Did you read that right?  AZMAN?  Yep… from pretty much any windows box you can click start-run and type azman.msc and click okay…

What you get is Authorization Manager.  Evidently this tool has been around for quite some time and was intended to be used to facilitate proper RBAC models (Role Based Access Control).  I was shown it today by one of my collegues and I can see that it would be quite useful. 

It lets you store the data in 1 of 3 locations:

1. Active Directory
2. XML file
3. MSSQL Database

Interestingly enough all you have to do is put in the data store and then select “Action – New Application.” At that point you will be presented with your basic application settings as follows:

So far so good right?At this point you can start building your role based access model.  You can create operation definitions (which basically allow very granular access to the resources you specify).  Likewise, you can create a task or role definition based which can be a combination of operation definitions in any form you like. 

Once you have it all layed out, you can connect to the AZMAN with a .net call to call AccessCheck and see if the application credentials are allowed based on what you defined in AZMAN!  Will you use this application; who knows… I would love to see some valid implementations and see how it works. 

Here is an article discussing how to do this in ASP.NET: http://msdn.microsoft.com/en-us/library/ff649313.aspx

Happy azmanning!! haha,

~JCF

EDIT ** I have recently decided that this is not the best way to align footers.  Not a bad way but it broke for me in a couple of situations.  **

I was building a demo website yesterday and came across the age old problem of aligning my footer row with the bottom of the screen.  I have always had great success with creating websites that scale horizontally to fit any size screen but it has (at least for me) been a real pain to get that footer to line up properly vertically.

Of course you only want it to push the footer to the bottom of the screen if the header+body content leaves white space; when there is enough content it needs to behave like a normal footer would.  What a pain!  HTML 4 and 5 really don’t have a good way to do this natively (surprisingly).

So, off I went looking for some sort of CSS solution to this tricky situation and stumbled across some guys code that seems to address the problem.  I tried it out and voila; it worked very well; first try and in all browsers…. awesome!

So here’s how I did it.

First I had to take my HTML object code and create 4 <DIV> tags.  The DIV’s were needed for the 3 obvious sections (Header, Body, Footer) and then an overall DIV that wraps everything in a single DIV called ‘container’.

The basic structure is like this:

<DIV id=”container”>
<DIV id=”header”>…</DIV>
<DIV id=”body>…</DIV>
<DIV id=”footer”>…</DIV>
</DIV>

Of course I had some HTML where you see … above, but for simplicity of explaining this I have swapped it out.  The only caveat to this technique is that the footer has to have an absolute size defined.  In my case, the footer was exactly 107 pixels high; so I set it to that and pulled everything together using the following CSS:

<style media=”screen” type=”text/css”>
html, body { margin:0; padding:0; height:100%; }

#container { min-height:100%; position:relative; }

#header { background:#fff; padding:0px; }

#body { padding:0px; padding-bottom:107px; /* Height of the footer */ }

#footer { position:absolute; bottom:0; width:100%; height:107px; /* Height of the footer */ background:#fff; }

<!–[if lt IE 7]>

<style media=”screen” type=”text/css”>
#container { height:100%; }
</style>
<![endif]–>

That’s it… I just jammed the CSS above directly into my <head> section and voila!! Automatic moving footers… just need to adjust the footer in the CSS and it works.  The last little bit is apparently for a flaw in IE7 that probably doesn’t scale properly and only applies in that scenario.

So far so good; happy scripting!

~JCF

I was poking around in the lab and playing with dcpromo again.  Apparently that is the only way to invoke directory services in 2008 R2 despite having an option to install it via the gui (option is available under add/remove roles).  If you select the “Active Directory Services” role from the gui, you will still need to run the dcpromo command; so I just skip that stuff and do it all at once.

As usual, the dcpromo command should be launched from a command prompt (or a run box) which in turn starts a graphical wizard to install the service.  The graphical interface pops up during the full version of windows 2008 as well as the server core version.  Also the DNS role gets added automatically and would have to be removed manually if you didn’t want to have DNS on the domain controller; personally I can’t really see a reason to remove it other than reducing the overall security footprint of a DC which is a bit ridiculous so I just leave it in there.  Besides; have you ever ran AD without integrated DNS?  I can’t imagine it would be easy to support.

At any rate, I loaded my first DC with DCPromo and followed the prompts.  Pretty basic stuff, new or existing forest, name the root, netBIOS name (yep, it lives on), functional level, add DNS role, location of files/logs/db,  password, summary, finish. 

I opted to create a second DC in the lab and just for variety I chose to use the bare bones installation on server core.  Pretty basic stuff here as well except that network teaming can prove to be a challenge without a graphical interface (HP team utility required that I had to configure the team on a working graphical DC and then export the XML configuration file and overwrite the server core team file).  After rebooting and fiddling with netsh a bit to configure the TCP/IP settings everything else was pretty much exactly the same. 

Pretty cool stuff. I still have to try to install the same thing using and RODC on server core. I wonder if I should try to do it with an encrypted FS such as bit locker just to be fully secure.

Usually I would plan a production deployment of active directory for many months before running the command; it’s so much more fun in a test lab 😉 Things to consider would be your sites, subnets, DNS/WINS, backups, trusts, delegations, naming conventions among other things.  Strangely it’s not that complicated but there are so many different ways to do things it is often difficult to get everybody to agree to use MY way! 

On a more serious note, if you ever wanted to remove the domain controller you would run the dcpromo command again. Why is it not called DCDemote or something like that?  It’s a bit confusing I think.  Remember that you shouldn’t just ad hoc remove your DCs of course. There are plenty of online Microsoft resources warning and guiding you through the dangers of doing something like that.  You would definitely want to remove your DNS delegations and transfer the FSMO roles at a minimum before killing off a DC.  If the DC was the first one in your forest it probably holds other services such as the source of time for the entire forest. 

As usual, be just careful and have fun!  Happy promoting!

~JCF

Our Company

1MB Corporation, a web hosting provider with an extensive background in the industry, strives to meet the demands of many individual and business customers around the globe. We are proud to be involved with our clients every step of the way and extremely happy to make them feel gratified with our in-house built web hosting platform, hosting plans,domain names and our FREE extra services.

Hardware

Our web hosting services are based on reliable web servers, configured with the latest hardware available, which ensures maximum performance and minimum server load.

Software

We use the latest advanced software out there to make your web site run as smooth and problem free as possible. You web site is maintained up to date with the newest software security patches and upgrades, which are rigorously tested and installed, shortly after their public release, to ensure the best performance possible.

Our Priorities

We make every endeavour to serve your web hosting requirements and help you build and sustain a recognizable and successful online presence. Backing you up with our web hosting expertise is a great honour and pleasure for us. Of course, we must continuously strive to keep our services up to date with the latest trends on the fast-paced web hosting market.

Every server is equipped with the latest Intel Processors, large amounts of RAM and high-speed caching RAID controllers. Our network architecture utilizes the top class Enterprise routing and switching engines from Juniper and Cisco.

Our web hosting platform is Linux-based, offering a stable working environment with minimum server load. Besides, our servers are equipped with a full range of Linux-compatible software programs for running all the applications that you need to perform regardless of the operating system that you use.

Partners

Our platform has been implemented through a very productive partnership with LiquidNet Ltd., a UK based web hosting company, specializing in the development of cutting edge solutions for the IT industry.

Our long term collaboration with LiquidNet Ltd. has enabled the creation of a high-powered, trustworthy hosting service that gives you total control over all aspects of your web site.

~ JCF

I’m not sure if a lot of people out there are using powershell.  If you are working in a technical position I think that you should definitely investigate the possibility of using it to manage day to day tasks.

Microsoft has been requiring all of their software releases to include an interface for powershell.  This has been especially evident in the newer operating systems as well as Exchange and Active Directory.

What I hear most often is, “Well it seems complicated and I can’t program anyway; its really hard.” In actual fact its really easy; much easier than driving a car or riding a bike.  Don’t believe me?  Try it.

From any Windows 7 (or newer windows computer) try clicking on start and then type in “powershell” into the little run box and press enter.

So… thats it… powershell should open and you can start typing in commands.  If you are familiar with DOS commands they should work here (almost) like they always have.  (try dir, cd, copy etc..).  Also, probably due to a lot of complaining, you can use unix type commands (try ls, cd, cp).  Both should work!  Finally!! Forward slash AND backslash work… which… makes sense.

So you are probably thinking to yourself, “Big deal, you said this was easy, that stuff is really hard.” Did you know that all of the commands in powershell are actual verb-noun pairs?  In fact, even the short commands like the ones I listed above are actually aliases for verb-noun pairs.  For example, dir or ls are ACTUALLY aliases for a command called Get-ChildItem; Don’t believe me?  Type “alias dir” and you should see something like:

PS C:\data> alias dir
CommandType     Name                            Definition
-----------     ----                            ----------
Alias           dir                             Get-ChildItem

Hmm… Thats interesting.

So what is going on here?  Why is that useful?  Well, the answer is really quite simple.  Those old commands were made back in the olden days when computers couldn’t even store a program with a name greater than 8 characters!  Like 20 years ago! The nerds of back in the day love their commands and they can still use them and newbies can jump right in and get their feet wet.  The basic fact that they are verb-noun pairs means that you can GUESS at what the commands actually are.  For example type get-  (that’s get and a dash) and start pressing the tab key in powershell.  Did you notice that starts suggesting commands to you?  Pretty cool huh?  Whats even more important is that you can read the noun and probably GUESS at what each command does; even without a book.  Other cool verbs to try are (set-, start-, export-, stop-, select- and many more!! You can even add your own).

Alright, so whats next?  Well… I hope I’m keeping you interested and you are learning quickly.  After all, thats the point of this exercise.  In my opinion, you need to learn how to use 1 command to actually learn all of powershell; but understanding about 4 of them would actually take you to the next level.  So what is that command?

help

No, that wasn’t a typo, I want you to learn help!  Help has many names in powershell.  Its also known as Get-Help (verb-noun pair 😉 and has an alias of man for the linux nerds; for normal humans “man” actually means “manual”.

So when you type get-help, help tells you how to use help! I know it all seems a bit redundant but you need to wrap your head around the concept of how help works.  EVERY single command in powershell should be in the manual and hence… you don’t need the book.  If you want to see examples of help for a particular command, you would add “-examples” to the end of your help command and the shell will actually tell you what to type in. The help command would actually tell you more about this if you wanted to see the FULL information about help… to do that type:

help -full

At this point you should get the same information that you got before plus another 3 pages of information about help and using help.  I STRONGLY recommend you read this if you want to learn powershell in any capacity.

The next thing you need to learn are the following commands:

get-psdrive
get-command
get-member
get-alias

How do you learn those commands?  Don’t make me smack you! Type:

get-help get-psdrive -full

Get it?

Its all pretty easy, I’ve already given you everything you actually need to know in order to “learn powershell”. To make it a bit more fun, how about a real example?

Now lets say your friend is bugging you. You don’t like it, but its your friend and you don’t want to actually hurt their feelings.  What is a good way to annoy them?  How about opening 30 copies of notepad on their computer?  That would be great!! It would annoy them a little bit and you get to use your powershell skills to make the job easy.  Type the following command:

for ($x=0; $x -lte 30; $x++) { Start-Process notepad }

Press enter and voila!  You just opened 30 copies of notepad.  Sweet! So what is going on there?  How did I do that.  Well the command above is actually something called a loop.  The first part says set the letter X to the number 0, make sure X is less-than-equal (-lte) than 30 and each time add 1 to X ($x++).  The part in between the curly brackets is what we want to do 30 times.  In this case we specified a command to start notepad.  Pretty nifty and fun too. If you want to learn more about for loops try:

 get-help about_for

You might think to yourself, that was actually not a nice thing to do to your friend and you don’t want to have all those notepads open on their computer and actually you want to clean it all up for them.  Well… in that case you would type something like:

Get-Process notepad | Stop-Process

Wow!! Cool, it just closed all those notepads in one command!! How did that work?  Well… the command above introduces a concept of something called “the pipeline”.  Yes, I know the pipeline is something that surfers strive to ride, and good for them; in this case, it means something completely different.  The “pipe” is that “|” character.  It basically says, take everything from the last command and send it to the next command.  The command above instructs the computer to find all the processes running on the computer that have notepad running and take those OBJECTS and pass them to the stop-process command.  You could of course just typed “get-process notepad” and it would have done something different.

The pipeline is a pretty cool concept. Imagine all of those verb-noun pairs and linking them all together.  The possibilities are endless; I hope you benefited from my powershell introduction. Obviously some of the commands in powershell are dangerous; so be careful.  I wonder what the stop-computer command does?

Happy powershelling!

~JCF