In the last week or so I have been playing with Perl again. At one time I had Perl package manager working but recently I have not been able to see/query the repositories and have had to manually update packages. I found if I removed the environment variable for http_proxy it works again. Hmm.. I wonder why I had the http_proxy environment variable set.
Author: Bill
RE: How to Automatically Enter IE Proxy settings using Group Policy
From a user group post by Jim Harrison. Thanks Jim for the step-by-step on this common question. Notice Jim’s sense of humor comes through on step one.
1. Start, Server Manglement
2. Expand
– Advanced Manglement,
– Group Policy Manglement
– Forest: <yourdomainhere>
– Domains: <yourdomainhere>
3. R-click Default Domain Policy, select “Edit”When the “Group Policy Object Editor” window appears,
1. Expand
– Windows Settings
– Internet Exploder Maintenance
2. Select “Connection”
3. In the right pane, r-click “Automatic Browser Configuration”In the “Automatic Browser Configuration” window
– if you don’t have wpad entries in your DNS, uncheck “Automatically
detect…”
1. select “Enable Automatic Configuration”
2. in the Auto-proxy URL field, enter http://<yourisainteralip>:
<listenerport>/wpad.dat (listenerport is 8080 by default)
3. Click “OK” to close the “Automatic Browser Configuration” window
4. Close the “Group Policy Object Editor” window1. Start, Run, “cmd” <enter>.
2. type “gpupdate /force” <enter>...all done
[Via ISA in SBS – yes, it’s secure]
Actually I changed step to 2. to put the wpad.dat entry in the Auto-Config URL field. I think it didn’t work for me in the other configuration. I also made an Alias entry in the forward lookup zone so my other browsers can autoconfig using DNS. I already had set up DHCP to autoconfig. For a little more spice in my life I am checking out firefoxadm. This is Sourceforge project to manage the Firefox configuration using a GPO.
Defaced web site
Each morning I check all of my websites. I found the easiest way is to use the tabbed interface of Firefox. I open all of the sites and then tell Firefox to use the current pages as my home page. The next time I start Firefox it automagically loads each page in a new tab. On Saturday I was surprised and shocked to find one of my sites had been defaced. Instead of my normal drab page I found a semi-nude female and some sort of political announcement. After the initial shock wore off I was kind of bemused. The site is a low traffic site so in a wierd way I was surprised they chose my site. Well, after going through shock, bemusement, and surprise I got down to business and started changing passwords, changing the home page back to the original, and checking for any other changed files.
My host provider provides daily, weekly, and monthly backups. Now that I had a problem I started looking closely at all of the administrative type problems I had been ignoring. Some of the problems I noticed were:
- The backup seemed to be very large relative to the size of the website.
- The backups complained about trailing garbage when I opened them in Winzip.
The second problem led me astray with the first problem for a while. I fixed the second problem by using Cygwin and gunzip to expand the file without error messages. I eventually found out that this is not unusual and can be ignored. Assured I was using a good backup I used Winzip to sort the files in the backup based on file size. I quickly found the culprit, Spamassassin’s autowhitelist. It was 45 MB. From there it was not hard to find out that the backup also included files I had deleted. It is nice to know they are there but it is a pain when you are anxious for the download to complete.
After a little playing around I found a way to pull out only the web site directories. I pulled out the directory tree for the weekly backup and then created a md5 digest for the files in that tree. I repeated this process with a daily backup and compared the digest to the new tree. I found only a few changes and I could explain all of them. Whew!
Okay, here’s the roll call of utilities that helped me. Although I used Cygwin’s utilities and Winzip to figure things out, I found that the command line version of 7-zip is a faster and more convenient solution. I never did figure out a convenient way to extract just one directory from a tar file with Winzip. I ended up creating shell scripts for Cygwin and a bat file for Windows so I will not have to reinvent the wheel next time. Although I did work briefly with Fsum and it maybe faster, md5summer is the more convenient solution of creating and comparing md5 digests. For those who are curious, it takes about six minutes for my P3-700 to calculate the md5 digest(638K) of the directory tree.
Windows Security Checklists
Date: Fri, 18 Mar 2005 15:59:23 -0800
From: "Jim Harrison" <jim@isatools.org>
Subject: Windows Security Checklists - 15 Parts
Part 1: Firewalls and Antivirus Applications
http://castlecops.com/article-5541-nested-0-0.html
Part 2: To Do and Do Not
http://castlecops.com/article-5570-nested-0-0.html
Part 3: Safe at Any Speed Online
http://castlecops.com/article-5592-nested-0-0.html
Part 4: Securing Your Network
http://castlecops.com/article-5621-nested-0-0.html
Part 5: Are Cookies Really Guid for You?
http://castlecops.com/article-5641-nested-0-0.html
Part 6: Invisible Internet Browsing
http://castlecops.com/article-5649-nested-0-0.html
Part 7: HOSTS File: Wholesale Blocking
http://castlecops.com/article-5660-nested-0-0.html
Part 8: IM Insecure
http://castlecops.com/article-5671-nested-0-0.html
Part 9: Batting Clean-up
http://castlecops.com/article-5686-nested-0-0.html
Part 10: PC Pesticides
http://castlecops.com/article-5703-nested-0-0.html
Part 11: Hijacker Horrors - Feb 6, 2005
http://castlecops.com/article-5724-nested-0-0.html
Part 12: Windows Home Wireless - Feb 13, 2005
http://castlecops.com/article-5737-nested-0-0.html
Part 13: Windows Home Wireless Security - Feb 20, 2005
http://castlecops.com/article-5757-nested-0-0.html
Part 14: IT Phone Home Security - Feb 27, 2005
http://castlecops.com/article-5768-nested-0-0.html
Part 15: Are You Saved? - March 6, 2005
http://castlecops.com/article-5783-nested-0-0.html
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
This is a nice source I got off of the SBS mailing list that I might want to go back and review.
TS2 Meeting
I went to the TS2 meeting on Friday in Dayton. It was moderately informative. Naturally they were encouraging partners to sign up for the Action pack. They also talked about service packs for 2003 and improved security. One item that caught my attention was their focus on MOM. They were encouraging partners to take advantage of the new version on MOM through the Action pack. In theory a partner could increase their value to their clients by offering Service Level Agreements based on monitoring their client sites using MOM. Mom appears to offer more robust monitoring of Microsoft packages but I would have to actually work with it to know for sure.
Batch file to map network drives for users
Batch file to map network drives for users
Often it is asked how to create a batch frile to map network drives for users at logon. Here’s how I did it at one site where I had a small number of users, but each user had a different set of mapped drives they needed to access.
The SBS Diva talked about this little jewel today.
Fixing dark photos
Graphics.com: Increase Exposure Without Overexposing Highlights in Photoshop Elements
Creating a new merged layer with the blending mode to Screen did a pretty nice job with some dark photos I have. It did a better job lightning the photo with realistic colors.
Helix – Incident Response & Computer Forensicsâ„¢
Helix – Incident Response & Computer Forensicsâ„¢
Helix 1.6 has been released.
I downloaded this version via BitTorrent and played with it yesterday. I learned a lot about computer forensics. Maybe too much for my use. I was primarily interested in using Nessus to test my server’s ports from the internet side. The server is okay but Nessus took a long time to run.
Interesting SBS problem
I ran into a small problem a few nights ago. My son needed to print off some documents for a school project. Both of his PCs sit outside the SBS network. My color printer sits inside the firewall. So I proceeded to instruct him on how to upload the documents to my SBS server using the published web site. He selected the files and started the multiple file upload. The upload aborted immediately with an error message about exceeding the upload limit. This should be an easy problem to get around but the next time he tried we got a 500 server error. After a few more tries we ended up getting the infamous “The page cannot be displayed” message. All of my PCs could not get into the published web site. This should not be happening at 11pm but what am I to do! So I opted for plan B, install the printer driver and access the printer through the firewall. I had not tried this on his PC before but it worked. I went to bed.
The next day I tried several things to restore my access:
- Restarted ISA
- Restarted the server
- Added a new tunnel for 444
- Used a different browser
Using the Firefox browser got me in on the PC I was using for testing. I went to another PC and I was now able to get in using IE. I went back to my PC and tried IE again. I was still unable to get in. Hmm… Since I am still curious about this problem and it is reproducible, I will probably chase this puppy down. However, it won’t be today!
RE: BBToday Overview
Pocket PC users familiar with the Today Screen program would instantly recognize BBToday. BBToday is a program that overrides your home screen and displays some of the more important information. Currently BBToday can list your 5-day forecast, new and total emails, tasks, appointments, plus battery and signal strength all on one screen. The best thing is that the program is completely open source and free.The program does override your home screen so you will need to press the ESC button to exit to your regular home screen. The BBToday screen is not as pretty as your normal home screen but provides a lot more functionality. It would be nice if there was an option to not have the program over ride the original home screen.
[Via Blackberry Cool]
Hey, this is cool even if you cannot get the weather portion to work with your phone service. I added an APN entry of wap.voicestream.com to get it to work on t-mobile. It works most of the time. When the weather portion does not work, I get a malformed address error message. Most of the time when I select “Update Now”, the error message will clear up.
Publishing a TCP/IP Printer behind ISA Server
Publishing a TCP/IP Printer behind ISA Server
This procedure works but I needed some additional steps to make it work since I use a QMS printer.
- QMS printers use port 35 rather than 9100. The documentation is sparse in this area but I think this is right.
- I could not make the printer work with the Crown printer port installation so I added a TCP/IP port using the M$ wizard and customized it to use port 35 rather than 9100. Then I told the driver to use the tcp/ip port I just created.
Since both of my son’s PC sit outside the ISA firewall this should allow him to handle his own printing needs. Since I do not need internet access to the printer, the dsl router/firewall will continue to block port 35.
Enforcing shutdowns for my son
This has proved quite a fun challenge. My son has a problem playing video games late at night. We have asked nicely multiple times but it has not worked. I tried using AD to enforce it but that didn’t work since he doesn’t care about the server or the internet. My next tactic was to automatically shut the PC down using a scheduled task. That worked up till he figured out that he could play longer if he switched to a new time zone. My new trick is to change his timezone back to EST every ten minutes using:
Control.exe TIMEDATE.CPL,,/Z Eastern Standard Time
I doubt this will be the final solution but I can’t wait to hear his voice when his PC starts shutting down on him after he knows he has just changed it to GMT.
Upgraded template
I cannot leave some things alone. Today I went ahead and created a new template based on the default theme. It was easier than figuring out how to convert my old template into a theme. Here was my process:
- Copied the default theme directory into a new directory called mytheme
- Copied my header image into the images directory into the new theme directory and renamed it personalheader.jpg.
- Modified the header.php file to remove the comments around the statement that adds the personalheader.jpg to the css and changed the image position to bottom.
- Modified the style.css to change the h1 element to use a smaller font, remove the center text alignment, and move it lower in the box(i.e. add more padding).
- Finally I cludged a margin for h1 element by adding a to the blog title. I tried changing the css to get this effect but my changes moved the background image and not the h1 element.
Upgrading to WordPress 1.5
Well, I finally got around to upgrading to 1.5. Despite my misgivings I used cPanel to upgrade. Everything kind of worked. The site works with the default themes but my initial efforts to transform my old template to a new theme was a total bust(i.e. blank screen). So for the time being I am going to use the default 1.5 theme until I can get around to figuring out what I want to do with the old template/css.
Oops! Caught by the Junk Mail Filter
Yesterday I got wound up in what I thought was a small task. I found a perl script that checks whether a web site is up. If the check returns an error message, it sends you an email. I thought that this might be a better way to alert me when one of my sites is down. I can schedule it to run daily. Everything worked fine except that I was not getting my email. I fiddled and fiddled with it. I downloaded blat thinking I was having a perl SMTP problem but blat exhibited the same problem. I had about given up on it when I checked my Junk Mail folder in Outlook today. I found my emails. The Junk Mail filter had determined that the email address was a junk mail sender.
A good use for Sharepoint companyweb
Yesterday I stored a QuickBooks backup for our Habitat affiliate on my internal companyweb website. I then went into the office and downloaded the file using the secure version of the website that is accessible from the internet. I restored the company file, made my changes, backed up the company file, and uploaded the file to the secure site. I have been making a lot of changes so I can finalize my monthly reports. The changes to the QuickBooks reports are interesting but I digress. I have been able to get more work done by working from home. I thought about using a USB flash drive but Yahoo Briefcase was pretty easy. The drawbacks is that Yahoo Briefcase is not as secure as my website and it has an upload limit. Now to check out webfolder encryption.
phpWebSite/Mysql problem
One of my websites had a corrupt database two days ago. When I went to cPanel to check and repair it, the process never completed. I ended up submitting a trouble ticket to
bluehost.com. They replied in a couple of hours and offered to restore the database from the weekly backup. I told them to go ahead and restore while I downloaded the backup. The site is fairly static for the last couple of weeks so I am sure I did not lose any data. The site is back up but I need to do some investigation work on why mysql got corrupted in the first place. I have occasionally had this problem with this site but I always was able to fix the problem using the repair facility. I think I will expedite the move to phpWebSite 10.0.
RE: Announcing WordPress 1.5
(This is my favorite part of what I do.) To the 12,126 of you who have already downloaded WordPress 1.5, congrats for being on the ball. We had a “soft launch” on Monday the 14th while we worked out some infrastructure issues and we’re now very ready to announce WordPress 1.5 to the world. This release is named “Strayhorn” in honor of Billy Strayhorn the pianist and sublime composer who worked closely with Duke Ellington and wrote tunes like “Take the A Train” and “Lush Life.” We thought he was perfect to represent the power and elegance of this release, which has been under intense development and testing the past few months.
If you’re ready to get right to the meat, go download WordPress and don’t forget to read the installation or upgrade instructions. If you’d like to know more about the release, please make yourself comfortable and read on, we’ve got a lot to share.
[Via WordPress Development Blog]
Soon I wil be upgrading this site. From the upgrade instructions I should probably upgrade manually rather than through cPanel.
Continue reading “RE: Announcing WordPress 1.5”
DynDNS Updater – Kana Solution
I installed this program on my workstation and got it to check my Netgear router status page for the current IP I have been assigned. So far, so good!
How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition
SUMMARY
This article describes how to publish the company’s internal Web site (http://Companyweb) to the Internet by using Microsoft Internet Security and Acceleration (ISA) Server 2000 on a server that is running Microsoft Windows Small Business Server 2003, Premium Edition, so that external clients can access http://Companyweb directly by using https://FQDN:444, where FQDN is the fully qualified domain name of the server that is running Windows Small Business Server 2003. Alternatively, external clients can access http://Companyweb from the Remote Web Workplace feature on the SBS 2003 server by using https://FQDN/remote.
I finally got around to doing this today. The instructions worked for me. Remember to open the port on the hardware firewall and forward that port to the server.