device is ideal. The device must support alarms, via a number of different methods like email or SMS. You should be able to set the system up and then be alerted when something is wrong.


Welcome!  If you are not yet a network member, please register.

Read More

4 Lessons I Learned About Security

     In my years as a system administrator, I learned that security is much more complex than most people realize. You cannot get away with doing just one thing. One security measure will not save your company server or external server. Your security must be comprehensive and constantly adapting to defend against intruders. 

The following are three lessons I have learned over the years.
       1. A firewall is not enough – This is the perfect example of a single security measure that will not get the job done. Firewalls protect your internal network and may save you from the most basic forms of attack, but cyber criminals are always thinking of new ways to get in and do damage. A firewall cannot protect you from OS and application vulnerabilities anymore than a bullet-proof vest will protect you from a cold.
       2. Attackers love the /tmp directory – Lock this directory down. It will save you from endless headaches and grief. Attackers love to exploit weaknesses in your system and then drop their scripts into /tmp where they can do more damage or attack other servers.
       3. A server hack can go unnoticed – We often assume that any attack on a server will bring it to its knees or at least send up a red flag. In reality, most are subtle, and a hacker may use your server to do something inconspicuous like running an unauthorized chat server. You must be proactive to catch them when they first make their attempt.
       4. Also known as Server hardening, OS hardening and Windows hardening; Operating System hardening is the act of reducing the amount of attack points on a computer by streamlining the running software and services down to the bare minimum required. The benefits of OS hardening: by uninstalling or disabling software that is not actually required you are reducing the routes into your PC that a potential attacker or malicious software can exploit. Security patches for Windows are released every month and it soon becomes a never ending process of having to install new patches for newly discovered security vunerabilities. By reducing the amount of software you have installed you reduce the amount of patching you need to do.
     There are more lessons, not all related to security, that I will share over time on this blog. Hopefully, they will help those new to dedicated servers save time and money.

Read More

5 Password Tools for Servers

     Ideally, your server should be an impenetrable fortress, but recent DDoS attacks highlight the security problems even companies that pay thousands or millions to protect their websites face. Nevertheless, nothing is worse than having your server crippled by someone who simply guessed your password. In no particular order, here are five tools to help you have better, stronger passwords:
       1. Bad password List – This is a simple list of the 500 worst passwords that you should most certainly avoid. Unfortunately, people in offices use these all the time, so if you have employees, you need to enforce good passwords.
       2. Online Password Generator – Keep in mind that an online password generator is only as good and secure as the website hosting it, but if you trust PCtools, then this is an excellent way to create passwords, complete with customization and pronunciation guides to help you remember them.      
       3. APG Automated Password Generator – For those of you who prefer to roll your own passwords, APG is a Linux/Unix tool that makes it pretty easy to do. It is command-line based, so it works well on a server.
       4. Password Strength Tester – As with the online generator, keep in mind that you are typing a password into a web form, but this is a good tool to help train yourself or your coworkers/employees to make good passwords. It tests for many aspects of strong passwords and gives you detailed results.
       5. Crack your own password – If you are really concerned that someone might be trying to hijack your server, you can use John The Ripper, password cracker, to find out just how easy or difficult that might be. This is a password cracking tool, so please use it only for good.

       Recommended to create strong passwords: A strong password is an important protection to help you have safer online transactions. Here are steps you can take to create a strong password. Some or all might help protect your online transactions:

• Length. Make your passwords long with eight or more characters.
• Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
• Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
• Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.

Read More

Why Frequent Vulnerability Scans

     Why Frequent Vulnerability Scans Are So Important.. some server system administrators, especially those with little experience, may operate under the mistaken belief that they will find security through obscurity. In their minds, as long as their server is small and not hosting major big-name websites, those with malicious intent will leave them alone.

     What these idealists fail to realize is that attackers do not always consciously target specific servers. Instead they look for those that make good targets. To state it more plainly, even if you are not scanning for vulnerabilities, you can bet that they are. They will find them on your server and use them to either take control or launch attacks on other servers.

     The other important point to note is that any user activity on a server heightens the likelihood of vulnerabilities. If you have web applications with multiple users, especially sites that use forms of social media, you run a greater risk of having scripting vulnerabilities that may not be completely obvious. Regular server-wide scanning may reveal vulnerabilities in scripts that your server’s users unknowingly installed.

      By using vulnerability scanners, keeping your web applications and software up-to-date, and by using other security measures, such as application firewalls, you can prevent many attacks and more easily mitigate ones that still occur. When it comes to dedicated servers, being proactive can save you a great deal of time and money.

Read More

Good network security practices

     Since the rise in popularity of the Internet, we have started to use our computers for a much wider range of tasks than ever before. At home, we buy our groceries, do our banking, buy birthday presents, send communications via email, write our life story on social networking sites; at work, our businesses provide e-commerce via websites, staff send and recieve emails, phonecalls and video conferencing are done through the network using IP based servcices; all of this is done online and it would present a serious security threat if it wasn't for the fact we have various security measures at our disposal. I would like to cover some basic examples of how network security helps to keep us safe online, both at home and in the workplace.

     Any computer network used for business should employ good network security practices in order to keep free from attacks by hackers. There are a number of ways a hacker can hurt your business:

Denial Of Service

     A denial of service attack is used to make your network, or more precisely your website, unavailable to potential users; they do this by flooding the web server with so many requests for information that it uses up all the resources of the web server, which either makes the web server crash, or slow down so much that it can't handle requests from the websites' intended users, your customers.

BlackHat Hacking
     There are people called hackers with enough technical knowledge to be able to penetrate insecure networks with the intent of doing damage to the devices attached on the network and costing the company as much money as possible. Typical damage would involve changing the configuration of network devices such as servers and routers so that earnings where productivity is drastically reduced. Even worse, a hacker can gain access to sensitive information such as credit card details or client/patient records, they can even take control of your network based phone system and make expensive long distance calls at your expense. The damage done can cost your company thousands of pounds, if not more, over the space of a weekend alone.
At home, a hacker has less scope to do damage, but if you keep sensitive information on your PC, like credit card details or scanned images of important documents such as passports and driving licenses, it's clear to see that a hacker can cause you all sorts of grief.

There are a number of technologies and devices that can help keep your network safe:

Firewall
     A firewall uses a set of rules to allow or deny access to a network; typically a firewall lives inside of a router. This router is likely to be the peiece of hardware that sits on the edge of your network and provides access to the Internet. The set of rules are based on opening and closing ports relating to protocols; if the network users don't use a certain protocol, then the router will keep that port closed. 

Access Control Lists
     An access control list is very much like a firewall; it filters traffic based on a number of metrics contained within an IP packet. The Access Control List (ACL) will be configured to check each packets' source and destination IP address, also the source and destination port number. The network administrator will write the ACL, specifying which range of IP addresses can talk to which other range of IP addresses and which protocols they can use when communicating. This makes it very hard for a hacker to gain access around a network, where each router is doing its best to block unauthorised access.

Encryption
     Encryption is simple; an algorithm is used to turn meaningful information into a format that makes no sense and can only be decrypted by someone with access to the specific algorithm. Whenever sending sensitive information across the internet, it's advisable to send it using high levels of encryption.

WEP / WPA
     Nowadays, everyone has got a wireless network at home, allowing them to access the Internet using their laptop in any room. Protecting your wireless network is a must, otherwise anyone geographically close to you can connect to your network; this is a hackers paradise. Research has shown that WPA and the new version, WPA2, are far more secure than WEP. So when you're next setting up your wireless home router, make sure your security is set to WPA2.
     Simply following the aforementioned advice will stand you in good stead, your computer networks and information will be more secure. 

By: Miragetek

the network becomes unavailable; this can take a long time to fix, which translates to a loss of

Read More

netsh firewall show portopening

     A firewall is a software application, which is a gateway server on the network. It offers a unique level of protection against viruses and nasty infected with the virus that are based on unwanted incoming traffic to attack target computers. It does so by blocking communications to access your system without your permission. Some Microsoft operating systems like Windows XP and Windows Vista and Windows Server 2003 offers a free firewall for users to protect their computers.

     They are known as Windows Firewall and enables home networking and efforts to restrict access to your PC. Windows Firewall has as main purpose the maintenance of traffic between computer networks of different levels. It works most efficiently if it provides the proper configuration. Since no cost to use Windows Firewall which comes bundled with the operating system, you must activate it. If you opt for firewalls such as Norton, McAfee, ZoneAlarm or Comodo, must be chosen according to their work and personal needs. After selecting the firewall is setup.

     Installing a firewall requires careful consideration and planning, because this security system is most often placed on a critical path within a network topology. The next step required to configure the firewall. If you have any confusion during installation of the firewall, you may contact the computer center for assistance. They are certainly better options than doing all the wrong procedure. With a high proliferation of online services computer support, we need not look anywhere except the Internet. The list of good computer support centers to come after you type keywords, such as computer support, computer technical help or online help.computer centers will help not only help with installing the firewall, but also get your own done at any time. They are also available 24x7. Some online computer centers will help provide a complete package of computer support services that include everything you want for your computer and safety. All these characteristics make them superior and preferable to call an expensive technician to your premises or take your system to any showroom computer repair. 

     Here's a sample script that you can run from a command line (cmd.exe):
the following Netsh command will create a local firewall rule to allow certain addresses to FTP into a Windows Firewall-protected computer:
netsh firewall add portopening
protocol = TCP port = 21
name = FTP mode = ENABLE
scope = CUSTOM addresses =
192.168.0.0/255.255.255.0,
10.0.0.0/255.255.240.0

     Want to know which ports are open on your firewall? Just type this from a CMD line:
netsh firewall show portopening

 By: Seno Gendeng & IT administrators

Read More