Thursday, 29 November 2012

*Important* Virus Notification

Latest Virus/ Worm Threat

We have been notified by Antivirus Advisory Labs about a latest Virus threat 'W32/Autorun.worm.aaeb-h' which has the ability to infect removable media device and network shares..!

As an action plan, we have mitigated this risk by patching our systems & desktops with the latest antivirus protection and by adding additional controls. However, the viewers of this blog are requested to:
  i)  exercise caution while opening unsolicited emails and unknown files.
 ii)  refrain from using USB drives.
iii) download and use stinger tool for remediation in case of any suspicious virus message creeps up from your system.

From: McAfee [mailto:sns@snssecure.mcafee.com] 
Sent: Wednesday, 28 November, 2012 22:37

To: Rinith KT
Subject: *URGENT* McAfee SNS ALERT: *UPDATE* Reports of W32/autorun.worm.aaeb-h infections

**Update to original message: Stinger tool now available. See Mitigation section below**
McAfee has received multiple reports of customers who are severely affected by variants of W32/autorun.worm.aaeb-h.

Impact

W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.
The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

Mitigation

McAfee has released an Extra.DAT and Stinger to detect and clean this threat.

To download the Extra.DAT and Stinger, see KB76807


For more information on McAfee product coverage and mitigation for this threat, see PD24169 - Threat Advisory: W32/Autorun.worm.aaeb:

Wednesday, 28 November 2012

Real-Time Intranet (SharePoint) Replication: Production Site to Disaster Revovery Site


SharePoint 2010 real-time replication to the Disaster recovery site using third-party tool; DocAve from AvePoint is one among them



We have been using this software for SharePoint replication since last 4+ years. It's a wonderful software designed for MOSS 2007 & SharePoint 2010 environment. Lot of features are embedded to it. We just got replication module licensed as replication from production site to DR Site was our concern. All we have to do is to first restore the destination site using the latest SQL DB site level backups. We used an independent server for the DocAve Enterprise manager. DocAve 6 Client Plug-ins were installed on the below Web Front-End servers of both source and destination site. That's it. The configuration is pretty simple. It does real-time replication instantly in less than a minute.
Real-time SharePoint2010 replication process - Production to DR Site


We had slight issues when we activated real-time replication. However, the issue got stabilized after re-scheduling the replication method to trigger incremental replication after business hours. Accessing database from different process like backup plan and real-time replication plan could have been a conflict.

Check my other postings on:


Scheduled Maintenance Plan for SQL Express DBs

Automate Database backup with SQL Express using scripts and batch schedule

Let us automate database backup in SQL Express with mixed Windows and SQL Authentication running on Windows 2008 Server.   This material was tested with Microsoft SQL Server 2008 R2 Express and SQL server 2005 Express Edn.

SQL Server 2008 Enterprise comes with Maintenance Plan feature.  SQL Express edition lacks this feature.  But you still need a backup.

Backup automation with SQL Express can be carried out by following the steps:
i) Create the script in sql to backup all your databases.
ii) Execute the script by initiating it from a command prompt (SQLCMD command).
iii) Schedule the script using Windows Task Scheduler.

i)
-- script starts here

DECLARE @dbName        VARCHAR(33)    -- database name
DECLARE @path          VARCHAR(99)    -- backup path
DECLARE @fileName      VARCHAR(99)    -- backup file name
DECLARE @fileQuarter   CHAR(1)        -- variable portion of file name

SET @path = '\\192.168.16.193\backup\TestDB\Bkp\' 
-- the above path is a remote location. make sure path is changed according to the environment you may have.

-- Returns a Numeral from 1 to 4
-- Each Quarter you get a new backup file name
SELECT @fileQuarter = CONVERT (char(1),(MONTH(GETDATE())+2)/3, 112)

DECLARE db_cursor CURSOR FOR
SELECT name
FROM master.dbo.sysdatabases
-- Exclude all System Databases, if Needed - 'master','model','msdb'
WHERE name NOT IN ('tempdb') 

OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @dbName  

WHILE @@FETCH_STATUS = 0
BEGIN
       SET @fileName = @path + @dbName + '_' + @fileQuarter + '.BAK'
       -- Use INIT and SKIP to overwrite previous sets
       BACKUP DATABASE @dbName TO DISK = @fileName  WITH INIT, SKIP
       FETCH NEXT FROM db_cursor INTO @dbName
END
CLOSE db_cursor
DEALLOCATE db_cursor

-- script ends here

--save the above script in .sql format (Ex. Bkp.sql)

ii) Create a windows batch file with .bat extension (Ex. bkp.bat) the content of which is as follows:

SQLCMD -E –S TST-APP1\myDB -i "c:\yourlocalfolder\Bkp.sql" -o "c:\yourlocalfolder\Log.txt"

iii) Now create a scheduled task from windows control panel. Make a schedule to run the batch file 'bkp.bat' file on a daily or weekly basis.

It is wise to take the same backup to a tape drive as per the backup plan: daily, weekly and monthly so that you don't leave a question or thought.

Serious security threat at International Airports



Serious security threat at International Airports - Govt. least bothered 

''this is true. I travel 2-3 times in a year to Calicut (my hometown);  and 'am a periodic traveler to other countries. I have noticed the vulnerable gaps and the lapse in many airport procedures'; which the authorities are not even concerned about. Their basic role is to mint money..! Their basic oath to the nation is to: 'live to trouble others' and not 'live to make pride'..! We have to understand the ground facts and needs to look at the big picture; the image of Calicut city as an instance and India as a whole is represented at the entry ports and those who have closer ties with the authorities and with political influences are even exempted. Shame on the fragile policies..! 

Another key note which I would like to put up here is; (which evidently most of you might have noticed) Most of the Customs authorities sit at the check points after consumption of liquors. If the responsible authorities check the airport staff with 'Breathalyzers Screening Devices' to check a person's blood-alcohol content, then we are sure it will be a flash news. 

Another frustration which we normally encounter is that there is no proper system at airports to deliver the baggage to the right individual. Anyone can take any-others baggage if unnoticed. Individuals might take others luggage deliberately or inadvertently as there is no controlled system in the airports. In fact, the airline authorities needs to take certain measures from their end to provide additional luggage security. An additional control could be empowered just by verifying the luggage tag code vs passenger ticket tag code"

In reality, we need to have an action oriented Govt.; who listens to the public. A cell with falcon eye, who monitors the evil factors.

Required Housekeeping on SQL Server after renaming the hostname

SQL Server 2008 – Server Name Change (compiled and written by Rinith)

It might cause serious impact for your business applications running on backend SQL server, if the SQL server hosted server has been renamed without doing a proper housekeeping on the SQL Server itself.

So, in other words, if windows admin changes the server name, the following changes needs to be carried out on a sql server 2005-2008 (tested ok):

 
Changed server name shows 'hrms-app2' so we need to make this effective on the SQL server as well.
1. Open SQL Server Management Studio and click New Query.
2. Type Select @@ServerName to verify that the server name is correct or incorrect. In this example, I changed the Windows 2003 from HRMS-APP1 to HRMS-APP2.
follow the steps:
3. Next, type sp_dropserver 'HRMS-APP1'
syntax:
sp_dropserver <old_name>  (old name is the name you get from the select @@servername)
GO


4. You are now ready to add the correct name by typing sp_addserver 'HRMS-APP2', local

syntax:

sp_addserver <new_name>, local
GO


if you just mention sp_addserver 'newservername' wont show the right result, though the command will executed properly.

Restart sql server and the sql server agent by opening a command prompt and type: net stop mssqlserver and then net start msssqlserver to stop and start the sql server agent, type net stop or start sqlserveragent.

you might see a message with status 'disconnected' when executing sql queries after the above net start commands.
just close the sql management studio and start again, should work

note: A reboot might be required based on various environmental factors like:
even after reconnecting sql server name not displayed properly.. or selecting the statement showed servername as null.
this might have caused coz we executed the command sp_addserver 'HRMS-APP2' instead of sp_addserver 'HRMS-APP2', local


Restart the SQL server services with the above commands (net start...) and then see if the new servername is displayed or not.
check and confirm the server name (Select @@ServerName ) after restarting the server.


Monday, 15 October 2012

Outlook 2010: Display reminders from shared calendars by delegating permission

This might be very useful for the company secretary to get email notification to the inbox when a meeting is requested to his/ her Supervisor. Attendees may accept or reject the meeting, that's not our concern. Concern is - your secretary should receive the notification.
 
So it's pretty simple in Outlook 2010; all what you have to do is to delegate the permission to the person from the source email account by following the below displayed steps:

Click Account Settings – Select Delegate Access

Add the person with whom you have to give delegation to your Calendar or Emails or any other Task

Check delegate receives copies of meeting-related message sent to me. that's it.

 

Thursday, 11 October 2012

Internet Explorer Stopped Working with the latest security patch update

It's quite nuisance in closing down your valuable time?? Yes, indeed when Internet Explorer stops functioning, just follow the steps:
Go to eventvwr.msc and check the application events for application error event id 1000. You might see faulting module names: here in this example I could see ie versus flash player errors.

Faulting module name: Flash32_11_4_402_278.ocx
This might have caused coz of improper upgrade of Flash from previous version to 11.5 beta from Adobe's website.
Try uninstalling Flash and reinstall it again
Use this uninstaller tool to uninstall Flash (uninstaller)
Delete files from the following path:
C:\Windows\SysWOW64\Macromed\Flash
 %appdata%\Adobe\Flash Player
 %appdata%\Macromedia\Flash Player
Most often, IE stability issues are caused by an add-on. Try starting it without any add-ons and see if the problem persists:
Start -> All Programs -> Accessories -> System Tools -> Internet Explorer (No Add-ons)
If that method works, try opening IE using the standard shortcut and troubleshoot your add-ons by navigating to Tools -> Manage Add-ons and disabling them one at a time to narrow down which one is causing the problems.
If the problems still persist when you use Internet Explorer (No Add-ons), try performing an Internet Explorer RESET:
Tools -> Internet Options -> Advanced tab -> Reset Internet Explorer settings and click the Reset button.