1. The Ultimate Boot CD: With a name like that, how can you go wrong? The Ultimate Boot CD (or UBCD as its known) has over 100 tools packed onto it, including many vendors’ hard drive tools, like Seagate’s SeaTools and GateWay’s GWSCAN. The disc doesn’t win any awards for a beautiful user interface, but that’s entirely beside the point. With just a few clicks on the keyboard you can delete data, recover data, test your CPU and memory and so much more. There’s even AVIRA’s AntiVir Rescue System on it. Which brings me to my next point…
2. Anti-virus scanner: For a while, it seemed as if the open source ClamAV was the only game in town as far as anti-virus boot discs were concerned. However major A/V vendors got their collective acts together, and now most of them, such as Kaskpersky and Avira to pick two examples,offer their own branded boot disc for free. The catch (of course there’s a catch) is that you need to read the EULA, because some could disallow their usage in a business environment without purchasing the commercial product.
3. Security / Hacking Tool: Sometimes you just need to go all ZeroCool and crash & burn a few things. Okay, that movie was lame, and I repent for referencing it. Moving along, the need for a choice suite of security tools is very important for most administrators. I don’t think you can do much better than back|track, as virtually every conceivable security tool you could ever want is included in this distribution. From VOIP / Telephony analysis (SIPcrack, Smap, etc.), Digital Forensics (Autopsy, Magicrescue, Vinetto, etc.), Reverse Engineering (Hexdump, GDB GNU Debugger, console and server, etc.) and network security (including wireless, wired and bluetooth tools). Did I mention almost 50  tools just under the category “privilege escalation”? Vulnerability Identification including Fuzzer, OpenSSL-Scanner and Absinthe? I could go on and on and on. Get this tool. You will lose many nights tinkering with it.
4. Trinity Rescue Kit: In this world of IT, stuff happens. And by “stuff” I mean “career limiting events”. Actually, this point doesn’t have to be restricted to your career; it can include personal incidents as well. According to the official website, “Trinity Rescue Kit, or TRK, is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines”. You can reset Windows passwords, perform virus scans (which is a recurring theme among many live CDs), wipe temporary data, undelete files, recover lost partitions and more. It even support setting up an SSH / SAMBA server to access across the network. Needless to say, if you find that your bacon has been saved as a result of TRK, please donate to the project.
5. Knoppix: Ah, Knoppix. As a result of this long-time Live CD quite a population of netizens have test driven Linux that might otherwise have passed it by. Quite a sample of that population were Windows admins. First started in the year 2000, Knoppix remains updated and relevant, and with it you can do many of the things offered by the other Live CDs listed above. Take a look at the Knoppix package list by going to any Knoppix mirror and searching for either packages.txt or packages-dvd.txt. Knoppix offers a great way to learn about Linux, or have a perfectly functioning instance quickly up and running with a plethora of useful and versatile packages. If I could only have one Live CD with me at all times, it would be (and is) Knoppix.
6. CloneZilla Live: CloneZilla is a FOSS project that has several branches. One of them is the server edition, which helps to image many machines simultaneously (which I would not recommend; instead use FOG). Another is CloneZilla Live, which is a boot disc to be used on individual machines. You can save a disk image, restore an image, and perform a disk to disk clone. It’s a great way to make quick, image-based backups of PCs as you work on them.
7. Windows PE: This tool used to be restricted to Microsoft customers that held enterprise licenses. Now it is released free of charge as part of the Windows Automated Installation Kit (WAIK). It can be used to recover passwords (anyone remember ERD Commander? Yeah, this is it’s up-to-date manifestation) and perform various troubleshooting and recovery tasks. If you deal with a Windows environment, you should probably keep this handy.
8. Firewall Disc: Strange things happen… and sometimes you may need to use a PC as an impromptu firewall. Or even a longer term solution is needed. In either case, you can use one of several great bootable firewall CDs such as m0n0wall, pfSense (a fork from the m0n0wall project), or even a firewall that can fit on a single floppy disk, aptly named floppyfw . Configurations can be saved to removable media. Make sure to read the documentation first.
9. Wireless Hotspot: This one might seem a little farfetched, but just think for a minute; no matter where you go, people want a wireless network. If you had a hotspot CD always at hand, you could potentially set up a safe, simple wireless network in no time using old hardware. The catch is that the best of the hotspot live CDs are not free. However, one in particular, Public IP, is on the inexpensive side. You could even turn it into a side-business for yourself if you were sufficiently business-minded…
10. 10. Dedicated Forensics: Many of these live CDs have forensics tools on them, but it could be handy to keep a tool around that is actually dedicated to computer forensics. One of the best CDs that I’ve found for this is Helix, but the various editions of Helix are not free. Take a good look at what Helix offers to see if you can justify the price, but if you can’t afford it, look at Ubuntu Rescue Remix instead, which was named as one of the “Ten Essential Linux Admin Tools” by Linux Magazine.
11. DBAN: Yes, this is an eleventh and yes, it’s a bit redundant. I am incapable of speaking of boot discs without mentioned DBAN. The name alone incurs +10 cool points; “Darik’s Boot And Nuke”. Other boot disks mentioned above have data destruction tools, and the Ultimate Boot Disc even includes DBAN, but there is nothing quite as satisfying as having a disc dedicated to a tool that has the word “nuke” in it. Plus, at 10MB, you can easily burn it to a business card sized disc. It will wipe your hard drive down to clean, shiny metal. It’s awesome, it’s ruthless and it has the word “nuke” in it. SysAdmins rejoice!

Keep in mind when looking at these “CDs” that they’re merely ISO files, and could just as easily be put onto a USB drive as a disc. Some of the boot discs, such as the Trinity Rescue Kit, can even be booted from a PXE NIC. Imagine that for one glorious moment. Someone’s Windows machine is hosed, you tell them to calm down while you reboot the PC and netboot from a PXE server. Within minutes of troubleshooting, without having to leave the user’s office, all is well. Such is the life of the well prepared SysAdmin. Think of these discs like little antacid tablets, stopping disaster-borne stomach ulcers before they start.

1. Velcro straps and twist ties. No administrator should have to know the difference between a square knot and a granny knot while tying back a loose cascade of sundry cabling. There’s also a disturbing tendency for cable plants to turn into cable jungles and eventually Sentient Cable Beings that want to om nom nom you. Resist the urge to use plastic zip ties, because yhey are made of pure evil (in most scenarios, anyway). Velcro straps, on the other hand, are convenient, durable and made of condensed awesome. Twist-ties are only made of distilled niftiness, but are still a good choice if that’s all you have. If you choose to use twist-ties, make sure you get a sample first, because some have a rather poor paper wrapper that will easily slough off and leave you with an annoying-to-manage, pokey piece of metal. Plastic / rubber wrapped twist-ties are the best.
2. Cable Crimpers and 8P8C connectors. Yes, I said “8P8C” again, and not “RJ-45″. I demand another high-five. This should go without saying, but you will need to fix, resize and make cables from scratch. A good pair of crimpers have never been further than a few feet away from me for quite a few years now, but make sure to keep a good supply of 8P8C ends around. Also, a card describing 568A and 568B wiring specifications is also helpful. Unless you can recall the wiring specifications from memory, in which case I despise  you. I can barely remember 568b, and then only because of a deranged mental picture I’ve conjured up involving a river, a valley, the sun, the earth and bubbles. I wish I was joking.
3. Punchdown/impact tool. The tool we love to hate. Yes, you need to have one with you. No, you will not like it. Make sure to get a quality punchdown tool; no $1.99 electronic store special will do – Greenlee or Fluke tools won’t let you down. Just make sure you keep a stock of both 110 and 66 block blades with you, as it’s no fun staring at a 66 block with a 110 blade in your impact tool.
4. Fishtape. Sounds a bit overkill? Perhaps. But having a compact roll of fishtape lying around will make you feel like a hero when it’s necessary. If you deal with networks, then you naturally deal with cables. If you deal with cables, you will invariably need to run new ones. As a side note: please do not let electricians near your network cabling. Ever.



5. A Fox and Hound. No, I’m not suggesting keeping a copy of the Disney classic movie in your backpack. I’m talking about a good old fashioned cable tester. You will especially need one of these if you didn’t heed my warning in the last point, and decided to let electricians run your cable. Always carry extra batteries with you for these things (But then you would have known to do that if you had read my previous post, “10 Things That Should be in Every SysAdmin’s Backpack, Episode 1“)
6. Cable Toner and Probe. Invaluable in tracking down mislabeled cabling (see my article on “The Fine Art of Documenting With Labels” for some inspiration on how to approach labeling). Ah, the fond memories that come flooding back when I hear the unmistakable shriek of a cable toner as I jab the probe into a bundle of unmarked cables with the circumference of a Lebanon cedar. Oh yes, and you will most definitely need a toner if your cabling was installed by electricians.
7. Assorted Patch Cables. Sounds like an obvious one, right? In a way it is. However, make sure that you choose patch cables in unholy colors if your patching is intended to be temporary or so that you can tell who’s been pilfering from your sack of goodies. A test network I helped design used bright pink cables to ward off potential cable snatchers; it worked beautifully. Seeing DayGlo colors in a switch rack will either remind you that you need to implement the final cable design, or alert you to sticky-fingered coworkers. Oh, and make sure to carry a wide assortment of lengths. I kept 1 footers as well as a few rolls of 50 footers. Come to think of it, at that length is it really a “patch” cable?
8. Keystone Jacks. Even peskier than 8P8C connectors, it’s still nice to have a handful of these nearby. Decide if you want tool-less or punchdown jacks. While you’re installing these, you can instruct the electrician in proper keystone installation while he’s trying to figure out what that little white string is for inside of a Cat 5 shield.
9. Wireless Analyzer. Nothing says “fun” like warwalking through the office (or neighborhood, or mall, or industrial park… wait, forget that last one). Keeping tabs of wireless network activity is a must for any technology worker that has 802.11 frequencies within his realm of influence . Having the proper tools to monitor rogue access points and unauthorized access attempts to official networks can help make your job a whole lot easier. Bonus points if the analyzer tool can blast rogue devices off the airwaves. As an example, AirMagnet makes a handled wireless analyzer. No word yet on whether it can help you destroy rogue AP’s with the power of your mind.
10. Cable Strippers. Not just any cable strippers. Good cable strippers. The cable stripping blade that you typically find on a pair of crimpers requires you to take three Ritalin pills and be a 6th-Dan in Kendo before you can successfully remove the sheath without damaging the copper wires inside. I prefer a tool that is dedicated to cable stripping.

There you have it! Ten things which, if you keep them in your backpack, will make you an EPIC SysAdmin / NetAdmin. With any luck, you’ll be better able to keep the network stable and available, which is very important if you’re going to keep your Team Fortress 2 server up and running… err, I mean, if you’re going to keep your corporate wiki accessible.

After 4 episodes, could there possibly be any more that you could carry with you? I hear they make backpacks that attach to the front of your body so you can carry two with you. You may need one…

With the invention of USB came the development of some amazing peripherals. We can now have things like simple external hard drives, rotating disco balls and miniature guitar amps hooked up to the simple USB interface on our computers. How we survived without USB is a miracle of the human survival instinct.

A word to the wise, though; it’s worth noting that, for all of these delightful USB devices that you use, you must also make sure that you keep their drivers on a USB flash-drive (or some other form of storage). If not, you will be a very sad SysAdmin when you attempt to use them on a machine that doesn’t have built-in drivers that can talk to the device. I recommend keeping a USB flash-drive that contains all of the drivers for all of your USB devices for each of the Operating Systems that the devices support. It never hurts to be prepared.

Are you ready to become a SysAdmin of mythical proportions? If so, gird your loins, because here is a list of USB devices that every SysAdmin should consider carrying in their bag of tricks:

1. A portable 3.25 inch floppy drive. Yes, it’s 2010 at the time of this writing and yes, 3.25 inch disk drives are still needed in the server room and elsewhere. BIOS updates and RAID drivers still make me get all nostalgic for my 286 when I have to reach for my little USB 3.25 inch disk drive.
2. A portable DVD/CD RW drive. Considering that server manufacturers highway rob you to add an optical device, and that they are often neglected past the initial installation of the operating system and applications, some people opt to not get the built-in optical drive and to instead rely on portable ones. Keep a few handy, and preferably one in your satchel. Especially if you’re in a smaller organization that also requires you to do desktop support at times. Having an optical drive that you know works can be an integral part of the troubleshooting process.
3. 8P8C Network Adapter. I demand a high-five for not using the term “RJ-45″. Moving on… having at least one of these will help while troubleshooting network issues, but also sometimes you temporarily need to add another physical interface  on a different network. Be careful when selecting one, because some have quality problems with the jack.



4. Wireless a/b/g/n NIC. You might not need all of the wireless standards on one NIC, but it’s good to be prepared. Once again, this can be a great help in troubleshooting, but it can also come in handy when working with a device that needs temporary network access but is incapable of receiving a physical network connection.
5. Keyboard and mouse. Mice are easy enough to carry with you, but I’m not suggesting lugging a full sized keyboard around in your backpack. Instead, consider a portable keyboard that either folds together or that rolls up, such as the GrandTec FLX-2000 109-key “Virtually Indestructible Keyboard”. I have seen keyboards that were so grimy I feared for my life as I touched them (think: warehouses and workshops), and wished that I could have substituted them temporarily with my own. It also comes in handy if you deal with touchscreen kiosks, POS machines or other systems that don’t have a keyboard and mouse.



6. RS-232 DB9 adapter. Take a walk through the server room and see how many devices have serial ports for out-of-band management. In some instances, certain features on an appliance can only be accessed via the serial port. At one place I worked, the USB/DB9 dongle was an often used peripheral when managing our switches. However, make absolutely sure that you have the drivers for it with you. I speak from unfortunate experiences.
7. USB to SATA / IDE adapter. This is quite possibly the most useful invention since wide-mouths on soda cans. With one of these babies, you can connect a 2.5 inch or 3.5 inch IDE drive or a SATA drive as an external USB drive. Perfect for salvaging information from a drive when a PC’s mainboard dies, or performing an offline virus scan, or… any of a number of other bizarre scenarios that you will find yourself in as a SysAdmin.
8. Powered USB hub. There will come a time when you will plug in a USB device that needs more power than a PC can offer. It will be especially frustrating when you’re on the go and away from your 14-megaton workstation, which is powered by the energy of dark matter and potato chips. In cases like these, keep a small powered USB hub with you so you won’t hear the PC howl a bad Scotty impression: “I’m givin’ her all she’s got, Captain! If I push it any harder the whole thing will blow!“
9. USB extension cable. It sounds so simple, doesn’t it? In fact, it’s so simple that you’ll probably overlook it in your inventory until you really, really need one. And, trust me, you’ll need one. However, the maximum length for USB is about ten feet? What happens if you need a longer cable than that? I’m glad you asked! You’ll need to get a…
10. USB range booster. They come in pure USB cable form or in the form of a USB device that plugs into your PC and then sends USB signals up to 150 feet using CAT5 cable to a receiving station that is plugged into the other device’s USB port. You might say that any design which requires a 150 foot USB connection is intrinsically flawed. I would say that you are very correct. However, we’re SysAdmins. Does a flawed need for a 150 foot USB connection really surprise us? I didn’t think so.

At this point, your users are chiseling your image in stone and speaking your name in hushed tones mixed with fear and reverence. By now your backpack is also nicely plumped with all of your amazing gear. However, you might want to consider buying a companion for your backpack because we’re still not done yet…

1. Two-way radios. You will inevitably need to send a coworker to a distant part of the building, but also need to work in coordination with each other. Why not use cell phones? Because they tend not to work in some of the odd places that SysAdmins find themselves wedged into. For example, HVAC tunnels. Don’t ask.
2. A device that aids in the opening of plastic clamshell packaging. You know the kind of packaging I’m talking about. Not-so-affectionately referred to as “man-proof packaging”. You can either get a general purpose tool like tin snips, or purchase a dedicated tool like the Pyranna Plastic Package Opener. I prefer tin snips because they can be used for multiple purposes.
3. Head-mounted flashlight. In the first episode of this series , I mentioned the need for durable flashlights. However, upon reflection, a traditional flashlight removes one hand from use. That isn’t acceptable, especially when working on punchdown blocks in dark corners, when both hands are needed to swat off the spiders.



4. A camera with video capabilities. In many cases this takes the form of the SysAdmin’s smartphone. If you don’t have one that can take pictures or video, then you need to get one. A picture says a thousand words, and that means a lot of documentation you don’t have to type. I’ve taken video of the boot process for various machines so that I have a reference of what screens each BIOS has available in case I ever need to walk someone through a troubleshooting task remotely. I also photograph the un-boxing of new equipment for documentation purposes. Taking a picture of cabling is invaluable too. So is evidence of your boss napping at work. Visual documentation will make you a happy SysAdmin.
5. Extra label cartridges for your P-touch label printer. In the previous episode, I also praised hand-held labelers; they work great! However, they’re a little boring if you don’t have enough labels in them. Make sure to have a good stock of label cartridges, especially if you have an anticipated labeling spree up ahead. You can never have too many labels.
6. An arsenal of boot discs. Oh boot discs, how do I love thee. Let me count the ways. There are forensic boot discs, data destruction boot discs, data recovery boot discs, boot discs to play games on, boot discs to run antivirus scans from, boot discs to take images of PCs with. Their uses are many and varied, and will make you a hero in no time.
7. A multimeter. A surprising number of SysAdmins were “sparkies” in a past life. This is convenient, because a surprising number of SysAdmins are required to manage the physical power infrastructure that they use, or at least a portion of it. Keeping a multimeter nearby will protect you from those nasty mistakes of not knowing which sockets are 110V or 220V (or which wires are live and which aren’t).
8. Food! Preferably non greasy, non crumbly, hard-to-spoil, healthful, pre-packaged food. Don’t forget water too. You will get hungry in the field, and will not be able to break to forage. Skipping meals is bad. Those Pop-Tarts in the coin machine look tempting now, but when you’re curled up and sawing logs in the hot isle you might have some dietary regrets. Always be prepared with the foods that you know work best with your body, and don’t miss a meal, even if it means eating little packages of nuts and carrots while patching kernels at 3AM.
9. Static bags. They’re everywhere you don’t want them to be and nowhere to be found when you need one. Keeping a few nearby will help you when you need to safely store some delicate bits and bobs during an electronic surgery. Upgrading RAM for a workstation or server? wrapping old modules in paper towels is… not advisable. Especially if they’re full of crumbs from your late night snack. (See Food, above).
10. Assorted gender blenders. VGA to DVI-I/D/A etc. USB to Firewire. Female to male USB. USB extenders. On and on and on they go, when they stop commingling, nobody knows. A drawer of common and not-so-common adapters was a regular place for me to be poking through in my previous place of employment. Keeping them in a backpack would have saved some wear on my insoles.

Keeping these items in your backpack, as well as the previous list of ten , will propel you irresistibly into the realm of legendary SysAdmins. However, you can level up from being a Legend to becoming Mythical. I hope you purchased a spacious backpack, because we’re not done yet…

Yes, for those of us who aren’t afraid to leave the comfort of our AnthroCarts (or IKEA furnishings, if we’re lucky), we need backpacks for more than just transporting Red Bull. Below is a list of things that an adventurous SysAdmin must have in his satchel, if he is to survive and make it home in time to eat a dinner that’s still warm.

1. A netbook, iPad or other ultra-portable. A SysAdmin often can’t bring his main laptop with him when he’s called to distant places (the sales floor’s POS system, for instance). Make sure to have your most comforting OS installed on it, with your most useful tools at the ready.
2. Removable storage, replete with your most useful software tools. This can work in conjunction with a netbook. It doesn’t matter if you have a flashdrive or a portable hard drive, although flash storage can handle the bumps of being in a bag (and tripping down the stairs) better than a hard drive. Check out PortableApps.com for a great list of portable applications.
3. A portable labeller. Brother P-touch label printers are ace, as far as I’m concerned. Things need to be labeled. Twice. Always. Use a labeller that has some good text formatting options, like ultra wide print, a full character set, and an extensive keyboard. Be aware that sometimes labels do not stick well to certain surfaces. In that case, you may need the next item…
4. String tag labels and krazy glue. You heard right. Refer back to my article concerning labeling as a form of documentation, and it will make more sense. The labels I’m referring to are the ones commonly known as “manila tags” or “shipping tag labels”. Everything in the server room, MDF, IDF and cafeteria cabinets should be properly labeled. The Krazy glue helps if you’re tying it around a cable end: just put a daub of glue on the string to fasten it to the cable, and you’re all set. You could also use a twist-tie rather than a string. Many times, when doing emergency work, the physical infrastructure needs to be hastily re-maneuvered, and labeling what you’re doing while you do it is a lifesaver.
5. Black and silver Sharpies. Sometimes things need to be indelibly annotated. Sometimes those things themselves are black and need to have a color that stands out. Silver does nicely.
6. Band-aids, gauze and antiseptic cream. Computer equipment and even the packaging it comes in can be dangerous. I’m sure all of us have, at one time or another, left a DNA memento behind on a metal bur in a PC case or server rack. Be prepared with some first-aid, preferably more than you think you’ll need. I wouldn’t even laugh if you included a mini-blowtorch to cauterize with and an AED unit. What happens in the server room, stays in the server room. Unless the blood starts seeping under the doors.
7. A laser pointer. Sometimes you need to point at something across the server room, parking lot or from one building to another (think “pointing out wireless backhauls on campus buildings during the installation phase”). Always be ready with a laser pointer. Be careful to check any laws in your area concerning laser pointers, and never play around with them. I prefer a less-threatening color than red. Green is my favorite. They also come in handy for pointing out constellations during late-night star gazing sessions. Hey, you’ve got to come out of the server room at least once during an all-nighter.
8. Flashlights. Yes, I said “flashlights” in the plural. One will die when it’s least convenient and /or they will magically disappear to the same place that left socks and that cage nut which dropped on the floor during your last server mounting project went. I think that place is somewhere East of Narnia. Make sure the flashlights are compact (i.e. not the 14 pound police flashlights that can be used in a caber toss competition). They should also be durable (i.e. can be thrown at a concrete floor in frustration when you lose yet another cage nut).
9. Voice recorder. The fastest typists in the world can type at around 120 words per minute. Average paced speaking with no pauses is said to be around 150 to 170 WPM. If you need to take notes about a situation that you’re currently in (think: shimmying through a subfloor and inspecting a 66-block), it is probably better to speak your notes rather than type them. It saves time and the added benefit of retaining your verbal inflections in your spoken thought will make misunderstandings in your notes less likely.
10. Rechargeable batteries and a charging station. Several of the items in this list use standard sized batteries to operate. Batteries die. Especially when you don’t want them to. Make sure you’re prepared with good, lithium rechargeable batteries and a charging station. Make sure to have and adhere to a schedule to recharge your stock of batteries periodically so you’re not left with 3/4 drained batteries and then need to perform an 8 hour recharge.

If you can collect those ten things in your backpack, you’re on your way to becoming the kind of SysAdmin that legends are made of. But there are more tools that a SysAdmin needs to be truly a thing of legend. Stay tuned…

First, you must choose your labeling method wisely. In my mind, there are only three major methods of labeling:

1. Sticky labels
2. String tags
3. Indelible markers

Thoughts on Sticky Labels

If you choose to use sticky labels, the device of choice in my experience is one of Brother’s many P-Touch line of label printers. When using a label printer, make sure the printing is big enough to see when in dim light and angled away from you. Make the characters as tall as the printing strips will allow. As a rule, you will almost never have optimum viewing circumstances when you need to view your label.

Test out the sticky side of the label on whatever equipment you’re labeling. It might not remain affixed over time, especially if the surface is warm (think servers) and especially in the dry climate of a server room. You may need to either look for better label tape, or affix a different tape over the label (clear packing tape is my preference).

Thoughts on Tags

In some cases, the better choice for labeling devices will be with what I morbidly refer to as “Toe-Tags”. If you’re going to be searching online for these things, use terms such as “manila tags” or “shipping tag labels”.

You may be familiar with these if you use HP servers with ILO in them; as each ILO enabled server comes with a tag that has your unique ILO login information from the factory.

The benefit of these kinds of tags is that you can twist and turn them to any degree that suits your viewing angle. You can also tie them to items that you don’t want to leave a residue on, as will happen with labels or permanent markings (such as with a Sharpie).

The downsides to manila tags is that you’ll have to be within arm’s reach to turn the tag to an optimal viewing angle. They can also restrict airflow, and the strings can potentially snap.

Thoughts on Indelible Markers

It’s the most permanent way of labeling. Stickers can scrape off and tags can easily be removed, but indelible markers are forever. If you choose this method, don’t just use black markers; silver is a necessity as well. Many devices are already dark in color, and using a black marker will make the tag very difficult to read. Silver Sharpies are a great tagging tool.

Also, give your indelible markers a sniff test. For instance, I have a massive Sharpie Magnum, which is a chisel tip with a barrel the size of a howitzer. The aroma that is released when the cap is removed gives everyone within 15 yards a contact high and the nauseating smell stays in the room for hours. Not a good idea for most scenarios.

Also remember to throw away your inhibitions concerning writing on stuff! I worked at one place that frequently purchased shiny, new Macs which were absurdly expensive. The asset tagging involved writing, with indelible markers, on the chassis of the machine; to say that this freaked me out is an understatement. I didn’t want to deface those pretty, expensive machines! In time, however, I hardened my heart and learned to deface like a deranged graffiti artist in the center of the darkest slum. It’s not about the prettiness of your Catalyst or DL785 G6; it’s about getting the job done right.

General Labeling Guidelines

Make sure that your labels or tags are secure and can’t easily fall off! That’s a “no duh” concept, right? Well, it might still need a bit of discussion. If you put new labels on your devices, make sure that you check those devices in a few days or months to see how the labels are holding up. You might have to choose a stickier tape or a stronger string.

Furthermore, consider whether or not you need an indelible mark for legal reasons. I’ve been focusing mostly on server room equipment, but you might want to label regular PCs or other assets that can float in and out of the server room (like cable toners or multimeters). Someone could easily remove a sticky label and claim one of these device as their own; in these cases, consider labels that  tattoo the surface of the device, or using indelible markers. Also, make sure not to leave your mark on a removable part of the device – an asset marking on the battery hatch is a poor idea.

It bears repeating: label anything that could “walk away” from an area. Label it in big letters. If possible, make it hard to miss and even a little embarrassing. No one is going to steal a sweet little 1800-8g ProCruve switch if it’s plastered in Hello Kitty stickers and has “I heart Robert Pattinson” scribbled on it. But seriously, if it can detach, unhook or otherwise become mobile, label it shamelessly. Either that or glue / tape / weld it to a permanent structure.

Be redundant (see: recursive). Put a label or tag on the front and back of the device. Or top and bottom, as the case may be. Personally, I try to label things on each flat surface and, assuming a rectangle, that’s six labels. If you use shipping tags, put the information on both sides of the tag. Yes, it’s redundant, but so are your UPSs, and you’re not trying to weasel out of using those, are you? (I don’t think I want to know the answer to that question). You never know what unlikely bodily contortion you will find yourself in when needing to see a label. You might be gripping a flashlight with your teeth, using one hand to push back a cascade of cable and the other hand to balance an improperly screwed in chassis switch, while you crane your neck to catch a glimpse of that one, lone tag you put on the side of the PDU tucked into the server rack’s wall cavity. Put labels on multiple sides for your own sake.

Be verbose! Even if it means toe tags the size of a post card or ticker tape streamers for labels. Of course, that could pose a problem to air flow in some situations so, if you can, be as verbose as practicality allows, and then some.

Don’t abbreviate. TP100-MP1U might make sense to you now, but it won’t in 12 months. No, it won’t. It certainly won’t make sense to your other admins, or whoever comes after you. Even if the device’s DNS name really is TP100-MP1U, put “10 tape Overland Auto loader, third rack” beneath it to give at least some clue what it is to n00bs. Again, crazy situations that make you wish you had made more informative labels will almost always come up.

Springboarding off of the previous paragraph, obscurity is not security. If you’re worried about telling people what a thing is in verbose terms (core switch, failover router, etc.)… why do those people even have access to those things in the first place? There are greater issues that need to be addressed there, and obscure documentation is not the solution.

When labeling, make sure to give devices unique names on their labels. By that I mean that just labeling the back of your appliance “Hard drive array” isn’t enough. Neither is “ReadyNAS Array” or “5TB ReadyNAS Array in third rack”. You never know what circumstances lie ahead, and I guarantee that you will facepalm when another “5TB ReadyNAS Array” is put in place in the third rack.

That brings up the question of whether you should label things based on what they are versus what they do, or a combination of both. Should that server be known as it’s IP of 10.0.0.45/24? Should it be known as its DNS name of SQL2008-2? Or perhaps “Finance Reporting Server and Mirroring Witness for SQL2007-4″? Or is it all of the above? You’ll need to consider what you think you might need to know at a glance concerning what you’re labeling, and make your own decisions.

In the end, your assets will be more marked up than Lil Wayne’s body, but this is about practicality not beautification. Unless you get labels that have pretty pink swirls on them, but I digress. Truly, you will make your life easier if you begin to consider labeling your assets as a part of your overall documentation scheme.

In Exchange Server 2007 this is not too difficult to accomplish. Microsoft has released a whitepaper on how to configure virtual organizations (i.e. companies) in Exchange Server 2007. This whitepaper can be found on the Technet Website: http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx – Configuring Virtual Organizations and Address List Segregation in Exchange 2007.

It is tempting to try this in Exchange Server 2010 as well, but you would be best off avoiding doing so. There are a couple of issues (that Microsoft is working on) that will block a successful rollout of Address List Segregation. Besides that, it is not supported and it will also break Exchange Server 2010. More information regarding this can be found on Dave Goldman’s weblog: http://blogs.msdn.com/b/dgoldman/archive/2010/05/10/critical-update-exchange-2010-address-list-segregation-and-current-support-stances.aspx – CRITICAL UPDATE – Exchange 2010 Address List Segregation and Current Support Stances

You may be aware that in Exchange Server 2010 SP1 there’s a /hosting switch, making Exchange Server 2010 SP1 “multi tenant”. This means you can create multiple virtual organizations in Exchange Server 2010 SP1, completely invisible for each other. There’s already quite some information on the Internet regarding installation of Exchange Server 2010 SP1 with the /hosting switch, but most of this information is not coming directly from Microsoft!

This “hoster edition” of Exchange Server 2010 SP1 is targeted towards hosting companies, companies that currently have HMC (Hosted Messaging and Collaboration) 4.5 running. This is basically the Hosted Version of Exchange Server 2007, including Hosted Sharepoint and Hosted OCS. This implementation of Exchange Server 2010 is absolutely not targeted towards enterprise customers!

There are a number of issues you have to be aware of when you want to deploy the “hoster edition” of Exchange Server 2010 SP1:

• You need an SPLA (Service Provider License Agreement) to use this version of Exchange Server 2010 SP1;
• The Forest Functional level is Windows Server 2008;

There is:

• No upgrade path (only a green field scneario);
• No support for Unified Messaging;
• No support for Edge and EdgeSync;
• No support for multiple forests;
• No support for multiple domains;
• No Exchange Management Console;
• No Public Folders;
• No Federation;
• No B2B features such as cross-premises message tracking and calender sharing;
• No IRM;
• No Outlook 2003 support (EnableLegacyOutlook);
• No Support for OCS 2007 R2, only from 3rd party;
• No Support for CRM;

When you try to start the Exchange Management Console you’ll see that it is not supported:

So, all configuration has to be done using the Exchange Management Shell. There’s some additional self service support on the Exchange Control Panel, but basically you’ll need to implement another 3^rd party Control Panel for configuring the Exchange organization. Or create your own Control Panel. Please bare in mind that hosting companies often have dedicated developers that are working on these scenarios.

Conclusion

If you want to implement Address List Segregation on Exchange Server 2010 you cannot use the 2007 version of the Address List Segregation whitepaper. It will break Exchange Server 2010. Although very tempting to use, the Hoster Edition of Exchange Server 2010 SP1 is not an alternative for the enterprise customers. Don’t try it, don’t even think about it, there’s too much complexity for the average enterprise customer. Besides the Service Provider licensing, there’s too much functionality that’s not supported by Microsoft directly, or it is supported by a 3^rd party. The best option is to wait and see if and when Microsoft releases the 2010 version of the Address List Segregation.

The following script does just that:

# Read in pst file locations and users
$strPSTFiles = Get-Content -Path "c:\pstdetails.csv"
foreach($strPSTFile in $strPSTFiles)
{
$strMachine = $strPSTFile.Split(',')[0]
$strPath = $strPSTFile.Split(',')[1]
$strOwner = $strPSTFile.Split(',')[2]

# Get network path for pst file
$source = "\\" + $strMachine + "\" + $strPath.Replace(':','$')

# import pst to mail box.
Import-Mailbox -PSTFolderPath $source -Identity $strOwner
New-MailboxImportRequest -FilePath $source -Mailbox $strOwner
}

The yellow highlighted text shows the Exchange 2010 RTM cmdlet, the red the Exchange 2010 SP1. Delete the unneeded version as appropriate.

The Exchange 2010 SP1 version of the script will execute in far less time, due to the asynchronous nature of the ImportRequest cmdlet. These requests are processed in the background and can be monitored with the Get-MailboxImportRequest cmdlet to observe their status.

There are quite a few potential pitfalls here:

1. The user’s machine must be on.
2. File sharing must be on, to allow for the file to be transferred.
3. Outlook must not be running on the remote user’s machine. If Outlook is running and has the PST file attached, the file will be locked and unable to be imported.
4. The PowerShell cmdlet used by Exchange to import PST files does not support passwords.

There are various things you could to augment this script.Some suggestions include:

•  Have WMI shut down Outlook on a remote user’s machine before attempting import http://www.computerperformance.co.uk/vbscript/wmi_process.htm
• It could be useful to generate a further file detailing a list of all the PSTs which failed to import, with the reason. These files could have been password protected, or the machine hosting them may have been shut down, or become disconnected since they were identified.

I hope you have found this series of articles on manually importing PST files into Exchange 2010 useful. Although, like me, I’m sure you feel that this is a bit of a mammoth task, particularly for the Powershell novice!

To automatically import PST files into Exchange 2010 without Powershell visit:
www.red-gate.com/products/pst_importer_2010. Here you can find out more information on PST Importer 2010 and download a free 14 day trial.

To start this, we  can query Active Directory for a list of all the machines attached to your domain. We can then use Windows Management Instrumentation (WMI) to search each of these machines for PST files. The file paths for these PSTs should hopefully give a clue as to which user they belong to, as they will be created in a directory path containing the username by default. We can also grab the file owner file attribute which should correlate with the file path.

This technique requires that all the machines in your network are switched on and accessible by WMI. A list of the machines which could not be queried can be provided as output

Notes about WMI:

By default WMI is blocked by the windows firewall in Windows 7 and 2008 R2. You’ll need to open up the ports on all your users’ machines. This can be done with the ‘netsh’ command, or through a change to group policy.

What are the implications of this? WMI is a powerful beast, and allows remote access to many aspects of a user’s machine. As such it could be considered a security vulnerability… It’s typically accessed though port 135. This not only permits access to WMI – but also any other DCOM components which may be installed on a machine, open for exploitation by Trojans and the like. Needless to say, the ports are blocked by default for a reason – so require careful consideration of the implications when opening. WMI will also not help you if the machines you wish to tinker with are subject to NAT (Network Address Translation). You’ll be unable to reach these machines. The following script generates a txt file (the filename defined on line 2) of all the computers on your domain to be searched. This can then be edited with notepad to remove those you don’t wish to search.

$strCategory = "computer"
$strOutput = "c:\computernames.txt"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()
[bool]$firstOutput = $true
foreach ($objResult in $colResults)
{
$objComputer = $objResult.Properties;
if($firstOutput)
{
Write-output $objComputer.name | Out-File -filepath $strOutput
$firstOutput = $false;
}
else
{
Write-output $objComputer.name | Out-File -filepath $strOutput `
-append
}
}

The next script will generate a CSV (Comma separated values) detailing the network paths of the PSTS you need.

$strComputers = Get-Content -Path "c:\computernames.txt"
[bool]$firstOutput = $true
foreach($strComputer in $strComputers)
{
$colFiles = Get-Wmiobject -namespace "root\CIMV2" `
-computername $strComputer `
-Query "Select * from CIM_DataFile `
Where Extension = 'pst'"
foreach ($objFile in $colFiles)
{
if($objFile.FileName -ne $null)
{
$filepath = $objFile.Drive + $objFile.Path + $objFile.FileName + "." `
+ $objFile.Extension;
$query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" `
+ $filepath `
+ "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner"
$colOwners = Get-Wmiobject -namespace "root\CIMV2" `
-computername $strComputer `
-Query $query
$objOwner = $colOwners[0]
$user = $objOwner.ReferencedDomainName + "\" + $objOwner.AccountName
$output = $strComputer + "," + $filepath + "," + $user
if($firstOutput)
{
Write-output $output | Out-File -filepath c:\pstdetails.csv
$firstOutput = $false
}
else
{
Write-output $output | Out-File -filepath c:\pstdetails.csv -append
}
}
}
}

This script will take as input a text file containing a list of machine names (conveniently the output of the first script), and will generate a csv file of all the pst files found on those machines, and the owners associated with them.

Find PST files across your network quickly and easily with PST Importer 2010. To find out more and to download a free 14 day trial please visit:
www.red-gate.com/products/pst_importer_2010

This is what actually happens when an Exchange administrator initiates a New-MoveRequest, either from the Exchange Management Shell or the Exchange Management Console when moving a mailbox from EXMBX01 to EXMBX02 in the figure below.

The process of moving mailboxes is now performed by a service called Mailbox Replication Service or MRS. The MRS is running on the Client Access Servers.

1. The Administrator initiates a move request like New-MoveRequest –Identity J.Wesselius –TargetDatabase EXMBX02\MDB02. Now a special message is placed inside the System Mailbox of the current Active Directory site. This message tells that the Move Request is initiated and that its status is Queued;
2. The Mailbox Replication Service periodically scans this System Mailbox for these messages. The MRS will find the message and reads that the J.Wesselius mailbox is Queued;
3. The MRS will update the System Message to “In Progress” and will start moving the Mailbox data from EXMBX01 to EXMBX02. MRS will keep the old and the new mailbox in sync. The user is still connected via the CAS Server to EXMBX01, and arriving messages will be delivered via the Hub Transport Server to the Mailbox on EXMBX01;
4. At a certain point when almost all data is moved from the old to the new Mailbox the old Mailbox is locked. The last pieces of data are moved from the old to the new Mailbox. Also the Active Directory properties of the user are changed to point to the new Mailbox Database. At this point the status of the Move Request (i.e. the message is the System Mailbox) is changed from “In Progress” to “Completion in Progress”;
5. The new Mailbox is activated, the old Mailbox is soft deleted (which means that it is actually recoverable in SP1!) and the user needs to restart his client. When you move a Mailbox from an Exchange 2010 SP1 Mailbox Database to a Mailbox Database on another SP1 Mailbox Database the client does not need to be restarted.
6. Although the Mailbox is moved from server EXMBX01 to EXMBX2 the Move Request itself is not deleted. This has to be performed by the Administrator, either by using the Exchange Management Shell (Remove-MoveRequest) or by using the Exchange Management Console.

You can see the MRS run on the Client Access Server in the Windows Task Manager:

You can see the status of the move request by entering the following command in the Exchange Management Shell:

[PS] C:\download>Get-MoveRequest | ?{$_.status -eq “InProgress”}| Get-MoveRequestStatistics | ft Disp*,Per*,BytesTransferredPerMinute

DisplayName                 PercentComplete BytesTransferredPerMinute

———–                 ————— ————————-

Jaap Wesselius              66               134.2 MB (140,668,124 bytes)

Katie Price [HR Department] 66               119.9 MB (125,677,306 bytes)

[PS] C:\download>

The MRS is a throttled service, and it is fully configurable. There’s an MSExchangeMailboxReplication.exe.config file in the “C:\Program Files\Microsoft\Exchange Server\V14\Bin\” directory. You can use this config file to configure the throttling of the MRS by changing these entries:

• MaxActiveMovesPerSourceMDB
• MaxActiveMovesPerTargetMDB
• MaxActiveMovesPerSourceServer
• MaxActiveMovesPerTargetServer