The ultimate solution for company data loss…

Posted on November 10th, 2008 by Erin

Or your money back!

Sounds like a pitch for snake oil medicines. :D

Tonight I opened my company mail and I found a curious memo about a new guideline about backing up data on company owned machines. The first though that entered my mind was “WTF, another roadblock for doing backups?”

Reading the memo, it made some sense if you apply some common sense. And then I tried reading it from a “Security Expert slash Manager extraordinaire” perspective who follows everything by the book and then my world shrunk by a magnitude of ten. The phrasing combined with current practices is enough to give me the shivers if I think about embarking in a simple task of performing backups.

In line with the company’s commitment to protecting client data, effective immediately we are implementing the following process for backing up data on company-owned machines (desktops or laptops):

You may not back up any sensitive data residing on a company-owned computer (Laptop or Desktop) without permission of the IT Support team and obtaining a signed form. Only encrypted back ups are allowed, including copying files to flash media or CD.

Not bad eh? Not until you read that you need a very high approver before you can even think of performing a backup. If you need an analogy then think of the company as ruled by a god and you need the approval of the high priests. That approval is now on top of soaking one’s self in gasoline, rolling in live coals, and dancing a cha-cha number on top of broken blades and glasses.

To top it all, the last sentence was like adding insult to injury:

Further details will be released this week, as the IT Support team mobilizes to handle this task.

Yeah, I am brimming with confidence that the over-worked and ticket-closing trigger happy support team is able to take on this new task while spreading cheer and world peace. I am saying goodbye to backups then. I think it is easier to just slaughter some chicken and offer it to my anito to protect the company data that I am working on from sudden glitches and electronic crashes.

ciao!

Tags: Rubbish, Work // Add Comment »

Access denied for local Windows Admin User

Posted on November 8th, 2008 by Erin

My Windows XP installation is acting up again. For some reason I cannot pinpoint directories will change permission and it locks me out with an “Access Denied” permission. The problem is that I am logged in as a local administrator (hey, its Windows so its the only way to really work while in it :P ) and following the maxim “Computer Security stops with full physical access” then everything should be available to me. First reaction would be to check and modify the file security properties but since I don’t have “access” then the Security tab will not show in the properties window of the file.

Normally I would note the directory down somewhere in the desk, wait finishing my current work, and then reboot to Linux and access the files. Linux allows me to bypass the NTFS access control list so I can take out the files and move/copy them to a new location before deleting the old location. I run a chkdsk next time I boot into Windows to reset the index and have a semblance of sanity in the drive.

Today this can’t be my route as it locked a directory containing some files that I need for the current document I am working on. Rebooting to Linux to bail out Windows is not an option so I searched a way on how to circumvent this, and now I have two (well technically one with a backup).

CACLS

CACLS is the built-in command line utility for modifying file access control lists in Windows. Invoking the help file (cacls /?)presents a pretty concise and helpful help message. To give my user account full access to the misbehaving directory and all the files inside, the command is

cacls [path to directory to be change] /T /G Erin:F

where /T specifies that all contents of the directory will be modified and the last switch tells the utility to give user name Erin full access.

If the cacls command still fails for your admin user, then try using the SYSTEM user as that generally have more privileges than the administrator users. You basically need to execute the same CACLS command under that privilege but the “runas” command will not work as you will need the SYSTEM password. You will have to trick the machine into opening the doors for you [insert devil grin here]. Not really, I was talking about the Scheduler trick that is only accessible to Administrators and some special user groups.

AT HH:MM /INTERACTIVE cmd.exe

HH and MM is to be replaced with the time + one or two minutes from the current system time (use 24H format for the hours). This will trigger the task scheduler to open a command prompt at the set time which uses the SYSTEM account. You can try the cacls modification from the resulting prompt.

And if all else fails, there is always Linux. :D

ciao!

Tags: Non-FLOSS // Add Comment »

Feeling stupid

Posted on October 23rd, 2008 by Erin

A common computer prank is to take a screenshot of an unattended Windows desktop, configure the desktop to hide all shortcuts and the taskbar (for more kicks, move it in the left or right side) and then set the screenshot as the wallpaper. The pranksters then wait on the wing for the unsuspecting user to keep on clicking the applications in the screenshot and scratch their head why nothing is happening.

There is another behavior that makes this prank effective: tunnel vision. If using a big screen then people would have a tendency to zoom in on the middle portion and not pay much attention on the edges unless really needed. This and my work on “environment support” ensures that I make an ass of myself once a week. I normally take desktop screenshots when working with different applications. I usually position the different application windows in such a way that all the information are in a little portion of the screen. I then past the screenshot in mspaint, select the portion I need and send it to the other support team.

And then I move on to the next task and sometimes I forget closing the mspaint. Sometimes the mspaint window ends up getting the focus and then I start clicking on the the app window buttons or menus and wonder why nothing is happening. It is only after a few seconds that I notice the palette on the left side, or the title bar at the top. That is the time I press alt+f4 with a vengeance for using part of my 5-minutes of daily foolishness at that moment. :)

Just letting out some steam and sharing as this is the second time that it happened to me this week.

ciao!

Tags: Garbage, Humor // Add Comment »

Daredevil motorcycle drivers

Posted on October 16th, 2008 by Erin

I hate driving and find it as a chore that needs to be done. What makes me hate it even more is the amount of reckless and daredevil motorcycle drivers that are on the road today. These motorcycles give their riders enough mobility to wheeze in and out of traffic but it does not give them to right to start cutting off four-wheeled vehicles just because they think they can squeeze through. They are the ones who should be doing more of the defensive driving but they are the ones who are always on the offensive. I had my engine stalled twice because the traffic in C5 while going uphill on the bridge was already worse and a batch of these damn cycle drivers keep on squeezing through between my bumper and the edge of the bus on the lane on my left. To make matters worse, my right is also infested with motorcycles and bikers who think giving enough space across the vehicle is a sign of weakness. I have a word invented for these drivers: BORATE which is a hybrid from words meaning dick-heads and worms.

Taking lives is never a good thing but I wouldn’t really mind if some of these daredevils gets some jumpstart in getting to hell faster than the rest of us.

grrrrrr!

ciao!

Tags: Garbage // Add Comment »

Running RTC as a Windows service

Posted on September 26th, 2008 by Erin

I need to run the Rational Team Concert Jazz Build Engine as a Windows service as we need it to run non-stop as part of the continuous integration service. The catches though are

  • it (theoretically) wouldn’t stop as it keeps on waiting for build requests from the RTC server. This makes it as an unlikely candidate for scheduled tasks unless I will cookup a script for terminating it before the actual run. Messy if I still have to check if there is a build in progress.
  • the machine hosting it is not a dedicated machine so a couple of admins usually login to do some stuff which kills any running processes executed by the currently logged-in user.

Windows provides the sc.exe utility for creating and removing Windows services but it only accepts executables and not scripts. I have to set some environment properties and parameters so this is out of the running. The Java Service Wrapper is a good alternative but I misread the instructions so ended up using the AutoExnt utility in the Win2003 Resourse Kit. The files are still usable in Windows XP.

Only three files are needed from the kit namely Autoexnt.exe, instexnt.exe and servmess.dll. These files are to be dropped in the %SYSTEMROOT%\system32 directory.. The next step is to create the %SYSTEMROOT%\system32\autoexnt.bat (the file needs to be named like that) with the commands to be executed. My script looked something like this:


@echo off
setlocal
REM
REM Workstation specific settings.
REM
set JBE_Eclipse_Dir=C:\Apps\IBM\jazz\buildsystem\buildengine\eclipse
set JBE_Repository_URL=https:///jazz
set JBE_EngineID=ToolingBuilder
set JBE_user=kerberos
set JBE_password=

REM
REM If proxy is not needed, switch the JBE_VMArgs_OPTS to use the empty one
REM
set proxyHost=
set proxyPort=3128

set JBE_VMArgs_OPTS=-vmargs -DhttpsproxyHost=%proxyHost% -Dhttps.proxyPort=%proxyPort%
REM set JBE_VMArgs_OPTS=

REM
REM Set the JVM to use to the IBM J9 VM otherwise the compilation will fail.
REM
set java_home=C:\Apps\IBM\SDP70\jdk
set classpath=.;%java_home%\lib
set path=%java_home%\bin;%path%

REM
REM Invoke the Jazz Build Engine client.
REM
pushd %JBE_Eclipse_Dir%
jbe.exe -repository %JBE_Repository_URL% -userId %JBE_user -pass %JBE_password% -engineId %JBE_EngineID% -sleeptime 1 %JBE_VMArgs_OPTS%

endlocal

The next step is invoking the command instexnt install to install the service. The only final thing to do is to go inside the Services console of Windows and reconfigure the AutoExNT service to start automatically at boot up. Of course, it needs to be started as well if you want to use the service immediately. :)

There are a few more help in the Windos 2003 Resource Kit help but the only thing of interest is using instexnt install /interactive to install the service. This will cause the service to pop out a command window wherein the user can view the console output. The downside is that the user can close the window which will terminate the service.

I have thought about migrating the system to use the Java Service Wrapper but using the AutoExNT separates the service component which allows JBE implementors to replace/delete the JBE installation directory without going through the setup process again.

[edit 20081002] Dom Weinand posted this link in the RTC user forum on how to use the Java Service Launcher to run JBE as a Windows service[/edit]

ciao!

Tags: Laboratory // Add Comment »

Next Page »