Cant Copy a Group Policy Object

KB ID 0001543

Problem

Was asked this this morning, why couldn’t someone ‘Copy’ a Group Policy Object (GPO)?

Solution

At first I was confused, (I made the same mistake they had), look at what I’m trying to copy? It’s not a Group Policy Object, its a ‘Link‘ to a GPO. (Note: There’s a  shortcut arrow!’)

Locate the actual GPO and you can copy it!

Related Articles, References, Credits, or External Links

NA

Stacking (VSF) Aruba Switches

KB ID 0001492

I noticed some shiny Aruba switches on the bench today, they were for a job my colleague is working on. (Note: Each switch in a stack should be the same model, so these will need two stacks!)

I work on the occasional HP/Aruba core switch, but it’s been a while since I did any work on distribution switches like these. The first thing I learned, was there’s no dedicated stacking cable for them. They simply use a 10Gb (Twinax / DAC) cable. Which I suppose is pretty straight forward, but it means you lose an SFP+ port (which is a bit pants).*

*Note: You can stack with 1GB cables, but you can’t mix and match!

So I said “Give me a shoult when you stack them and I’ll take a nosey!”

Solution

In the ‘land of Aruba’ this is called creating a VSF (Virtual Switching Fabric). As you can see from the photo, these are 2930F Switches, and you can stack up to four switches in a VSF. The same stacking method is used on the 5400R (v3) and 5412, where you can link two 5400R or 5412’s).

Also this method is NOT to be confused with ‘Fabric Stacking’ which is available on the 2920,2930M,3800,3810M models, (that is more like Cisco FlexStack, with a dedicated 100Gb stack cable).

So, assuming you have your switch new and fresh, connect in with your console cable, and dedicate a port to use for VSF.

[box]

Aruba-2930F-24G-PoEP-4SFPP# conf t
Aruba-2930F-24G-PoEP-4SFPP(config)# vsf member 1 link 1 ethernet 25
All configuration on this port has been removed and port is placed in VSF mode.

[/box]

Then place the switch into a VSF domain

[box]

Aruba-2930F-24G-PoEP-4SFPP(config)# vsf enable domain 1
This will save the current configuration and reboot the switch.

[/box]

The switch will ask for a reboot, let it do so.

Repeat the procedure on the second switch, (but this will be member 2).

[box]

Aruba-2930F-24G-PoEP-4SFPP# conf t
Aruba-2930F-24G-PoEP-4SFPP(config)# vsf member 1 link 1 ethernet 25
All configuration on this port has been removed and port is placed in VSF mode.
Aruba-2930F-24G-PoEP-4SFPP(config)# vsf enable domain 1
This will save the current configuration and reboot the switch.

[/box]

Once again let the switch reboot. 

Post reboot you will see the ports are ‘re-numbered’ 1/{port-number} on vsf member 1, 2/{port-number} on vsf member 2 etc.

[box]

Aruba-2930F-24G-PoEP-4SFPP# show interfaces
Status and Counters - Port Counters

                                                                 Flow Bcast
  Port         Total Bytes    Total Frames   Errors Rx Drops Tx  Ctrl Limit
  ------------ -------------- -------------- --------- --------- ---- -----
  1/1          0              0              0         0         off  0    
  1/2          0              0              0         0         off  0    
  1/3          0              0              0         0         off  0    
  1/4          0              0              0         0         off  0    
<---------------Output Removed For The Sake Of Brevity-------------->   
  1/10         0              0              0         0         off  0    
  1/11         0              0              0         0         off  0    
  1/12         0              0              0         0         off  0    
  1/13         0              0              0         0         off  0  
<---------------Output Removed For The Sake Of Brevity--------------> 
  1/19         0              0              0         0         off  0    
  1/20         0              0              0         0         off  0    
  1/21         0              0              0         0         off  0       
  1/25         1,496,823,949  23,354,845     0         0         off  0
<---------------Output Removed For The Sake Of Brevity--------------> 
  2/1          0              0              0         0         off  0    
  2/2          0              0              0         0         off  0    
  2/3          0              0              0         0         off  0    
  2/4          0              0              0         0         off  0    
<---------------Output Removed For The Sake Of Brevity--------------> 
  2/22         0              0              0         0         off  0    
  2/23         0              0              0         0         off  0    
  2/24         0              0              0         0         off  0    
  2/25         1,536,016,322  23,966,915     0         0         off  0    
  2/26         0              0              0         0         off  0    
  2/27         0              0              0         0         off  0    
  2/28         0              0              0         0         off  0    
 

[/box]

If you need to Stack 3 or 4 Switches then you need to add a second link, and create a ring;

i.e.

  • Switch 2 (2nd link now to switch 3) vsf member 2 link 2 ethernet 26
  • Switch 3 (1st link to switch 2 ) vsf member 2 link 1 ethernet 25
  • Switch 3 (2nd link to switch 4 ) vsf member 2 link 2 ethernet 26
  • Switch 4 (1st link to switch 3 ) vsf member 4 link 1 ethernet 25
  • Switch 4 (2nd link to switch 1 ) vsf member 4 link 2 ethernet 26

Useful Aruba VSF Commands

show vsf or show vsf detail :  Shows the list of provisioned chassis members.

show vsf link or show vsf link detail : Shows the state of vsf links for all members.

show vsf lldp-mad status : Shows LLDP MAD (Multi-Active Detection).

show vsftrunk-designated-forwarder : Shows designated forwarders for each trunk.

Related Articles, References, Credits, or External Links

NA

Cisco ASA – Active / Active Failover

KB ID 0001114

Usually when I’m asked to setup Active/Active I cringe, not because its difficult, its simply because people assume active/active is better than active/standby. I hear comments like ‘we have paid for both firewalls lets use them’, or ‘I want to sweat both assets’.

The only real practical use cases I can think of for Active /Active are;

  • You have a multi-tenancy environment and want to offer your tenants failover firewall capability.
  • You have multiple LAN subnets and what to split them though different firewalls.

What Active/Active Wont Give You

Load balancing: It’s a firewall! If you want load balancing buy a load balancer! People assume because both firewalls are passing traffic, they must load balance, they don’t, in fact they don’t even pass traffic from the same subnet.

VPNS: Yes theres no VPNs with Active Active. (This is 100% the case up to an including version 9.0, after version 9.0 they have stopped saying it’s not supported, but don’t say it’s supported).

Deploy Cisco ASA in Active/Active Failover

Here’s what Im going to setup;

For a more ‘logical’ view heres what is actually being setup;

1. Make sure the Licences are on the firewalls allow multiple contexts. and Active/Active, for 5510, 5512-X, and 5508-X that means Security Plus, for all other models a ‘base’ licence is required. (Note: This CANNOT be done on an ASA 5505 or 5506-X).

[box]

ciscoasa(config)# show version

Cisco Adaptive Security Appliance Software Version 8.4(2) 

——OUTPUT REMOVED FOR THE SAKE OF BREVITY—

Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 5              perpetual
GTP/GPRS                          : Disabled       perpetual

——OUTPUT REMOVED FOR THE SAKE OF BREVITY—

Configuration last modified by enable_15 at 08:04:40.249 UTC Wed Oct 14 2015
ciscoasa(config)#

[/box]

2. Put the firewalls in Multiple context mode.

[box]

ciscoasa(config)# mode multiple 
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm] 
Convert the system configuration? [confirm] 
!
The old running configuration file will be written to flash

Converting the configuration - this may take several minutes for a large configuration

The admin context configuration will be written to flash

The new running configuration file was written to flash
Security context mode: multiple 

[/box]

3. Let it reboot.

4. Make sure the firewall is in routed mode, and multiple context mode, repeat on the other firewall.

[box]

ciscoasa> enable
Password: *********
ciscoasa# show mode
Security context mode: multiple 
ciscoasa# show firewall
Firewall mode: Router
ciscoasa#

[/box]

5. Once ASA1 is backup give it a sensible hostname, and ensure all the physical interfaces (and any sub interfaces) are NOT shutdown, and add then to the relevant VLAN (they are shut down by default).

[box]

ciscoasa(config)# hostname PHYSICAL-ASA    
PHYSICAL-ASA(config)# interface gigabitEthernet 0
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config)# interface gigabitEthernet 0.1
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 800
PHYSICAL-ASA(config)# interface gigabitEthernet 0.2
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 900
PHYSICAL-ASA(config)# interface gigabitEthernet 1
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config-if)# interface gigabitEthernet 1.1
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 100
PHYSICAL-ASA(config-subif)# interface gigabitEthernet 1.2
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 200
PHYSICAL-ASA(config-subif)# exit
PHYSICAL-ASA(config)# exit
PHYSICAL-ASA# 

[/box]

6. Failover link NEEDS to be configured and used by the SYTEM Context, so its configured here. (Note: I’m using the same physical interface for LAN and Stateful failover information).

[box]

PHYSICAL-ASA(config)# failover lan unit primary
PHYSICAL-ASA(config)# failover lan interface FAILOVER GigabitEthernet2
INFO: Non-failover interface config is cleared on GigabitEthernet2 and its sub-interfaces
PHYSICAL-ASA(config)# failover link FAILOVER GigabitEthernet2
PHYSICAL-ASA(config)# failover interface ip FAILOVER 172.16.1.1 255.255.255.0 standby 172.16.1.2
PHYSICAL-ASA(config)#

[/box]

7. You can only have TWO failover groups (you can have many contexts, depending on the licence on your firewall).

[box]

PHYSICAL-ASA(config)# failover group 1
PHYSICAL-ASA(config-fover-group)# polltime interface msec 500 holdtime 5
PHYSICAL-ASA(config-fover-group)# primary 
PHYSICAL-ASA(config-fover-group)# preempt 100
PHYSICAL-ASA(config-fover-group)# exit
PHYSICAL-ASA(config)# failover group 2
PHYSICAL-ASA(config-fover-group)# polltime interface msec 500 holdtime 5
PHYSICAL-ASA(config-fover-group)# secondary 
PHYSICAL-ASA(config-fover-group)# preempt 200

[/box]

Note: Unlike Active/Passive the ASA can preempt and ‘fail-back’ automatically.

8. Setup and assign your CONTEXTS (virtual firewalls), to these groups.

[box]

PHYSICAL-ASA(config)# admin-context admin    
PHYSICAL-ASA(config)# context admin
PHYSICAL-ASA(config-ctx)# config-url disk0:/admin.cfg

Cryptochecksum (changed): d9951253 3b82d2ce 840166f8 ccd3d7f1 
INFO: Context admin was created with URL disk0:/admin.cfg
INFO: Admin context will take some time to come up .... please wait.
PHYSICAL-ASA(config-ctx)# context vASA1
Creating context 'vASA1'... Done. (2)
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet1.1 inside_vASA1
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet0.1 outside_vASA1
PHYSICAL-ASA(config-ctx)# config-url disk0:/vASA1.cfg

WARNING: Could not fetch the URL disk0:/vASA1.cfg
INFO: Creating context with default config
PHYSICAL-ASA(config-ctx)# join-failover-group 1
PHYSICAL-ASA(config-ctx)# context vASA2
Creating context 'vASA2'... Done. (3)
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet1.2 inside_vASA2 
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet0.2 outside_vASA2
PHYSICAL-ASA(config-ctx)# config-url disk0:/vASA2.cfg                        

WARNING: Could not fetch the URL disk0:/vASA2.cfg
INFO: Creating context with default config
PHYSICAL-ASA(config-ctx)# join-failover-group 2

[/box]

The following will show you a summary of the contexts.

[box]

PHYSICAL-ASA(config)# show run | b context
admin-context admin
context admin
  config-url disk0:/admin.cfg
!

context vASA1
  allocate-interface GigabitEthernet0.1 outside_vASA1 
  allocate-interface GigabitEthernet1.1 inside_vASA1 
  config-url disk0:/vASA1.cfg
  join-failover-group 1
!

context vASA2
  allocate-interface GigabitEthernet0.2 outside_vASA2 
  allocate-interface GigabitEthernet1.2 inside_vASA2 
  config-url disk0:/vASA2.cfg
  join-failover-group 2
!

[/box]

10. Now configure vASA1.

[box]

PHYSICAL-ASA(config)# changeto context vASA1
PHYSICAL-ASA/vASA1(config)# interface outside_vASA 1
PHYSICAL-ASA/vASA1(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
PHYSICAL-ASA/vASA1(config-if)# ip address 123.123.123.123 255.255.255.0 standby 123.123.123.124
PHYSICAL-ASA/vASA1(config-if)# no shut
PHYSICAL-ASA/vASA1(config)# interface inside_vASA 1
PHYSICAL-ASA/vASA1(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
PHYSICAL-ASA/vASA1(config-if)# ip address 10.5.100.1 255.255.255.0 standby 10.5.200.2
PHYSICAL-ASA/vASA1(config-if)# no shut
PHYSICAL-ASA/vASA1(config-if)# exit
PHYSICAL-ASA/vASA1(config)# route outside 0.0.0.0 0.0.0.0 123.123.123.1
PHYSICAL-ASA/vASA1(config)# monitor-interface inside 
PHYSICAL-ASA/vASA1(config)# monitor-interface outside
PHYSICAL-ASA/vASA1(config)# object network obj_any
PHYSICAL-ASA/vASA1(config-network-object)# subnet 0.0.0.0 0.0.0.0
PHYSICAL-ASA/vASA1(config-network-object)# nat (inside,outside) dynamic interface
PHYSICAL-ASA/vASA1(config-network-object)# exit
PHYSICAL-ASA/vASA1(config)# exit
PHYSICAL-ASA/vASA1# 

[/box]

11. Now configure vASA2.

[box]

PHYSICAL-ASA/vASA1(config)# changeto context vASA2
PHYSICAL-ASA/vASA2(config)# interface inside_vASA 2
PHYSICAL-ASA/vASA2(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.       
PHYSICAL-ASA/vASA2(config-if)# ip address 10.6.200.1 255.255.255.0 standby 10.6.200.2
PHYSICAL-ASA/vASA2(config-if)# no shut              
PHYSICAL-ASA/vASA2(config)# interface outside_vASA 2
PHYSICAL-ASA/vASA2(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
PHYSICAL-ASA/vASA2(config-if)# ip address 120.120.120.120 255.255.255.0 standby 120.120.120.122
PHYSICAL-ASA/vASA2(config-if)# exit
PHYSICAL-ASA/vASA2(config)# route outside 0.0.0.0 0.0.0.0 120.120.120.1
PHYSICAL-ASA/vASA2(config)# object network obj_any
PHYSICAL-ASA/vASA2(config-network-object)# subnet 0.0.0.0 0.0.0.0
PHYSICAL-ASA/vASA2(config-network-object)# nat (inside,outside) dynamic interface
PHYSICAL-ASA/vASA2(config-network-object)# exit
PHYSICAL-ASA/vASA2(config)# 

[/box]

12. Go back the the System context and save ALL the changes.

[box]

PHYSICAL-ASA/vASA2(config)# changeto system 
PHYSICAL-ASA(config)# wr mem all
Building configuration...
Saving context :           system : (000/003 Contexts saved) 
Cryptochecksum: e63d00e3 18224da1 be9d77c6 27c6e54d 

2109 bytes copied in 0.300 secs
Saving context :            admin : (001/003 Contexts saved) 
Cryptochecksum: f2f07827 f2784851 89925ac1 86c1e96f 

974 bytes copied in 0.330 secs
Saving context :            vASA1 : (002/003 Contexts saved) 
Cryptochecksum: 037e3a39 fe10e4d0 ff72d306 36fcf1ed 

1930 bytes copied in 0.330 secs
Saving context :            vASA2 : (003/003 Contexts saved) 
Cryptochecksum: e9024f22 53ad6316 70f7ccad 4394c81c 

1879 bytes copied in 0.230 secs
[OK]                                                         
PHYSICAL-ASA(config)# 

[/box]

Note: Configuration on the main (physical) firewall is complete, the ‘failover’ configuration needs to now be setup on the second physical ASA.

13. On the ’Secondary’ Physical ASA.

[box]

ciscoasa# configure terminal 
ciscoasa(config)# interface gigabitEthernet 0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# interface gigabitEthernet 0.1
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 800
ciscoasa(config-subif)# interface gigabitEthernet 0.2
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 900
ciscoasa(config-subif)# interface gigabitEthernet 1
ciscoasa(config-if)# no shut
ciscoasa(config-if)# interface gigabitEthernet 1.1
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 100
ciscoasa(config-subif)# interface gigabitEthernet 1.2
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 200
ciscoasa(config-subif)# exit
ciscoasa(config)# failover lan unit secondary 
ciscoasa(config)# failover lan interface FAILOVER GigabitEthernet2       
INFO: Non-failover interface config is cleared on GigabitEthernet2 and its sub-interfaces
ciscoasa(config)# failover link FAILOVER GigabitEthernet2                     
ciscoasa(config)# failover interface ip FAILOVER 172.16.1.1 255.255.255.0 standby 172.16.1.2
ciscoasa(config)# 

[/box]

14. Remember failover is off by default, and we have not switched it on, this needs to be done on both of the physical ASA’s (primary and secondary). Note: Make sure the ‘failover’ interface is NOT in a shut down state first!

[box]

Secondary


ciscoasa(config)# interface GigabitEthernet2
ciscoasa(config)# no shut
ciscoasa(config)# failover
ciscoasa(config)# 

Primary

PHYSICAL-ASA(config)# int gigabitEthernet 2
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config)# failover
PHYSICAL-ASA(config)#

[/box]

Note: If building in GNS3 sometimes you need to put a switch in the middle of the ‘backup link’ or the firewalls don’t detect each other!

17. Top Tip: Remember that you need to make the changes on the active firewall context in the correct failover group. Change the firewall prompt to show you all this information.

[box]

PHYSICAL-ASA# conf t
PHYSICAL-ASA(config)# prompt hostname context priority state
PHYSICAL-ASA/pri/act(config)# 

[/box]

Testing Active/Active Failover

If you change to vASA1 (notice it’s active).

[box]

PHYSICAL-ASA/pri/act(config)# changeto context vASA1
PHYSICAL-ASA/vASA1/pri/act(config)# 

[/box]

Now change to vASA2, (This ones in standby so DONT make changes here or they wont get replicated / saved).

[box]

PHYSICAL-ASA/vASA1/pri/act(config)# changeto context vASA2
PHYSICAL-ASA/vASA2/pri/stby(config)# 

[/box]

Note: Moral of the story is you need to be aware what physical firewall you are on (primary or secondary) what mode you are in (active or standby) and what context you are in (vASA1 or vASA2). So in this example to make a change to vASA2 you would need to go to Secondary/Standby/vASA2 to edit the active firewall, (confusing eh! That’s why I change the firewall prompt).

Now you will want to test things, probably by pinging, don’t forget ICMP is not enabled by default an you will need to enable it, (in each context).

[box]

vASA1 (as specified above), make sure it says ‘act’ on the end of the prompt.

PHYSICAL-ASA/pri/act(config)# changeto context vASA1
PHYSICAL-ASA/vASA1/pri/act(config)# policy-map global_policy
PHYSICAL-ASA/vASA1/pri/act(config-pmap)# class inspection_default
PHYSICAL-ASA/vASA1/pri/act(config-pmap-c)# inspect icmp
PHYSICAL-ASA/vASA1/pri/act(config-pmap-c)# exit
PHYSICAL-ASA/vASA1/pri/act(config-pmap)# exit
PHYSICAL-ASA/vASA1/pri/act(config)# exit
PHYSICAL-ASA/vASA1/pri/act# 

vASA2 (as specified above), make sure it says ‘act’ on the end of the prompt.

PHYSICAL-ASA/sec/stby# changeto context vASA2
PHYSICAL-ASA/vASA2/sec/act# conf t
PHYSICAL-ASA/vASA2/sec/act(config)# policy-map global_policy
PHYSICAL-ASA/vASA2/sec/act(config-pmap)# class inspection_default
PHYSICAL-ASA/vASA2/sec/act(config-pmap-c)# inspect icmp
PHYSICAL-ASA/vASA2/sec/act(config-pmap-c)# exit
PHYSICAL-ASA/vASA2/sec/act(config-pmap)# exit
PHYSICAL-ASA/vASA2/sec/act(config)# exit

[/box]  

Tracking Affiliate Advertising Clicks in Google Analytics

KB ID 0000632

Problem

Google Analytics is great at telling you what’s coming into your site, but it’s not designed to tell you what’s going out. For the most part that’s OK, but what if you have affiliate adverts, and you want to track if your visitors are clicking on them, or you want to find out which ones are NOT getting clicked on so you can drop them.

Solution

1. First you need to delay the result of the ‘click’ by a tiny amount, your visitor will not notice but it gives time for the javascript tracking code to load, before the visitor has clicked and is off on their merry way. On the page in question locate your Analytics tracking code.

Note: This is just for the new ‘asynchronous’ version of the code, for the old version see this post.

2. Paste in the code AFTER your Analytics code. Change the Analytics tracking code account number (shown below as UA-123456-1), to your own!

[box]

<script type="text/javascript">
function recordOutboundLink(link, category, action) {
  try {
    var pageTracker=_gat._getTracker("UA-123456-1");
    pageTracker._trackEvent(category, action);
    setTimeout('document.location = "' + link.href + '"', 100)
  }catch(err){}
}
</script>

[/box]

Like so;

3. Then add the following to your advert/link.

[box]

<a rel="nofollow" href="http://www.affiliate.com" onclick="recordOutboundLink(this, 'Affiliate Ad', 'Advert1');return false;"></a>

[/box]

Like so;

4. Log into Google Analytics > Content > Events > Overview.

Related Articles, References, Credits, or External Links

Can’t see Google Ads!

BT Business ADSL – Configure a 2Wire Router to Allocate a Static (Public) IP Address

KB ID 0000760 

Problem

I know BT are now shipping the BT Business Hub, to their business ADSL clients, but there’s still a few 2Wire routers out there in the wild. Essentially if you have a range of public IP addresses, this is how to allocate one of the public IP addresses to one of your devices. In my case its a Cisco ASA firewall that I need to have a public IP.

Solution

Firstly I’m going to assume the router is working and connected to the internet, if there’s a problem and you need to reset it you will need the following pieces of information.

1. The BT ADSL Username and password.

2. The public IP address range allocated to you by BT (and the IP allocated to the router).

Note: Plug your device into the router before you start, and set it to get its address via DHCP.

1. Connect to the web interface of the 2Wire router (normally http://192.168.1.254) > Settings > Broadband > Link Configuration > Scroll down the page.

2. Locate the ‘Add additional network’ section > Add in the IP address that BT have told you to allocate to the router, the subnet mask will be provided by BT also, but you can work it out with my subnet calculator if you don’t know > Save >Enter the router password if prompted.

Note: By default the password will be the Serial Number of the router, (on the white sticker). If you have forgotten you can reset it.

3. Select the LAN tab > NAT & Address Allocation > Locate your device > Set the firewall to disabled > Address Assignment = Public (Select WAN IP Mapping) > WAN IP Mapping = Public Fixed {The IP address you want to assign} > Save > Enter the password if prompted.

4. This relies on the router providing DHCP, which it will do by default, though you can check on the Private Network tab.

5. Finally either reboot the device you are assigning the IP address to, (or ‘reload’ if it’s a Cisco ASA).

Related Articles, References, Credits, or External Links

NA

Windows – Get a List of all Installed Programs (and Updates)

KB ID 0000619

Problem

I needed to get a list of installed programs from a server I was having problems with, so I could compare the results with another server. Note: This will work on Windows client OS’s as well.

Solution

1. On the machine in question launch a command window.

2. To display all the installed programs execute the following two commands;

[box]
WMIC

product get name,version [/box]

3. To export all the installed programs to a text file (c:ProgramList.txt) execute the following two commands;

[box]
WMIC

/output:c:ProgramList.txt product get name,version [/box]

4. Here’s the sort of information you can get.

5. To export all the installed updates to a text file (c:UpdateList.txt) execute the following two commands;

[box]
WMIC

/output:C:UpdatelList.txt QFE get [/box]

Note: You can get a list of updates by running the ‘systeminfo’ command but this gives you much more information.

6. Here’s the sort of information you can get.

 

Related Articles, References, Credits, or External Links

NA