Visa Gift Card

I learned something today, and I learned it the hard way…

Don’t EVER use a Visa (or any other) gift card at the gas station pump.

I ran out to the Hess Express up the street, and popped the card into the pump, fulling expecting it would ask me to go in and see the cashier. It did not disappoint.

What I didn’t know is that the pump automatically tries to charge $75 to the card. I happened to have $73, so it didn’t go through. This caused a problem because the bank still had Hess’s request for money in their system, but since there wasn’t enough Hess assumed the transaction was over, and there was no reason to request the money fromt he bank.

The bank now has the entire balance of my gift card in a “pending” status. What’s worse, they won’t cancel it, because for all they know, Hess just hasn’t come to claim their money, and I’ve got a tank full of gas…

What’s worse, they consider this problem my fault for not abiding by the user rules. Call me crazy, but I’d think if you’re going to pedal a product that has rules like this, you should also send along a copy of said rules. Nowhere on any documentation I recieved, does it say this. It DOES say it on the website however… Fat lotta good that does me.

The only thing I can do is wait for the pending transaction to expire. Could be 2 days, could be 5 days, could be 12 days…

Advertisements

Create and hide a local admin

It was recommended by Kaseya that you create a local user on your endpoints and set that as the agent credentials.

This script creates a username, makes it a local administrator, makes sure the password never expires, and sets the account so that it doesn’t show up on the fast user switching screen for those machines that use the welcome screen.

First, create open notepade and create the following VBS:

‘ nopwdexp.vbs
‘ Windows NT/2000/XP/2003 Administration Script

‘ Turns off password expiry for the specified account

‘ Usage: cscript //nologo nopwdexp.vbs /domain:domainname /user:username

‘ Written by Mark Wilson, 10 September 2004

‘ This script is provided as is without warranty of any kind. Mark Wilson
‘ further disclaims all implied warranties including, without limitation, any
‘ implied warranties of merchantability or of fitness for a particular purpose.
‘ The entire risk arising out of the use or performance of the script including
‘ any associated documentation remains with the user of the script.

Option Explicit
On Error Resume Next
‘ Set constants
Const ufDONT_EXPIRE_PASSWD = &H10000
‘ Set variables
Dim colNamedArguments
Dim strDomain, strUser
‘ Read command line named arguments
Set colNamedArguments = WScript.Arguments.Named
‘ Report missing domain argument
If colNamedArguments.Exists(“domain”) Then
strDomain=colNamedArguments.Item(“domain”)
Else
WScript.Echo “Missing argument: /domain:domainname”
Usage
End If
‘ Report missing user argument
If colNamedArguments.Exists(“user”) Then
strUser=colNamedArguments.Item(“user”)
Else
WScript.Echo “Missing argument: /user:username”
Usage
End If
PasswordNeverExpires strDomain, strUser
Sub PasswordNeverExpires(domainname, username)
‘ Sets the do not expire password flag if not already set
Dim objUser, objUserFlags
‘ Read user properties
Set objUser = GetObject(“WinNT://” & domainname & “/” & username & “,user”)
‘ Examine flags set against account
objUserFlags = objUser.Get(“UserFlags”)
‘ If password expiry is allowed, then set password never to expire.
If (objUserFlags And ufDONT_EXPIRE_PASSWD) = 0 Then
‘ Password does expire
‘ WScript.Echo objUserFlags
objUserFlags = objUserFlags Or ufDONT_EXPIRE_PASSWD
‘ WScript.Echo objUserFlags
objUser.Put “UserFlags”, objUserFlags
objUser.SetInfo
WScript.Echo domainname & “” & username & ” password has been set never to expire.”
Else
‘ Password does not expire
‘ WScript.Echo objUserFlags
WScript.Echo domainname & “” & username & ” password was already set never to expire.”
End If
End Sub
Sub Usage()
‘ Reports the correct command line syntax
Wscript.Echo VbCr
WScript.Echo “nopwdexp.vbs”
Wscript.Echo VbCr
WScript.Echo “Usage: cscript //nologo nopwdexp.vbs /domain:domainname /user:username”
Wscript.Quit
End Sub

Make sure the file is named nopwbexp.vbs, and upload it to your kaseya server.

Then import this scritp, making sure to edit the username and password as applicable:

Script Name: Create and hide local admin


Script Description: This script creates and then hides a local administrator account.


This script should be run on every new Managed Services machine, unless you’re using a domain admin credential.

IF True
THEN
Execute Shell Command – (Continue on Fail)
Parameter 1 : net user /add *USERNAME*
Parameter 2 : 1
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : net user *USERNAME* *PASSWORD*
Parameter 2 : 1
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : net localgroup Administrators *USERNAME* /add
Parameter 2 : 1
OS Type : 0
Write File – (Continue on Fail)
Parameter 1 : c:tempnopwdexp.vbs
Parameter 2 : VSASharedFilesnopwdexp.vbs
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : wscript //B c:tempnopwdexp.vbs /domain:%computername% /user:peadmin
Parameter 2 : 1
OS Type : 0
Set Registry Value – (Continue on Fail)
Parameter 1 : HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsuserListpeadmin
Parameter 2 : 0
Parameter 3 : REG_DWORD
OS Type : 0
ELSE

This script runs quickly. After it’s run, set the agent credentials in the Agent tab, and you’re good to go!

Spam Filtering

Over the past decade, email has become a major form of communication, and a crucial tool for businesses the world over. People share thoughts and ideas, plan projects, build relationships, market their products, network with colleagues, stay in touch with loved ones, all at the click of a mouse. But what happens when the emais are dangerous??

According to a Heinz Tschabitscer with About.com in an article posted here, back in 2008 there were around 210 billion emails sent per day. A little quick math here, divide that by the 86,400 seconds in 24 hours, that’s 2.43 million emails sent every second. That’s an awful lot of emails! Most of these emails never actually make it to their destinations of course, as around 70% of that number (in 2008) was spam. Since 2008, the numbers have only increased.

As you may imagine, with an increase in spam, comes an increase in anti-spam. There are several different ways of fighting spam.

Client-Side Software
Client-Side Software refers to a solution on the local machine to address spam issues after the message has been delivered to its destination. This does not prevent the message from reaching the end user, but allows for relatively safe management of spam and messages that may contain malware.

These solutions are generally low-cost, and common in small companies and residential environments, especially where mail is hosted offsite and retrieved via pop3 or imap.

Email Clients
Email clients, such as Microsoft’s Outlook, have some basic spam filtering capabilities built in. You can mark a message, a sender, or an entire domain as a spam source, and then anything that comes in from that source will hence forth be delivered to the email client’s “junk” or “spam” folder.

Pros:

  • The benefit to this is if you’re using an email client anyway, the functionality is built in. There’s nothing to purchase or install separately, and if that client is outlook, updates come in with the Windows Updates.
  • If you already have an email client that has this functionality, there’s no cost associated with updating the rules.

Cons:

  • This feature is not very accurate however and a lot of messages that are actually legitimate correspondence can be flagged as spam. Conversely, many messages that are actual spam can be overlooked, and will be delivered as normal.
  • In this situation, the message will still come into your organization and be delivered to your computer. If it’s identified as spam, the infectious content will usually be blocked from running, but you still have to manage it. You still have to decide if you’re going to leave the message in the folder or delete it. Also, this message required internet bandwidth to come in, only to be discarded or set aside. True, one little message isn’t going to do anything, but if you’re getting a lot of spam, or you’re a member of a large corporation, chances are there’s a lot of spam coming in, and it’s cutting into your internet speed, as well as storage space.

Client-Side Anti-Virus/Anti-Spam
A lot of today’s anti-virus programs come with anti-spam modules built in. These programs will keep a keen eye on your inbox, watching traffic come in and go out searching for messages it thinks may be spam. What it does when it finds something it thinks may be spam is a behavior you can usually set within the software. Typically, it will create a “spam” folder, or use the one that was created by the email client, though it can be set to simply delete the message.

Some Client-side Anti-Virus solutions that include anti-spam functionality include Trend Micro’s Internet Security, and McAfee’s Internet Security.

Some Client-side Anti-Spam solutions include Sunbelt Software’s Ihatespam and Spam Blackout

Pros:

  • This functionality is usually more accurate than the simple email client filtering capabilities, and is updated as often.
  • This does not require installation on a server or any complicated networking changes. This is also typically an inexpensive solution.

Cons:

  • With the exception of better accuracy in spam identification (which is more robust than the email client, still can leave something to be desired) this method shares the cons of the email client. You still have to manage the messages yourself, it’s still delivered to the mailbox, and the message is still a burden on storage space and internet speed.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription.

Server-Side Software
A Server-Side software solution involves installing software on the mail server. The software will integrate with the mail server software, and scan messages as they arrive and/or leave. This method is most commonly used by small to medium companies who host their own mail, although some outsourced mail companies, like
Mi8 may use it as well.

Server-Side software includes Anti-virus solutions, like Trend Micro’s Office Scan, and Anti-spam solutions like GFI Mail Essentials.

Pros:

  • These solutions prevent the message from being delivered to the end-user’s mailbox, lightening the load on that user’s mail storage.
  • This provides a single point of management for delivery rules and spam identification. The administrator need only create one rule which then applies to all recipients. In most cases, users can be permitted to view the messages they would have received to determine if they were falsely identified as spam.
  • The software can also be set up so that the messages are only reviewable by the administrator.

Cons:

  • Even though this method lightens the load on the mailbox storage for the end users, the message is still delivered to the site, cutting into internet bandwidth. Also, depending on the quarantine rules on the software it can still require disk space for storage.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription.

Hardware Spam Firewall
Basically a computer dedicated to scanning your mail as it comes through your firewall, an anti-spam device is a common solution for a medium sized business. There are many brands, some of the most popular include
Barracuda, Cymphonix, and Spamwall.

These devices are akin to your common network router, but they have a more sophisticated operating system. This device sits just inside your network, and your router sends all mail packets to it for scanning. The device finds the messages it thinks is spam, sets them aside, and then passes the good ones along to the mail server.

Pros:

  • These devices, if configured correctly can be highly effect and accurate.
  • This provides one central location for your IT team to manage spam. You’re able to set one rule that will apply to all.

Cons:

  • These solution can be relatively expensive, requiring new hardware and installation.
  • These devices require physical installation, and unless the person doing the install is familiar with the infrastructure and understands networking principals, this can be a daunting task.
  • These solutions require regular updating, and there could be a cost associated usually in the form of a yearly subscription. Beyond updating spam definitions, these devices will sometimes require operating system updates and service packs. This is not always available automatically, so an administrator will be required to update the operating system.
  • Even though this method lightens the load on the mailbox storage for the end users, the message is still delivered to the site, cutting into internet bandwidth. Also, depending on the quarantine rules on the software it can still require disk space for storage.
  • If the software is set so that only the administrator can review the quarantined messages, it adds another task to someone’s plate.

Third-Party
In a third-party solution, your mail messages are checked before they ever hit your mail server. This third-party receives your mail before you do. This is achieved by making a change to your public MX record. Instead of having mail.yourdomain.com resolve to your public IP address, it will be changed to resolve to a location that will be given to you by the third-party. Your mail is routed to the third-party’s servers where it’s scanned for spam content, viruses and malware, and it is then delivered to your mail server.

Similarly, your mail server can also be set up to send all your company’s mail through this third-party, and then your firewall can be locked down to allow outbound email only from the mail server. This can prevent machines on your network that may be infected with malware from sending out spam. This can help make sure that your IP address is not blacklisted.

Some third-party spam solutions include MxLogic and Postini.

Pros:

  • This solution does not require any changes to hardware or software on your end. There are no devices to install, no software to install, and spam gets stopped before it reaches your internet connection. Your bandwidth is not impacted. Your storage space is not impacted.
  • Users can log into the third-party’s system and manage rules and alerts for themselves.
  • The messages are stopped before they’re delivered to your site, freeing up bandwidth.
  • The messages are stored on the third-party’s end, so there’s no impact on your storage.
  • Management of rules and quarantined messages are available to both the end user for their own messages as well as an administrator for global administration.

Cons:

  • These services are generally more expensive than the other options, usually requiring a monthly subscription.
  • Configuration includes editing of public DNS settings, which is not something that is recommended unless the person making the changes if familiar with such things. A misconfiguration can lead to downtime.
  • Configuration of the mail server is required for outgoing messages to be routed through the third party, which is not something that is recommended unless the person making the changes if familiar with such things. A misconfiguration can lead to downtime.
  • This setup adds one more point of failure to the message’s journey. If the third party needs to update systems, or has an outage of some sort, this can cause mail to be delayed. Make sure you ask the third party what their policy on downtime is, and how often it’s likely to occur.

Email having become such a widely used medium for us in business and our personal lives, all of the solutions listed have value of some sort. If you’re unsure what solution is right for you, consult with your administrator or a knowledgeable source.

Emails not arriving

Twice this week I’ve had clients complain that emails from outside their exchange organization stopped coming into their inbox. I went through a lot of troubleshooting only to find that the answer was far simpler than any kind of DNS misconfiguration or silly Exchange issue… Outlook’s Junk mail rules. Both of these clients were set up like this:


The issue here is of course, two things. First, it’s set to simply delete anything that is suspected of being spam. The second is that it’s set to identify anything that was NOT put on the safe sender list as spam. Emails from senders they’d never set as a safe sender would be simply deleted before they ever saw them. Neither of these clients were likely to have made this setting change themselves, so I don’t know what may have done it other than a Microsoft Patch, but I haven’t looked into it.