I made an ISO of my Windows 98 Boot CD. I needed it yesterday, and I couldn’t find it online anywhere. Get Windows 98 Boot CD Here!.

I used Alex Feinman’s ISO Recorder to create the image. You could probably use any tool to burn it, but Alex’s is pretty awesome. It adds right click burn to image power in Windows XP!

You should set a password on your Cisco ASA 5505 even if you don’t have remote management set up. If a computer inside your network gets hacked, it could be used to gain access to the firewall.

To set the enable password on your Cisco ASA 5505:

1. Get into the command line. I prefer using the console cable to directly connect.
2. Hit enter a few times to get the prompt.
3. Type ‘ena’ to enter enable mode.
4. Type ‘config t’ .
5. Type ‘enable password PaSsWoRd’ , replacing the second, ‘PaSsWoRd’ with desired password.

Now when you enter enabled mode in the console you’ll be prompted for a password. When you log into the ASDM you leave the Username field blank, and type in only your enable password in the Password box.

Even your Cisco ASA5505 can have a DMZ, though not a full one. With the base license you can create another interface and vlan, but you must restrict traffic from that interface to another.

Below I’m going to tell you how to set up a DMZ on your Cisco ASA5505. All I needed for my network was to have two network segments which had external access, but could not communicate with each other. This allows us to have two peoples workstations on the same ASA5505 device, but they don’t have the ability to infect one another. Also, one person is allowed to use the site-to-site vpn, and the other is not.

1. Open the Cisco ASDM
2. Click ‘Configuration’ at the top, ‘Interfaces’ on the left.
3. Click the ‘Add’ button on the right.
4. Specify the network jacks you want to be on the new vlan.
5. I recommend using ‘dmz’ for the network interface, and security level ‘50′.
6. Make sure ‘Use Static IP’ radio button is checked.
7. In the ip address field, enter the new interfaces ip, but on an un-used subnet. For example ‘192.168.8.1′
8. Subnet mask: ‘255.255.255.0′
9. Click the ‘Advanced’ tab at the top.
10. In the ‘VLAN ID’ field, type ‘3′. Having vlans 1, 2, and 12 or whatever is just dorky.
11. Under Block Traffic, select ‘vlan1 (inside)’.
12. Hit ‘Ok’, ‘Apply’

Great! You’ve created the interface, but you want to be able to browse to the outside. You’ll need to create a dynamic NAT for that.

1. Click ‘NAT’ on the left.
2. Click ‘Add’ at the top, select ‘Dynamic NAT Rule’.
3. Select the new interface ‘dmz’ from the drop down at the top.
4. Click the ‘…’ button on the right, and select the dmz network
5. Under ‘Dynamic Translation’ change ‘Interface’ to ‘Outside’.
6. Put a check next to the ‘outside’ address pool.
7. Hit ‘Ok’, ‘Apply’

One last thing. I really dig having at least a couple DHCP addresses on every port. So lets configure DHCP!

1. Click ‘Properties’ on the left.
2. Click the ‘+’ sign next to ‘DHCP Services’.
3. Click DHCP Server.
4. Under ‘Other DHCP Options’ make sure the ‘Enable auto-configuration…’ check box is un-checked.
5. The DNS Servers are probably the same for both subnets. Feel free to put them in out here, and leave the DNS Server boxes for each interface blank.
6. Hit the ‘Apply’ button.
7. Click the ‘dmz’ entry at the top, and click ‘Edit’.
8. Check the check box for ‘Enable DHCP server’.
9. Enter an address pool, for example: ‘192.168.8.50′ to ‘192.168.8.75′
10. Hit ‘Ok’, ‘Apply’.

Save and reload the device, and you should be in business!

You have a webserver, and you want several users to be able to log in and edit files in the /var/www/html directory. Here’s some handy commands.

After copying new files to the directory, try this command to fix up the permissions.

sudo /sbin/restorecon -R -v /var/www/html

You want all your web authoring users to be in the same group. Create a new group with:

sudo /usr/sbin/groupadd webauthors

Add users with that group using:

sudo /usr/sbin/useradd -g webauthors newusername

Then set that users password:

sudo /usr/bin/passwd newusername

To change an old users group:

sudo /usr/sbin/usermod -g webauthors existingusername

Now give all the web files the ownership by username apache and group webauthors:

sudo chown -R apache:webauthors /var/www/html/*

Now set the permissions on the web files so that the owner, and the group can edit them.

sudo chmod -R 775 /var/www/html

It’s also probably a good idea to change the group Apache user to webauthors, in case someone uploads a file, because then they will be the owner.

sudo vi /etc/httpd/conf/httpd.conf

You can safely use PHPMyAdmin to export a database, just save it to a file on your computer.

Then use a program in WinSCP to upload that file to your Web Server.

Next, edit your /etc/my.cnf to include the following line:

set-variable=max_allowed_packet=64M

Then start the MySQL command console ‘mysql -u root -p’, and type ’source localhost.sql’

I kind of hate you Cisco.

I have a firewall. It’s good practice to set that device to have a static IP. If you do this using the ASDM, systems behind the firewall will suddenly not be able to connect to the internet. At all. This is because you don’t have a route to the outside world. Follow the steps below to go from DHCP on your 5505 to a static IP.

1. Open the ASDM and log into your device.
2. Under Configuration, Interfaces, select the Outside interface and hit Edit
3. In the ‘IP Address’ box, click the radio for ‘Use Static IP’
4. Select an IP address, and use ‘255.255.255.0′ for the mask.
5. Hit ok, then apply. Your boxes probably lose their connection right about now.
6. Click ‘Routing’ on the left, Make sure ‘Static Routes’ is selected.
7. This box is probably empty. Click ‘Add’.
8. For the interface name, select ‘Outside’ (or whatever the outside interface is named)
9. In the IP Address field, type: ‘0.0.0.0′
10. In the Mask field, type: ‘0.0.0.0′
11. In the Gateway IP field, type the gateway outside of your asa5505. Like, whatever it’s gateway is. If you have a box on the same subnet as the cisco box, do an ipconfig /all and use the gateway listed there.
12. Metric should be ‘1′
13. Hit ok, then apply. Now your boxes can get out from behind the firewall, but we need to give them DNS servers and such, if you are using DHCP to assign IP’s to boxes behind the firewall.
14. Click ‘Properties’ on the left.
15. Click ‘DHCP Services’
16. Click ‘DHCP Server’
17. Select interface inside, and hit edit. Enter your DNS Servers and WINS Server
18. Hit OK, Apply
19. Now to save and reload the box, click ‘Tools/System reload’
20. Select ‘Save the running configuration at time of reload’
21. Click ‘Schedule Relod’

The Cisco asa5505 will take a couple minutes to reset, but when it comes up the device should have a static ip, and boxes behind the firewall will get IP’s from DHCP, and they should be able to get out from behind the firewall!

Here is the deal. On Windows Server 2003 there is no file permission for click and drag, or move folder. You can deny the delete ability on a folder, but when your users are accidentally clicking and dragging folders to move them, what’s actually happening is that the server copies the folder first, then deletes the original folder. So if you just deny delete, clicking and dragging just copies the folder instead of moving it.

To actually prevent moving a folder, you need to prevent the deletion and the creation from occurring. So you need to deny the right to create folders. Users can still click and drag files to move them into other folders. Users can still delete and modify files. They cannot create, delete or rename folders anywhere.

So if you want to make your Windows Server 2003 File Server so that users cannot affect folders, but they can affect any change on files that they want, do the following:

1. As the administrator, or any user with full rights to the folder, Right-Click the folder, and click properties
2. click the security tab
3. click the advanced button
4. click the add button
5. type in an object name. A group is a good idea, but it could be one user as well.
6. change apply onto to ‘This folder and subfolders’
7. click the Deny checkbox for ‘Create Folders / Append Data’
8. click the Deny checkbox for ‘Delete’
9. click the Deny checkbox for ‘Delete Subfolders and Files’
10. click ok
11. click ok
12. click ok

Here’s the gotcha: You wanted to be able to allow your users to delete files. So right now the directory structure is completely locked in place, and when you accidentally click and drag a folder nothing happens. Great. What happens if a user clicks on a folder and hits the delete key? Well, the user can’t affect folders, so they all stay in place. The files in sub-folders stay in place. Files directly in the folder get deleted! Ugh.

The best solution I have for this is enable shadow copies. Now all you have to do is go into the folder, right click the background, and restore the previous version of the folder.

If you have a better solution, leave a comment or Contact Me.

First, you need to add Oracle to your MyUW.

1. Browse to MyUW: http://myuw.washington.edu/
2. Log in.
3. Click the ‘Change Content’ link in the upper right corner of ‘MyFrontPage’
4. Click ‘Browse & Choose’
5. Check the box for: ‘Other Calendars - Requires an account on C&C managed Oracle Calendar server.’
6. Click ‘Save Your Changes’
7. Click the ‘MyFrontPage Tab’ link in the upper left.
8. Click the ‘Oracle Calendar’ link under the ‘Other Calendars’ Heading.

You are now viewing your personal calendar. To add the group schedule, follow these directions:

1. In the top row of icons, click the icon that looks like a little person standing next to a purple calendar. If you hover the mouse cursor over this icon, you’ll notice that it says ‘View Agendas’.
2. Click the radio button next to ‘Resource search’
3. In the ‘Search’ box, in our case its ‘coecee’
4. Click ‘Find’
5. Click the Shed-Transnow in the box on the left, then click ‘Add to Favorites’
6. Click ‘Ok’ in the upper right
7. In the drop down at the top of the page, select your group agenda to view the group calendar.

Next time, just log into MyUW, click the ‘Oracle Calendar’ link, and select the group agenda from the drop down box.

The problem: NT AUTHORITY will shutdown your computer in one minute, because services.exe has crashed.

You can halt the shutdown, if you are an administrator, by clicking Start/Run, and typing ’shutdown -a’, but the computer is basically hosed at this point and won’t let you do anything anyway.

If you check the event viewer, you’ll see events 1085 and 1202:

Source: Userenv
Event ID: 1085

The Group Policy client-side extension Security failed to execute. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Source: SceCli
Event ID: 1202

Security policies were propagated with warning. 0×428 : An exception occurred in the service when handling the control request.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for “Troubleshooting Event 1202’s”.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

You’ll probably also see this message:

The Cause: This started happening on about 60% of Windows XP Machines that I had completely removed from a Windows Server 2003 AD Domain. I believe the shutdown issue is occurring because the workstations are mistakenly trying to update their group policy from the domain, which they are no longer in contact with. This causes services.exe to crash, which instructs the computer to shutdown.

The Fix!

1. Click Start/Run. Type ‘regedit’ and press enter.
2. Browse to the following folder: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Group Policy\History.
3. Delete the Key: DCName. It is probably pointing at one of the old domain controllers.
4. Also delete any sub-folder under History. There will probably be one to four folders, and they will all be named a really long string of seemingly random letters.
5. Close RegEdit.
6. Click Start/Run. Type ‘cmd’ and press enter.
7. Type: ‘gpupdate /force’ The computer not locking up right now is a good start.
8. To verify that this worked correctly, go into the event viewer and clear the application logs, then restart. View the application log, and the two errors which I’ve forwarded to you will not appear.

There are gui’s for configuration, but you have to find them and install them, when you could just edit the files in half the time. These instructions are for Red Hat Enterprise Linux (RHEL) but will probably work on most distros with IPTables, on which you wish to host Samba (SMB) shares. Yay for Windows Fileserving!

The ports you need to open are 137:udp, 138:udp, 139:tcp.

Edit the IPTables config file with:

sudo vi /etc/sysconfig/iptables

Then add these lines, the ruleset name to match your other rules

-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT

Save the file and exit, then restart your firewall to load the new rules with:

sudo /etc/init.d/iptables restart

Done!