Directory Utility Like Directory, this app is useful for those on large networks. In 10.6, you can find it in the /System -> Library -> CoreServices folder; it’s also accessible via the Accounts System Preferences panel. (Click Join next to Network Account Server, then click Open Directory Utility.)
Archives for September 2010
There are some things people can do to help protect themselves on the internet.
1.) Know what the executable files are for your platform. On Windows it is .EXE, .COM, and .MSI. On a Mac it is typically .DMG. – As long as the executable file is designed for your platform whether it be PC or Mac you can get hacked.
2.) Turn on “Show extensions” for your computer. Most systems do not show extensions of known files like .jpg, .doc or .gif files. The reason why you should turn this on is if someone sends you a file called: report.doc.exe you will only see “report.doc”. This might make you think it is safe to download. This is very similar to number 1.
3.) Learn about cross site scripting. This is gaining traction in the hacker community. Almost 80% of non-static websites have some sort of Cross Site Scripting (XSS) vulnerability.
I will try and explain an example as quickly as possible. You can learn more about this at: http://en.wikipedia.org/wiki/Cross-site_scripting.
- Alice often visits a particular website, which is hosted by Bob. Bob’s website allows Alice to log in with a username/password pair and stores sensitive data, such as billing information.
- Mallory observes that Bob’s website contains a reflected XSS vulnerability.
- Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob’s website, but will contain Mallory’s malicious code, which the website will reflect.
- Alice visits the URL provided by Mallory while logged into Bob’s website.
- The malicious script embedded in the URL executes in Alice’s browser, as if it came directly from Bob’s server (this is the actual XSS vulnerability). The script can be used to send Alice’s session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc.) without Alice’s knowledge.
- Mallory posts a message with malicious payload to a social network.
- When Bob reads the message, Mallory’s XSS steals Bob’s cookie.
- Mallory can now hijack Bob’s session and impersonate Bob.
This type of attack is again not geared towards Mac or PC. Rather both platforms are venerable to this type of attack.
4.) URL shorteners – Don’t use them. Because the URL shorteners hide the actual URL it’s hard to tell where the link is going. Most Cross Site Scripting is hidden in shortened URLs.
There are three main tools you can use. The tools all do something a little bit different but as you will find out soon you will really want to look somewhere else for backup software. It’s a shame since I felt NTBackup was good enough for most small to Medium sized companies. The new tools as you will find out are very lacking.
- Windows Server Backup – A GUI tool that creates simple backup and “tries” to replace the workhorse NTBackup.
- WBadmin – A command line tool for creating and schedualing backup. This is actually available in server core!
- Ntdsutil – The name stands for Network Directory Services Utility. This is a powerful tool to do advanced backup operations (and lots more) specifically for Active Directory files and the AD database.
As far as backup size goes Windows Server Backup is the largest and goes down to Ntdsutil which is the smallest. I will first go over the tools that are provided in part 1. In part two I will walk you through the theory of backing up servers as per Microsoft’s recommendations.
Windows Server Backup
This is NOT installed by default. You have to add it as a feature. The BIG downside of the Windows Server backup is that you can no longer backup to tape drive!!! Yes you heard that right. In a bone headed move Microsoft completely neutered it’s main backup solution. Why… I have no idea. You can however backup the server using what is called VSS or Volume shadow copy. You can backup to a local volume that is not part of the backup, DVD or network share. If you want to backup to a network share via a schedule you must use WBadmin command line! I know it gets better and better right?
Note – Windows Server Backup can restore System State Data from a WBAdmin backup!
Windows Server Backup Big Gotchas Overview
- Can’t backup to tape drive, Only DVD or Network Attached storage.
- Backup will overwrite the same shared folder over and over.
- Can’t backup single files. It can only backup entire Volumes!
WBadmin Is a command like that provides more power then Windows Server Backup. It allows you to:
- Run one time backup
- Schedual regular backups
- Backup your system state! ie. (Registry, Boot files, System Files, AD Directory Services DB and SYSVOL directory
This tool does quite a few thing in regards to backing up Active Directory. The main features of the tool are:
- Create IFM (Install from Media) media for faster creation/re-creation of a DC. This can save on bandwith in the re-creation scenario.
- Take snapshots of the AD!!
- When used in conjunction with media created by Wbadmin or Windows Server Backup it can allow you to restore AD objects like entire OU’s!
- It’s an interactive tool.. You will get different options depending on which command try you are in.
Check out Planning Backups in Windows 2008+ Server with built in tools (Part 2)
I think I am going to start looking at applying ads to my website. I am now getting more then enough traffic to my website everyday that I think ads would help pay for all the traffic I am getting.
If you are tech company that is looking for someone to review your products or services please let me know and hopefully we can agree on some monetary/promotional agreement.
All pages on my website are strategically Search Engine Optimized. I am in the process of pumping up the SEO power of my blog as we speak.
Here’s a screenshot from web analytics. If you are needing more proof please let me know. You will notice that I get around 390-450 unique hits a day and about 10,136 unique hits in a month.
My blog normally deals with enterprise level technology information. You can be assured that my website is read by people who tend to be well off and normally have some kind of purchasing power within their organization.
Here’s an overview of all the permissions of the built in default server groups. I got this chart from a Trainsignal training video.
The information should be pretty easy to understand if you’ve done any server type work before. While this isn’t an complete list of permissions it should be enough information to help you figure out what groups would give you the proper permission level.