Thursday, June 30, 2011

Splunk AD Filtering


...\splunk\etc\system\local
## props.conf

[WMI:WinEventLog:Security]
TRANSFORMS-evtlog = wmi-null,wmi-filter,wmi-filter28user,wmi-filter28SecGrp,wmi-filter28DlGrp


## transforms.conf
[wmi-null]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue

[wmi-filter]
REGEX=(?msi)^(CategoryString=Account Management)
DEST_KEY = queue
FORMAT = indexQueue

[wmi-filter28user]
REGEX=(?msi)^(CategoryString=User Account Management)
DEST_KEY = queue
FORMAT = indexQueue

[wmi-filter28SecGrp]
REGEX=(?msi)^(CategoryString=Security Group Management)
DEST_KEY = queue
FORMAT = indexQueue

[wmi-filter28DlGrp]
REGEX=(?msi)^(CategoryString=Distribution Group Management)
DEST_KEY = queue
FORMAT = indexQueue



Posted by at No comments:
Labels: , ,

Wednesday, June 29, 2011

Java Red Cross for Users

Users were experiencing a Red Cross for the applet, yet my administrative account was able to load the applet.

Looks like java or the installation process for java is not writing all the registry keys to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFECA-00xx…..


In IE, Java has a catch all applet version – which will always work (aka the latest version)
clsid:8AD9C840-044E-11D1-B3E9-00805F499D93

But most java dude’s call specific versions of java (for example)
clsid:CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA


The server(s) for some reason didn't have all the keys in classes root, where compared to my windows 7 desktop does.

I believe the install for some reason is writing the keys to HKCU instead of HKLM \classes...etc.

So fix is to add all the version to HKEY_LOCAL_MACHINE\SOFTWARE\Classes

http://pastebin.com/YhmwPTq7 contains my fix for 1.6u24 version

btw, Monitoring the registry when tick/untick the “use next generation java” in the java control panel, it just write all the entries to HKCU.

Posted by at No comments:
Labels: , , , , ,

Saturday, June 25, 2011

Android Applications

Here is some android apps that I like

Posted by at No comments:
Labels: ,

Thursday, June 2, 2011

RDP on Citrix


We have a solution to a couple of issue that has been affecting us when using RDP (MSTSC) via AGEE/Citrx to windows 7 or windows 2008 server.

Issue: Lag Mouse when connecting to Windows 7/2008
Once connected to your RDP desktop:
1. Launch control panel
2. Open ‘Mouse’ control Panel item
3. Select Pointers
4. Change to a theme that doesn’t use AERO
a. For example… (none)

------Regfile----

Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"=hex(2):00,00
"Help"=hex(2):00,00
"Hand"=hex(2):00,00
"AppStarting"=hex(2):00,00
"Wait"=hex(2):00,00
"NWPen"=hex(2):00,00
"No"=hex(2):00,00
"SizeNS"=hex(2):00,00
"SizeWE"=hex(2):00,00
"SizeNWSE"=hex(2):00,00
"SizeNESW"=hex(2):00,00
"SizeAll"=hex(2):00,00
"UpArrow"=hex(2):00,00
@=""
"Scheme Source"=dword:00000000
"Crosshair"=hex(2):00,00
"IBeam"=hex(2):00,00


[HKEY_USERS\.DEFAULT\Control Panel\Cursors]
"Arrow"=hex(2):00,00
"Help"=hex(2):00,00
"Hand"=hex(2):00,00
"AppStarting"=hex(2):00,00
"Wait"=hex(2):00,00
"NWPen"=hex(2):00,00
"No"=hex(2):00,00
"SizeNS"=hex(2):00,00
"SizeWE"=hex(2):00,00
"SizeNWSE"=hex(2):00,00
"SizeNESW"=hex(2):00,00
"SizeAll"=hex(2):00,00
"UpArrow"=hex(2):00,00
@=""
"Scheme Source"=dword:00000000
"Crosshair"=hex(2):00,00
"IBeam"=hex(2):00,00


Issue: The SHIFT key does not work (sporadic capitals and non-capital letters)– Normally impacts passwords

Change the RDP client settings as follows:
1. Click Options in the Remote Desktop Connection User Interface.
2. Select the Local Resources tab.
3. Under Keyboard > Apply Windows key combinations, select ‘On the local computer’.
After doing this, the SHIFT/ALT/CTRL keys work as expected in the RDP session.
More detail: http://support.citrix.com/article/CTX110281
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)