Xtranormal Movie

Thursday, July 14, 2011

I'm really tired, but...

11:30 pm

I've been working on our final document - it's huge, but I've learned how to make an automatic Table of Contents!  I didn't really realize how much I had learned, but going through the review helped bring it all together in an organized fashion.  God bless you, Shaun!


Today, Maurice went through some information on security.  I was familiar with most of the content, but I found the Honeypot concept to be really ingenious.

Rocky's words now:

Lyle then had us go through the process of installation a virtual machine onto one of our client stations.  Basically the protocol was:
  • Install Magic Box
  • Install Virtual Box
  • Install the Virtual Box Expansion pack
  • Using the Virtual Box program
    • Make sure the Settings were set for Linux system and Red Hat
    • We had to ‘mount’ the ISO for CentOS
    • Then we ran the ‘start’ command in Virtual Box
  • After installation we ran the CentOS software
  • We had to adjust the DNS for the system – once done, we were able to go out onto the internet.
There are many different virtualization programs available for download, but it was really interesting to see one in operation.  (Can you sense how tired I am?  I have really used the word "really" a lot - really!!)

Overall, today went well; we get by with a little help from our friends.  We even felt good enough about it to give each other a high five!

8:30 am

When my eyes are somewhat open, things take on a different perspective.  I have come to the conclusion that network administration is closely related to chasing rainbows.  Lyle has had 15 years of experience at his job, and has had time to learn what he tried to cram into two weeks of morning classes.  And we also learned that setting it up doesn't mean that it will stay set up.  Lyle gave up two weeks of holidays to be our fearless leader, but he also was on call for his division and spent a lot of time troubleshooting what he had set up.  The community of users makes life a lot easier, once you know how to find what you are looking for.

I want to thank Lyle and Maurice for giving me the opportunity to learn what I have learned.  They showed phenomenal patience with Rocky and me and we truly appreciate it.  I was reminded what it was like to be a student, and I will remember them as I am teaching my own classes and working with my colleagues.

I also want to thank Rocky, who suppressed many desires to choke me.  In some respects, I learn like my own students; I jump in feet first and then paddle like crazy.  But it helps - because I've already made the mistakes and fought my way through.

It's been a blast, and I'm sorry to see it all end.  I truly hope that our cohort (and the instructors) will be able to maintain contact in the coming years.  Maybe we should start planning our 5 year reunion now.....

Some progress - I think

We got caught up today, but I'm really starting to see why many people complain about Windows.  Is there not some way that settings could be more consistent?  Why do some things work one day and not the next?  Are we being sabotaged (just kidding, sort of)?

I have worked a bit in the user profile settings on our school server, although it has been a couple of years.  I remember the %username% command and entering the pathway (although I usually just copied and pasted), but for some reason it took a long time to come back to me.  Maybe I'm suffering from configuration overload.

The steps to set up the Folder Redirect gpo are:


  1. Go to Administrative Tools -> Group policies
  2. Create a new GPO at the desired level
  3. Give it a descriptive name
  4. Right click -> edit
  5. The settings are in User Configuration -> Policies -> Windows Settings -> Folder Redirection -> Documents
  6. Right click on Documents
  7. Select Properties
  8. Under the Target tab – select ‘Basic (Redirect everyone’s folder to the same location)
  9. Pathway – enter \\servername\sharefolder\%username%\
    • We had issues with this – Lyle believes that it could be the space in our share folder name
  10. Make sure to ENFORCE this policy!!
  11. Under Options
    • Disable everything except for (the first selection for Policy Removal Behavior needs to be selected)
We also activated a gpo to standardize Start menu -> All Program items.  

To customize the programs for the clients in the All Program under Start:
  • Created a folder (named Start Menu) on the C drive and modified the Sharing and Security for it – make sure that ‘everyone’  has rights to the folder
  • We then created short cuts for various programs and placed them in the folder
  • Then we created a GPO which we called Desktop Startup gtrw [Rocky's words]
  • It is a specific gpo that I could find if I had access to a server from my home, but I believe it is in the Windows settings.

Before setting up a printer, we needed to turn on the Print Server role.  We set up our printer on the server just the same as normal, except for the following (Rocky's words):
  • Choose the ‘Local Printer Option’
  • Select ‘Create a new port’
  • Select ‘Standard TCP/IP’
  • Select Next
  • Enter the static IP for the printer – in this case 192.168.24.51
·  We then had to ‘push’ the printer out to the clients by doing the following:
  • Administrative Tools
  • Manage Policy
  • Select our folder
  • Provide a name for the new GPO – Printers gtrw
  • We then ‘exited’ of the Policy role
·  Next, we accessed the Administrative Tools
  • Here, we selected ‘Print Management’
  • Toward the bottom – when we selected ‘Deploy Printers’, there was nothing in the dialogue box.
  • The printer we wanted (Xerox) was in the next item ‘Print Server’
  • We right clicked on the printer and selected “Deploy with Group Policy”
  • At the next window ‘ Group Policy Object’, we selected ‘Browse’
  • We then went into the container for Printer and double clicked on the “5769network”
  • This brought up a listing from which we choose “Printers Gail Rocky”
  • We then checked ‘Apply to: GPO”
  • MAKE SURE TO CLICK ON “ADD” BUTTON!
  • This cause the info from the Print Server to be move to the Deploy Printers section

Tuesday, July 12, 2011

Why you don't configure a server during the school year....

What a day!!  Because we couldn't track down our problems, we got to start from scratch.  What a great way to put into practice what we have learned.  (Insert sarcastic facial expression here.)

We reinstalled Server 2008 - quite without incident, actually.  By the end of the class period, we had almost caught up with the rest of the class.  Then, the trouble began.

We set up our network logon using the following:


  1. Create a batch file with the following command.
  2. Net use s: \\servername\shared  (use own server).
  3. Save as login.bat in the Windows –> netlogon folder.
More detailed instructions from http://www.petri.co.il/setting-up-logon-script-through-gpo-windows-server-2008.htm

  1. Open Group Policy Management Console from the Administrative Tools folder (or gpmc.msc from RUN).
  2. Expand the domain tree, locate the OU where the users from are located. Right-click the OU and select Create and Link a GPO Here.
  3. In the New GPO window, give the new GPO a descriptive name, such as "Test Logon Script GPO". Click OK.
  4.  Right-click the new GPO and select Edit.
  5. In the Group Policy Object Editor window, expand User Configuration > Windows Settings > Scripts.
  6. Double-click Logon in the right-hand pane.
  7. In the Logon Properties window, click Show Files.
  8. A window will open. The path will be a folder similar to the following: \\domain.com\SYSVOL\Petri.local\Policies\{E4A62379-8423-4654-8DB6-01FB8F58582D}\User\Scripts\Logon. Paste the logon script you've copied in the previous part of this article. Close the window.
  9. Back in the Logon Properties window, click Add.
  10. In the Add a Script window, click Browse and you will see the logon script step #11. Whatever you do, DO NOT manually browse for the file, it should be in front of your eyes. If it's not there, check the previous steps for a mistake. Click OK.
  11. Back in the Logon Properties window, see if the logon script is listed, and if it is, click OK.
  12. Close the Group Policy Object Editor window.
  13. Close the GPMC window.
  14. Use the cmd "gpdate /force" to push/pull gp updates before the scheduled time.  My require log off/on or reboot.
OK, so we did that, but we had two problems.  One was that the file wasn't replicating properly.  We had only one-way communication with Lyle's server.  Lyle ended up fixing that with a change in a registry key - burflag set to D2 (found this solution on google).

The second one was that our share wouldn't work.  It just wasn't mapping the shared drive properly.  Honestly, I think Rocky and I would have been there forever if Lyle hadn't remembered a problem that he had had with Win NT and Win 2003.  It turns out that all our policy was correct and in the correct place.  What was happening was that Windows was operating the policy, but doing so before the logon was completely finished.  In essence, it was mapping the drive, but the drive wasn't showing up yet, so there was nothing to map.  In order to solve the problem, he applied the "always wait for the network at computer startup and logon" policy - first to our server, then to the entire network.  (You may express your gratitude in chocolate, fellow techies).


Creating a user (See http://www.youtube.com/watch?v=8Js3H9jG67I)
  1. In Active Directory Users and Computers
  2. Right click on the folder that describes the user (eg. Students, Teachers, etc.)
  3. Choose New --> User (Lyle also used InetOrgPerson)
  4. Assign a username
  5. Choose password settings (must change at logon, manual entry, etc.)
  6. Close dialogue box.
  7. In list of users, right click and choose properties.
  8. Make changes to Description, Profile and other settings as necessary.  
So----onward and upward (because there really isn't any other direction to go.)  I'll looking forward to learning about folder redirection.  I'm hoping to be able to try it out at my school.  It may solve some of the profile corruption issues we have been having.

Monday, July 11, 2011

Murphy's Law

I left today's class feeling that I had "unlearned" a whole lot. I was confused and frustrated. What appeared to work fine last week all of a sudden quit working. What appeared to be going smoothly needed to be uninstalled and reinstalled. In between, there was a whole lot of waiting and down time while machines rebooted.

I'm also concerned about the compilation document that is due Friday.  Our install/set-up has been extremely disjointed.  I realize that many of the problems that we are encountering will occur - and lots more - in the field, but there is no way to list all of the problems and solutions in a basic set of instructions, even if I understood them in the first place (the problems, not the instructions).

I'm finding it really difficult to get everything written down (have I said that before?).

Oh well, here goes....

I like the analogy of the Forest/trees/root. It makes sense to me, if we could only get it to work. The Root of the Forest is the primary domain controller.

Reminder - DNS ip address needs to be changed in 3 places to match the root. 192.169.181.50 in this case.

Active Directory:
  • Copies active directory to each server every 15 min.
  • Is a database
  • Group policies – security managing all devices
  • Hierarchy (OU - Organizational Unit - or Container) – put things in the OU, and group policies get applied to them.
I took notes today:

Active Directory Sites and Services
1. Active directory users and computers – first place to go (Start -> Administrative Tools -> Active Directory for Users & Computers)
2. Computers – back up servers, not in Container yet
3. Domain Controllers – servers
4. To add - right click -> new -> add
Set up group policies, then drag computers into those containers. This applies policies previously set up.
InetOrgPerson – add user account
Group Policies
  • Make sure capability has been added
  • Set up policy and drag to Group Policy Management -> group folder
  • Software setting pushes software down.
  • To edit policy – right click -> edit
  • Join active directory – specific command in cmd (dcpromo)
  • Make sure to use the same admin password throughout
  • When choosing level of install, set level to lowest OS on the network
Rocky's notes (once again, I was driving):
The Group Policy Management tool – found in same place as the Active Directory:
  • Working from the Server 2008
  • Start
  • Administrative Tools
  • Group Policy Management
  • This area is basically a carbon copy of the Active Directory – with this, one can set up policies.
  • The policy created shows up below the folder in which it was created.
  • When working with the scripts:
    • Left click – provides a view of the script
    • Right click – allows you to edit

To set up the Active Directory: (great site for Server installations – http://www.petri.co.il/installing-active-directory-windows-server-2008.htm) I agree - screenshots, step-by-step instructions, one of my favourites!
  • Open Server Manager
  • Click on Roles – Add Roles link
  • Select ‘Next’ (Before You Begin)
  • Select ‘Active Directory Domain Services’ and then Next
  • Click on Next (Active Directory Domain Services)
  • Select Next again (Confirm Installation Selections)
  • Then select ‘Close’ (Installation Progress)
  • Back in Server Manager – click on the ‘Active Directory Domain Services link’
  • You will see that the next window contains no information linked to it – the ‘dcpromo’ command needs to be initiated
  • Initiate the command window – Start and ‘cmd’
  • Type in ‘ dcpromo ‘
  • This will initiate the Active Directory Domain Services Installation Wizard.
  • Select ‘Next’ (Active Directory Domain Services Installation Wizard)
  • Click ‘Next’ again at the next window (Operating System Compatibility)
  • In the next window, select ‘Create a new domain in a new forest’ and then Next
  • Enter the name for the new domain. Make sure to enter the right domain name – then select ‘Next’
  • The wizard will check to see that the domain doesn’t already exist on the network.
  • Pick the right forest function level. In our case, it is the Windows Server 2008 – then Next
  • Pick the right domain function level – in this case Windows 2008 Server – then Next
  • The wizard will then check to make sure there are no duplications made.
  • With the ‘Active Directory Controller Options’ window up – select ‘Next’
  • A message will appear “This computer has dynamically assigned IP address(es) – select the option ‘Yes, the computer will use a dynamically assigned IP address (not recommended)
  • On the next ‘Active Directory Domain Services Installation Wizard’ window – select ‘Yes’
  • For the next window ‘Location for Database, Log Files, and SYSVOL – leave everything as is and select ‘Next’
  • Enter a password for the Active Directory Recovery Mode – the same one we used for the admin login and then select ‘Next’
  • A Summary window will appear – then select ‘Next’
  • End by selecting ‘Finish’ and then reboot the computer for the changes to take effect.
So far, so good, right! Then the problems began. We had difficulties with communication between devices and had to make changes. It kept asking us to change a password, who knows why? We followed all the steps for the workstations to join the network, and got it to work with one workstation, but not the other. Even Lyle had to do some searching. Poor guy, every group has a different issue that's getting in the way. Thank goodness we get extra time to work on things tomorrow.

I understand the problems that we face in trying to get things working correctly, and I know that as you are faced with more of them, the likelihood of quickly knowing or finding the answer is increased. Part of the problem for troubleshooting is in knowing what search terms to use, and at this stage, my knowledge is so limited that I don't always know where to start. I spent quite a bit of time looking for a way to "install" Active Directory to a "client," when I should have been searching for how to have a client "join" Active Directory. And network setup has so many variables and possibilities that it's no wonder the book Lyle has is 4 inches thick!

Oh well, one step forward - two steps back. I hope that tomorrow we will be in forward motion again.


Sunday, July 10, 2011

Friday, July 9

Day 5 - so much information, so little time! Once again, I am borrowing from Rocky, because much of the time, he recorded while I drove. His words and listings of steps are in red.

Check DNS settings on server to ensure workstations have network access.

  • Go to ‘Control Panel’
  • Select ‘Administrative Tools’
  • Select ‘DHCP’
  • Open ‘IPv4’
  • Open ‘Server Options’
  • Right click on ‘DNS Servers’
  • Select ‘Properties’
  • Make sure to check off ‘DNS’
  • Enter the numbers directed towards the DNS IP’s (i.e. 142.66.33.100; 142.66.33.101)
Sidenote on activation keys:
  • KMS - Key Management Software - limited time to perform activation ritual. After that point, software shuts down.
  • MAK - Multiple Activation Key - automatically activates via internet. Allows for multiple but limited numbers of activated software. (I think Lyle said he had to enter the numbers centrally; this would give me a headache - the print out was very tiny.)
Other notes:
  • Make sure "Enable Remote Desktop" is checked, to allow centralized access to other computers.
  • Initial Configuration Tasks window is always accessible through Run -> oobe. (Secret geek language)
  • Firewalls must be disabled to see shared folders. Firewalling is done at the gateway from our network to outside (well, not exactly the gateway, but at the physical point)
  1. The first thing that Lyle wanted us to do was to check that we had the proper ‘loopback address’ of 127.0.0.1 . We didn’t do this as we were scrambling to keep up. I hope to remember and check this out on Monday. Everything was working fine and as it should but it be nice to actually check this out.
  2. In the DNS Services:
    1. Control Panel
    2. Administrative Tools
    3. DNS
  • In the section that lists the servers, Lyle indicated that we should have at least two. It’s even better to have more – basically as many as you can enter. This way, should one server be down, our workstations would have alternate routes to take to be able to access the internet.
  • The first server should be OUR server (192.168.24.50)
  • The second one, in our situation, was to access Lyle’s server (192.168.181.50)
  • We then continued by listing the other servers within our class (i.e. 192.168.15.50, 192.168.10.50)
  • To check which servers our network are going to access to get out to the internet – I believe that Lyle said we could telnet in and type “ list all servers “ and this would provide a listing of servers.

We had an issue with our Server Name which had to be modified within the DHCP service. The suffix ‘.local’ wasn’t being attached to our name Server2008. Turns out that where the Server2008 name is typed in, we had to select ‘More’. It was at the next window that we typed in ‘local’ for the suffix. (This was a problem that I mentioned in my previous post.)

Installing Windows 7

This was very similar to installing any other piece of software. We found documentation, but really didn't have to consult it today. It's good to have on file, however, for troubleshooting purposes.

  1. Boot from DVD drive (F12 on startup).
  2. Follow the prompts in the wizard, using "Custom Install."
  3. Perform chipset and Windows updates.
  4. Note to self: Perform updates several times. We kept getting new ones listed after a reboot.
  5. Note to self deux: I only speak two of the extra languages. The language updates are not necessary (that's why they are not listed in the Critical Updates section - go figure) and very time consuming to download.