Receive guidance about configuring wireless access points to support Wi-Fi protected access (WPA) and configuring the required supporting network infrastructure.
Secure Wireless Access Point Configuration.
January 29, 2007
Leave a Comment » | 
Uncategorized | 
Permalink
Posted by PaulElso
IEEE 802.11 Wireless LAN Security with Microsoft Windows.
January 29, 2007This article discusses the security issues of IEEE 802.11 wireless networks and shows how Microsoft Windows operating systems can be used to make 802.11 wireless networks as secure as the current set of 802.11-related technologies allow.
Leave a Comment » | 
Uncategorized | 
Permalink
Posted by PaulElso
MCP Live Meeting: Vista Certifications.
January 29, 2007Interesting presentation explaning upgrade paths to Vista.
Leave a Comment » | 
Uncategorized | 
Permalink
Posted by PaulElso
Everybody Loves Redmond DVD.
January 24, 2007
In the midst of numerous Microsoft patch reports was a five-disc DVD set — “Everybody Loves Redmond: 2007 A New Year of Hilarious Patches.” An obvious spoof.
Leave a Comment » | Uncategorized | Permalink
Posted by PaulElso
Forbes.com: The World’s Best Windsurfing.
January 23, 2007http://www.forbes.com/2002/07/09/0709sport.html
Leave a Comment » | Uncategorized | Permalink
Posted by PaulElso
Apply policies throughout your network without requiring users to reboot or log off their systems.
January 11, 2007One of the great features of Group Policy is that you can modify or
create a policy and can be confident that, aside from a few exceptions,
the policy will eventually be applied without any reboots or logoffs.
If you want to apply the policy immediately you need to run GPUPDATE on
Windows XP/2003 or a confusing SECEDIT command on Windows 2000. To make
life more difficult, the command has to be run locally on the system
you want to update. You’re out of luck if you want to remotely force a
computer to update its GPO settings — that is, unless you use
RGPRefresh.exe, a free command line tool developed by the GPO Guy,
Darren Mar-Elia.
With RGPRefresh, you can remotely refresh GPO settings regardless of
the OS. The tool lets you specify alternate credentials, force a
reboot or logoff or bypass them. Here’s the complete syntax:
RGPrefresh [/m:{ComputerName}] [/t:{ComputerUser}] [/u:{username}]
[/p:{password}] [/n] [/force] [/logoff] [/boot] [/sync]
I love a tool like this, because it can be run from the command line.
This makes it a snap to wrap up in a batch file. Or, use the FOR
command to run through a list of computers and quickly refresh
multiple computers in seconds.
Download the tool for free at http://www.gpoguy.com/rgprefresh.htm
Leave a Comment » | Active Directory | Permalink
Posted by PaulElso
Zany Video.
January 11, 2007People falling over, kicking and punching one another. A dancing midget. Some doofus on a bike. Girls with nice bumpers and one amazing snow board trick.
Leave a Comment » | Uncategorized | Permalink
Posted by PaulElso
Test your Internet connection speed.
January 10, 2007
For a detailed list of other speed testing sites, click here…
Portugal based testers:
http://speedmeter.fccn.pt/
http://pcp.clix.pt/speedmeter/meter.php
Leave a Comment » | Uncategorized | Permalink
Posted by PaulElso
How to check and enable permissions inheritance for user objects in AD
January 10, 2007While many built-in user group objects (Administrators, Domain Administrators and Backup Operators, to name a few) have permissions inheritance disabled by default, having permissions inheritance disabled on some user objects should be a concern.
There is a known Windows issue that may be the cause of some of the user objects in your domain having permissions inheritance disabled. To see more information on this problem, take a look at the Microsoft Support article 817433 “Delegated Permissions are Not Available and Inheritance is Automatically Disabled” http://tinyurl.com/y9yww9 . Also, the problem may have resulted simply from upgrading from an earlier version of Windows. Many Active Directory administrators have run into this, as well.
While you can view the advanced security settings of each user object in Active Directory to see whether permissions inheritance is disabled, an easier way to do this is by using a vbscript. A great script for this task is Sakari Kouti’s ADO List Objects That Have Blocked ACL Inheritance.vbs script http://tinyurl.com/y4a5gg . To use this script, just copy and paste its contents from your Web browser into Notepad and save the file with a .VBS extension (example: auditinheritance.vbs). Since the script echoes each object that has permissions inheritance disabled, you want to be sure to run it using cscript (example: cscript auditinheritance.vbs). While Sakari may appreciate the mention of his script here, I also feel compelled to mention his book, as well. If you’re looking for in-depth Active Directory information, “Inside Active Directory, A System Administrator’s Guide” http://tinyurl.com/y8vbkd is as good as it gets.
Listing the objects with permissions inheritance enabled is only half the battle. One way to enable permissions inheritance on a user object is with the support tool dsacls.exe. To enable permissions inheritance, you would use the following syntax:
dsacls “” /P:N
Note that the command options are case sensitive, so both the P and N will need to be capitalized. As an example, suppose you wanted to enable inheritance for the user bwestbrook, who is located in the Staff OU in the mcpmag.com domain. To enable permissions inheritance, you would run the following command:
dsacls “cn=bwestbrook,ou=staff,dc=mcpmag,dc=com” /P:N
If after running this command you notice that permissions inheritance is once again disabled after a couple of hours, that tells you that the user object is a member of a protected group and you’ll need to follow the steps in Microsoft KB article 817433 mentioned
earlier to correct the problem.
Now if you have several users in which you need to enable permissions inheritance, a scripted solution will be your best bet. Here is a script that will enable permissions inheritance for every user in an OU:
‘enableperminheritance.vbs
‘Set strOUpath variable to match the
‘target OU in your domain
strOUpath = “ou=test,dc=bg,dc=net”
Const SE_DACL_PROTECTED = 0 ‘enables inheritance
‘Connect to OU in Active Directory
set objConn = createObject(“ADODB.Connection”)
set objCommand = createObject(“ADODB.Command”)
objConn.Provider = “ADsDSOObject”
objConn.Open “Active Directory Provider”
Set objCommand.ActiveConnection = objConn
strUsrFil = “(&(objectCategory=person)(objectClass=user))”
objCommand.CommandText = “<ldap://” & strOUpath &_
“>” & “;” & strUsrFil & “;” & “sAMAccountName;subtree”
objCommand.Properties(“Page Size”) = 100
objCommand.Properties(“Timeout”) = 30
objCommand.Properties(“Cache Results”) = False
Set objUserRecords = objCommand.Execute
intUserCount = 0 ‘user object counter
‘ Enable Permissions inheritance for each user
Do Until objUserRecords.EOF
intUserCount = intUserCount + 1
strUser = objUserRecords.Fields(“sAMAccountName”).Value
set objUser = GetObject (“LDAP://cn=” & strUser &_
“,” & strOuPath)
Set objNTSec = objUser.Get(“nTSecurityDescriptor”)
intNTSecDes = objNTSec.Control
intNTSecDes = intNTSecDes And SE_DACL_PROTECTED
objNTSec.Control = intNTSecDes
objUser.Put “nTSecurityDescriptor”, objNTSec
objUser.SetInfo
objUserRecords.MoveNext
Loop
‘ Output the number of records changed
‘ Note that the permissions inheritance flag is
‘ set on all users in the OU, regardless of whether
‘ or not it was already set.
wscript.echo(“Enabled Permissions Inheritance for ” &_
intUserCount & ” users in the OU ” & strOUpath)
Note that you will need to specify the target OU in the strOUpath variable. Once the target OU is set, the script will enable the permissions inheritance flag of every user object in the OU.
It seems like in IT we have a tendency to take words with good connotations and turn them around. When family talks about “inheritance,” you usually assume you’re about to get something. When a fellow IT staffer mentions inheritance, your reaction is probably more along the lines of “What now?!”
Leave a Comment » | Uncategorized | Permalink
Posted by PaulElso
How to limit Windows Server 2003 or Windows XP to a specific amount of RAM.
January 4, 2007You can modify boot.ini to to limit Windows Server 2003 or Windows XP to a specific amount of RAM, or to use only one processor, without physically removing the hardware. This works great in a testing or development environment. Before you modify the boot.ini, make sure that you’ve made a backup copy so you can get back to your original configuration if things go wrong. You may have to remove the read-only and hidden attributes from boot.ini file before modifying it.
To limit the amount of RAM to 1GB (1024MB), use the switch /maxmem=1024, for example:
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Microsoft Windows Server 2003″ /fastdetect /maxmem=1024
To limit the number of processors, use the switch /numproc, for example:
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Microsoft Windows Server 2003″ /fastdetect /numproc=1
Here’s another convenient method to update your boot.ini. Use the bootcfg utility to modify the file. For example, to limit Windows to 1GB of RAM, use the following at the command prompt:
bootcfg /addsw /mm 1024 /id 1where /mm adds the maxmem entry (in MB) for the OS entry line number specified in /id switch.
To remove this 1024MB limitation, use the following command:
bootcfg /rmsw /mm /id 1
Type bootcfg /? for help.
Leave a Comment » | Microsoft Windows 2003 | Permalink
Posted by PaulElso
