GPRESULT In Windows Server 2008

Microsoft have made a small change to the Windows Server 2003 GPRESULT command.

In windows 2003 we had to type GPRESULT only in the command line in order to view the Applied Group polices however in windows server 2008 we need to type the /R switch after the gpresult.

The windows Server 2008 the full GPRESULT command is:

gpresult /s

there are other switches to the command which are:

s <Computer> Specifies the name or IP address of a remote computer. Do not use backslashes. The default is the local computer.
/u [<Domain>\]<UserName> Runs the command with the credentials of the specified user. The default user is the user who is logged on to the computer that issues the command.
/p [<Password>] Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. /p cannot be used with /x or /h.
/user [<TargetDomain>\]<TargetUser> Specifies the remote user whose RSoP data is to be displayed.
/scope {user | computer} Displays RSoP data for either the user or the computer. If /scope is omitted, gpresult displays RSoP data for both the userand the computer.
[/x | /h] <FileName> Saves the report in either XML (/x) or HTML (/h) format at the location and with the file name specified by the FileName parameter. Cannot be used with /u, /p, /r, /v, or /z.
/f Forces gpresult to overwrite the file name specified in the /x or /h option.
/r Displays RSoP summary data.
/v Displays verbose policy information, including additional detailed settings that have been applied with a precedence of 1.
/z Displays all available information about Group Policy, including detailed settings that have been applied with a precedence of 1 and higher.
/? Displays help at the command prompt.

For more information see:

http://technet.microsoft.com/en-us/library/cc733160.aspx

Limit the Number Of allowed IPSEC VPN sessions on Cisco ASA 5540

To set a limit on the number of allowed IPSEC VPN session on an Cisco ASA 5540 we need to define how many sessions \ users are allowed to be connected to the ASA in each given time.

By default the number of allowed VPN session is unlimited.

To set a limit we need use the Cisco ASDM.

Once logged to the ASDM go to:

Configuration > remote access VPN > Network (client) access > advanced > IPsec > System options

Once there change the maximum IPsec sessions, to the applicable number.

How To Check Which interfaces are Enabled Or Disabled On A Cisco Switch

To check which ports are active or disable on a Cisco switch we need to use the status command and follow the steps below.

1. Log on to the router.
2. Type “show interfaces status” command

Example:
SWITCH1#sh interfaces status
Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1                        connected    24         a-full a-1000 10/100/1000BaseTX
Gi0/2                        connected    24         a-full a-1000 10/100/1000BaseTX
Gi0/3                        disabled     24           auto   auto 10/100/1000BaseTX
Gi0/4                        disabled     24           auto   auto 10/100/1000BaseTX
Gi0/5                        disabled     24           auto   auto 10/100/1000BaseTX
Gi0/6                        connected    24         a-full  a-100 10/100/1000BaseTX
Gi0/7                        connected    23         a-full a-1000 10/100/1000BaseTX
Gi0/8                        connected    23         a-full  a-100 10/100/1000BaseTX
Gi0/9                        connected    22         a-full a-1000 10/100/1000BaseTX
Gi0/10                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/11                       connected    27         a-full a-1000 10/100/1000BaseTX
Gi0/12                       connected    26         a-full a-1000 10/100/1000BaseTX
Gi0/13                       disabled     26           auto   auto 10/100/1000BaseTX
Gi0/14                       connected    26         a-full  a-100 10/100/1000BaseTX
Gi0/15                       connected    22         a-full a-1000 10/100/1000BaseTX
Gi0/16                       notconnect   27           auto   auto 10/100/1000BaseTX
Gi0/17                       connected    22         a-full a-1000 10/100/1000BaseTX
Gi0/18                       notconnect   25           auto   auto 10/100/1000BaseTX
Gi0/19                       connected    25         a-full a-1000 10/100/1000BaseTX
Gi0/20                       connected    25         a-full a-1000 10/100/1000BaseTX
Gi0/21                       disabled     1            auto   auto Not Present
Gi0/22                       disabled     1            auto   auto Not Present
Gi0/23                       connected    trunk      a-full a-1000 1000BaseLX SFP
Gi0/24                       connected    trunk      a-full a-1000 1000BaseLX SFP
Po1                          connected    trunk      a-full a-1000
 
In order for us to enable or disable a port on a Cisco switch do the following:
To Enable a Port Type:
SWITCH1# int Gi0/2
SWITCH1# no shutdown

To disable a port Type:
SWITCH1#int Gi0/2
SWITCH1#shutdown\0

How to block A Sander In Exchange Server 2007

To block a sander in Exchange server 2007 never been easier, all you have to do is add the the sander to the Exchange Server 2007 Anti Span built in function.

To do that:

  1. Log In to the Exchange Management Console, click Edge Transport.
  2. Click on the Anti-spam tab, and double click on Sender Filtering.
  3. Click the Blocked Senders tab, and then click Add.

 select the Individual e-mail address option, and then type the e-mail address.

4.       Click Apply to save your changes.

 

How To Configure A Cisco Router Or Switch to Send Logs To A SysLog Server

If you would like to configure you Cisco Router or switch to send all it’s logs to a SysLog server all you have to do is to type a few command that will tell the router\switch to send the logs to the server.

To do that:

Log to the router \ switch and type (in this example I used a switch):

SWITCH# Config t
SWITCH(config)#logging 172.40.51.44   — SysLog IP address
SWITCH(config)#logging trap notifications  — What do you want to send
SWITCH(config)#logging source-interface ?   — Interface that will send the logs
  Async              Async interface
  Auto-Template      Auto-Template interface
  BVI                Bridge-Group Virtual Interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  Filter             Filter interface
  Filtergroup        Filter Group interface
  GigabitEthernet    GigabitEthernet IEEE 802.3z
  GroupVI            Group Virtual interface
  Lex                Lex interface
  Loopback           Loopback interface
  Null               Null interface
  Port-channel       Ethernet Channel of interfaces
  Portgroup          Portgroup interface
  Pos-channel        POS Channel of interfaces
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  Vlan               Catalyst Vlans
  fcpa               Fiber Channel

SWITCH(config)#logging source-interface vlan2�
SWITCH(config)#exit
All done, don’t forget to save the config.

ROUTER(config)#copy run start.

How To Enable Telnet Access On Cisco ASA 5540

Sometimes there are times that you will need to grant access to other administrators to access the CISCO ASA using telnet.

In Cisco ASA Devices enabling Telnet will not allow all network\hosts to access the ASA using Telnet which will work with Routers and Switches.

In ASA we need to add hosts or networks to the Allowed telnet access list.

First, to view who can access the ASA using telnet type:

ASA# sh run telnet

telnet 10.60.4.20 255.255.255.255 inside
telnet 10.60.4.30 255.255.255.255 inside

In this case we have two host that can access the ASA using telnet.

To add an host to the Telnet access list type:

ASA (config)# telnet 10.60.4.30 255.255.255.255 inside

Hostname or A.B.C.D  The IP address of the host and/or network authorized to

You can also use the ASDM GUI interface by going to:

Configuration > Device Managment > Management Access > Command Line (CLI) >Telnet

 

Exclude a specific User, Group Or machine from A Group Policy

Sometimes when applying a group policy to the domain there is a need to exclude users, groups or computers from the policy or in other words not applying the group policy to them.

To do so, follow the steps:

Open the group policy using the group policy management utility.

Click on group policy you want to exclude users form.
Go to Delegation tab and add the User, Group or machine
Then Choose “Read” from the drop down as the default.  Click OK.
Select the User, Group Or machine from the list
Then click the advanced tab
Select “Deny” next to the “Apply Group Policy”

To check the policy run “gpupdate /force” and “gpresult”.

How To Configure NetFlow On A Cisco Router

Recently I was wondering what was the best way to analyze and monitor the traffic that passes the routers between sites \ offices.

 

After researching the issue I found out the Cisco NetFlow protocol allows you to analyze the traffic that pass the router,  however In order to get this done we need to

Configure our routers to do a few things:

 

1.       Install Software that analyze NetFlow

2.       Enable NetFlow on the router

3.       Configure the router to send the logs to a netflow analyzer server (needs to be configure before)

 

Once you got the server or PC up and running with a netflow software (there are a lot of free application, I used Manage Engine NetFlow Analyzer 6 which allows you to monitor 2 router for free) , We need to tell the router to send the NetFlow logs to the server, To do that here is the commands we need to type:

 

 

Router(config)# ip flow-export destination {hostname|ip_address} 9996    

Router(config)#  ip flow-export source {interface} {interface_number}    

Router(config)#ip flow-export version 5                        

Router(config)#  ip flow-export version 5

Router(config)#  ip flow-cache timeout inactive 15

Router(config)#  snmp-server ifindex persist

 

 

To monitor and Check that we configured the Router to send the logs type:

 

Router# show ip flow export

Router#   show ip cache flow

Router#  show ip cache verbose flow

 

 

Configuration Sample:

 

router#configure terminal
router(config)#interface FastEthernet 0/1
router(config-if)#ip route-cache flow
router(config-if)#exit
router(config)#ip flow-export destination 10.60.1.254 9996
router(config)#ip flow-export source FastEthernet 0/1
router(config)#ip flow-export version 5
router(config)#ip flow-cache timeout active 1
router(config)#ip flow-cache timeout inactive 15
router(config)#snmp-server ifindex persist
router(config)#^Z

router# copy run start
router#show ip flow export
router#show ip cache flow

 

 

 

To Cancel NetFlow:

 

no ip flow-export destination {hostname|ip_address} {port_number}

no ip route-cache flow

 

 

How To Apply QoS For VOIP With Cisco Routers Between Two Sites

After a few days of searching the Internet for a simple template and example of VOIP QoS implamntation  without any results I have decided to write KB on how to implement VOIP Q0S on a Cisco router between  two offices \ sites.

This example is ready to use however you need to find which protocol your VoIp telephone system is using (in this example i used MITEL 3000)

once you find it all you have to do is fill it in and paste the code to to both routers.

If you happy with the policy map names leave it as it is, and don’t forget to apply the policy to the right interface.

The commands with explanations:

 

class-map match-all Voice
 match ip dscp 46                           —- Remember to put the right protocol number. (46 is for MITEL)

class-map match-all signalling     — this name can be change
match ip dscp 26                           —- Remember to put the right protocol number. (26 is for MITEL)

policy-map voip                            — this name can be change
class Voice                                    — this name need to match class-map match-all
bandwidth percent 30                   —  percent for voice
class signalling                            — this name need to match class-map match-all�
bandwidth percent 5                    ——  percent for signalling
class class-default
fair-queue

interface gi0/1                             —- Apply Policy Map to Interface
service-policy output Voip

To monitor the traffic and see that everything is working type:
show policy-map interface gi0/0
The commands without  explanations and ready to be copied:

class-map match-all Voice
 match ip dscp 46

class-map match-all signalling
match ip dscp 26

policy-map voip
class Voice
bandwidth percent 30
class signalling
bandwidth percent 8
class class-default
 fair-queue
interface gi0/1
service-policy output Voip