Day: Jun 15, 2015

How to backup and restore share/NTFS permissions

Posted on Jun 15, 2015

This can come handy in critical situations. By following some steps, backup and restore of the Share/NTFS permissions can be done. Here it is how:

Share permissions Backup/Restore

To backup share permissions, export the Shares registry key.

1.Open Regedit to the following location:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

2.Right-click the Shares registry key and select Export. Give it a file name such as shareperms.reg.

When you want to restore the permissions, double-click shareperms.reg to import it back into the registry.

Use the Reg tool to backup the registry key from the command line:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.reg

If you need to restore it at some point, just run:

reg import shareperms.reg

NTFS permissions Backup/Restore

Use this command to backup NTFS permissions:

icacls d:\data /save ntfsperms.txt /t /c

The /T switch allows it to get subfolder permissions too. The /C switch allows it to continue even if errors are encountered (although errors will still be displayed).

Use this command to restore them:

icacls d:\ /restore ntfsperms.txt

Note that in the command to save the permissions, I specified the target folder D:\Data, but when I restored them, I specified just D:\ as the target. Icacls is a little funky like that, and here’s why.

If you open the text file with the exported permissions (ntfsperms.txt in the above example), you’ll see that Icacls uses relative paths (in bold below). Underneath the relative paths are the permissions for the folders in Security Descriptor Definition Language (SDDL) format.

data

D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

data\folder1

D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

data\folder2

D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

Had I specified D:\Data in the command to restore the permissions, it would have failed looking for a D:\Data\Data folder:

D:\>icacls d:\data /restore perms.txt

d:\data\data: The system cannot find the file specified.

Successfully processed 0 files; Failed processing 1 files

You might think specifying D:\ as the target in the restore command may somehow mess up the permissions on other folders at that level, but as you can see from the ntfsperms.txt output file, it only has information about the Data folder and sub folders, so that is all it will change.

This entry was posted in Windows and tagged How to backup and restore share/NTFS permissions.

How to fix a RDP issue without reboot?

Posted on Jun 15, 2015 Updated on Jun 16, 2015

The following steps can be used to resolve RDP issues without a restart:

Note: The below condition will be applicable only if the server is available on NetworkJ.

Troubleshooting Steps:

1. Check if the Windows Firewall Setting is Enabled on the server. If yes, have them Disabled.

Note: This is primarily applicable for Virtual Servers (VM machines) and if it is accessible in VM console.

2. The following registry location, which is responsible for Terminal Server to access the via RDP:

HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Terminal Server

Under the Terminal Server key, the REG_DWORD value named fDenyTSConnection should be 0 because the value data 1 denies connecting to Terminal Services (to access the server via RDP).

Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.

HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Terminal Server

Under the Terminal Server key, the REG_DWORD value named fAllowToGetHelp should be 0 because the value data 1 denies the Remote Assistance on a server (to access the server via RDP).

Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.

3. The following registry location is used to enable Remote User Session on a server (Citrix)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\ICA-Tcp

Under the ICA-Tcp key, the REG_DWORD value named fEnableWinStation should be 1 because the value data 0 denies remote user sessions (to access the server via RDP).

Note: Even if the value is 1, change it from 1 to 0 and refresh the registry. Again the change the value back from 0 to 1 and refresh the registry.

4. The following registry location is used to enable Remote User Session on a server

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp

Under the ICA-Tcp key, the REG_DWORD value named fEnableWinStation should be 1 from 0 because the value data 0 denies remote user sessions (to access the server via RDP).

Note: Even if the value is 1, change it from 1 to 0 and refresh the registry. Again the change the value back from 0 to 1 and refresh the registry.

5. The following registry location, which is responsible for RDP port:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp

Under the RDP-Tcp key, the REG_DWORD value named PortNumber should be 3389 because by default, the Remote Desktop listens on port 3389 via TCP connection (to access the server via RDP).

Note: Open command prompt and type the below command

C:\telnet “SERVERNAME OR IP ADDRESS” 3389

See if it is opened!!

P.S: At times, this may require a restart after making these changes if it still doesn’t work.

6. The following registry location is used to enable/disable logon to a Terminal Server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Under the Winlogon key, the REG_DWORD value named WinStationsDisabled should be 0 because the value data 1 denies logon to a Terminal Server via RDP.

Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.

This entry was posted in Windows and tagged How to fix a RDP issue without reboot?.

What are SoX, GxP , Quality issue, Security issue?

Posted on Jun 15, 2015

Sarbanes Oxley (SoX) issue – an identified weakness or deficiency in the design or operation of a control impacting an in-scope SOx system, and/or supporting infrastructure. A SOx issue is a failure to comply with the controls identified in the IS/IT Controls Framework. A system is considered to be in-scope for SOx if its functionality supports the operation of key business financial processes and controls.

GxP issue – a breach of GxP regulations and/or associated company standards impacting a GxP system, and/or supporting infrastructure. A GxP system may impact product quality, safety or efficacy and is therefore subject to GMP, GLP, GCP and GDP (GxP) regulations. For example, a GxP issue could result in any, or a combination of the following:-

Negative impact on a laboratory, clinical or manufacturing process
Loss, corruption or inability to restore GxP data
Unscheduled GxP system downtime outside of agreed SLAs
Regulatory agency notification
Compromise to validation status (e.g. uncontrolled changes to the systems or infrastructure).

Quality issue – a non-conformance to defined policy, related 3rd party policy, standard or procedure or ineffective IS/IT control impacting any computerised system, and/or supporting infrastructure which does not have a regulatory impact (GxP, SOx).

For example, a quality issue could result in any, or a combination of the following:-

Loss, corruption or inability to restore data
Unscheduled system downtime outside of agreed SLAs
Unauthorized changes to production systems or data
System interfaces to fail

Security issue – a breach of security policy, a failure of security controls or an uncontrolled security related event. Examples include:- Damage, theft or loss of infrastructure (including, but not limited to; laptops, PCs, servers, switches, printers, modems), software or data; Unauthorized access to and/or use of systems, networks or data; Malicious code (including, but not limited to; viruses, worms, trojans); Social engineering (obtaining confidential information through user manipulation); Employee or 3rd party computer misuse.

This entry was posted in Process and tagged GxP, Quality issue, Security issue?, What are SoX.

What is a Queue Manager? What are the responsibilities of a Queue Manager?

Posted on Jun 15, 2015 Updated on Jun 16, 2015

A Queue Manager or a Dispatcher is a resource who primary task is to assign the incident tickets to resources as per their skill set. Their primary role is to meet the SLA targets for an incident ticket. Below are the responsibilities of a Queue Manager:

Monitoring the queues and assign the incidents before missing Response time SLA
Tickets to be assigned with respective Support Engineer according to required skills sets
Follow up with engineer for closing the tickets those are going to be SLA breached
Assigned the tickets which are out of scope to Service Desk/Other Teams.
Publishing Weekly Change Calendar
Daily Report on Incidents/Change/Problem tickets and SLA status
Daily Change schedule reminder to respective change assignee
Shift Handover to Next Queue Manager
Summary report on all Major incidents happen on that day
For high number of repeated incidents, you need to relate the incidents with Parent incident and cancel the duplicate incident by marking the parent ticket info.
Need to discuss with TL/Shift lead for taking action against bouncing tickets