Archive for October, 2005

Electric Shocks from my laptop

Friday, October 28th, 2005

Often, when I take my laptop somewhere, it starts stinging me when I place my wrists on the speaker grill, this is the normal position when typing.

Turns out in fact, that I am being electrocuted

And I am not the only one it seems:

http://www.zd7000forums.com/viewtopic.php?t=1294&highlight=skin

I noticed my laptop also is giving me a shock. I pulled out my handy Fluke 77 Multimeter and got the following:

The Shock is from AC current, not DC.

While there is some DC voltage leaking to ground in the chassis, the vast majority of what everyone is feeling is AC voltage. I mesured Approx 54 Volts on the chassis mounted HW such as external ports and the speaker grill where my hand/arm has worn some of the paint away now. So for fun i decided to check for ampers, I got 48mA. While this is not a great deal of elecricity (enough to kill you) it does make it rather uncomfortable to use the laptop as you have to watch where you rest your arm.

Now since the laptop runs entirely on DC voltage, the AC voltage leak to ground must be from the power inverter, again my multimeter confirmed that in fact the AC voltage leak is on the negative side of the plug not on the positive side. This leads me to believe that the power adapter is bad.

All this information is real nifty except my laptop started shocking me 2 weeks out of warranty and HP really could care. Personally i would consider this a prelude to bigger and better things, including but not limited to: Electricution, fire, data loss, lawsuits, aliens, and the end of life as we know it…

IBM BMC

Wednesday, October 26th, 2005

For the sake of every IBM administrator’s sanity, and for the benifit of google:

The default password used by the BMC ( Baseboard management Controller ) for the eServer xSeries 336 3387 is as follows

username: USERID (all uppercase)
password: PASSW0RD (with a zero, and all uppercase)

IBM’s website seach is again useless to find this information, try this string:
http://www.ibm.com/search/?en=utf&v=14&lang=en&cc=us&lv=c&q=BMC+%22default+password%22

It seems to be unable to actually do a simple AND of the 2 words.

Anyhow. Google finally found:
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-42044

A VB Script that checks registry for installed hotfix

Friday, October 21st, 2005

You may find this usefull!
I am quite new to scripting, so I am sure that I could have done things much better than I did in this script. So I would very much appreciate any feedback, tips and comments!

The next version of this script should allow command line input aswell, so you dont have to supply a list of servernames. Also next version will check with WMI directly, instead of checking the registry.

———————————————————————-

‘Checks the registry of each computer listed in INPUT_FILE_NAME
‘for a the hotfix listed in HOTFIX
‘It uses the WMI registry provider to do this.
‘Besides writing to the screen, it writes the output to
‘the file in OUTPUT_FILE_NAME in comma delimted format, producing 2 columns:
‘the computer name, and the result of the query

’21/10/2005 Robert Kloosterhuis: v1.0
‘http://www.geekswithblogsnet/jemimus
On Error Resume Next

INPUT_FILE_NAME = “serverlist.txt”
OUTPUT_FILE_NAME = “scan_hotfix_MS05_051.csv”
HOTFIX = “KB902400”

Const FOR_READING = 1
‘objFSO.OpenTextFile method uses paramater value 8 to append to file
Const FOR_WRITING = 8
const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002

Set StdOut = WScript.StdOut

‘Set up objFSO variable for file reading and writing operations
Set objFSO = CreateObject(“Scripting.FileSystemObject”)

‘delete OUTPUT_FILE_NAME if it already exists
Set oldfile = objFSO.GetFile(OUTPUT_FILE_NAME)
oldfile.delete

‘Set up the output file
Set objOutputFile = objFSO.OpenTextFile(OUTPUT_FILE_NAME, FOR_WRITING, true)
‘Read the input file
Set objFile = objFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)
strComputers = objFile.ReadAll
objFile.Close

‘Make an array out of the list it reads from the input file
arrComputers = Split(strComputers, vbCrLf)

‘setting up some initial values
DIM result
DIM noresult
result = 0
noresult = 0

‘Our main loop. Everything below this is run for every entry in the imput file
For Each strComputer In arrComputers

‘first column in the file we are writing to is the computer name.
‘Every bit of info we want to provide is ended with a comma for delimitation
objOutputFile.Write
objOutputFile.Write
objOutputFile.Write strComputer
objOutputFile.Write “,”

Err.Clear
‘Connect to the WMI registry provider
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\” & _
strComputer & “rootdefault:StdRegProv”)
‘Error Handling If it cant connect to the WMI provider,
‘exit with the Error Description
If Err.Number <> 0 Then
Wscript.Echo strComputer & ” ” & “Error Number ” & _
Err.Number &  “: ” & Err.Description
Err.Clear
Else

‘The Registry path we are going to read from
strKeyPath = “SOFTWAREMicrosoftWindows NTCurrentVersionHotFix”
objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
‘Everytime we run though the loop, these values are reset first.
result = 0
noresult = 0

‘If it comes across the hotfix we are looking for,
‘it changed the value for this loop
For Each Subkey in arrSubKeys

IF Subkey = HOTFIX Then
result = 1
noresult = 0

Else
noresult = 1

End IF

Next

‘Now we have a value, lets print some text about it,
‘both to the screen, and to our output file
IF result = 1 Then

WScript.Echo strComputer & ” ” & HOTFIX & ” installed!!!”
objOutputFile.Write HOTFIX & ” installed!!!”
Else
WScript.Echo strComputer & ” ” & HOTFIX & ” not found!”
objOutputFile.Write HOTFIX & ” not found!”
End IF
‘End with a comma for this column
objOutputFile.Write “,”

end if

‘Start a new line
objOutputFile.Writeline

Next
objOutputFile.Close

The tale of the server who was not to be updated

Thursday, October 20th, 2005

Dear friends,

Now I relate to you a take of perill.

It concernes a Windows 2000 server with Cisco VOIP software that we did not know about. No one had ever told us about it.

We have been pushing to get all of our servers to some kind of patch standard.. a mammoth task, 200 servers, and nothing even resembling a patch management infrastructure.

I had installed WSUS, and added all clients that where on the old SUS server over, this included mostly PCs and Laptops, but also a bunch of servers, including the one in question, because we didn’’t know it was a server.. its account was included in our Workstaiton OU.

WSUS, and other vulnerbility scanning software such as Windows Update and MBSA2, requires a newer version of the Windows Update client. This is usually installed automaticly when you connect a server to the WSUS. This process is called self-update.

Anyhow, we recieved an email alerting us to the fact that this server may not be updated with the latest patches, that only Cisco approved windows patches should be installed.  Also was it explicitly not allowed to run our standard Mcafee virusscanner! Most likely it would mess up the software and bring the box down!

Like I said, this server was already on the WSUS as far as I knew, so I mailed them that back, but before I did, I ran an MBSA2 scan of the box to see weather it was or was not up to date. It was not. I chalked this down to the fact that this server is never rebooted, causing installed updates never to take effect, and effectively blocking the update process from continuing.

However.. that was, as it turned out, not the reason it was out of date. It had, in fact, never recieved the new Windows Update clients from the WSUS server.. Even though its policy was pointing it at our WSUS server, seflupdate had failed all those months ago, and we never new, cause an automated MBSA scanning cycle had never been used on the system, as it was not in the IP subnet we administered.. Like I said, we didnt know about the server explicitly, even though we had moved its computer account about with the SUS to WSUS migration.

The moment I scanned the box with MBSA2, something happened that I had forgotten about. It installed the new Windows Update client.. the same one that WSUS installs. It then proceeded to register itself with the WSUS server, and started downloading and isntalling all the missing updates! (20 or so).

Oops.

Now, because these mails where going round about this box, another admin on a different site, decided to log into the box to see what it was about.

No one had logged in to the box for over 6 months.

Now you should know, that, in the last few weeks, my manager, who also administers, made a script that runs at logon time for most ordinary users. This script installs the latest version of the Mcafee virus scanner.

This script is set up using computer policy,  on our workstation OU.  Now remember, we did not know this VIOP server… was a server.. its account was included in our workstation OU.

So guess what happened when this guy logged on?

Oops.

So now.. its fingers crossed to see what happens the first time we reboot this server.
In the meantime, I have put it in a seperate OU with a seperate policy, and a seperate group in WSUS, so we can carefully control what this particular server gets and doesnt get.