Thursday, December 22, 2005

Implementing a Better File Search Strategy under Windows Server 2003 at Low Cost

Why do we need a better one?
Are you kidding...
  1. Hands up anyone who believes that you can successfully locate files using the Microsoft Search tool, every time without problems...
  2. Hands up anyone who believes that the amount of time it takes the Microsoft Search tool to locate a file is acceptable.

I'm sure nobody has their hands up.

Why are we all raving about Google Desktop?

If you haven't checked out Google Desktop - Enterprise Edition, you should make the effort and download it. It's free and it is very very good. This little tool indexes every file on your computer, your instant messages and your email. It even does Lotus Notes and Gmail. There are also lots of add-ons available for free, or at low cost. This tool will change the way you think about Microsoft Built-in Windows search tool.

Google desktop is so good that you can locate deleted and changed documents and look at their cached contents.

Google desktop can do some really cool network things, including indexing mapped drives. What it can't do is index servers or networks.

What we wanted was something that offered the power of Google Desktop, but which would operate at server level and give us the ability to search for files on our file server. We found that tool in dnka, a remote search add-on.

Google Desktop and DNKA were easy to install, but did require a server reboot. You can then configure DNKA to provide remove access to the index restricted by a password or by an IP range.

  • For our secure data server, which contains payroll etc, we restricted by both IP range and Password.
  • For our general data server, we restricted by IP range only.

I then built-in to our corporate intranet navigator, a link to the general data server - it goes something like...

http://data3:4664/

Note that you also need to open your firewall software to accept connections on port 4664. You can usually get the firewall to restrict connections on this port to a given IP range too.

I gave the links to the secure server only to our information management people. Unfortunately the google search is just a little too powerful. So you need to think carefully about need-to-know in this case.

Monday, December 12, 2005

Scheduling Cleanup Jobs for your Server

One of the things we learnt on the bootcamp was how to set up cleanup jobs on the Domino server. Yes... I know I should have known how to do this before, but for some reason I didn't - possibly not having done a full blown admin course since R4 has something to do with it.

Cleanup Jobs Explained

  • UPDALL :Updates the Full Text Indexes on your databases.
    This should run nightly.

  • UPDALL -R : Same as Updall, but rebuilds the indexes.
    This job should be run weekly or less.

  • COMPACT -B :This version of Compact (note the B is case sensitive) will actually recover space on your domino server. Leave the B off, and you don't recover any space.
    This should be run weekly or less freqently.

  • FIXUP : This repairs damaged databases.
    This should be run weekly.

How to make these Jobs Start Automatically at Specific Times

Since you want these jobs to run without interfering with eachother, and preferably away from the backup job, you should adjust your times accordingly.

  1. Open your Server's Address Book.
  2. In the left-hand panel Expand Configuration, then Servers.
  3. Click on Programs.
  4. Click the Action Button marked Add Program.
  5. Type the program name as UPDALL
  6. In the Command Line, type -R.
  7. Pick the Server in the Server to run on box.
  8. Set Enabled/Disabled to read Enabled.
  9. Choose the Run time and Repeat interval and the days of the week.
  10. Click the Action Button marked Save and Close.

Repeat these steps for the other programs and make sure that you space their times out.

You may have to do a restart to get the schedule to begin.

Enjoy.

Thursday, November 17, 2005

Domino Administration Bootcamp

Over the last three days, I've attended "The View" Domino Administration Boot Camp. It was quite an intense bunch of sessions and my head is still reeling from all the possibilities.

One really strange thing was that most of the good things in domino have caveats of some form or other. My notes are full of writings which say "Implement this..." and then they're crossed out saying "Don't bother - it affects xxxxx". I spoke to a few other people at the bootcamp and they said the same thing.

On the whole though, I found a lot of things there to increase my preference for Domino over Exchange. (not that I really needed any) and got a lot of general and specific tips.

Over the coming months, I hope to go through these things one by one and implement them (and discuss them here) but for now, I've got sooo much email waiting.

Sunday, October 23, 2005

A Breakthrough in AntiSpam for Lotus Domino (and probably other Systems)

It never ceases to amaze me how out of touch software vendors can be with their software. They spend a lot of time and money promoting what is essentially crap software, and then when something really spectacular comes along, they forget to do any marketing.

Ok, this generalisation seems to apply to a lot of things, not just computing, but for now, lets look at a recent example.


Symantec MailSecurity for Domino
We have been using Symantec MailSecurity for Domino for some time and while it has been working for us, the maintenance on this product is a lot of work.

For a start, there was no such thing as an automated update, you had to manually add in blocks for everything you could think of. In my case I did a few things;

Firstly, to prevent false positives;


  1. Created a whitelist which included the domain names of most of our frequent business partners (obviously something that needs to be updated occasionally)
  2. Created a whitelist keyword which meant that the use of a specific word in the subject line of an email would cause it to bypass all of our filters - obviously not a normal word, and fortunately not something that would ever require updating.

Now, to prevent spam...
I created about 8 different word lists, called things like Sex Drugs, Loans, Scams etc... and put various keywords into each. That way, if a list seemed to be going ballistic and was blocking everything, I could switch it off without affecting the remaining lists.


Obviously there was a huge amount of work in maintaining these lists.

Whenever I got spam, or someone forwarded me spam, I would have to read it and attempt to decide which words were unique and which category they belonged to. As the words got more and more twisted, the job got harder. Especially when I discovered that certain symbols meant different things to Symantec.


One which got me badly was "cialis", when I first blocked this drug, all mention of the word "specialist" caused emails to be blocked causing a lot of problems for I.T.


We were blocking a lot of spam, but we were also still allowing quite a bit in.

Premium Anti-Spam
One day when I was poking about in Symantec Mail Security, I found a tab marked "Premium Anti-Spam". Nothing on this tab worked. I decided to ask Symantec about this facility when our corporate anti-virus software came up for renewal.

It turns out that Premium Anti-spam was an add-on service for Symantec's Mail Security Products. You just had to pay the extra licence fee and away you go.

Symantec weren't terribly interested in promoting their product. Sure it was a little more expensive than the normal anti-spam, but it wasn't double the price or anything. They explained that the product downloaded signatures from Symantec which uniquely identified the contents of spam emails.

The theory was that symantec received lots and lots of spam and that they converted the contents of this spam into some form of unique identifier. The identifier then became the signature.

The result is supposed to be 99.9% accuracy and 0 false positives.

I finally managed to convince Symantec to sell me the product and had to reinstall MailSecurity to activate it. Since activation, I have received zero spam. I still can't understand why, if Symantec have such an effective product, they don't promote it more effectively, and why their own staff seem oblivious to its benefits.

Thursday, October 06, 2005

The Perils of Home Computing (What you need to do to make your computer more secure)

I can't remember a day in the last three years when I wasn't asked at least one security related question. Security has become the biggest problem in the computing world and it's only going to get worse. This blog entry is aimed at the "average" home-PC user, and will hopefully help you to secure your own computer.

Why is this relevant to me - I haven't got anything on my PC that I want to keep or hide?

Yep, that's the biggest excuse I hear for having no security on your home PC. Let's bust this myth right now.

If your computer is unprotected, people can take things off it (like credit card details) but people can also put things onto it - like child pornography.

There are numerous cases of trojan programs installing child-porn websites on unprotected computers. People have gone to jail for this... People have died for this. Don't let it happen to you.

Have a look at these articles.

    Ok... now that we have your attention, lets look at what you can do to toughen up your home PC.

    If you're not using Windows XP
    I'm afraid that I'm going to have to limit my comments to Microsoft Windows XP. Many of the suggestions here will work with older versions of windows, but some will not. When I suggest obtaining software, please check the system requirements before you install the software.

    Is this article still valid?
    This article was written on Thursday 6th October 2005. By the end of today, some things in it may no longer be valid. That is the nature of the computing world. For the most part, the concepts in this article should be valid for a number of years to come.

    What if I still use a slow modem
    If you have a modem, you might find that it's a bit difficult to download all of these files (some are really quite big). You should look around to see if you can find a cover CD on a computer magazine - or ask your IT person at work to put them on a CD for you.

    Anti-Virus Software
    If you don't have anti-virus software, then do not use the internet. You can download freeware anti-virus from the internet, and can sometimes get it from Cover CDs on Computer Magazines. The best of the freeware Anti-Virus products is AVG Freeware Edition. Of course, the freeware Anti-Virus software is never as good as a commercial product, such as Symantec Anti-Virus. Unless your budget is really, really tight. Buy a commercial one.

    Which version of Windows XP should I be using???
    No, I'm not talking about the differences between XP Professional and XP Home (though the former seems to have better security). I'm talking about updates to the software. These updates are free so there is no excuse for not applying them.

    • Win XP Service Pack 2 - The current version of Windows XP is "service pack 2" you should at least be running this. You can get Service pack 2 from the Windows Update site. Note that Service Pack 2 is a Massive update - if you're using a modem, find a cover CD or expect a long, long wait.
    • All other Windows Updates - Once you have service pack 2, you should go to Windows Update and keep running the update until there are no more updates to be run. Note that you may need to reboot more than once - don't forget to go back to Windows Update after those reboots.
    • Application Software Updates - If you have recent version of Microsoft Office, Visio or other Microsoft applications, you should run the updates from their specific sites (you can get to this via the help menu in Word 2003 - click Help, then Check for Updates). After running all of these updates, you will be able to update these applications via windows update.
    The Other Anti-xxx Software
    • Firewalls - Windows XP SP2 ships with a servicable firewall, but you really should try to do better. If you're looking for a free product, I'd recommend Zone Alarm. The Zone Labs web site tries to make it difficult to find, but if you click Download and buy, then ZoneAlarm (extreme right tab), you will get there.
    • Microsoft Malicious Software Removal Tool - This will look for spyware and other bad stuff on your computer and remove it.
    • Microsoft Anti-Spyware - This stays in your task bar and watches for malicious things on your computer - it's like a super-firewall and is very good software. It can also erase all of your tracks (computer history etc).
    • Google Toolbar - This blocks those popup annoying web advertisments very well.
    • Microsoft Baseline Security Analyser - Download this and run it. It will look for weaknesses in your computer (including silly passwords etc). It will create a list that explains the problems it finds and how to fix them. Fix all the problems that you find.
    • Startup Control Panel - This application allows you to find out what starts up when your computer is turned on. Use it, and check it once or twice a month. Not only will you be able to stop malicious applications, but you will also be able to stop genuine applications from hogging memory. For example, remove: Quicktime, Adobe Acrobat & RealNetworks from startup - you can start them yourself when you need them. There are lots of other applications that fall into this category.

    Anti-Spam

    This is a difficult one. Anti-Spam software is generally ineffective against web-based mailboxes, such as hotmail and gmail - you need to rely on the providers for protection here. The other thing about anti-spam software is that it generally works for only a single application.

    If you have Microsoft Outlook or Microsoft Outlook Express, try SpamFighter.

    If you have Mozilla Thunderbird, the anti-spam function is built-in.


    Replacement Software

    A lot of people are advocating the replacement of Internet Explorer with Firefox (and Microsoft Office) due to security issues. At this stage, I don't think you need to worry about these.

    Outlook express however is a different story. This software is a virus deployment system which also does email... Get rid of it. If your ISP has an online mail reader, or if you have some other web-based service, such as hotmail or gmail, then use it. If you need to use a mail reader, use Thunderbird.

    There are a few other reputable security applications that you might want to use...

    • AdAware Personal - Which prevents adware (but only after it has been installed) - you need to scan regularly.
    • Spybot Search and Destroy - Which primarily targets spyware. This software can be used to scan for new spyware (if run regularly), but it also can install a preventative mechanism.
    • PGP Freeware - If you need to encrypt email for people, use this - but remember that the recipient needs a copy of the application too.

    There's a lot more security applications and utilities available... but we don't want to go overboard do we?

    Friday, September 30, 2005

    Creating a Domino Navigation System - Part 2

    Last time we got the views, forms, framesets etc up and running. This time we're going to look at execution.

    Create a VB Script Library called NAVScripts

    The first thing we need to do is add the RunShellExecute API to our Project.

    In the Declarations section of your application, add the following;

    Declare Function GetDesktopWindow Lib "user32" () As Long

    Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (Byval hwnd As Long, Byval lpOperation As String, Byval lpFile As String, Byval lpParameters As String, Byval lpDirectory As String, Byval nShowCmd As Long) As Long

    Note that the there are only two lines here (The second group has a few word-wraps in it).

    Next, add the following code, which makes it a little easier to use the shellexecute function. It also allows us to pass multiple things to it separated by double hashes ## (this is useful if you want to specify a specific action, as specified in the comments at the beginning of the routine).

    Sub RunShellExecute(sTopic As String, sFile As Variant, sParams As Variant, sDirectory As Variant, nShowCmd As Long)

    'EXAMPLE: Play wav file with associated app RunShellExecute "Play", "c:\windows\media\Notify.wav", 0&, 0&, SW_SHOWNORMAL

    'EXAMPLE: Play avi file with associated app RunShellExecute "Play", "E:\VB Graphics\avi\Cogs.avi", 0&, 0&, SW_SHOWNORMAL

    'EXAMPLE: Open txt file with associated app RunShellExecute "Open", "c:\My Documents\rundll.txt", 0&, 0&, SW_SHOWNORMAL

    'EXAMPLE: Open txt file with notepad RunShellExecute "Play", "C:\windows\notepad.exe", "c:\My Documents\rundll.txt", 0&, SW_SHOWNORMAL


    Dim hWndDesk As Long
    Dim success As Long

    Const SE_ERR_NOASSOC = &H31
    Const vbTextCompare = 1

    Dim HashPos As Integer

    HashPos = Instr(1, sFile, "##" , vbTextCompare)

    If HashPos > 0 Then
    sTopic = Left(sFile, HashPos -1 )
    sFile = Right(sFile, (Len(sFile) - (HashPos+1)))
    End If

    'The desktop will be the default for error messages
    hWndDesk = GetDesktopWindow()

    Print "RunShellExecute: " + "Topic=[" + sTopic + "]" + " File=[" + sFile + "]"

    'Execute the passed operation

    success = ShellExecute(hWndDesk, sTopic, sFile, sParams, sDirectory, nShowCmd)

    End Sub


    I've also got a couple of other useful subs which we should include (or the code wont work).

    The first of these subs allows us to replace specific parts of variables, very similar to the replace function in Visual BASIC. (Actually, this was what we used before there was a replace function). Using this allows you to interpret command lines on the fly (eg: Substitute %USERNAME% with the current user name).


    Function ReplaceSubstring(BigString As String, ReplaceString As String, WithString As String, CaseSensitive As Boolean) As String
    Dim CaseSelector As Integer
    Dim ReplaceLength As Integer, Position As Integer
    Dim LeftString As String, RightString As String

    If CaseSensitive = True Then CaseSelector = 0 Else CaseSelector = 1
    Position = Instr(1,BigString,ReplaceString, CaseSelector)

    If Position <> 0 Then
    ReplaceLength = Len(ReplaceString)
    LeftString = Left$(Bigstring,Position-1)
    RightString = Mid$(BigString,Position+ReplaceLength)
    ReplaceSubstring = LeftString + WithString + RightString
    Else
    ReplaceSubstring = BigString
    End If
    End Function


    Now that we have actual "execution" routines, we need to create a function to read the values from the form and execute them.

    Sub QueryODCentral(Source As Notesuiview, Continue As Variant)
    Dim session As New NotesSession
    Dim db As NotesDatabase
    Dim docs As NotesDocumentCollection
    Dim doc As NotesDocument

    Set db = session.CurrentDatabase
    Set docs = Source.Documents
    Set doc = docs.GetFirstDocument()

    Dim CommandLine As String
    Dim LinkType As String
    Dim LinkData As String
    Dim DocInfo As String
    Dim ReminderTitle As String
    Dim DatabaseURL As String

    DatabaseURL = db.NotesURL
    DocInfo = doc.TXTTitle(0)
    ReminderTitle = doc.Subject(0)
    LinkType = doc.KeyLinkType(0)
    LinkData = doc.TXTLinkData(0)

    If DocInfo = "" Then DocInfo = ReminderTitle

    Select Case Ucase$(Trim$(LinkType))


    Case "LAUNCH"
    If LinkData <> "" Then
    If Instr(1, Ucase$(LinkData), "%NOTESSERVER%",1) > 0 Then
    LinkData = ReplaceSubstring(LinkData, "%NOTESSERVER%", NotesServer, 0)
    End If

    If Instr(1, Ucase$(LinkData), "%CURRENTYEAR%",1) > 0 Then
    LinkData = ReplaceSubstring(LinkData, "%CURRENTYEAR%", Trim$(Format$(Now, "YYYY")), 0)

    End If


    RunShellExecute "Open", LinkData, 0&, 0&, 1
    Print "LAUNCH: " + DocInfo
    Else
    Print "LAUNCH ERROR: There was no document specified"
    End If

    Case "MESSAGE"
    Msgbox LinkData,64,DocInfo
    Print "MESSAGE: " + LinkData


    Case Else
    Msgbox "Unknown Link Type - Unable to Launch",48,"Error"
    End Select

    Continue = False
    End Sub


    You will notice that in this code, there are two possible linktypes: Message and Launch. We can easily add more, though as yet, I havent found the need... Eventually though, I may add an opendocument type - I'll explain the use of Notes URLs a bit later, so you can see that this wont necessarily be required.

    Finally, we need to make some modifications to the views... Remember to leave at least one view "untouched" (and call this view Edit Mode - or something similar).

    In the Options for the View, include the phrase

    Use "NAVScripts"

    In the QueryOpenDocument part of the view, include the following;

    Sub Queryopendocument(Source As Notesuiview, Continue As Variant)
    QueryODCentral Source , Continue
    End Sub

    That's it... now you can start to create some Navigator Entries.

    Ideally when you double-click them, they will launch.

    The theory is that you could create an entry with a sensible display title (TXTTitle), set the link type (KEYLinkType) to LAUNCH, and then Set the Link Data (TXTLinkData) to almost anything;

    examples:
    http://www.google.com.au

    notes://%NOTESSERVER%/names.nsf
    C:\temp\mytextfile.txt
    C:\windows\system32\calc.exe

    The other terribly exciting thing that this navigator has over my old Navigator is that because these things are documents in views, I can full text search for anything I can't find.

    Final Thoughts...
    The full version of my navigator also includes...
    • Keywords for Department Names (so that certain things only appear for certain departments)
    • Keywords for Importance Levels etc... to assist in the sorting of items in views.
    • A calendar entry form which is similar to the navigator entry, which causes specific items to appear on specific days only. (and they're still launchable).

    I apologise for getting so technical early on on this blog... I'll try to vary the technical levels of my entries. If anyone has any questions, let me know and I'll provide you with a template.

    Gavin.

    Thursday, September 29, 2005

    Creating a Domino Navigation System - Part 1

    Introduction
    In this tutorial, I'll be attempting to show you one way that you could make a menu/navigation system for your company (I'm hesitating to use the word portal), without resorting to either Workplace or WebSphere.

    I think we're all familiar with the welcome screen, which is nice for individual users, but really isnt much good for a corporation, especially not one with lots of databases.

    I originally built a navigation system for my company using Navigators, they were the only things available at the time. This resolved some problems I had with the workspace, namely how to put new databases on the desktop, and control where they went.

    Unfortunately, the problem with this approach is that when you want to make changes, you have to do so using designer. I wanted to come up with a more flexible navigator which would allow things to be easily moved around.

    Note that the proposed navigator is a Notes-based, rather than web-based system.



    The Basic Building Blocks
    I'm going to assume a little familiarity with domino designer here...

    Outlines
    Create an outline to use for the left hand panel navigation system - I'd suggest that it should include things like My Mail, and the main departments/divisions in your company.

    Pages
    Create a Page for the Navigator Controls (down the left hand side of the screen), and embed the outline onto it.

    Create a second page for the main body of the navigator - we're actually going to use views for most of the work in the navigator, but a page is really nice to start on. This gives us a bit of scope for graphics. You might want to embed some frequently used views from other databases onto this page. I added our room booking system and business contacts, speed dials and staff phone list. I also added some graphical icons below and put two views (back into the navigation system itself) at the top (I'll provide more information on these later).

    I created a page for the Top banner and a page for the version number (bottom left hand corner), these pages don't do much, so you might want to ignore them.

    Forms
    I have two forms in my database, one is a Navigator Entry, and the other is a Reminder. The reminder is essentially the same as the navigator entry except that it has time and scheduling fields to make its entries appear only on days for which it is relevant. The data from the reminder form appears on the top view of the navigator.

    I'm mainly going to be concerned with the navigator entry form. This form should have, at the very least, an Item Title (text field), possibly a LinkType (dialog list) and a LinkData field (text).
    I've called these fields TXTTitle, KEYLinkType and TXTLinkData respectively. You should also consider having a Categories (Dialog List) field, so that you can decide which views an entry should be in. My categories field was called KEYCategories.

    Views
    Finally, create a view which displays the TXTTitle from the Navigator Entry form. You can place a restriction on the view if you like, In my case, I restrict to only those Navigator Entries which have @Contains(KEYCategories ; "STAFF_FAVORITES"). You should update your page to embed this view on it.

    You should create one or two more copies of this view, with different KEYCategories restrictions, including at least one view with no restrictions. You should link some of your outline entries to these views, (to open the views in the pane currently occupied by the main body page.

    Framesets
    Create a frameset to tie all of these elements together and set the database to open the frameset. Make the navigation controls page, and the main body page the default settings for the navigator, and set the database to open the navigator automatically when it is opened.


    Next Time: I'll give you the code required to execute items when they are double-clicked in views.

    Wednesday, September 28, 2005

    Copyright and Other Disclaimers (Important)

    I'm not a "legal" person, and I know that most people don't bother reading legal things, so I'm writing this in plain English. Ideally that shouldn't affect the legal potency of this work...

    Ownership of Material
    Technically I am the owner of all material posted on this blog, however I grant everyone the right to use it in any way they want to (except to bring legal action, abuse or other horrible stuff down onto me). It would be nice if you were to acknowledge the source, but I know that in the connected world, this isn't always possible, so I won't hold you to it.

    You can copy it, send it around, change words (on your copy, not on mine) etc...

    Insulting Statements etc.
    I will be trying hard not to insult people or companies or make libellous statements, but sometimes you do these things without thinking. If I offend anyone, please let me know (I think there's some sort of email link on this blog somewhere), and I will remove the offending entry post-haste. Don't sue me or take any form of legal action (I hate that sort of thing), just let me know, I'll apologise and remove the offending entry and all will be sweet (I hope).

    Disclaimer
    I'm something of a programmer, though not really what you'd call a terribly good one. There will be source code posted here, as well as other statements. You can use it to your heart's content (see the first paragraph - duh..) but... assume that I'm an idiot...

    Don't place any faith in any statement, or any code that I post. Be man (or woman) enough to check it out for yourself. I'm disclaiming responsibility as far as I possibly can, for anything posted here. Use at your own risk

    Of course, if you do find something wrong... let me know the right answer and I'll fix it.

    Gavin.

    Welcome (Introduction to the Blog)

    Hi, and welcome to my Computing and Lotus Domino blog... I was originally going to mix computing family and movies all into my other blog, but then I thought about the audience... If you want to read about one topic, you don't want other topics interfering.

    The main things that will be on this blog will be;
    • General Articles on Computing
      Future Directions, Home PC Security etc. I don't expect anything here to be life-changing, but I'll try to pitch this at a consistent level.
    • Real-life Computing problems and Answers
      I'm an IT Manager and have a lot to do with LANs, Security etc). I'll talk about my problems with Systems Implementation, Management issues etc.
    • Lotus Domino /Lotus Notes (and maybe Workplace)
      I have a long association with this product, and there already a lot of sites out there that are either too light, or too technical, I'm going to try to walk a middle road.

    I will try to keep these things separate and will usually attempt to describe the topic neatly in the heading.

    Enjoy reading.

    Gavin.