If you’re accessing intranet websites using Blackberries and other mobile platforms like Good for Enterprise you can get Kerberos working to provide single sign-on/passthough authentication. Staff can then browse intranet pages that are secured by Windows authentication, URL filtering or NTFS without having to type in their (probably complex) Windows password on a teeny tiny phone keypad. I use the Active Server Page (ASP) below on IIS to test if Kerberos is working.

You can repurpose Windows PCs as thin clients in a VMware View VDI environment. Swap the Windows explorer shell (start menu and desktop) with View Client. This also works for Windows Embedded thin clients. This works best with VMware View Client v5.4.0. Newer versions (View Client 2.0 and above, don’t ask me why the version numbers are out of order) VMware changed the View Client behaviour. When you disconnect from your VDI session, the View Client doesn’t close (so Windows doesn’t logoff).

JRE install/reinstall package This will help you do unattended install of JRE. JRE is a little tricky as there are several major versions. There are 32bit and 64bit editions. There are regular updates. And there are plenty of security vulnerabilities that need patching regularly, especially the java plug-in for web browsers. Currently Oracle release JRE updates every quarter and this needs to become more frequent. As a result you need good version control for your packages and reliable install and upgrades.

Once in a while a request will come in from left field. This was one of them: implement a shower booking system for the new office. I implemented a finite state machine, using XML to store state, and XSLT to transform from one state to another. XSLT to transform the state file to HTML views. And a little ASP to implement webhooks to kick off the transforms.

This seminar describes a Virtual Desktop Infrastructure (VDI) using only open source software (and a Windows desktop OS). This is of course a crazy thing to attempt. You’re more likely to pick an off-the-shelf products like VMware Horizon View or Citrix. The most interesting aspect of this seminar is that it explains the components of a VDI infrastructure and the challenges in making an OS designed for local disk work well in a VDI environment and shared storage.

Had a requirement to monitor a website for changes. Used free online tool www.changedetection.com. But set up a second monitoring tool using PowerShell and a scheduling system. Remix the following code in your own monitoring projects. Maybe turn it into a function. Maybe test for an expected string (eg the HTML for login form). There’s no defensive code to recover if the website is inaccessible (needs a try-catch there). Could add some code to raise a SNMP trap, or create a support ticket.

At a conference yesterday there was the results of a survey into business and IT dept priorities and a discussion around how they differ: Business Priorities 1.Improving Efficiency 2.Deliver Operational Results 3.Improve Profitability 4.Reduce Enterprise Costs 5.Attract and Retain Customers 6.Product and Service Innovation 7.New markets and territories 8.Attract and Retain Personnel 9.Marketing and Sales Effectiveness 10.Increasing Enterprise Growth IT Priorities 1.Security 2.Mobile Technology 3.High Availability/Disaster Recovery 4.Storage and Data Growth

Recently showed NetMon to a developer for troubleshooting IntelliJ. The Java development environment app was freezing and we found it was attempting to go direct to Maven central repository instead of our internal repository or out via the web proxy. NetMon is a network capture tool. Rather than showing you raw data like wireshark, it breaks down the traffic into “conversations” per process (and process ID). This makes it easier to see the forest for the trees, or the tree you’re interested in instead of the whole forest.

PowerShell 3 installs without help files. You download these from Microsoft using the command update-help. Use the following PowerShell to make the .Net web client pass your session credentials to the (auto detected) proxy. Now you can wget, curl or update-help $wc = New-Object System.Net.WebClient $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials update-help This tip was from_:_ http://blog.stangroome.com/2013/08/02/powershell-update-help-and-an-authenticating-proxy/

Attended a security webinar titled 11 Most Effective Ways to Lockdown Active Directory. The 10 Immutable Laws of Security was referenced (in the context of VMware admins having equivalent of physical access to VMs, law #3). Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore. Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.