Our Windows and Unix System Administrators will be applying vendor released system updates and performing other maintenance related tasks on many of our shared and managed servers. Service interruptions are expected to be brief, and will likely go unnoticed, but some minor service interruptions may occur.

Donet performs regularly scheduled maintenance to ensure the security, performance and reliability of the services we provide to our customers. We regret any inconvenience our scheduled maintenance activities may cause to our customers. If you have any questions or concerns, please contact the Donet Technical Support Team at (937) 226-68964

#——–begin script——–
del C:\sizes.txt
$totalsize=0
$totalusers=0
$databases = get-mailboxdatabase
foreach ($database in $databases)
{
$mailboxes = get-mailbox -database $database
foreach ($mailbox in $mailboxes)
 {
 $user = get-mailboxstatistics $mailbox.name
 $user = [string]$user.totalitemsize
 $user = $user.Replace(”B”,”")
 $user = [int]$user
 $totalsize = $totalsize + $user
 $totalusers = $totalusers + 1
 $user = $user / 1024
 $user = $user / 1024
 $mailbox.name | out-file c:\sizes.txt -append | out-null
 $user = [math]::round($user, 2)
 $user = [string]$user
 $user = $user + ” MB”
 $user | out-file c:\sizes.txt -append | out-null
 }
}

$totalsize = $totalsize / 1024
$totalsize = $totalsize / 1024
$totalsize = [math]::round($totalsize, 2)
$newline = “`n” | out-file c:\sizes.txt -append | out-null
$totalmailboxsize = “Total size of all mailboxes: $totalsize MB”
$totalmailboxsize | out-file c:\sizes.txt -append | out-null
$totalnumbermailboxes = “Total number of mailboxes is: $totalusers”
$totalnumbermailboxes | out-file c:\sizes.txt -append | out-null
$average = $totalsize / $totalusers
$average = [math]::round($average, 2)
$averagesize = “The average is: $average MB”
$averagesize | out-file c:\sizes.txt -append | out-null

#———————End Script—————–

Our Windows and Unix System Administrators will be applying vendor released system updates and performing other maintenance related tasks on many of our shared and managed servers.  Service interruptions are expected to be brief, and will likely go unnoticed, but some minor service interruptions may occur.

Donet performs regularly scheduled maintenance to ensure the security, performance and reliability of the services we provide to our customers.  We regret any inconvenience our scheduled maintenance activities may cause to our customers.  If you have any questions or concerns, please contact the Donet Technical Support Team at (937) 226-6896.

In this information age, users often need to access their home or work desktops remotely. They may need to work from home and access their work computer. They may be on vacation and need to access their home computer. How is this done? Can the same method be used for both a work and home computer?

Access to a remote desktop is typically configured through:

• Port forwarding Windows Remote Desktop or VNC application ports at the firewall
• Virtual private networking (VPN)
• An SSH tunnel

All of these choices require knowledge of networking and firewall configuration and management that not everyone has or even wants to have. Also, port forwarding at the firewall, while much easier to implement than virtual private networking and SSH tunneling, is not the most secure option. Wouldn’t it be great if there were another option-one that would work through a firewall without needing to change and manage the firewall configuration, and provided strong encryption like a VPN connection?

LogMeIn Free gives you remote control of your PC or Mac from any other computer with an Internet connection. Install LogMeIn on the computer you want to access, log into your account from another computer and click the computer you want to control. You’ll see its desktop and be able to use all the applications on your remote computer as if you were sitting in front of it.
* Works with Windows PCs and Mac OS X
* Two-minute set-up
* 100% free

The Free version does not provide file transfer, remote sound, or full printing capabilities. It only provides basic remote control of your desktop from anywhere with an internet connection. If you decide you want the full features and are willing to pay the price, you might also consider GoToMyPC.

Is LogMeIn secure? As always that depends on your definition of “secure”. The remote control session uses SSL at either 128 or 256 bit encryption. For most, that encryption level will be sufficient. The only real question you must ask yourself is, “Do I trust my data to pass through the LogMeIn gateway-over which I have no control?” For more information on LogMeIn security, read their white paper.

Compare your speeds at https://my.donet.com/speedtest.

Email content security is typically done through one of two methods, personal email certificates or PGP. Each has their pros and cons. Each has capabilities for single user, manual implementation or enterprise, centralized, automated control.

The problem with Email Certificates and S/MIME

Certificate aware email applications supporting S/MIME can digitally sign an email you send to someone, allowing a recipient to prove that an email came from you and has not been modified in transit by someone else (aka non-repudiation). Another person, also with a certificate aware email program, can use your public key and send an encrypted email to you that only you can decrypt with your private key. S/MIME relies on the multipart/signed MIME type that is described in RFC 1847 for moving signed messages over the Internet. The signature is created using the entire body of the email message. It is common today for companies and free email providers to modify an email message as it passes through their email servers by adding disclaimers or ads to the end of the email. This modification invalidates the email’s digital signature making the use of email certificate digital signatures and MIME in general an ineffective non-repudiation method. (*Note, this is also a problem with PGP/MIME and OpenPGP/MIME for the same reasons). But the encryption function when using email certificates still works, right? It sure does but can you trust an encryption key you received from someone who’s identity you cannot validate? Opinions vary.

If you would like to learn more about how to use email certificates and get some practical personal experience using one, try a personal email certificate from Thawte.com. You’ll have to convince a colleague to do it too so you can practice sending signed and encrypted email messages back and forth between each other.

Pretty Good Privacy for Email

There are two types of PGP use in email:

1. Inline-PGP
2. PGP/MIME

Unlike email certificates, PGP can be used in-line as well as through MIME. The in-line method is usually manual but allows support of all email clients including webmail. In other words, the email client can have no awareness of PGP at all. The in-line method allows the PGP application to copy the text that is to be secured to the clipboard, encrypt and/or sign it, and then paste the cipher text back into the email window. To the email client the PGP cipher text is nothing special; it is just a long string of text in the body of the email (but your spellchecker will not like it-DO NOT modify PGP cipher text). Other text and objects can be added before or after the in-line PGP text and they do not tamper with or invalidate the PGP security. In other words, inline-PGP allows only part of an email body to be signed and/or encrypted without affecting or being affected by any other part of the email body.

A Few PGP Implementations to Try

• Mozilla Thunderbird for Windows and Enigmail OpenPGP add-on

Don’t use Thunderbird? Try these:

• PGP Desktop Trial Software (Client Only). My personal favorite for free inline-PGP.
• GnuPG and Gpg4win. Not as fancy but they work. (Gpg4win works with Microsoft Outlook)

Don’t Give Up

If you’re not familiar with public key encryption, certificates, or PGP then your first attempt at using them can be challenging. It may take a period of trial and error before you have all the options and capabilities working and configured exactly how you want them. Press on, and reply to this post with any questions or comments.

If you need assistance before the phone lines are again operational please contact us via email at support@donet.com.

Please check back here often for updates as they become available.

Our Windows and Unix System Administrators will be applying vendor released system updates and performing other maintenance related tasks on many of our shared and managed servers.  Service interruptions are expected to be brief, and will likely go unnoticed, but some minor service interruptions may occur.

Donet performs regularly scheduled maintenance to ensure the security, performance and reliability of the services we provide to our customers.  We regret any inconvenience our scheduled maintenance activities may cause to our customers.  If you have any questions or concerns, please contact the Donet Technical Support Team at (937) 226-6896.

Try these basic techniques to mitigate malware exposure:

I. Common, well known techniques:
(1) Use antiviris software, enable real-time agents, update often. Run scans frequently.
(2) Use antispyware software, enable real-time agents, update often. Run scans frequently.
(3) Use a firewall.
(4) Take advantage of the spam settings on your web mail accounts. Never open suspicious email or attachments.
(5) Apply software and operating system patches often.
…ok, now that we have those out of the way…

II. Less common at home, but very effective techniques:
(2) Use OpenDNS
(3) Use a custom HOSTS file

Using OpenDNS

The names used by a web browser to load web pages must be translated from the friendly name you type into your browser to an IP address. A program on your computer called a DNS client sends a query to a DNS server asking what the IP address is for the particular fully qualified domain name in the URL you are trying to reach. The DNS server sends back a response with the IP address of the web server. Then your browser makes the actual HTTP request to the web server for the desired web page. You can take advantage of this DNS client/server operation to filter out unwanted content by using the DNS servers of OpenDNS. All you need to know to implement this service on your home network is available at www.opendns.com.

I use this service on my own home network. I find it very effective at blocking adult content, P2P file sharing programs, and social networking sites I would rather my children not be able to access.

Benefits of OpenDNS:

1. Phishing protection
2. Content blocking. Especially useful if you have children in the house.

Using a Custom Hosts File

The Hosts file is a static text file containing mappings of IP addresses to host names,found locally on every computer. This file is loaded into memory (cache) at startup. Windows checks this information before it queries any DNS servers, which enables it to override addresses in the DNS Server. This prevents access to the sites listed in the HOSTS file by redirecting any connection attempts back to the local (your) machine. Since the local machine is not the web server for the particular site, the content is not available. Simple, isn’t it? Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists. You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connections that supply them. For more information about this technique and how to implement it, visit www.mvps.org.

Benefits of a Custom Hosts File:

1. Speed the loading of web pages by not having to wait for ads, annoying banners, hit counters, etc. to load.
2. Protect your privacy and security by blocking sites that may track your viewing habits, also known as “click-thru tracking” or Data Miners.

Do you have any simple but effective techniques you use to protect your home network? Reply to this post and share it with everyone.

Many technology professionals are familiar with the concepts of quality of service when it comes to the networking world; concepts such as rate limiting and differentiated services are common techniques used in the networking world to ensure a consistent and reliable experience. But did you know that those of us in the systems administration world also have options available to us to provide the same quality and consistency in our user services? Let’s take a look at one method we can use to accomplish QoS in Windows, the Windows System Resource Manager.

What is Windows System Resource Manager?
WSRM is a resource reservation control mechanism built into Windows Server 2008 and Windows Server 2003 R2 that enables the allocation of system resources amongst different applications based on defined priorities. In simpler terms, WSRM allows administrators to define the amount of processor and memory a particular application or process is allowed to consume.

How does it work?
So how does WSRM work? Well things can get pretty tricky when considering all the technical options, suffice it to say that WSRM in its most basic form uses two distinct configuration areas to accomplish its magic:

Process Matching Criteria
A process matching criteria allows you to define rules that identify an application or process for later assignment to a resource allocation policy. You can define an identification rule for any type of object such as an application, process, registered service, or an IIS application pool. When defining a rule, you can enter multiple binaries or even a combination of all the types of objects described above.

Resource Allocation Policies
A resource allocation policy does exactly what it sounds like, defines the allocation of system resources. A resource allocation policy can define limits for two primary resource areas: processor percentage and committed/working set memory. When defining a resource allocation policy, you will choose the process matching criteria that the policy applies to, and define the resource limits and the action to be taken when limits are exceeded.

So why use Windows System Resource Manager?
It’s a good idea to implement a QoS mechanism for many reasons, but let’s take a look a just a few examples where WSRM shines.

Shared Terminal Server
A major area of struggle for administrators responsible for one or more terminal servers is that sometimes you may have one or two particularly resource hungry users that consume 90% of the systems resources, making the experience for other users terrible. A great way to solve this problem is to define a resource allocation policy that implements the ‘equal per user’ condition to ensure that each user receives an equal share of processor time.

Securing Against Denial of Service
Certain types of vulnerabilities and exploits affect application or service performance, these are often referred to as Denial of Service Attacks. In many Denial of Service (DoS) attacks, the attacker or malware rapidly replicates pieces of code or application requests until they overload the systems processor and/or memory resources. With WSRM, you can define a resource allocation policy that protects against a DoS attack by limiting the system resources available. For example, you could define a resource allocation policy that prevents a single web application from taking down an entire web server by limiting the amount of processor and working set memory available to the web application pool.

System Profiling
WSRM contains accounting features which allow you to profile a server and learn more about how applications and processes are consuming system resources before applying resource constraints on the system. This is also a great way to supplement performance counters in order to provide a very comprehensive view of how a system is performing.

Closing Thoughts
This article only discussed a very small subset of the capabilities of WSRM and the scenarios where it is useful, but hopefully it inspires you as a systems administrator to look at WSRM deeper and start thinking of ways QoS could be applied to your environment to ensure a secure, reliable and consistent experience for your users.

For more information about Windows System Resource Manager, check out the Microsoft TechNet Page