Friday, March 18, 2011

Use Hotmail as a POP/SMTP account

It is possible to set up an e-mail client to use Hotmail services as a POP/SMTP account with the following settings:
  • POP server: (Port 995)
  • POP SSL required? Yes
  • User name: Your Windows Live ID, for example
  • Password: The password you usually use to sign in to Hotmail or Windows Live
  • SMTP server: (Port 25) {Note: If port 25 has been blocked in your network or by your ISP, you can set SMTP port to 587 with TLS or SSL Encryption depending on the client in use}
  • Authentication required? Yes (this matches your POP username and password)
  • TLS/SSL required? Yes

Saturday, March 5, 2011

How to make FreeNAS work with Active Directory

Original article here.
  1. Install Free Nas (do the normal assign disks mount them take default access settings)
  2. configure access (active directory) if you got your settings right you should be able to go into information (ms active directory) and see its now grabbed the list of users and groups, ignore the failed to create users or groups bit in the log, im no linux expert but i dont belive its anything to worry about since my log still says it and AD is working FINE !!
  3. enable cifs/smb (ensure you select to turn on EA support and Dos attributes)
  4. Once you have done that create a master share to your mount point, i called mine Admin ENSURE your master share has set HOSTS ALLOW as your FIXED STATIC IP ADDRESS of your main SERVER or the administators IP, in Hosts deny put ALL this will block everyone else, also take the tick out of browsable.
  5. On your windows AD server (the one you just put the IP address in for above) map the admin share, either manually create the map, or set the share you created to browsable, then map it and then change it back to not browsable once you mapped the drive.
  6. now we have a secure (well its as good as its going to get) way to administrate the shares lets create some folders.
  7. now its the time when it all goes wrong for everyone else from what ive read, ive heard a few people managed but no conclusive way, which is why im documenting mine. Right click the folder and select properties, then the security tab, then the advanced buttont (dont cheat you need to press the advanced button it wont work if you dont, you will see why in a minute)
  8. click add and select the user(s) or groups you want to add, once added select their access permission to the folder, finally click apply, as soon as you do you will see you previous had administator, everyone and wheel listed in users, you added a few but the system has also loaded on creator group, creator owner and a second everyone flag.
  9. if you use the basic add users you cant see the second everyone, see one has None in permission and the other has read and execute, delete the one with read and execute permission and click apply. it should stay gone. Ignore the other permissions, delete anything other than what i say they will just come back and screw it all up, trust me. The hours i spent before i realised in advanced it was duplicating the everyone flag...
  10. Now the new folder with permissions in the admin share is accessable by the admins ip only, so we need to share this. Create a new cifs/smb share (ensure you tick inherit permissions and browsable this time) and select it map it to your created (permission set) folder.
  11. Test it out, the user(s) with permissions can see the folder and use it (read / write) the users who cant can see the folder and cant access it.

Friday, March 4, 2011

What to do when the SA account password is lost in SQL Server 2005

Taken from this blog.
You may have faced the issue of losing the SQL Server SA password. Perhaps you followed the security best-practice of removing the builtin\Administrators from the sysadmin server role, and no one you can find is in the sysadmin role. At this point you may think that your only options are to reinstall SQL Server and attach the databases, or to directly access the master database files, which may potentially damage the data.

SQL Server 2005 provides a better disaster recovery option for this scenario that is non-intrusive for master DB and that will help you preserve any objects and data stored in master DB (such as logins, certificates, Service Master Key, etc.) intact. Members of the Windows Administrators group now have access to SQL Server when SQL Server is in started in single-user mode, also known as “maintenance mode “.

Using the single-user mode, SQL Server 2005 prevents a Windows Administrator to abuse this privilege to act on behalf of the sysadmin without being noticed. This allows Windows Administrator accounts to perform certain maintenance tasks, such as installing patches.

In order to start SQL Server in single-user mode, you can add the parameter “-m” at the command line. You can also use the SQL Server Configuration Manager tool, which provides proper controls for the file access and other privileges. To use the Configuration Manager tool to recover your system, use the following steps:

  1. Open the Configuration Manager tool from the "SQL Server 2005| Configuration" menu
  2. Stop the SQL Server Instance you need to recover
  3. Navigate to the “Advanced” tab, and in the Properties text box add “;–m” to the end of the list in the “Startup parameters” option
  4. Click the “OK” button and restart the SQL Server Instance
    NOTE: make sure there is no space between “;” and “-m”, the registry parameter parser is sensitive to such typos. You should see an entry in the SQL Server ERRORLOG file that says “SQL Server started in single-user mode.”
  5. After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication. You can use Transact-SQL commands such as "sp_addsrvrolemember" to add an existing login (or a newly created one) to the sysadmin server role.
The following example adds the account "Buck" in the "CONTOSO" domain to the SQL Server "sysadmin" role:
EXEC sp_addsrvrolemember 'CONTOSO\Buck', 'sysadmin';
6. Once the sysadmin access has been recovered, remove the “;-m” from the startup parameters using the Configuration Manager and restart the SQL Server Instance

Important Security Notes:
This process should only be used for disaster recovery when no other method to access the system with a privileged (i.e. sysadmin or equivalent) is available.

This process allows a Windows Administrator account to override their privileges within SQL Server. It requires explicit and intrusive actions that can be monitored and detected, including:
· Stop SQL Server and restart it in single use mode
· Connecting to SQL Server using Windows credentials