If you are using Websense Web Security 7.6 or newer and trying to allow a website by using unblock or recategorize features and if you are still not able to access to the website as I have experienced this behaviour with www.bugme not.com site, this is related to a new mechanism of force comes with 7.6 and newer versions. Because it continues to block the address if it is in a risky category, even you create an allow rule.
But you can override this feature by editing your eimserver.ini file
To do this open your eimserver.ini file add SecurityCategoryOverride=OFF under [FilteringManager]section and restart the filtering service.
For more details : http://www.websense.com/support/article/kbarticle/Custom-URLs-and-Limited-Access-Filters-Not-Permitting-Site-Access-In-V7-6
Another reason for this issue can be the role you've used to logon Triton console, be sure you use Super Administrator role or/and visit http://www.websense.com/support/article/kbarticle/Unblock-URL-feature-in-Websense-Manager-does-not-work for more information.
infraLib - infrastructure Library
This site is a replica of www.infralib.com please visit www.infralib.com to see newer posts.
Bu site www.infralib.com sitemizin bir replikasıdır. Orjinal ve daha yeni yazılar için www.infralib.com sitemizi ziyaret ediniz.
Wednesday 28 December 2011
Websense'de calismayan unblock ve recategorize kurallari
Websense Web Security 7.6 ve uzeri kullaniyorsaniz ve bir adrese erisime unblock, recategorize vb yontemlerle izin verdiginiz halde halen calismiyor ise, ornegin ben bu sorunla www.bu gmenot.com sitesi icin karsilastim. Eimserver.ini de [FilteringManager] altina SecurityCategoryOverride=OFF ekleyip Filtering servisini yeniden baslatmaniz gerekmekte.
Cunku 7.6 ve sonrasi versiyonlar siz ozellikle izin verseniz bile eger bir adres kisitlanmis risk kategorisi icin kaliyorsa engellemeye devam ediyor.
Ayrintili bilgi icin : http://www.websense.com/support/article/kbarticle/Custom-URLs-and-Limited-Access-Filters-Not-Permitting-Site-Access-In-V7-6
Diger bir sebep ise oturumu acarken kullandiginiz kullanicinin rolu olabilir, Super Administrator rolune sahip oldugunuzdan emin olun ve daha fazla bilgi icin http://www.websense.com/support/article/kbarticle/Unblock-URL-feature-in-Websense-Manager-does-not-work adresini ziyaret ediniz.
Cunku 7.6 ve sonrasi versiyonlar siz ozellikle izin verseniz bile eger bir adres kisitlanmis risk kategorisi icin kaliyorsa engellemeye devam ediyor.
Ayrintili bilgi icin : http://www.websense.com/support/article/kbarticle/Custom-URLs-and-Limited-Access-Filters-Not-Permitting-Site-Access-In-V7-6
Diger bir sebep ise oturumu acarken kullandiginiz kullanicinin rolu olabilir, Super Administrator rolune sahip oldugunuzdan emin olun ve daha fazla bilgi icin http://www.websense.com/support/article/kbarticle/Unblock-URL-feature-in-Websense-Manager-does-not-work adresini ziyaret ediniz.
Wednesday 21 December 2011
DNSCMD Ageing degerlerini okunabilir yapmak
DNSCMD ciktisi 1/1/1600 00:00 tarihinden ciktiyi aldiginiz ana kadar saaat cinsindendir. (Kaynak:Export DNS records to Excel to read time stamps and static records) ancak Excel en eski tarih olarak 1/1/1900 00:00 i kullanabilmektedir
Bu sebeple once ekstra 300 yili ageing degerinden cikartmamiz gerekiyor, burada benim sonuclari kontrol ederek hesapladigim sabit olan 2620924 degerini kullaniyoruz. Farkli sabit degerlerde mevcut internette, veya kendinizinkini hesaplayabilirsiniz.
(AGE: deger -2620924)/24 bize 1/1/1900 00:00 den bu yana gun farkini veriyor.
Ve 1/1/1900 + gun farki ise bize Time Stamp degerini anlasilir hale getiriyor.
Kontrol edilmis ornek:
AGE=3580157
=((AGE-2620924)/24)+(1/1/1900)=04/06/2009 (DNS konsolunun ornek kayit icin gosterdigi deger ile ayni olan deger. )
Bu sebeple once ekstra 300 yili ageing degerinden cikartmamiz gerekiyor, burada benim sonuclari kontrol ederek hesapladigim sabit olan 2620924 degerini kullaniyoruz. Farkli sabit degerlerde mevcut internette, veya kendinizinkini hesaplayabilirsiniz.
(AGE: deger -2620924)/24 bize 1/1/1900 00:00 den bu yana gun farkini veriyor.
Ve 1/1/1900 + gun farki ise bize Time Stamp degerini anlasilir hale getiriyor.
Kontrol edilmis ornek:
AGE=3580157
=((AGE-2620924)/24)+(1/1/1900)=04/06/2009 (DNS konsolunun ornek kayit icin gosterdigi deger ile ayni olan deger. )
Make DNSCMD Ageing values readable
DNSCMD data gives hours since 1/1/1600 00:00 (Source:Export DNS records to Excel to read time stamps and static records) but Excel is configured with 1/1/1900 00:00, so we need to remove the extra 300 years from our aging value first.
We'll use constant 2620924 here.
(AGE: value -2620924)/24 gives us day count from 1/1/1900 00:00
So 1/1/1900 + the day count will give us the Time Stamp value in a format we can understand.
Verified example:
AGE=3580157
=((AGE-2620924)/24)+(1/1/1900)=04/06/2009 which is same as DNS console shows.
We'll use constant 2620924 here.
(AGE: value -2620924)/24 gives us day count from 1/1/1900 00:00
So 1/1/1900 + the day count will give us the Time Stamp value in a format we can understand.
Verified example:
AGE=3580157
=((AGE-2620924)/24)+(1/1/1900)=04/06/2009 which is same as DNS console shows.
Friday 16 December 2011
Windows Update istemcileri icin script ile kurulumu yaptirmak
Asagidaki VBScript i konsoldan calistirarak, windows update istemcisinin gerekli guncellemeleri hemen indirmesini, kurmasini ve gerekiyorsa bilgisayari yeniden baslatmasini saglayabilirsiniz.
Set fso = CreateObject("Scripting.FileSystemObject")
Set objAutomaticUpdates = CreateObject("Microsoft.Update.AutoUpdate")
objAutomaticUpdates.EnableService
objAutomaticUpdates.DetectNow
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher()
Set objResults = objSearcher.Search("IsInstalled=0 and Type='Software'")
Set colUpdates = objResults.Updates
Set objUpdatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
intUpdateCount = 0
For i = 0 to colUpdates.Count - 1
intUpdateCount = intUpdateCount + 1
Set objUpdate = colUpdates.Item(i)
objUpdatesToDownload.Add(objUpdate)
Next
If intUpdateCount = 0 Then
WScript.Quit
Else
Set objDownloader = objSession.CreateUpdateDownloader()
objDownloader.Updates = objUpdatesToDownload
objDownloader.Download()
Set objInstaller = objSession.CreateUpdateInstaller()
objInstaller.Updates = objUpdatesToDownload
Set installationResult = objInstaller.Install()
Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo")
If objSysInfo.RebootRequired Then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, Shutdown)}!\\localhost\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
objOperatingSystem.Reboot()
Next
End If
End If
Kaynak: Best Practices in Architecting and Implementing Windows Server Update Services (WSUS)
Set fso = CreateObject("Scripting.FileSystemObject")
Set objAutomaticUpdates = CreateObject("Microsoft.Update.AutoUpdate")
objAutomaticUpdates.EnableService
objAutomaticUpdates.DetectNow
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher()
Set objResults = objSearcher.Search("IsInstalled=0 and Type='Software'")
Set colUpdates = objResults.Updates
Set objUpdatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
intUpdateCount = 0
For i = 0 to colUpdates.Count - 1
intUpdateCount = intUpdateCount + 1
Set objUpdate = colUpdates.Item(i)
objUpdatesToDownload.Add(objUpdate)
Next
If intUpdateCount = 0 Then
WScript.Quit
Else
Set objDownloader = objSession.CreateUpdateDownloader()
objDownloader.Updates = objUpdatesToDownload
objDownloader.Download()
Set objInstaller = objSession.CreateUpdateInstaller()
objInstaller.Updates = objUpdatesToDownload
Set installationResult = objInstaller.Install()
Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo")
If objSysInfo.RebootRequired Then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, Shutdown)}!\\localhost\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
objOperatingSystem.Reboot()
Next
End If
End If
Kaynak: Best Practices in Architecting and Implementing Windows Server Update Services (WSUS)
On-demand install script for Windows Update clients
You can safely use the VBScript below, from any server console, it immediately downloads and installs all approved patches then reboot if required.
Set fso = CreateObject("Scripting.FileSystemObject")
Set objAutomaticUpdates = CreateObject("Microsoft.Update.AutoUpdate")
objAutomaticUpdates.EnableService
objAutomaticUpdates.DetectNow
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher()
Set objResults = objSearcher.Search("IsInstalled=0 and Type='Software'")
Set colUpdates = objResults.Updates
Set objUpdatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
intUpdateCount = 0
For i = 0 to colUpdates.Count - 1
intUpdateCount = intUpdateCount + 1
Set objUpdate = colUpdates.Item(i)
objUpdatesToDownload.Add(objUpdate)
Next
If intUpdateCount = 0 Then
WScript.Quit
Else
Set objDownloader = objSession.CreateUpdateDownloader()
objDownloader.Updates = objUpdatesToDownload
objDownloader.Download()
Set objInstaller = objSession.CreateUpdateInstaller()
objInstaller.Updates = objUpdatesToDownload
Set installationResult = objInstaller.Install()
Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo")
If objSysInfo.RebootRequired Then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, Shutdown)}!\\localhost\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
objOperatingSystem.Reboot()
Next
End If
End If
Source : Best Practices in Architecting and Implementing Windows Server Update Services (WSUS)
Set fso = CreateObject("Scripting.FileSystemObject")
Set objAutomaticUpdates = CreateObject("Microsoft.Update.AutoUpdate")
objAutomaticUpdates.EnableService
objAutomaticUpdates.DetectNow
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher()
Set objResults = objSearcher.Search("IsInstalled=0 and Type='Software'")
Set colUpdates = objResults.Updates
Set objUpdatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
intUpdateCount = 0
For i = 0 to colUpdates.Count - 1
intUpdateCount = intUpdateCount + 1
Set objUpdate = colUpdates.Item(i)
objUpdatesToDownload.Add(objUpdate)
Next
If intUpdateCount = 0 Then
WScript.Quit
Else
Set objDownloader = objSession.CreateUpdateDownloader()
objDownloader.Updates = objUpdatesToDownload
objDownloader.Download()
Set objInstaller = objSession.CreateUpdateInstaller()
objInstaller.Updates = objUpdatesToDownload
Set installationResult = objInstaller.Install()
Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo")
If objSysInfo.RebootRequired Then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, Shutdown)}!\\localhost\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
objOperatingSystem.Reboot()
Next
End If
End If
Source : Best Practices in Architecting and Implementing Windows Server Update Services (WSUS)
Saturday 10 December 2011
WSUS : Yeni urun ve kategori duyurusu
WSUS sunucusunun destekledigi urun ailelerine MS Online Services de eklendi, urun Sign-In assistan icin guncellemer saglayacak. http://catalog.update.microsoft.com.
New Product Family and Product Categories for Microsoft Online Services
A new product family has been added to your WSUS server – Microsoft Online Services. The Microsoft Online Services product family will include updates for the Microsoft Online Services Sign-In Assistant
product categories.
A new product category entitled Microsoft Online Services Sign-In Assistant will allow a variety of regular update types, such as update rollups, critical updates and security updates, and a product category entitled Microsoft Online Services Sign-In Assistant (Smart Setup for First-Time Installations) will contain updates to be used on demand only when Microsoft Office 365 services are deployed.
You will see the new product family categories as new updates are available for this product. Microsoft Online Services updates will also be available in the Microsoft Update Catalog at http://catalog.update.microsoft.com.
product categories.
A new product category entitled Microsoft Online Services Sign-In Assistant will allow a variety of regular update types, such as update rollups, critical updates and security updates, and a product category entitled Microsoft Online Services Sign-In Assistant (Smart Setup for First-Time Installations) will contain updates to be used on demand only when Microsoft Office 365 services are deployed.
You will see the new product family categories as new updates are available for this product. Microsoft Online Services updates will also be available in the Microsoft Update Catalog at http://catalog.update.microsoft.com.
Friday 2 December 2011
Windows Large MSI MSP Install Error 1718 Event 1008
I have experienced this problem while installing WebSense 7.6.2, if you are getting Error 1718. File FileName was rejected by digital signature policy as me, the root cause of it can be the large .msi or .msp file you are trying to install. Additionally, the following event may be logged in Application Log.
Type: Error
Source: MsiInstaller
Category: None
Event ID: 1008
Date: Date
Time: Time
User: Na
Computer: ComputerName
Description: The installation of FileName is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
This problem occurs if the Windows Installer process has insufficient contiguous virtual memory to verify that the .msi package or the .msp package is correctly signed.
If you are using Windows Server 2003 you can install the fix below.
Update for Windows Server 2003 (KB925336)
Update for Windows Server 2003, x64 Edition (KB925336)
Update for Windows Server 2003 for Itanium-based Systems (KB925336)
For more information and other solutions : http://support.microsoft.com/kb/925336
Type: Error
Source: MsiInstaller
Category: None
Event ID: 1008
Date: Date
Time: Time
User: Na
Computer: ComputerName
Description: The installation of FileName is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
This problem occurs if the Windows Installer process has insufficient contiguous virtual memory to verify that the .msi package or the .msp package is correctly signed.
If you are using Windows Server 2003 you can install the fix below.
Update for Windows Server 2003 (KB925336)
Update for Windows Server 2003, x64 Edition (KB925336)
Update for Windows Server 2003 for Itanium-based Systems (KB925336)
For more information and other solutions : http://support.microsoft.com/kb/925336
Windows Error 1718 Event 1008 MSI Installation
Ben WebSense 7.6.2 kurarken karsilastim, eger sizde Error 1718. File FileName was rejected by digital signature policy. hatasi ile karsilasiyorsaniz bunun sebebi .msi veya .msp dosyasinin cok buyuk olmasi, ayrica Application Log'da asagidaki hata kaydini aliyor olabilirsiniz.
Type: Error
Source: MsiInstaller
Category: None
Event ID: 1008
Date: Date
Time: Time
User: Na
Computer: ComputerName
Description: The installation of FileName is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Bu sorunun asil sebebi Windows Installer servisinin buyuk msi veya msp paketinizin imzalanmasini kontrol edecek kadar sanal bellege sahip olmamasi.
Cozumu ise oldukca basit asagidan isletim sisteminize uygun yamayi yuklemeniz yeterli.
Update for Windows Server 2003 (KB925336)
Update for Windows Server 2003, x64 Edition (KB925336)
Update for Windows Server 2003 for Itanium-based Systems (KB925336)
Daha fazla bilgi ve diger yontemler icin http://support.microsoft.com/kb/925336 adresini ziyaret edebilirsiniz.
Type: Error
Source: MsiInstaller
Category: None
Event ID: 1008
Date: Date
Time: Time
User: Na
Computer: ComputerName
Description: The installation of FileName is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Bu sorunun asil sebebi Windows Installer servisinin buyuk msi veya msp paketinizin imzalanmasini kontrol edecek kadar sanal bellege sahip olmamasi.
Cozumu ise oldukca basit asagidan isletim sisteminize uygun yamayi yuklemeniz yeterli.
Update for Windows Server 2003 (KB925336)
Update for Windows Server 2003, x64 Edition (KB925336)
Update for Windows Server 2003 for Itanium-based Systems (KB925336)
Daha fazla bilgi ve diger yontemler icin http://support.microsoft.com/kb/925336 adresini ziyaret edebilirsiniz.
Subscribe to:
Posts (Atom)