システム管理な雑記 -- Sleeve notes of a sysadmin -- : Windows management

Note: Migrating existing user profiles to new accounts on Windows machines (XP/2003)

kenji — Mon, 08 Oct 2007 05:06:00 GMT

-- English -- Moving user profiles, which is needed during/after migration from existing environments to Active Directory, is a kind of somewhat tough thing, I mean the amounts of target accounts and time consumed, and some of caveats. Currently we can...(read more)

Honeynet Security Console

kenji — Sun, 16 May 2004 23:36:00 GMT

From seculogger's blog.

Honeynet Security Console

It seems very neat. I decided that I should evaluate this, with sebek!

Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002

kenji — Mon, 10 May 2004 15:16:00 GMT

This webcast covers topics around "how to use the recovery console" and more about troubleshooting the boot phase. It is a must thing, you know, as we engineers handle issues around servers. ;-)

Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002

KB:314470 Definition of System Partition and Boot Partition

kenji — Sun, 09 May 2004 02:49:00 GMT

Sometime it is so confusing, you know. ;-)

314470 Definition of System Partition and Boot Partition

SNMP and WMI on Windows: WMIex.MSFT.NET

kenji — Wed, 14 Apr 2004 04:00:00 GMT

The famous snmpboy site has evolved dramatically to handle WMI implementation!

http://wmiex.msft.net/

KB: 810639 FIX: FTP Passive Mode Support for Firewall Scenarios

kenji — Tue, 10 Feb 2004 00:06:00 GMT

This article describes how to put controll on the ports used with FTP PASSIVE mode with IIS 5.0.
SP4 is required to enable this.
http://support.microsoft.com/?kbid=810639

Tool: Pagedefrag de Sysinternals

kenji — Mon, 09 Feb 2004 18:42:00 GMT

Un utilitaire pour les dossiers defragment qui ne sont pas faits après bootup.
http://www.sysinternals.com/ntw2k/freeware/pagedefrag.shtml

Ev2T

kenji — Fri, 30 Jan 2004 05:45:00 GMT

It is a tool which converts event log messages to SNMP traps.
http://www.ncomtech.com/download.htm

As for multilbyte languages it may not be ready...
At least sending traps to Kiwi has been terrible when I used this tool with Japanese version of Windows Server 2003.
You may have to obtain a management app which is capable of handling multibyte messages like Japanese, Chinese, and Korean.
Anyway there seems no probs when used with English version of NT Kernel-based OSes.

Syslog management on Windows platforms.

kenji — Fri, 30 Jan 2004 05:18:00 GMT

Do you know WinSyslog from Adiscon? It is so cool a tool for us system operators/administrators.
Check it out at: http://www.adiscon.com/
(For Japanese: http://adiscon.port139.co.jp/)
This tool is so cool, as it allows you to consolidate all the standard error/log messages to one server. With MSSQL you can even display the messages via IIS 4/5. Merging Syslog, SNMP, and Windows Event logs are critical for system admins, to whom we can say this tool is the very solution for managing system health in general.
You can merge SNMP with syslog, using either the latest version of WinSyslog, or with Kiwi Syslog Daemon (http://www.kiwisyslog.com).
You can merge Windows event logs with the following tools:

1. Event Reporter from Adiscon

2. Event logs to syslog utility from Purdue University.

3. ntsyslog service tool from SourceForge

cf. I found a localised version of ntsyslog in Vector or Mado-no-mori, which uses EUC-JP for Japanese. If you have already deployed Linux- or *NIX-based solution for the consolidation of logs, this client is just-fit, it seems.

Note: there are other tools in the world to facilitate this function. According to Kawabata-san (http://www.kawabata.com/), you can even write up the tool that just-fits to your need. ;-)

***System Requirements:

A. System: See the URLs above
B. Human:

B-1. Knowledge of syslog (unix and network devices you use.)

B-2. Ability or Experience of manually parsing eventlogs on Windows

B-3. Ability to configure network devices to emit logs, if you think you'd like to add the target of monitoring.

B-4. Ability to configure SNMP on servers and clients to enable them to emit SNMP messages.

B-5. Ability/experience to configure server management tools like Allied Telesyn SwimView, HP OpenView or Dell Server Administrator /IT assistant for PowerEdge Systems.
(It is okay to use other administrative tools according to the needs at your managed networks. Tools above are just as examples.)

Outputs are just like this.(Special thanks to lg_de_sucre, a cool guy working together.)

Howto: Manage logs (delete unwanted/needless log messages)?

-> Create jobs (using T-SQL) from SQL Server Enterprise Manager.

Howto: merge the route and simplify the system?

-> Use SoftEther or other VPN products.

Howto: merge outputs of Snort?

-> Consult with docs around Snort.

http://www.winsnort.com/ or http://www.snort.org/ are both good-starts.

Ah, it seems I am gonna miss the last train, so see ya later!

YamaKen at the office in Tokyo.