Get notified when a service fails

, , ,

If you are a sysadmin, then you know the problem with services of vital equipment that keep failing every now and again!?  So what do you do?  Wait for the users to start calling, buy an expensive monitoring solution or just do some simple scripting?

Well I’ll just give you a quick brief on how to setup the cheap (free) scripted solution that will help keep your users happy and the services running.

I was inspired by an article at; http://www.intelliadmin.com/index.php/2010/01/get-notified-when-a-service-fails/
which was quite cool except he rely on a third party utility for mailing AND he does not relaunch the service..   I have chosen to create a VBS script that will E-Mail AND re-launch the failed service in one sweep.

Ok here goes.

  • First of all log on to the server/workstation in question (the machine where the service is running).

  • Download my vbs script here  (you may need to rightclick and choose save as)

  • Modify this part of the script in notepad with your details (smtp server, email address etc)
    script1

  • Save the file to somewhere on the C drive (I usually use “c:\windows\schedule”)

  • Now enter “Computer management” (right click on My Computer and choose “Manage”)
    commanager

  • Select the service you wish to modify/monitor and double click it

  • Modify the service as follows (you will need to modify this if you use another location for the script)
    run_a_program
    You will note that I set the script to run at the “second fail” not the first, you can set it to run at the “first fail” if you like – to avoid being bombarded I just choose first to be informed the second time a service fail.

  • The service name (described in the script) is NOT the displayname, it is the REAL name of the service, you can find this here;
    servicename

And viola you are done, from now on you will get an E-Mail every time a service has failed twice (or the first time if you prefer)..  It’s all very basic but neat.

/2 Comments/by

Writeprotect your USB devices

,

You can quite easily make all USB devices on a machine ReadOnly by adding a key to registry, it is quite easy and painless.

Once the registry key is added and set you may have to wait a bit or eject and reinsert the device but then the device is ReadOnly.  ‘Unlocking’ the drive again is equally easy, you just set the key value to “0” (zero) and everything is back to normal..

Maybe even an ide for a prank on some of your friends 😉

Key to create;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect
Value DWORD; “1” = ReadOnly, “0” = Normal mode.

registryhack1

/by

Forefront Client Security – problems updating

,

ffcsI have just had a few servers that somehow has failed to update their Forefront Client Security client software 🙁  The problem seem to be that Forefront cannot seem to stop the FCSAM service while updating, the service is stuck on “Stopping” and neither taskkill og any other utility seem to be able to kill it.

The errors in the eventlog go something along these lines;

Microsoft Forefront Client Security Antimalware Service
Error 1921. Service  'Microsoft Forefront Client Security
Antimalware Service' (FCSAM) could not be  stopped.

I have tried uninstalling, rebooting and reinstalling but this did not help.

The workaround suggested is to set the service FCSAM to manual, reboot, upgrade and then setting the service back to automatically – however this only works for now and thus only postpones the problem.

I have found this article on a similar problem which I will try tomorrow, this includes some additional cleanup steps;
Eg. issuing the command; sc delete fcsam

I will also try to slipstream the installation of Forefront Client Security before I retry the re-installation, description on how to do here (mind you use the latest update and not the one the article refer to);

/by

GFI WebMonitor 2009 Freeware

, ,

WEBMON2009---Box-874-900If you have ever worked with Microsoft ISA server you may have heard of “GFI WebMonitor”, “GFI WebMonitor” is an add on to the ISA server (it does also exist as a standalone server application) that will allow for Malware, Virus scanning along with traffic analysis and extended logging of HTTP traffic thus protecting workstations against ‘drive by infections’ and other script dangers while surfing.

The news part is that GFI now offer a freeware version, the freeware version is however limited to logging and statistics thus the Malware and Virus protection is turned off in the freeware version after 30 days.  But still the logging and statistics functionality is not half bad for free.

So if you are looking for traffic logging and analysis this may be worth a look.

Get it here;
http://www.gfi.com/internet-monitoring-software

/by

Peerblock to replace PeerGuardian 2

, ,

peerblock-1For those of you that has been using PeerGuardian 2 in the past (PeerGuardian 2 is a Firewall / blacklist that can block certain IP’s based upon lists you subscribe to) here is some good news 🙂

As you may know PeerGuardian 2 has not been supported for the past 1-2 years, and is (to say it mildly) not very stable on Windows Vista/7 etc.  Well some nice people has decided to continue the project under a new name Peerblock, and I do mean continue as the first version is based upon the source from the last PeerGuardian.

As with PeerGuardian the Peerblock application is free (although donations are greatly appreciated).

Get  it here

/by

3G Cell phone encryption weakened

,

listenThe A5/1 encryption used to protect GSM phone conversations has long since been broken, actually just last year it was made possible to eavesdrop encrypted GSM in realtime – hence GSM telephony is today to be considered utterly insecure.  Scientists have thus begun working on the 3G variant A5/3, and it would appear that a “breakthrough” has been made, not quite allowing for realtime decryption but weakening the cipher quite considerably.

Read the scientific repport here;
http://eprint.iacr.org/2010/013

/by

AV slowdown comparison

,

AV comparison, www.av-comparatives.org has made a rather interesting comparison of how much different AV products slow down your machine, besides the technical comparison they also offer some general advices on how to optimize your experience with AV products in general..  Interesting reading, get their PDF here

A summery of their findings (higher is better);

  • AVIRA AntiVir Premium 9.0 – 199 point
  • Kingsoft Antivirus 9 Plus – 196 point
  • F-Secure Anti-Virus 2010 – 195 point
  • Kaspersky Anti-Virus 2010 – 193 point
  • Sophos Anti-Virus 9.0.1 – 193 point
  • Microsoft Security Essentials 1.0 – 190 point
  • avast! Free 5.0 – 188 point
  • Symantec Norton AntiVirus 2010 – 188 point
  • ESET NOD32 Antivirus 4.0 – 183 point
  • McAfee VirusScan Plus 2010 – 174 point
  • Norman Antivirus & AntiSpyware 7.30 – 169 point
  • AVG Anti-Virus 9.0 – 164 point
  • BitDefender Antivirus 2010 – 154 point
  • G DATA AntiVirus 2010 – 152 point
  • eScan AntiVirus 10.0 – 137 point
  • Trustport Antivirus 2010 – 125 point
    • /by

    Bitlocker “broken/cracked” well sort of!?

    , ,

    13851-250x161crop0According to the Danish online newsletter/magazine www.newz.dk (via link) Bitlocker encryption has been broken/cracked, or at least it has become possible to discover the passwords rather quickly using a third party tool Passware Password Recovery –  http://www.lostpassword.com/kit-forensic.htm

    And sure enough if you visit their website you will find this statement;
    “Recovers encryption keys for hard drives protected with BitLocker in minutes New”

    Although this indeed sounds very interesting there seem to ba a catch, you need a memory image on which to apply the Passware Password Recovery utility.  Read more here

    /by

    Proxy bypass basic URL filtering etc.

    ,

    screenshotproxyImagine this; You are at a public wifi spot, and they have locked down what pages you may visit by simple DNS or URL filtering, and you just have to visit Rapidshare.com where one of your friends have send you this important file!?  What to do?  Well actually you have to do this before you wind up in this mess, but once it’s done you can use it anywhere anytime to combat situations like this.

    The thing you are looking for is PHProxy and the link is;
    http://sourceforge.net/projects/poxy/

    Basically what this will do is to setup a proxy website that you can browse through, easy as pie.

    You need a server or webhotel that supports PHP, you upload the PHProxy files (about 3 files is all it takes), and once you connect to the site where these files are hosted you get your own Proxy start page. It works like this, once you enter the URL on the PHProxy start page then the server on where the PHProxy php files are stored will go get your page for you and display it, from your end it looks like you are just visiting www.YOURSITE.com (the name of the site where you uploaded the PHProxy files) while the content on this site is actually Rapidshare, Facebook or whatever is blocked.

    It is utterly simple to setup and use, mind you though not all pages work perfectly with this solution 🙁 but what can you expect from 3 php files 🙂  never the less it is simple, free and work for your basic pages.

    /by

    Avast amok

    ,

    The popular Avast antivirus went amok yesterday after a bug in a definition file, it started detecting hundreds of files as infected with Win32:Delf-MZG.

    For cleanup instructions and explanation go here;
    http://forum.avast.com/index.php?topic=51647

    /by