Creating a Self-Signed SSL Certificate

Creating a Self-Signed SSL certificate is a nice option when you need to run a quick https test for a web site. Lets take a look on how we can make one.

I’ll be using OpenSSL toolkit. I’m on Windows therefore package can be ataken from here:
“openssl-0.9.8h-1-setup.exe” executable by default drops everything here: “C:\Program Files\GnuWin32\bin”. Or, if you are on 64 bit OS, then here: “C:\Program Files (x86)\GnuWin32\bin”.

OpenSSL package comes with a default config file – openssl.cnf. It is located in the “share” folder, in my case here: “C:\Program Files\GnuWin32\share”. Config file holds important settings that are used to generate the certificate. We need to  comment “attributes” parameter line, otherwise an error will be presented. I also set the default length to 2048, but this one can be controlled with the command line parameters:
OpenSSL0 Continue reading


Configuration – Disable ISATAP Tunnel adapters

Have you ever wondered what are these?

if no, then here is a quick explanation

In any case I’ve decided to get rid of them because every time I run ipconfig /all I get a lot of useless stuff and it’s pretty annoying 🙂
Continue reading

Script – Fix ACL permissions on folders/files 2

Inheritance has been fixed in the previous post. Now, would it be nice to have some sort of a report that could find me folders/files that have wrong settings no matter how deep they are. This script would confirm that previous changes were successful.

We are going to look for a specific group in the ACL by parsing CACLS output.
In this example I’m looking for a “GG-ADM-S” group.

Here it is: Continue reading

Script – Fix ACL permissions on folders/files 1

From time to time our first line support guys were complaining that they have limited access to the users’ home drives. The access to their group is set on the root folder so that when the inheritance is enabled they should have Full Control. Unfortunately this is not always the case. Some of the deeper folders/files have custom NTFS settings where even local Administrators are not listed in the Security.

So, it’s been decided to make an order and fix all this. Obviously the number of folders/files is just huge, way over a million. Let’s see how scripting can help us here 🙂

First off all we need to clarify our requirements:
1. we want to have an NTFS configuration backup, just in case.
2. we need to ensure that current custom NTFS settings are going to remain.
3. we need to ensure that support team have access to all the folders and files no matter how deep they are in the structure. Continue reading

Troubleshooting – Home folders are displayed as “Documents” or “My Documents”

Client of mine asked me to figure out why is it some of the user Home folders are displayed as “Documents” or “My Documents”?:
B1 B2

First view is presented when looking in the root folder from Windows 2003, second – when looking from Windows 7 or Windows 2008. Interesting isn’t it.

The cause of this behaviour is literally hiding in the folders – desktop.ini file. Hidden desktop.ini is a customization/personalization file. Every folder with corrupted name had a desktop.ini in it. Continue reading

SEP – old virus definitions are not being deleted

Continuing the global fight against Symantec Endpoint Protection 🙂 here is a possible way to ensure that old virus definitions are not staying on the C drive.

First of all we need to temporarily turn the Tamper Protection off for the whole environment. It can be done from the SEP Manager console for a particular group. Go to Clients view, on the left hand side you will see a list of groups. Select your target group and then on the right hand side select Policies tab:

Continue reading

SCCM – Computer Association does not work

If you have been building Windows OS with SCCM then you know that Computer Association can be a pain in one place 🙂 Here are several things to be checked:
1. Check Unprovisioned Computers folder for the records on the SCCM server where you did association. Delete the record and retry Computer Association.
2. If your SCCM server has a Parent then you need to run SCCM console on the Parent site server and check for Unprovisioned Computers there as well. Delete the record and retry Computer Association.
3. Check for the same MAC address and Computer Name in SCCM database. There is a chance that there is an object with the same MAC or Name. This can be done using SCCM Reports. SQL query below finds computers with 00:15:4C:0B:1C:05 MAC address:

SELECT NETW.DNSHostName0, Netcard.MACAddress0, NETW.IPAddress0
JOIN v_Network_DATA_Serialized NETW on Netcard.ResourceID=NETW.ResourceID and Netcard.MACAddress0=NETW.MACAddress0
WHERE Netcard.MACAddress0 LIKE '%00:15:4C:0B:1C:05%'
ORDER BY Netcard.MACAddress0