Download Teabagger! … WooCommerce and my first WordPress “Product” now for sale

Download Teabagger App! 

A while ago I set out to develop an android app and did so with hopes to bring to market a funny joke app. So Teabagger was developed and is an app that is not so ah, family oriented, haha. But it was interesting for me to find out how apps are developed. The app will probably be modified in the future to mark up pictures with some other types of images but for now they’re illustrations of balls. Turns out Google Play store allows penis enlargement apps, but doesn’t take privy to scrotum. Everyone that sees it gets a kick out so hopefully I’ll have a little return on my endeavors, but I’m not holding my breath. I also discovered WooCommerce and added it to my blog here and posted the .apk for Teabagger here on my site under the “Shop” page. The app is now up for sale and so please try my new app available for download now!

http://www.jasoncoltrin.com/?product=teabagger-the-ultimate-teabagging-app-for-android

Or if you prefer, you can buy and install the app from the adult-themed MiKandi app store here: http://link.mikandi.com/app?app_id=13309&referrer=1582289

linux iptables intro and basic network information

Introduction iptables – the standard linux firewall

iptables is a standard firewall built into common Linux distributions such as ubuntu, debian, and centOS.

First, packets are logical containers of data representing the flow of data. Protocols are languages and sets of rules used by network devices to send and/or receive data. Ports are numerical representations of protocols and are common throughout TCP/IP networking. Registered ports are those from 0 through 49151. IANA maintains the official list of both ranges.The dynamic or private ports are those from 49152 through 65535. One common use for ephemeral ports are used by servers to continue communications with a client that initially connected to one of the server’s well-known service listening ports. Here is a list of about 250 well-known ports.

iptables drops network packets when those packets meet a certain set of pre-defined CHAINS of rules stored in the computer’s memory. The chains can be placed in different binding orders and they organize the firewall.

A packet, or a datagram, is a unit of a series of bits that forms a container that can be examined, routed, dropped, and filtered in regards to it’s headers, source, destination, and content.

The packet is organized into different fields. It is typically 32bits and contains different data objects which contain mac address source/destination, and IP address source/destination. Cyclical redundancy checks (CRCs) are used to check the values of a packet before they are sent. When the datagrams reach their destination a checksum is attained and checked against the CRC field. In TCP, if the two match then the datagram is marked as successfully sent. If it is different, the source is notified that the packet is bad and will need to be resent.

Datagrams on a wired network really just represent electrons (ethernet) or pulses of light and radio waves that modulate in frequency and amplitude in optical transmissions.

CSMA/CD is used to manage collisions and prevents simultaneous transmission of data on both wired and wireless networks.

Layer 3 of the OSI model is where routers route packets to different vlans and subnets based on their field values using static routes and dynamic protocols such as RIP and OSPF. Layer 2 switches create connections between nodes with addresses in their MAC tables through Application Specific Integrated Circuit (ASICs).

Services running on a server rely on field data in each datagram. The traffic is organized by standard protocols that are bound to specific ports. Each port is represented by a number and are filtered by opening or closing the ports to accept or drop packets whole field data matches that port.

Like other firewalls, iptables manages ports on a NIC where packets can enter, pass, or exit. Ports can be opened, listen, or closed for each service or kind of traffic that will be allowed. Other ports are closed for traffic to be denied.

Chains are sets of rules that manage network traffic by opening or closing ports that can be applied or bound to a Network Interface in a particular order.

There are three kinds of CHAINS:

  1. INPUT – packets coming into the PC.
  2. OUTPUT – packets leaving out our PC.
  3. FORWARD – packets that pass through the PC if it’s multi-homed and being used as a router.

Here are common iptables switches used in chains:

  • -s = source address
  • -d = destination address
  • -p = protocol
  • -j = action
  • -P = specify default policy for a chain
  • -D = delete a rule for a chain
  • -R = replace a rule for a chain
  • -F = remove all rules for specified chain.
  • -L = list all chain rules
  • -A = add/append a rule to the end of a chain

Rules are used to define and manage the traffic you want to ALLOW first in iptables. Then you add the last rule, or the catch-all rule at the bottom of these rules. The last rule blocks all other traffic not previously allowed.

Example of a rule applied to the INPUT chain:

  1. Allow HTTP traffic for an Apache2 web server on port 80 on the interface named eth0:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 80 -i eth0

2. Allow FTP packets for the VSFTPD daemon/service on port 21:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 21 -i eth0

3. Allow SSH traffic for Secure Shell connections on port 22:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 22 -i eth0

4. Apply a CATCH-ALL rule:

iptables -A INPUT -j DROP -p tcp -i eth0

*Note – catch-all rules must be entered and applied LAST.

You can define your own iptables chains as well as view the built-in chains present. Many users will define their own iptables rules in a shell script that is run automatically at boot.

 

Usage of suid and sgid in linux

So when it comes to certain files and executable scripts, as a linux admin you may want to allow certain users to run these scripts with elevated privileges.

setuid and setgid allow you to grant limited elevated privileges (root) without having to add the users to the sudoers file.

Similar to chmod, where you indicate where you want to set the user id bit, you can set the permissions with 4, 2 and 1: suid = 4 sgid = 2 stickybit = 1

To do a suid:

$chmod 4777 script  – would give you permissions of

-rwsrwxrwx 1 jason jason

to do sgid use:

$chmod 2777 script – would give you

-rwxrwsrwx 1 jason jason

by using $chmod 6777 script – you would get

-rwsrwsrwx 1 jason jason

For setting back to normal you would use

$chmod 0777 script

SGID is often used with folders for example

$mkdir groupFolder

#chmod 2775 groupFolder

would give you:

-drwxrwsr-x 2 jason jason

when you set groupid on the folder, anyone that adds a file to that folder, the group ownership of the file will receive the group ownership of that folder.

If you have a file that is suid, and is malicious, you can find files on your system that have the suid and/or sgid bit set:

find .  -perm +6000

find .  -perm +2000

find .  -perm +4000

You should occasionally look for these files so you know which files and/or folders are automatically setting permissions.

Configure Cisco 3750 Switch Port Team Channel and MacPro with Bonded Thunderbolt Ethernet LACP Link Aggregation

Screen Shot 2014-04-09 at 3.32.49 PM

If you’ve got a new MacPro and want to utilize both of the two built-in Gigabit Ethernet ports (and possibly some Thunderbolt-to-ethernet adapters) in a bonded LACP Link Aggregation virtual adapter in conjunction with a Cisco 3750 switch, follow the instructions below.

The first part is configuring your switch to allow your Mac to create a bonded link. In my case, without first configuring the switch, I was able to create my Mac’s bonded ethernet adapters, but couldn’t pick up a DHCP address. I further went into the virtual adapter’s bond status and saw red dots and the messages “No Partner” and/or “Bad Link”. The problem was that I hadn’t setup my switch with the appropriate LACP protocol on it’s interfaces.

Here are the instructions for creating a bonded Ethernet LACP link aggregation from Apple: http://support.apple.com/kb/PH8356

Note that in the above article there are some requirements: you need at least one IEEE 802.3ad-compliant switch or another Mac OS X Server computer with the same number of ports.

So I configured a Cisco 3750 switch with a new channel group, and added 4 ports into the channel group so that we can bond 4 NICs for the MacPro’s LAN connection at 4GBps

Here is the channel group configuration

!
interface Port-channel2
description LAN Etherchannel Team for MacPro
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
!

And here are the gigabit interfaces configuration

!
interface GigabitEthernet1/0/13
description MacPro Eth1 to LAN
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/0/14
description MacPro Eth2 to LAN
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/0/15
description MacPro ThunderBolt BottomLeft to LAN
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/0/16
description MacPro ThunderBolt BottomRight to LAN
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 2 mode active
!

I further went on to create another 4xThunderbolt Ethernet Adapter for an iSCSI connection to a NAS by creating a new channel group 3 and added the remaining 4 thunderbolt interfaces into group 3:
!
interface Port-channel3
description iSCSI Etherchannel Team for Mac Pro
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
!




!
interface GigabitEthernet1/0/17
description MacPro TB iSCSI
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/0/18
description MacPro TB iSCSI
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/0/19
description MacPro TB iSCSI
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/0/20
description MacPro TB iSCSI
switchport access vlan 27
switchport trunk encapsulation dot1q
switchport mode access
channel-protocol lacp
channel-group 3 mode active
!

Lastly I created a new iSCSI Bond on the MacPro successfully and provided the Bond adapter with a Manual Address 192.168.27.30.
Doing this left me with:
4GB bonded connection to LAN

Screen Shot 2014-04-09 at 3.27.10 PM

4GB bonded connection to iSCSI NAS complete

Screen Shot 2014-04-09 at 3.28.45 PM

Here’s what the 2nd bond looks like in ifconfig:

bond1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
ether 68:5b:35:b9:4a:3a
inet6 fe80::6a5b:35ff:feb9:4a3a%bond1 prefixlen 64 scopeid 0x16
inet 192.168.27.30 netmask 0xffffff00 broadcast 192.168.27.255
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex>)
status: active
bond interfaces: en15 en13 en16 en14

Here’s what the beast looks like from the outside:

20140811_133529

20140811_133739

Symantec Exec 2014 Beta Signups have begun – support for Windows Server 2012 R2

Symantec does not yet support BackupExec Server running on Windows Server 2012. There are a lot of frustrated customers because of this issue. A lot of admins are downgrading to Server 2008 R2 for just this reason. Backup Exec 2014 is slated for late Q2 early Q3 of 2014. Currently BE2012 SP2 running on Server 2008 R2 does have a 2012 client/agent and supports backing up 2012 clients only, but a Backup Exec 2014 beta (aka Backup Exec 2012 R2) signup has started today.

Symantec WS2012 support:
http://www.symantec.com/business/support/index?page=content&id=TECH196108

Symantec WS2012 support news:
http://www.symantec.com/connect/blogs/backup-exec-2012-r2-update-news-about-windows-server-2012-r2-support-and-target-ga

Blog post released yesterday says BE2014 Beta signups have started:
https://www-secure.symantec.com/connect/blogs/backup-exec-beta-program-important-update

Here is the Beta signup info:

Symantec Backup Exec™ 2014 Beta

Updated – February 20, 2014
We are happy to announce the next beta program for Backup Exec is open for registrations. We are seeking existing Backup Exec customers and Backup Exec prospects who are interested in testing, validating and actively providing feedback on Backup Exec within their labs and/or production environments.

 This new version of Backup Exec delivers one of the most powerful and reliable backup and recovery solutions available today. You can be among the first to see all of Backup Exec’s new features, and your valuable feedback can help shape the future of Backup Exec.

 What’s new in this new release?

Job Monitor is back!
Monitor the status of all of your jobs from one convenient panel
Back up multiple servers in a single job
Customize selections for multiple servers all at once
Configure the order of backup sources
GRT support for Exchange 2013 CU3 & SharePoint 2013
Support for Enterprise Vault 10.0.3 and 10.0.4
Support for Domino 9
New platform support
Windows Server 2012 (agent and Backup Exec server)
Windows Server 2012 R2 (agent and Backup Exec server)
VMware vSphere 5.5
Hyper-V 2012 R2
Red Hat Enterprise Linux 5.9
Red Hat Enterprise Linux 6.3
Red Hat Enterprise Linux 6.4
SUSE Linux Enterprise Server 11 SP2
Simplified upgrade experience
Scheduler enhancements
And much more!
 If you would like to participate in this Beta program, please click on “Join this Beta Program” below.

We look forward to your participation in the Backup Exec Beta.

Kind regards,

Backup Exec @ Symantec

Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

Requirements
Willing to submit incident reports as problems are discovered in your testing.
Willing to complete a daily journal of your beta activities (some days it may simply be one sentence).
Ability to install the Beta release into a test (non-production) and/or production environment.

Server 2012 R2 SMB (SMB2) Shares inaccessable from 2000, XP SP3, Mac client computers – Solved

Recently a lot of users complained that they could not access or mount or connect to public shares hosted by a newer Server 2012 R2 virtual machine running on Xen. The users all had a common trait that they were trying to access the shares with SMB1 from XP, and OS X on Apple/Mac computers. Windows 7 and other Server 2012 computers could access the shares without any errors. After a lot of testing, the resolution turned out to be a registry change which turned off SMB2. During testing we did the following:

  1. I created test shares on the problem server on both the c and e drives, and still was not able to connect to them with OS X 10.9.1 or XP. Whether trying to mount the shares by UNC or DNS, or IP Address, or mapped drives, I could not mount or view the shares. I modified these new shared directories permissions to see if authentication, security, or permissions were the problem, but no difference. The error message on the Macs was: “There was a problem connecting to the server “servername”. The share does not exist.” and on XP was: “The specified network name is no longer available”.
  2. I created a new share on a separate Server 2012 R2 server. My mac was able to mount this share created on it. This anomaly is what is still vexing because it’s an identical share on an identical operating system, but still the public shares had to be fixed. I looked at differences between the two server’s registries and could not find any discrepancies in the hive located at HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServer. It would be nice for such an occasion to have an easy-to-use tool like linux’ diff, sdiff, or colordiff to compare registries side-by-side, but I digress.
  3. After finding the post by Nicolas Moreno here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/bca317cd-87aa-4fd7-b12a-6715e6dddfe5/cant-access-unc-share-on-windows-server-2012-r2?forum=winserver8gen I checked the good working server and found that it’s server service is using Srv2 (smb2), but it is able to provide shares. Again, the server that can’t share with older clients also was using Srv2 (SMB2), but the symptoms were a lot like the post’s description.
  4. First, I took a snapshot of the virtual machine, I backed up the Registry Hive/Key with an export, and then made the registry change:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerDependOnServiceFrom: SamSS Srv2

    To: SamSS SrvScreen Shot 2014-02-20 at 10.32.29 AM

  5. After making the change and rebooting the server, all of the clients (2000, 2003, XP, Mac OSX 10.8 Mountain Lion, Snow Leopard, Mavericks) could access the shares again.

An associate had made changes to this server prior to the incident cropping up so it’s hard to be sure just when and what caused the SMB2 windows shares to block access, but for now everyone can access the public drives. Please leave a note if this resolution helped or if you found a way to get broken SMB2 shares working again without changing the registry.

Hyper-V 2012 – cloning multiple Ubuntu 12.04 Server Virtual Machines

Using Microsoft HyperV to Clone Linux vm’s With Unique Disks, Memory, and Network Adapter Mac Addresses

When you have a large server and have been tasked with creating multiple virtual machines on Microsoft Hyper-V 2012, you probably don’t want to answer the same questions over and over during the operating system installer process. It’s actually not too difficult to create a single Ubuntu Linux 12.04 Virtual Machine, then clone – or in this case, export the virtual machine, and from that, create new virtual machines with the same .vhdx or .vhd disks. Linux doesn’t have SysPrep of course, so there are just a couple of changes that you need to make once the cloned VM’s have been created. Below is the method I used to create 5 Ubuntu VM’s with different disk names, mac addresses, and host names:

  1. Prerequisites are HyperV installed on Server 2012 with storage available locally to HyperV
  2. Download Ubuntu 12.04 .iso and copied locally to c:ISOs directory
  3. Start Hyper-V
  4. Create a new VM as normal with your required settings (Name, disk space, memory, NIC, number of processors, etc. Select the Ubuntu.iso as your CD/DVD drive
  5. Boot to the Ubuntu installer disk, install Ubuntu, configure as you like but use DHCP for your network interface. It’s ok to do an apt-get update / apt-get upgrade at this time as well.
  6. Shutdown the baseline vm
  7. In Hyper-v console, right-click on the vm and choose Export… save the files to a location you can remember
  8. Browse folders to Export -> VM Name -> Virtual Hard Disks -> Rename the .vhd file that the Export created to the name of your new VM. Move (cut/paste) the .vhd to your default Virtual Disks directory
  9. Create a new VM with your required settings. When it asks for the hard drive settings, browse to existing .vhd and choose the .vhd that you had just renamed and moved
  10. Boot the new VM and login. You will find that it probably has the same IP address of the original vm (but it probably has a new MAC address). We need to get a new dynamic MAC address and IP.
  11. Shutdown the newly cloned VM. The original VM should also be powered off
  12. Right-click on the new shutdown vm and choose Settings…
  13. Select the Network Adapter on the left and hit the Remove button on the right.Screen Shot 2014-02-12 at 11.05.42 AM
  14. Boot the new vm with no NIC attached
  15. login
  16. delete the leases file with #sudo rm /var/lib/dhcp dhclient.eth0.leases file
  17. shutdown the vm again
  18. Right-click on the VM and choose Settings… on the left at the top, click Add Hardware -> Network Adapter -> Add -> choose your virtual switch -> ok
  19. Power on the new VM and log in
  20. Do an ifconfig and check for your new IP and MAC address
  21. edit /etc/hostname to include your new hostname
  22. edit /etc/hosts file to contain your new hostname for 127.0.0.1
  23. You should now have a newly cloned vm with it’s own identity. You can now modify the disk size in hyper-v and expand your partitions if necessary, plus change your server from DHCP to a Static IP.

 

 

 

Creating and Deploying Windows7 with WDS 2012

Below is a rough procedure for using Windows Deployment Services 2012 to create and deploy images in an Active Directory Domain environment. This procedure does not cover the installation of the WDS role in 2012, as that part is fairly straightforward.

– Prerequisites include: Server 2012, Deployment Toolbench, WAIK, and WDS Role installed. After the installation, RDP into your server.
– First step is to perform a clean install from the Windows 7 Enterprise 64 .iso dvd onto a PC model which will be cloned, for example Optiplex 745
– In this case we are using Volume licensing – licensing keys are not important, they are handled by a Volume Licensing Server, you won’t have to choose licensing while deploying images
– Open WDS
– Add boot image boot.wim stored on Win7 Enterprise CD
– Name the image (win7x64)
– Right-Click -> Create capture image
– Store locally – name ‘win76capture’ -> next -> extract image
– In some instances you will need to add drivers. Add drivers -> Add driver packages ->you will need at a minimum network drivers – go to manufacturers support, get .exe drivers, use 7zip to extract contents into folder and browse to that folder to add them.
– go to remote machine – power on and hit F12 for boot options -> network boot/PXE boot *note: some pc’s will not have boot to NIC enabled. Do so in BIOS of system (NIC Enabled with PXE) and set boot order: 1. CD 2. HDD 3. NIC
– Now it’s time to make the PC image. For uncloned models run a base install from Windows 7 CD. After the installation process runs it will restart several times.
– Before entering any settings, and at the point during the install where it ask for the user name/PC name, hit CTRL+SHIFT+F3 to go into Audit Mode – this will RESTART the pc into Audit Mode.
– After restart, the PC will land you on the desktop with the Sysprep Tool open in Audit Mode.
– If you miss the prompt to hit ctrl+shift+f3 you can get into audit mode by running from elevated cmd prompt: c:windowssystem32sysprepsysprep.exe /audit /restart
– Leave the Sysprep tool open with the following settings: Enter sysOOBE, Generalize (checked), Shutdown Options: Reboot
– Leave the Sysprep tool open and do all software installs and settings for the end user. Office 2010 automated installer, create shortcuts for web tools, install standard apps for example: firefox, 7zip, putty, reader, pdfcreator, java, winscp, vlc, iTunes, quicktime – many times mapped drives and folder redirects will be created with .bat scripts but often times printers will have to be connected when setting up for the user. Make sure system is not set to sleep in power settings, turn off UAC, install flash etc. Be sure to open applications such as MS Office to register/activate software.
– Click OK on SYSprep and OOBE
– Restart -> PXE boot again -> do capture.wim -> it will ask ‘select file to save to -> Save to local disk as *model*Win7x64.wim. If the capture process does not see the partition C or D (in some instances D drive will actually be your C: drive) then you’ve done something wrong with Audit mode and sys prep. The capture will complete and land you either at the Owner/PC Name settings at which point you’ll do a Ctrl+Shift+F3 or at your desktop. Once back at the desktop, browse to your server at \servernameshare and copy the capture.wim file to the server.
- Make sure to start WDS as administrator and can add new Image Group. If you don’t add a New Image Group the ‘add new image’ wizard may tell you the image is invalid. If you get “File does not contain a valid install image” / Add Image failed. In WDS -> install images -> add new Image Group, then try re-adding the captured .wim. If it still says invalid image, re-copy the captured image from the PC back to \servernameWDS, create a new image group and add image again. 
– Right-click -> Create multicast transmission/Any PC can connect/Allow Multiple etc. Create a new multicast transmission for your new image.
– Boot client PC to be imaged into PXE again and clone the machine with new image that you just captured from it, to test and make sure it works, network, drivers etc are all in place.
– if errors occur, go to image -> Add driver packages to image
– if everything is good open WSIM – 2 answer files will be created: 1. Unattended and 2. OOBE (out of the box experience)
– Use unattended file in c:remoteinstallwds clientunattendedwdsunattendedwin764.xml
– Use petenet live documentation for unattended file creation settings if necessary here: http://www.petenetlive.com/KB/Article/0000735.htm (three parts)
– Pass 1: 2 modules — 1. AMD64_ms-win-international-core-winpe_neutral … 2. AMD64_ms-win-setup-neutral –> credentials domain: sec un: ***admin pw: *****04

- Pass 4: 1 module — AMD64-ms-win-unattendedjoin-neutral: machine objectOU: OU=autoinstall,OU=Workbench,OU=Workstations,OU=***,OU=*****,DC=***,DC=root,DC=******,DC=com — join domain: ****.root.****.com

– File -> Open -> oobeunattendedwin7x64.xml:
– Pass 4 (Specialize) — 2 modules: 1. AMD64_ms-win-shell-setup-neutral: configure organization, owner, PST —- 2. AMD64_ms-win-unattendedjoin_neutral: ID join domain /OU, credentials: ***/******
– Pass 7 (oobesystem) — 2 modules: 1. amd64_ms-win-internationalcore_neutral: EN-US (everything) — 2. AMD64_ms-win-shell-setup_neutral -> a. OOBE -> true,true,work,1,true,true b.UserAccounts -> administrator pw: **** -> Local Accounts -> LocalAccount [Name="admin"]: AddListItem, admin,admin,Administrators,admin -> Passwrd: ******
– Go to WDS Install Image win764 ->right-click -> properties -> checkmark Allow image unattended -> select c:remote installwdsclientunattendedoobeunattendedwin764.xml -> ok
– Right-click on Server -> Properties -> Boot tab: default boot image x64: use boot capture.wim. — under Client Tab: Enable unattended installation -> Browse to c:remoteinstallwdsclientunattendedwdsunattendedwin7x64.xml / enable logging
– Boot client pc pxe -> options are win7x64 or capture -> select win7x64 -> option which image you want to install (win7x64)
– PC should finish installing the image and restart, leaving you at the Ctrl+Alt+Del and already named and joined to the domain. The PC should have been added to the OU domain.com/Workstations/Workbench/autoinstall
– Log in as domain admin, add the end user account temporarily to the local administrators group, log in as the user and setup the user profile and add printers.
– Remove end-user from local administrators group – that’s it!

DVR Security Surveillance Systems

I took a few hours to review Digital Video Recording and surveillance products and specifications. I’ve learned they’re all pretty much the same re-branded Chinese boxes with Linux embedded and ultimately it comes down to hardware capabilities and if there is a company associated and reviews.

As far as most features, best price, highest quality video and 16 channel video and audio support, I would recommend this unit:

CH Channel Full D1 Network DVR Recorder H 264 HDMI 16CH Video Audio _ eBay

http://www.ebay.com/itm/16-Ch-Channel-Full-D1-Network-DVR-Recorder-H-264-HDMI-16CH-Video-Audio-/261360151721

This one is nice because it has more features, two network cards, good quality D1 recording, H-264 and 16 channel, but does NOT include a hard drive. Also it is Generic and a lot of security “companies” buy these, brand them and charge $1200. So this one is around $600 but add on a hard drive for another $100. This unit does not include cameras.

This following DVR pretty much has the same features as the unit above but no dual network card and seems to be supported better and includes a 2TB hard drive. I would consider this unit to be the Ebay Special. A no-name – chinese knock-off that is just the same as all the others but includes better marketing and possibly a company behind it to get some kind of assistance if there are questions.

http://www.ebay.com/itm/ELEC-HDMI-1080P-16-CH-Channel-Full-D1-Realtime-CCTV-Security-DVR-NVR-DVD-RW-2TB-/110990543571

Elec® HDMI 1080p 16 CH Channel Full D1 Realtime CCTV Security DVR NVR DVD RW 2TB

I recommend this unit because it looks like it has a company behind it, includes the hard drive and DVD-RW drive. If it’s DOA, then you can do an EBAY return. This one is $400.

This following DVR is from a reputable seller (newegg), has a 1 year warranty, but only has 4 audio inputs, and does not include a hard drive:

http://www.newegg.com/Product/Product.aspx?Item=N82E16881338138 This one is $500.

Aposonic A-S1604T2D 16 x BNC Video Recorder - Newegg.com Aposonic A-S1604T2D 16 x BNC Video Recorder 2 - Newegg.com

I looked on Fry’s website and they didn’t have anything with close to the capabilities of the 3 models above.

Here is a good article about choosing the right DVR:

http://www.ebay.com/gds/Selecting-The-Right-Security-DVR-Resolution-VS-Speed-/10000000009337378/g.html

Essentially it says the newest/best DVR’s are capable of recording in the highest D1 resolution on 4 channels with H.264 compression. If audio recording is a capability you need then the first two units I listed have 16 audio inputs. Other systems only have BNC and no audio inputs, but there are RCA-to-BNC connectors and microphones available to convert a BNC video cable into a working Mic.