Digital Choke Daynotes

 Monday, January 31, 2005       mail    link   the story

Another version of the "SoBig" virus is out. The executable is inside a zip file, but it's still an executable program. The word is "Don't". The Anti-Virus vendors have come out with an out-of-cycle update to catch this new version. McAfee did one today (Monday); they usually send updates every Wednesday.

But those of you that are doing the "Simple Steps" are protected. And if you have a wireless network, use these "Simple Steps".

Yesterday was the usual thing. Church meetings, afternoon naps, then grandkids (and their parents) for dinner. Then relaxing a bit before bedtime.

I was playing with Picasa again (that's the free photo editing program from Google). Great program! I took some pictures and added a 'label' to a group of them. Then opened up that group, and hit the 'Order' button. That took me to a choice of places for on-line printing of the pictures. I chose WalMart; their cost is 24 cents a picture. A quick registration on their site, then the Picasa program uploaded all the pictures to what WalMart calls an 'album'. A few more clicks, and I had ordered 4 x 6 pictures through their one-hour developing program.

It took a while to get them uploaded -- there were 39 pictures, and there doesn't seem to be compression during the upload. But it was fairly brainless (like me, sometimes), and one hour later we wandered over to the neighborhood WalMart and picked them up. They turned out just as good as if I had used regular film, or one of their self-service kiosks.

The nifty thing about that is that you could send your pictures to any WalMart. So I can send (and pre-pay) a group of pictures to Stacy in Idaho, or anyone else. They can pick up the pictures at their local WalMart. A great way to share pictures. I'll probably use it some more. There is a tenancy to take lots of digital pictures, but getting prints (at home or at a photo shop) can be a big hassle. The result is that most of those pictures are on your computer and not easily shared or viewed by others.

And the Picasa program worked great. There were a couple of pictures where the red-eye removal tool seemed to create a weird-looking eyeball, but I think that was my problem. That needs more investigation. But it's a great program, especially since it is free.

 Tuesday, February 1, 2005       mail    link   the story

Welcome to February. For us males, it's time to remember that there are only 13 more shopping days. And to remember what will happen if we forget. The hardest part is to figure out something clever. I'm certainly open for suggestions.

I spent most of the day at work playing with the NET USE command to connect to other computers on the network. No, I wasn't going where I wasn't supposed to be. I accessed one of the other computers in my cubicle. It's a test machine that I use for other purposes, but it has a pretty generic installation, so the knowledge gained will be helpful.

I was also looking at the REG.EXE program. With the proper authority and access (and syntax), the command can be used to look at the registry values of a remote computer. The purpose is to use this process as an auditing tool to determine, for instance, whether the computer has the proper anti-virus settings. No full success yet, but there was some knowledge gained.

If I can get the basic command to work, then I can put it into a looping batch command that will do the process for all the IP addresses that are in use by workstations on our network. Now there are a lot of computers around here, and my job includes looking for "holes" on the inside and outside. But every one of the computer has an Internet connection. And we do have web monitoring software.

So I wrote a Crystal Reports report that accessed the log file from the web monitor server that gave me unique IP addresses. That will be useful information as I passively audit the computers on the network.

It was an interesting day. Knowledge gained.

Computer security can work if you do it correctly. But, as you can see in this picture, sometimes a security process doesn't work as well as planned, because you don't see the whole picture. (Found the link here, which has some good thoughts on security.) That site is one of my regular stops.

More knowlege gained.

 Wednesday, February 2, 2005       mail    link   the story

An interesting day at work. One of the servers contains some critical information, so the access to various files on the server need to be carefully controlled. Some people need full access in order to store the latest information. Others need to access the data for changes, and most need to have the ability to read the files, but not change them.

There are folders that need to be created according to needs, but not everyone should be able to create folders. The structure of the folders need to be carefully monitored, and duplicate data needs to be controlled.

There are many people that have access to the data, but only a few should have the ability to give access rights to the folders. So the whole thing needs to be carefully planned and monitored and controlled.

It is also important to be able to audit the access rights to the various files and folders on the server. You need to make sure that all users have the appropriate rights the various files and folders. And you also might want to know who might have changed things.

So, you turn on auditing on the server. And you look at the auditing log files to make sure that all access is appropriate. And you look at the settings on the server to make sure that auditing stays on. And the log files are monitored against damage or deletion. And you look at important files to see when/if they change, and who changes them. And you back up the data.

If the files and the data are important, then you keep track of the activity and access on the files.

And you don't give full access permissions to the root of the drive to the 'everyone' group.

Not all of the above happened on one particular server. So most of my afternoon (and probably a good bit of tomorrow) was taken up with determining who did what and when they did it.

Even though there wasn't any file damage, there might be some lessons learned from this experience.

--oo--

Brian Bilbrey made an important suggestion about the upcoming gift-giving day:

... and Marcia's (his significant other) birthday is the day following. I've always found that a simple rule suffices for this time of year:

Sparkley and Expensive.

My significant other laughed ... and agreed.

Sigh.

 Friday, February 4, 2005       mail    link   the story

I spent some more time yesterday and today playing with the REG QUERY command. That command allows you to grab specific registry keys and their contents. With the proper access rights, you can grab entries from a computer on your network. The syntax is pretty basic: REG QUERY \\ipaddress\HKLM\full-key-name .

My problem was that I could get my local computer's registry values, but not the values from other computers on the network. Turns out the syntax is slightly different depending on the version of REG that you have. Earlier versions wanted the IP address at the end of command, as in REG QUERY \HKLM\full-key-name \\ipaddress . As soon as I fixed the command to put the IP address in the front, where it belonged for my version, I can get the information. It's still a bit slow, though, but that could be because of the complexity of the batch file I am using.

John Dominik, over in the frozen parts of Minnesota (where I suspect you can get your parts frozen if you are not careful), was working on problem that could benefit from the REG QUERY command. He wanted to get a list of installed software on the computers on his network.

While wandering around the 'net looking for help with my REG QUERY problem, I found a possible solution for John. Here's the simplified part of the batch file (each yellow block is a separate line):

@Echo Off

Setlocal

If #%1#==## Goto :syntax

Set targetcomp=%1

Nbtstat -a %targetcomp% | Find /I "Host not found" > NUL

If %ERRORLEVEL% EQU 0 Echo %targetcomp% is unavailable at this time & Goto :EOF

Echo.

Echo Installed Software for %targetcomp%

Echo ---------------------------------------------------------------

For /f "tokens=1,2,*" %%i in ('Reg Query \\%targetcomp%\HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
/S ^| Find /I "DisplayName" ^| Find /V /I "Quiet"') Do Call :getappname "%%k"

Endlocal

Goto :EOF

:getappname

Set keyname=%1

If %keyname%=="" goto :EOF

Echo %keyname:"=%

Goto :EOF

:end

:syntax

Echo.

Echo Syntax : queryinstalledsoftware ^<computername^>

Echo.

Echo Example: queryinstalledsoftware wkstn01

Echo.

That will give you a list of the installed software because it uses the registry information used by the "Add/Remove Programs" in the Control Panel. I did notice that the FIND part of the batch file didn't like an "&" character in the program file name (such as "Spybot Search & Destroy"), but the process still works. You might find this technique useful (if not entertaining). For instance, if you need to print out a quick list of your installed programs, this might help out. (To use, copy the yellow text into a text file, and save it as <something>.bat )

Another trip to the local weekend car lot for the truck, and a birthday party for Joelle (niece, now 5) is on tap for the weekend. Along with the other usual stuff. Hope yours is similarly enjoyable.