Having loads of physical sites, it is extremely difficult to keep track of device’s locations, and even if you do, you may not be aware some people moved computers or printers around to a new place without telling; It can also be useful to know where a device was last seen. More importantly, do you know what is on your network? Check how many devices are unknown and not registered in GLPI.
Requirements
– Add network switches in GLPI making sure Name (DNS name), brand, location and type fields are filled in. You need managed switches to connect on to them.
– Generate an SSH key pair on the server from where you are going to run the script, install the public key on the switches so you can log on automatically on each one of them Supported switches include Cisco Catalyst, HP Procurve* and 3com but could be ported easily to other brands. Check Cisco, HP and 3com official documentation to install the public key on each device.
– Edit GLPI settings (in the script) and run the bash script
Features
– Gets the switch list from GLPI (registered as “switch” in network devices)
– Connects to the switches and gets a list of mac addresses
– If the mac is found in GLPI (within Computer, Printers or Network devices), updates Last modified date and location
– If not, gets the mac’s vendor from Internet. A cache makes it faster if the 6 digits were found before
– Tells percentage of known macs
– tells if duplicates are found in GLPI (mac found on the network matching multiple devices in GLPI)
– Works on Cisco, HP* and 3com switches and could be easily modified for other brands that support SSH auto-connect. Some gears like Cisco Small Business don’t support it.
% gets better as you add more and more known macs in GLPI You have no idea how many devices connect to the network!
The “QUOTE” keyword is essential to allow a user to run system-specific commands on FTP servers (SITE or ALLO for example). These commands do not have to be understood by FTP clients.
Most FTP clients send a NOOP – that actually is a dummy packet – to keep the connection up
ftp> quote noop
200 NOOP ok.
QUOTE SYST returns the Operating System the FTP server runs on, or at least gives you a hint.
Check these 2 examples on Linux Redhat and IBM i, the second giving a lot more details than the first with the exact version of the operating system.
ftp> quote syst
215 UNIX Type: L8
ftp> quote syst
215 OS/400 is the remote operating system. The TCP/IP version is "V7R1M0".
Windows services can be started with a Managed Service Account (MSA) for the sake of security and easy management.
It is working just fine until I initiate a server reboot. The service would not start. Opening the service and wiping out the password field makes the service start again, until the next boot.
What could be wrong? Let’s focus on the message displayed when setting up the MSA: The account has been granted the Log On As a Service right. An Active Directory group policy (GPO) may override this setting that could be applied globally on the domain.
An easy way to check which accounts are given the Log On As a Service Right is to run rsop.msc.
Browse to: – Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
Check that the Managed Service Account is in the list under the Security Policy Setting. If not, update Active Directory GPO and check the policy comes first in the “Precedence” tab.
Now that you’ve checked GPO permissions, the service should be starting at next boot.
Windows Managed service accounts (MSA) appeared in Windows 2008 R2 Server. MSA provide dedicated accounts for each service without the hassle of managing password assignment or reset. Less management, more security. However, a single account cannot be used across multiple servers. This could lead to many service accounts within a domain but this is not a big deal.
Setting up a service account requires 2 major steps: Create it on the Active Directory domain controller and install it on the machine where the service will run.
Add Service Account on Active Directory
On the domain controller, launch the two following commands in Powershell to create the account. It cannot be done through a graphical user interface:
The Windows account shows up under “Managed Service Accounts” in Active Directory Users and Computers. You have to check “Advanced features” in the View tab beforehand.
Then assign the account to the host where the service will run:
On the target machine, add the AD module for Powershell feature:
Add Feature navigating to: Remote Server Administration Tools Role Administration Tools AD DS and AD LDS Tools Active Directory module for Windows PowerShell
Next install the managed service account, still in Powershell:
Finally, you can configure the service startup with the managed service account, under the Connection tab.
Launch the service with DOMAIN\Service_Account$ leaving the password field empty. Do not forget to append the $ to the account name!
Check this post out if the service does not start after rebooting the server. It could be linked to some security policy settings that need to be changed.
Powershell provides a “count” method that comes first to mind when you have to count lines, files or objects. I was astonished to observe PowerShell would display nothing when it should count 0 or 1.
Here’s a screenshot where I retrieve the number of Active Directory accounts and showing count is unreliable.
Instead use the Measure-Object cmdLet and select the count value that is returned:
In addition to the Measure-Object command-let that counts the number of objects, you can use the “tee” command that lets you store the result set into a variable and its number of elements into another. All of this in one single line:
