All we did tonight was set up AD on our computers, setting up a scenario where we have two parent domains with one child each. Next week, we’ll jump into Group Poicy (one of my favorites) and Users and Groups. See you next week!
Homework:
Welcome back after a, uhm, zero day break!! I think you guys will like this particular class as it takes what we’ve learned since last fall and is culminating it down to design on a whiteboard. Hopefully today you’ve seen why I enjoy teaching this course so much — it gets us to use the abstract knowledge we’ve picked up so far and apply it in a real-world fashion. It’s my hope that this class will make you see just how much you’ve learned so far.
We dug in after a brief discussion of the syllabus. The main change I’m making this quarter is implementing a dress code requirement. It’s my job to prepare all of you for a career in IT, and that includes more than sheer knowledge. Only 19% of surveyed businesses place competence as the #1 desired quality in a job applicant so it’s imperative that you guys can look and dress the part of IT. After that, we went on with the class…
Chapter One was a discussion on, among other things, the System Development Life Cycle (SDLC). The idea is that our networks (and technology in general) should go through the five stages of the SDLC:
Remember, as IT, we’re constantly performing functions of each of these stages — for example, we may be performing standard maintenance on our file servers while we’re installing a new Exchange server and researching equipment for a new domain controller.
After lunch, we shifted gears to a DNS discussion. We first took a little time and reviewed basic DNS concepts such as zones, forwarders, zone transfers and AD implementation. Then, we took to the real-world and examined a situation in which a parent company dealt with one of its subsidiaries that needed access to a third-party’s DNS servers. Specifically, we needed to make sure the subsidiary’s DNS system was fault tolerant (by setting up a secondary server) and we wanted any DNS names that needed be resolved on the Internet go through Contoso.com instead of through its own connection (“All other domains” forwarding to 10.1.1.200). Any queries that needed to be resolved by partner company servers would be sent directly to that partner company by way of secondary forwarding (“adventure-works.com” forwarding to 10.1.1.3)
Homework:
Last night of class, and I wish I could say it was slightly more successful. But, alas. Still no redirection. If time were no factor, I would rebuild the whole thing and make the freakin’ thing work.
Anyway, for many of you, this is the last IT class you’ll have. It’s been a blast, and don’t be a stranger (and all that other cliche stuff).
Homework:
Today we celebrated the last day of the Spring 2008 quarter by going over the final exam (nice job on those, overall) and delivering final grades. See you guys next week for the beginning of Summer 2008.
Homework:
I’m typing this post with my thumbs on perhaps the tiniest keyboard I’ve ever used — the one on my Windows Mobile device (AKA cell phone). I’m not sure if I’ll continue using this WordPress feature but it’s good to know it works.
One of my favorite sessions at TechEd 2008 was a session given by Marcus Murray about password hacking — the number of available tools out there and their power to break into "locked" accounts is just as scary as it is fascinating.
The most amazing demonstration at this session had to do with Windows Server 2008. Vista and Server 08 include an “Accessibility” button on their logon screens that users can use to turn on helper tools like Sticky Keys or Magnifier, etc. This simple button envokes a small app called “Utilman.exe which takes the user’s preferences and applies them to the server before logon time.
So what’s the big deal?
The big deal is that utilman.exe is run with System rights; it has to: it’s run before any particular user is logged on.
The problem with this scenario is this: anyone with physical access to the machine can simply boot the computer with an alternate OS (assuming that OS can read NTFS) and replace the Utilman.exe file with a copy of the CMD.exe file.
Now, when Server 2008 or Vista is rebooted, clicking that Accessibility button (great name, given the exploit) brings up a command prompt window with System rights.
Yeah. You can do just about anything on a computer with System rights. And with this exploit, you’re granted them without having to even come up with a user name or password.
Read the original story here.
He’s probably going to kill me for calling him out like this, but JD passed his A+ Essentials exam yesterday with a 635! If you see JD, make sure you congratulate him.
JD can now add this to his list of certifications and make himself that much more desirable to employers. Fantastic work JD!
All of the computers that were given to us to fix are now completed, and we finished up the quarter by taking hte final exam, if you had to.
See most of you next quarter!
Homework:
The final projects and final exam was all our class was about today. Grades were passed out, and I must say, every one of you did a great job! Have a nice couple of weeks off, and I’ll see you for the summer quarter!
Homework:
Tonight we tackled the task of enabling OWA on our Exchange servers. If you remember, we first had to enable SSL on our IIS server, and enable forms-based authentication on our Exchange server. That went moderately well, and then we tackled the task of redirecting a simple “http” page request to a security-required “https:” page. That didn’t go as great as planned, although there were a couple of interesting ideas, including one to replace the 403 Forbidden error page with an ASP page scripting the redirect to a secure site. Nice.
We’ll get it to work next week. See you then!
Homework:
