Video Screencast Help

Endpoint Management Community Blog

Showing posts tagged with 7.x
Showing posts in English
stebro | 26 Jun 2013 | 0 comments

Properly securing privileged accounts is a basic security tenet and often a priority for servers. Unfortunately, the same level of concern is not present for desktops in many organizations. Yet desktops\laptops often contain as much sensitive information as servers and have done so for many years.

Most desktops\laptops have information that doesn’t make it to servers yet is extremely sensitive and valuable. Think about what is on the laptops of the CEO, the HR director, the software architect, or the CFO in any given organization. Much of this information on these systems can create serious risks if compromised as any data on an organizations file or database server. Endpoint security too often focuses solely on the threat of malware and hackers, but ignores the simple threat of insecure privileged user accounts.

For Windows systems, privileged accounts are any accounts that are in the Administrators group. Often there is at least one account that is used by an...

stebro | 06 Mar 2013 | 0 comments

In previous articles, we discussed why users want administrator rights and why they need them. Now let’s explore why they shouldn’t have them. In today’s increasingly dangerous threat landscape, every organization’s security strategy should include the goal to remove administrator rights. Here are the reasons.

  1. Zero-Day Threat Protection: Arellia research has proven that running with reduced privileges can mitigate a majority of software vulnerabilities in Microsoft, Adobe, and Mozilla products. Any vulnerability has the potential to be a zero-day: meaning it is exploited before the vendor or security vendors know about it and have a chance to stop exploits with patches or antivirus \ intrusion prevention signatures. Running software with reduced privileges protects commonly software when exploited by vulnerabilities that...
mmurphy7 | 22 Feb 2013 | 0 comments

In the last blog article we discussed the top 5 reasons why users want administrator privileges. In this article we will discuss the top 5 reasons why a user actually NEEDS administrator rights. Here are the top 5 reasons:

  1. System Utilities: many of the control panel applications require administrator rights including driver installation, disk defragmenter, and backing up the.
  2. System Settings: changing system settings such as the date\time or network configuration settings require administrator privileges.
  3. Software Installation: software that tries to install into the Program Files or Windows directory needs administrator rights to do so.
  4. Software Updates: application updaters require administrator rights in order to make changes to the applications in the Program Files directory. This includes updaters for Adobe, Java, and iTunes...
mmurphy7 | 22 Feb 2013 | 0 comments

Nobody likes to be restricted in their use of a computer, or think they are being limited because they don’t have administrator rights. Most users do not NEED administrator privileges, they just WANT them. So why do users want administrator privileges? Here are the top 5 reasons:

  1. Freedom: Users want administrator privileges so they can install or modify anything and everything on their computer. They may or may not view themselves as computer experts, but believe they know enough about computers to be able to make changes to their system without any negative repercussions. Unfortunately they are usually wrong, causing the IT department to spend countless hours fixing the issues.
  2. Control: Users also want more privileges on a computer because of the control associated with being able to call your own shots. Control leads to even more headaches for the IT department as they clean up the mess left by users who make changes without understanding implications...
Ludovic Ferre | 19 Feb 2013 | 0 comments

One of my customer reported a problem that caused one of their child nothing server to run at 100% CPU and consume almost all memory (out of 32GiB available).

I first looked at the timing (it was reported last Friday) and I thought this was possibly linked to the PMImport release as last week we had Patch Tuesday (so we released the PMImport Wednesday and replicated it to the child server Thursday evening.

But this was not it. First the memory ballooning problem happened on 3 different processes: the w3wp pools for the Altiris-NS-Agent and TaskManagement as well as the AeXSvc itself.

With all three processes running we would see large chunks of memory being released in a clean drop and go right back up in after nice curve. This was because the 3 processes were fighting for the scarce memory resources and causing each other to have to be scavenged every now and then.

Stopping on of the application pool pegged the memory to ~12 GiB for each of the other...

Ludovic Ferre | 18 Feb 2013 | 0 comments

Based on demand I have updated both the PatchAutomation [1] and ZeroDayPatch [2]downloads with a few additional features that allow the user to better control which bulletins are handle and how to invoke the tools.

Here are the new feature command line details:

/config=<file path>
    Reads the file at the provided path and parses each line for com-
    -mand line options. Here is a sample config file content:
      /severity=critical
      /custom-sp=CWoC_GetAllBulletins
      /vendor=google
      /dryrun
      /debug

/custom-sp=<sp_name>
    This option allows the user to specify a custom stored procedure to
    be called during the execution. The stored procedure may be present
    on the database (if not the automate will return with no errors) and
    must contains the following columns that are used and needed:
      * _resourceguid [Software bulletin guid]
      * released [Software bulletin release date]
      * bulletin [Bulletin...
Ludovic Ferre | 05 Feb 2013 | 0 comments

A new symantec.pl.xml file was released today and added to the ns7pl tree.

Here are the addition to the Solution tree and links to the revision:

Revision: 8737de84ed8c
Author:   Ludovic FERRE <ludovic@15-cloud.fr>
Date:     Mon Feb  4 15:51:07 2013
Log:      Symantec.pl.xml md5 = 8e278fd63cf1492e12a0237e184d9dcf

http://code.google.com/p/ns7pl/source/detail?r=8737de84ed8c

Added:
 /solutions/7_1/ita/ita_sd/altiris_itanalyticsdocumentation_x64.msi_info
 /solutions/7_5/ita/sd/altiris_itanalyticsservicedesk_7_5_x64.msi_info
 /solutions/7_5/ita/sd/altiris_itanalyticsservicedesklanguages_7_5_x64.msi_info
Modified:
 /symantec.pl.xml

...
Ludovic Ferre | 05 Feb 2013 | 0 comments

I have a customer that has some problems with one of three child servers, with some serious memory consumption there going from 2 GiB for TaskManagement, ~2.5GiB for AeXSvc and anything above that (sometimes 5GiB+) for the Altiris-NS-Agent.

This is causing some serious troubles obviously, as the CPU are all clogged up (95~100% on 24 real cores). So first we reduced the overall impact by limiting the number of CPU's the process is allowed to on (using advanced setting and processor affinity mask).

And then we took a few dumps to see how the memory gets up to 4GiB or more...

I'll detail the WinDbg commands (and how to load mscorewks via sos.dll) but here's the over view running DumpHeap -stat at various stages.

Note! Here are the field names used below in order, Memory address, object count, total size, object type. The listing is sorted by size ascending. So the interesting data is at the end.

...
Ludovic Ferre | 29 Jan 2013 | 0 comments

Update! Added the Dataclass and Filters top level items as they also needed fixing. Also I added a reference to my original SP1 to SP2 upgrade post, with steps for fixing the issue [1].

####

I attended an upgrade for a customer installing MP1.1 on 4 servers in hierarchy (1 parent, 3 children). We had some minor problems when we got started but nothing major:

  • 2 servers (including the parent) did not have the MP1.1 upgrade option because SMP 7.1 SP2 was not appearing as installed in SIM. We just ran the upgrade as a new installation.
  • The parent configuration went much to fast to be healthy. In effect it did not install most of the products, so we ran the "aexconfig /configureall" manually and this fixed the environment
  • One role had been granted undesired rights (inherited from the hidden parent folder)  on main console locations: "Reports", "Console menu", "Settings"...
Ludovic Ferre | 25 Jan 2013 | 1 comment

Today, I'd like to re-introduce a rare (endangered?) specie of owl: Sam.

As brightly advertised here Sam is not a random name, as it stands for Scalable Active Management. Now if you have worked with Altiris you probably know of SolutionSam, but not necessarily where that came from in itself.

SolutionSam.com was registered in 1999 when Computing Edge decided to create Active Management Solutions (in opposition to passive solutions that worked on top of SMS), the ancestors of Inventory Solution (Inventory +Solution, including Exchange +Plus, Audit +Plus etc [1]) , Software Management Solution (Download +Solution). 

Nowadays the site still holds the 6.0 solutions (a directory browsable folder [2]) and the 7.x solutions tree, not browsable but visible inside the symantec.pl.xml. It replicated via Akamai content delivery network for fast world wide availability of the content....