I’m sure many of you realise that for systems with high value in terms of information held or impact to business due to outage or data breach, you would probably want to crank up the monitoring of such systems. Best practices say you should pretty much monitor all activity associated with local users and groups, but today I want to focus on interactive logins to servers.
This has mainly come about from my own need recently to provide the ability to notify on any interactive login to a particular server, be it using remote desktop or a console session.
My first thought was to create a SCOM Rule that would report on Security Log EventID 4624 and if the Logon Type was 3 (console logon) or 10 (RDP Logon), send an email. As it turned out, this was much harder than I expected, as I found that Logon Type was not getting consistently passed as a parameter, and doing a text search on the entire message is not good practice.
Quite out of the blue I had a parcel arrive on my doorstep while I was on leave. It was notable in that I had received all the parcels I thought I was expecting.
As it turns out the fine administration over at ITPA felt that I do quite a bit to help out this organisation and wanted to thank me with a signed copy of Tom Limoncelli’s tome of The Practice of System and Network Administration.
I feel suitably humble. It’s nice to be appreciated 🙂
After the excitement of the previous evening, the day kicked of a little later than the norm for me with the Elastic
One of the things I wasn’t especially aware of was the X-Pack by Elastic and that there is a free, basic version available of that after a 30 day trial. Elastic Cloud may also be an option if we do not want to have to run the underlying infrastructure but just be a consumer of the platform. Shortly after that the session became more of a deep dive into Azure provisioning Elastic with the ARM config files, which was a bit out of my depth.
Today was the first day of Microsoft Ignite Australia 2017 and I am very lucky to have the opportunity to attend!
Microsoft Ignite is the successor of Microsoft TechEd, which had a 2 decade history after being first held in Australia in 1994.
I plan to post about my experiences over the next few days.
Last week I attended Linux Conference Australia that was this year hosted in Hobart Tasmania. The weeklong event has the first 2 days dedicated to mini conferences before the selected presentations over the following 3 days.
I was actually there by virtue of being a speaker and mini conference organiser for the Open Radio mini conference. If this may interest you, you can read about it over here on my Radio Blog. Unfortunately this meant a clash with the sysadmin miniconf, but there will be time to catch up on that.
After a long break between posts over the last two years, is time to for The Practical Admin to have a bit of an update to reflect the changes in his skill sets and equipment availability.
Most of my absence was directly related to being actively involved with SAGE-AU (Now ITPA) for 3 years which included being editor for their monthly newsletter. Since stepping down in 2015 I have been heavily involved in some local community groups.
I now mostly work with Dell Hardware, which means I do a bit with the Dell OpenManage platform of tools. I still mainly work on the Windows Server platform, and have interests in the areas of automation, PKI and platform management. These days my involvement with getting hands on with hardware is minimal.
What this means for the Blog is you’ll see a whole lot more stuff on the Dell OpenManage Platform, Microsoft Windows Server, and more. It also means that many of my hardware scripts, (Such as iLO PS Library) will no longer be supported as I have no ability to test them any more.
Here’s to a return of The Practical Admin.