SimpleSAMLphp setup on Windows 2008 – Install PHP

The application runs on PHP, so it will need to be installed on the server for Windows to run the scripts.
You should be able to go here for the latest PHP installer for IIS: http://php.iis.net/
Use the Web Platform Installer to automate the installation and configuration of PHP on your server.  You could do it manually, but it’s a pain.  The installer should be able to be found here;  http://www.microsoft.com/web/downloads/platform.aspx
Version 5.6.0 was used at the time of this writing.
Find the version of PHP you want to install and click the Add button.  Example: PHP 5.6.0.
WebPlatformInstaller
If dependent components are missing, they will be listed to be included with the PHP installation.  Go ahead and click the “I Accept” button.
WpiPrerequisites
After the installation completes, you’ll be presented with a summary page of the pieces that were installed.  Click on Finish.
WpiInstallerWorking.png
Use PHP Manager in IIS Manager to finish configuring PHP:
PhpManagerInIis.png
Set recommendations for adding index.php to default file and automatically reset php when config.php is updated.  Click on the “View recommendations.” link.
PhpSetup
Click on the “Enable or disable and extension” link.
PhpExtensionsLink
Use “Enable or disable and extension” to drill down and enable LDAP Extension:
EnableLdap1
EnableLdap2
LDAP will be the protocol used by SimpleSAMLphp to get user information from Active Directory when authenticating.
Next we will look at installing the SimpleSAMLphp application.

Set JAVA_HOME on Linux

http://mshsoftware.com/site/kb/set-java-home-on-linux.html

How to set $JAVA_HOME variable on Linux

Article based on:

  • Linux Mint 14
  • Java 1.7

Should work on any Linux and Java version: Ubuntu, RedHat, CentOS, SUSE, ArchLinux, Debian, Fedora etc.

1. Install Java

If you have already installed Java then skip to point 3.

Before continue make sure you don’t have installed Java.

Open terminal and invoke:

whereis java

command. If you do not have Java then you will see:

java:

That will mean you DONT have Java.

Download Java from here or use your package manager to install it.

2. Java location

By default Java is located in

/usr/lib/jvm/java-<version>

directory.

3. Set $JAVA_HOME variable

To set JAVA_HOME only in actual shell session, invoke command:

export JAVA_HOME=/usr/lib/jvm/java-<version>

To persist this environment variable edit vi ~/.bash_profile file, and add JAVA_HOME definition:

JAVA_HOME=/usr/lib/jvm/java-<version>

Save and relogin to apply changes.

 

 

http://www.cyberciti.biz/faq/linux-unix-set-java_home-path-variable/

Install phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Visit the phpMyAdmin website for more information.
At the terminal, enter the following:
Elevate to root access

su -

Install phpMyAdmin

yum install phpmyadmin

Change the the /etc/httpd/conf.d/phpMyAdmin.conf  file to allow remote administration:

#Order Allow,Deny 
#Deny from all
Allow from 127.0.0.1

Restart the apache server

service http restart

From a browser, go to

http:///phpmyadmin">http://<server>/phpmyadmin

Deploying clients by using Remote Push

Reposted from here.
Deploying clients by using Remote Push

Remote Push lets you control the client installation. Remote Push pushes the client software to the computers that you specify. Using Remote Push requires knowledge of how to search networks to locate computers by IP address or computer names.

See About client deployment methods.

Remote Push perforåms the following actions:

• Select an existing client installation package or create a new installation package.

• For new installation packages, configure package deployment settings

• Locate computers on your network.

Remote Push locates the computers that you specify or the computers that are discovered to be unprotected.

• Push the client software to the computers that you specify.

To push the client software, you should use a domain administrative account if the client computer is part of an Active Directory domain. Remote Push Installation requires elevated privileges.

See Preparing Windows operating systems for remote deployment.

• Install the client software on the computers.

The installation automatically begins on the computers.

You may start the client deployment from the console.

To deploy clients by using Remote Push

1. In the console, click Home.

2. On the Home page, in the Common Tasks menu, select Install protection client to computers. The Client Deployment wizard starts.

3. In the Welcome to the Client Deployment Wizard pane, select whether a new or an existing package is used and click Next.

4. For a new installation package, select the client version, the feature set, the client group and content options, and then click Next.

5. Click Remote Push, and then click Next.

6. Locate the computers to receive the client software, and then click >> to add the computers to the list.

To browse the network for computers, click Browse Network.

To find computers by IP address or computer name, click Search Network, and then click Find Computers.

Authenticate with the domain or workgroup if prompted.

7. Note:

8. You can set a timeout value to constrain the amount of time the server applies to a search.

9.

10. Click Next.

11. Click Send to push the client software to the selected computers.

12. Wait while the client software is pushed to the selected computers.

13. Click Finish.

The installation starts automatically on the client computers. The installation takes several minutes to complete.

14. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.

See Restarting client computers.

15. Confirm the status of the deployed clients.

See Viewing client inventory.

 

 

 

 

 

Article URL http://www.symantec.com/docs/HOWTO55065

How do you migrate computers from one Notification Server (6.x) to another?

Reposted from here.

Question
How can I migrate my computers from one Notification Server to another? I am not sure if I will keep the same Notification Server name or if I will change it. Also, if I already changed to a new Notification Server with a different name but I forgot to migrate my computers first, what can I do to fix this?Answer

Note: If you need to migrate computers from NS6 to NS7, please see Article ID: 46332 “How to migrate client machines with the Altiris Agent from NS6 to NS7?”

If you are keeping the same Notification Server name, no further actions are required for the Altiris Agents. Altiris Agents will resolve the same server name via DNS even though it is a new server. If the IP Address is changing for your server, but it is the same server name, DNS should resolve it. If you are not sure DNS will resolve the server name, try step 1 below. If you are changing the server name to something else, you could do a few things.

  1. If you are still able to have access to the old Notification Server, you can redirect the Altiris Agents to the new Notification Server.
    • Specify an alternate URL for the Altiris Agent to use to access the NS.
    • Go to Configuration tab > Altiris Agent > Altiris Agent Configuration
    • On Advanced Settings, check the box for the option where you can specify an Alternate Notification Server. If you want (just to make sure), add here the new IP Address even though the server name may be the same.
    • Write the new server information and click on Apply.
  2. If you already disposed the old Notification Server and you didn’t migrate your Altiris Agent to talk to the new server, you may need to create a login script or VB script that uses AexAgentUtil.exe with the ‘/Server:’ switch to change the server name. The default location on Altiris Agent 6.0 for the AeXAgentUtil.exe is C:/Program Files/Altiris/Altiris Agent. Here are a few options to use this switch:
    • AexAgentutil.exe /server:NewServer
    • Sometimes you can add the /web switch to the script:
      AeXAgentUtil.exe /server:myservername.domain.com /web:http://myservername.domain.com/Altiris

      Note: If you are not familiar in how to create a script, check under C:\Program Files\Altiris\Notification Server\NSCap\Bin\Win32\X86\Agent Push LogonScript\PushAltirisAgentInstall for examples on one of those scripts or see article 28226, “Install the Altiris Agent using a Login Script.”

    An example would be:
    AeXAgentUtil.exe /server:myservername.domain.com  

  3. Remove the Altiris Agents from your client computers and install them after you moved the Notification Server to the new computer.

    Note: If you have access to a Deployment Server, you can create a job that pushes a script to change the Notification Server name on your client computers. Also, you can use the Task Server to push a script or a command to those client computers.

  4. If you are planning to move between domains, please see Article ID: 29334 “How to manage computers from different domains (without trust relationship between domains) from a single Notification Server” for more details.

Note: Here are also some other articles that may apply to this task of moving from one Notification Server to another:

Article 21789, “Steps to move Notification Server 6.0 SP3 from one server to another”

Article 20213, “How to move an existing Altiris NS 6.x database from one SQL server to a new SQL server”

 

How are User Locations, Departments, Inventory, and Services populated in ServiceDesk?

Reposted from here.

Question

When making a ServiceDesk advanced incident, there are fields for the User’s Location, Department, Inventory, and Services. These may be empty or are not populated correctly. You want to know how to populate these fields in order to use them.

Answer

ServiceDesk does not manage data for the User’s Location, Department, Inventory, or Services fields*. These fields come from the CMDB Solution product in the Symantec Management Console and must be populated there first to be later used in ServiceDesk. Then, when a primary contact is selected for an advanced ticket in ServiceDesk, these fields are automatically populated with their CMDB data. Also, ServiceDesk does not sync this data from CMDB into ServiceDesk’s database, but copies CMDB data to tickets when a user is selected.

* The Location field is also an actual field in ServiceDesk for its users. This is not imported from Active Directory in the ServiceDesk AD sync as there is no out of the box Location field in AD. If this field is manually populated, and no Location field has been assigned to the user in CMDB, this field can then be entered automatically when selecting a primary contact in an advanced ticket. However, it is recommended that the Location be populated in CMDB for the users instead of doing this in ServiceDesk.

CMDB can populate data into its fields by one of the following:

1.The Symantec Management Platform’s Active Directory (AD) sync. This is found at Settings > All Settings > Notification Server > Microsoft Active Directory Import.
2.A Data Connector Solution product Import Rule. This is found at Settings > All Settings > Notification Server > Connector > Import/Explort Rules. A Data Connector rule can connect to an external non-Symantec database or use files, such as an Excel .xls file, to import data into CMDB.
3.Data imported in from Altiris Basic and Inventory Solution Agents.
4.Manual entry into CMDB. (The areas for manual CMDB entry are described below.)
Locations and Departments

Locations and Departments can be accessed by ServiceDesk by adding data to CMDB’s Location and Department areas.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Organizational Types > Location, or > Department.
Inventory (i.e., resources, assets, computers, monitors, etc.)

Inventory can be accessed by ServiceDesk by adding an associated user to a resource in CMDB.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Computers and Peripherals > Computer.
3.Select a computer and right click and choose Edit.
4.Add a user to the Asset Owners field.
5.Click on the Save changes button.
6.Click on the Done button.
Services

Services can be accessed by ServiceDesk by adding data to CMDB’s Service area.

1.In the Symantec Management Console, go to Home > Service and Asset Management > Manage Configuration Items.
2.Click on Datacenter Types > Service.
Related Field: Office Name

ServiceDesk users have a field called Office Name. This can be populated by ServiceDesk’s AD sync, or manually. However, this field is not available on an advanced ticket.

Troubleshooting

•If recent changes to CMDB fields are not appearing in ServiceDesk, reset server extensions and then reset IIS on the ServiceDesk server. Otherwise, after IIS next refreshes automatically, these fields will be updated with their current data. For example, if a Location is removed, it may still appear in ServiceDesk until the next IIS refresh occurs. Also, if IIS has been modified to increase the amount of time that it peforms an automatic check, it may be necessary to perform this procedure to force the CMDB fields to be seen by ServiceDesk, even if the values have been present in CMDB for some time. Likewise, if there is an issue with IIS updating correctly, or, its cache timeout has been extended, this may impact CMDB data being able to be seen by ServiceDesk. Verify that the default cache timers are set correctly, which can be found by reviewing the following article:

How to increase the page cache times for ServiceDesk and Workflow
http://www.symantec.com/business/support/index?page=content&id=HOWTO9818
 
•Verify that the user that is picked for the primary contact is the same user that has populated data in CMDB. Compare the NT ID (domain\username) and email address in both locations to establish if a different user was selected by accident in ServiceDesk.
•If no CMDB data is being found, verify that “Use CMDB7” was selected during the ServiceDesk install and that IsUsingAMS is enabled. If not, this will result in CMDB data not being used in ServiceDesk.

 
1.In ServiceDesk, go to Admin > Data > Application Properties.
2.Click on the action button and then click on Display Definition Values, for the ServiceDeskSettings entry. Note: If no ServiceDesk settings are present, this indicates a failed installation. Try performing an Upgrade install to reinstall ServiceDesk. If this fails, a new install will likely be needed. For more information on how to perform a new install, refer to the following article:

How to Install and run ServiceDesk 7.0 MR2 with a domain account instead of
local system account
http://www.symantec.com/business/support/index?page=content&id=HOWTO31346
 
3.Click on the action button and then on Edit Values.
4.Verify that IsUsingAMS is enabled. This is located under the Services category. If it is not enabled, click to enable it.
5.If changes were made, click on the Save button.
•Run the ServiceDeskDataServices.asmx file directly on the ServiceDesk server to find what CMDB data is able to be accessed.
1.Open a web browser on the ServiceDesk server.
2.Enter the following URL:

http://localhost/SD.DataServices/ServiceDeskDataServices.asmx
 
3.Select the data type to test. For example, click on SearchLocations.
4.Click on the Invoke button.
5.A new page will open with HTML code. In this, the data, for example Locations, should appear. If not, then CMDB data is not able to be accessed by the ServiceDesk server.
 
•Verify that the Notification Server that is being used by ServiceDesk for licensing is where the CMDB data is stored at.
1.In Windows, click on the Start button > Altiris > Workflow Designer > Workflow Designer.
2.Click on the Plugins menu > Notifcation Servers Credentials.
3.Verify that the NS Server Name value is the Notification Server where CMDB data is stored at. If not, either the data must be added at the other Notification Server listed, or, the ServiceDesk license must be transferred to the Notification Server that does have the data.
4.Remove and add in the correct server that has CMDB data and the ServiceDesk license as necessary.
5.If the listed server does have the CMDB data, however, remove the entry anyway, and then re-add it.
6.Close the window after making any changes. Note: It may take a minute or two for the window to close. This is normal.
7.Right click on the Task Tray Application and then click on Restart Server Extensions.
8.In Windows, click on the Start button > Run.
9.Type iisreset and then click on the OK button.
 
•Customizations to the SD.DataServices project may also result in issues even if these were working successfully earlier. If the SD.DataServices project has been customized, temporarily revert back to the out of box version to verify if the customizations are the issue. The following article describes how to backup and restore projects:

Get Hyper-V Guest Properties

$vm = "<enter the friendly name of a virtual machine>";

filter Import-CimXml
{
    $CimXml = [Xml]$_
    $CimObj = New-Object -TypeName System.Object
    foreach ($CimProperty in $CimXml.SelectNodes("/INSTANCE/PROPERTY"))
    {
 if ($CimProperty.Name -eq "Name" -or $CimProperty.Name -eq "Data")
 {
         $CimObj | Add-Member -MemberType NoteProperty -Name $CimProperty.NAME -Value $CimProperty.VALUE
 }
    }
    $CimObj
}

$VmObj = Get-WmiObject -Namespace root\virtualization -Query "Select * From Msvm_ComputerSystem Where ElementName='$vm'"
$KvpObj = Get-WmiObject -Namespace root\virtualization -Query "Associators of {$VmObj} Where AssocClass=Msvm_SystemDevice ResultClass=Msvm_KvpExchangeComponent"
$KvpObj.GuestIntrinsicExchangeItems | Import-CimXml

Reposted from here.

Installing or Upgrading Servicedesk 7.0 MR2 to 7.1 – Using a Domain-based Service Account

Article: HOWTO49691  |  Created: 2011-04-14  |  Updated: 2011-04-14
Please find attached the document for Installing or Upgrading Servicedesk 7.0 MR2 to 7.1. 

SD 7.1 Upgrade and Install.pdf

This document guides one through the installation process that will allow automatic authentication using the logged on user’s credentials. Next steps in Process Manager after install are:

1. Browse through pages like Application Properties and Master Settings to ensure things installed correctly.

2. Enable Active Directory Authentication
Admin>Portal>Master Settings>Process Manager Active Directory Settings

  • Active Directory Authentication – checked
  • AS Sync Process Interval (In Mins) – checked
  • Sync Only Users – checked
  • 3. Add Active Directory Servers
    Admin>AD Servers

  • Auto Create User On Initial Login – checked
  • AD Users Default Groups – All Users
  • Run Update Sync Process to import users and start assigning to roles
  • 4. Use a GPO to configure users intranet zone to contain the URL of your ServiceDesk
    User Configuration>Policies>Windows Settings>Internet Explorer Maintenance>URLs/Important URLs

  • Name: http://ServiceDesk.company.com
  • Value: 1
  • .

    Facts About Combine License Workshop

    Reposted from here.

    The License Workshop can be used to download the licenses for all Altiris products registered to your company (or group of companies), or to combine and download licenses for a particular Altiris product.

    Combining Licenses

    When two or more license certificates for the same product are combines into a single certificate, the new maintenance date that is embedded in the certificate is the lesser of all the dates.

    For example, if you combine 100 nodes of a product with a maintenance date ending 01-01-2007 with 100 nodes with a maintenance date ending 06-01-2007, the new certificate will be created for 200 nodes with a maintenance expiration date of 01-01-2007.

    When the maintenance expires on the combined license you can use the License Management Portal to received your licenses in a new configuration, or you may contact your Sales Representative to have your maintenance dates co termed to a single date.

    During the co terming process, the maintenance expiration dates on combines licenses will also be combined. All combined licenses will assume the shorted maintenance duration available from the individual licenses.

    Example, if you combine two license files, one having 6 months remaining and the other having 8 months remaining, the maintenance window of the combined license files will have a maintenance duration of 6 months) At the end of the combined licenses term, you will have the opportunity to use the remaining two months of support in the example by installing the individual license key containing the remaining maintenance.

    The Maintenance assigned to the license is the lesser of the Maintenance dates assigned of the licenses being combines or 7 months from the day the license is being created. When licenses are, the .txt files must have at least 7 months of Maintenance assigned or the license will timed out.

    Using the License Workshop

    * Option 1
    Allow you to download the licenses for all your Altiris products at once. When choosing this option, the system will automatically combine licenses for products you own into as few license files as possible, placing the licenses into a single ZIP file that is downloaded to your computer.

    The licenses downloaded will be for all Altiris companies associated with your Symantec account, and is not affected by the check boxes show in the Option 2 area of the page.

    * Option 2 Download Selected Licenses (Combined)

    When more than one Altiris company is associated with your account, a list of those companies will be displayed on the page. New license purchase with your Symantec account will be listed under the name ‘ New Licenses’. (There may be multiple companies listed due to grouping that was done in Altiris, and also grouping that was done when Altiris information was moved to Symantec)

    Using the check boxes nest to the company names, choose the companies associated with the products to be combined (to keep things simple, you may wish to leave all companies selected) . As you change the selected companies, the list of products will change to show all combinable products for the selected companies. If there is only one company associated with your account, you will not be able to deselect it.)

    Next select a product to combine from the list of products- only combinable products with active support will be listed. Please not that only individual products are combinable- suites of products are not.

    Finally, combine the desired licenses using the arrows, and click on the download button to obtain a single combined license file for the selected product (the maintenance co termination rules noted above will apply.)

    Career and Professional Website