Mike's Realm

So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login.  You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.

LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:

sudo /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]’ RequireMembershipOf “domain\\domain^admins” “domain\\unix^admins”

Yes you need the double slash–this escapes the slash properly.  Also if it isn’t obvious replace domain with your domain name.  You can specify as many groups as you want, just encase in quotes and leave a space as shown above.  Now you simply refresh the Local Security Service like so:

sudo /opt/likewise/bin/lwsm refresh lsass

And your done, easy-peasy with LikeWise

Some things to note:

• Remember to escape the slash between domain & user with a slash (double slash)
• Use ^ in place of spaces
• Obviously replace DOMAIN with your domain
• If you have problems try dropping case on the group names

VMware makes some pretty nice graphics for all their documentation/presentations.  If you ever wanted to use any of those graphics (like the one to the side of this post), VMware provides a number of these diagrams, icons, and stencils on their community website.  Theres three “packs” of Diagrams and Stencils currently out there:

2009 Pack

2010 Packs

• http://communities.vmware.com/docs/DOC-13702
• http://communities.vmware.com/docs/DOC-13703

Next time you need to do a presentation or some documentation kick it up a notch and use these diagrams.  Those graphic artists at VMware do a great job making some fantastic stuff.

APC has been offering a solution since ~2007 with the NetBotz PX AP9361 (Now NetBotz Access Control).  These support the usage of HID proximity cards so hopefully the same cards you use in your facility can be used.  Each kit is good for one rack, and secures both the front and rear doors, it includes contacts for both doors so if someone uses the physical key rather then an access card it can send an alert, or work with other NetBotz devices to snap a photo and send you the mugshot.  The only downside is that you must have NetShelter SX rack enclosures. Read the rest of this entry »

Apparently you can receive images from NOAA satellites using  a receiver with a tuned antenna, and software via automatic picture transmissions (APT).    The satellites transmits APT via VHF between 137Mhz and 138Mhz frequencies.  These same satellites also send (High Resolution Picture Transmission) HRPT images using microwave frequencies.  I only care about the APT transmissions only at this time. These satellites are not geosynchronous (like GPS satellites) they pass overhead every once awhile.  They are overhead for only about 16 minutes, you record the audio you receive and run it through some software that will render the audio into an image.

I plan to construct a QFH (Quadrifilar Helical) antenna, you might also see it called a QHA.  I’m no RF guru but apparently it provides the best polarization in a circle along with hemispherical reception. Stay tuned…

So, you have to build a Windows Server 2008 R2 VM Template ESX/ESXi?  Theres a lot of folks out there that give their 2 cents on the matter, and a few walkthroughs but everytime you read one thing you come across something new…So I decided to put my procedure online and I also added some notes about each task with reasoning for why I do each task.

I integrated bits and pieces from: SOLORI’s Blog, Jeremy Waldrop’s Blog, Techhead and  Yellow Bricks as well as various bits from technet.

Remember to setup vCenter for Guest Customizations by placing the sysprep files for all the various versions of Windows in the proper locations, refer to this VMware KB Article for locations and instructions: VMware KB: 1005593

Give your feedback, if you don’t agree with something let me know!

Read the rest of this entry »

So I bought an exam voucher for $99 bucks last night, plan to knock this out in the next few months.  (Need to tackle Security+ first)

I should have taken this last year after I got my CVE (Certified Virtualization Expert) but wasn’t thinking.  I don’t expect it to be very difficult at all after reviewing the Exam Blueprint, for the technical bits, it looks like 99% point-click GUI knowledge and 1% command-line (apart from all the various product version/requirements stuff).  I think I will move for the VCAP-DA after getting my VCP out of the way, the CVE course really forces you to learn command-line and not rely on the GUI for everything.  I feel prepared pretty well for VCAP-DA as well, though that will require some brushup and lab work.  The only bits I haven’t used that VCAP expects are are Orchestrator, vShield Zones, and vCenter Linked mode.

Not sure what I’m going to do about the course requirement, I never attended any of the required VMware training courses…

Had to get a URL out of HTTP headers from proxy servers at work today, this ended up working for me:

http.*:\/\/.*?[ ]

1	http.*:\/\/.*?[ ]

I didn’t even really want to take the test but did, I passed CompTIA Server+ today.  So I received word that I passed my CISSP exam a couple of weeks ago but since I don’t have a “solidly verifiable” 5 years experience in the various domains I would have to either wait until 2012 to be officially a CISSP or pass Security+, and that would knock it down to only 4 years of experience required.  I never pay full price for an exam so checking my usual spots I thought I would come up with a Security+ voucher for cheap but all I could find was Server+ for about $100.  I figured what the hell, it’s a CompTIA test no study required and bought it to waste some time.  I went and took the test a few days later, and passed with a solid score of like 865.  Chalked up my  2nd CompTIA certification with no studying. (did the same with i-Net+ on accident a few years ago when Prometric mis-scheduled me for i-Net+ instead of Network+. Read the rest of this entry »