Sunday, January 12, 2014

Moving Linux VMs from VMware to 2008r2 Hyper-V

This week I was tasked with moving a Linux VM from a VMware host to a Server 2008r2 Hyper-V host. My boss and I did a bunch of digging, but couldn't find a direct way to do it. Windows VMs weren't a problem, but Linux seemed to be impossible. He finally found a tool to do it, but there was no single post detailing the process. Here's how we finally managed to do it.

1) Shut down the VM in vSphere.
2) Export the VM to VMDK(VMware Workstation) using the VMware vCenter Converter Standalone Tool
3) Install VirtualBox on a machine
a) You actually only need three files from this install
i) VBoxManage.exe
ii) VBoxDDU.dll
iii) VBoxRT.dll
b) Don’t  install it on your Hyper-V or ESX host, it might cause problems.
4) From an elevated command prompt convert the vmdk to vhd
a) VBoxManage clonehd "F:\VMs\MyVM.vmdk" --format VHD "F:\VMs\MyVM.vhd"
5) Create a new VM in Hyper-V using the newly formed VHD as the disk.


The process doesn’t look as hacked together as it felt when we were doing it. It'd be nice if linux VMs moved as easily as Windows VMs. 

Tuesday, November 26, 2013

Stop Flash from bugging you

The flash updater is annoying to say the least. Here’s how to get it to leave you alone, while staying updated.

1.      Open C:\Windows\SysWOW64\Macromed\Flash
a.      Open mms.cfg with Notepad
                                                    i.     If this file doesn’t exist, open Notepad
                                                   ii.     Select File -> Save As… and name the file mms.cfg
b.      Add or change the following 3 lines
                                                    i.     AutoUpdateDisable=0
                                                   ii.     SilentAutoUpdateEnable=1
                                                  iii.     AutoUpdateInterval=0

c.      Save and Exit

Monday, November 18, 2013

Copying a Windows disk to a thumb drive

Here are the steps to quickly copy a Windows DVD to a USB drive.

1)     Format the drive
a)     Open Computer
b)     Right Click the USB drive you are going to use
c)      Click Format…
i)       Set File System to NTFS
ii)    Check the Quick Format box
iii)    Click Start
iv)    Click OK to finish formatting
2)      Insert your Windows DVD
3)      Make the device bootable
a)      Press the Windows Key on your keyboard
b)      Type CMD
c)      Right click on CMD.exe and click Run as Administrator
i)        Verify that E: is your USB Drive
ii)      Verify that D: is your DVD Drive
iii)    Type D:/Boot/bootsect.exe /nt60 E:
4)      Copy The DVD files to the USB
a)      Open Computer
b)      Open the Windows DVD
i)        Press CTRL and A
(1)   This is the keyboard shortcut for Select All
ii)      Press CTRL and C
(1)   This is the keyboard shortcut for Copy
c)      Open Computer
d)     Open your USB Drive
i)        Press Ctrl and V
(1)   This is the keyboard shortcut for Paste
ii)      Wait for all of the files to transfer


You can now boot a computer from your USB drive, and install Windows.

Monday, September 30, 2013

Securing your Twitter accounts

So this last week I've had a ton of friends spam me with really suspicious DMs. I've texted them so they knew and could change their passwords, figuring they had just clicked on something they shouldn't have. Today, it happened to me. I'm pretty careful about what I authorize, and don't remember hitting anything suspicious. There's a fairly simple fix to keep this from happening in the future, enable two factor authentication. Here's how to do it.


First, log into Twitter, and open the Settings Menu

Click on Mobile


Enter your Phone number, and click Activate Phone.


Twitter will prompt you to send a text message to a number. Once the message has been sent you'll be automatically forwarded to a page that allows you to select what text messages Twitter will send you. Make your selections, then click Save Changes.


Once your changes have been saved, click on Security and Privacy


Click Send login verification to [phone number]


Click Okay, send me a message


When you receive the text message, click Yes.


Enter your Twitter password, and click Save Changes.


You should get the following confirmation page.


Now you'll get the following page and a text message whenever you use a different computer, or browser.


This should keep anyone from using your account without your permission.

Monday, August 12, 2013

I lost my device, now what?

If you followed the instructions in my last post, activate Prey and go get some ice cream because all there is to do is wait. For everyone else, you're in for a horrible day. I'll try and make securing all of your things as easy as possible. I'm going to break this post into two sections; Phones and Tablets, and Laptops.

Phones and Tablets

Android

Google just released Android Device Manager. It will show you the current location of your phone, and will allow you to turn the ringer on full volume for 5 minutes, and if you enabled it, lock and wipe the device.

iOS

Find My iPhone will show you where your phone is and remotely wipe it, as long as you have another iOS device.

Windows Phone 8

http://www.windowsphone.com/ has options to locate, call, and wipe your phone, after signing in with your Windows ID. It will also allow you to lock your phone and put a message up on the screen.

Laptops

OSX

If  iCloud is enabled Find My iPhone will enable you to completely erase the device the next time it connects to the internet. You should still reset all of your stored passwords, because if they've connected it to the internet, they had access.

Windows 7/8

If your laptop isn't encrypted, you're in trouble. As I said in my last post resetting passwords is insanely easy if you have physical access to the device. There isn't an effective way to remotely wipe the device, if you haven't pre-installed software to do it. That means it's time to start resetting all of the passwords you had saved in your browser.

Password Resets

Start with your email accounts. Email accounts are the skeleton  keys to your digital life, once someone has access, they can reset the passwords to everything else you own. Next, reset your social media passwords. A lot of sites authorize through Facebook or Twitter. Amazon should be your next change, followed by any retailers that have stored credit card information. At the very least, I would make sure to use different passwords on each of these services. You should use different passwords on everything, but make sure that these services are all unique. I recommend using LastPass or KeePass to securely store all of your logins.
 
Now that those accounts are safe, it's time to start working on everything else. Open up your email and type username into the email search. The results should give you a fairly accurate list of what sites have passwords that need to change. 

Tuesday, August 6, 2013

How to protect a phone, laptop, or tablet before it gets lost.

I've gotten a few questions from family and friends on what to do when they lose their device. This is what to do when you get a new device. These steps make dealing with the loss way easier.

The first thing you should do is make sure everything is password protected. Yes, it's a pain in the ass. I hate it, too. It is a solid first line of defense.  
Windows 7
Open Control Panel\All Control Panel Items\User Accounts
Click Create a password for this account
Windows 8
Open Settings, then Change PC Settings, then Users
Click Create a password under Sign-in options
Windows Phone
Tap the App list, then Settings, then Lock screen
Tap the Password slider
Android
From the Home Screen press the Menu key
Tap Settings, Lock Screen, then click Select screen lock
Pick a type. Password is the most secure, Swipe is the quickest
I check Owner Info and leave my email address in case someone finds my phone
OS X
Open System Preferences, then Security
Check the box Require password to wake this computer from sleep or screen saver
iOS (iPhone, iPad, iPod)
Tap Settings, then General
Tap Passcode Lock

A quick note on password security: A long easy to remember password is usually better than a short complex password. I tend to use full sentences with a weird contraction in the middle somewhere. N0bodywill’verguessthis would not be fun to crack, and is fairly easy to remember. http://xkcd.com/936/ http://www.baekdal.com/insights/password-security-usability

So now that you've enabled passwords on your devices, a random stranger can’t pick up your device and have access to everything that you do. Great, casual theft doesn't cost you everything. The problem is, this doesn't stop anyone that’s determined. Windows XP and 7 passwords can be defeated with http://freecode.com/projects/chntpw Mac passwords can be bypassed with Single user mode http://osxdaily.com/2011/04/25/change-admin-password-mac/. Android, iOS, and Windows 8 don't reset easily without access to your computer or email account.

The solution is to enable encryption on all of your devices. Remember, once a device is encrypted losing the password means you lose everything.  Here’s how on most standard systems:
Windows 7 or OSX
Download the correct version http://www.truecrypt.org/downloads
Run the program and select System, then Encrypt System partition/Drive
Follow the prompts
Next time I do this, I’ll grab better documentation of the process
Buy the developers a burger and a beer http://www.truecrypt.org/donations/
Windows 8 Pro (currently you have to upgrade if you’re not running Pro)
Search for Bitlocker Drive Encryption and open it
Expand Operating system drive
Click Turn on BitLocker
Follow the prompts to complete
Windows Phone 8
Encryption can only be turned on if the phone is connected to a corporate network
Android 4.0+
From the Home Screen press the Menu key
Tap Settings, Security, then Encrypt Device
Read and follow the instructions
iOS 4+
Tap Settings, General, Passcode
Follow the prompts
Turn Simple Passcode off
This enables the full keyboard
Erase Data can be enabled
I feel there are better ways to do this, and having my phone erase after 10 wrong passwords seems like a bad idea

OK, your device now only works for you. Your accounts are all safe, and nobody is getting the pictures of you at Disneyland. Now the big question is how you get your device back if it gets stolen? I use Prey Pro http://preyproject.com/ It installs on everything(Windows, Linux, Mac, Android, iOS), is only $54 a year for 3 devices, and will do nifty things like take a picture of the person using your phone, as well as telling you where it’s at, and wiping the device. They have a free version too, but it’s not as robust as the paid version.

What if your device never shows up, or it was dropped in a pool?

Windows and Mac
I have a file server at my house for local backup
I use http://www.backblaze.com/ for offsite in case of fire or burglary
iOS
Tap Settings, iCloud, then Storage and Backup
This will backup 5GB of data to Apple’s servers
In iTunes there is a device backup feature
Right Click on your device
Left Click on Backup
Android
I have Google+ auto-uploading my photos
I’m using Google Voice, so my texts are saved
Gmail has all of my contacts
Google Play has all of my apps

If Google doesn’t own your life, I’ve heard good things about MyBackup Pro http://backupandroid.com/



This took me a bit longer to write out than I originally planned. I’ll get a post written this week on how to deal with your accounts when you lose a device. 

Friday, September 30, 2011

Setting up NiniteOne in a Windows Environment

I recently purchased a pro copy of Ninite  to run on our active directory controller to keep all of the workstations in our environment up to date. I couldn't find a walkthrough so here's how I made it work.

I installed the .exe onto a shared drive(For the example it is installed in Y:\Workstation Software), and gave all of the users read access to it.
We're running Windows server 2008 on our domain controller
On one of our domain controllers I opened the Group Policy Management snap in
Right click on the Workstations folder and select Create a GPO in this Domain and link it here
Name the GPO something useful like Ninite Login Script
Right click again, and select Edit
In the Group Policy Management Editor select User Configuration -> Policies -> System -> Login
Double Click Run these programs at user logon
Select Enable
 Click Show...
In the Value box enter Y:\Workstation Software\NiniteOne.exe /updateonly /silent ninite.txt
 The /updateonly switch causes Ninite to only update programs that are installed
The /silent switch doesn't prompt the user for input
ninite.txt creates a report file