Installing Applications on a Terminal Server

Because of the Sophos issues that many of my clients experienced, many endpoints required a re-installation, particularly on Terminal Servers. This is a quick and easy reminder of best practices for installing applications on a terminal server.

  1. Log on to the server as a domain administrator
  2. Open up command prompt and type the following command
    change user /install
  3. Your session will now be ready to install applications that will work across all user profiles.
  4. Install the application required e.g. Microsoft Office
  5. Once you have finished the install open up command prompt again and type in
    change user /execute


Sophos: Shh/Updater-B False Positive

What a morning! I walk into work, sit down, getting ready to munch on my cheese and bacon roll, open Outlook, BAM! Email spam about Sophos AV, FML…

This morning a False Positive update was released to all Sophos endpoint machines. Any computer that was left running overnight would have automatically downloaded the update and applied it. The result, 667 Viruses Alerts. Uh-oh. Investigations began and we found out that it was indeed a false positive update released by Sophos.

Quick way to resolve this issue which is also outlined in the above Naked Security blog:

  1. Log into your Sophos Enterprise Console.
  2. Make sure that all your Anti-Virus and HIPS policies are configured to “Deny access only” if automatic cleanup is not possible
    On Access Policy
  3. Once you’ve edited all the policies that affect your endpoints, click on the Viruses/spyware link under Computer Alerts
  4. Select all the machines that have the SHH/Updater-B virus, right click > comply with > Group Anti-Virus and HIPS Policy
    Apply policy
  5. Confirm if the policy has been successfully applied
  6. Right click the computer with Same as policy and select Resolve Alerts and Errors. A window will appear and you will need to select all the computers with the SHH false positive and click Acknowledge.
  7. Repeat the process for any computers that are offline
  8. Email your angry clients and blame good ol’ Sophos for their worries 🙂

UPDATE:

So this False Positive has also deleted updating files across ALL APPLICATIONS including, but not limited to, Google, Adobe, CA ARCserve, Sophos, Quickbooks, NVIDIA…. and the list goes on.

It’s gonna be a loooooooooong day!

Testing SMTP using Telnet

As an IT admin, you might find yourself in a situation where you need to test sending emails without an email client such as Microsoft Outlook. When that time comes, a great way to test SMTP connectivity is leveraging TELNET.

Here are a few easy steps to test mail flow:

  1. Make sure you know what SMTP server you are trying to connect to e.g. smtp.example.net.au or if it’s an internal mail server you can use the FQDN or IP address e.g. MAILSERVER.local or 192.168.1.1
  2. Make sure you have telnet installed on your client machine, you can do this via the following technet article
  3. Open up command prompt on your machine, click on start > run and type in cmd.
  4. In the command prompt window, type: telnet servername/IP 25 and press enter.
    Note: telnet initiates a telnet connection, the server name is the mail server you are attempting to send mail from and 25 is the default SMTP port.
  5. Now type in the following to test mail flow:
    Note: after each step press enter
  • HELO mail server domain name e.g. HELO example.com
  • MAIL FROM:user@domain.com e.g. MAIL FROM:user@example.com
  • RCPT TO:user@externaldomain.com e.g. RCPT TO:user@gmail.com
  • DATA
  • Type in some test data, this will be the body of the email e.g. Hello Sir 🙂
  • To stop typing in text in the body, you need to press Enter followed by a full stop . the press Enter again.
  • QUIT to exit the telnet session
If your email comes through then you’re a winner, if not don’t stress, there will most likely be other restrictions in place to prevent you from sending emails from SMTP servers. Please note that this is the first point of mail flow testing and further troubleshooting may be required.
This is also a good way of finding out if the host you are connecting to is actually a mail server! Unless of course SMTP is on another port or firewall rules are in place.