-
Note: Migrating existing user profiles to new accounts on Windows machines (XP/2003)
-
-- English --
Moving user profiles, which is needed during/after migration from existing environments to Active Directory, is a kind of somewhat tough thing, I mean the amounts of target accounts and time consumed, and some of caveats.
Currently we can mainly use the following supported patterns:
-
User Settings Migration Tool(USMT)/Files and Settings Transfer Wizard(FSTW)
USMT is for automatic deployment. This tool can migrate profiles settings from the source accounts to the target accounts on the computer that we execute this tool on. We can manipulate the behavior of this tool with INI files and command-line options.
FSTW can migrate one user profile at one time. This tool can be mainly used with workgroup environments or standalone machine.We can select if we want to export or import a profile. We can manipulate the behavior via GUI. We can find the tool via [Start -> programs -> System tools -> "Files and Settings Transfer Wizard"].
When we choose "export the profile", this tool exports the profile data in the form of binary files. When we want to import the profile, choose "import the profile" after you log on to the target account.
See the following Microsoft articles for more information:
-
Copy profile from sysdm.cpl (The property applet you can access via right-clicking "my computer")
sometimes we cannot copy profiles from Windows XP, for several reasons. At least, using EFS under the profile directory causes one of the symptoms.
-
Copy everything from the source to the target profile
This works as long as the source profile is healty (not corrupt.)
-
Account Migration Wizard (commonly used in cross-andintra-forest migration)
This tool keeps the profile. What it changes is the target user profile path, related registry settings and permissions on and under the profile directory to enable this change.
That is, suppose UserA is the source and UserB is the target. This wizard first recognizes the profiles of UserA and UserB, then change the UserB's profile path to the UserA's.
-- Japanese --
既存の環境から、新しく建てた Active Directory 環境にユーザプロファイルを移すのは、時に非常にしんどいことになる。移行しなくてはいけない全体数、個別のプロファイルのコピー時間、そして、コピーに伴う落とし穴などを考えると、決して容易なことばかりではない。
現在、サポートされている移行手法のパターンには次のものがある。
-
User State Migration Tool(USMT)/Files and Settings Transfer Wizard(FSTW; ファイルと設定の移行ウィザード)
USMT は自動展開向けのツールであり、実行するコンピュータ上で移行元と移行先のアカウントを指定しつつ実行する。動作はINI ファイルとコマンドラインオプションで制御する。
FSTW は一回の実行でプロファイルを一つずつ移行する。主にワークグループやスタンドアロン環境で使う。GUIで動作を制御する。[スタート]→[プログラム]→[システム ツール] の配下から実行する。
「プロファイルを保存する」(だっけか?正確ではないかも。)を選択すると、移行元のプロファイルをバイナリのファイルにエクスポートする。インポートするときは、プロファイルのコピー対象アカウントにまずログオンし、このツールを用いてプロファイルをインポートする。ウィザードの指示に従えばよい。
詳細は次の URL を参照のこと。
-
sysdm.cpl 経由でプロファイルをコピー(「マイ コンピュータ」の「プロパティ」からたどる。)
Windows XP で、時たま、このコピーが失敗することがある。 EFS を用いている場合や、そのほか既知の問題がある模様。
-
一切合財を移行元から移行先にコピー
移行元のプロファイルが壊れていない限りは、正常に動作。
-
Account Migration Wizard (ドメイン移行でよく使うツール)
このツールを使うと、移行元のプロファイルを維持する。変更があるのは、移行先のユーザアカウントのプロファルパス(レジストリ)と、関連するアクセス許可。 UserA を移行元、 UserB を移行先と仮定してみよう。このウィザードはUserAとUserBのプロファイルをまず認識する。次に、UserBのプロファイルパスを、UserAのものを指し示すように変更し、変更のために必要なプロファイルパス配下のアクセス許可を変更する。
-
Misc: Awarded again as MVP.
-
--English--
Thanks to everyone involved, I am awarded again as an MVP, 6th or 7th time in a row. (Well, I am not sure which is correct. )
I received MVP awards in the following order:
-
Security (2002.07-2002.09; this may not be an official one)
-
Security (2002.10-2003.09)
-
Windows Server Systems Security (2003.10-2004.09)
-
Windows Security (2004.10-2005.09)
-
Windows Security (2005.10-2006.09)
-
Windows Security (2006.10-2007.09)
-
Windows Security (2007.10-2008.09)
My first opportunity as an MVP came when Microsoft established the MVP office in Japan, just 5 or 6 years ago. Started with 3 leads and 6 MVPs. We are not the very first MVPs in Japan, though.(The very first one is Yuko Ishida, who has been awarded since well before the Japan MVP office started.)
Since I started activities in Japanese communities in 1999 I have one theme in my mind. This is an ancient Chiniese proverb, that says "Let's begin with Kai"(Mazu-Kai-Yori-Hajimeyo, 「先づ隗より始めよ」), meaning "I am going to take the first chance. Then, more excellent guys come soon."
At least, I can say that I have been a "bottom line" in Japanese MVPs in several contexts. Many of our Japanese fellows are super-excellent and so cool, you know.
-- Japanese--
PASSJ に投稿したコレをご参照ください。
-
日本語テスト... /test posting in Japanese
-
----Japanese----
日本語での投稿テストです。日本語が使えることが確認できたので、日本語と英語の両方で投稿してみよう。この投稿では、日本語を先、英語をその次、の順番で。
---- English ----
This is just a test post in Japanese. As I confirmed that we can use Japanese, I am going to post articles both in Japanese and English. Japanese first, then English texts follow, for this post.
-
Awarded Again
-
Today I have signed up for the MVP program for another one year. This time I am awarded for Windows Security, as it seems the category I got awarded, "Windows Server Systems Security", does not currently exist.
Whew, there are really bunch of famous and cool people in the category...
I have also found a good thing. Japanese MVPs specialized in Windows Security has increased in number.
Here are Japanese Security MVPs whom I know:
| Name |
Web Site in Japanese
(pls open up your favorite translator when you browse any of these sites below...) |
| Hideaki Ihara |
One of the most active people in Japan. Specializes in security in general. Broad knowledge. His strongest interest nowadays seems forensics.
Port139 http://www.port139.co.jp/ |
| Hajime Kojima |
His site is a kind of hub of info regarding security, FreeBSD, Linux, and Windows.
Security Hole Memo http://www.st.ryukoku.ac.jp/~kjm/security/memo/ |
| Michio Sonoda |
An active expert in several of communities. Specializes in security policies in general. |
| Akira Ryowa |
An active expert in several of communities. Specializes in PKI, encryption, penetration tests, and so on... |
|
Hidenobu Seki
(aka. Urity) |
Specializes in authentication process concerning Windows. NTLM, DCOM, RPC, for example. A regular speaker in Black Hat Briefings.
Security Friday http://www.securityfriday.com/ |
| Kaoru Yoshida |
A trainer of "Legend" for various and many of technologies and products around Windows and server products of Microsoft. MOM and DRM are what he is currently into. He had sessions at TechED 2004 Yokohama (in Japan). |
| Yuu Arai |
One of Japanese regular reporters of vulnerabilities to MSRC. (MS02-023.062, and so on...)
Specializes in client-side things, it seems. |
| Tsuneyoshi Hamamoto |
Specializes in network and security. A founder and moderator of a mailing list called "connect 24h" in which many of interesting topics are found.
Banquet of broad band connection http://cn24h.hawkeye.ac/ |
|
Kunio Miyamoto
(aka. wakanoto) |
An IPSec and WebDAV guy. A character. A regular poster in a site called @IT, and also an editor at SlashDot Japan. |
-
Honeynet Security Console
-
From seculogger's blog.
Honeynet Security Console
It seems very neat. I decided that I should evaluate this, with sebek!
-
Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002
-
This webcast covers topics around "how to use the recovery console" and more about troubleshooting the boot phase. It is a must thing, you know, as we engineers handle issues around servers. ;-)
Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002
-
Note: [IIS] How to have NNTP Feed?
-
From Bernard's article.
Errors in IIS 6.0 Documentation
I have once tested this NNTP Feed feature of IIS 6.0, with Shavlik's news server.
It seems I have to dig more on this.;-)
Thanks, Bernard!
-
JAPAN: Personal and private information in danger?
-
From seculogger, another Japanese MVP.
http://www.7th-angel.net/seculog/item/550.html
According to NHK, a leading broadcasting company in Japan, about 38% of market-leading companies in Tokyo Stock Exchange Market stated that they do not and will not have|prepare rules to prevent the outflow of private information.
Src (Pls use babelfish to have them translated):
http://www3.nhk.or.jp/news/2004/05/09/k20040508000025.html
http://www.asahi.com/national/update/0508/012.html
* Babelfish:
http://babelfish.altavista.digital.com/babelfish/tr
I do not understand what these companies have in mind, as the privacy law will be enforced in the next year. This means all the companies should be careful and does have responsibility enough to prevent such a thing, otherwise it is each of these companies' fault. I wonder where people in this country are heading for...?
-
Tool: Quest Software Quest Central (Freeware)
-
From SQLJunkies.
Quest Software Quest Central for SQL SERVER - FREEWARE Now Available
http://www.quest.com/quest_central/sql_server/freeware/
It features things like this:
- Database Administration
- Space Management
- 24x7 Monitoring
- Performance Diagnostics with Spotlight
- Database Analysis
- Load Testing and Data Generation
Hmm, sounds not too bad, you know.
-
Tool: Syslog Turbo, DHCP Turbo, etc.
-
Softwares from Weird-Solution seems somewhat cool.
http://www.weird-solutions.com/
As for Syslog Turbo there are things that is helpful for daily sysadmin jobs, like analysis and log rotation features. We can manipulate it with a sql-like dialect, which may be fairly useful as long as you are familiar with SQL.
There are other easy-to-manipulate server softwares like DHCP, BOOTP, and TFTP so please check them out.
-
Tool: ieSpell
-
A spell checker for IE. I found it when I did some spell-checks on the previous article. This tool is for English only, it seems. Still, it is very cozy.
ieSpell - A Spell Checker for Internet Explorer
-
Just a note of log consolidation issues.
-
There are numbers of tasks around sysadmins and security engineers at the data centers, which include log management and monitoring the servers/clients to check if there is an unusual thing happening/ongoing.
I have begun to think of this one year ago when around me there were many of "untouched" or unmanaged as for the system environment. With such a server, when a trouble happens there is no one who could trace what is wrong or what should be done, or worse, when the box downs. It is not cool....
So, to trace the anomalies I am now heading in log consolidation/management to have evidence enough for troubleshooting and detection of problems.
What I have completed:
- consolidating logs and alerts of network appliances, routers, (managed) switches, firewalls.
This means I have to collect both syslog messages and SNMP traps.
To do this I am using WinSyslog from Adiscon as a central location for storing syslog messages and Kiwi Syslog Daemon to collect SNMP Traps. From Kiwi SNMP traps are translated into syslog and be poured in the syslog storage.
- consolidating Event log entries from Windows Machines.
For this I am using NTSyslog I got from SourceForge. I am still in a half way as it cannot handle multi-byte languages properly, especially around (what do you say in English? We say this "kaigyo code" in Japanese) and Chinese characters.
Another point here is the future possibilities of using of Log Parser, which is written by a guy in Microsoft.
We can handle eventlog messages in multi-byte languages without a fear with the current versions of the tools released, as it handles those characters as Unicode.
We engineers in regions with multi-byte languages welcome this tool very much as we do not have to think about "how to localize this cozy tool?", etc, etc.
I am not yet planning utilizing this very kewl and cozy tool in my framework because I want to design "effortless and yet cohered" design, though.
I emphasize here that I am planning to improve/change the whole design so there is such a high possibility that I will be using this tool.
In the MVP Summit 2004 some of us Japanese MVPs had a chance to discuss on the tool with the author, in which we have heard there will be much improvements in severals of the coming versions. I promise he is so dedicated and is so enthusiastic. ;-)
- Choosing the base platform.
I chose the following stuffs for this system:
A. Log consolidation
Windows 2000 Server/Server 2003
IIS 5.0 and later
Active Server Pages
Microsoft SQL Server 2000
Adiscon WinSyslog 4.2 or later
Kiwi Syslog Daemon (to just translate SNMP Traps into syslog messages, without an effort.)
Softether (as providing the VPN way to collect logs of servers in several segments of different locations on the Internet.)
B. MRTG and some other system monitors
For this I am using several up to now, and I am planning to consolidate the monitors in just a few nodes, as I want to include links for the graphs of MRTG in the system A. above. I intentionally have several nodes, as in such a way I can troubleshoot more precisely where the bottle neck/system down occurs.
What I am not yet doing:
- Consolidating logs scattered around the system and messages written in other forms
As for these logs I am imagining api.log, setup.log, and so on which are written in the text format and scattered around the whole system for Windows OSes.
- Consolidating Backup and Task Scheduling logs of Windows NT-Based OSes
- Consolidating HFNETCHK/MBSA resultant texts.
- Consolidating MRTG results
- Consolidating results from tools for penetration testings like NIKTO, Syhunt, N-Stealth, Nessus, and so on.
- Merging and consolidating /var/log/messages and so on in Unix platforms including FreeBSD and Linux.
- Merging the logs of crond and the texts of logwatch from Unix platforms.
- Consolidating results of system monitoring softwares like those released from Dell, HP, and so on.
- Visualize the results to make it easier to confirm what is going on.
- Issuing alerts via e-mail and web monitor pages.
- The site design as a whole. (I am using IIS as a web server to show the results.)
- Designing a fault-tolerant system for both SoftEther and the server.
-
SNMP and WMI on Windows: WMIex.MSFT.NET
-
The famous snmpboy site has evolved dramatically to handle WMI implementation!
http://wmiex.msft.net/
-
KB: 810639 FIX: FTP Passive Mode Support for Firewall Scenarios
-
This article describes how to put controll on the ports used with FTP PASSIVE mode with IIS 5.0.
SP4 is required to enable this.
http://support.microsoft.com/?kbid=810639
-
Tool: Pagedefrag de Sysinternals
-
Un utilitaire pour les dossiers defragment qui ne sont pas faits après bootup.
http://www.sysinternals.com/ntw2k/freeware/pagedefrag.shtml
-
Ev2T
-
It is a tool which converts event log messages to SNMP traps.
http://www.ncomtech.com/download.htm
As for multilbyte languages it may not be ready...
At least sending traps to Kiwi has been terrible when I used this tool with Japanese version of Windows Server 2003.
You may have to obtain a management app which is capable of handling multibyte messages like Japanese, Chinese, and Korean.
Anyway there seems no probs when used with English version of NT Kernel-based OSes.
-
Syslog management on Windows platforms.
-
Do you know WinSyslog from Adiscon? It is so cool a tool for us system operators/administrators.
Check it out at: http://www.adiscon.com/
(For Japanese: http://adiscon.port139.co.jp/)
This tool is so cool, as it allows you to consolidate all the standard error/log messages to one server. With MSSQL you can even display the messages via IIS 4/5. Merging Syslog, SNMP, and Windows Event logs are critical for system admins, to whom we can say this tool is the very solution for managing system health in general.
You can merge SNMP with syslog, using either the latest version of WinSyslog, or with Kiwi Syslog Daemon (http://www.kiwisyslog.com).
You can merge Windows event logs with the following tools:
1. Event Reporter from Adiscon
2. Event logs to syslog utility from Purdue University.
3. ntsyslog service tool from SourceForge
cf. I found a localised version of ntsyslog in Vector or Mado-no-mori, which uses EUC-JP for Japanese. If you have already deployed Linux- or *NIX-based solution for the consolidation of logs, this client is just-fit, it seems.
Note: there are other tools in the world to facilitate this function. According to Kawabata-san (http://www.kawabata.com/), you can even write up the tool that just-fits to your need. ;-)
***System Requirements:
A. System: See the URLs above
B. Human:
B-1. Knowledge of syslog (unix and network devices you use.)
B-2. Ability or Experience of manually parsing eventlogs on Windows
B-3. Ability to configure network devices to emit logs, if you think you'd like to add the target of monitoring.
B-4. Ability to configure SNMP on servers and clients to enable them to emit SNMP messages.
B-5. Ability/experience to configure server management tools like Allied Telesyn SwimView, HP OpenView or Dell Server Administrator /IT assistant for PowerEdge Systems.
(It is okay to use other administrative tools according to the needs at your managed networks. Tools above are just as examples.)
Outputs are just like this.(Special thanks to lg_de_sucre, a cool guy working together.)
Howto: Manage logs (delete unwanted/needless log messages)?
-> Create jobs (using T-SQL) from SQL Server Enterprise Manager.
Howto: merge the route and simplify the system?
-> Use SoftEther or other VPN products.
Howto: merge outputs of Snort?
-> Consult with docs around Snort.
http://www.winsnort.com/ or http://www.snort.org/ are both good-starts.
Ah, it seems I am gonna miss the last train, so see ya later!
YamaKen at the office in Tokyo.