Don’t Forget to Check your DNS Root Server IPs

If you are using Root Hints in your organisation for DNS lookups, you should probably check your root server IPs to ensure they are up to date… especially if your DNS servers/DCs are quite old.

The root server FQDNs and IPs are baked in to the DNS manager in Windows and although they don’t change very often (for obvious reasons) it is worth checking that the IPs are up to date; when I checked on my servers there was one entry that needed updating… not likely to cause big problems but definitely worth checking.

Continue reading

Tagged , , | Leave a comment

DFS and Offline Files – A Match Made In Hell

If you are using DFS and Offline Files in your organisation then you have probably run in to the problem (or if you are reading this then perhaps you are still experiencing it!) whereby your users will ‘randomly’ disconnect and lose access to all DFS shares for no apparent reason.

If you are using offline files then this is most likely the cause of the DFS file shares going offline. You can test this theory by doing the following:

  • Open up explorer and navigate to \\domain.com\dfsroot (default is \\domain.com\share)
  • Turn on ‘work offline’ mode – in Windows 8 the option is in the Home tab –> Each access –> work offline
  • All your shares will disappear

The reason for this is that the “Offline Files feature does not distinguish DFS paths from UNC paths. This can cause the Vista / Windows 7 client to interpret the entire namespace as unavailable if a target is down when a Vista / Windows 7 client attempts to access it”

This will cause you to get errors such as:

Windows cannot access \\domain.com\share\share1

OR

Drive:\ is unavailable. If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again. If the location is on a network, make sure you’re connected to the network or Internet, and then try again. If the location still can’t be found, it might have been moved or deleted

The solution to this problem is to use the FQDN/NetBIOS name for your DFS shares.

For example, if your offline files drive is: \\domain.com\share\home

Simply make all your other shares: \\domain\share\share1

The reason this fixes it is because Windows sees \\domain and \\domain.com as two different paths completely so when your offline files share goes in to offline mode, the other shares still continue to work in online mode. Annoying but at least it’s an easy fix and as far as I can tell, there are no issues with using the NetBIOS name.

Tagged , | Leave a comment

OnePlus One Invite Giveaway

I have some OnePlus One invites to give away – I purchased two of these phones for family and they are absolutely brilliant; awesome specs for an awesome phone at a crazy cheap price.

Take a look at the OnePlus One if you haven’t heard of them – they’re a new brand and they’ve supposedly had a marketing budget of only $300. The rest is by word of mouth and the hype caused by the ‘exclusivity’ of the invite only system… and trust me, it’s worked pretty well for them so far.

Leave a comment below – first come first serve!

Also remember that the invites are only valid (as far as I am aware) for 24 hours so make sure you’ll actually use it before leaving a comment.

Please accept my apologies if you leave a comment but don’t get an invite as I only have a limited supply!

UPDATE: All invites sent! If any invites are still unclaimed by the last day I will re-send them to others.

UPDATE 2: Two invites were not claimed in the 24 hour limit so still have two to give away :)

UPDATE 3: All gone!

Tagged , | 17 Comments

Where Are Those Group Policies?

Not so long ago I was looking at implementing BitLocker in our organisation to replace a Symantec product that was causing us lots of issues – and simply wasn’t worth the price we were paying for it (turned out to be another acquisition by Symantec that was pretty much abandoned as soon as they bought it).

I was reading articles on what BitLocker GPO settings I could apply to our machines, however every time I looked for the settings I could not find any on our domain controllers.

Continue reading

Tagged , , | Leave a comment

Cisco IronPort E-mail Security Appliance Best Practices : Part 2

This article is a continuation from part 1 of the IronPort ‘best practices’ series.

Here I will discuss:

  • Implementing DNS blacklists
  • DLP
  • Bounce profiles
  • LDAP queries

Continue reading

Tagged , , | 5 Comments