Recently I had to replace an IT guy who’d gone off the rails. Something odd about this profession seems to cause an unusually high number of them (say, compared to other engineers) to drop off the radar and partially or completely disappear. It usually happens in one of two ways, they start with sporadic attendance, rarely answering phone calls and e-mail, then completely disappearing, or just the latter and they entirely stop all communications, possibly even leaving the area. Hard to say if it’s something psychologically different with SysAdmins (we can be quite an odd bunch) or if it’s the pressure and culture that spawns the flight response…

I’ve tried endless searches on “firing a sysadmin”, “locking out an IT guy”, etc., but nothing useful. So, I’ve compiled a list of things to examine when an IT guy goes AWOL and you need to lock them out, reclaim logins and check for holes.

• Firewall passwords & rules
• Router logins
• Switch logins
• VPN server login & configuration
• Domain Admin/root password
• Group Membership (Domain Admins, Schema Admins, Enterprise Admins, Built-in administrators, Exchange admins, root, wheel, etc.)
• Other domain admin accounts
• Service accounts (check Services logon list)
• User accounts (every employee should change password)
• Local admin accounts on client systems
• Hosting/DNS/Domain Name Services passwords
  • Web hosting logins
  • Registrar logins and contacts
  • Managed DNS
• Exchange/mail servers
  • Mailbox forwarding
  • Routing groups
  • Hosted spam filtering
• MS SQL/database accounts
• Auto-logins, i.e. kiosk systems
• Examine startup scripts and group policy
• Examine scheduled tasks, at or cron jobs
• Change wireless security key
• Change remote access accounts, i.e. GoToMeeting, TeamViewer, etc.
• Update 3rd party software passwords, i.e. anti-virus, backup, etc.
• Update 3rd party hosted software, i.e. Amazon S3, Salesforce, etc.
• Change vendor logins, i.e. CDW, Dell, Microsoft, Tigerdirect, etc.
• Remote system logins/wireless
• Check systems in the field for items above
• Check for keyloggers on all systems
• Phone system accounts and logins
  • Change all voice mail pins
• Update building alarm security codes
  • Contact for alarm company if the person is on the access list
• Update access information/logins at colocation facilities

That’s what I came up with so far for a Windows-centric network. Anything you can add?

So you’re looking to upgrade your Cisco ASA 5505 to the latest and greatest firmware? Well take it from me, don’t update the ASA software first. If the ASDM software is not compatible with the updated ASA version, you will get locked out and have to get out your console cable.

Not so bad, but if your server room is actually a storage closet with the rack eight feet in the air so you have to stand crooked on a ladder, it’s a pain in the back (and a lower, rear facing location as well).

The upgrade process is in fact, quite painless.

1. Just fire up your ASDM
2. Go to Tools > Upload Software from Local Computer…
3. Choose your Image to Upload: (ADSM first, then ASA later)
4. Browse Local Files… to add the image (.bin file)
5. Click Upload Image and follow the prompts to finish (they vary depending on image uploaded)

Following the process above for our brand new firewall, the ASDM image reloaded properly to the latest version while the device was running, the ASA software however, did not. Rebooting the ASA loaded everything properly and I was on my way. (Or was I? That’s blog entry to come…)

I was recently looking for a way to activate Windows 7 and Office 2010 at a command prompt; this is what I found…

Since the release of Vista, you can use the command line utility slmgr for Windows activation when using a MAK (or Multiple Activation Key).

Windows Activation

1. Open a command window (as administrator)
2. And run…

slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
slmgr -ato

Office Activation

1. Open a command window (as administrator)
2. From C:\Program Files\Microsoft Office\Office14 run…

cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript ospp.vbs /act

Who needs all that pointing and clicking anyway?

There isn’t really a lot to be done with Exchange these days. Since the advent of E12, the code name for Exchange 2007, the maintenance task list has shrunk quite a bit.

The items that do need watching are just a subset of the “old days.”

• Maintain your daily backups – probably the most important thing you can do for Exchange
• Examine your message queues for log jams or stuck messages
• Check available disk space (but you’ve already automated this, right?)
• Examine the event logs for errors and warnings
• Make sure your anti-malware software is functioning properly, i.e. turned on and getting updates (some people host this service, so that would only leave four items :)

Thanks to Jim McBee for providing guidance in his many excellent books.

There are plenty of answers to the error message:

“Delivery has failed to these recipients or distribution lists:
 
Jane Doe
Your message wasn’t delivered because of security policies…”

In our case, Jane Doe was no longer an employee and her account was disabled. The sender of the message was requesting a meeting with someone who had Jane as his admin, so he had her as a Delegate for his Calendar. Once we removed her from his Outlook’s Delegate list, there were no more errors.

Pretty simple, but they’ve moved Delegate Access in Outlook 2010, now you go to File > Account Settings > Delegate Access

For Outlook 2007 and earlier, go to Tools > Options > Delegates tab.

You know you love it, being able to just start typing the first few characters of an address and Outlook “guesses” the rest for you. At least I think you love it, because every time someone’s Outlook is upgraded or they are moved to a new system, everyone notices it’s missing right off the bat.

Prior to Outlook 2010 all this information was kept in a NK2 file, typically called Outlook.NK2. Previously you could just copy this file to the corresponding folder on a new machine and it worked almost like magic. With the new upgrade, not so much. It’s not a hard process to import the auto-complete data, but there are some additional steps.

1. Copy your old *.NK2 file to C:\Users\%username%\AppData\Roaming\Microsoft\Outlook
2. Ensure the name matches your current profile name, default is Outlook. (Look in Control Panel > Mail > Show Profiles… to be sure.)
3. Now from the Run… prompt enter: outlook.exe /importnk2 and click OK.
4. Once imported the NK2 file will have a .old extension, remove that if you wish to run the import again.

All auto-complete data is now kept within an Outlook 2010 mailbox, so no external files will be needed in the future.

Since the advent of Windows Vista, the usual folder locations don’t always apply. Take the Quick Launch or All Users Desktop, where did they go?

Here’s a short list of what’s been moved around (and yes, I’m writing this as much for me as anyone else)…

All Users:

• All Users Desktop, Favorites, Documents, Downloads, Music, Pictures & Videos – C:\Users\Public
• All Users Start Menu – C:\ProgramData\Microsoft\Windows\Start Menu
• Documents and Settings (just for completeness sake): C:\Users
• Templates – C:\ProgramData\Microsoft\Windows\Templates

User Specific:

• Cookies – C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Cookies
• Default Outlook OST/PST folder – C:\Users\%username%\AppData\Local\Microsoft\Outlook
• Quick Launch – C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
• Send To – C:\Users\%username%\AppData\Roaming\Microsoft\Windows\SendTo
• Start Menu - C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu
• Temp – C:\Users\%username%\AppData\Local\Temp
• Temporary Internet Files – C:\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files