Remote Symbolic Links – Redirecting fileserver data

So we had this problem, several of our Windows 2008 R2 fileservers were running full and due to technical issues (old hardware) replacing the disks became VERY expensive.

So alternatives, I started to thing – hey, lets create an “ISCSI drive” on a remote datacenter server, mount the ISCSI drive into the directory structure as a mountpoint named “Archive” or something.  Now users could put “old” archival data here, thus removing it from the server but still being available – clever 😀  A few issues crept up however, when creating an ISCSI target on a Windows 2008 R2 server this is “terminated” as a VHD file – this proved annoying (eg for backup etc), besides a friend of mine pointed out that they had tried something similar once – sadly if connectivity was sketchy this could cause the fileserver to hang as it was unable to connect to the iscsi target.

My friend however pointed out that he had had success with using “Links”, right – I have heard of these Junction points and symbolic links, but never really found any real good use for it.  But it turn out you can create a symbolic link from the directory structure on one server, pointing to a share on a different server.

So eg. O:\ could have a lot of directories, however we also make a Symbolic Link there named “Archive” – if you now perform a dir you will find all the subdirectories, however you will also find O:\Archive which looks just like a directory (the icon gets a screwy arrow but thats all) however it’s not, it is instead a “pointer” to a share on a different server (this share we can easily backup and maintain).

So the command to use is;

MKLINK /D <NAME> \\<SERVERNAME>\Sharename

2017-02-04 23_22_50-mRemoteNG - confCons.xml

eg,  MKLINK /D HyperVisor5 \\SECRETSERVER\aarhus

HyperVisor5 is the name the directory will get locally the /D indicate it is a directory junction, and the link will point to \\SECRETSERVER\aarhus (aarhus is the share name on the SECRETSERVER)..

2017-02-04 23_23_46-mRemoteNG - confCons.xml

Ohh that was easy you say, yeah – well – it did not work 🙁

2017-02-04 23_18_39-mRemoteNG - confCons.xml

When a workstation attempted to access a mapped drive (eg. O:\Archive) it would get the above error.

A bit of googleing let to;
https://blogs.msdn.microsoft.com/junfeng/2012/05/07/the-symbolic-link-cannot-be-followed-because-its-type-is-disabled/

And the solution was simple enough, you need to execute this command on the workstation that has the problem;

2017-02-04 23_46_00-mRemoteNG - confCons.xml

(the command above the yellow one show the state of your computer)

And now your workstation can browse the directory (which is actually a pointer to a share on a different server) just like it was on the local server.

This should also be controllable via Group Policy, however I have not had the chance to test it yet;

https://technet.microsoft.com/en-us/library/5c7ffdb9-7066-4bdf-bc7d-eded8db2ce82
The symlink evaluation settings can also be controlled via Group Policy. Go to Computer Configuration > Administrative Templates > System > Filesystem and configure “Selectively allow the evaluation of a symbolic link”.

 

 

New USB security tool, BeamGun..

USB SecurityBeamGun – So what is it all about, and do I need it?

Well, to answer the latter first – “maybe”,  if you could ever see yourself inserting a USB key you found somewhere, or if other people have access to your computer….

Background;

All modern computers have USB ports, you can attach all sorts of wonderful devices to USB ports – like mouse and keyboards, well imagine if someone made a device that looked like a USB key, however it actually emulated a keyboard – when you would plug this into your USB port it would tell your computer “Hey, I am totally a USB keyboard, honestly..”, and your computer would say “Hey that is cool, go ahead and be my second keyboard…”. So far so good, however, now this totally honest “keyboard” would start typing commands and your computer not knowing any better would think that it was you typing. So, long story short – any device looking like a USB key that is inserted into your computer has a chance to be an evil “Rubber Ducky USB” (that is the name under which many of these are actually sold), so someone either hands you a USB device and convince you to insert it (hey can you look at the report I just made) – or distracts you for a second and insert the USB device to your computer – BOOM and you are owned – in benign cases it just adds some practical joke (like switch your desktop background etc), but if evil it steals passwords etc. and it is very likely your Antivirus will not pick it up as it will look like commands issued from the local keyboard.

Sadly “no”, this is not Sci-Fi nor expensive, the script kiddie version of USB keys like this cost around 50$ but if you have real coding skills you can do it for 1-3$ 🙁

Ok, so anyone inserting a foreign USB device to your machine could be “hacking you”, or if you find an abandoned/lost USB key and insert it you may cause yourself to be hacked/compromised.

The tool;

https://github.com/JLospinoso/beamgun

2017-01-25 22_49_04-Greenshot

BeamGun to the rescue – BeamGun is actually rather nifty, it will monitor your computer – and the moment a new “keyboard” (or something emulating a keyboard) is inserted, it will lock your computer and block the device, it will also show anything this device was trying to do in a popup window.

Mind you, it is an early version and seem a bit rough around the edges, but if you are in the “risk” group this may be a tool you would want to install.  But it works (yes I tested it, however it is difficult to show screenshots as the software does a great job of protecting your computer while it display its warning).

Want to see more about these “Rubber Ducky USB” devices, take a look at this video;
https://youtu.be/4kX90HzA0FM
Something similar is also shown in the popular tv-show “Mr Robot”

Want to aspire as an evil hacker (or totally own your friends), buy your own “USB Rubber Ducky” here (yes its actually that simple);
https://hakshop.com/products/usb-rubber-ducky-deluxe

 

Links;

https://youtu.be/4kX90HzA0FM

https://github.com/JLospinoso/beamgun

https://hakshop.com/products/usb-rubber-ducky-deluxe

 

 

Wipe free space

cipher

Let’s imagine you need to turn over your old computer to friends or family, you for some reason do not wish to re-install Windows all over – well there is a middelground that I imagine could be used in case it’s close friends or relatives.  Remove all your personal stuff, documents, mails etc. from the computer, remember to empty the recycle bin, clear all browser caches and clear restore points – if possible create a new user and from this delete your old user profile.  Final step is to run the command below, this will wipe all free space on the disk – the command is a buildin Windows command that was introduced back in WinXP, so no need for additional software etc.  Is it safe enough?  Well as I say, if it is close relatives or friends it may be ok as long as you are sure that all sensetive data is removed, but I would likely not advice this for a computer you sell etc.  Again, it all depends.

Command to issue;

Cipher /w:c:

(for the C: drive, replace C: with other drivelettes as you need).

Those darn sticky dead USB thingy’s

Have you ever had a USB device that for the life of you would not work properly, perhapes even only on one specific computer!? Well, sometimes it’s caused by drivers that somehow malfunction and it can be a hell to debug.

Anyhow, I stumbled across this util that promises to remove all traces of a usb device from a machine, I think I will keep this in mind for next time I experience one of these driver nightmares.

https://code.google.com/p/usboblivion/

 

MS – Direct Access Debugging

Debugging Microsoft Direct Access can be a pain, Microsoft however did release a utility to make this a little easier..DA_DEBUG

Microsoft Windows DirectAccess Client Troubleshooting Tool
http://www.microsoft.com/en-us/download/details.aspx?id=41938

Be sure to click the “enable debug mode” before scanning to get all the juicy details.

DA_DEBUG2

WSUS on a stick – Windows Update Downloaded

In the good old days you could install SUS on your “home” server and have your own Windows update repository, however after WSUS version “whatnot” the requirements for WSUS has by far outgrown what I wish to allocate on my home/test rig..  Hell I only have 3 machines and a few servers anyhow….

Never the less, when installing new test VM’s etc it would be nice to avoid all the patching since SP1 :-/ well, now you can 🙂

 

Martin over at Ghacks.net has reviewed an excellent utility that will do JUST that 🙂

http://www.ghacks.net/2013/01/03/windows-offline-update-8-0-released/

http://www.ghacks.net/2011/02/25/wsus-windows-offline-update-updated/

 

Further uses is as he describe that you can download all patches for an OS (pt. Win 7 = 1.8GB since SP1) and put it on a stick so you can patch your friends and family’s machines with minimal Internet impact.

For now I have installed the thing and tried downloading patches for Windows 7, it seemed to work flawlessly – but I will try to do some install testing and see how this works out.  Looks solid enough though.

Project web site;

http://www.wsusoffline.net/

Search and you shall find – Windows 7 search improved 10 fold

When I first installed Windows Vista I was annoyed with the changes to the search ability of Windows, this experience did not improve under Windows 7 quite to the opposite actually..  The thing is, if you allow indexing of your drives searching is bearable – however if you like me have several terrabytes of data then Windows will never stop indexing, and the constant ‘ticking’ of the harddrive was driving me insane.

For a long time I decided to just live the very basic search ability in Windows 7/vista, it is quite possible to search for filenames and extentions – however the other day I really needed the ability to search for files containing a special text string – something that is impossible if you have turned indexing off (as far as I have been able to figure out).  So after googling the subject I found several different utilities that could remedy this, however most at a price of around $25, now normally I don’t mind paying for something useful however as I use this quite seldom I decided to keep googling 🙂

And I am pleased to announce that not only did I find something free it is awesome 😀

Your search ends here;  http://www.nirsoft.net/utils/search_my_files.html


This utility is just brilliant and offers you tons of different search options..

tags; Windows, Search, Within, Text, Content

Curse Microsoft for their stupid changes to the basic Windows Search.

Time registration / Time management / Time tracking with Grindstone

Do you for some reason need to keep track of your time?

Let’s say you work in a helpdesk and need to keep track of what you spend your time on, or perhaps you are an independent consultant and need to register when you use time on clients.  There is a lot of reasons why you may need this.

Anyway here is a very cool free utility to assist you in doing just this, it is very easy and intuitive to use and implement.

Watch and learn 🙂

Software can be downloaded here;
http://www.epiforge.com/Grindstone/


 

HP Softpaq driver utility

If you have the need to download HP drivers, especially for more than one model or for both 32/64 bit then this utility is something for you.

This utility allow you to download drivers for any number of models at the same time without needing to visit the HP web-site which can be a bit of a hassle if you need to visit each model page.

Links;
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=4138087&prodNameId=4137878&swEnvOID=4060&swLang=13&mode=2&taskId=135&swItem=ob-97225-1

Or
http://www.google.com/search?q=SoftPaq+site%3Ahp.com&ie=utf-8&oe=utf-8&aq=t

iPhone Configuration Utility – easy configuration of iPhones/iPads

You may be an IT administrator or just the person in charge of helping your users (or friends for that matter) configuring iPhones.  Now setting up an iPhone is not hard once you have tried it once or twice, but it is still time consuming and lets face it not very fun, well imagine that you had a piece of software in which you could prepare the configuration and then just sms the configuration to anyone?  Well it is almost as easy as that 🙂  and best of all, I will show you how 😀

What you need is the “iPhone configuration utility” from Apple, you will find it here;
http://www.apple.com/support/iphone/enterprise/

Now you install this and are set to go, with this software you can create configurations for the iPhone (or iPad) and by connecting the device to your machine you can transfer the settings directly, this is easy enough but as mentioned you can do even better – you can send the configuration over the internet – the latter however require a web-server and maybe a little more skill that the average home user.

Anyhow, if you are an IT administrator etc. and need to setup a log of iPhones, then this is interesting for you..  You create a configuration with “iPhone configuration utility” and upload this to a web-server, eg. as http://www.webserver.com/iphonesettings.mobileconfig and now you can just sms the link to this page/file to new employees or BOD “bring your own device” users.  Now one word of caution though, if you publish your config this way you MUST omit ANY sensitive information like email, domain name, username and passwords, this however is not a problem – any information not entered will just be prompted – so if you omit the username and password the user will just be prompted for this when installing the configuration (information like this is likely known by the user, or could be included in the sms).  That some outside user may be able to read what mailserver you use is not really a problem, this information is already public knowledge via eg. NSLOOKUP – so there is really no security issue with this unless you include passwords etc. which you should avoid as mentioned.

The settings set this way are entered into the phone as a “Profile”, you can configure that this “Profile” can be removed “Anytime”, “Via Password” or “Never” (never mean that you need to reset the device to remove), if you remove the “Profile” it will also remove all data related to the profile (eg. if email settings was part of a profile, it will also remove the emails as part of the removal – but if you setup additional email’s manually these will be left alone).

What can you configure;
Almost anything, just to mention a few things; Email, VPN, WiFi, Policies (you can enforce password etc. etc.).

See my walktrough here for more details etc;

 

Ps.
If you upload the configuration to a webserver, you may need to set the mime type and remember to NOT change the extention of the file (.mobileconfig).