pc manager meeting january 25, 2006. today updates –next meeting –meeting maker upgrade...
TRANSCRIPT
![Page 1: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/1.jpg)
PC Manager Meeting
January 25, 2006
![Page 2: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/2.jpg)
Today
• Updates– Next Meeting– Meeting Maker Upgrade– Windows Policy– Training– Licensing– Security– Tool Of The Month
• This Month:– Event Sentry: CSI Server Logging
• Ken Fidler
![Page 3: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/3.jpg)
Next Meeting
• Feb. 22nd – Topic TBD!
![Page 4: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/4.jpg)
Meeting Maker Upgrade
• Upgraded server from 8.5.1 to 8.5.3 (performance improvements)
• Some clients at 8.5.1 experiencing problems
• New Clients available– SMS package available– New code on websitehttp://www-css.fnal.gov/csi/meetingmaker/
Documentation.htm
![Page 5: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/5.jpg)
Windows Policy Committee
• Next Meeting: Feb 1st, 1:30-2:30pm, WH5SW
– Agenda:• Outstanding Account Requests• Server and Desktop Baseline
Review
![Page 6: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/6.jpg)
Training and Development
• Nicole Gee:– Learning Tree Discounts– NIU BIS – Python programming classes
scheduled for Feb. and April– Is there interest for EPICS,Perl,
Java, and Javascript training?
![Page 7: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/7.jpg)
License Updates
• Request from Microsoft to Patch:– Background: It was recently decided in a court of law
that certain portions of code found in Microsoft Office Professional Edition 2003, Microsoft Office Access 2003, Microsoft Office XP Professional and Microsoft Access 2002 infringe a third-party patent. As a result, Microsoft must make available a revised version of these products with the allegedly infringing code replaced.
– Action required: As a result of the above ruling, you are required to:
• Install Microsoft Office 2003 Service Pack 2 (Office 2003 SP2) for all your future deployments of Office Professional Edition 2003 and Office Access 2003
• Install the Microsoft Office XP Service Pack 3 Patch (Office XP SP3 Patch) for all your future deployments of Office XP Professional and Access 2002
• No required date given. CSS will provide an SMS package!
![Page 8: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/8.jpg)
Security Updates
• Jan 2006, Fermi Windows Base Install CD Highlights– Sav 10.0.2 and Sav 10.0.2.2001 patch– Latest Microsoft patches– JoinDomain script– SMS Agent auto installed by GPO imediately after
PC joins domain– ISO Image in \\pseekits\iso$\FermiWin
• Free CDs!
• The future ... SMS "Package Bundles" to complete the setup process– Minimal_Desktop_Bundle (Add AcroReader, .NET,
MediaPlayer, MtgMkr ....etc)– General_Desktop_Bundle (Minimal_Desktop +
Office Pro + ... etc)
![Page 9: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/9.jpg)
Cool Tool of The Month
• Shortcutsman http://www.nirsoft.net/utils/shman.html– Displays details of shortcuts on
desktop and start menu– Highlights broken shortcuts– Ability to delete/resolve– Save shortcut info to HTML/Text/XML
file– Small executable– Need admin rights for
delete/resolve/reporting
![Page 10: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/10.jpg)
Cool Tool of The Month (cont)
![Page 11: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/11.jpg)
Main Topic
• Event Sentry: CSI Server Logging– Ken Fidler
![Page 12: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/12.jpg)
EventSentry - What is it?
• Near real-time monitoring of Windows event logs– Servers/Kiosks/remote systems
• System Health Monitor– Disk Space– Processes– Services
• Syslog Client/Server for Windows• Temperature and Humidity
Monitor
![Page 13: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/13.jpg)
EventSentry – Why Use it?
• Timely analysis of event data• Alert admins before there is a
serious problem• Archive event data for future
analysis• Detect intrusions
![Page 14: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/14.jpg)
EventSentry – Special Features
– Export/Import filter sets to additional systems
– Multiple Notification avenues• E-mail• Program• Syslog service• Write to a file or a database
– Monitor when you DO NOT receive key event log messages
– No reboot after install or upgrades– Low cost
![Page 15: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/15.jpg)
EventSentry – Usage in CSI
– Monitor server events– Warn team of disk RAID or
hardware failures– Used on test domain controllers
• Monitor Active Directory
– Central windows syslog server– On Central AV server to
enhance alerts and logging info from Symantec software
![Page 16: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/16.jpg)
EventSentry – Main Screen
![Page 17: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/17.jpg)
EventSentry - DEMO
![Page 18: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/18.jpg)
EventSentry – Define Notification
![Page 19: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/19.jpg)
EventSentry - Variables
Runtime variables (just a subset)$HOSTNAME
local computer name
$COUNT the number of event log records in the email
$EVENTTYPE
the event type of the first event
$FILTER the name of the filter which captured the event
![Page 20: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/20.jpg)
EventSentry – User Variables
![Page 21: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/21.jpg)
EventSentry – Define Filters
![Page 22: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/22.jpg)
EventSentry – Email Output
![Page 23: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/23.jpg)
EventSentry – Save to a file
![Page 24: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/24.jpg)
EventSentry – Default Notification
![Page 25: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/25.jpg)
EventSentry – Default Filter
![Page 26: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/26.jpg)
EventSentry – Client Syslog
![Page 27: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/27.jpg)
EventSentry – Client Syslog
![Page 28: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/28.jpg)
EventSentry – Syslog Server
![Page 29: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/29.jpg)
EventSentry – Syslog Server
![Page 30: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/30.jpg)
EventSentry – Syslog Server
![Page 31: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/31.jpg)
EventSentry - Syslog
• Server code is only UDP based.
• Server will accept most Unix systems too
• Client – verification to UDP based servers does not return any errors
![Page 32: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/32.jpg)
EventSentry – Call a Program
![Page 33: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/33.jpg)
EventSentry – Call a Program
![Page 34: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/34.jpg)
EventSentry – Monitor Services
![Page 35: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/35.jpg)
EventSentry – Monitor Disk Space
![Page 36: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/36.jpg)
EventSentry – Monitor Temp
![Page 37: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/37.jpg)
EventSentry – Monitor Temp
• Requires special hardware from Netikus– Temp sensory - $80– Temp and Humidity - $140
![Page 38: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/38.jpg)
EventSentry – CSI Futures
• Interface to Remedy and NGOP• Central Controls
– Setup Server Groups– Alerts to Application support groups– Use Active Directory
• Web Interface• Syslog to a database• Tools to extract data from syslog
files
![Page 39: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/39.jpg)
EventSentry
• Miscellaneous Comments/Observations– Central control – Plan a strategy– Low overhead – Lean C++ code– Heartbeat monitor - NGOP– Monitor disk activity – Trend
changes– Small company – Very good
support
![Page 40: PC Manager Meeting January 25, 2006. Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month](https://reader036.vdocuments.us/reader036/viewer/2022062716/56649dc45503460f94ab6da8/html5/thumbnails/40.jpg)
EventSentry
• Initial Cost ~$45/machine• FREE Trial version available• Maintenance: ~18%
• More info?– www.netikus.com
• FREE Tools on their site
– Windows Security Log Reference Sheet• www.ultimatewindowssecurity.com