Remove home drive folders for inactivated users

I ran into an challenge where there were tons of home folders for users that may or may not be active.  The folders were named according to the User ID used to login to user workstations.  In Active Directory, this was known as SamAccountName.

Going through Active Directory to find each user’s SamAccountName and then see if there’s a corresponding home drive folder would be tedious at best.  So, there must be a better way!

Here’s a script that will iterate through all the user folders in the “E:\User” folder and then remove deactivated user folders to the “E:\DeletedHomeDirectories” folder to be dealt with later.

<# RemoveFoldersWithoutUsers.ps1
By Frank Contreras
Use at your own risk
#>
$folders = Get-ChildItem "G:\UserShare\"
foreach ($folder in $folders) 
{
  $ADUser = Get-ADUser -Filter {Enabled -eq $true -and SamAccountName -eq $folder.Name}
  if ($ADUser -eq $null)
  {
    "Removing " + $folder
    $source = "G:\UserShare\"+$folder
    $destination = "E:\DeletedHomeDirectories\" + $folder.Name
    Move-Item -Path $source -Destination $destination
  }
}

Managing N-able agent on Mac

Starting and stopping the agent
===============================
The Mac OS X agent is started automatically during the system boot process. The operating system will ensure that the agent is restarted automatically in the event that it crashes or is killed. If necessary, it can be started and stopped manually using the launchctl utility.

To start or stop the agent processes using the launchctl utility, follow the following procedure:

As an administrator, open a terminal window and run the launchctl command:

sudo launchctl

Enter your login password when prompted.

To start the agent, enter the following:

load /Library/LaunchDaemons/com.n-able.agent-macosx.plist

To stop the agent, enter the following:

unload /Library/LaunchDaemons/com.n-able.agent-macosx.plist

Quit launchctl by typing control-d.

Viewing agent logs
==================
The agent writes logging information to “/var/log/N-able/N-agent/nagent.log”. The operating system will rotate this log daily and will retain only the previous five days of log files.

Uninstalling the agent
======================
To uninstall the agent, log in as an administrator user. Open a terminal window and run the following command:

sudo /Applications/N-agent.app/Contents/Daemon/usr/sbin/uninstall-nagent

NOTE: Uninstalling the agent by dragging the N-agent application folder to the trash is not recommended. This method of uninstalling the agent will fail if the agent is running and will not remove the launchd service startup files from /Library/LaunchDaemons.

Configure network settings on a new CentOS 7 server

  1. use the nmtui to configure the network connection.  Define the netmask in the ip address.
     Ex. 10.0.0.1/8 or 192.168.1.33/24
  2. Restart the network services for changes to take place:
    systemctl restart network.service.
  3. To be able to use the ifconfig command, install the net-tools
    yum -y install net-tools
  4. To be able to use the nslookup command, install the bind-utils
    yum -y install bind-utils
  5. Update the build
    yum -y update

SimpleSAMLphp setup on Windows 2008 – Install PHP

The application runs on PHP, so it will need to be installed on the server for Windows to run the scripts.
You should be able to go here for the latest PHP installer for IIS: http://php.iis.net/
Use the Web Platform Installer to automate the installation and configuration of PHP on your server.  You could do it manually, but it’s a pain.  The installer should be able to be found here;  http://www.microsoft.com/web/downloads/platform.aspx
Version 5.6.0 was used at the time of this writing.
Find the version of PHP you want to install and click the Add button.  Example: PHP 5.6.0.
WebPlatformInstaller
If dependent components are missing, they will be listed to be included with the PHP installation.  Go ahead and click the “I Accept” button.
WpiPrerequisites
After the installation completes, you’ll be presented with a summary page of the pieces that were installed.  Click on Finish.
WpiInstallerWorking.png
Use PHP Manager in IIS Manager to finish configuring PHP:
PhpManagerInIis.png
Set recommendations for adding index.php to default file and automatically reset php when config.php is updated.  Click on the “View recommendations.” link.
PhpSetup
Click on the “Enable or disable and extension” link.
PhpExtensionsLink
Use “Enable or disable and extension” to drill down and enable LDAP Extension:
EnableLdap1
EnableLdap2
LDAP will be the protocol used by SimpleSAMLphp to get user information from Active Directory when authenticating.
Next we will look at installing the SimpleSAMLphp application.

Set JAVA_HOME on Linux

http://mshsoftware.com/site/kb/set-java-home-on-linux.html

How to set $JAVA_HOME variable on Linux

Article based on:

  • Linux Mint 14
  • Java 1.7

Should work on any Linux and Java version: Ubuntu, RedHat, CentOS, SUSE, ArchLinux, Debian, Fedora etc.

1. Install Java

If you have already installed Java then skip to point 3.

Before continue make sure you don’t have installed Java.

Open terminal and invoke:

whereis java

command. If you do not have Java then you will see:

java:

That will mean you DONT have Java.

Download Java from here or use your package manager to install it.

2. Java location

By default Java is located in

/usr/lib/jvm/java-<version>

directory.

3. Set $JAVA_HOME variable

To set JAVA_HOME only in actual shell session, invoke command:

export JAVA_HOME=/usr/lib/jvm/java-<version>

To persist this environment variable edit vi ~/.bash_profile file, and add JAVA_HOME definition:

JAVA_HOME=/usr/lib/jvm/java-<version>

Save and relogin to apply changes.

 

 

http://www.cyberciti.biz/faq/linux-unix-set-java_home-path-variable/

Install phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Visit the phpMyAdmin website for more information.
At the terminal, enter the following:
Elevate to root access

su -

Install phpMyAdmin

yum install phpmyadmin

Change the the /etc/httpd/conf.d/phpMyAdmin.conf  file to allow remote administration:

#Order Allow,Deny 
#Deny from all
Allow from 127.0.0.1

Restart the apache server

service http restart

From a browser, go to

http:///phpmyadmin">http://<server>/phpmyadmin

Deploying clients by using Remote Push

Reposted from here.
Deploying clients by using Remote Push

Remote Push lets you control the client installation. Remote Push pushes the client software to the computers that you specify. Using Remote Push requires knowledge of how to search networks to locate computers by IP address or computer names.

See About client deployment methods.

Remote Push perforåms the following actions:

• Select an existing client installation package or create a new installation package.

• For new installation packages, configure package deployment settings

• Locate computers on your network.

Remote Push locates the computers that you specify or the computers that are discovered to be unprotected.

• Push the client software to the computers that you specify.

To push the client software, you should use a domain administrative account if the client computer is part of an Active Directory domain. Remote Push Installation requires elevated privileges.

See Preparing Windows operating systems for remote deployment.

• Install the client software on the computers.

The installation automatically begins on the computers.

You may start the client deployment from the console.

To deploy clients by using Remote Push

1. In the console, click Home.

2. On the Home page, in the Common Tasks menu, select Install protection client to computers. The Client Deployment wizard starts.

3. In the Welcome to the Client Deployment Wizard pane, select whether a new or an existing package is used and click Next.

4. For a new installation package, select the client version, the feature set, the client group and content options, and then click Next.

5. Click Remote Push, and then click Next.

6. Locate the computers to receive the client software, and then click >> to add the computers to the list.

To browse the network for computers, click Browse Network.

To find computers by IP address or computer name, click Search Network, and then click Find Computers.

Authenticate with the domain or workgroup if prompted.

7. Note:

8. You can set a timeout value to constrain the amount of time the server applies to a search.

9.

10. Click Next.

11. Click Send to push the client software to the selected computers.

12. Wait while the client software is pushed to the selected computers.

13. Click Finish.

The installation starts automatically on the client computers. The installation takes several minutes to complete.

14. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.

See Restarting client computers.

15. Confirm the status of the deployed clients.

See Viewing client inventory.

 

 

 

 

 

Article URL http://www.symantec.com/docs/HOWTO55065

How do you migrate computers from one Notification Server (6.x) to another?

Reposted from here.

Question
How can I migrate my computers from one Notification Server to another? I am not sure if I will keep the same Notification Server name or if I will change it. Also, if I already changed to a new Notification Server with a different name but I forgot to migrate my computers first, what can I do to fix this?Answer

Note: If you need to migrate computers from NS6 to NS7, please see Article ID: 46332 “How to migrate client machines with the Altiris Agent from NS6 to NS7?”

If you are keeping the same Notification Server name, no further actions are required for the Altiris Agents. Altiris Agents will resolve the same server name via DNS even though it is a new server. If the IP Address is changing for your server, but it is the same server name, DNS should resolve it. If you are not sure DNS will resolve the server name, try step 1 below. If you are changing the server name to something else, you could do a few things.

  1. If you are still able to have access to the old Notification Server, you can redirect the Altiris Agents to the new Notification Server.
    • Specify an alternate URL for the Altiris Agent to use to access the NS.
    • Go to Configuration tab > Altiris Agent > Altiris Agent Configuration
    • On Advanced Settings, check the box for the option where you can specify an Alternate Notification Server. If you want (just to make sure), add here the new IP Address even though the server name may be the same.
    • Write the new server information and click on Apply.
  2. If you already disposed the old Notification Server and you didn’t migrate your Altiris Agent to talk to the new server, you may need to create a login script or VB script that uses AexAgentUtil.exe with the ‘/Server:’ switch to change the server name. The default location on Altiris Agent 6.0 for the AeXAgentUtil.exe is C:/Program Files/Altiris/Altiris Agent. Here are a few options to use this switch:
    • AexAgentutil.exe /server:NewServer
    • Sometimes you can add the /web switch to the script:
      AeXAgentUtil.exe /server:myservername.domain.com /web:http://myservername.domain.com/Altiris

      Note: If you are not familiar in how to create a script, check under C:\Program Files\Altiris\Notification Server\NSCap\Bin\Win32\X86\Agent Push LogonScript\PushAltirisAgentInstall for examples on one of those scripts or see article 28226, “Install the Altiris Agent using a Login Script.”

    An example would be:
    AeXAgentUtil.exe /server:myservername.domain.com  

  3. Remove the Altiris Agents from your client computers and install them after you moved the Notification Server to the new computer.

    Note: If you have access to a Deployment Server, you can create a job that pushes a script to change the Notification Server name on your client computers. Also, you can use the Task Server to push a script or a command to those client computers.

  4. If you are planning to move between domains, please see Article ID: 29334 “How to manage computers from different domains (without trust relationship between domains) from a single Notification Server” for more details.

Note: Here are also some other articles that may apply to this task of moving from one Notification Server to another:

Article 21789, “Steps to move Notification Server 6.0 SP3 from one server to another”

Article 20213, “How to move an existing Altiris NS 6.x database from one SQL server to a new SQL server”

 

How are User Locations, Departments, Inventory, and Services populated in ServiceDesk?

Reposted from here.

Question

When making a ServiceDesk advanced incident, there are fields for the User’s Location, Department, Inventory, and Services. These may be empty or are not populated correctly. You want to know how to populate these fields in order to use them.

Answer

ServiceDesk does not manage data for the User’s Location, Department, Inventory, or Services fields*. These fields come from the CMDB Solution product in the Symantec Management Console and must be populated there first to be later used in ServiceDesk. Then, when a primary contact is selected for an advanced ticket in ServiceDesk, these fields are automatically populated with their CMDB data. Also, ServiceDesk does not sync this data from CMDB into ServiceDesk’s database, but copies CMDB data to tickets when a user is selected.

* The Location field is also an actual field in ServiceDesk for its users. This is not imported from Active Directory in the ServiceDesk AD sync as there is no out of the box Location field in AD. If this field is manually populated, and no Location field has been assigned to the user in CMDB, this field can then be entered automatically when selecting a primary contact in an advanced ticket. However, it is recommended that the Location be populated in CMDB for the users instead of doing this in ServiceDesk.

CMDB can populate data into its fields by one of the following:

1.The Symantec Management Platform’s Active Directory (AD) sync. This is found at Settings > All Settings > Notification Server > Microsoft Active Directory Import.
2.A Data Connector Solution product Import Rule. This is found at Settings > All Settings > Notification Server > Connector > Import/Explort Rules. A Data Connector rule can connect to an external non-Symantec database or use files, such as an Excel .xls file, to import data into CMDB.
3.Data imported in from Altiris Basic and Inventory Solution Agents.
4.Manual entry into CMDB. (The areas for manual CMDB entry are described below.)
Locations and Departments

Locations and Departments can be accessed by ServiceDesk by adding data to CMDB’s Location and Department areas.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Organizational Types > Location, or > Department.
Inventory (i.e., resources, assets, computers, monitors, etc.)

Inventory can be accessed by ServiceDesk by adding an associated user to a resource in CMDB.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Computers and Peripherals > Computer.
3.Select a computer and right click and choose Edit.
4.Add a user to the Asset Owners field.
5.Click on the Save changes button.
6.Click on the Done button.
Services

Services can be accessed by ServiceDesk by adding data to CMDB’s Service area.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Datacenter Types > Service.
Related Field: Office Name

ServiceDesk users have a field called Office Name. This can be populated by ServiceDesk’s AD sync, or manually. However, this field is not available on an advanced ticket.

Troubleshooting

•If recent changes to CMDB fields are not appearing in ServiceDesk, reset server extensions and then reset IIS on the ServiceDesk server. Otherwise, after IIS next refreshes automatically, these fields will be updated with their current data. For example, if a Location is removed, it may still appear in ServiceDesk until the next IIS refresh occurs. Also, if IIS has been modified to increase the amount of time that it peforms an automatic check, it may be necessary to perform this procedure to force the CMDB fields to be seen by ServiceDesk, even if the values have been present in CMDB for some time. Likewise, if there is an issue with IIS updating correctly, or, its cache timeout has been extended, this may impact CMDB data being able to be seen by ServiceDesk. Verify that the default cache timers are set correctly, which can be found by reviewing the following article:

How to increase the page cache times for ServiceDesk and Workflow
http://www.symantec.com/business/support/index?page=content&id=HOWTO9818
 
•Verify that the user that is picked for the primary contact is the same user that has populated data in CMDB. Compare the NT ID (domain\username) and email address in both locations to establish if a different user was selected by accident in ServiceDesk.
•If no CMDB data is being found, verify that “Use CMDB7” was selected during the ServiceDesk install and that IsUsingAMS is enabled. If not, this will result in CMDB data not being used in ServiceDesk.

 
1.In ServiceDesk, go to Admin > Data > Application Properties.
2.Click on the action button and then click on Display Definition Values, for the ServiceDeskSettings entry. Note: If no ServiceDesk settings are present, this indicates a failed installation. Try performing an Upgrade install to reinstall ServiceDesk. If this fails, a new install will likely be needed. For more information on how to perform a new install, refer to the following article:

How to Install and run ServiceDesk 7.0 MR2 with a domain account instead of
local system account
http://www.symantec.com/business/support/index?page=content&id=HOWTO31346
 
3.Click on the action button and then on Edit Values.
4.Verify that IsUsingAMS is enabled. This is located under the Services category. If it is not enabled, click to enable it.
5.If changes were made, click on the Save button.
•Run the ServiceDeskDataServices.asmx file directly on the ServiceDesk server to find what CMDB data is able to be accessed.
1.Open a web browser on the ServiceDesk server.
2.Enter the following URL:

http://localhost/SD.DataServices/ServiceDeskDataServices.asmx
 
3.Select the data type to test. For example, click on SearchLocations.
4.Click on the Invoke button.
5.A new page will open with HTML code. In this, the data, for example Locations, should appear. If not, then CMDB data is not able to be accessed by the ServiceDesk server.
 
•Verify that the Notification Server that is being used by ServiceDesk for licensing is where the CMDB data is stored at.
1.In Windows, click on the Start button > Altiris > Workflow Designer > Workflow Designer.
2.Click on the Plugins menu > Notifcation Servers Credentials.
3.Verify that the NS Server Name value is the Notification Server where CMDB data is stored at. If not, either the data must be added at the other Notification Server listed, or, the ServiceDesk license must be transferred to the Notification Server that does have the data.
4.Remove and add in the correct server that has CMDB data and the ServiceDesk license as necessary.
5.If the listed server does have the CMDB data, however, remove the entry anyway, and then re-add it.
6.Close the window after making any changes. Note: It may take a minute or two for the window to close. This is normal.
7.Right click on the Task Tray Application and then click on Restart Server Extensions.
8.In Windows, click on the Start button > Run.
9.Type iisreset and then click on the OK button.
 
•Customizations to the SD.DataServices project may also result in issues even if these were working successfully earlier. If the SD.DataServices project has been customized, temporarily revert back to the out of box version to verify if the customizations are the issue. The following article describes how to backup and restore projects:

Career and Professional Website