Group Policy Object – Remote Desktop Protocol (RDP) Configuration

You may use the following Group Policy Object (GPO) settings to configure the Remote Desktop Protocol (RDP) settings in a Windows Server 2003 R2 Active Directory (AD) domain.

To configure the Remote Desktop Protocol settings open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Remote Desktop Protocol. Right click the newly created GPO and select Edit…from the context menu. Once the GPO opens navigate to the following setting.

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Enable the setting to “Allow users to connect remotely using Remote Desktop Services“.

Additionally, you may add users or groups to the BUILTIN\Remote Desktop Users group. This will allow all of the users in that group to utilize Remote Desktop Services. To do so, navigate to the following setting.

Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups

Right click Restricted Groups and select the option to Add Group…. In the Add Group dialog box click click Browse …. Type Remote Desktop Users in the dialog box and then click Check Names and OK. Again, you will click OK in the Add Group dialog box. Please keep in mind that this GPO is utilizing the Builtin\Remote Desktop Users group for simplicity.

In the Remote Desktop Users Properties dialog box you may add groups that you have created or make the Remote Desktop Users group a member of another group. Choose the option that works best for your environment. I recommend creating a group or group(s) and nesting them in the Remote Desktop Users group to simply the administration of your Active Directory environment.

Enjoy!


Linux CentOS – -bash: updatedb: command not found

I recently installed Linux CentOS using the minimal install ISO. I attempted to use the updatedb command but I received the following error:

#updatedb
-bash: updatedb: command not found

The solution for this was to install mlocate.

# yum install mlocate -y

Installed:

mlocate.i686 0:0.22.2-3.el6

Complete!

Enjoy!


Linux CentOS – Configuring DNS Servers

You may use the following method to configure the Domain Name System (DNS) servers that Linux CentOS (http://www.centos.org/) will use. In this particular example the server will be configured to use the well known Google public DNS servers that utilize the following Internet Protocol (IP) addresses: 8.8.8. & 8.8.4.4.

Begin by logging into the server and elevating to the root user. You may verify the current user by issuing the whoami command.

# whoami root

Next, navigate to the /etc directory.

# cd /etc

# pwd /etc

Now, you may use the editor of your choice to edit the resolv.conf file. In this example I will be using the nano text editor.

# nano -w resolv.conf

Once the file opens use the following syntax to specify the name servers: nameserver IP Address (see the edited file below).

nameserver 8.8.8.8

nameserver 8.8.4.4

Close the editor by using ctrl+x and saving the file.

The file step is to test the configuration. This can be done by using the nslookup command to resolve a fully qualified domain name to an IP address.

# nslookup cnn.com Server: 8.8.8.8

Address: 8.8.8.8#53

 

Non-authoritative answer:

Name: cnn.com

Address: 157.166.226.25

Name: cnn.com

Address: 157.166.226.26

Name: cnn.com

Address: 157.166.255.18

Name: cnn.com

Address: 157.166.255.19

The fact that cnn.com is resolving to multiple IP addresses is most likely due to the fact that they are utilizing load balancing. Additionally, this completes the configuration.

Enjoy!


Group Policy Object – Folder Redirection

You may use the following Group Policy Object (GPO) settings to configure folder redirection in a Windows Server 2008 R2 environment. Folder redirection gives a systems administration the ability to redirect the path of a folder to a location that he or she specifies. In this example the desktop folder will be redirected to a distributed file system (DFS) path of \\FS1.DOMAIN.NET\SHARES\HOMES.

The benefits of folder redirection include but are not limited to the following:

1. It limits your users from being tied to a single computer in your enviornment since their folders are not stored on the local computer.

2. It allows a systems administrator to redirect the folders to a storage technology such as a Storage Area Network (SAN).

3. The central location of the redirected folders allows for more managable backups.

To redirect a user’s desktop folder open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Folder Redirection. Right click the newly created GPO and select Edit… from the context menu. Once the GPO opens navigate to the following setting.

User Configuration > Policies > Windows Settings > Folder Redirection > Desktop

Right click the Desktop folder and select properties from the context menu to bring up the Desktop Properties dialog box. On the Target tab select Basic – Redirect everyone’s folder to the same location in the Setting: pull down menu. Under Target folder location specify the Create a folder for each user under the root path. The Root Path: will be \\FS1.DOMAIN.NET\SHARES\HOMES. On the Settings tab select the checkbox for the Grant the user exclusive rights to the Desktop and Move the contents of the Desktop to the new location settings.

Lastly, test the configuration by having the user(s) login to their desktop, open the Windows command prompt and type the following command gpupdate /force /logoff. Once the user logs back in create a folder on the desktop and specify that the folder is being redirected to \\FS1.DOMAIN.NET\SHARES\HOMES\user\folder name.

Enjoy!


Microsoft Deployment Toolkit 2010

The Information Technology department I am a member of is currently completing a domain migration project. One portion of my responsibility for this project was to create a Windows 7 Enterprise x64 image that included a number of applications such as Microsoft Office 2010 Plus, Adobe Acrobat X Pro and numerous others.

The solution used for making the images was Microsoft Deployment Toolkit (MDT) 2010. The deployment workbench is easily added as a Microsoft Management Console (MMC) snap-in to an administrative workstation. Using MDT you may create task sequences and roles to customize your Windows 7 deployment to meet your organizations needs. Additionally, you may deploy your image(s) by specifying a particular computer(s), make and model or subnetwork. For instance, if you have a specific group of users on a particular subnetwork you may create an image for that group of users and deploy it very specifically to all computers on that subnetwork using the default gateway. This is just one of the many ways that you may customize your deploying using MDT.

In all, I highly recommend this platform for any Windows XP/7 large scale deployment needs that you may have.

For more information on MDT 2010 and the release of MDT 2012 please use the link below.

http://technet.microsoft.com/en-us/solutionaccelerators/dd407791

Enjoy!


Linux CentOS – Routing Table Configuration

You may use the following method to add a static route to the routing table of a Linux server using the command line. The server in this example is running CentOS 5.5 64 bit.

I have decided to create a static route to Google.com but before doing so I need to find the Internet Protocol (IP) address of Google.com using the “host” command.

# host google.com
google.com has address 74.125.91.104
google.com has address 74.125.91.105
google.com has address 74.125.91.106
google.com has address 74.125.91.147
google.com has address 74.125.91.99
google.com has address 74.125.91.103
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.

I will use the IP address 74.125.91.104 for this example.

First, we will view the current routing table of the Linux server using the “netstat -r” command.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Second, we will ping the IP address 74.125.91.104 to verify the network connection between these two devices is successful.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
64 bytes from 74.125.91.104: icmp_seq=1 ttl=48 time=29.6 ms
64 bytes from 74.125.91.104: icmp_seq=2 ttl=48 time=29.6 ms
64 bytes from 74.125.91.104: icmp_seq=3 ttl=48 time=29.2 ms
64 bytes from 74.125.91.104: icmp_seq=4 ttl=48 time=29.2 ms

— 74.125.91.104 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 29.257/29.451/29.668/0.256 ms

Third, I will purposely create a static route to route the IP address 74.125.91.104/24 to interface “eth 1″ which is a private interface and then change the static route to utilize the public interface “eth 0″.

# route add -net 74.125.91.0 netmask 255.255.255.0 dev eth1

Fourth, we will view the routing table to verify it has added the static route that was just configured.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
74.125.91.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Fifth, we will now ping the IP address 74.125.91.104 and it should not work due to the fact that eth 1 is a private interface and does not route to the internet.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
From 10.0.24.1 icmp_seq=2 Destination Host Unreachable
From 10.0.24.1 icmp_seq=3 Destination Host Unreachable
From 10.0.24.1 icmp_seq=4 Destination Host Unreachable

— 74.125.91.104 ping statistics —
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
, pipe 3

Sixth, we will now delete the static route and create a new one that will forward the traffic to network 74.125.91.0/24 out of eth 0 then view the routing table.

# route del -net 74.125.91.0 netmask 255.255.255.0 dev eth1
# route add -net 74.125.91.0 netmask 255.255.255.0 dev eth0
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
74.125.91.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Lastly, we will ping the IP address 74.125.91.104 to verify the static route configuration is functioning correctly.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
64 bytes from 74.125.91.104: icmp_seq=1 ttl=48 time=32.1 ms
64 bytes from 74.125.91.104: icmp_seq=2 ttl=48 time=28.7 ms
64 bytes from 74.125.91.104: icmp_seq=3 ttl=48 time=29.2 ms
64 bytes from 74.125.91.104: icmp_seq=4 ttl=48 time=29.3 ms

— 74.125.91.104 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 28.780/29.884/32.131/1.321 ms

Enjoy!


Networking – Subnetting Practice

If you ever need to practice your subnetting you may use the following website http://www.subnetting.org/. The website contains numerous subnetting questions that will allow you to test yourself periodically. If you don’t find yourself subnetting every day you may use that website for about fifteen minutes each day to be certain that you don’t forget how to subnet in your head.

Enjoy!


Cisco – Building a Host Table on a Router or Switch

In this example there is a router with a hostname of “router-2″ that has a serial interface configured with the Internet Protocol (IP) address of 172.16.4.2. Without an entry in the host table of the router or a Domain Name System (DNS) server I cannot use the hostname of the router in order to ping or telnet to the device.

router-1#ping router-2
Translating “router-2″
% Unrecognized host or address, or protocol not running.

router-1#telnet router-2
Translating “router-2″
% Unknown command or computer name, or unable to find computer address

To create a host table entry that provides name resolution for “router-2″ that points to IP address 172.16.4.2 I use the following commands.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip host router-2 23 172.16.4.2
router-1(config)#^Z

The above command “ip host” is provided the name of the device (router-2), default telnet port (23) and the IP address of the router. I may then check this entry using the “show hosts” command.

router-1#show hosts
Default domain is not set
Name/address lookup uses static mappings

Host Flags Age Type Address(es)
router-2 (perm, OK) 0 IP 172.16.4.2

Additionally, I may test the entry by pinging and telnetting to the router using the hostname provided in the host table.

router-1#ping router-2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#telnet router-2
Trying router-2 (172.16.4.2)… Open
User Access Verification

Password:

Enjoy!


Cisco – Configuring Static Routes

You may use the following method to add a static route to the routing table of a Cisco router.

Before configuring the static route(s) you may run the following commands in order to get a better idea of the network(s) configured on the existing router.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets
C 172.16.4.0 is directly connected, Serial0
C 172.16.3.0 is directly connected, Ethernet0

router-1#show cdp entry * protocol
Protocol information for router-2 :
IP address: 172.16.4.2

The “show ip route” command provides us with the directly connected routes/networks. Additionally, the “show cdp entry * protocol” command provides the Internet Protocol (IP) address of a directly connected router (172.16.4.2) which we will use to complete the static routing entry. Before creating the static routing entry use the “ping” command to be certain you can reach the next hop router.

router-1#ping 172.16.4.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Now, we may begin creating the static routing entry.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip route 172.16.5.0 255.255.255.0 172.16.4.2 permanent
router-1(config)#^Z

The “ip route” tells the router it is a static entry, 172.16.5.0 is the network to be reached, 255.255.255.0 is the subnet mask of the 172.16.5.0 network, the IP address of 172.16.4.2 is the address of the router that will accept and forward the packet (router-2) and the “permanent” tells the router to keep the entry in the routing table even if the network can’t be reached (such as the interface of the 172.16.5.0/24 network being down).

Next, you may use the “show ip route” command to verify the route in the routing table.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 3 subnets
C 172.16.4.0 is directly connected, Serial0
S 172.16.5.0 [1/0] via 172.16.4.2
C 172.16.3.0 is directly connected, Ethernet0

As you can see from the output above the 172.16.5.0/24 is in the routing table. Now, you may ping the gateway of the network, in this example it is 172.16.5.1, to verify network connectivity.

router-1#ping 172.16.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Enjoy!


Cisco – Troubleshooting Static Routes

The following example is utilizing two Cisco 2500 series routers with two serial interfaces and two ethernet interfaces. I created a lab Wide Area Network (WAN) in order to configure static routes on Cisco routers. My goal was to create a static route from the ethernet interface (172.16.3.1) on router-1 to reach the ethernet interface (172.16.5.1) on router-2. After creating the static route on the router-1 ethernet interface (172.16.3.0/24) to reach the 172.16.5.0/24 network on the ethernet interface of router-2 I was still unable to ping the 172.16.5.0/24 network from the 172.16.3.0/24 network. I then began troubleshooting.

My first thought was that the network cable could be the cause due to the fact that I had not used it prior. After switching the network cable in question with a known good cable and receiving the same results I was able to rule out the network cable as the cause of the issue.

My next suspicion was that the ethernet interface on router-2 was possibly dead. I knew this was not the case after viewing the results of the “show ip interface brief” command and seeing the interface was up/up.

router-2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 172.16.5.1 YES NVRAM up up
Serial0 172.16.4.2 YES NVRAM up up
Serial1 unassigned YES unset administratively down down

My next step in troubleshooting was to view the static route entry I previously created from the 172.16.3.0/24 network to the 172.16.5.0/24 network using the “show running-config” command. I did not use the “show ip route” command because the static route entry would not have shown itself in the routing table due to the fact that the two networks were not communicating (only networks that communicate show up in the routing table). Upon inspecting the static routing entry I realized I made a mistake in the command syntax and created a new static route entry from the 172.16.3.0/24 network on router-1 to the 172.16.5.0/24 network on router-2. Please keep in mind that the two prior networks are configured on the ethernet interfaces of the router and are separated by the WAN (172.16.4.0/24) on the serial0 interfaces of the routers. The new static entry looks like this.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip route 172.16.5.0 255.255.255.0 172.16.4.2 permanent
router-1(config)#^Z

I then verified the route in the routing table.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 3 subnets
C 172.16.4.0 is directly connected, Serial0
S 172.16.5.0 [1/0] via 172.16.4.2
C 172.16.3.0 is directly connected, Ethernet0

I tested the entry using the “ping” command from router-1.

router-1#ping 172.16.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#ping 172.16.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

The Internet Protocol (IP) address of 172.16.5.1 is the default gateway of the 172.16.5.0/24 network and the IP address of 172.16.5.2 is the host on the network. As you can see from the output above this static route entry was entered correctly and is functioning properly.

Enjoy!