Thursday, 24 March 2016

Why ASAP won't help you to get help faster

I read the phrases ASAP or URGENT quite often. In ticketing or issue tracking systems, in chats or also in emails. In emails they are usually accompanied with the High Importance flag.
To tell the truth to all the project managers out there - adding this kind of metadata to your issue won’t help you to get your issue solved faster.

It will just lead to the following:

1. One will read your request, evaluate the issue and prioritize it accordingly among the other issues he or she has on the to-do list.
2. If you managed to build a solid record of marking EVERYTHING as important, then you will always go last on the to-do list.

It is not rude to use ASAP or to ask for immediate help if deadlines are approaching or the business is stuck because of the issue.
But if you constantly overemphasize your issues it just shows one thing - you don’t know how to prioritize properly.

Furthermore - If your issue is that urgent, pick up the phone and give the person a call. People do check their email regularly, so as long as the subject line catches their attention, you are likely to get help soon.
Instead of flagging the mail with ASAP or High Importance use a subject line like: “Customer needs answer today” - It perfectly describes the deadline without setting a rude or desperate tone.

Wednesday, 23 March 2016

A simple TCP listener in PowerShell

Sometimes you have to make a point. Today my point was: “If you do THIS on the firewall, I can connect from server A, B and C to THAT on server D.”

Unfortunately THAT was not yet installed on server D, but I wanted to have a successful test. Therefore I needed to have something on server D that is listening on the same port like THAT.
Since one can use .NET Framework classes from within Windows PowerShell it is possible to write a script which starts a TcpListener server and simulates that on server D THAT missing piece is already installed.

Just invoke the script with the parameters:
PS C:\Users\daniel\Desktop> .\Start-TcpListener.ps1 -IpAddress 127.0.0.1 -TcpPort 9090

And this is the script:

Sunday, 20 March 2016

EDC: Gerber Paraframe II

I bought this knife in October 2015 and since then it became part of my everyday equipment.

The Paraframe II is a one-handed opening stainless steel knife with an open frame. The blade can be opened with one hand, but it doesn't really go easy with one hand. The frame-lock on the other hand is rock solid, not matter if the blade is in open or closed position

I use the knife quite frequently - for cutting open packaging, going on a mushroom foray or to disembowel fish. It's a great knife. However, when cutting cardboard the knife requires more frequent sharpening.

The size is good, the clip is strong and the knife has a constant place in my backpack.








Tuesday, 15 March 2016

Enabling HSTS on IIS

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

HSTS can be enabled in IIS by installing the URL Rewrite module and deploying rewrite rules.

In order to enable HSTS on IIS on a high-level summary the following configuration tasks are required:

  1. Install URL Rewrite module
  2. Deploy inbound rule that directs to a secure location (HTTPS) from insecure one (HTTP)
  3. Deploy outbound rule that adds the HTTP header for Strict-Transport-Security.
  4. Perform IISreset

In order to use URL Rewrite in IIS it is required to install the extension from the IIS Download site.

Install IIS extension URL Rewrite

Search and download the extension from http://www.iis.net/downloads, either using the Microsoft Web Platform Installer (Web PI) or download the MSI package from the Additional Downloads subsection.

Deploy inbound rule that directs to a secure location from insecure one

In IIS Manager Connections pane navigate to the Site you want to configure for HSTS. From the middle pane select URL Rewrite and open it.



In the actions pane on the right, select Add Rule(s)… and add a new blank inbound rule.



Add a rule with the following settings:


XML representation of the rule

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
                add input="{HTTPS}" pattern="off" ignoreCase="true" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                redirectType="Permanent" />
</rule>

Deploy outbound rule that adds the HTTP header for Strict-Transport-Security

In IIS Manager Connections pane navigate to the Site you want to configure for HSTS. From the middle pane select URL Rewrite and open it. In the actions pane on the right, select Add Rule(s)… and add a new blank inbound rule.


Add a rule with the following settings:


XML representation of the rule

<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
        <match serverVariable="RESPONSE_Strict_Transport_Security"
                pattern=".*" />
        <conditions>
                <add input="{HTTPS}" pattern="on" ignoreCase="true" />
        </conditions>
        <action type="Rewrite" value="max-age=31536000" />
</rule>

Restart IIS

Open an elevated command prompt and run iisreset.exe.

Sunday, 13 March 2016

Tracing the source of Active Directory user account lockouts

Every now and then a user will approach us and ask: “My account keeps getting locked constantly – why is it like that?”

I wrote a small PowerShell script that can help us to answer this question quickly. No need to open a monitoring tool and put a query, no need to browse Event Viewer, just login to any DC and run the attached script like this:

PS C:\Users dmin.daniel\Desktop> .\Get-CallerComputerName.ps1 -samaccountname wolf.d

The script will parse the Security Event Log of the PDC emulator domain controller and filter it for Events with ID 4740 and the samaccountname of the user getting locked and return you the source computer which causes the locking.

Blog relaunch

Since I pretty much neglected the old blog, I decided to do a relaunch of the whole thing. The old blog is still available here: http://datacenterfromhell.blogspot.com

Stay tuned!