IT in Retail


How it’s different from other Sectors

It’s been two month’s since my last blog, in these two months, I celebrated my birthday, got hospitalized for the first time in my life and also switched my job (quite an eventful period, huh?). Now, I work for the BIG BLUE – IBM. Obviously, It’s one of the largest organizations anyone can ever work for and I hope to enjoy my time here.

Since, I have just switched jobs let me talk about the experiance with my previous organization, It’s also going to be my first non technical blog. My previous employer was a retail organization, in fact the second largest retail company in the country. During my tenure of just under 3 years, I experienced how IT in retail is very different from most other sectors. 

In Retail an incident of server down impacts cash flow directly, this is unlike most other sectors where such an incident would only have an indirect impact on the business. As a result escalations are fast, mounting more pressure on the IT professional. It demands quick and correct decision making, you can’t take your time in order to arrive at the right conclusion, you need to be fast and you need to be accurate all the time. There is no room for error. You might say that pressure is there in every sector and not just retail. Well, yes, it’s true but most of that pressure is artificial and usually the source is an over excited delivery manager. Such man made pressures are normally created for vested interests rather than any real urgency for solving the problem at hand. In Retail, the pressure is REAL, as real as it can get because the company is actually loosing money by the minute, you cannot compare that with anything else.

The number of stores is normally very high in any retail organization, usually in hundreds, and you can’t have an IT superhero at all your stores. Thus, arises the need to keep things as central as possible and whatever you have to keep at the store level, it should be as simple and tamper proof as possible, Architecture Design and Implementation are the two key phases to achieve that. Since, critical IT equipments like Servers and Routers are placed at the store, IT security and monitoring requirements go beyond just meeting compliance norms. I can go on and on like this but in short what I have learned is that IT Infrastructure requirements for an Retail Organization are very special in terms of Design, Operations Management, Incident Management and Hardware and Software requirements. You need a sturdy and stable IT Infra setup to run a retail organization, this may be true for any sector but more so in Retail.

Posted in IT Infrastructure | Tagged , | Leave a comment

The “SERVER” and “WORKSTATION” services


Why are they named so??

The file and printer sharing service in Windows is called the “SERVER” service but every other server service has a name which explains what it serves, like DNS Service or the DHCP service then why does the file and printer sharing service call itself as just SERVER as if it were an all encompassing service and all the other server based services are dependent on it? Although other services are not dependent on it but it’s name gives that illusion. Here’s the actual reason……….

In the olden days when Microsoft started writing network software there was just one thing that the OSs served – File and Printer Sharing. So, any server meant file and printer sharing server and hence the name was given to the service which provided it. Over the years nobody bothered to change the name and it just remained that way. That also explains the name “WORKSTATION” given to the client service for file and print server.

Posted in IT Infrastructure | Tagged , , | Leave a comment

Hiding Folders with Access Based Enumeration (ABE)


Invisible Folders

We have a heavily used Windows File Server which acts as the only way to share files within a department and with other departments in the corporate head office. The folders are all secure with NTFS permissions wherein every user is authorized to access the folders which he/she needs to but would be greeted with an “Access Denied” message if the user tried to access any other folder. Pretty good security by any standards but we started facing a peculiar problem which was not related to technology at all. Some users started requesting rights for folders which they had no business to access, we have a proper authorization policy in place which says that the HOD of a particular department needs to authorize a person wanting to access any folder belonging to that department. But still such requests led to sticky situations when very senior people in the organization requested such rights as it was difficult to tell them to follow the proper process when it’s more than clear that they don’t want to go the proper way. This led to a thought that if users couldn’t see the folders which they had no access to then they won’t ask for it and this problem could be minimized if not eliminated completely. It sounded very cool but I had never heard about any particular way to do it in Windows although I knew that the novell guys could do it with their OS.

That’s when ABE came to the rescue which was released with Microsoft Windows Server 2003 SP1. ABE is a feature of the SERVER service, the windows service that provides file and printer sharing. It works by modifying a feature of the server service called “enumeration”, which basically means how the server service answers the question, “What files and folders exist in  a given share?” Windows Explorer does the same thing when you open a folder. That flashlight which shines for a second sometimes when you open a share is the way explorer entertains you while it enumerates the folder contents.

ABE only works on Windows Server 2003 SP1 and higher, it’s not enabled by default and needs another small program to be turned ON or OFF. To be able to see a file/folder when ABE is turned ON, a user will need at least READ permissions on it. ABE works on both files and folders but only when accessed through a share, when someone directly logs on to the computer ABE has no affect on what the user is able to see.  Even through a share all files/folders, irrespective of their NTFS permissions, will be visible to anobody who is a member of the administrator’s group on the server hosting the share. This means, if you are an administrator, everything will be visible to you even if you don’t have even READ rights on some or any of the files/folders. This can be particularly tricky while you are testing the affects of ABE after enabling it, you might believe that ABE is not working because you can still see all the files/folders.  The tool used to enable/disable ABE is called abeui.msi and is downloadable from microsoft.com, it’s installation is pretty simple and once installed you can turn ABE ON or OFF for all shares or only some particular shares. Although you can do the same during the installation as well when the following dialog box is presented to you.

A new tab is added to the properties dialog box, of every share on the server on which ABEUI is installed, by the name “Access-Based Enumeration” as shown in the image given below.

  

Checking the first check box enables ABE for that particular share and checking the next one enables ABE for all the shares on that particular server. There is also a CLI for doing the same but since I’m not a big CLI fan, I have never tried that out myself. The installation of ABEUI is necessary even to get the CLI for ABE.

In Windows Server 2008, ABE comes pre-installed and pre-enabled. You can however, disable it for some or all shares if you need to.

If nothing then at least enabling ABE on your shares will reduce the temptation of your users to play internal hacker. And yes I enabled ABE on my File Server and it resulted in reduction of the problem that it was intended to reduce but then as luck would have it, the management decided to give at least READ access of all the folders on the file server to every user in the office 😉

Posted in IT Infrastructure | Tagged , , , , | Leave a comment

Windows 7 Supports RAID1


Disk Mirroring for Desktops, umm interesting!!

I just found out that Windows 7 Supports RAID 1 or Disk Mirroring as it’s commonly known as. It’s the first MS Client OS to support RAID1. For me it’s interesting to see RAID for desktops as untill recently it was something so niche that it was only available for servers. It’s amusing how niche tech becomes common place so fast.

Posted in IT Infrastructure | Tagged , , , , | 2 Comments

Notebook Entry: Leftover of Conficker/Downadup/Kido Worm


Another Leftover Story

Talking about virus leftovers – I recently noticed a leftover of the Conficker worm which is used by the virus to reinfect the systems, they are scheduled tasks on windows systems. I have only noticed them on Server OSs, they are named like ‘At’ and then any random numbers, usually starting with 1 like At1, At2……….At15, At4098 etc. As files they are named as At1.job…..At4753.job etc. as .job is the extension for secheduled tasks.

These tasks are used to run the infected dlls at a particular hour in a day, so, if a server has got 10 such jobs then it means that an attempt to resurrect the kido virus is made 10 times a day. These jobs try to run dlls followed by some random characters, one example would be “rundll32.exe ecaosp.hwo,cpmjb”.

Our antivirus (Kaspersky) doesn’t detect them – mainly because they are not viruses themselves but just a tool to re-enable the virus. Mcafee does detect them and cleans them up. The manual cleanup process for these jobs is well documented at http://support.microsoft.com/kb/962007 . If a system is infected with conficker the jobs are said to reappear after a few hours upon manual deletion but I didn’t see this behaviour on my servers may be because the servers were all cleaned up and only the jobs remained as  –     the leftovers.

Posted in IT Infrastructure | Tagged , , , , , , | 1 Comment

No “Folder Options” under the ‘Tools’ menu


No “Folder Options” under the ‘Tools’ menu – The common leftover after a virus infection

The “Folder Options” from the ‘Tools’ menu of the windows explorer disappears mainly due to a virus infection. Brontok has been seen as the main culprit behind this apart from many other viruses which do this. Apart from removing the folder options such viruses also disable booting into safe mode.

There are many tools available which have a cure to these problems or at least claim to have a cure, like the RRT Tool etc. but in my experience there isn’t any single tool which works every time and on all PCs. Also, this problem may seem to be trivial for a seasoned administrator but in a large and complex environment it can really cause some pain.

Sometime back, after successfully tackling another zero day attack (have faced three so far), I found that the virus in question (later named as sality.z) has had the same affects on the infected PCs i.e; no folder options, no safe boot etc. which didn’t go away even though the computers were now completely disinfected. This time I didn’t want to use any random (read ‘unreliable’) tool as a workaround because the affected PCs were in geographically disparate locations and I wanted something 100% reliable and something which could be pushed centrally to all the infected PCs.

That’s when my good friend Mr. Murali Murugesan suggested using the Kido Killer tool from Kaspersky. Murali handles Kaspersky support in India. My current organization is the largest client (in terms of number of licenses) of Kaspersky in India. I have to say that this is the most reliable tool, I have ever used for this very common problem. Kido is the name given by Kaspersky to the now famous conficker/downadup virus. The main job for this tool, which is updated frequently, is to fight the kido/conficker/downadup virus but by using some of the available command line switches, one can easily use it as the most potent tool against the “No Folder Options” problem.

This tool can be found here for download.

After downloading the zip file, extract the contents (kk.exe file) to a folder, if that folder is stored in D:\Kido then open the command prompt and type “D:\kido\kk.exe –x –a –j –y” without the double quotes and press enter. If you are not able to open the command prompt, you can create a batch file (type the same command as above in a notepad and save it with .bat extension instead of the usual .txt extension) and run it on your PC. The tool runs, scans for the kido virus, re-enables the lost settings in the registry and then disappears. Folder Options and safe boot should be back after a quick reboot.

However, I used an automated way of doing the same (I’m an automation freak, you know) by pushing the kk.exe file with the said command line switches to the infected PCs through Kaspersky’s administration console. You can do the same by using any piece of software which can remotely execute files and takes command line switches as an option or you could use theKaspersky administration kitas that is also free to use.

Here’s the complete list of command line switches which can be used with Kido Killer

-p <Scan path> – scan a defined folder
-f – scan hard disks
-n – scan network disks
-r – scan flash drives, scan removable hard disks connected via USB and Fire Wire
-y – end program without pressing any key
-s – silent mode (without a black window)
-l <file_name> – write info into a log
-v – extended log maintenance (the switch -v works only if the -l switch is entered in the command prompt)
-j – restore the registry branch SafeBoot (if the registry branch is deleted, computer cannot boot in safe mode)
-z – restore the services 

  • Background Intelligent Transfer Service (BITS), 
  • Windows Automatic Update Service (wuauserv),
  • Error Reporting Service (ERSvc/WerSvc)
  • Windows Defender (WinDefend),
  • Windows Security Center Service (wscsvc).

-t – registry clean up from the services that remain after removing the network worm using Kaspersky Lab’s       products.
-x – restore display of hidden system files
-m – monitoring mode to protect the system from getting infected
-a – disable auto start from all drives

 

Please do share your experiences with the kk.exe tool by commenting on this blog post.

 

Posted in IT Infrastructure | Tagged , , , , , , , , , | Leave a comment

Windows 7 lifts Microsoft


Windows 7 takes Microsoft to cloud 9

The last sentence of my previous blog (windows 7) said that Windows 7 is Microsoft’s best desktop OS to date and I have been proved right by Microsoft’s latest financial results. Microsoft has sold more than 60 million copies of Windows 7 till date and not only did Microsoft pull in nearly $19 billion with an impressive net income of nearly $7 billion, but sales rose 60 percent compared to a year ago.

This is Microsoft’s best quarter ever – All because of the fantastic Windows 7!!

Last night Mr. Steve Ballmer called me to join Microsoft’s Product Approval Panel but before we could finish our conversation – damn……. I woke up!! 😉

Posted in IT Infrastructure | Tagged , , , | Leave a comment