Friday, June 14, 2013

Upgrading firmware on Sonicwall email security appliance

This is the procedure we follow to upgrade the firmware on our Sonicwall 3300 email security appliance:

- Download new firmware and check MD5 checksum.
- Backup appliance settings.
- SSH to appliance using Putty and log in as "snwlcli".
- When prompted enter the appliance's admin's username and password.
- Run "stop appservices". It'll take a minute.
- Run "start tomcat".
- Wait for GUI to restart and then log in again.
- Update the firmware through "Advanced" under "System". Updating the firmware can take 10 minutes or more depending how how many users and spam you have on the appliance.

Not following this can lead to issues. Unfortunately, Sonicwall doesn't make it easy to find the correct procedure on their site.
Posted by at No comments:
Labels:

Thursday, June 13, 2013

Using dssec.dat to change properties in ADUC

So, we wanted to delegate control of specific OUs in Active Directory to users, but only allow them to change phone numbers and titles. I was able to restrict nearly everything by allowing or denying the user specific security permissions for user objects in the OU. However, I couldn't seem to find how to restrict access to the "Last Name", "Initials", and "E-mail" fields in ADUC. 

The trick was editing the dssec.dat file in the system32 folder per the below MS Knowledge Base article. This change needs to be made on every DC you want to edit those permissions on.

The one thing which threw me is even after restarting ADUC it wouldn't show the new properties. It turns out there is a delay between making the changes in dssec.dat and them taking effect. I'd say make the change in the file and then way at least 30 minutes before open ADUC.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)