Here is my slide deck from the Nordic Infrastructure Conference (NIC) 2014. My talk was called Modern authentication for the Cloud Era and covered claims based authentication and some common scenarios, OAuth and OpenID Connect. Thanks to everyone who attended my session. Hope to see you there next year!
Before you ask, I definitely count myself as a novice when it comes to SQL. Nevertheless, here are a few SQL tips I have picked up along the way…
Enable SQL to communicate through the Windows Firewall
netsh advfirewall firewall add rule name=SQLPort dir=in protocol=tcp action=allow localport=1433 remoteip=localsubnet profile=DOMAIN
netsh advfirewall firewall add rule name=SQLBrowser dir=in protocol=udp action=allow localport=1434 remoteip=localsubnet profile=DOMAIN
SQL Server executable
netsh advfirewall firewall add rule name=”SQLExe(<SQL Instance name>)” dir=in action=allow program= “c:Program FilesMicrosof
t SQL ServerMSSQL10_50.<SQL Instance name>MSSQLBinnsqlservr.exe” remoteip=localsubnet profile=DOMAIN
Make the local Administrators group SQL Admin
It is very useful to have the local Administrators group on a SQL server be SQL Admin. Useful, not necessarily secure or a best practice. To be able to perform these steps you need access to an account that already is an SQL Admin of the server/instance you are trying to change.
- Open SQL Server Management Studio and log on
To use Windows Integrated authentication you need to be logged onto the SQL server computer with an account that is already a SQL Admin, it using SQL authentication; just enter the username and password.
- Expand SecurityLogins
- Right click and select New Login…
- In the Login name field enter BUILTINAdministrators.
For some reason SQL requires that all built in security principals be prefixed with the word BUILTIN instead of the computername.
- Select Server Roles and select serveradmin and sysadmin, leave any existing boxes ticked.
- Hit OK
- Exit SQL Server Management Studio, log off the computer, log on again with a user that is a member of the local Administrators group and open SQL Server Management Studio again. This time use Windows Authentication.
- Same thing in Transact-SQL:
CREATE LOGIN “BUILTIN\Administrators” FROM WINDOWS;
EXEC master..sp_addsrvrolemember @loginame = N’BUILTIN\Administrators’, @rolename = N’sysadmin’
EXEC master..sp_addsrvrolemember @loginame = N’BUILTIN\Administrators’, @rolename = N’serveradmin’
If you still cannot get access; make sure you are not running with User Account Control (UAC) enabled. UAC strips the Administrators group from your security token.
- PRB: Use BUILTINGroup to Grant Access to Predefined Windows NT Groups
- How to troubleshoot error 15401
- CREATE LOGIN (Transact-SQL)
Test connectivity to a SQL Server
This is pretty cool…
Create an empty file anywhere in the file system called test.udl.
PowerShell: New-Item test.udl –type file
Double click to open it. You will see the following dialogue box:
I am often asked, usually on some form of IM media; “are you busy?”. I often find this question hard to answer since I regard busy-ness (is that a real English word?) as more of a state with varying degrees. This has led me to the definition of BUSCON or BUSy CONdition, based on the well-known DEFCON or defense readiness condition used by the United States Armed Forces. At the current time BUSCON is defined like this:
|BUSCON 1||Metaphysically busy (AKA “Leave-me-the-fuck-alone” busy)*||White|
|BUSCON 2||Extremely busy||Red|
|BUSCON 3||Really busy||Yellow|
|BUSCON 4||Above normal busy-ness||Green|
|BUSCON 5||Normal busy-ness||Blue|
As BUSCONs creator I reserve the right to change its definition at any time. Check back here for updates if you find the BUSCON definition useful.
* So you take offense by my use of profanity in this post? Here are a couple of quotes that sum up my views on that area:
Stephen Fry: “It’s now very common to hear people say “I’m rather offended by that”, as if that gives them certain rights. It’s actually no more than a whine. “I find that offensive”. It has no meaning, it has no purpose, it has no reason to be respected as a phrase. “I’m offended by that”, well so fucking what.” **
Salman Rushdie: “What is freedom of expression? Without the freedom to offend, it ceases to exist.”
** See first asterisk
I just started a new blog, hosted on Windows Azure. This blog will deal with cloud computing and related topics. Check it out: cloudpower.no.
So I thought I would put together a list of the stuff I use. Mostly as sort of a memo to myself, but if anyone finds this useful, so much the better.
|Audacity||Sound file editing|
|Foxit Reader||PDF Reader/PDF Ifilter|
|Simp||Instant messaging encryption|
|Wireshark||Network protocol analyzer|
|CDBurnerXP||CD/DVD Burning Application|
|Folder2ISO||ISO file creation|
|Exact Audio Copy (EAC)||CD Ripping|
|MailSend||SMTP command line sender|
|VHD Resizer||Resizes VHD files|
|VMDK to VHD Converter||Convert VMware VMDK disk files to VHD|
|Angry IP Scanner||IP address scanner|
|WinSCP||SFTP, FTP and SCP client|
|Fiddler||HTTP Debugging proxy|
|TFTPD32||TFTP client and DHCP, TFTP, DNS, SNTP and Syslog server|
|RawWrite||Disk image writer|
|WinTail||Tail application for Windows|
|Cygwin||Linux environment for Windows|
|Free Download Manager||Like the name says…|
|uTorrent||Tiny BitTorrent client|
|MediaCoder||Transcode files for portable devices|
|Frhed||Free Hex Editor|
|mTAIL||UNIX-like Tail utility for Windows|
|ExifTool||Read/manipulate/act on EXIF information in media files|
|MKVToolNix||Cross-platform tools for Matroska (MKV)|
|XMedia Recode||Audio/Video converter tool|
Thank you to everyone who attended my session at the Norwegian Partner Kickoff event for Windows Server 2012 today. A special thanks to everyone who took the time to evaluate the session.
My slide deck is available for download here. It will also probably be made available by Microsoft at some point in time.
For all of you living in Norway who are interested in learning more about Windows Azure; you can sign up for one of the four free Windows Azure Training Camps I will give at the Microsoft offices in Oslo. We will do one training camp on the first Wednesday of each month for the rest of 2012. The camps will include both aa instructor led presentation and hands on labs (so remember to bring your own device!). The agenda looks like this:
Presentaion: Windows Azure Virtual Machines
Comprehensive presentation that introduces the technical concepts and business value of Windows Azure Virtual Machines and Virtual Networks
Hands-on Lab: Introduction to Windows Azure Virtual Machines (Windows)
In this hands-on lab you will learn how to deploy a simple ASP.NET MVC3 Web application to a Web server hosted in Windows Azure, using SQL Server and configuring load balancing.
Presentation: Deploying Active Directory in Windows Azure
Presentation Understanding how and when to deploy Active Directory within Windows Azure Virtual Machines
Hands-on Lab: Deploying Active Directory in Windows Azure (PowerShell)
In this Hands-on lab you will walk through the steps necessary to deploy a stand-alone domain in the cloud using Windows Azure Virtual Machines and Virtual Networks using PowerShell.
Presentation: Automating Virtual Machine Management with PowerShell
Introduction to using the Windows Azure PowerShell Cmdlets to manage and automate virtual machines and virtual networks.
Hands-on Lab: Managing Virtual Machines with the Windows Azure PowerShell Cmdlets
In this hands-on lab you will understand the capabilities of automating the deployment and management of virtual machines in Windows Azure.
Register for the training camps here: https://msevents.microsoft.com/CUI/EventDetail.aspx?culture=en-US&EventID=1032524002
Hope to see you there!
I just got word that I have been awarded the Microsoft Most Valued Professional (MVP) Award for 2012, in the Directory Services discipline. This is a great honor, and I accept it humbly.
First off, thanks to those who nominated me and gave me advice on how to become an MVP, and also Microsoft for finding me worthy. I am really looking forward to connecting with the MVP community, and with the Directory Services group particularly. Also, thanks to everyone who has congratulated me on the award.
I have a lot of new ideas for new community content, so keep watching this space!
It has been a fantastic conference! A lot of interesting sessions for every timeslot.
I started out with Marcus Murray’s session about Advanced Persistent Threats (SIA303). I have been disappointed with Marcus’ sessions at earlier TechEds but this time I was positively surprised. Marcus, among other things, gave a good rundown on the RSA attack. Good session.
Being in a geeky mood, I next went to see Aaron Margosis and his Sysinternals Primer: Gems session (SIA311). I have read a lot of Aarons stuff before and it was great to finally see him in person. Aaron has also written a new book about the Sysinternals tools which I’m planning to get. If you’re interested it’s called Windows Sysinternals Administrator’s Reference.
In keeping with TechEd tradition the guys responsible for the agenda had placed Mark Russinovich’s last session at the very end of the conference. No doubt to make as many people as possible stay for as long as possible. I never leave before the conference ends, so this was no problem for me. The session was the 2012 edition of the Case of the Unexplained series. Mark had all new cases and it was a very fun session.
The last session of the conference was Andy Malone’s Cryptographic Chronicles, part 2 (SIA401). This was a continuation of an earlier session. This time Andy promised beer to whoever could break his cipher challenge. I did my best, but was unable to break it this time. (No one else did either, so I wasn’t too sad.) The session itself was very interesting and a nice conclusion to the conference.
We walked back to the city center, had some dinner, and went home. All in all a great week, both at the conference, and in Amsterdam. Already looking forward to next year!
Day 3 and still going strong. Great conference so far!
The day started with another good session from Samuel Devasahayam. This time it was SIA312: What’s New in Active Directory in Windows Server 2012. A lot of new cool features in AD for Server 2012, first among which must be Dynamic Access Control.
After that Mark Russinovich gave a very interesting session about Windows Azure internals (AZR302). Azure is really a great service and it was very cool to hear a little about how it is built and run. Mark even had a new Dave Cutler story.
John Craddock was also at TechEd and before lunch I attended his “Windows Server 2012: A Techie’s Insight into the Hot New Features”. This was an OK session where John went through what he felt were the hottest new features in Windows Server 2012. His selection was Direct Access, Compound Tokens and Dynamic Access Control. You have to see John at least once every time you’re at TechEd.
During lunch we participated in Andy Malone’s interactive session about BYOD; SIA04-LNC Adventures in BYOD Land. This would have worked much better in a smaller room and with fewer people as the atmosphere in the big theater room at the RAI didn’t encourage the audience to speak up. Especially since Andy is known to speak his mind afterwards. But it was still interesting.
The last session of the day for me was Mark Russinovich’s “Malware Hunting with the Sysinternals Tools”. This was the best one so far in the conference. Mark gave us an update on the tools, and went on to dissect some of the latest malware, e.g. Stuxnet and Flame. We even managed to get a picture with the man! (I’m to his right in the picture, with the white shirt and glasses!)