Pstools are the greatest things

I have been using the for quite a while now but it hit me this morning how useful and a part of my everyday work these have become. There are plenty of blogs singing their praises and many tutorials on the use of these invaluable tools, so I won't go into all that. I just hope some poor soul that doesn't know about these god-send programs will save some time and many headaches using them.

There are live versions of all the original tools plus so many more. Checkout http://live.sysinternals.com/ to use all of the tools and then decide if they can help you daily as well.

Content Filtering - Using DNS or more?

The conversation came up about content or web filtering recently in our offices. We have had numerous reports of pornographic pictures being printed, MySpace and Facebook surfers and many more instances of adware, spyware, virii, etc.

I don't control the purse strings, our company controller does that. Before I came on the company had a long standing relationship with an external company to do all the server and network setup. This relationship has lessened in the past few years but he still helps out and gets some things done that we otherwise wouldn't have time for. Back to the point....

I said that Barracuda or Marshall/8e6 would be the best choices for doing such filtering. Both have very high reviews in ease of use, technology and methods used, high volume capacity and strong controls for blocking or tracking.

Our external partner suggested using DNS alone. The company controller (the financial guy) decided this was the best option.

DNS is always a part of any content filtering solution, when a small number of sites are needed to be blocked. This is no doubt they way to go in terms of price, but what about all of the other issues that could be avoided with other means?

DNS is not going to block malicious software. The cost of the equipment in a corporate environment can easily be mitigated by the fact that tech will be spending up to 40% less of their time cleaning up after the latest weatherbug download.

In the case of PCI compliance and hard security issues allowing the possibility of the proliferation of spyware etc would blow any compliant status you might have attained with just one infection. Anti-virus software is supposed to catch these things but how many times has any tech had to clean up where the Anti-virus didn't?

Work productivity is another selling point for me. Not something a tech would concern himself with, but I am looking for selling points. If a staff member is spending just 10% of their time on the internet surfing in general lets take a look at the hard numbers:

$12 an hour - 40 hour week. That would be 4 hours on the internet for non work related purposes. adding up to $48 a week in stolen productivity. Multiply that out over just one year it adds up to $2400. Take that a step further and apply it to an office staff of 50 and you get $120,000 in stolen productivity.

No solution is going to stop all web surfing and some may be legitimate. Let say that half of the time spent surfing can be blocked, that would be $60,000 from a $6000 investment.

DNS filtering, I do not think, will give anywhere near that kind of return by just filtering and redirecting domains and the small number of domains that you can effectively manage when compared to the cost and time saving benefits of a more robust solution.

How to get around the Sapphire dial-in from Verifone (Sometimes…)

How to get around the Sapphire dial-in from Verifone (Sometimes…)

Recently (Memorial Day weekend) I had a location that the Sapphire boot-fixed. The location was running Buypak 5.04.06 and lost the gemcom.ldm file.

We did not have helpdesk at the time making a dial-in not a viable option without shelling out $688 ($588 + $100 expedite fee). I am just a little tight with money and don’t believe the value to be there for such an unused and often uninformed service.

I set about the process by trying the usual vfg-file-that-should-not-be-named process but it failed almost immediately. Thinking that Verifone had blocked me with some nefarious settings I went on to the next resolution.

I figured that since the file was corrupt on the Sapphire and ususable at the time, I would be able to use the workstation to restore gemcom communications from that point of access, with an upgrade to the workstation.

I upgraded the workstation to Rubylink on Com2 and tried the polling process. Still a no go. It was time to call the Helpdesk.

The call to the Helpdesk went as expected, “That station has not signed up for Helpdesk, we cannot dail-in”. So I posed the question, “Shouldn’t an upgrade of the BackOffice replace the gemcom files?” The answer was a no, that the gemcom file is present in all installations so there was no need to reload it when an upgrade is performed. Great, no help there either.

Now comes the delima, how to get the gemcom file back in the Sapphire without a dial-in and with as little effort as possible.

Close inspection of the relsapp.vfg gives us the answer. The older version loaded the files, the newer ones don’t. A quick comparison of the Backoffice section reveals that.
I took the file lines from the old version and placed them in the new version relsapp.vfg.

File=gcoms2.ld~ gcomms.ldm
File=gemcm2.ld~ gemcom.ldm

An upgrade then reloads the files.

A Quick disclaimer:

Tinkering with any of the vfg files can be disasterous business. Make sure to work on a COPY of the vfg file or have a backup of the original somewhere.

This strategy or process is not documented, condoned or acknowledged by Verifone. The previous, corrupted file, whatever it may be, will still be in the system and will eventually need to be cleaned out. Clean-up is a part of the Verifone dial-in process. This just makes a clean copy of the file available in the system.