Setting permissions on home drive folders

Scenario: Home drives were initially shared out on a Linux based NAS appliance.  The device fails, but the data remains intact. The data is recovered using a file copy utility.  The data is recovered… Yay!  All the NTFS-like file permissions are gone… 🙁

By the way, here’s a really good blog that details the required NTFS permissions for user home drives:

Automatic creation of user folders for home, roaming profile and redirected folders.

I get to fix these sorts of things!  Welcome to my world!

Now, I need to iterate through all of the folders and set them for each individual user.  Doing through the NTFS permissions GUI for each one is a Systems Administrator’s purgatory.  Needless to say, I’m not going to do that.  Wouldn’t it be better to script that?  I see a bunch of virtual heads nodding and I agree.

I’m going to do it using PowerShell module that was created by Raimund Andree.  Thank God for that cat!  You can get the module here: https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

More details on how to use the module to manage NTFS permissions can be found here: https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/22/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions/

$userFolderPath = "E:\User\"
$folders = Get-ChildItem $userFolderPath
foreach ($folder in $folders)
{
    $ADUser = Get-ADUser -Filter {Enabled -eq  $true -and SamAccountName -eq $folder.Name} -Properties CanonicalName
    if (-Not ($ADUser -eq $null))
    {
        $domain = $ADUser.CanonicalName.Substring(0,$ADUser.CanonicalName.IndexOf("."))
        $userSecurityPrincipal = $domain + "\" + $ADUser.SamAccountName
        $userFolder = $userFolderPath + $folder
        $userSecurityPrincipal + " => " + $userFolder
        Add-NTFSAccess -Path $userFolder -Account $userSecurityPrincipal -AccessRights FullControl
    }
}

Creating home drive folders for users without one

Of course I know that one can use the “Home folder” option in the Profile of the user in Active Directory.  Due to certain constraints of a situation I inherited, that’s really not an option for now.

I need to do it in bulk, for a bunch of active user accounts within a specific OU.  Additionally, I don’t know if the user has a folder or not.  Nor do I feel like waiting for these users to login and then have the folder created.

Luckily for me, I have a ton of storage and a single location for user home folders.  I simply want to walk through all the users in a specific OU, like “…this\path\to\my\ou\…”  If the folder does not exist, then go ahead and create it.

$homePath = "Q:\UserHome\"
$userHome = get-aduser -filter {enabled -eq $true} -properties SamAccountName,CanonicalName
foreach ($ADUser in $userHome)
{
  if ($ADUser.CanonicalName -like '*/myOu/Path/*')
  {
    $userHomePath = $homePath + $ADUser.SamAccountName
    if (-Not (Test-Path $userHomePath))
    {
      New-Item $userHomePath -Type Directory
    }
  }
}

Remove home drive folders for inactivated users

I ran into an challenge where there were tons of home folders for users that may or may not be active.  The folders were named according to the User ID used to login to user workstations.  In Active Directory, this was known as SamAccountName.

Going through Active Directory to find each user’s SamAccountName and then see if there’s a corresponding home drive folder would be tedious at best.  So, there must be a better way!

Here’s a script that will iterate through all the user folders in the “E:\User” folder and then remove deactivated user folders to the “E:\DeletedHomeDirectories” folder to be dealt with later.

<# RemoveFoldersWithoutUsers.ps1
By Frank Contreras
Use at your own risk
#>
$folders = Get-ChildItem "G:\UserShare\"
foreach ($folder in $folders) 
{
  $ADUser = Get-ADUser -Filter {Enabled -eq $true -and SamAccountName -eq $folder.Name}
  if ($ADUser -eq $null)
  {
    "Removing " + $folder
    $source = "G:\UserShare\"+$folder
    $destination = "E:\DeletedHomeDirectories\" + $folder.Name
    Move-Item -Path $source -Destination $destination
  }
}

Managing N-able agent on Mac

Starting and stopping the agent
===============================
The Mac OS X agent is started automatically during the system boot process. The operating system will ensure that the agent is restarted automatically in the event that it crashes or is killed. If necessary, it can be started and stopped manually using the launchctl utility.

To start or stop the agent processes using the launchctl utility, follow the following procedure:

As an administrator, open a terminal window and run the launchctl command:

sudo launchctl

Enter your login password when prompted.

To start the agent, enter the following:

load /Library/LaunchDaemons/com.n-able.agent-macosx.plist

To stop the agent, enter the following:

unload /Library/LaunchDaemons/com.n-able.agent-macosx.plist

Quit launchctl by typing control-d.

Viewing agent logs
==================
The agent writes logging information to “/var/log/N-able/N-agent/nagent.log”. The operating system will rotate this log daily and will retain only the previous five days of log files.

Uninstalling the agent
======================
To uninstall the agent, log in as an administrator user. Open a terminal window and run the following command:

sudo /Applications/N-agent.app/Contents/Daemon/usr/sbin/uninstall-nagent

NOTE: Uninstalling the agent by dragging the N-agent application folder to the trash is not recommended. This method of uninstalling the agent will fail if the agent is running and will not remove the launchd service startup files from /Library/LaunchDaemons.

Configure network settings on a new CentOS 7 server

  1. use the nmtui to configure the network connection.  Define the netmask in the ip address.
     Ex. 10.0.0.1/8 or 192.168.1.33/24
  2. Restart the network services for changes to take place:
    systemctl restart network.service.
  3. To be able to use the ifconfig command, install the net-tools
    yum -y install net-tools
  4. To be able to use the nslookup command, install the bind-utils
    yum -y install bind-utils
  5. Update the build
    yum -y update

SimpleSAMLphp setup on Windows 2008 – Install PHP

The application runs on PHP, so it will need to be installed on the server for Windows to run the scripts.
You should be able to go here for the latest PHP installer for IIS: http://php.iis.net/
Use the Web Platform Installer to automate the installation and configuration of PHP on your server.  You could do it manually, but it’s a pain.  The installer should be able to be found here;  http://www.microsoft.com/web/downloads/platform.aspx
Version 5.6.0 was used at the time of this writing.
Find the version of PHP you want to install and click the Add button.  Example: PHP 5.6.0.
WebPlatformInstaller
If dependent components are missing, they will be listed to be included with the PHP installation.  Go ahead and click the “I Accept” button.
WpiPrerequisites
After the installation completes, you’ll be presented with a summary page of the pieces that were installed.  Click on Finish.
WpiInstallerWorking.png
Use PHP Manager in IIS Manager to finish configuring PHP:
PhpManagerInIis.png
Set recommendations for adding index.php to default file and automatically reset php when config.php is updated.  Click on the “View recommendations.” link.
PhpSetup
Click on the “Enable or disable and extension” link.
PhpExtensionsLink
Use “Enable or disable and extension” to drill down and enable LDAP Extension:
EnableLdap1
EnableLdap2
LDAP will be the protocol used by SimpleSAMLphp to get user information from Active Directory when authenticating.
Next we will look at installing the SimpleSAMLphp application.

Set JAVA_HOME on Linux

http://mshsoftware.com/site/kb/set-java-home-on-linux.html

How to set $JAVA_HOME variable on Linux

Article based on:

  • Linux Mint 14
  • Java 1.7

Should work on any Linux and Java version: Ubuntu, RedHat, CentOS, SUSE, ArchLinux, Debian, Fedora etc.

1. Install Java

If you have already installed Java then skip to point 3.

Before continue make sure you don’t have installed Java.

Open terminal and invoke:

whereis java

command. If you do not have Java then you will see:

java:

That will mean you DONT have Java.

Download Java from here or use your package manager to install it.

2. Java location

By default Java is located in

/usr/lib/jvm/java-<version>

directory.

3. Set $JAVA_HOME variable

To set JAVA_HOME only in actual shell session, invoke command:

export JAVA_HOME=/usr/lib/jvm/java-<version>

To persist this environment variable edit vi ~/.bash_profile file, and add JAVA_HOME definition:

JAVA_HOME=/usr/lib/jvm/java-<version>

Save and relogin to apply changes.

 

 

http://www.cyberciti.biz/faq/linux-unix-set-java_home-path-variable/

Install phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Visit the phpMyAdmin website for more information.
At the terminal, enter the following:
Elevate to root access

su -

Install phpMyAdmin

yum install phpmyadmin

Change the the /etc/httpd/conf.d/phpMyAdmin.conf  file to allow remote administration:

#Order Allow,Deny 
#Deny from all
Allow from 127.0.0.1

Restart the apache server

service http restart

From a browser, go to

http:///phpmyadmin">http://<server>/phpmyadmin

Deploying clients by using Remote Push

Reposted from here.
Deploying clients by using Remote Push

Remote Push lets you control the client installation. Remote Push pushes the client software to the computers that you specify. Using Remote Push requires knowledge of how to search networks to locate computers by IP address or computer names.

See About client deployment methods.

Remote Push perforåms the following actions:

• Select an existing client installation package or create a new installation package.

• For new installation packages, configure package deployment settings

• Locate computers on your network.

Remote Push locates the computers that you specify or the computers that are discovered to be unprotected.

• Push the client software to the computers that you specify.

To push the client software, you should use a domain administrative account if the client computer is part of an Active Directory domain. Remote Push Installation requires elevated privileges.

See Preparing Windows operating systems for remote deployment.

• Install the client software on the computers.

The installation automatically begins on the computers.

You may start the client deployment from the console.

To deploy clients by using Remote Push

1. In the console, click Home.

2. On the Home page, in the Common Tasks menu, select Install protection client to computers. The Client Deployment wizard starts.

3. In the Welcome to the Client Deployment Wizard pane, select whether a new or an existing package is used and click Next.

4. For a new installation package, select the client version, the feature set, the client group and content options, and then click Next.

5. Click Remote Push, and then click Next.

6. Locate the computers to receive the client software, and then click >> to add the computers to the list.

To browse the network for computers, click Browse Network.

To find computers by IP address or computer name, click Search Network, and then click Find Computers.

Authenticate with the domain or workgroup if prompted.

7. Note:

8. You can set a timeout value to constrain the amount of time the server applies to a search.

9.

10. Click Next.

11. Click Send to push the client software to the selected computers.

12. Wait while the client software is pushed to the selected computers.

13. Click Finish.

The installation starts automatically on the client computers. The installation takes several minutes to complete.

14. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.

See Restarting client computers.

15. Confirm the status of the deployed clients.

See Viewing client inventory.

 

 

 

 

 

Article URL http://www.symantec.com/docs/HOWTO55065

How do you migrate computers from one Notification Server (6.x) to another?

Reposted from here.

Question
How can I migrate my computers from one Notification Server to another? I am not sure if I will keep the same Notification Server name or if I will change it. Also, if I already changed to a new Notification Server with a different name but I forgot to migrate my computers first, what can I do to fix this?Answer

Note: If you need to migrate computers from NS6 to NS7, please see Article ID: 46332 “How to migrate client machines with the Altiris Agent from NS6 to NS7?”

If you are keeping the same Notification Server name, no further actions are required for the Altiris Agents. Altiris Agents will resolve the same server name via DNS even though it is a new server. If the IP Address is changing for your server, but it is the same server name, DNS should resolve it. If you are not sure DNS will resolve the server name, try step 1 below. If you are changing the server name to something else, you could do a few things.

  1. If you are still able to have access to the old Notification Server, you can redirect the Altiris Agents to the new Notification Server.
    • Specify an alternate URL for the Altiris Agent to use to access the NS.
    • Go to Configuration tab > Altiris Agent > Altiris Agent Configuration
    • On Advanced Settings, check the box for the option where you can specify an Alternate Notification Server. If you want (just to make sure), add here the new IP Address even though the server name may be the same.
    • Write the new server information and click on Apply.
  2. If you already disposed the old Notification Server and you didn’t migrate your Altiris Agent to talk to the new server, you may need to create a login script or VB script that uses AexAgentUtil.exe with the ‘/Server:’ switch to change the server name. The default location on Altiris Agent 6.0 for the AeXAgentUtil.exe is C:/Program Files/Altiris/Altiris Agent. Here are a few options to use this switch:
    • AexAgentutil.exe /server:NewServer
    • Sometimes you can add the /web switch to the script:
      AeXAgentUtil.exe /server:myservername.domain.com /web:http://myservername.domain.com/Altiris

      Note: If you are not familiar in how to create a script, check under C:\Program Files\Altiris\Notification Server\NSCap\Bin\Win32\X86\Agent Push LogonScript\PushAltirisAgentInstall for examples on one of those scripts or see article 28226, “Install the Altiris Agent using a Login Script.”

    An example would be:
    AeXAgentUtil.exe /server:myservername.domain.com  

  3. Remove the Altiris Agents from your client computers and install them after you moved the Notification Server to the new computer.

    Note: If you have access to a Deployment Server, you can create a job that pushes a script to change the Notification Server name on your client computers. Also, you can use the Task Server to push a script or a command to those client computers.

  4. If you are planning to move between domains, please see Article ID: 29334 “How to manage computers from different domains (without trust relationship between domains) from a single Notification Server” for more details.

Note: Here are also some other articles that may apply to this task of moving from one Notification Server to another:

Article 21789, “Steps to move Notification Server 6.0 SP3 from one server to another”

Article 20213, “How to move an existing Altiris NS 6.x database from one SQL server to a new SQL server”

 

Career and Professional Website