Monday 24 March 2008

Windows Vista & 2008 Network Map

Windows Vista & 2008 Network Map

Despite having run Vista for 9 months now, it wasn’t until playing with 2008 that I finally felt the need to draw a pretty map of a network.

Firstly, I tried to enable ‘Network Discovery’ in 2008’s ‘Network and Sharing Center’ by selecting ‘Turn on network discovery’ and clicking ‘Apply’. The default setting of ‘custom’ was preserved. I could turn off Network discovery, but the nearest I could get to turning it on, was ‘custom’.

After a lot of googling I finally got ‘network discovery’ to stay on by enabling 2 services –

‘SSDP Discovery’ and ‘UPnP Device Host’. These changes meant that 2 new entries appeared in the Network list, namely tsclient (presumably representing a terminal service) and my Netgear router).

To see the network map in either Vista or 2008, go to ‘Network and Sharing Center’ and click the ‘View full map’ in the top right of the window. My first attempt from a Vista laptop is shown here >


Not much of a network map, I’m sure you’ll agree.

On powering up the rest of my network, the situation only improved slightly with the addition of the 2008 box.


Getting XP & 2003 ‘on the map’...

Wikipedia provides a concise explanation that Network mapping is provided by the Link Layer Topology Discovery protocol or LLTD (like we need another acronym…) (http://en.wikipedia.org/wiki/Link_Layer_Topology_Discovery)

The Vista & 2008 Os' use LLTD to provide the map. Basically I needed to install LLTD on pre vista/2008 clients. For XP, this was simple enough. XP has an update to install the LLTD protocol (kb922120) http://support.microsoft.com/kb/922120/

For 2003, no such update exists, so the issue has to be forced >

1) Run the KB922120 installer on the 2003 machine (it is going to fail, but stick with me here...)
2) Ignore the error message, but dont press OK to quit the installer.
3) Look on the root of your drive for a crazily named installer folder (was 4e3502ace711713573322646a0e29dbb on mine) and copy the contents elsewhere.
4) Now press OK to quit the installer.
5) Configure your nic (right click network card and select properties).
6) Add a protocol, go to 'have disk' and navigate to wherever the installer files are saved.
7) From the SPCGDR\IP\ subfolders locate the .inf file and click OK.

This will install LLTD and the 2003 box will now be part of the network map.


My 2008 Network Map >



My Vista Network Map >

Wednesday 19 March 2008

Windows 2008 : Disable Password Expiry

1) Load Group Policy Editor ( start > run > gpedit.msc )

2) Expand tree branches as follows -

Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy

Set 'Maximum password age' to 0 to disable expiry totally.


Tuesday 18 March 2008

Windows 2008 : NAP - Network Access Protection

This is a new Windows 2008 'Platform' for ensuring the security of the network by controlling client access to it.
Microsoft defines 3 functions of NAP, namely >
Health State Validation - Monitoring of client machines
Health Policy Compliance - Pushing out software updates & patches to non compliant machines.
Limited Access - Define what operations (if any), client machines can perform.
NAP is particularly good for laptops as by their portable nature, they are not always connected to a company network.

Saturday 15 March 2008

Changing Service Account : SPN Issue

Following changing the Service Account on a sql install, SCCM (System Center Configuration Manager) could no longer see it's database (fortunately, its not live yet).
The SQL log rapidly started recording these entries >

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 172.27.0.9] Error: 18456, Severity: 14, State: 11.

State 11 means ' Valid login but server access failure '. Hardly helpful.
http://technet2.microsoft.com/windowsserver/en/library/579246c8-2e32-4282-bce7-3209d1ea8bf11033.mspx?mfr=true

Ignoring (for now) the fact that the we are using windows authentication for SCCM to connect to SQL.
Multiple posts on the web suggest investigating SPNs if faced with authentication issues.
By changing the service account, SQL has attempted to register a new SPN to associate the service, machine name (FQDN form) and port number together.

To check SPNs present use >
setspn -L servername
Due to the foresight of network admins, the new service account does have rights to register an SPN. The problem now is that there are 2 SPNs for the service on the server, each using different accounts. In a nutshell, AD connections wont know which to use.

Basically, we need to remove the original SPN >
setspn -D ServiceClass/Host:Port AccountName

What I've learnt >
Changing the Service Account on a SQL box? Delete the old SPN...

Friday 14 March 2008

Windows 2008 : Disabling UAC via Group Policy










Start > Run > gpedit.msc



Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options







'User Access Control' policies are at the bottom of the right hand pane.



Changing them requires a reboot to take effect.

=================================================================

Update Jan 09 - UAC Policy settings explained here >

http://www.trainsignaltraining.com/disable-uac-user-account-control-on-vista-and-server-2008/2008-12-18/

Tuesday 11 March 2008

CHECKSUM as a computed column

Last year I showed using CHECKSUM to compare row differences in a table synchronization script.

If the application is your own however, i.e. you are controlling the schema design, you can add the CHECKSUM as a computed column.

USE Adventureworks
go
ALTER TABLE Person.Contact
ADD RSVersion  AS 
(CHECKSUM(ContactID
,NameStyle
,Title
,FirstName
,MiddleName
,LastName
,Suffix
,EmailAddress
,EmailPromotion
,Phone
,PasswordHash
,PasswordSalt) ) PERSISTED NOT NULL

go

NB :
1) You cannot include a computed column in the defintion for a further computed column.
2) You cannot do CHECKSUM(*) in a computed column definition.
3) You CAN however, add indexes to computed columns :)

Links :
Indexes on Computed Columns: Speed Up Queries, Add Business Rules
SQL Server Computed Columns

Monday 10 March 2008

TSQL - WAITFOR- Implement a timed delay


-- Wait until 11pm before proceeding
WAITFOR TIME '23:00'
GO

-- Wait for 30 minutes before proceeding
WAITFOR DELAY '00:30:00'
G